Thanks meskio, # WebTunnel Yes, I have seen the report about WebTunnel being blocked by SNI, and the general protocol restriction for Fully Encrypted Protocols, and there are 3 approach we could move forward with: 1.Dynamic Bridge I will investigate the remaining blockers for a dynamic webtunnel bridges from our side, and get them fixed. 2. Domain Fronting I will find out if domain fronting is possible with our current code base, investigate what patch was applied to the user fork; implement the missing features preventing domain fronting from working, and then, write a document about how to get domain fronting working with our release version of the lyrebird. 3. Packet Fragmentation. I am not really sure if we wants to proceed with this, while it certainly works for now, it will give out the fact that user is using a circumvention tool. I need to think a little before having a concrete answer about whether to promote this. (See also: https://github.com/hufrea/byedpi, https://github.com/dovecoteescapee/ByeDPIAndroid) There are other reports about WebTunnel blocked by IP or IP range. I think fixing this would require doing something about bridge distribution or (avoid protocol fingerprinting) # Snowflake We are experiencing an degraded availability of snowflake. The good news is I have get vantage point log collector in Iran setup (https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/b...), so we can get automated packet capture soon. # meek From a really quick look at error response, it looks more like a misconfiguration or connectivity issue between our meek server and the CDN77's edge server. More investigation is needed. Shelikhoo On 2/7/2025 3:40 pm, meskio via anti-censorship-team wrote:
Here I try to map the current internet blocks AFAIK, so others can look into them after the break (I'll be AFK next week).
# Russia
## situation
Main issue: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... FTE (obfs4) is blocked in mobile networks: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... webtunnel is being actively listed: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu...
## ideas
Does it make sense to start using conjure in Russia? It might solve the problem until we have dynamic webtunnel bridges. Maybe we can start with the community team distributing a bridge line to some users, and not jump all in with the circumvention settings. As we haven't seen many users in conjure yet.
Should we explore integrating the domain fronting idea the community has developed in webtunnel and see if we can do something more on this.
# Iran
## situation
Partial block of snowflake: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
## ideas
Requesting more proxies: https://gitlab.torproject.org/tpo/community/relays/-/issues/116 The community team will need help on this, producing screenshots of grafana or other data for the campaign.
We have our vantage points back in the country. I haven't had the time to investigate much. I guess we'll need to figure out if Iran is blocking proxies by fingerprint or by listing them.
# China
## situation
meek is blocked: https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/162
## ideas
Do this affects also to snowflake and/or moat? Looks like phpmyadmin.net is reachable, but maybe they fingerprinted our meek implementation? if so moat will not work either. Or some other problem with CDN77.
We do have a vantage point in China, isn't it? I don't have access to it, maybe something to add to vaultwarden.
Maybe someone can investigate this and see how far the block goes? Do we need to move to speed up the migration of moat to netlify?
_______________________________________________ anti-censorship-team mailing list -- anti-censorship-team@lists.torproject.org To unsubscribe send an email to anti-censorship-team-leave@lists.torproject.org