Cecylia Bocovich:
Hi,
I just had a really great conversation with some of the developers at Briar about the recent work they've done in integrating some pluggable transports into their messaging application. I thought I would summarize some key points from the conversation here. In particular, this information might prove useful for both the metrics and anti-censorship teams to know how other projects are using our tools and what they would like help with.
Thanks, that's really helpful. FWIW, I think this information is not only useful for the teams you mentioned but as well for teams that actually want to implement respective user-facing changes, like the applications team.
We had a bunch of conversations in the past about how to make sure Tor Browser is helping the user to choose a proper and secure way of connecting to the Tor network depending on their location and context. Some useful tickets, showing where we are and what we think/thought, are:
https://trac.torproject.org/projects/tor/ticket/21951 https://trac.torproject.org/projects/tor/ticket/24527
Those are mostly related to desktop as we have a Tor Launcher there. I opened a ticket (#29590) to track the mobile specific part, though.
[snip]
IV. What they want help with
Because they do not have dedicated anti-censorship funding, they mentioned a few things that would help them maintain their pluggable transport use going forward and ease the integration of pluggable transports.
The main thing they would like on the metrics side is up-to-date information about which PT works in which country and where PTs are needed at all in order to make quick and easy decisions based on location about which transports to use. They started to work with OONI to expand their tests but it turned out to be too much work for their time/funding: https://code.briarproject.org/briar/briar/issues/1414
It's on our roadmap to work with OONI and other censorship measurement tools (like Censored Planet) to expand our tests so we should get into contact with them again once we have gotten farther with this.
On the PT development side, they expressed a desire to transfer maintenance of their reproducible builds of obfs4 and meek to someone else (that's the go-reproducer code linked above).
I think we should be able to provide that with our Tor Browser builds once we have all the PT pieces sorted out (which is rather soon). So, probably the easiest way would then be to just copy the respective binaries we produce over to include them in the Briar software and pointing to our build process (we could even document building those PTs as an example in our READMEs if that would be useful). Would that work, Michael? Or do you need something else here?
Georg