July 2021 - tor-project - lists.torproject.org

Are there countries where using Tor is illegal?
by Cristian Consonni 11 May '25

11 May '25

Hi, (Sorry if this question has already been asked in the past, feel free to point me to the relevant resources.) I know that the legal FAQs by the EFF state that: «we believe that running a Tor relay — including an exit relay that allows people to anonymously send and receive traffic — is legal under U.S. law.»[1] I also know there is a list of countries for which there is legislation that exclude communication service providers from liability. They are indicated in the Legal of the Tor Exit Guidelines page[2], they are USA, Germany, Netherlands, Austria, France, and Sweden. >From some articles in the press[3a][3b] it may be illegal - depending on how you interpret the wording[*] - to use Tor (and other technologies such as VPNs or proxies) in the UAE, with fines ranging in the millions of dirhams (hundreds of thousand of dollars). A couple of weeks ago it was discussed - on this list as well - that a law was introduced to the state parliament to ban Tor[4a][4b]. This follows a case of some months ago of a Russian Tor exit node operator being arrested for inciting mass riots and terrorism[4c][4d]. The idea of blocking VPNs or Tor seems to have already been considered in the past[4e]. This infographic about pluggable transports[5] suggests access to the Tor network is censored or limited in China, Uzbekistan, Iran, and Kazakhstan. Tor being censored orblocked may be different from it being illegal. What about other countries? Is there a place where I can find more about this topic? Cristian [1]: https://www.torproject.org/eff/tor-legal-faq.html.en [2]: https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines [3a]: http://www.emirates247.com/news/emirates/dh500-000-fine-if-you-use-fraud-ip… [3b]: http://news.softpedia.com/news/people-caught-using-vpns-tor-or-proxies-in-t… [*]: «Whoever uses a fraudulent computer network protocol address (IP address) by using a false address or a third-party address by any other means for the purpose of committing a crime or preventing its discovery» [4a]: https://lists.torproject.org/pipermail/tor-talk/2017-June/043293.html [4b]: https://trac.torproject.org/projects/tor/ticket/22055 [4c]: https://lists.torproject.org/pipermail/tor-talk/2017-April/043109.html [4d]: https://techcrunch.com/2017/04/24/dmitry-bogatov-tor-russia/ [4e]; https://torrentfreak.com/vpn-and-tor-ban-looming-on-the-horizon-for-russia-… [5]: https://www.torproject.org/images/PT/2016-07-how-to-use-PT.png

4 3

PSA: fpcentral / forrestii retirement notice
by Matthew Finkel 21 Oct '21

21 Oct '21

Hello! The service "fpcentral" (https://fpcentral.tbb.torproject.org/) will be retired on October 20th 2021 (6 months from now), along with the server it is running on (forrestii). We do not have the resources to maintain the service. Besides, other, and better alternatives have emerged since then, like, for example the EFF's Cover Your Tracks service (https://coveryourtracks.eff.org/, previously known as the Panopticlick) and TorZillaPrint (https://arkenfox.github.io/TZP/) On the retirement date, the server will be shutdown, rendering the service completely unavailable. A week later, the server will be destroyed, and its backups will be destroyed 30 days after the retirement date. The Internet Archive has an up to date copy of the site's static assets and will be able to keep it for posterity. It is recommended that you fix any bookmarks, links, or other references you have to this site. If you have concerns about the retirement or wish to delay the procedure, you can add a comment to the tracking issue (https://gitlab.torproject.org/tpo/tpa/team/-/issues/40009) or contact TPA: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-2-support…

2 1

Network health meetings suspended until August 9th 2021
by Gaba 09 Aug '21

09 Aug '21

Hi! The network health meetings [0] that usually happen on Mondays in irc will be suspended until August 9th. If you have anything related to discuss please send a mail to the network-health mailing list. [1] cheers, gaba [0] http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/tor… [1] https://lists.torproject.org/cgi-bin/mailman/listinfo/network-health -- pronouns she/her/they GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

2 1

metrics-lib 2.18.0 released
by Iain R. Learmonth 30 Jul '21

30 Jul '21

Hi, I have released metrics-lib 2.18.0. This release is particularly exciting as it contains contributions from 3 seperate developers, this codebase is getting some attention! metrics-lib, which also goes by the name DescripTor, is a Java API that fetches Tor descriptors from a variety of sources like cached descriptors and directory authorities/mirrors. The DescripTor API is useful to support statistical analysis of the Tor network data and for building services and applications. This release is the sum of over 9 years of development, with the latest changes: * Medium changes - Expose overload-ratelimits and overload-fd-exhausted fields in ExtraInfoDescriptor. (hiro) - OnionPerfAnalysisConverter discards circuits marked as filtered. (acute) - Adds BridgestrapStats to parse metrics from bridgestrap. (irl) You can find the release at: https://dist.torproject.org/metrics-lib/2.18.0/ You can find the sources at: https://gitlab.torproject.org/tpo/metrics/library/-/tree/metrics-lib-2.18.0 Thanks, Iain.

1 0

Job opening: Software Developer for the Tor Browser and VPN
by Erin Wyatt 30 Jul '21

30 Jul '21

Hello again, everyone! We also need your help attracting qualified candidates for our Browser/VPN position. If you know someone who might be interested in this job or if you know of a job board or mailing list that would be fitting and appropriate, please share it for us! Thank you! :) Software Developer for the Browser/Applications Team - Two (2) positions (https://www.torproject.org/about/jobs/software-engineer-applications-team/ <https://www.torproject.org/about/jobs/software-engineer-applications-team/>) Cheers, Erin Wyatt Director of People Operations ewyatt(a)torproject.org <mailto:ewyatt@torproject.org> PGP: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE https://www.torproject.org <https://www.torproject.org/> http://expyuzz4wqqyqhjn.onion/ <http://expyuzz4wqqyqhjn.onion/> --------------------------------------------->8 # Software Engineers for Applications Team (Browser and VPN) The Tor Project, Inc., a 501(c)(3) nonprofit organization advancing human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, is seeking two experienced developers to work on the Applications team. Our Applications Team's main project is the Tor Browser but we have plans to develop other apps in the near future. We are looking for two (2) full-time developers to join our team to help us with both Tor Browser development and mobile app development. These two positions share a core set of skills, but each has its own set of specific skills as well. However, regardless of whether you have all of one set of skills or a combination of the two sets, please apply! Further, if you feel that you meet several of the requirements, or could meet them with a little support, we would love to hear from you. The team coordinates both synchronously and asynchronously via IRC, email, bug trackers, and some voice meetings. A personal commitment to free and open source software, good communication and documentation skills, and passion for contributing to the greater good are all essential. These are full-time, remote positions. ## The Jobs: ### Browser: • Evaluate and audit recent changes in Firefox, and understand how that affects Tor Browser users • Support maintaining Tor Browser on top of recent versions of Firefox • Improve Tor Browser’s security, privacy, and anonymity properties • Collaborate with Mozilla and directly improve Firefox • Simplify and improve Tor Browser's current protections • Support the continuous integration testing framework and tests • Improve Tor Browser's web compatibility ### Android Application Developer: • Support maintaining Tor Browser on Android • Improving Tor integration into Android apps • Improve Tor usability on Android • Collaborate with Guardian Project and other partners • Support Orbot improvements and similar app functionality Our main codebases are a combination of multiple components that make Tor Browser (https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Codebases) For a more detailed understanding of the full breadth and depth of the work you'd be doing, have a look at The Design and Implementation of the Tor Browser, especially The Design Requirements section at https://spec.torproject.org/torbrowser-design#DesignRequirements. ### Requirements -- Technical Abilities/Experience: • Advanced skills in writing C++ (11 or later) and JavaScript. • Be comfortable working remotely with a geographically distributed team. • Experience interacting with users and other developers online, including experience being confronted with differing ideas and opinions, while maintaining a high level of professionalism. • Familiarity with distributed version control systems, including Git. • Familiarity with compiling software for the Android platform. ### Preferred qualifications: • Familiarity and/or experience with writing add-ons and/or patches for Mozilla Firefox or other web browsers. • Familiarity with writing C and Rust. • Familiarity with writing Kotlin or Java. • Be familiar with web technologies and how the web works, especially • the same-origin model and web tracking. Familiarity with browser fingerprinting defenses • Familiarity with Firefox's internal architecture, including its use of multiple processes and sandboxing. • Know enough about networking to be able to visualize what HTTP 1.1 looks like on the wire while encapsulated within Tor's network protocol. • Android development experience, especially involving low-level networking like the VpnService. Salary for this position is $100k USD and there is voluntary opt-in salary transparency for employees and contractors. ## How to Apply To apply, submit a cover letter, your CV/resume (including three professional references), and a link to a code sample or some non-trivial software project you have significantly contributed to. In your cover letter, please include the reason you want to work at the Tor Project. IMPORTANT: Please email application materials in PDF format to job-browser at torproject dot org with "Applications Developer" in the subject line. ## About The Tor Project The Tor Project's workforce is smart, committed, and hard working. We currently have a paid and contract staff of around 24 developers and operational support people, plus many thousands of volunteers who contribute to our work. The Tor Project is funded in part by government research and development grants, and in part by individual, foundation, and corporate donations. Tor is for everyone, and we are actively working to build a team that represents people from all over the world - people from diverse ethnic, national, and cultural backgrounds; people from all walks of life. We encourage people subject to systemic bias to apply, including people of color, indigenous people, LGBTQIA+ people, women, and any other person who is part of a group that is underrepresented in tech. The Tor Project has a competitive benefits package, including a generous PTO policy, 16 paid holidays per year (including the week between Christmas and New Year's, when the office is closed), and flexible work schedule. Insurance benefits vary by employment status and country of residence. The Tor Project, Inc., is an equal opportunity, affirmative action employer.

1 0

Jobs announcement - Software Developers (Anti-Censorship, Browser, and Android/VPN)
by Erin Wyatt 30 Jul '21

30 Jul '21

Hey everyone, We have three new job openings! • Software Developer for the Anti-Censorship Team - One (1) position (https://www.torproject.org/about/jobs/software-developer-anticensorship-2/ <https://www.torproject.org/about/jobs/software-developer-anticensorship-2/>) • Software Developer for the Browser/Applications Team - Two (2) positions (https://www.torproject.org/about/jobs/software-engineer-applications-team/ <https://www.torproject.org/about/jobs/software-engineer-applications-team/>) Job descriptions are pasted below. Please help us spread the word! Thanks! :) Cheers, Erin Wyatt Director of People Operations ewyatt(a)torproject.org PGP: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE https://www.torproject.org http://expyuzz4wqqyqhjn.onion/ --------------------------------------------->8 # Software Engineers for Applications Team (Browser and VPN) The Tor Project, Inc., a 501(c)(3) nonprofit organization advancing human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, is seeking two experienced developers to work on the Applications team. Our Applications Team's main project is the Tor Browser but we have plans to develop other apps in the near future. We are looking for two (2) full-time developers to join our team to help us with both Tor Browser development and mobile app development. These two positions share a core set of skills, but each has its own set of specific skills as well. However, regardless of whether you have all of one set of skills or a combination of the two sets, please apply! Further, if you feel that you meet several of the requirements, or could meet them with a little support, we would love to hear from you. The team coordinates both synchronously and asynchronously via IRC, email, bug trackers, and some voice meetings. A personal commitment to free and open source software, good communication and documentation skills, and passion for contributing to the greater good are all essential. These are full-time, remote positions. ## The Jobs: ### Browser: • Evaluate and audit recent changes in Firefox, and understand how that affects Tor Browser users • Support maintaining Tor Browser on top of recent versions of Firefox • Improve Tor Browser’s security, privacy, and anonymity properties • Collaborate with Mozilla and directly improve Firefox • Simplify and improve Tor Browser's current protections • Support the continuous integration testing framework and tests • Improve Tor Browser's web compatibility ### Android Application Developer: • Support maintaining Tor Browser on Android • Improving Tor integration into Android apps • Improve Tor usability on Android • Collaborate with Guardian Project and other partners • Support Orbot improvements and similar app functionality Our main codebases are a combination of multiple components that make Tor Browser (https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Codebases) For a more detailed understanding of the full breadth and depth of the work you'd be doing, have a look at The Design and Implementation of the Tor Browser, especially The Design Requirements section at https://spec.torproject.org/torbrowser-design#DesignRequirements. ### Requirements -- Technical Abilities/Experience: • Advanced skills in writing C++ (11 or later) and JavaScript. • Be comfortable working remotely with a geographically distributed team. • Experience interacting with users and other developers online, including experience being confronted with differing ideas and opinions, while maintaining a high level of professionalism. • Familiarity with distributed version control systems, including Git. • Familiarity with compiling software for the Android platform. ### Preferred qualifications: • Familiarity and/or experience with writing add-ons and/or patches for Mozilla Firefox or other web browsers. • Familiarity with writing C and Rust. • Familiarity with writing Kotlin or Java. • Be familiar with web technologies and how the web works, especially • the same-origin model and web tracking. Familiarity with browser fingerprinting defenses • Familiarity with Firefox's internal architecture, including its use of multiple processes and sandboxing. • Know enough about networking to be able to visualize what HTTP 1.1 looks like on the wire while encapsulated within Tor's network protocol. • Android development experience, especially involving low-level networking like the VpnService. Salary for this position is $100k USD and there is voluntary opt-in salary transparency for employees and contractors. ## How to Apply To apply, submit a cover letter, your CV/resume (including three professional references), and a link to a code sample or some non-trivial software project you have significantly contributed to. In your cover letter, please include the reason you want to work at the Tor Project. IMPORTANT: Please email application materials in PDF format to job-browser at torproject dot org with "Applications Developer" in the subject line. ## About The Tor Project The Tor Project's workforce is smart, committed, and hard working. We currently have a paid and contract staff of around 24 developers and operational support people, plus many thousands of volunteers who contribute to our work. The Tor Project is funded in part by government research and development grants, and in part by individual, foundation, and corporate donations. Tor is for everyone, and we are actively working to build a team that represents people from all over the world - people from diverse ethnic, national, and cultural backgrounds; people from all walks of life. We encourage people subject to systemic bias to apply, including people of color, indigenous people, LGBTQIA+ people, women, and any other person who is part of a group that is underrepresented in tech. The Tor Project has a competitive benefits package, including a generous PTO policy, 16 paid holidays per year (including the week between Christmas and New Year's, when the office is closed), and flexible work schedule. Insurance benefits vary by employment status and country of residence. The Tor Project, Inc., is an equal opportunity, affirmative action employer. --------------------------------------------->8 # Software Developer for Anti-Censorship Team The Tor Project, Inc., a 501(c)(3) nonprofit organization advancing human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, is seeking an experienced Software Developer to take our anti-censorship work to the next level. This role will work on the anti-censorship technologies at Tor. A personal commitment to free and open source software and the application of advanced programming skills for the greater good is essential. This is a full-time remote position. ## Job Requirements This developer position will be an integral part of our Anti-Censorship Team. Main responsibilities for this position are: • Continue development of our bridge distribution system, pluggable transports, and other anti-censorship technologies. • Required qualifications: • Familiarity with Internet security and censorship circumvention technologies in China and other censored countries. • Experience with designing, implementing, testing, and reviewing complex codebases (ideally in Go). • Ability to work in a self-directed and independent way. • Comfortable with working remotely, across time zones. • Strong familiarity with computer science fundamentals. • Preferred qualifications: • Experience and intuition about censorship in China, including knowing how best to reach Chinese internet user communities to discuss circumvention approaches. • Familiarity with reading research papers and turning research ideas into prototypes. • Understanding of the Tor pluggable transport ecosystem and the censorship circumvention research space. • Past contributions to and familiarity with the practices of free software projects. • Passion and dedication to Internet freedom is an added plus. • Proficient at reading and writing Simplified Chinese. Salary for this position is $100k USD and there is voluntary opt-in salary transparency for employees and contractors. ## To Apply To apply, submit a cover letter, your CV/resume (including three professional references), and a link to a code sample or some non-trivial software project you have significantly contributed to. In your cover letter, please include the reason you want to work at the Tor Project. IMPORTANT: Please email application materials in plain text or PDF format, if possible, to job-anticensor at torproject dot org with "Anti-Censorship Developer" in the subject line. ## About The Tor Project The Tor Project's workforce is smart, committed, and hard working. We currently have a paid and contract staff of around 24 developers and operational support people, plus many thousands of volunteers who contribute to our work. The Tor Project is funded in part by government research and development grants, and in part by individual, foundation, and corporate donations. Tor is for everyone, and we are actively working to build a team that represents people from all over the world - people from diverse ethnic, national, and cultural backgrounds; people from all walks of life. We encourage people subject to systemic bias to apply, including people of color, indigenous people, LGBTQIA+ people, women, and any other person who is part of a group that is underrepresented in tech. The Tor Project has a competitive benefits package, including a generous PTO policy, 16 paid holidays per year (including the week between Christmas and New Year's, when the office is closed), and flexible work schedule. Insurance benefits vary by employment status and country of residence. The Tor Project, Inc., is an equal opportunity, affirmative action employer.

1 1

Anti-censorship meeting notes, 2021 July 29
by Cecylia Bocovich 29 Jul '21

29 Jul '21

Hi everyone, Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-07-29-16.00.html and the our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday July 29th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Announcements == Job opening on the anti-censorship team: https://www.torproject.org/about/jobs/software-developer-anticensorship-2/ \o/ == Discussion == snowflake rendezvous now uses fastly rather than azure (tpo/anti-censorship/pluggable-transports/snowflake!33); why are there still charges accruing for azure? https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… it's possible that orbot or some other snowflake users are still configured with azure just checked and orbot uses fastly https://gitlab.torproject.org/dcf/snowflake/-/pipelines/9956 is a failed pipeline; is it a known bug? yes, https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… == Actions == == Interesting links == == Reading group == We will discuss "" on Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2021-07-29 Last week: - filed a shadow issue for syscalls needed by Go - https://github.com/shadow/shadow/issues/1540 - updated snowflake!48 - took a look at the masque specifications - https://datatracker.ietf.org/doc/draft-ietf-masque-connect-udp/ - debugged issues with snowflake badge (snowflake-webext#28) - hiring committee tasks - s28 scrimmage this week - looked at Tor reachability in Iran This week: - more work on snowflake documentation (snowflake#40031) - help the browser team with tor's autoconnect feature - reviews - snowflake!50 - rdsys!11 - snowflake!52 Needs help with: - review of snowflake-webext!20 dcf: 2021-07-29 Last week: - wrote more documentation for snowflake AMP cache feature https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - made sample Tor Browser builds using AMP cache https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - made a merge request to remove the unused uniuri dependency from Tor Browser https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… Next week: Help with: - review of snowflake AMP cache rendezvous (no rush) https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… maxb: 2021-07-15 Last week: - Opened https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… re: utls for broker negotiation - Worked on github.com/max-b/nat-testing for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Added a snowflake-proxy-no-nat and a snowflake-client-no-nat to help with debugging - Successfully making connections from snowflake-client and snoflake-client-no-nat through the snowflake-proxy-no-nat, but not having any success with the snowflake-proxy (with nat). - Added a local dockerized STUN server Next week: - Use wireshark to figure out the difference between successful snowflake-proxy-no-nat and unsuccessful snowflake-proxy-nat - Work on implementing different NAT types, particularly in a way that's conducive to automatic testing - Add testing wrapper w/ "pass/fail" conditions meskio: 2021-07-22 Last week: - submit the "final" gettor rdsys integration (rdsys!11 rdsys#32) - report number of clients on the snowflake webextension (snowflake-webext!19) - Wait pollInterval in snowflake between proxy offers (snowflake#40055 snowflake!51) - link anti-censorship doc from the TPA wiki (team#4) - review snowflake README clean ups (snowflake!49) - looking up at issues with bridgestrap tests and CollecTor (bridgestrap#20) - fixes in mutex usage in bridgestrap collector metrics (bridgestrap!10) Next week: - AFK for the next 3 weeks Help with: -

1 0

Anti-censorship meeting notes, 2021 July 22
by Cecylia Bocovich 22 Jul '21

22 Jul '21

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-07-22-15.59.html and our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday July 22nd 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Announcements == Job opening on the anti-censorship team: https://www.torproject.org/about/jobs/software-developer-anticensorship-2/ \o/ == Discussion == == Actions == == Interesting links == == Reading group == We will discuss "" on Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2021-07-22 Last week: - worked on automated reachability scripts (censorship-analysis#40018) - hiring meetings - reviewed snowflake-webext!19 - checked on snowflake probe measurements in china (snowflake#32657) - set up snowflake + obfs4 probes in turkey (censorship-analysis#40007) - in-progress review of rdsys!11 This week: - continue reviewing rdsys!11 - more work on snowflake performance (snowflake#40026) - more work on snowflake documentation (snowflake#40031) - look at snowflake!50 Needs help with: dcf: 2021-07-22 Last week: - merge request for snowflake AMP cache rendezvous https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - commented on KCP/smux buffer size increase https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - filed issue about standalone snowflake proxy reconnecting quickly https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: Help with: - review of snowflake AMP cache rendezvous (no rush) https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… maxb: 2021-07-15 Last week: - Opened https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… re: utls for broker negotiation - Worked on github.com/max-b/nat-testing for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Added a snowflake-proxy-no-nat and a snowflake-client-no-nat to help with debugging - Successfully making connections from snowflake-client and snoflake-client-no-nat through the snowflake-proxy-no-nat, but not having any success with the snowflake-proxy (with nat). - Added a local dockerized STUN server Next week: - Use wireshark to figure out the difference between successful snowflake-proxy-no-nat and unsuccessful snowflake-proxy-nat - Work on implementing different NAT types, particularly in a way that's conducive to automatic testing - Add testing wrapper w/ "pass/fail" conditions meskio: 2021-07-22 Last week: - submit the "final" gettor rdsys integration (rdsys!11 rdsys#32) - report number of clients on the snowflake webextension (snowflake-webext!19) - Wait pollInterval in snowflake between proxy offers (snowflake#40055 snowflake!51) - link anti-censorship doc from the TPA wiki (team#4) - review snowflake README clean ups (snowflake!49) - looking up at issues with bridgestrap tests and CollecTor (bridgestrap#20) - fixes in mutex usage in bridgestrap collector metrics (bridgestrap!10) Next week: - AFK for the next 3 weeks Help with: -

1 0

Job announcement - Rust Developers (two openings)
by Erin Wyatt 21 Jul '21

21 Jul '21

Hi everyone! We have a two new open positions on the Network Team for Rust developers: https://www.torproject.org/about/jobs/rust-dev/ <https://www.torproject.org/about/jobs/rust-dev/>. The job description is pasted below. Please help us spread the word! Thank you! :) Cheers, Erin Wyatt Director of People Operations ewyatt(a)torproject.org PGP: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE https://www.torproject.org http://expyuzz4wqqyqhjn.onion/ ——————————————————————>8 # Internet Freedom Nonprofit Seeks Rust Developer July 20, 2021 The Tor Project, Inc., a 501(c)(3) nonprofit organization advancing human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, is seeking two experienced Rust developers to be a part of the Network Team. These developers will be an integral part of a small team that develops and maintains the networking software at the core of the Tor network, keeping it secure and improving it for the future. (Over the past 15 years, we've been developing the Tor implementation in C; but the time has finally come to migrate to Rust.) The team coordinates both synchronously and asynchronously via IRC, email, bug trackers, and some voice meetings. A personal commitment to free and open source software, good communication and documentation skills, and passion for contributing to the greater good are all essential. This is a full-time, remote position. Salary for this position is $90k - $110k USD, depending on experience, and there is voluntary opt-in salary transparency for employees and contractors. ## Summary In this role, you will: • Help design, develop, and improve (Arti)[https://blog.torproject.org/announcing-arti], our Rust implementation of the Tor protocol. • Help other team members improve their Rust skills. • Collaborate with other Tor teams to integrate Arti in their workflows. • Contribute to other free, open-source Rust projects as needed, especially to ones that Arti depends on. Required Technical Skills and Experience • Familiarity with the Rust programming language, and with system design in Rust. • Strong remote work and time management skills. • Good communication and documentation skills. • Enthusiasm for teaching and learning within a distributed team. ## Preferred Qualifications (These are good to have, but not required!) • Experience with async/await programming in Rust. • Experience with portable, cross-platform coding. (We work on Unix, OSX, Windows, iOS, and Android, and we're aiming to expand to WASM.) • Experience with developing large software projects, keeping them maintainable and flexible over time. • Experience with API design and documentation. • Familiarity with privacy, network programming, distributed systems, security, and cryptography. • Familiarity with FOSS software engineering practices. • Familiarity with C (for reading old tor code). • Experience with reading and writing technical specifications. Academic degrees are great, but not required if you have the right experience! If you feel that you meet several of these requirements or could meet them with a little support, we would love to hear from you. ## How to Apply To apply, submit a cover letter, your CV/resume (including three professional references), and a link to a code sample or some non-trivial software project you have significantly contributed to. In your cover letter, please include the reason you want to work at the Tor Project. IMPORTANT: Please email application materials in PDF format to job-network at torproject dot org with "Network Developer" in the subject line. ## About The Tor Project The Tor Project's workforce is smart, committed, and hard working. We currently have a paid and contract staff of around 28 developers and operational support people, plus many thousands of volunteers who contribute to our work. The Tor Project is funded in part by government research and development grants, and in part by individual, foundation, and corporate donations. Tor is for everyone, and we are actively working to build a team that represents people from all over the world - people from diverse ethnic, national, and cultural backgrounds; people from all walks of life. We encourage people subject to systemic bias to apply, including people of color, indigenous people, LGBTQIA+ people, women, and any other person who is part of a group that is underrepresented in tech. The Tor Project has a competitive benefits package, including a generous PTO policy, 16 paid holidays per year (including the week between Christmas and New Year's, when the office is closed), and flexible work schedule. Insurance benefits vary by employment status and country of residence. The Tor Project, Inc. is an equal opportunity, affirmative action employer.

1 0

Anti-censorship meeting notes, 2021 July 15
by Cecylia Bocovich 15 Jul '21

15 Jul '21

Hey everyone, Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-07-15-16.00.html and our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday July 15th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Announcements == Tor Browser 10.5 released with Snowflake. https://blog.torproject.org/new-release-tor-browser-105 Peep the charts 👀 https://metrics.torproject.org/rs.html#details/5481936581E23D2D178105D44DB6… https://metrics.torproject.org/userstats-bridge-transport.html?start=2021-0… Job opening on the anti-censorship team: https://www.torproject.org/about/jobs/software-developer-anticensorship-2/ == Discussion == Snowflake usage metrics after stable release How's the performance in places that are geographically far from the bridge? Is the spike globally distributed or centered on certain countries? Today's bridge-stats: bridge-stats-end 2021-07-14 17:36:29 (86400 s) bridge-ips us=552,ru=456,by=336,cn=216,ir=168,de=144,gb=120,in=88,fr=80,br=72,it=64,ca=48,dz=48,tr=48,nl=40,at=32,... == Actions == == Interesting links == snowflake-client.exe in TB 10.5 detected as malware https://lists.torproject.org/pipermail/tor-talk/2021-July/045752.html https://www.reddit.com/r/TOR/comments/of1gu3/windows_defender_latest_tor_br… https://gitlab.torproject.org/tpo/web/support/-/issues/237 == Reading group == We will discuss "" on Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2021-07-15 Last week: - reviewed snowflake!47 - finished moat shim (bridgedb#32276) - bridgestrap reviews - bumped version of snowflake - updated snowflake proxy Docker image - attended some of PETS - deployed changes to snowflake.tp.o (snowflake-webext!18) - looked into snowflake performance tuning as a result of dcf's email - https://lists.torproject.org/pipermail/anti-censorship-team/2021-July/00018… - opened https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - did some cleaning up of Snowflake repository READMEs (snowflake!49) This week: - followup review for rdsys!11 - more work on snowflake documentation (snowflake#40031) - check and maintain snowflake censorhsip measurements (snowflake#32657) - start work on a Conjure PT for Tor Needs help with: - review snowflake!48 (kcp + smux parameter tuning) - review of snowflake!49 arlolra: 2021-07-08 Last week: - More snowflake!39 Next week: - Maybe get back to snowflake-webext #10 Help with: - dcf: 2021-07-15 Last week: Next week: - AMP cache rendezvous for snowflake https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - look at KCP/smux buffer size increase https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: agix:2021-07-15 Last week: -Off due to final exams Next week: -Work on bridgebox for rdsys -More research on httpt #4 Help with: - hanneloresx: 2021-3-4 Last week: - Submitted MR for bridgestrap issue #14 Next week: - Finish bridgestrap #14 - Find new issue to work on Help with: - maxb: 2021-07-15 Last week: - Opened https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… re: utls for broker negotiation - Worked on github.com/max-b/nat-testing for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Added a snowflake-proxy-no-nat and a snowflake-client-no-nat to help with debugging - Successfully making connections from snowflake-client and snoflake-client-no-nat through the snowflake-proxy-no-nat, but not having any success with the snowflake-proxy (with nat). - Added a local dockerized STUN server Next week: - Use wireshark to figure out the difference between successful snowflake-proxy-no-nat and unsuccessful snowflake-proxy-nat - Work on implementing different NAT types, particularly in a way that's conducive to automatic testing - Add testing wrapper w/ "pass/fail" conditions meskio: 2021-07-15 Last week: - fix bridgestrap CollecTor bug so it properly reports if bridges are functional (bridgestrap!8) - short bridgestrap CollecTor metrics by the hashed fingerprint to don't reveal information (bridgestrap!9) - deploy bridgestrap with CollecTor metrics - report number of connected clients from snowflake webext to the broker (snowlfake-webext!19) - gettor rdsys integration (rdsys!11 rdsys#32) - document our server setup in TPA wiki Next week: - submit the "final" gettor rdsys integration (rdsys!11 rdsys#32) Help with: -

1 0