Hello!
The service "fpcentral" (https://fpcentral.tbb.torproject.org/) will be
retired on October 20th 2021 (6 months from now), along with the server
it is running on (forrestii).
We do not have the resources to maintain the service. Besides, other,
and better alternatives have emerged since then, like, for example the
EFF's Cover Your Tracks service (https://coveryourtracks.eff.org/,
previously known as the Panopticlick) and TorZillaPrint
(https://arkenfox.github.io/TZP/).
On the retirement date, the server will be shutdown, rendering the
service completely unavailable. A week later, the server will be
destroyed, and its backups will be destroyed 30 days after the
retirement date. The Internet Archive has an up to date copy of the
site's static assets and will be able to keep it for posterity. It is
recommended that you fix any bookmarks, links, or other references you
have to this site.
If you have concerns about the retirement or wish to delay the
procedure, you can add a comment to the tracking issue
(https://gitlab.torproject.org/tpo/tpa/team/-/issues/40009) or contact
TPA:
https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-2-support…
Hi,
I have released Onionoo 8.0-1.28.0.
Onionoo provides current and historical data about relays and bridges
via a web-based API.
* Medium changes
- Reads bridgestrap statistics from CollecTor.
- If a bridgestrap test has been recently performed, the
result of that test will override the presence of the
Running flag. If no test has been recently performed, the
flags present in the bridge network status continue to be
used. Note: the presence of the running flag determines the
value of the "running" field in details documents.
- Allow search by overload status
* Minor changes
- The overload-general server descriptor should be null when
not present and not 0
You can find the release at:
https://dist.torproject.org/onionoo/8.0-1.28.0/
You can find the sources at:
https://gitlab.torproject.org/tpo/metrics/onionoo/-/tree/onionoo-8.0-1.28.0/
Thanks,
hiro
Hello Tor!
Today, the Tor Project is launching our *third* annual *Bug Smash
Fund*,[1] a month-long fundraising campaign (8/1 - 8/31). The goal of
the Bug Smash Fund campaign is to raise unrestricted funds that we
allocate to finding and fixing bugs / doing maintenance / and addressing
issues that aren’t flashy or exciting for most funders, but totally
necessary for the health of Tor and all of the third-party apps that
rely on Tor to provide privacy, security, and anonymity to their users.
Unrestricted funding, like what we’re raising for the Bug Smash Fund, is
key for the Tor Project to improve our agility and stop relying on the
slow, piecemeal process of grant funding in order to accomplish our
goals and respond to emergent issues.
_*In the last two years, we’ve used the Bug Smash Fund to close 370
tickets*_ ranging from anti-censorship development, onion services
changes, improvements to documentation, Tor Browser UX changes, and
creating tooling for development. We posted two updates over the past
year where you can read more about what we were able to do with this
fund.[2][3]
We need your help to amplify the campaign!
How to help:
* Tweet about the Bug Smash Fund using the #TorBugSmash and a link to
our launch blog post.
* Quote tweet @torproject posts about the Bug Smash Fund with your own
take about why unrestricted funds are so important for the health of
Tor.
* Forward this email to those who might be able to amplify the campaign.
How you can contribute:
* Make a one-time donation <https://donate.torproject.org/> (and get
swag like Tor stickers and t-shirts in return)
* Donate in ten different cryptocurrencies
<https://donate.torproject.org/cryptocurrency/>
* Become a monthly donor and your own Defenders of Privacy patch
<https://donate.torproject.org/monthly-giving/>
* Make a contribution of $1,000 and join the major donor group
Champions of Privacy
<https://donate.torproject.org/champions-of-privacy/>
* Transfer your Open Collective gift card
<https://opencollective.com/thetorproject>
If you have any questions about or ideas for the Bug Smash Fund
campaign, please email me or Isabela or grants(a)torproject.org, we would
be happy to discuss.
Thanks everyone!
Al
[1] https://blog.torproject.org/tor-bug-smash-fund-2021
[2] https://blog.torproject.org/tor-bug-smash-fund-2020-final-update
[3] https://blog.torproject.org/tor-bug-smash-fund-yr2-progress
--
Al Smith (they/them)
Fundraising • Communications
The Tor Project
https://www.torproject.org |
http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/
Hi everyone,
The latest release of Debian, the operating system running on all the
machines managed by the Tor Project system Administrators (TPA), has
been published! We're at release eleven, code name "buster". The press
release is here:
https://www.debian.org/News/2021/20210814
And nerds might particularly enjoy the release notes:
https://www.debian.org/releases/bullseye/amd64/release-notes/index.en.html
On top of the above, Debian 11 ships with tor 0.4.5 while the previous
release (Debian 10 "buster") shipped with 0.3.5, back in 2019. Doesn't
time fly? (And yes, that's just two years - who said Debian was slow?)
As for TPA, we'll probably start upgrading machines to bullseye soon,
but it's a slow process, and it's not actually on the 2021 roadmap
yet, so that process *may* just start in 2022.
We will, however, try very hard to avoid creating any more "old"
machines, which means that any new machine you request from here on will
run the latest and greated, Debian 11 bullseye.
This may mean a slightly bumpier ride, for example if you expect some
Python 2 packages, they might just be missing as there's been a large
push to remove Python 2 from Debian (which unfortunately did not
completely succeed).
Another example is how the "debian:latest" Docker image was broken for a
few days after the release. That issue has now been *fixed*, so you can
resume using the "debian:latest" and "greatest" (not an actual tag ;)
for your GitLab CI builds!
The "known issues" section of the release notes has a lot more
information than what would be practical to copy here:
https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information…
Finally note that I wrote an upgrade guide for my own uses:
https://anarc.at/services/upgrades/bullseye/
Note that it's a highly technical guide aimed at upgrading many machines
as quickly as possible. If you have a single laptop or desktop to
upgrade, you might want to follow the normal upgrade guide:
https://www.debian.org/releases/bullseye/amd64/release-notes/ch-upgrading.e…
... but I did use it for my home machine, and a similar guide will
eventually be published (and maintained) by TPA for our own
infrastructure.
So that's it, enjoy the new release!
a.
--
Antoine Beaupré
torproject.org system administration
Dear Tor contributors,
Next Wednesday, August 25th @ 1600 UTC, we will have a Tor Demo Day!
You're invited!
This edition will have presentations about Tor & CAPTCHAs, running
relays at universities, helping Tor users, and exit bridges to
circumvent blocked pages.
To ensure a safe, friendly, and pleasant experience during the event, we
ask all participants to read and follow the Tor Project Code of Conduct:
https://community.torproject.org/training/code-of-conduct/
The presentation will be recorded.
Agenda
------
* "CAPTCHA Monitor: Check if websites block Tor or return CAPTCHAs using
real web browsers!" by Barkin Simsek (woswos)
* "Tor Captcha and Block Monitoring" (GSoC 2021) by Apratim (_ranchak_)
* "Help Tor users" (Outreachy 2021) by Kulsoom
* "HebTor: Bypassing Tor Exit Blocking" by Micah Sherr
* "Operating Tor Relays at Universities" by kantorkel
Meeting room
------------
https://tor.meet.coop/gus-viu-5wr-7cb
Full description
----------------
* "CAPTCHA Monitor: Check if websites block Tor or return CAPTCHAs using
real web browsers!" - Barkin Simsek (woswos)
The CAPTCHA Monitor project aims to track how often various websites
block or return CAPTCHAs to Tor clients. The project aims to achieve
this by fetching webpages via both Tor & other mainstream web browsers
and comparing the results. The tests are repeated periodically to find
the patterns over time. Collected metadata, metrics, and results are
analyzed and displayed on a dashboard to understand how Tor users get
discriminated against while using browsing the internet.
* "Tor Captcha and Block Monitoring" - Apratim (_ranchak_)
The Project focuses on tracking top websites from alexa/moz500 ranking
and aims to get a detailed knowledge of the websites partially blocking,
fully blocking or returning Captchas or even websites limiting
functionalities. The results will be then collected and will be used to
find the answers to different metric related questions (Example: What
percentages of websites are blocked by a certain exit node). Further I
hope that the metrics could be useful for the campaign to unblock Tor
and even the DBM (DontBlockMe) Project
* "Help Tor Project support our users" - Kulsoom Zahra
During her internship with the Tor Project and Outreachy, Kulsoom Zahra
helped Tor users to bypass censorship, fix their Tor Browsers, updated
the Tor user documentation and much more. She will share with us her
experience on helping Tor users.
* "HebTor: Bypassing Tor Exit Blocking" - Micah Sherr
Tor exit blocking, in which websites disallow clients arriving from Tor,
is a growing and potentially existential threat to the anonymity
network. We introduce two architectures that provide ephemeral exit
bridges for Tor which are difficult to enumerate and block. Our
techniques employ a micropayment system that compensates exit bridge
operators for their services, and a privacy-preserving reputation scheme
that prevents freeloading. We show that our exit bridge architectures
effectively thwart server-side blocking of Tor with little performance
overhead.
https://seclab.cs.georgetown.edu/hebtor/
* "Operating Tor Relays at Universities" by kantorkel
We* report on our experience of operating exit relays at two German
universities and provide lessons learned.
(*) https://arxiv.og/abs/2106.04277
--
The Tor Project
Community Team Lead
Hi,
I have released Onionoo 8.0-1.27.0.
Onionoo provides current and historical data about relays and bridges
via a web-based API.
* Medium changes
- Add overload-ratelimits and overload-fd-exhausted ExtraInfo
descriptor line fields to the bandwidth document.
- Add overoload-general server descriptor line fields to the
details document.
* Minor changes
- Update to metrics-lib 2.19.0
You can find the release at:
https://dist.torproject.org/onionoo/8.0-1.27.0/
You can find the sources at:
https://gitlab.torproject.org/tpo/metrics/onionoo/-/tree/onionoo-8.0-1.27.0/
Thanks,
hiro
Hi everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-08-19-16.00.html
and our meeting pad:
Anti-censorship work meeting pad
--------------------------------
Next meeting: Thursday August 19th 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly checkin about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at Tor.
== Announcements ==
Job opening on the anti-censorship team:
https://www.torproject.org/about/jobs/software-developer-anticensorship-2/
\o/
== Discussion ==
- v3 of the webext manifest doesn't support creating peerconnections in
the background
- last time:
- we will present our need to
https://github.com/w3c/webrtc-extensions/issues/77 to encourage them to
permit WebRTC in service workers
- no updates this week: cohosh will take over drafting a comment for
the linked issue
- Tor and obfs4/meek blocking in TM:
https://gitlab.torproject.org/tpo/community/support/-/issues/40030
- last time:
-
https://metrics.torproject.org/userstats-relay-country.html?start=2021-05-1…
- ggus found a volunteer to help with testing. obfs4, meek-azure,
and snowflake did not work; a private obfs4 bridge worked.
- http://emma.mhgb.net/ was not reachable, so ggus set up a mirror
at http://emma.gus.computer/
- our tester is having difficulty installing a recent Tor browser on
an old Windows computer
- will ask to install ooniprobe
- cohosh will ask OONI (arturo and maria) for contacts in TM
- Snowflake reporting its own connection failures and sending messages
to tor logs
-
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- useful for diagnosing failures to connect, by users or our own
testing, without having to enable the snowflake-client log file
- e.g. using PT protocol LOG or STATUS messages
- Ukraine is experiencing an increase in relay users
- https://metrics.torproject.org/userstats-relay-country.html?country=ua
- in the past this was due to a browser bundling tor for
anti-blocking purposes
-
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss…
== Interesting links ==
USENIX Security 2021 papers
https://www.usenix.org/conference/usenixsecurity21/technical-sessions
"Domain Shadowing: Leveraging Content Delivery Networks for Robust
Blocking-Resistant Communications"
https://www.usenix.org/conference/usenixsecurity21/presentation/wei
"How Great is the Great Firewall? Measuring China's DNS Censorship"
https://www.usenix.org/conference/usenixsecurity21/presentation/hoang
"Balboa: Bobbing and Weaving around Network Censorship"
https://www.usenix.org/conference/usenixsecurity21/presentation/rosen
"Weaponizing Middleboxes for TCP Reflected Amplification"
https://www.usenix.org/conference/usenixsecurity21/presentation/bock
"Defeating DNN-Based Traffic Analysis Systems in Real-Time With
Blind Adversarial Perturbations"
https://www.usenix.org/conference/usenixsecurity21/presentation/nasr
== Reading group ==
We will discuss "" on
Questions to ask and goals to have:
What aspects of the paper are questionable?
Are there immediate actions we can take based on this work?
Are there long-term actions we can take based on this work?
Is there future work that we want to call out, in hopes that others
will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): last updated 2021-08-19
Last week:
- hiring tasks for ac team and network team
- 3 full days of s28 integration/scrimmage prep x_x
- checked on censorship measurement tests
- looked in TM blocking of Tor bridges (support#40030)
- parse SOCKS args for Snowflake (snowflake#40059)
This week:
- more hiring and s28 meetings
- censorship measurement tests and tools
- help the browser team with tor's autoconnect feature
- reviews
- rdsys!11
- snowflake!52 followup
- snowflake#25595 followup
- follow up on OONI tor tests
- lots of miscellaneous gitlab TODOs
Needs help with:
arlolra: 2021-08-12
Last week:
- Migrate to v3 of the webextension manifest
Next week:
- Maybe get back to snowflake-webext #10
- Write up the pitch for our use case for supporting creating
PeerConnections in background service workers
https://github.com/w3c/webrtc-extensions/issues/77
Help with:
-
dcf: 2021-08-19
Last week:
- snowflake CDN bookkeeping
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co…
- posted a summary of the Turkmenistan situation
https://ntc.party/t/recent-drop-in-tor-users-from-turkmenistan-testers-want…https://gitlab.torproject.org/tpo/community/support/-/issues/40030
Next week:
Help with:
agix:2021-07-15
Last week:
-Off due to final exams
Next week:
-Work on bridgebox for rdsys
-More research on httpt #4
Help with:
-
maxb: 2021-07-15
Last week:
- Opened
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
re: utls for broker negotiation
- Worked on github.com/max-b/nat-testing for
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- Added a snowflake-proxy-no-nat and a snowflake-client-no-nat to
help with debugging
- Successfully making connections from snowflake-client and
snoflake-client-no-nat through the snowflake-proxy-no-nat, but not
having any success with the snowflake-proxy (with nat).
- Added a local dockerized STUN server
Next week:
- Use wireshark to figure out the difference between successful
snowflake-proxy-no-nat and unsuccessful snowflake-proxy-nat
- Work on implementing different NAT types, particularly in a way
that's conducive to automatic testing
- Add testing wrapper w/ "pass/fail" conditions
meskio: 2021-08-19
Last week:
- catch up after 3 weeks AFK (still in process)
- debug bridgestrap CollecTor metrics and why are not produced
(bridgestrap#22)
- review bridgestrap fix to test only uncached bridges (bridgestrap!11)
- review bridgedb parse X-Forwarded-For header properly (bridgedb!21)
- review snowflake SOCKS arguments (snowflake!53)
Next week:
- make bridgestrap CollecTor metrics resistant to restarts
(bridgestrap#22)
- change bridgedb to send obfs4 bridges by default over email
(bridgedb#50)
- gettor in rdsys architecture documentation (rdsys#44)
- make a proposal for duplicated tests in bridgestrap CollecTor
metrics (bridgestrap#23)
Help with:
-
Hi,
I have released metrics-lib 2.19.0.
metrics-lib, which also goes by the name DescripTor, is a Java API that
fetches Tor descriptors from a variety of sources like cached
descriptors and directory authorities/mirrors. The DescripTor API is
useful to support statistical analysis of the Tor network data and for
building services and applications.
This release is the sum of over 9 years of development, with the latest
changes:
* Medium changes
- Expose overload-general fields in ServerDescriptor.
* Minor changes
- Document ExtraInfoDescriptor classes
- Refactor javadoc to remove some style warnings
You can find the release at:
https://dist.torproject.org/metrics-lib/2.19.0/
You can find the sources at:
https://gitlab.torproject.org/tpo/metrics/library/-/tree/metrics-lib-2.19.0
Thanks,
-hiro
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-08-12-16.00.html
and our meeting pad:
Anti-censorship work meeting pad
--------------------------------
Next meeting: Thursday August 12th 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly checkin about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at Tor.
== Announcements ==
Job opening on the anti-censorship team:
https://www.torproject.org/about/jobs/software-developer-anticensorship-2/
\o/
== Discussion ==
v3 of the webext manifest doesn't support creating peerconnections
in the background
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…https://github.com/w3c/webrtc-extensions/issues/77
we will present our need to
https://bugs.chromium.org/p/chromium/issues/detail?id=1207214 to
encourage them to permit WebRTC in service workers
Testing Tor in TM:
https://gitlab.torproject.org/tpo/community/support/-/issues/40030
relay users dropped off in the latter half of July 2021
https://metrics.torproject.org/userstats-relay-country.html?start=2021-05-1…
ggus found a volunteer to help with testing. obfs4, meek-azure, and
snowflake did not work; a private obfs4 bridge worked.
http://emma.mhgb.net/ was not reachable, so ggus set up a mirror at
http://emma.gus.computer/
hackerncoder is combining all the gettor scripts
while doing so, it will be helpful to also start using 1 archive.org
item or collection per release
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/32#note_27…
== Actions ==
== Interesting links ==
USENIX Security 2021 papers
https://www.usenix.org/conference/usenixsecurity21/technical-sessions
"Domain Shadowing: Leveraging Content Delivery Networks for Robust
Blocking-Resistant Communications"
https://www.usenix.org/conference/usenixsecurity21/presentation/wei
"How Great is the Great Firewall? Measuring China's DNS Censorship"
https://www.usenix.org/conference/usenixsecurity21/presentation/hoang
"Balboa: Bobbing and Weaving around Network Censorship"
https://www.usenix.org/conference/usenixsecurity21/presentation/rosen
"Weaponizing Middleboxes for TCP Reflected Amplification"
https://www.usenix.org/conference/usenixsecurity21/presentation/bock
"Defeating DNN-Based Traffic Analysis Systems in Real-Time With
Blind Adversarial Perturbations"
https://www.usenix.org/conference/usenixsecurity21/presentation/nasr
== Reading group ==
We will discuss "" on
Questions to ask and goals to have:
What aspects of the paper are questionable?
Are there immediate actions we can take based on this work?
Are there long-term actions we can take based on this work?
Is there future work that we want to call out, in hopes that others
will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): last updated 2021-08-12
Last week:
- hiring tasks
- fix issue with bridgestrap metrics (bridgestrap#20)
- visualized the result of our snowflake and obfs4 probe tests
- s28 meetings and deliverables
- discussions with OONI about OONI tor tests:
- https://github.com/ooni/probe/issues/1730
- reviewed snowflake!52
- reviewed snowflake-webext!21
- debugged issue with snowflake#25595
- fixed bridgestrap restart by moving from cron to systemd timers
- worked on BridgeDB X-Forwarded-For parsing for Moat (bridgedb#40027)
- deployed snowflake#48
This week:
- more hiring and s28 meetings
- help the browser team with tor's autoconnect feature
- reviews
- rdsys!11
- follow up on OONI tor tests
- bridgedb web page overhaul (bridgedb#34322)
Needs help with:
arlolra: 2021-08-12
Last week:
- Migrate to v3 of the webextension manifest
Next week:
- Maybe get back to snowflake-webext #10
- Write up the pitch for our use case for supporting creating
PeerConnections in background service workers
https://github.com/w3c/webrtc-extensions/issues/77
Help with:
-
dcf: 2021-08-12
Last week:
- approved snowflake buffer size increase
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- merged Snowflake AMP cache feature following review
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
Next week:
Help with:
maxb: 2021-07-15
Last week:
- Opened
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
re: utls for broker negotiation
- Worked on github.com/max-b/nat-testing for
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- Added a snowflake-proxy-no-nat and a snowflake-client-no-nat to
help with debugging
- Successfully making connections from snowflake-client and
snoflake-client-no-nat through the snowflake-proxy-no-nat, but not
having any success with the snowflake-proxy (with nat).
- Added a local dockerized STUN server
Next week:
- Use wireshark to figure out the difference between successful
snowflake-proxy-no-nat and unsuccessful snowflake-proxy-nat
- Work on implementing different NAT types, particularly in a way
that's conducive to automatic testing
- Add testing wrapper w/ "pass/fail" conditions
meskio: 2021-07-22
Last week:
- submit the "final" gettor rdsys integration (rdsys!11 rdsys#32)
- report number of clients on the snowflake webextension
(snowflake-webext!19)
- Wait pollInterval in snowflake between proxy offers
(snowflake#40055 snowflake!51)
- link anti-censorship doc from the TPA wiki (team#4)
- review snowflake README clean ups (snowflake!49)
- looking up at issues with bridgestrap tests and CollecTor
(bridgestrap#20)
- fixes in mutex usage in bridgestrap collector metrics (bridgestrap!10)
Next week:
- AFK for the next 3 weeks
Help with:
-