April 2023 - tor-project - lists.torproject.org

Are there countries where using Tor is illegal?
by Cristian Consonni 11 May '25

11 May '25

Hi, (Sorry if this question has already been asked in the past, feel free to point me to the relevant resources.) I know that the legal FAQs by the EFF state that: «we believe that running a Tor relay — including an exit relay that allows people to anonymously send and receive traffic — is legal under U.S. law.»[1] I also know there is a list of countries for which there is legislation that exclude communication service providers from liability. They are indicated in the Legal of the Tor Exit Guidelines page[2], they are USA, Germany, Netherlands, Austria, France, and Sweden. >From some articles in the press[3a][3b] it may be illegal - depending on how you interpret the wording[*] - to use Tor (and other technologies such as VPNs or proxies) in the UAE, with fines ranging in the millions of dirhams (hundreds of thousand of dollars). A couple of weeks ago it was discussed - on this list as well - that a law was introduced to the state parliament to ban Tor[4a][4b]. This follows a case of some months ago of a Russian Tor exit node operator being arrested for inciting mass riots and terrorism[4c][4d]. The idea of blocking VPNs or Tor seems to have already been considered in the past[4e]. This infographic about pluggable transports[5] suggests access to the Tor network is censored or limited in China, Uzbekistan, Iran, and Kazakhstan. Tor being censored orblocked may be different from it being illegal. What about other countries? Is there a place where I can find more about this topic? Cristian [1]: https://www.torproject.org/eff/tor-legal-faq.html.en [2]: https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines [3a]: http://www.emirates247.com/news/emirates/dh500-000-fine-if-you-use-fraud-ip… [3b]: http://news.softpedia.com/news/people-caught-using-vpns-tor-or-proxies-in-t… [*]: «Whoever uses a fraudulent computer network protocol address (IP address) by using a false address or a third-party address by any other means for the purpose of committing a crime or preventing its discovery» [4a]: https://lists.torproject.org/pipermail/tor-talk/2017-June/043293.html [4b]: https://trac.torproject.org/projects/tor/ticket/22055 [4c]: https://lists.torproject.org/pipermail/tor-talk/2017-April/043109.html [4d]: https://techcrunch.com/2017/04/24/dmitry-bogatov-tor-russia/ [4e]; https://torrentfreak.com/vpn-and-tor-ban-looming-on-the-horizon-for-russia-… [5]: https://www.torproject.org/images/PT/2016-07-how-to-use-PT.png

4 3

Constructing a real-world dataset for studying website fingerprinting
by Jansen, Robert G CIV USN NRL (5543) Washington DC (USA) 26 Apr '23

26 Apr '23

Hello Tor friends, We are planning to construct a real-world dataset for studying Tor website fingerprinting that researchers and developers can use to evaluate potential attacks and to design informed defenses that improve Tor’s resistance to such attacks. We believe the dataset will help us make Tor safer, because it will allow us to design defenses that can be shown to protect *real* Tor traffic instead of *synthetic* traffic. This will help ground our evaluation of proposed defenses in reality and help us more confidently decide which, if any, defense is worth deploying in Tor. We have submitted detailed technical plans for constructing a dataset to the Tor Research Safety Board and after some iteration have arrived at a plan in which we believe the benefits outweigh the risks. We are now sharing an overview of our plan with the broader community to provide an opportunity for comment. More details are below. Please let us know if you have comments. Peace, love, and positivity, Rob P.S. Apologies for posting near the end of the work-week, but I wanted to get this out in case people want to talk to me about it in Costa Rica. === BACKGROUND Website fingerprinting attacks distill traffic patterns observed between a client and Tor entry into a sequence of packet directions: -1 if a packet is sent toward the destination, +1 if a packet is sent from toward the client. An attacker can collect a list of these directions and then train machine learning classifiers to associate a website domain name or url with the particular list of directions observed when visiting that website. Once it does this training, then when it observes a new list of directions it can use the trained model to predict which website corresponds to that pattern. For example, suppose [-1,-1,+1,+1] is associated with website1 and [-1,+1,-1,+1] is associated with website2. There are two steps in an attack: Step 1: In the first step the attacker itself visits website1 and website2 many times and learns: [-1,-1,+1,+1] -> website1 [-1,+1,-1,+1] -> website2 It trains a machine learning model to learn this association. Step 2: In the second step, with the trained model in hand, the attacker monitors a Tor client (maybe the attacker is the client’s ISP, or some other entity in a position to observe a client’s traffic) and when it observes the pattern: [-1,-1,+1,+1] the model will predict that the client went to website1. This example is *extremely* simplified, but I hope gives an idea how the attack works. PROBLEM Because researchers don’t know which websites Tor users are visiting, it’s hard to do a very good job creating a representative dataset that can be used to accurately evaluate attacks or defenses (i.e., to emulate steps 1 and 2). The standard technique has been to just select popular websites from top website lists (e.g., Alexa or Tranco) and then set up a Tor webpage crawler to visit the front-pages of those websites over and over and over again. Then they use that data to write papers. This approach has several problems: - Low traffic diversity: Tor users don’t only visit front-pages. For example, they may conduct a web search and then click a link that brings them directly to an internal page of a website. The patterns produced from front-page visits may be simpler and unrepresentative of the patterns that would be observed from more complicated internal pages. - Low browser diversity: It has been shown by research from Marc Juarez [0] and others that webpage crawlers used by researchers lack diversity in important aspects that cause us to overestimate the accuracy of WF attacks. For example, the browser versions, configuration choices, variation in behavior (e.g., using multiple tabs at once), and network location of the client can all significantly affect the observable traffic patterns in ways that a crawler methodology does not capture. - Data staleness: Researchers collect data over a short time-frame and then evaluate the attacks assuming this static dataset. In the real world, websites are being updated over time, and a model trained on an old version of a website may not transfer to the new version. In addition to the above problems in methodology, current research also causes incidental consequences for the Tor network: - Network overhead: machine learning is a hot topic and several research groups have crawled tens of thousands of websites over Tor many times each. While each individual page load might be insignificant compared with the normal usage of Tor, crawling does add additional load to the network and can contribute to congestion and performance bottlenecks. Researchers have been designing attacks that are shown to be extremely accurate using the above synthetic crawling methodology. But because of the above problems, we don’t properly understand the *true* threat of the attack against the Tor network. It is possible that the simplicity of the crawling approach is what makes the attacks work well, and that the attacks would not work as well if evaluated with more realistic traffic and browser diversity. PLAN So our goal is to construct a real-world dataset for studying Tor website fingerprinting that researchers and developers can use to evaluate potential attacks and to design informed defenses that improve Tor’s resistance to such attacks. This dataset would enable researchers to use a methodology that does not have any of the above limitations. We believe that such a dataset will help us make Tor safer, because it will allow us to design defenses that can be shown to protect *real* Tor traffic instead of *synthetic* traffic. This would lead to a better understanding of proposed defenses and enable us to more confidently decide which, if any, defense is worth deploying in Tor. The dataset will be constructed from a 13-week exit relay measurement that is based on the measurement process established in recent work [1]. The primary information being measured is the directionality of the first 5k cells sent on a measurement circuit, and a keyed-HMAC of the first domain name requested on the circuit. We also measure relative circuit and cell timestamps (relative to the start of measurement). The measurement data is compressed, encrypted using a public-key encryption scheme (the secret key is stored offline), and then temporarily written to persistent storage before being securely retrieved from the relay machine. We hope that this dataset can become a standard tool that website fingerprinting researchers and developers can use to (1) accelerate their study of attacks and defenses, and (2) produce evaluation and results that are more directly applicable to the Tor network. We plan to share it upon request only to other researchers who appear to come from verifiable research organizations, such as students from well-known universities. We will require researchers with whom we share the data to (1) keep the data private, and (2) direct others who want a copy of the data to us to mitigate unauthorized sharing. [0] A Critical Evaluation of Website Fingerprinting Attacks. Juarez et al., CCS 2014. https://www1.icsi.berkeley.edu/~sadia/papers/ccs-webfp-final.pdf [1] Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World. Cherubin et al., USENIX Security 2022. https://www.usenix.org/conference/usenixsecurity22/presentation/cherubin

3 6

Anti-censorship team meeting notes, 2023-04-20
by Shelikhoo 20 Apr '23

20 Apr '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-04-20-15.58.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, May 4 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == - We will not have a meeting on IRC next week, next meeting will be at May 4 == Discussion == * Update on Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * after a lot of research the proposed solution is to enable datagram transport on webrtc to deal with the packet loss situation * that will convert webrtc into an unreliable channel, and snowflake will add reliablity with kcp * (NO update from shell @ Apr 20) * goptlib now lives in gitlab.torproject.org == Actions == == Interesting links == * == Reading group == * We will discuss "Lox: Protecting the Social Graph in Bridge Distribution" on 2023 May 18 * https://cypherpunks.ca/~iang/pubs/lox-popets23.pdf * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-04-20 Last week: - Some FOCI stuff - reviewed snowflake-webext!63 - reviewed some library update MRs This week: - Tor meeting Needs help with: dcf: 2023-04-20 Last week: - did a haproxy security upgrade on snowflake-01 and snowflake-01 bridges https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - moved goptlib from git.torproject.org to gitlab.torproject.org https://lists.torproject.org/pipermail/tor-dev/2023-April/014829.html - analyzed the rate of client_ip reporting since the release of snowflake-webext-0.7.2 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-04-20 Last week: - update PTs to use goptlib from gitlab.tpo - distribute bridges in rdsys even if there fewer than requested in the hashring (rdsys#162) - add webtunnel support to BridgeDB (rdsys#142) Next week: - tormeeting Shelikhoo: 2023-04-20 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - [Merge Request] container image for webtunnel (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) (Done) - reviewing moving to goptlib to gitlab PRs - consider propagating 2FA everywhere, maybe, at the April Tor Meeting (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138) (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41125) Next Week: - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - logcollector alert system - webtunnel document for proxy operator - Costa Rica Meetup!!! onyinyang: 2023-04-20 Last week: - worked on handling `gone resources` in a more appropriate way for Lox as outlined here: https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/issues… - work on implementing metrics to check on flickering resources and ratios observed - work on marking as `gone`, failing/low-bandwidth resources that are no longer distributed - worked on presentation for Lox overview and discussing more challenging problems of Lox that could benefit from AC team brainstorming: This week: - Tor meeting -If time (and functionality above is in place): - If a bridge is `gone` due to bandwidth issues or descriptors not being published, replace them with working bridges in Lox--this will have implications for syncing with rdsys but first things first :) (long term) - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice. Question: What makes a bridge useable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrified to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-04-13 Last week: - Vacation This week: - Experimenting with additional SDP tests after discussion on MR #141 (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Learning about rdsys - Started working on #110 (treat unknown bridge distribution request as "none") hackerncoder: 2023-04-20 last week: - (py-)ooni-exporter torsf (snowflake) - (py-)ooni-exporter web_connectivity Next week: - work on "bridgetester"? - how does Iran block bridges

1 0

Anti-censorship team meeting notes, 2023-04-13
by Itchy Onion 17 Apr '23

17 Apr '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-04-13-15.58.log… And our meeting pad: Anti-censorship work meeting pad ------------------------------------------------------------------------------------ - THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, April 13 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == - Our anti-censorship roadmap: - Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards - The anti-censorship team's wiki page: - https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home - Past meeting notes can be found at: - https://lists.torproject.org/pipermail/tor-project/ - Tickets that need reviews: from sponsors, we are working on: - All needs review tickets: - https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… - Sponsor 96 - https://gitlab.torproject.org/groups/tpo/-/milestones/24 - Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it - https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == - Update on Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - after a lot of research the proposed solution is to enable datagram transport on webrtc to deal with the packet loss situation - that will convert webrtc into an unreliable channel, and snowflake will add reliablity with kcp - (NO update from shell @ Apr 13) == Actions == == Interesting links == - == Reading group == - We will discuss "Lox: Protecting the Social Graph in Bridge Distribution" on 2023 May 18 - https://cypherpunks.ca/~iang/pubs/lox-popets23.pdf - Questions to ask and goals to have: - What aspects of the paper are questionable? - Are there immediate actions we can take based on this work? - Are there long-term actions we can take based on this work? - Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - - Something you need help with. cecylia (cohosh): last updated 2023-04-13 Last week: - released a new version of snowflake-webext (0.7.2) - added CI and renovate bot to Conjure - debugged wireguard setup and confirmed it works - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - fixed a bug where SOCKS handles were being leaked in Conjure - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - Added a content security policy to webextension - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Opened an upstream issue in gotapdance to restore functionality lost in a version upgrade - https://github.com/refraction-networking/gotapdance/issues/113 This week: - Lox tor browser integration - conjure maintenance Needs help with: dcf: 2023-04-13 - Last week: - - posted performance measurements of a QueuePacketConn optimization and merged it https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - - made a graph of snowflake proxy NAT types over time, which highlights the times when probetest was failing and there was an increase in "unknown" NAT types https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - - archived snowflake-webextension-0.7.2 https://archive.org/details/snowflake-webextension-0.7.2 - Next week: - - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… (for real) - - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - - open issue to disable /debug endpoint on snowflake broker - Help with: meskio: 2023-04-13 Last week: - - configure rdsys to distribute webtunnel bridges (rdsys#142) - - set up a webtunnel bridge to test - - review and merge a bunch of renovate MRs in rdsys - - brainstorm on pinning TLS certs in Tor Browser for bridges.torproject.org (tpa/team#41123) - - review bridgestrap aggressive retry for dysfunctional bridges (bridgestrap!16) - - review snowflake webextension CSP (webext!66) - - sponsor 96 report - - grant application work... Next week: - - distribute webtunnel bridges in BridgeDB Shelikhoo: 2023-04-13 Last Week: - - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - - [Merge Request] container image for webtunnel (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) - - [Research] Fix crash on launch when unexpected input was supplyed over PT protocol https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt… - - Write S96 report - - Comment on S96 User Research Risk Assessment Next Week: - - [Research] WebTunnel planning (Continue) - - Try to find a place to host another vantage point - - container image for webtunnel - - consider propagating 2FA everywhere, maybe, at the April Tor Meeting (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138) - - logcollector altert system - - webtunnel document for proxy operator - onyinyang: 2023-04-13 Last week: - worked on handling `gone resources` in a more appropriate way for Lox as outlined here: https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/issues… - implemented a more aggressive testing schedule for failing bridgestrap resources https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/merge_reque… - discovered that failed/low bandwidth resources are quietly marked to not be distributed and so don't show up as `gone` - discussed implementing metrics to check how frequently badwidth ratio causes resources to "flicker" tracked here: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/160 This week: - work on implementing metrics to check on flickering resources - work on marking as `gone`, failing/low-bandwidth resources that are no longer distributed -If time (and functionality above is in place): - - If a bridge is `gone` due to bandwidth issues or descriptors not being published, replace them with working bridges in Lox--this will have implications for syncing with rdsys but first things first :) - - (long term) - - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice. - Question: What makes a bridge useable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? - 1. Are there some obvious grouping strategies that we can already consider? - e.g., by pt, by bandwidth (lower bandwidth bridges sacrified to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) - 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-04-13 Last week: - - Vacation This week: - Experimenting with additional SDP tests after discussion on MR #141 (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Learning about rdsys - Started working on #110 (treat unknown bridge distribution request as "none") - hackerncoder: 2023-03-09 last week: Next week: - getting ooni-exporter to work with torsf (snowflake) - ooni-exporter web_connectivity - work on "bridgetester"? - how does Iran block bridges

1 0

Tor Browser Meeting Cancelled this Week (2023-04-10)
by Richard Pospesel 10 Apr '23

10 Apr '23

Hi everyone, The browser meeting is cancelled this week but will be back next week (2024-04-17) at 1500 UTC in #tor-meeting in OFTC IRC. best, -Richard

1 0

Anti-censorship team meeting notes, 2023-04-06
by Shelikhoo 06 Apr '23

06 Apr '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-04-06-15.59.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, April 13 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == * Update on Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * after a lot of research the proposed solution is to enable datagram transport on webrtc to deal with the packet loss situation * that will convert webrtc into an unreliable channel, and snowflake will add reliablity with kcp * (NO update from shell @ Apr 6) == Actions == == Interesting links == * https://opencollective.com/censorship-circumvention/projects/snowflake-dail… == Reading group == * We will discuss "Lox: Protecting the Social Graph in Bridge Distribution" on 2023 May 18 * https://cypherpunks.ca/~iang/pubs/lox-popets23.pdf * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-03-30 Last week: - enabled wasm target for rust in tor-browser-build - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… - helped debug blocking of Snowflake in TM - https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… - discussed the problem of deciding whether a bridge is blocked or not - took a look at memory issues for the Snowflake proxy - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… This week: - Lox tor browser integration - fix conjure issues found by code audit Needs help with: dcf: 2023-04-06 Last week: - wrote notes on WebRTC unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - made graphs of DTLS packet losses in China https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… - revised snowflake-server listen error check fix and merged it https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - documented more cdn.sstatic.net anomalies in Iran in March 2023 https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/115#note_28… - wrote the March 2023 update for the snowflake-01 Open Collective https://opencollective.com/censorship-circumvention/projects/snowflake-dail… - wrote a sync.Pool performance optimization for snowflake QueuePacketConn and started bridge-side CPU and RAM measurements in advance of a test deployment https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - made a graph of snowflake users from Russia since the DTLS fingerprint fix (Hello Verify Request) in Tor Browser 12.0.3 (still awaiting an Orbot release) https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… Next week: - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… (for real) - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-04-06 Last week: - AFK time Next week: - webtunnel integration in rdsys Shelikhoo: 2023-04-06 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - Comment on S96 User Research Risk Assessment - Comment on various grant proposal - Write grant report - Fix Telegram Bridge Distributor responding with a blank message https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/158 - Work on TPA-RFC-53: consider propagating 2FA everywhere, maybe at the April Tor Meeting - X~X time was mostly spent on urgent task Next Week: - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - container image for webtunnel - consider propagating 2FA everywhere, maybe, at the April Tor Meeting (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138) - logcollector altert system - webtunnel document for proxy opertator onyinyang: 2023-04-06 Last week: - Did a deep dive into rdsys to understand how it is handling `new`, `changed`, `gone` resources some results/discussion here: https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/issues… - updated Lox library, rdsys-backend-api and lox distributor to handle new and changed resources in a way that is more aligned with rdsys' behaviour - added some preliminary documentation: https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/wikis/… This week: - work on handling `gone resources` in a more appropriate way for Lox as outlined here: https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/issues… -If time: Start implementing a function in lox distributor/lox library to handle syncing of Lox bridgetable Needs help with: (medium term) Question 1: re: `gone` resources: under what circumstances should a `gone` bridge be replaced? - If a bridge is `gone` due to bandwidth issues or descriptors not being published, should they be replaced with working bridges in a Lox bucket ? Question 2: How easily can a censor manipulate the bridgepool/bridges to create a `gone` resource? - Does replacing bridges, especially at the untrusted user level, create an enumeration risk? My thought is that `gone` bridges should be replaced if they are determined to be unusable into the future (not just temporarily down) and the bucket risks becoming "unreachable" and requiring users to move to a new bucket. Maybe this should only be true for trusted users though? (long term) - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice. Question: What makes a bridge useable for a given user and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrified to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-03-22 Last week: - Closed #40252 (NAT probetest for standalone proxy) - Closed #40265 (mac user reporting standalone proxy complaning about broker cert) - Worked on #40231 (Client sometimes send offer with no ICE candidates) This week: - Tested and created a potential broker security issue (#40266) - Stil working on #40231 -- validate SDP contains candidate at the "/client" and "/answer" endpoints broke almsost all of the unit tests hackerncoder: 2023-03-09 last week: Next week: - getting ooni-exporter to work with torsf (snowflake) - ooni-exporter web_connectivity - work on "bridgetester"? - how does Iran block bridges

1 0

Joydeep's monthly status report for March 2023
by Joydeep Sen Gupta 06 Apr '23

06 Apr '23

Hello everyone! Here are my updates from March. In total, I resolved 521 tickets across our email, telegram, whatsapp and signal user support channels. Most of my work was concentrated around user support work helping users in regions where Tor is censored. Apart from that, we got a few reports of a Windows bug[0], pretty much coninciding with the Tor Browser 12.0.4 stable release. Timeframe: 01 - 31 March 2023 # Frontdesk -613 RT tickets created -560 RT tickets resolved Most frequent tickets by numbers: 1. 252 RT Tickets: Private Bridge requests from China. 2. 23 RT Tickets: How to use a Tor Bridge in Russia? 3. 13 RT tickets: Responses from our relay operator community for the obfs4 bridge campaign to help users in Turkmenistan connect to Tor[1] 4. 6 RT Tickets: Circumventing censorship with Tor in Iran. 5. 3 RT Tickets: Unable to launch Tor Browser on Windows[0] # Telegram, WhatsApp and Signal Support channel -604 tickets resolved Breakdown: -513 tickets on Telegram -67 tickets on WhatsApp -24 tickets on Signal The most frequent tickets we received have been about: 1. 139 tickets: Circumventing censorship in Russia. 2. 109 tickets: Circumventing censorship in Turkmenistan. 3. 52 tickets: Circumventing censorship in Iran. 4. 26 tickets: Circumventing censorship in China. # Tor Forum Most popular topics in the Support category (in terms of number of views): 1. "Anyone experiencing problems with Snowflake proxy?"[2] 2. "I Have Seen 0 Unique Clients - Why?"[3] 3. "(Tor) Browser not responding"[4] 4. "Is there an index for onion domains?"[5] 5. "Relay or Bridge"[6] Thanks! --Joydeep [0]: https://forum.torproject.net/t/tor-setup-application-not-launching/7069 [1]: https://lists.torproject.org/pipermail/tor-relays/2023-March/021100.html [2]: https://forum.torproject.net/t/anyone-experiencing-problems-with-snowflake-… [3]: https://forum.torproject.net/t/i-have-seen-0-unique-clients-why/6921 [4]: https://forum.torproject.net/t/browser-not-responding/7116 [5]: https://forum.torproject.net/t/is-there-an-index-for-onion-domains/6893 [6]: https://forum.torproject.net/t/relay-or-bridge/6881

1 0

cohosh's monthly status report, March 2023
by Cecylia Bocovich 06 Apr '23

06 Apr '23

Hi! This is my status report for contract work done in March 2023. # Reputation-based bridge distribution - Enabled the wasm target for the rust compiler in tor-browser-build https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… - Made progress on the client-side integration with Tor Browser https://gitlab.torproject.org/cohosh/tor-browser/-/merge_requests/1 - Reviewed and merged updates to Lox wasm bindings https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-wasm - Helped fix a bug in rdsys that occurred after a recent upgrade https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/merge_requests… - Adapted ResourceStream to implement the Stream trait rather than the Iterator trait in rdsys-backend-api https://gitlab.torproject.org/cohosh/rdsys-backend-api - Reviewed and merged work on the rdsys distributor for lox https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-distributor # Snowflake Web Extension - Reviewed and merged several contributions

1 0

Nina’s Monthly status report for March’23
by Nina 04 Apr '23

04 Apr '23

Hi! This is my report for March 2023. In that month, I resolved 527 tickets: On Telegram (@TorProjectSupportBot) - 362 On RT (frontdesk@tpo) - 143 On WhatsApp (+447421000612) - 16 and Signal (+17787431312) - 6. The usual requests I deal with are helping Russian-speaking users with censorship circumvention and troubleshooting around it. This month I worked a lot on collecting information and getting feedback from our users. Among other requests are helping Windows users to install and use Tor Browser. The main issues are: - Tor Browser and antivirus, - non-ASCII symbols in folders' names - https://gitlab.torproject.org/tpo/core/tor/-/issues/10416 Another regular issue across various OS is using Tor Browser with bridges and VPN simultaneously. This month there were several requests regarding Tor Browser permissions and tracking options, which are present in FireFox, but disabled in Tor Browser.

1 0

Rhatto's Monthly Status Report, March 2023
by rhatto 03 Apr '23

03 Apr '23

Hi all :) This is my monthly status report for March 2023 with the main activities I have done during the period. ## 0. Research * Basic quality assurance check for Onion Service support in the Tor Browser. Results were sent to the Applications Team. * Started planning the Onion Plan Session for the Costa Rica meeting: https://gitlab.torproject.org/tpo/onion-services/onionplan/-/issues/7 ## 1. Development Onionprobe, a test and monitoring tool for Onion Services: * Tests and metrics for X.509 certificates: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/49 * MetricsPort support: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/71 * PostgreSQL version handling for the Onionprobe monitor node: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/70 * These as well as other features and bug fixes marks the release of Onionprobe 1.1.0: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/blob/main/Cha… EOTK, the Enterprise Onion Toolkit: * Pull request to upgrade Tor: https://github.com/alecmuffett/eotk/pull/111 terraform-aws-bc-eotk, a Terraform module for EOTK deployments on AWS: * Minor merge requests: Set keys/certs ownership and perms: https://gitlab.com/sr2c/terraform-aws-bc-eotk/-/merge_requests/3 Cleanup EOTK during startup: https://gitlab.com/sr2c/terraform-aws-bc-eotk/-/merge_requests/2 Restart EOTK once a week: https://gitlab.com/sr2c/terraform-aws-bc-eotk/-/merge_requests/1 ## 2. Support * Detailed Onionprobe documentation: https://tpo.pages.torproject.net/onion-services/onionprobe/ https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/19 * Ongoing Sponsor 123 deployments, monitoring and maintenance. ## 3. Organization * Helped with project proposals, planning, management and reporting. * Time spent (from the total available for Tor-related work): | Category | Percentage |---------------|------------ | Research | 6 | Development | 29 | Support | 29 | Organization | 36 |---------------|------------ | Total | 100 -- Silvio Rhatto pronouns he/him

1 0