tor-project June 2023

tor-project@lists.torproject.org

17 participants
18 discussions

Retirement of Gitolite and GitWeb started, please migrate by end of year
by Antoine Beaupré 26 Mar '24

26 Mar '24

Hi, Gitolite (`git.torproject.org` and `git-rw.torproject.org`) and GitWeb (<https://gitweb.torproject.org>) will be fully retired within 9 to 12 months (by the end of Q2 2024). TPA will implement redirections on the web interfaces to maintain limited backwards compatibility for the old URLs. Start migrating your repositories now by following the [migration procedure][], and please complete the migration by the end of year 2023. See the full discussion in [TPA-RFC-36][]. [migration procedure]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/git#how-to-migrate… [TPA-RFC-36]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-36-gitoli… A. -- Antoine Beaupré torproject.org system administration

1 2

Tor's history of D/DoS attacks; strategy for mitigation
by Cory Francis Myers 26 Jul '23

26 Jul '23

I'm investigating the applicability of the IETF's DDoS Open Threat Signaling (DOTS) specifications[1] to the needs of privacy-preserving overlay networks, including VPNs but with particular interest in Tor. Specifically, now that the July 2022 D/DoS attack has finally come to a close, I'm wondering about: 1. the history, frequency, and magnitude of D/DoS attacks against the Tor network; 2. when these have taken the form of Tor traffic versus lower-level attacks on Tor nodes and HSDirs; and 3. how the new "proof of work over introduction circuits" scheme fits into Tor's overall strategy for mitigating D/DoS attacks. I've found plenty of current and historical GitLab tickets---but I'm wondering if there are more comprehensive documents or other resources I'm not aware of. --- cfm[2]. [1]: https://datatracker.ietf.org/wg/dots/documents/ [2]: I'm a maintainer of the SecureDrop project at the Freedom of the Press Foundation, but this work is supported by ARTICLE 19's Internet of Rights Fellowship.

2 5

Anti-censorship team meeting notes, 2023-06-29
by meskio 29 Jun '23

29 Jun '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-06-22-15.57.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, July 6 16:00 UTC Facilitator: meskio Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: Shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == * rdsys is ignoring the running flag now :) * To hide your bridge's ORPort: ORPort 127.0.0.1:auto AssumeReachable 1 * No meeting July 13 or 20 == Discussion == * do we want to activate renovate bot in snowflake? * conjure and rdsys have being using it for a while * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * meskio will enable it * do we want to use the triage bot to warn on stalled issues? * https://gitlab.torproject.org/tpo/tpa/triage-ops/-/blob/main/common/02-stal… * so issues are reminded if they get stalled for too long * meskio will enable it for snowflake and rdsys to try it out * Conjure call for testers: are we done here? can we wrap up? (--gus) https://forum.torproject.org/t/call-for-testers-help-the-tor-project-to-tes… * we can close the call for testers after 28 days * there was a lot of good feedback * now we need to work on reliability and testing it from vantage points * should we cancel this meeting during PETS?? * let's cancel July 13 and 20 meetings * WebTunnel soft release update * https://gitlab.torproject.org/tpo/community/team/-/issues/94 * https://lists.torproject.org/pipermail/tor-relays/2023-June/021224.html * the user support eam will start asking folks to test webtunnel == Actions == * == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-06-29 Last weeks: - fixed certificate error in Snowflake and Conjure - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - released snowflake v2.6.0 - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - bumped version of Snowflake in Tor Browser - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… - fixed a crash in Conjure on Android - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - code lint improvements in lox - https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/12 - started deployment of lox distributor - https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/issues/19 - found and fixed a bug in the parsing of resource diffs from rdsys - https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/issues/22 This week: - tidy up and share shadow simulations guide for PTs - Lox tor browser integration - conjure maintenance Needs help with: dcf: 2023-06-29 Last week: - tried an encapsulation.ReadData performance improvement https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-06-29 Last week: - Distribute webtunnel bridges in the HTTPS distributor without enabling IPv6 flag (bridgedb!56) - review what projects are missing license (team#110) - update rdsys grafana dashboard - update rdsys alerts in prometheus (tpa/prometheus-alerts!32) - release and deploy a new version of rdsys - make rdsys take into account the bandwidth ratio (rdsys!135) - triage down why gettor is not updating to TB 12.5 to a bug on TB release (rdsys#166) - update wiki links to gitlab.tpo instead of .onion (rdsys#127) - add a generic metric with resources by their testing status to rdsys (rdsys!134) - ignore the running flag in rdsys (rdsys!134) - build snowflake 2.6.0 docker image Next week: - test i18n support in rdsys (rdsys#11) - finish the migration to git.tpo (team#86) Shelikhoo: 2023-06-29 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - Presentation "Call for webtunnel bridges" @ Relay Operator Meetup - Email "(Announcement) WebTunnel, a new pluggable transport for bridges, now available for deployment" to relay operator mailing list. Thanks ggus! - logcollector alert system - ongoing Next Week/TODO: - logcollector alert system <- immediate todo - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - Snowflake Performance Analysis onyinyang: 2023-06-29 Last week: - Finished changing vectors to maps - Started looking into db for Lox structures - Started working on Lox presentation for PETS This week: - fix up indexing of hashmaps for Lox bridgetable - Working on Lox presentation for PETS (to include some details about Tor integration) - Decide between databases to back the Lox structures (poloDB, redb, surrealdb seem like reasonable candidates) If time: - work on syncing Lox with rdsys given https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/168 - start thinking about metrics to add (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-06-08 Last week: - fixed snowflake pipeline due to outdated Debian image - continue working on rdsys#56 implementation. Still need to do the following: - finish up computing bridge distribution in Kraken - does it have to be deterministic? - does the disproportion have to be strictly followed - finish writing tests - refactor code because some functions are getting extremely long - what to do with stencil package? This week: - review MRs - continue working on rdsys#56 implementation. Still need to do the following: - fixed a problem with vanilla bridges not being added properly to the database - still working on tests - adding a migaration patch (https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/56#note_29…) hackerncoder: 2023-04-20 last week: - (py-)ooni-exporter torsf (snowflake) - (py-)ooni-exporter web_connectivity Next week: - work on "bridgetester"? - how does Iran block bridges? -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

Anti-censorship team meeting notes, 2023-06-22
by Shelikhoo 22 Jun '23

22 Jun '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-06-22-15.57.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, June 29 16:00 UTC Facilitator: meskio Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: Shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == Last week: (June 15th) * Documents for bridge operators about how to run a webtunnel bridge (Updated Jun 15) * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt… * we'll encourage bridge operators to run webtunnel bridges in the next Relay operators meetup (June 24th) * we'll have the documentation of how to run a webtunnel bridge in the README for now and move it in the future to the community portal * shell will prepare a presentation for the relay operators meeting * Conjure user feedback: https://forum.torproject.net/t/call-for-testers-help-the-tor-project-to-tes… * Need help: https://forum.torproject.net/t/call-for-testers-help-the-tor-project-to-tes… This week: (June 22nd) * support non-public ORPort bridges by ignoring the running flag in rdsys * https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/134 * https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/154 == Actions == * == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-06-15 Last week: - mostly finished reproducible builds of lox client and js bindings - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… - debugged and wrote a patch for the cert error on older versions of android - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - more work on shadow simulations for snowflake This week: - tidy up and share shadow simulations guide for PTs - Lox tor browser integration - conjure maintenance Needs help with: dcf: 2023-06-22 Last week: - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… - merged the IP_BIND_PORT_NO_ADDRESS patch in snowflake-server https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…, thanks itchyonion - talked about AV blocking some snowflake proxy connections, apparently triggered by the client_ip parameter https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-06-22 Last week: - work on i18n support in rdsys (rdsys#11) - remove salmon code from rdsys (rdsys!132) - ignore running flag in bridges (rdsys!134) - test a bridge without ORPort reachable and AssumeReachable and see it appearing in the bridge descriptors (rdsis#154) - update S3 existence file only if needed so archive torrent doesn't change (rdsys!133) Next week: - test i18n support in rdsys (rdsys#11) - clean up my issue queue Shelikhoo: 2023-06-22 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - webtunnel document for proxy operator(Done!) - Presentation "Call for webtunnel bridges" @ Relay Operator Meetup Next Week/TODO: - logcollector alert system <- immediate todo - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - Snowflake Performance Analysis onyinyang: 2023-06-22 Last week: - First changing the vectors in the bridge_table to maps with lookup by bridge fingerprint This week: - Continuing with changing the vectors to maps and looking into a more reasonable way of storing Lox library data structures: - https://gitlab.torproject.org/onyinyang/lox/-/issues/2 - https://gitlab.torproject.org/onyinyang/lox/-/issues/3 - Working on Lox presentation for PETS (to include some details about Tor integration) If time: - start thinking about metrics to add (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-06-08 Last week: - fixed snowflake pipeline due to outdated Debian image - continue working on rdsys#56 implementation. Still need to do the following: - finish up computing bridge distribution in Kraken - does it have to be deterministic? - does the disproportion have to be strictly followed - finish writing tests - refactor code because some functions are getting extremely long - what to do with stencil package? This week: - review MRs - continue working on rdsys#56 implementation. Still need to do the following: - fixed a problem with vanilla bridges not being added properly to the database - still working on tests - adding a migaration patch (https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/56#note_29…) hackerncoder: 2023-04-20 last week: - (py-)ooni-exporter torsf (snowflake) - (py-)ooni-exporter web_connectivity Next week: - work on "bridgetester"? - how does Iran block bridges?

1 0

GSoC'23 Project : eRPC (An efficient Relay Partition Checker) (Project Introduction and 3 Weeks Project Report)
by Rishad Baniya 21 Jun '23

21 Jun '23

Hello everyone, I hope you are doing well. My name's Rishad Baniya, a GSoC'23 selected mentee for the project "eRPC (An efficient Relay Partition Checker)", which aims to be a flexible application that checks for relay partitioning. It aims to be very configurable relay partition checker in things such as selecting the relays, controlling the application during runtime, pausing the scanner on demand and resuming it on demand .etc I should've sent this email the day I started working on the project i.e 3 weeks ago, but I totally got distracted from this part, i'm really sorry for that. Currently, I'm writing this email to introduce myself and the project that I'm working on. Project Repo : https://gitlab.torproject.org/rishadbaniya/erpc I've attached a brief report trying to explain how the project structure is and how it's going on currently. It would be great to hear your views on how a partition checking tool should behave, how scanning should be done and what kind of configurable options it should provide. With Regards, Rishad Baniya

1 0

Anti-censorship team meeting notes, 2023-06-15
by onyinyang 15 Jun '23

15 Jun '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-06-15-15.58.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, June 15 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == * Documents for bridge operators about how to run a webtunnel bridge (Updated Jun 15) * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt… * we'll encourage bridge operators to run webtunnel bridges in the next Relay operators meetup (June 24th) * we'll have the documentation of how to run a webtunnel bridge in the README for now and move it in the future to the community portal * shell will prepare a presentation for the relay operators meeting * Conjure user feedback: https://forum.torproject.net/t/call-for-testers-help-the-tor-project-to-tes… * Need help: https://forum.torproject.net/t/call-for-testers-help-the-tor-project-to-tes… == Actions == * == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-06-15 Last week: - mostly finished reproducible builds of lox client and js bindings - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… - debugged and wrote a patch for the cert error on older versions of android - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - more work on shadow simulations for snowflake This week: - tidy up and share shadow simulations guide for PTs - Lox tor browser integration - conjure maintenance Needs help with: dcf: 2023-06-08 Last week: - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… - commented on the snowflake tests with and without padding in China (which did not show signs of high packet loss this time) https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-06-15 Last week: - work on i18n support in rdsys (rdsys#11) - review webtunnel docker MRs (webtunnel!10 webtunnel!11) - review adding last passed metadata to resources in rdsys (rdsys!131) - review LE pinning in snowflake (snowflake!151) Next week: - add i18n support in rdsys (rdsys#11) Shelikhoo: 2023-06-15 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - Research about designing an armored bridge line sharing URL format (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126) - Webtunnel Document for bridge operators(container setup) (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) Next Week/TODO: - webtunnel document for proxy operator <- finish it - logcollector alert system <- immediate todo - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - Snowflake Performance Analysis onyinyang: 2023-06-15 Last week: - finished lox-distributor tests - reorganized more things within lox-rs (i.e., moving helper files etc. into lox_utils, adding documentation, pipelines, etc.) - tweaked the `gone` resources from rdsys, so that the lox-distributor can handle them appropriately This week: - Looking into a more reasonable way of storing Lox library data structures: - https://gitlab.torproject.org/onyinyang/lox/-/issues/2 - https://gitlab.torproject.org/onyinyang/lox/-/issues/3 - First changing the vectors in the bridge_table to maps with lookup by bridge fingerprint. (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice. Question: What makes a bridge useable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-06-08 Last week: - fixed snowflake pipeline due to outdated Debian image - continue working on rdsys#56 implementation. Still need to do the following: - finish up computing bridge distribution in Kraken - does it have to be deterministic? - does the disproportion have to be strictly followed - finish writing tests - refactor code because some functions are getting extremely long - what to do with stencil package? This week: - review MRs - continue working on rdsys#56 implementation. Still need to do the following: - fixed a problem with vanilla bridges not being added properly to the database - still working on tests - adding a migaration patch (https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/56#note_29…) hackerncoder: 2023-04-20 last week: - (py-)ooni-exporter torsf (snowflake) - (py-)ooni-exporter web_connectivity Next week: - work on "bridgetester"? - how does Iran block bridges? -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

[Proposal] CoC Update - Include a description of the Tor Community
by gus 14 Jun '23

14 Jun '23

Dear Tor Core Contributors, While discussing how to improve the Tor network health, some contributors have raised their concerns regarding the clarity of who is considered to be part of "The Tor Project" and should adhere to its policies. This ambiguity can be interpreted in various ways, such as excluding Directory Authorities or referring solely to Tor Project, Inc. (TPI). It is crucial to clarify that when using the term "The Tor Project" in such statements[1], it encompasses the entire organization, including the community, network, contributors, operators, TPI, TPI board of directors, directory authorities, and volunteers. In order to address this confusion and ensure inclusivity, I'm proposing to include this description in our Code of Conduct document[2]: "The Tor Community consists of a diverse group of contributors, including the Tor Directory Authorities, network operators, trainers, translators, researchers, employees, contractors, and others valued participants. This policy is applicable to all members, contributors, volunteers, contractors (regardless of their employment status with The Tor Project, Inc.), as well as individuals and entities involved in the Tor Community and its network." You can suggest improvements to the proposal here: https://gitlab.torproject.org/tpo/community/policies/-/issues/7 Next steps ---------- This is a proposal to amend the Tor Project CoC, so I'm following our voting process[3]. And here are the next steps: * Your proposal will enter a 'discussion phase' for at least a week. During this time the proposal can be refined based on feedback and alternate proposals put forward. * To move forward with a vote the proposal must receive at least two other sponsors. In addition, any alternate proposal with at least three supporters will also be included in the vote. Gus [1] https://gitlab.torproject.org/tpo/community/policies/-/blob/master/code_of_… [2] https://gitlab.torproject.org/tpo/community/policies/-/blob/master/code_of_… [3] https://gitlab.torproject.org/tpo/community/policies/-/blob/master/voting.t… -- The Tor Project Community Team Lead

2 1

applications meeting moved to 2023-06-20
by richard 12 Jun '23

12 Jun '23

Hello Everyone, Next Monday is Juneteenth[1] and an official Tor holiday, so we will move our regularly scheduled applications meeting to the following Tuesday (2023-06-20) at 1500 UTC in #tor-meeting on OFTC IRC. See you all then! best, -richard [1] https://en.wikipedia.org/wiki/Juneteenth

1 0

Self-hosting the Tor Project users forum
by Jérôme Charaoui 08 Jun '23

08 Jun '23

Hi everyone, On June 20, we'll migrate the Discourse forum at https://www.torproject.net to Tor Project server infrastructure. If you have an account with two-factor authentication enabled using a hardware key, such as a Yubikey, please ensure you've got backup codes on hand. Once the forum is migrated to the new domain, you'll need one to login-in and reset two-factor auth. We also posted this announcement on the blog at https://blog.torproject.org/tor-project-forum-migration Thanks, -- Jérôme

1 0

ebanam's monthly status report for May 2023
by ebanam 08 Jun '23

08 Jun '23

Hello everyone! Here are my updates from the month of May. Like past few months, most of my work has been concentrated on helping users from regions where Tor is censored. I resolved 384 tickets across our user support channels on email, Telegram, WhatsApp and Signal. Following is a thorough breakdown of tickets our user support team handled in May: Timeframe: 01 - 31 May 2023 # Frontdesk (email) * 490 RT tickets created * 495 RT tickets resolved Most frequent tickets by numbers: 1. 143(↓) RT tickets: private bridge requests from China. 2. 65(↓) RT tickets: circumventing censorship in Russian speaking countries. 3. 7(↑) RT tickets: circumventing censorship with Tor in Iran. 4. 3(-) RT tickets: Tor Browser doesn't run with Mandatory ASLR on Windows (the issue is fixed with the 12.0.5 Tor Browser release and the users just had to update their browser)[0] # Telegram, WhatsApp and Signal Support channel * 661 tickets resolved Breakdown: * 627 tickets on Telegram * 27 tickets on WhatsApp * 7 tickets on Signal The most frequent tickets on cdr.link have been about: 1. 373(↑) tickets: Circumventing censorship in Russian speaking countries. 2. 43(↓) tickets: Circumventing censorship in Iran. 3. 22(↓) tickets: Circumventing censorship in China. 4. 3(-) tickets: Windows installer for Tor Browser from our website is outdated (We are in the process of updating our build signing infrastructure, and unfortunately are unable to ship code-signed latest installers for Windows systems currently. Automatic build-to-build upgrades from 12.0.4 and 12.0.5 should continue to work as expected)[1] # Tor Forum 1. "Threat secured in snowflake firefox add-on"[2] 2. Some users in China reported that Snowflake wasn't working for them [3] 3. "How to enable Firefox Account Sync?"[4] 4. "How can I get an onion domain email address?"[5] 5. "Why does Tor network not use certificates issued by CAs?"[6] Thanks! e. Note: (↑), (↓) and (-) are indicative if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively [0]: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [1]: https://blog.torproject.org/new-release-tor-browser-1206/ [2]: https://forum.torproject.net/t/threat-secured-in-snowflake-firefox-add-on/7… [3]: https://forum.torproject.net/t/snowflake-bridge-does-not-work-in-china-sinc… [4]: https://forum.torproject.net/t/how-to-enable-firefox-account-sync/7735/ [5]: https://forum.torproject.net/t/how-can-i-get-an-onion-domain-email-address/… [6]: https://forum.torproject.net/t/why-does-tor-network-not-use-certificates-is…

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project June 2023