Hey everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-06-08-16.02.html
And our meeting pad:
Anti-censorship
--------------------------------
Next meeting: Thursday, June 8 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap:
* Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
* The anti-censorship team's wiki page:
* https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
* Past meeting notes can be found at:
* https://lists.torproject.org/pipermail/tor-project/
* Tickets that need reviews: from sponsors, we are working on:
* All needs review tickets:
* https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s…
* Sponsor 96 <-- meskio, shell, onyinyang, cohosh
* https://gitlab.torproject.org/groups/tpo/-/milestones/24
* Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it
* https://pad.riseup.net/p/sponsor139-meeting-pad
== Announcements ==
== Discussion ==
>From last week:
* Report of TLS-in-DTLS detection and throttling in China that affects Snowflake
* https://github.com/net4people/bbs/issues/255
* Padding the first client→server send is reported to disrupt the packet size signature and avoid throttling
* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
* https://gitlab.torproject.org/dcf/snowflake/-/commit/01ac0373a887c63a325aad…
* The reporter on BBS says it started happening to them (in a non-Snowflake WebRTC proxy) around 2023-05-14. We have measurements of high packet loss rates in China from 2023-03-20, at least.
* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
* shelikhoo did run packet loss tests with the padding patch but the packet loss was not pressent from our vantage point. Could be a regional problem not affecting our machine or be gone.
NEW:
* meek-azure deprecation
* https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/33#note_290…
* New snowflake tests from a vantage in China do not show signs of the high packet loss that was observed in March 2023
* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
* This test was meant to evaluate whether it is a good idea to add some padding to change the traffic analysis features of the beginning of the connection, in order to resist possible TLS-in-DTLS detection: https://github.com/net4people/bbs/issues/255
* The results were inconclusive because both the tests without and with padding showed the same low rate of packet loss, this time.
* It is a good idea to proactively introduce some padding anyway?
* Documents for bridge operators about how to run a webtunnel bridge
* https://pad.riseup.net/p/6hiwvSWJanxml7DS299z
== Actions ==
*
== Interesting links ==
* https://opencollective.com/censorship-circumvention/projects/snowflake-dail… (snowflake-01 only)
== Reading group ==
* We will discuss "" on
*
* Questions to ask and goals to have:
* What aspects of the paper are questionable?
* Are there immediate actions we can take based on this work?
* Are there long-term actions we can take based on this work?
* Is there future work that we want to call out in hopes that others will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): last updated 2023-06-08
Last week:
- working on snowflake configs for shadow simulations
- rebasing and continued work on lox client and wasm-bingen projects for tor-browser-build
This week:
- tidy up and share shadow simulations guide for PTs
- Lox tor browser integration
- conjure maintenance
Needs help with:
dcf: 2023-06-08
Last week:
- snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co…
- commented on the snowflake tests with and without padding in China (which did not show signs of high packet loss this time) https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
Next week:
- open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- open issue to disable /debug endpoint on snowflake broker
Help with:
meskio: 2023-06-08
Last week:
- fix rdsys tests (rdsys!130)
- brainstorm on meek-azure deprecation (team#30)
- review 'more aggresive retry for dysfunctional bridges' (rdsys!107)
Next week:
- add i18n support in rdsys (rdsys#11)
Shelikhoo: 2023-06-08
Last Week:
- [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled)
- [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http…
- Snowflake Performance Analysis (Ongoing, https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…)
- Research about designing an armored bridge line sharing URL format (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126)
- Webtunnel Document for bridge opertaors(container setup)
Next Week/TODO:
- webtunnel document for proxy operator <- immediate todo
- [Research] WebTunnel planning (Continue)
- Try to find a place to host another vantage point
- logcollector alert system
- Snowflake Performance Analysis
onyinyang: 2023-06-08
Last week:
- Moved Lox group to a rust workspace, now everything is at: https://gitlab.torproject.org/tpo/anti-censorship/lox-rs
- Still Adding tests Lox distributor
- Finished up changes to rdsys:
- more aggressive `gone` labelling: This still needs some tweaks!
This week:
- with the new workspace in place, lox-distributor tests are moving along
- reorganization of things within lox-rs (i.e., moving helper files etc. into lox_utils, adding documentation, pipelines, etc.)
- tweak the `gone` resources from rdsys so that the lox-distributor can handle them appropriately
- Look into a more reasonable way of storing Lox library data structures:
- https://gitlab.torproject.org/onyinyang/lox/-/issues/2
- https://gitlab.torproject.org/onyinyang/lox/-/issues/3
- First change the vectors in the bridge_table to maps.
(long term things were discussed at the meeting!):
https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep
- brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice.
Question: What makes a bridge useable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people?
1. Are there some obvious grouping strategies that we can already consider?
e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?)
2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?
Itchy Onion: 2023-06-08
Last week:
- fixed snowflake pipeline due to outdated Debian image
- continue working on rdsys#56 implementation. Still need to do the following:
- finish up computing bridge distribution in Kraken
- does it have to be deterministic?
- does the disproportion have to be strictly followed
- finish writing tests
- refactor code because some functions are getting extremely long
- what to do with stencil package?
This week:
- review MRs
- continue working on rdsys#56 implementation. Still need to do the following:
- fixed a problem with vanilla bridges not being added properly to the database
- still working on tests
- adding a migaration patch (https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/56#note_29…)
hackerncoder: 2023-04-20
last week:
- (py-)ooni-exporter torsf (snowflake)
- (py-)ooni-exporter web_connectivity
Next week:
- work on "bridgetester"?
- how does Iran block bridges?
--
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
Hi! This is my May 2023 report!
In May, I resolved 722 tickets:
On Telegram (@TorProjectSupportBot) - 501
On RT (frontdesk@tpo) - 200
Additionally, I also resolved some tickets on WhatsApp (+447421000612)
and Signal (+17787431312) - 21.
My three main directions of activity are:
- helping users with censorship circumvention - sharing bridges,
explaining other ways to connect to Tor;
- getting users' feedback about what worked for them, what was their
interaction with our services, what is their experience with censorship
circumvention;
- troubleshooting. The common issues here are using VPNs and
bridges simultaneously, incorrect usage of bridges, Tor Browser and
anti-viruses, Tor for iOS.
The issue that popped up in May is OPPO phones and the "Proxy server
refused connection" bug [1]
[1]
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41289
Hello everyone,
Here's your again regular dose of sysadmin meeting goodies.
# Roll call: who's there and emergencies
anarcat, gaba, lavamind. kez AFK.
https://gitlab.torproject.org/tpo/tpa/team/-/issues/incident/41176
# Dashboard cleanup
Normal per-user check-in:
* https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&…
* https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… (not checked)
* https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&…
General dashboards:
* https://gitlab.torproject.org/tpo/tpa/team/-/boards/117
* https://gitlab.torproject.org/groups/tpo/web/-/boards
* https://gitlab.torproject.org/groups/tpo/tpa/-/boards
Delegated web dashboard review to gaba/anarcat sync on Thursday. We
noticed we don't have the sponsor work in the roadmap page, we'll try to
fix this shortly.
# Vacations planning
Discussed the impact of the unlimited PTO policy which,
counter-intuitively, led some team member to schedule less vacation
time. There are concerns that the overlap between anarcat and lavamind
during the third week of july could lead to service degradation or
delays in other deliverables. Both lavamind and anarcat have only
scheduled "PTO" (as opposed to "AFK") time, so will be available if
problems come up.
There should probably be a discussion surrounding how emergencies and
availabilities are managed, because right now it falls on individuals to
manage this pressure and it can lead to people taking up more load than
they can tolerate.
# Metrics of the month
* hosts in Puppet: 86, LDAP: 85, Prometheus exporters: 156
* number of Apache servers monitored: 35, hits per second: 652
* number of self-hosted nameservers: 6, mail servers: 8
* pending upgrades: 111, reboots: 2
* average load: 0.74, memory available: 3.39 TiB/4.45 TiB, running processes: 588
* disk free/total: 36.98 TiB/110.79 TiB
* bytes sent: 316.32 MB/s, received: 206.46 MB/s
* planned bullseye upgrades completion date: 2023-02-11 (!)
* [GitLab tickets][]: 193 tickets including...
* open: 0
* icebox: 147
* backlog: 22
* next: 9
* doing: 10
* needs review: 1
* needs information: 4
* (closed: 3164)
[Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards
Upgrade prediction graph lives at
https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bullseye/
The completion date is still incorrect, but at least it moved ahead in
time (but is still passed).
--
Antoine Beaupré
torproject.org system administration
Hey everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-06-01-15.58.log…
And our meeting pad:
------------------------------------------------------------------------------------
THIS IS A PUBLIC PAD
------------------------------------------------------------------------------------
Anti-censorship
--------------------------------
Next meeting: Thursday, June 1 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.
== Links to Useful documents ==
Our anti-censorship roadmap:
Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
The anti-censorship team's wiki page:
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
Past meeting notes can be found at:
https://lists.torproject.org/pipermail/tor-project/
Tickets that need reviews: from sponsors, we are working on:
All needs review tickets:
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s…
Sponsor 96 <-- meskio, shell, onyinyang, cohosh
https://gitlab.torproject.org/groups/tpo/-/milestones/24
Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it
https://pad.riseup.net/p/sponsor139-meeting-pad
== Announcements ==
== Discussion ==
Report of TLS-in-DTLS detection and throttling in China that affects Snowflake
https://github.com/net4people/bbs/issues/255
Padding the first client→server send is reported to disrupt the packet size signature and avoid throttling
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…https://gitlab.torproject.org/dcf/snowflake/-/commit/01ac0373a887c63a325aad…
The reporter on BBS says it started happening to them (in a non-Snowflake WebRTC proxy) around 2023-05-14. We have measurements of high packet loss rates in China from 2023-03-20, at least.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
shelikhoo will run packet loss tests with the padding patch and report the results
Research about designing an armored bridge line sharing URL format
https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126
we will not include forward error correction
shelikhoo will do a test implementation (updated, discuss again)
Update on Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
after a lot of research the proposed solution is to enable datagram transport on webrtc to deal with the packet loss situation
that will convert webrtc into an unreliable channel, and snowflake will add reliability with kcp
(maybe related to the first topic?)
== Actions ==
== Interesting links ==
Large oscillations in relay users in China the past 6 weeks:
https://people.torproject.org/~dcf/metrics-country.html?start=2023-03-01&en…
== Reading group ==
We will discuss "" on
Questions to ask and goals to have:
What aspects of the paper are questionable?
Are there immediate actions we can take based on this work?
Are there long-term actions we can take based on this work?
Is there future work that we want to call out in hopes that others will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): last updated 2023-06-01
Last week:
- revisited old snowflake shadow simulations work
- opened an issue with shadow for supporting AF_NETLINK and produced a workaround
- https://github.com/shadow/shadow/issues/2980
- updated sfnettools to work with the new verison of shadow
- opened an issue for bumping the version of rust in tor-browser-build
- worked on FOCI workshop prep
- a little bit of conjure maintenance
This week:
- tidy up and share shadow simulations guide for PTs
- Lox tor browser integration
- conjure maintenance
Needs help with:
dcf: 2023-06-01
Last week:
- commented on a second report of Avast antivirus blocking snowflake proxy connections https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- commented on the latest design for unreliable data channels in snowflake https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- made a patch that adds padding to attempt to work around snowflake throttling in China https://github.com/net4people/bbs/issues/255#issuecomment-1566227484https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
Next week:
- open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- open issue to disable /debug endpoint on snowflake broker
Help with:
meskio: 2023-06-01
Last week:
- fix bridgedb webtunnel implementation (rdsys#142)
- deploy rdsys, bridgestrap and bridedb with webtunnel support
- migrate missing repos from git.tpo to gitlab (team#86)
- rename obfs4 into lyrebird (lyrebird#40010)
- update BridgeDB dependencies to fix CVEs
Next week:
- add i18n support in rdsys (rdsys#11)
Shelikhoo: 2023-06-01
Last Week:
- [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled)
- [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http…
- Snowflake Performance Analysis (Ongoing, https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…)
- Trying to fix vantage point (Done)
- Research about designing an armored bridge line sharing URL format (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126)
Next Week/TODO:
- webtunnel document for proxy operator <- immediate todo
- [Research] WebTunnel planning (Continue)
- Try to find a place to host another vantage point
- logcollector alert system
- Snowflake Performance Analysis
onyinyang: 2023-05-25
Last week:
- Added tests for Lox library and worked on doing the same for Lox distributor
- Refactored rdsys metrics changes to prevent risk of testing in deployment
- https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/122
- Looking into a more reasonable way of storing Lox library data structures:
- https://gitlab.torproject.org/onyinyang/lox/-/issues/2
- https://gitlab.torproject.org/onyinyang/lox/-/issues/3
- Met with Ian & Vecna (MMath student) on possible future research directions
for Lox:
- https://pad.riseup.net/p/lox-tor-stuff-keep
- Sent a follow up email to provide more info about
tooling/infrastructure that _does_ exist to inform about blocked bridges
This week:
- Still Adding tests Lox distributor
- Finish up changes to rdsys:
- metrics:
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/122
- more aggressive `gone` labelling to follow that being merged
- Looking into a more reasonable way of storing Lox library data structures:
- https://gitlab.torproject.org/onyinyang/lox/-/issues/2
- https://gitlab.torproject.org/onyinyang/lox/-/issues/3
- First change the vectors in the bridge_table to maps.
(long term things were discussed at the meeting!):
https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep
- brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice.
Question: What makes a bridge useable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people?
1. Are there some obvious grouping strategies that we can already consider?
e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?)
2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?
Itchy Onion: 2023-06-01
Last week:
- Holiday
- Worked on rdsys#56 (https://gitlab.torproject.org/itchyonion/rdsys/-/tree/use-embedded-db?ref_t…)
- Discussed about what attributes to use to identify a single bridge (decided to use fingerprint + transport)
- Discussed about the role of the stencil package and whether we should keep using it (decided to compute bridge distribution in Kraken)
This week:
- fixed snowflake pipeline due to outdated Debian image
- continue working on rdsys#56 implementation. Still need to do the following:
- finish up computing bridge distribution in Kraken
- does it have to be deterministic?
- does the disproportion have to be strictly followed
-
- finish writing tests
- refactor code because some functions are getting extremely long
- what to do with stencil package?
hackerncoder: 2023-04-20
last week:
- (py-)ooni-exporter torsf (snowflake)
- (py-)ooni-exporter web_connectivity
Next week:
- work on "bridgetester"?
- how does Iran block bridges?
Hi everyone!
Here is my status report for May 2023.
I spent almost the entire month rebasing Tor Browser and Mullvad Browser
to Firefox 115, which will be the next ESR version from this June.
I rebased all our patches and updated all the toolchains we use in our
reproducible build system.
I have a merge-request [0] for the first chunk of patches. The rest is
still on work-in-progress branches.
Desktop is already in a very good shape. Probably, we will need to
update the Rust compiler again (to 1.70, published today), but it should
be easy enough.
Android will need a big rework, because Mozilla unified Android
Components and Fenix in a single repository. At the moment, Dan is
working on that.
Since we were almost in sync with mozilla-central (Firefox's development
repository), I took the occasion to try to upstream a few more patches,
such as the one to allow using NSS to verify MAR signatures also on
Windows and macOS [1].
Finally, I worked on the rebases for 12.0.6, 12.5a6, 12.0.7, 12.5a7 and
helped with the various releases of May.
Best,
Pier
[0]
https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests…
[1] https://phabricator.services.mozilla.com/D177743