tor-project August 2023

tor-project@lists.torproject.org

13 participants
14 discussions

Anti-censorship team meeting notes, 2023-08-03
by onyinyang 04 Aug '23

04 Aug '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-07-31-15.58.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, Aug 10 16:00 UTC Facilitator: shelikhoo Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == * == Discussion == This week: * ptspec status version support * to be included in 0.4.8 * https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/731 * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/gopt… * goptlib not blocking core tor * Webtunnel soft release and next phase: https://gitlab.torproject.org/tpo/community/team/-/issues/94 * Feedback collected * improving the docs for compiling from the source * some ppl asked apache instructions and not just nginx * didn't work in china and worked in russia * Next steps * gus will improve and move the documentation to the community portal * will talk with applications to include webtunnel in the upcoming TB 13 in september * we'll organize a call for bridges * HTTP CONNECT as an alternative to SOCKS for PT interfacing * HTTP CONNECT proxy has advantages over SOCKS4/5, one of which is abundant room to encode bridge parameters * Mentioned in an issue about bridge line length * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/104#note_29… * dcf: server-side SOCKS (needed for client PT) has poor support in standard programming language packages, which is why goptlib and Proteus implement their own SOCKS server: * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/gopt… * https://github.com/unblockable/proteus/tree/v0.1.0/src/net/proto/socks * What about MASQUE (https://datatracker.ietf.org/wg/masque/about/) more generally (HTTP proxying but more general than just HTTP CONNECT, would leave room for e.g. datagram-based proxying)? * "The primary goal of this working group is to develop mechanism(s) that allow configuring and concurrently running multiple proxied stream- and datagram-based flows inside an HTTP connection." == Actions == * Next week (August 10th): follow up on Snowflake/Pion incompatibility with Android 11+ and SDK >29) when Guardian project responds and shelikhoo returns: * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * might only affect android apps that target android>11, but google will start requiring it soon (end of August 2023) * https://support.google.com/googleplay/android-developer/answer/11926878 * Issue on pion side, closed as wontfix: https://github.com/pion/transport/issues/228 * we ought to be up to date with dependencies, as renovatebot is connected to the snowflake repo * meskio will cc Guardian Project on #40278 to see if they have any insight * shelikhoo will try to reproduce and will try the available patches * no news 2023-08-03 == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): away until 2023-08-17 Last week: This week: Needs help with: dcf: 2023-08-03 Last week: - wrote forum post for proxy churn measurements https://forum.torproject.org/t/advisory-mistakenly-collected-proxy-churn-me… and made issue public https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - fixed standalone proxy DefaultRelayURL to point back at snowflake.torproject.net https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - review goptlib STATUS TYPE=version https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/gopt… - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-08-03 Last week: - release and deploy rdsys with telegram bot translations - test tor's support for status version (tor!731) - add support for goptlib for status version (goptlib!1) - review and deploy new circumvention rules for Turkmenistan (rdsys-admin!16) - update obfs4 docker image to don't expose OrPort (team#129) - review lox merge requests (lox-rs!15 !18 !21) Next week: - organize work for BridgeDB deprecation Shelikhoo: 2023-07-27 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - logcollector alert system - ongoing - Reviewing & comment on merge requests - FOCI Keynote and attendence Next Week/TODO: - logcollector alert system <- immediate todo onyinyang: 2023-08-03 Last week(s): - Implemented db - decided against polodb and went for sled instead https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/22 - not sure if reading/writing the lox-context to json should still be supported at all or just removed - Implemented and tested a basic k-invites for open entry distribution https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/20 - Thought more deeply about how best to sync Lox with rdsys given https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/168 - the rdsys API is really not designed for a distributor like Lox that needs persistence. Even a lastPassed flag will only be helpful for `gone` resources if Lox stores all of the resource info from rdsys and checks it regularly. This diverges from the original intention of rdsys, in which rdsys should be the 'arbiter of truth' for the status of resources. - The next step is to check the rdsys API and see if the get functionality can improve this situation. I think ideally we want a list of all resources assigned to Lox and their current statuses that can then be checked against something like the `lastPassed` flag each time Lox polls rdsys. This week: - Continue with implementing db and synchronization between Lox/rdsys (possibly reliant on some aspects of the former point) - Work on adding metrics - AFK from August 5 - 21! (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-06-08 Last week: - fixed snowflake pipeline due to outdated Debian image - continue working on rdsys#56 implementation. Still need to do the following: - finish up computing bridge distribution in Kraken - does it have to be deterministic? - does the disproportion have to be strictly followed - finish writing tests - refactor code because some functions are getting extremely long - what to do with stencil package? This week: - review MRs - continue working on rdsys#56 implementation. Still need to do the following: - fixed a problem with vanilla bridges not being added properly to the database - still working on tests - adding a migaration patch (https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/56#note_29…) -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

2 1

Nina’s Monthly Status Report, July 2023
by Nina 04 Aug '23

04 Aug '23

Hi! This is my July 2023 report! In July, I resolved 1080 tickets: On Telegram (@TorProjectSupportBot) - 786 On RT (frontdesk@tpo) - 276 Additionally, I resolved 13 tickets on WhatsApp (+447421000612) and 5 on Signal (+17787431312). Most of the tickets I deal with are related to censorship circumvention in Russian-speaking countries - bridges and troubleshooting around them. I also gathered user feedback on what worked for them and what did not prove helpful. In July, I noticed atrendinusersfrom Russian-speaking countries touselittle-t-tor on Windows by adding bridges directly in torrc, mostly obfs4 and meek.We believe they are using little-t-tor to proxy other applications in their operating systems.So I spent some time gathering best practices to share with users. This month we started testing the new, WebTunnel bridge[1], so I prepared templates for our support channels, added them, and started gathering users' feedback. This month I devoted significant time to editing support templates to keep them relevantand up-to-date. I continued working on Conjure feedback, gathering logs and discussing with users their experience with this type of pluggable transport. [1] https://gitlab.torproject.org/tpo/community/team/-/issues/94

2 1

Rhatto's Monthly Status Report, July 2023
by rhatto 01 Aug '23

01 Aug '23

Hi all :) This is my monthly status report for July 2023 with the main activities I have done during the period. ## 0. Research * Certificates: followed the recent updates on IETF ACME Working Group on the ACME for Onions (https://acmeforonions.org) Internet Draft: * The draft was approved back in June: https://mailarchive.ietf.org/arch/msg/acme/h61EvyQjFER9geA5adKa8u9T-x8/ * The proposal was presented during IETF 117: https://play.conf.meetecho.com/Playout/?session=IETF117-ACME-20230725-0030 * Quality Assurance for Tor Browser: continued research and investigation on issues with Tor Browser when accessing Onion Services. ## 1. Development * Onionprobe milestone planning: * https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/milestones/1 * https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/79 ## 2. Support * PoW defense for Onion Services: documentation preparation for the feature release: * https://gitlab.torproject.org/tpo/web/community/-/issues/312 * https://gitlab.torproject.org/tpo/community/team/-/issues/93 * The usual sponsored work with deployment, maintenance and monitoring of Onion Services. ## 3. Organization Time spent (from the total available for Tor-related work): | Category | Percentage |---------------|------------ | Research | 12 | Development | 0 | Support | 52 | Organization | 36 |---------------|------------ | Total | 100 -- Silvio Rhatto pronouns he/him

1 0

PieroV's Monthly Status Report, July 2023
by Pier Angelo Vendrame 01 Aug '23

01 Aug '23

Hi everyone! Here is my status report for July 2023. Like the previous month, in July, I worked mainly on the transition to Firefox ESR 115 and the refactors of Torbutton. For the ESR update, I kept working on our build system. We stumbled upon a couple of reproducibility problems with LLVM. One [0] was already fixed in the main branch, but I had to git bisect to find the solution and backport it to 16.0.4, the version we and Mozilla use. The other one was about the macOS binaries: they matched except for the UUID. Because this difference was limited and specific, I could quickly find the cause in the source code. This UUID is a hash, and its computation was split into as many workers as the available cores. Even though this is deterministic, it introduces a dependency of the result on the hardware used to produce it. So, I opened an issue [1], which was solved super fastly ❤️! Then, I also worked on the Android part of the build system. Between 102 and 115, Mozilla unified the repositories for Android Components and Fenix [2]. Therefore, we had to create a brand new project, and making it build successfully from start to end required a considerable time. We had reproducibility problems also on Android, more precisely on the application services part. They were already known, so I just had to update the patch for 102 to 115. I wanted to upstream these changes, but in Application Services 116, Mozilla did a big refactor on this code. So, I adapted our patch again, and it was accepted [3]. The tor-browser-build merge request for Android [4] is still under review, but we will need to merge it soon because we want to release 13.0a2 also for Android. My other big work topic of July was the refactors to Torbutton. Our objective is to extract all the code that originally composed the extension and integrate it more with the rest of the browser code. The first MR [5] moved about:tor to a patch on its own and included a modernization of its IPC mechanisms and a refactor to TorCheckService. It also removed old migration code that is not needed anymore since users are forced to pass through Tor Browser 11.5.8 if updating from older versions. Torbutton also forced the value of a few preferences depending on whether PBM was always enabled [6]. This MR removed this behavior. In another MR [7], I removed direct uses of the Tor controller. We planned to centralize all these operations in a TorProvider class built around the browser's needs. The rationale is to create a common interface with a future ArtiProvider. We expect that we will have to review everything again in the future, but we preferred starting already to get the first part of the work done. With this done, I could focus on refactoring the browser's Tor controller [8]. Other smaller tasks I worked on last month are: - a fix to make NoScript and the browser communicate again [9] - a fix to the bootstrap failing without any error [10] - make the build system extract Firefox's PDB and distribute them to users interested in debugging the browser [11]. This sure was a long month for me, but I am very happy about the results we are getting. I hope you will appreciate them too. In yesterday's weekly meeting, we decided to release alphas more often since we are still targeting the end of September for 13.0 stable. So, I would like to invite you all to please test the Tor Browser alphas. Thank you very much! Pier [0] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [1] https://github.com/llvm/llvm-project/issues/63961 [2] https://github.com/mozilla-mobile/firefox-android [3] https://github.com/mozilla/application-services/pull/5736 [4] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… [5] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [6] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41845 [7] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [8] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [9] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41877 [10] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41907 [11] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/3…

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project August 2023