tor-project January 2024

tor-project@lists.torproject.org

12 participants
14 discussions

cohosh's monthly status report, December 2023
by Cecylia Bocovich 17 Jun '24

17 Jun '24

Hi! This is my status report for contract work done in December 2023. # Reputation-based bridge distribution - Continued Tor Browser integration work https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/116 - Debugged some issues with the lox distributor deployment https://gitlab.torproject.org/tpo/tpa/team/-/issues/41406 https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/40 https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/42 https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/43 # Snowflake - Fixed excessive logs of closed connections at the Snowflake proxy https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Released version 2.8.1 of Snowflake - Provided further review of the SQS rendezvous method https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… # Domain Fronting Alternatives - Looked for cloud providers that offer domain fronting - Looked for good potential front domains for working cloud providers

2 6

Retirement of Gitolite and GitWeb started, please migrate by end of year
by Antoine Beaupré 26 Mar '24

26 Mar '24

Hi, Gitolite (`git.torproject.org` and `git-rw.torproject.org`) and GitWeb (<https://gitweb.torproject.org>) will be fully retired within 9 to 12 months (by the end of Q2 2024). TPA will implement redirections on the web interfaces to maintain limited backwards compatibility for the old URLs. Start migrating your repositories now by following the [migration procedure][], and please complete the migration by the end of year 2023. See the full discussion in [TPA-RFC-36][]. [migration procedure]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/git#how-to-migrate… [TPA-RFC-36]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-36-gitoli… A. -- Antoine Beaupré torproject.org system administration

1 2

Tor Browser weekly meeting moved to February 6th 1500 UTC
by Richard Pospesel 31 Jan '24

31 Jan '24

Hi everyone, Due to scheduling conflicts, we will be moving our weekly Tor Browser meeting to Tuesday February 6th at 1500 UTC in #tor-meeting on OFTC IRC. best, -richard

1 0

minutes from the sysadmin meeting
by Antoine Beaupré 26 Jan '24

26 Jan '24

The usual, sorry nothing fancy this month. # Roll call: who's there and emergencies no emergency. anarcat and lavamind online. # Dashboard cleanup Normal per-user check-in: * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… General dashboards: * https://gitlab.torproject.org/tpo/tpa/team/-/boards/117 * https://gitlab.torproject.org/groups/tpo/web/-/boards * https://gitlab.torproject.org/groups/tpo/tpa/-/boards Had a long chat about metrics requirements, comments in https://gitlab.torproject.org/tpo/tpa/team/-/issues/41449 # 2024 roadmap We reviewed the proposed roadmap. All seem well, although there was some surprise in the team at the reversal of the decision taken in Costa Rica regarding migrating from SVN to Nextcloud. # Metrics of the month * hosts in Puppet: 88, LDAP: 88, Prometheus exporters: 169 * number of Apache servers monitored: 35, hits per second: 759 * number of self-hosted nameservers: 6, mail servers: 10 * pending upgrades: 0, reboots: 0 * average load: 0.58, memory available: 3.34 TiB/4.81 TiB, running processes: 391 * disk free/total: 64.37 TiB/131.80 TiB * bytes sent: 380.84 MB/s, received: 252.72 MB/s * planned bookworm upgrades completion date: 2024-08-22 * [GitLab tickets][]: 206 tickets including... * open: 0 * icebox: 163 * backlog: 23 * next: 8 * doing: 4 * needs information: 4 * needs review: 4 * (closed: 3434) [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards Upgrade prediction graph lives at https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bookworm/ Now also available as the main Grafana dashboard. Head to <https://grafana.torproject.org/>, change the time period to 30 days, and wait a while for results to render. -- Antoine Beaupré torproject.org system administration

1 0

Anti-censorship team meeting notes, 2024-01-25
by onyinyang 25 Jan '24

25 Jan '24

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-01-25-15.58.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, February 116:00 UTC Facilitator: shelikhoo Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… <https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s…> * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * == Discussion == * SQS rendezvous deployment * follow up from last week: cohosh will try to deploy later today * https://github.com/net4people/bbs/issues/325"Default Snowflake bridges in Tor browser 13.0.8 stopped working properly in China since around 2024-01-12" * dcf hasn't had a chance to look at the logs yet * no big change in aggregate statistics https://people.torproject.org/~dcf/metrics-country.html?start=2023-11-01&en… <https://people.torproject.org/~dcf/metrics-country.html?start=2023-11-01&en…> * BridgeStatus also shows many 10% results for snowflake bootstrap attempts in China * 2024-01-25 https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… * 2024-01-10 https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… * 2023-12-10 https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… rate of bootstrap percent, some 100 * https://mastodon.social/@tor4zh/111811643889038641 * from packet capture from vantage point, appears that there is a full block of proxy (one way stun) and block of server hello packet (keep receiving client hello) == Actions == == Interesting links == == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: * This week: * - What you worked on this week. * Next week: * - What you are planning to work on next week. * Help with: * - Something you need help with. cecylia (cohosh): 2024-01-25 * Last week: * - merged SQS rendezvous feature * - talked to browser team about lyrebird issue * - worked on Lox module for Tor Browser * This week: * - finish Lox module implementation * - update wasm-bindgen fork to fix some bugs and hopefully upstream changes * - tor-browser-build updates for lox wasm + bindings generation * - deploy SQS rendezvous changes at broker * - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * - rebase and try out manifest v3 patch * - Conjure bridge maintenance * Needs help with: dcf: 2024-01-25 * Last week: * -adjusted parity of upper port range on snowflake-02 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * - answered a question about distribution of users over snowflake bridges https://lists.torproject.org/pipermail/anti-censorship-team/2024-January/00… * - hacked a little bit on ALPN-01 ACME challenge in snowflake server https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Next week: * - review draft MR for unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * - open issue to disable /debug endpoint on snowflake broker * - move snowflake-02 to new VM Help with: meskio: 2023-12-21 Last week: - grant writing Next week: Shelikhoo: 2024-01-25 Last Week: * - HTTPS distributors in rdsys: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/191 * - update container image for snowflake-proxy and obfs4-proxy(Image is published already, while merge request under review: https://gitlab.torproject.org/tpo/anti-censorship/docker-snowflake-proxy/-/…) * - Merge request reviews Next Week/TODO: * - HTTPS distributors in rdsys: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/191 * - Inspect Snowflake Situation In China onyinyang: 2023-01-25 * Last week(s): * - Bug fixing and other things that come up as lox integration is rolled out * - document API for lox client/server requests * - get next unlock function * * This week: * - Bug fixing and other things that come up as lox integration is rolled out * - Figure out problem that makes distributor hang when bridges are not working * -Make Lox invitation endpoint only accessible via telegram * - attempt hyper upgrade again * * (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep * - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice * Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? * 1. Are there some obvious grouping strategies that we can already consider? * e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) * 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? * theodorsm: 2023-01-11 * Last weeks: * - Currently in the start phase of writing my master thesis (to be finished late june 2024) in communication technology on reducing distinguishability of DTLS. The goal is to implement a validated DTLS anti-fingerprinting library similar to uTLS (useful for Snowflake). * Next weeks: * - Talk with Sean DuBois about contributing to adding anti-fingerprinting capabilities to the pion library * Help with: * - Find recent data set of captured DTLS traffic -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

Anti-censorship team meeting notes, 2024-01-18
by Shelikhoo 18 Jan '24

18 Jan '24

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-01-18-15.57.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, January 25 16:00 UTC Facilitator: cohosh Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * == Discussion == * DTLS anti-fingerprinting library similar to uTLS * Useful for snowflake: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Sean DuBois (from pion) has been interested in this and may have ideas on what this library could look like * SQS rendezvous deployment * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * almost ready for final merge, any objections to doing so? * can announce the new rendezvous method on forum and bbs as before with ampcache * will have a look at possible attack by flooding the service to generate significant bill * AWS may or may not support setting billing limits. Can at least set billing alerts. * Possibly use prepaid card with limited funds. * Future plan is to componentize the broker and make rendezvous methods more modular, not part of the SQS work though * https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/snowfl… * Also encrypt rendezvous messages separately from the rendezvous channel, https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/snowfl… * Our docker containers are out of date for snowflake and obfs4 * Have a version of tor that soon will be EOL * shelikhoo will update them from https://gitlab.torproject.org/tpo/anti-censorship/docker-obfs4-bridge and https://gitlab.torproject.org/tpo/anti-censorship/docker-snowflake-proxy == Actions == == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-01-18 Last week: - Lox + Tor Browser integration - Found a fix for snowflake shadow simulations - https://github.com/shadow/shadow/pull/3279 - Contributed to discussion on missing shadow feature policy - https://github.com/shadow/shadow/issues/3280 This week: - Review of final SQS rendezvous changes - Lox + Tor Browser integration - rebase and try out manifest v3 patch - Conjure bridge maintenance Needs help with: dcf: 2024-01-18 Last week: - started to review draft MR for unreliable data channels, merged cosmetic changes to main https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - posted summary of snowflake bridge users in 2023 https://forum.torproject.org/t/snowflake-bridge-metrics-2023-year-in-review… Next week: - review draft MR for unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker - move snowflake-02 to new VM Help with: meskio: 2023-12-21 Last week: - grant writing Next week: Shelikhoo: 2024-01-18 Last Week: - HTTPS distributors in rdsys: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/191 - Merge request reviews Next Week/TODO: - HTTPS distributors in rdsys: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/191 - update container image for snowflake-proxy and obfs4-proxy onyinyang: 2023-01-11 Last week(s): - Finished Telegram bot dev - Continue to support Lox wasm stubs as needed - Holiday! This week: - Bug fixing and other things that come up as lox integration is rolled out - document API for lox client/server requests - Other Lox bug fixes/improvements - attempt hyper upgrade again theodorsm: 2023-01-11 Last weeks: - Currently in the start phase of writing my master thesis (to be finished late june 2024) in communication technology on reducing distinguishability of DTLS. The goal is to implement a validated DTLS anti-fingerprinting library similar to uTLS (useful for Snowflake). Next weeks: - Talk with Sean DuBois about contributing to adding anti-fingerprinting capabilities to the pion library Help with: - Find recent data set of captured DTLS traffic (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?

1 0

Tails report for December 2023
by bokonon 16 Jan '24

16 Jan '24

Tails report for December 2023 <https://tails.net/news/report_2023_12/> Happy 2024, Tails-y folks! We wish you a year full of nourishing energies, forceful resistance, and great health ✊🏽 Highlights * 2023 was an eventful year at Tails. We kicked off the 1st year of our 3-year strategic plan with 16 releases of Tails, significant improvements to core Tails features like the new Persistent Storage, and researched cool, new features we want to bring to you. In parallel, we started moving into a new home <https://tails.net/> and made investments to become a more sustainable project and a healthier workplace. Read more about 2023 at Tails here <https://tails.net/news/achievements_in_2023/index.en.html>. If you'd rather listen, check out our presentation <https://www.youtube.com/watch?v=TtgTwho1wfQ&t=784s> at State of the Onion 2023! * We are raising funds for our work in 2024 but our annual fundraising campaign has fallen short of our goal. So, we've extended our fundraiser till January 20, 2024. If you find our work useful and can contribute, we'd appreciate your help. Every contribution, no matter the size, makes a big difference. Donate now! <https://tails.net/donate/> * Talking about contributions that make a difference, we remain ever so grateful to our sponsors! Last month, wordsolver.co <https://wordsolver.co/> renewed their sponsorship of Tails. This is the 3rd year of their support for Tails' mission! Thank you 💜 Releases We released Tails 5.21 <https://tails.net/news/version_5.21/index.en.html>. In 5.21: * /Tor client/ and /Tor Browser/ are up-to-date * we improved Tails's handling of date and time: you'll find localised dates in the top navigation, and separately, we replaced the unpunctual web servers in our htpdate pool * the backup feature of /Tails Cloner/ is friendlier to use. Thanks @BenWestgate <https://gitlab.tails.boum.org/BenWestgate>! And lots more <https://gitlab.tails.boum.org/tails/tails/-/blob/master/debian/changelog>. Metrics Tails was started more than 815,559 times this month. That's a daily average of over 26,300 boots. -- bokonon Fundraising Director Tails —https://tails.boum.org/

1 0

Tor Browser meeting moved to Tuesday (2024-01-16)
by Richard Pospesel 15 Jan '24

15 Jan '24

Hey everyone, Monday is a holiday so we'll be moving our weekly meeting to Tuesday this week at 1500 UTC in #tor-meeting on OFTC IRC. best, -richard

1 0

ebanam's monthly status report and user support report for December 2023
by ebanam 11 Jan '24

11 Jan '24

Hello everyone! Like the past few months, much of my focus in December was to help users in regions where Tor is censored which includes but is not limited to using pluggable transports which are likely to work in their region, help with troubleshooting and answering other common Tor Browser related questions. With four Tor Browser stable releases I also worked on post-release user support work. We received numerous reports of PTs crashing for users on Windows 7 after the Tor Browser 13.0.7 update. Although the issue is resolved now (with Tor Browser 13.0.8) we expect to see more tickets from Windows 7 as Tor Browser will neccessarily have to drop support for Windows 7 and 8 after the Firefox ESR 128 transition this year. For any Windows 7 tickets we receive, we are encouraging Tor Browser users to either upgrade their systems to a modern Linux distribution, or at least to a supported version of Windows (10 or higher). Following is a thorough breakdown of tickets our user support team handled in December: # Frontdesk (email support channel) * 537(↓) RT tickets created * 474(↓) RT tickets resolved Tickets by numbers: 1. 199(↓) RT tickets: private bridge requests from Chinese speaking users. 2. 150(↓) RT tickets: circumventing censorship in Russian speaking countries. 3. 5 RT tickets: PTs on Tor Browser 13 do not work with Windows 7 (issue is resolved with Tor Browser 13.0.8)[0] 4. 2 RT tickets: "Proxy Server Refused Connection" on Tor Browser for Android specific to Oppo/Realme devices[1] Highlighting some other topics we received questions and feedback: 5. Circumventing censorship with Tor in Farsi. 6. Help with setting up onion service 7. Explaination about the "New Identity" and "New Tor Circuit" in Tor Browser[2] 8. How to import bookmarks in Tor Browser from other browsers[3] 9. Adding a search engine to Tor Browser 10. One report of an app masquerading as official Tor Browser app on iOS AppStore. 11. Tor Browser binary disappeared on Windows (this was likely because of anti-virus software installed on the user's system) 12. Contributing and volunteering to Tor 13. Tor Browser crashes when extensions popups are opened with Wayland enabled[4] 14. Images unable to render on some sites due to HTML5 Canvas fingerprinting being blocked in Tor Browser # Telegram, WhatsApp and Signal Support channel * 550(↓) tickets resolved Breakdown: * 521(↓) tickets on Telegram * 16(↓) tickets on WhatsApp * 13(↑) tickets on Signal Tickets by numbers: 1. 349(↑) tickets: circumventing censorship in Russian speaking countries. 2. 23(↓) tickets: private bridge requests from Chinese speaking users. 3. 42(-) tickets: circumventing censorship with Tor in Farsi. 4. 8 tickets: PTs on Tor Browser 13 do not work with Windows 7 (issue is resolved with Tor Browser 13.0.8) Highlighting some other topics we received questions about: 5. 2 tickets: user feedback about WebTunnel from regions where Tor is censored 6. 2 tickets: Configuring little-t-tor to use Pluggable Transports 7. 2 tickets: Unable to reach some onion site (these particular onion sites were offline) 8. "Proxy Server Refused Connection" on Tor Browser for Android specific to Oppo/Realme devices 9. Question about letterboxing on Tor Browser # Highlights from the Tor Forum 1. Tor Browser freezes/lags after update[5] 2. Tor Browser locking up on Windows 10 with all the latest patches[6] 3. Onion sites unreachable[7] (These are all v2 onion sites, which have been deprecated way back in 2021)[8] Thanks! e. Note: (↑), (↓) and (-) are indicating if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively. [0]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42179 [1]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41289 [2]: https://tb-manual.torproject.org/managing-identities/ [3]: https://support.torproject.org/tbb/export-and-import-bookmarks/ [4]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42306 [5]: https://forum.torproject.org/t/problem-tor-freezes-lags-after-update-to-v13… [6]: https://forum.torproject.org/t/tor-browser-locking-up-on-windows-10-with-al… [7]: https://forum.torproject.org/t/impossible-dafficher-le-contenu-des-pages/10… [8]: https://support.torproject.org/onionservices/v2-deprecation/

1 0

Anti-censorship team meeting notes, 2024-01-11
by Shelikhoo 11 Jan '24

11 Jan '24

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-01-11-15.57.html And our meeting pad: cohosh Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, January 18 16:00 UTC Facilitator: Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * Since December 2023, getting TLS certificates for subdomains of torproject.net (e.g. snowflake-broker.torproject.net) requires asking the sysadmin team to create a CAA record in DNS to authorize a specific account. * https://gitlab.torproject.org/tpo/tpa/team/-/issues/41462 * https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/tls?version_id=41c… == Discussion == * DTLS anti-fingerprinting library similar to uTLS * Useful for snowflake: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Sean DuBois (from pion) has been interested in this and may have ideas on what this library could look like == Actions == == Interesting links == * https://opencollective.com/censorship-circumvention/projects/snowflake-dail… == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-01-11 Past weeks: - Lox + Tor Browser integration - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/116 - worked on Lox distributor bug fixes and testing - spun up a few temporary Lox bridges for testing - integration testing of Snowflake with Shadow - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - proxy command-line option to specify probe server URL - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - SetNet fix for probetest - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - probetest command-line option to specify STUN URL - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - opened shadow issue to deal with missing setsockopt support for snowflake - https://github.com/shadow/shadow/issues/3278 - unit testing feedback on SQS rendezvous MR - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… This week: - Lox + Tor Browser integration - figure out what we need to get the snowflake server running in shadow again - rebase and try out manifest v3 patch - Conjure bridge maintenance Needs help with: dcf: 2024-01-11 Last week: - upgraded snowflake bridges to 0.4.8.10 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - figured out a CAA issue to prevented renewing TLS certificates for torproject.net domains (e.g. snowflake.torproject.net, snowflake-broker.torproject.net) https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - opened an issue to let the snowflake bridge and broker use a newer type of ACME challenge https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - documented WireGuard setup for the snowflake-01 bridge https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Gui… - azure CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - review draft MR for unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Before EOY 2023: - move snowflake-02 to new VM Help with: meskio: 2023-12-21 Last week: - grant writing Next week: Shelikhoo: 2024-01-11 Last Week: - Work on snowflake performance improvement (WIP): https://gitlab.torproject.org/shelikhoo/snowflake/-/tree/dev-udp-performanc… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - HTTPS distributors in rdsys: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/191 - Merge request reviews Next Week/TODO: onyinyang: 2023-01-11 Last week(s): - Finished Telegram bot dev - Continue to support Lox wasm stubs as needed - Holiday! This week: - Bug fixing and other things that come up as lox integration is rolled out - document API for lox client/server requests - Other Lox bug fixes/improvements - attempt hyper upgrade again (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project January 2024