tor-project
Threads by month
- ----- 2025 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
November 2025
- 5 participants
- 5 discussions
Hey everyone!
Here are our meeting logs:
https://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-11-20-16.00.ht…
And our meeting pad:
Anti-censorship
--------------------------------
Next meeting: Thursday, November 27 16:00 UTC
Facilitator:onyinyang
^^^(See Facilitator Queue at tail)
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
This week's Facilitator:meskio
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap:
* Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
* The anti-censorship team's wiki page:
* https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
* Past meeting notes can be found at:
* https://lists.torproject.org/pipermail/tor-project/
* Tickets that need reviews: from projects, we are working on:
* All needs review tickets:
* https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s…
* Project 158 <-- meskio working on it
* https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na…
== Announcements ==
* duplicatedcontainerimages is being removed(done)
== Discussion ==
* meek: add support for multiple domain front providers
* what bridgeline format makes sense?
* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre…
* we will not decide it for now, we'll wait for people to give feedback on the MR
== Actions ==
* bring interesting papers to decide on our next reading group
== Interesting links ==
*
== Reading group ==
* We will discuss "" on
*
* Questions to ask and goals to have:
* What aspects of the paper are questionable?
* Are there immediate actions we can take based on this work?
* Are there long-term actions we can take based on this work?
* Is there future work that we want to call out in hopes that others will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): 2025-11-20
Last week:
- reviewed meek-lite url front pairs implementation
- started work on moving SQS to torproject AWS account
- more research on enumeration defences
Next week:
- deploy proxy churn metrics patch (snowflake#40494)
- research snowflake enumeration attacks (snowflake#40396)
- follow up on snowflake rendezvous failures (snowflake#40447)
- revisit conjure integration with lyrebird
- take a look at potential snowflake orbot bug
- https://github.com/guardianproject/orbot-android/issues/1183
dcf: 2025-10-30
Last week:
- made snowflake-graphs use SQLite as intermediate data representation rather than CSV https://gitlab.torproject.org/dcf/snowflake-graphs/-/merge_requests/3
- fixed a bug with snowflake-graphs undercounting coverage for certain rarely occurring levels of factors https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/3#note_3281215
- opened an issue for coverage=2.00 in snowflake-stats descriptors during a time when 2 brokers were running simultaneously https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/5
Next week:
- open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
Help with:
meskio: 2025-11-20
Last week:
- multi-front support in meek (lyrebird#40027)
- update obfs4-bridge docker images
- deprecate arm and 386 in obfs4-bridge docker
- write a blogpost using the SOTO script
Next week:
- investigate the status of builtin bridges (team#141)
Shelikhoo: 2025-11-20
Last Week:
- [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research
- Add sni-imitation syntex sugar option (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre…)
- Remove setuid migration script after it have finished its work: Revert "Add state migration setuid script chown-states.sh" (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…)
- [Cross Team] Some CJK characters cannot be rendered by Tor which uses the Noto font family (https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/44227#n…)
- lyrebird Release v0.7.0 (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre…)
- WebTunnel: Use tpa managed podman for working defaults values (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…)
- Relicense uget under 3-bsd license (https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/…)
- [Cross Team] Broken PGP public key link on db.torproject.org (https://gitlab.torproject.org/tpo/tpa/team/-/issues/42387)
- [MR Review]Measure proxy churn for both proxy pools (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…)
Next (working) Week/TODO:
- Merge request reviews
- [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied
- Release Lyrebird v0.7.0
onyinyang: 2025-11-20
Last week(s):
- Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed
- The ApplyDiff function was suspicious but after investigation, it seems like this is not the issue. . .the search continues
- Troubleshooting conjure not connecting in China
- waiting for more information from conjure authors/maintainers
- Monitoring email profiler for rdsys #129
- Efforts to fix the (likely) bug in the waitForEmailUpdate function failed
- Attempting to move to go-imap v2
- Making arrangements for talk/travel to Splintercon
Next week:
- Continue troubleshooting conjure not connecting in China
- Finish up debugging rdsys#129 and rdsys#248 hopefully (take 3? 4?)
- Continue monitoring rdsys#249
Switch back to some of these:
As time allows:
- Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong
Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj…
- review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests…
- add TTL cache to lox MR for duplicate responses:
https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305
- Work on outstanding milestone issues:
- key rotation automation
Later:
pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096)
- add pref to handle timing for pubkey checks in Tor browser
- add trusted invitation logic to tor browser integration:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974
- improve metrics collection/think about how to show Lox is working/valuable
- sketch out Lox blog post/usage notes for forum
(long term things were discussed at the meeting!):
- brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice
Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people?
1. Are there some obvious grouping strategies that we can already consider?
e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?)
2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?
theodorsm: 2025-06-12
Last weeks:
- Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round.
- Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25
- Key takeaways:
* covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable.
* Chrome webextensions are more unstable than standalone proxies
* covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake.
* Chrome randomizes the order of extension list.
* Firefox uses DTLS 1.3 by default in WebRTC.
* A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers
* The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year.
* Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users.
* Browser extensions make Snowflake resistant to ClientHello fingerprinting.
* Standalone proxies can serve more Snowflake clients per volunteer than webextensions.
* We need metrics on which types of proxies are actually being matched and successfully used by clients.
Next weeks:
- Getting paper camera ready.
- Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…)
Help with:
- Should we do user testing of covert-dtls?
Facilitator Queue:
onyinyang shelikhoo meskio
1. First available staff in the Facilitator Queue will be the facilitator for the meeting
2. After facilitating the meeting, the facilitator will be moved to the tail of the queue
--
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
1
0
This is your monthly dose of sysadmin meeting minutes! More coming next
week, for people really into that stuff...
# Roll call: who's there and emergencies
All hands present. Dragon died, but situation stable, not requiring
us to abort the meeting.
# Express check-in
We tried a new format for the check-in for our monthly meeting, to
speed things up to leave more room for the actual discussions.
How are you doing, and are there any blockers? Then pass the mic to
the next person.
# 2026 Roadmap review
This is a copy of the notes from the [TPA meetup][]. Review and amend
to get a final version.
[TPA meetup]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/meeting/2025-10
Things to add already:
- add hardware replacement plan to yearly roadmap, to solve the
[manage the lifecycle of systems issue][]
- OpenVox packaging
[manage the lifecycle of systems issue]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/29304
We split the 2026 roadmap in "must have", "nice to have" and "won't do":
## Must have
Recurring:
- YEC (@lavamind)
- regular upgrades and reboots, and other chores (stars)
- no hardware replacements than the ones already planned with tails
(dragon etc)
Non-recurring:
- tails moving to Prometheus, requires TPA prometheus server merge
(because we need the space, mostly, @zen)
- shift merge, which requires tails moving to prometheus (stars)
- email mailboxes (TPA-RFC-45, @groente)
- authentication merge phase 1 (after mailboxes, @groente)
- completed trixie upgrades (stars)
- SVN retirement or migration (@anarcat)
- mailman merge (maybe delegate to tails team? @groente can followup)
- MinIO migration / conversion to Garage? (@lelutin)
- marble on community, blog, and www.tpo websites (@lavamind)
- donate-neo CAPTCHA fixes (@anarcat / @lavamind)
- TPA-RFC-38 wikis, perhaps just for TPA's wiki for starters? (@anarcat)
- OpenVox packaging (@lavamind)
## Nice to have
- RFC reform (maybe already done in 2025, @anarcat)
- firewall merge, requires TPA and Tails to migrate to nftables (@zen)
- Tails websites merge
- Tails mirror coordination (postpone to 2027?)
- Tails DNS merge
- Tails TLS merge
- (TPA?) in-person meeting (@anarcat)
- reform deb.tpo, further idea for a roadmap to fix the tor debian
package (@lelutin / @lavamind, filed as [tpo/tpa/team#42374][])
[tpo/tpa/team#42374]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/42374
Let's move that deb.tpo item list to an epic or issue.
## Won't do
- backups merge (postponed to 2027)
## Observations
- lots of stuff, hard to tell whether we'll be able to pull it off
- we assigned names, but that's flexible
- we don't know exactly when those things will be done, will be
allocated in quarterly reviews
- this is our wishlist, we need to get feedback from other teams, web
team and perhaps team leads / ops meeting coming up about that
# holidays vacation planning
- zen AFK Jan 5 - 23 (3 weeks)
- zen takes the two weeks holidays for tails
- lelutin and lavamind share them for TPA
- vacation calendar currently lost, but TPO closing weeks expected to
be from dec 22nd to jan 2nd
- announce your AFK times and add them to the calendar!
# skill-share proposals
We talked about doing skill-shares/trainings/presentations at our
meetup. We still don't know when: during office hours, after
check-ins?
- Offer (zen): Tails Translation Platform setup (i.e. weblate +
staging website + integration scripts)
"What's new in TPA" kind of billboard.
Presenter decides if it's mandatory, if it is, make it part of the
regular meeting schedule.
# RFC to ADR conversion
Short presentation of the [ADR-95 proposal][].
[ADR-95 proposal]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/0095-adr
postponed
# long term (2030) roadmap
- review the tails merge roadmap
- what's next for tpa?
postponed
# Next meeting
Next week, to tackle the other two conversations we skipped above.
# Metrics of the month
* host count: 99
* number of Apache servers monitored: 33, hits per second: 705
* number of self-hosted nameservers: 6, mail servers: 12
* pending upgrades: 0, reboots: 0
* average load: 1.98, memory available: 4.4 TB/7.2 TB, running processes: 294
* disk free/total: 122.4 TB/228.4 TB
* bytes sent: 545.6 MB/s, received: 354.9 MB/s
* [GitLab tickets][]: 249 tickets including...
* open: 0
* ~Roadmap::Icebox: 128
* ~Roadmap::Future: 42
* ~Needs Information: 3
* ~Roadmap::Backlog: 41
* ~Roadmap::Next: 20
* ~Roadmap::Doing: 12
* ~Needs Review: 4
* (closed: 4277)
* [~Technical Debt][]: 12 open, 39 closed
[Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards
[~Technical Debt]: https://gitlab.torproject.org/groups/tpo/tpa/-/issues/?state=opened&label_n…
Upgrade prediction graph lives at
https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/trixie/
Now also available as the main Grafana dashboard. Head to
<https://grafana.torproject.org/>, change the time period to 30 days,
and wait a while for results to render.
--
Antoine Beaupré
torproject.org system administration
1
1
Hey everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-11-13-16.00.html
And our meeting pad:
Anti-censorship work meeting pad
--------------------------------
Anti-censorship
--------------------------------
Next meeting: Thursday, November 20 16:00 UTC
Facilitator:meskio
^^^(See Facilitator Queue at tail)
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
This week's Facilitator:shelikhoo
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the
Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap:
*
Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
* The anti-censorship team's wiki page:
*
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
* Past meeting notes can be found at:
* https://lists.torproject.org/pipermail/tor-project/
* Tickets that need reviews: from projects, we are working on:
* All needs review tickets:
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s…
* Project 158 <-- meskio working on it
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na…
== Announcements ==
* duplicatedcontainerimages is being removed
== Discussion ==
* Move Snowflake Staging to team namespace (src shell)
* Relicense uget to 3BSD (src shell)
== Actions ==
* Remove webtunnel setuid script in 0 weeks.(This week!)
== Interesting links ==
*
https://opencollective.com/censorship-circumvention/projects/snowflake-dail…
== Reading group ==
* We will discuss "" on
*
* Questions to ask and goals to have:
* What aspects of the paper are questionable?
* Are there immediate actions we can take based on this work?
* Are there long-term actions we can take based on this work?
* Is there future work that we want to call out in hopes
that others will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): 2025-11-13
Last week:
- revised and merged proxy churn metrics (snowflake#40494)
- helped debug rdsys error with goroutine profiles (rdsys!606)
- worked on researching enumeration attacks (snowflake#40396)
Next week:
- deploy proxy churn metrics patch (snowflake#40494)
- research snowflake enumeration attacks (snowflake#40396)
- follow up on snowflake rendezvous failures (snowflake#40447)
- revisit conjure integration with lyrebird
- take a look at potential snowflake orbot bug
- https://github.com/guardianproject/orbot-android/issues/1183
dcf: 2025-10-30
Last week:
- made snowflake-graphs use SQLite as intermediate data
representation rather than CSV
https://gitlab.torproject.org/dcf/snowflake-graphs/-/merge_requests/3
- fixed a bug with snowflake-graphs undercounting coverage for
certain rarely occurring levels of factors
https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/3#note_3281215
- opened an issue for coverage=2.00 in snowflake-stats
descriptors during a time when 2 brokers were running simultaneously
https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/5
Next week:
- open issue to have snowflake-client log whenever KCPInErrors
is nonzero
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- parent:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
Help with:
meskio: 2025-11-13
Last week:
- multi-front support in meek (lyrebird#40027)
- update teams wiki's how the team relates to other teams
- register brdg.es domain name again (the registar lost it)
Next week:
- investigate the status of builtin bridges (team#141)
Shelikhoo: 2025-11-13
Last Week:
- [Testing] Unreliable+unordered WebRTC data channel transport
for Snowflake rev2 (cont.)(
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
) testing environment setup/research
- Add sni-imitation syntex sugar option
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre…)
- Remove setuid migration script after it have finished its
work: Revert "Add state migration setuid script chown-states.sh"
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…)
Next (working) Week/TODO:
- Merge request reviews
- [Deployment]Unreliable+unordered WebRTC data channel
transport for Snowflake rev2 (cont.)(
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
) Building custom Tor Browser with patch applied
- Add sni-imitation syntex sugar option (cont.)
onyinyang: 2025-11-06
Last week(s):
- Investigating rdsys#248 i.e., why dysfunctional webtunnel
bridges are being distributed
- Troubleshooting conjure not connecting in China
- waiting for more information from conjure authors/maintainers
- Monitoring email profiler for rdsys #129
- Monitoring rdsys#249
- Submitted talk proposal for Splintercon
Next week:
- Continue troubleshooting conjure not connecting in China
- Finish up debugging rdsys#129 and rdsys#249 hopefully (take 3? 4?)
- Continue looking into bridgestrap#47/rdsys#248
Switch back to some of these:
As time allows:
- Lox still seems to be filling up the disk on the
rdsys-test server despite changes made to delete old entries, look into
what's going wrong
Blog post for conjure:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj…
- review Tor browser Lox integration
https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests…
- add TTL cache to lox MR for duplicate responses:
https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305
- Work on outstanding milestone issues:
- key rotation automation
Later:
pending decision on abandoning lox wasm in favour of some kind
of FFI?
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096)
- add pref to handle timing for pubkey checks in Tor browser
- add trusted invitation logic to tor browser integration:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974
- improve metrics collection/think about how to show Lox is
working/valuable
- sketch out Lox blog post/usage notes for forum
(long term things were discussed at the meeting!):
- brainstorming grouping strategies for Lox buckets (of
bridges) and gathering context on how types of bridges are
distributed/use in practice
Question: What makes a bridge usable for a given user, and
how can we encode that to best ensure we're getting the most appropriate
resources to people?
1. Are there some obvious grouping strategies that we
can already consider?
e.g., by PT, by bandwidth (lower bandwidth bridges
sacrificed to open-invitation buckets?), by locale (to be matched with a
requesting user's geoip or something?)
2. Does it make sense to group 3 bridges/bucket, so
trusted users have access to 3 bridges (and untrusted users have access
to 1)? More? Less?
theodorsm: 2025-06-12
Last weeks:
- Applying for funding from NLnet to implement DTLS 1.3 in
Pion. Got through the first round.
- Writing paper for FOCI: continuation of master thesis
about reducing distinguishability of DTLS in Snowflake by implementing
covert-dtls, further analysis of collected browser fingerprint and
stability test of covert-dtls in snowflake proxies. Draft:
https://theodorsm.net/FOCI25
- Key takeaways:
* covert-dtls is stable when mimicking DTLS 1.2
handshakes, while the randomization approach— though more resistant to
fingerprinting — tends to be less stable.
* Chrome webextensions are more unstable than
standalone proxies
* covert-dtls should be integrated in Snowflake proxies
as they produce the ClientHello messages during the DTLS handshake.
* Chrome randomizes the order of extension list.
* Firefox uses DTLS 1.3 by default in WebRTC.
* A prompt adoption of DTLS 1.3 in both Snowflake and
our fingerprint-resistant library is needed to keep up with browsers
* The evolution of browsers’ fingerprints had no
noticeable effect on Snowflake’s number of daily users over the last year.
* Even with a sharp drop in the amount of proxies, it
does not seem to affect the number of Snowflake users.
* Browser extensions make Snowflake resistant to
ClientHello fingerprinting.
* Standalone proxies can serve more Snowflake clients
per volunteer than webextensions.
* We need metrics on which types of proxies are
actually being matched and successfully used by clients.
Next weeks:
- Getting paper camera ready.
- Fix merge conflicts in MR
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…)
Help with:
- Should we do user testing of covert-dtls?
Facilitator Queue:
meskio onyinyang shelikhoo
1. First available staff in the Facilitator Queue will be the
facilitator for the meeting
2. After facilitating the meeting, the facilitator will be moved to the
tail of the queue
1
0
Hello everyone,
This is the report from user support team for the month of October.
Note: (↑), (↓) and (-) are indicating if the number of tickets we
received for these topics have been increasing, decreasing or have been
the same from the previous month respectively.
- Summary of updates from user support
- General user support
- Farsi-speaking user support
- Russian-speaking user support
- Frontdesk (email user support channel)
- Telegram, WhatsApp and Signal user support channels
- Topics from the Tor Forum
- Highlights from Google Play Store
# Summary of updates from user support
## General user support
* 464 tickets in total (↓463 as compared to September)
* 283 tickets on Email
* 148 tickets on Telegram
* 16 tickets on Signal
* 17 tickets on WhatsApp
* With the major Tor Browser 15 update, we received one query about the
"Custom" security level showing up on the browser. As noted on the
[release blog post][]:
> Users who have manually set javascript.options.wasm to "false" while
> in the Standard security level will see their security level
> represented as "Custom" instead. To mitigate any issues that may arise
> with the browser's PDF reader, we encourage those users to switch the
> preference back to "true", thereby passing management of Wasm over to
> NoScript.
[release blog post]:
https://blog.torproject.org/new-release-tor-browser-150/
* We also received numerous tickets about Tor VPN beta, with the major
topics being:
- Users enquiring about [WebTunnel support][] for Tor VPN, which is a
work in progress.
- [Reports][] of Tor VPN beta downloaded from Aurora Store not working
on Android devices without Google Mobile Service.
- Some reports of the Tor VPN [app freezing][] when using the toggles in
the 'Browser' section within the per-App configuration settings.
[WebTunnel support]:
https://gitlab.torproject.org/tpo/applications/vpn/-/issues/323
[Reports]:
https://gitlab.torproject.org/tpo/applications/vpn/-/issues/395
[app freezing]:
https://gitlab.torproject.org/tpo/applications/vpn/-/issues/394
## Farsi-speaking user support
* 34 tickets in total (↓49 as compared to September)
* 4 tickets on Email
* 30 tickets on Telegram
* Last month, we started collecting some more specific feedback from
users about how they were accessing Tor. Interestingly, we received a
few queries from users using little-t tor (the network daemon) on
Linux and even on Android (through the "Termux" terminal emulator on
Android).
* Some tickets from users testing and trying out the Tor VPN
beta app as well. Overall Tor-powered VPN apps (like Orbot and Tor VPN
beta) seem much more popular amongst the users as compared to Tor
Browser, as internet is highly restricted.
* We received some feedback that using Tor with Snowflake pluggable transport
is working for users in Iran.
## Russian-speaking user support
* 1193 tickets in total (↓852 as compared to September)
* 199 tickets on Email
* 982 tickets on Telegram
* 7 tickets on Signal
* 5 tickets on WhatsApp
* The significant drop in tickets from Russia can be explained by
improvements and new features in the @GetBridgesBot (Telegram). The
bot now provides both obfs4 and WebTunnel bridges and allows users to
copy bridge lines with a single click or tap, improving usability for
mobile users.
* Although internet access in Russia is already heavily restricted —
with recent measures such as blocking calls on Telegram and WhatsApp —
mobile internet is subject to even stricter limitations than home
broadband.
* [Internet censorship in Russia][] is intensifying: almost every day,
we are receiving reports from users about the ‘white list’ or 'allow
list' regime - a period of Internet restrictions, especially on mobile
devices, when they can only visit websites and use applications from a
special approved list, which includes only websites and applications
based in Russia. At the moment, users have reported that Tor doesn't
work to bypass such 'whitelist' restriction.
[Internet censorship in Russia]:
https://forum.torproject.org/t/help-find-working-method-to-circumvent-inter…
* This month we tested new Snowflake domain fronting in Russia, which
worked even with mobile internet. Users noted that the bootstrapping
speed was slower when compared to WebTunnel or obfs4 bridges, and
internet browsing speed was a bit slower as well, but the overall
stability and performance are good.
* We received a few tickets from users and testers of Tor VPN beta in
Russia. The apps itself works but, with WebTunnel bridges not yet
supported in Tor VPN beta, users are unable to use the app on mobile
internet.
That's it for the summary, following is a more detailed report about the
tickets our user support team worked on last month.
# Frontdesk (email user support channel)
* 535(↓) RT tickets created
* 486(↓) RT tickets resolved
Tickets by topics and numbers:
1. 260(↓) tickets: instructions to circumvent censorship for Chinese
speaking users.
2. 199(↓) tickets: circumventing censorship in Russian speaking countries.
3. 40(↓) tickets: help with troubleshooting existing
Tor Browser install on Desktop (Windows, macOS and Linux).
4. 10(↓) tickets: questions, feedback and help with troubleshooting Tor VPN beta.
5. 4(↑) tickets: reports of websites blocking Tor connections or not
performing well in Tor Browser.
6. 4(↓) tickets: circumventing censorship with Tor in Farsi.
7. 3(-) tickets: help with troubleshooting
existing Tor Browser install on Android.
8. 3(-) tickets: help with instructions to download, install or properly uninstalling Tor Browser.
9. 2(↓) tickets: questions about which Tor app to install on iOS (i.e. Onion Browser or Orbot).
10. 2(-) tickets: question about onion services and how to access them.
11. 2(-) tickets: reports of fake apps on iOS AppStore masquerading as official Tor Browser.
12. 2(↑) tickets: question about installing extensions and add-ons on Tor Browser.
13. 1(↓) ticket: users seeing a "proxy refused" error when visiting websites
on Tor Browser for Android using Samsung devices.
14. 1(↓) ticket: question about changes to the Security level settings on latest versions
of Tor Browser. The browser prompts a restart when changing the Security
Level for changes to properly take effect.
15. 1(-) ticket: instructions to download Tor Browser 13.5 legacy for legacy operating systems.
16. 1(-) ticket: help with installing Tor Browser on Desktop on Linux.
17. 1(↓) ticket: help with instructions to troubleshoot Tails operating
system.
18. 1(↑) ticket: question about Tor Browser support on Arm Linux.
# Telegram, WhatsApp and Signal user support channels
* 1205(↓) tickets resolved
Breakdown:
* 1160(↓) tickets on Telegram
* 23(↑) tickets on Signal
* 22(↑) tickets on WhatsApp
Tickets by topics and numbers:
1. 994(↓) tickets: circumventing censorship in Russian speaking countries.
2. 49(↓) tickets: instructions to circumvent censorship for Chinese speaking users.
3. 30(↓) tickets: circumventing censorship with Tor in Farsi.
4. 17(↓) tickets: questions, feedback and help with troubleshooting Tor VPN beta.
5. 13(↓) tickets: helping users on iOS, using Onion Browser or Orbot, to use censorship
circumvention methods.
6. 7(↑) tickets: [GetBridgesBot freezes][] and stops sending bridges.
7. 6(↑) tickets: instructions to use WebTunnel bridges with Tor Browser.
8. 6(↑) tickets: instructions on how to get Tor Browser binaries from GetTor.
9. 6(↓) tickets: help with troubleshooting Tor Browser Desktop on Windows, macOS and Linux.
10. 5(-) tickets: questions about onion services and how to access them.
11. 4(↓) tickets: help with instructions to troubleshoot Tails operating system.
12. 3(-) tickets: users seeing a "proxy refused" error when visiting websites on Tor
Browser for Android using Samsung devices.
13. 2(↓) tickets: help with installing Tor Browser on Desktop on Linux.
14. 2(↓) tickets: help with troubleshooting Tor Browser Android.
15. 2(-) tickets: help with instructions to use bridges with Orbot on Android.
16. 2(-) tickets: instructions to download Tor Browser 13.5 legacy for legacy operating
systems.
17. 1(-) ticket: help with instructions to verify Tor Browser GPG signature.
18. 1(↓) ticket: help with using Snowflake with Tor to circumvent censorship.
[GetBridgesBot freezes]:
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/286
# Topics from the Tor Forum
* A new home for Tor [user documentation][].
* Snowflake and Conjure inaccessible due to CND77 blockage, [try this workaround][].
[user documentation]:
https://forum.torproject.org/t/a-new-home-for-tor-user-documentation/20732
[try this workaround]:
https://forum.torproject.org/t/snowflake-and-conjure-inaccessible-due-to-cn…
# Highlights from Google Play Store
* Tor Browser for Android (TBA) had a Google Play rating of 4.4 stars in
October, which is the same as compared to in September.
* Tor Browser for Android (TBA) got 740 (↑16) new reviews. The total count of
reviews for the app stands at 65,769.
* Tor Browser for Android Alpha (TBA Alpha) app had a rating of 4.192 (↓0.004) in October which is
lower as compared to in September.
* In October, Tor Browser for Android Alpha (TBA Alpha) got 22 (↓10) new reviews. The total count of reviews
for the app stands at 8,687.
* We received a few comments and [reports][] of Tor Browser Android not
working properly on certain Samsung and Motorola Android devices.
[reports]:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43841
Thanks!
-- ebanam
1
0
Hey everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-11-06-16.00.html
And our meeting pad:
Anti-censorship work meeting pad
--------------------------------
Anti-censorship
--------------------------------
Next meeting: Thursday, November 13 16:00 UTC
Facilitator:shelikhoo
^^^(See Facilitator Queue at tail)
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
This week's Facilitator:onyinyang
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the
Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap:
*
Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
* The anti-censorship team's wiki page:
*
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
* Past meeting notes can be found at:
* https://lists.torproject.org/pipermail/tor-project/
* Tickets that need reviews: from projects, we are working on:
* All needs review tickets:
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s…
* Project 158 <-- meskio working on it
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na…
== Announcements ==
== Discussion ==
*
== Actions ==
* Remove webtunnel setuid script in 0 weeks.(This week!)
== Interesting links ==
*
https://opencollective.com/censorship-circumvention/projects/snowflake-dail…
== Reading group ==
* We will discuss "" on
*
* Questions to ask and goals to have:
* What aspects of the paper are questionable?
* Are there immediate actions we can take based on this work?
* Are there long-term actions we can take based on this work?
* Is there future work that we want to call out in hopes
that others will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): 2025-11-06
Last week:
- helped debug and look at profile output of rdsys (rdsys#249)
- gave more feedback on latest iteration of snowflake churn tests
- responded to IPtProxy issue with PTs and VPNs on android
- https://github.com/tladesignz/IPtProxy/issues/73
Next week:
- research snowflake enumeration attacks (snowflake#40396)
- follow up on snowflake rendezvous failures (snowflake#40447)
- revisit conjure integration with lyrebird
- take a look at potential snowflake orbot bug
- https://github.com/guardianproject/orbot-android/issues/1183
dcf: 2025-10-30
Last week:
- made snowflake-graphs use SQLite as intermediate data
representation rather than CSV
https://gitlab.torproject.org/dcf/snowflake-graphs/-/merge_requests/3
- fixed a bug with snowflake-graphs undercounting coverage for
certain rarely occurring levels of factors
https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/3#note_3281215
- opened an issue for coverage=2.00 in snowflake-stats
descriptors during a time when 2 brokers were running simultaneously
https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/5
Next week:
- open issue to have snowflake-client log whenever KCPInErrors
is nonzero
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- parent:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
Help with:
meskio: 2024-10-30
Last week:
- SOTO recording
- grant planning
- multi-front support in meek (lyrebird#40027)
Next week:
- AFK
Shelikhoo: 2024-11-04
Last Week:
- [Testing] Unreliable+unordered WebRTC data channel transport
for Snowflake rev2 (cont.)(
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
) testing environment setup/research
- SOTO recording + video
- Add sni-imitation syntex sugar option
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre…)
Next (working) Week/TODO:
- Merge request reviews
- [Deployment]Unreliable+unordered WebRTC data channel
transport for Snowflake rev2 (cont.)(
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
) Building custom Tor Browser with patch applied
- Add sni-imitation syntex sugar option (cont.)
onyinyang: 2025-11-06
Last week(s):
- Investigating rdsys#248 i.e., why dysfunctional webtunnel
bridges are being distributed
- Troubleshooting conjure not connecting in China
- waiting for more information from conjure authors/maintainers
- Monitoring email profiler for rdsys #129
- Monitoring rdsys#249
- Submitted talk proposal for Splintercon
Next week:
- Continue troubleshooting conjure not connecting in China
- Finish up debugging rdsys#129 and rdsys#249 hopefully (take 3? 4?)
- Continue looking into bridgestrap#47/rdsys#248
Switch back to some of these:
As time allows:
- Lox still seems to be filling up the disk on the
rdsys-test server despite changes made to delete old entries, look into
what's going wrong
Blog post for conjure:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj…
- review Tor browser Lox integration
https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests…
- add TTL cache to lox MR for duplicate responses:
https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305
- Work on outstanding milestone issues:
- key rotation automation
Later:
pending decision on abandoning lox wasm in favour of some kind
of FFI?
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096)
- add pref to handle timing for pubkey checks in Tor browser
- add trusted invitation logic to tor browser integration:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974
- improve metrics collection/think about how to show Lox is
working/valuable
- sketch out Lox blog post/usage notes for forum
(long term things were discussed at the meeting!):
- brainstorming grouping strategies for Lox buckets (of
bridges) and gathering context on how types of bridges are
distributed/use in practice
Question: What makes a bridge usable for a given user, and
how can we encode that to best ensure we're getting the most appropriate
resources to people?
1. Are there some obvious grouping strategies that we
can already consider?
e.g., by PT, by bandwidth (lower bandwidth bridges
sacrificed to open-invitation buckets?), by locale (to be matched with a
requesting user's geoip or something?)
2. Does it make sense to group 3 bridges/bucket, so
trusted users have access to 3 bridges (and untrusted users have access
to 1)? More? Less?
theodorsm: 2025-06-12
Last weeks:
- Applying for funding from NLnet to implement DTLS 1.3 in
Pion. Got through the first round.
- Writing paper for FOCI: continuation of master thesis
about reducing distinguishability of DTLS in Snowflake by implementing
covert-dtls, further analysis of collected browser fingerprint and
stability test of covert-dtls in snowflake proxies. Draft:
https://theodorsm.net/FOCI25
- Key takeaways:
* covert-dtls is stable when mimicking DTLS 1.2
handshakes, while the randomization approach— though more resistant to
fingerprinting — tends to be less stable.
* Chrome webextensions are more unstable than
standalone proxies
* covert-dtls should be integrated in Snowflake proxies
as they produce the ClientHello messages during the DTLS handshake.
* Chrome randomizes the order of extension list.
* Firefox uses DTLS 1.3 by default in WebRTC.
* A prompt adoption of DTLS 1.3 in both Snowflake and
our fingerprint-resistant library is needed to keep up with browsers
* The evolution of browsers’ fingerprints had no
noticeable effect on Snowflake’s number of daily users over the last year.
* Even with a sharp drop in the amount of proxies, it
does not seem to affect the number of Snowflake users.
* Browser extensions make Snowflake resistant to
ClientHello fingerprinting.
* Standalone proxies can serve more Snowflake clients
per volunteer than webextensions.
* We need metrics on which types of proxies are
actually being matched and successfully used by clients.
Next weeks:
- Getting paper camera ready.
- Fix merge conflicts in MR
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…)
Help with:
- Should we do user testing of covert-dtls?
Facilitator Queue:
onyinyang shelikhoo meskio
1. First available staff in the Facilitator Queue will be the
facilitator for the meeting
2. After facilitating the meeting, the facilitator will be moved to the
tail of the queue
--
---
onyinyang
GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036
1
0