- tor-project - lists.torproject.org

Anti-censorship team meeting notes, 2026-03-12
by meskio 12 Mar '26

12 Mar '26

Hey everyone! Here are our meeting logs: https://meetbot.debian.net/tor-meeting/2026/tor-meeting.2026-03-12-16.00.lo… And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, March 19 16:00 UTC Facilitator: cohosh ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * We can bump the min Go version in snowflake and lyrebird to 1.25 if needed * https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… == Discussion == * should we start collecting webtunnel bridges for the missing pools (email and restricted) * https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/298 * let's start assigning bridges to the remaining pools and enable email once we have enough * meskio will do the config change * New stun servers being added, any policy issue with these servers? * https://gitlab.torproject.org/tpo/anti-censorship/rdsys-admin/-/merge_reque… * we don't see any issues with them * will apply them first to circumvention settings and after to the builtin bridges == Actions == * == Interesting links == https://tailscale.com/blog/how-nat-traversal-works <- nice write up about challages about NAT types, for someone look to learn more about NAT dramas (no discussion necessary) == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * * Is there future work that we want to call out in hopes that others will pick it up? * Next in the Reading Group Queue: * == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2026-03-12 Last week: - opened a MR in tor-browser-build for legacy go1.22 support for macos - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… - released version 2.12.1 of snowflake - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - discussed stun server testing and updates with shell - discussed cc algorithms with lanius_collaris and opened issue about it - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - gave feedback on snowflake simulations for proxy fairness proposal Next week: - continue snowflake and lyrebird go version support and release work - follow up about running shadow simulations for snowflake performance - research snowflake enumeration attacks (snowflake#40396) - implement proxy fairness proposal - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2026-03-05 Last week: - reviewed on a "??" geoip fix in snowflake proxy https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - made an issue for OS upgrade on snowflake-02, necessary before being able to updgrade tor https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - wrote up a research idea for using rateless erasure codes for rendezvous https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Research-ide… - posted a short tutorial on using ooni-sync to download OONI measurements https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - reviewed an MR to enable disable stats reporting in the snowflake standalone proxy https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - upgrade OS on the snowflake-02 bridge https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2026-03-12 Last week: - debug tails issue with meek, was python upstream library issue (lyrebird#40034) - try out gitlab SAST in lyrebird, doesn't produce much output (is that good?) - grant writting Next week: - AFK Shelikhoo: 2026-03-12 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Merge request Reviews - Vantage point maintaince - [Research] proxy pool overload and potential blocking in Iran ( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) - [Research] Add three NAT type buckets to the snowflake broker ( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) - [MR] Replace broken stun server with working one ( https://gitlab.torproject.org/tpo/anti-censorship/rdsys-admin/-/merge_reque… ) - [Research] Add More Stun Servers to Snowflake https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - Vantage point maintaince - [Research] proxy pool overload and potential blocking in Iran ( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) - [Research] Add three NAT type buckets to the snowflake broker ( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) onyinyang: 2026-02-26 Last week(s): - attended FOCI - Working on https distributor language selector https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/196 Next week: - Away until March 18 - Continue work on rdsys#196 - Continue Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed - Troubleshooting conjure not connecting in China - waiting for more information from conjure authors/maintainers Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2026-02-19 Last weeks: - Bumping pion stack version with backport: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Implementing DTLS 1.3 in pion Next weeks: - Implementing DTLS 1.3 in pion Help with: - Facilitator Queue: cohosh onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

minutes from the sysadmin
by Antoine Beaupré 11 Mar '26

11 Mar '26

Hi everyone, here's your monthly dose of sysadmin minutes... Do note an interesting discussion about LLMs, not a formal policy, just a discussion for now. # Roll call: who's there and emergencies all members present # Express check-in How are you doing, and are there any blockers? Then pass the mic to the next person. # Roadmap discussion Review the [2026 roadmap][] especially with the [STF grant][] not going through. One month left in the quarter, we might get some input from upstairs for the next. [STF grant]: https://gitlab.torproject.org/tpo/operations/proposals/-/issues/70 [2026 roadmap]: https://gitlab.torproject.org/groups/tpo/tpa/-/epics/2 Here's what everyone will be working on: ## zen - [profiles merge][] - [planning phase for Tails migration to Prometheus][] [planning phase for Tails migration to Prometheus]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/41946 [profiles merge]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/42103 ## lavamind - donate-neo - download page ## groente - anarcat carried the idea that email should be prioritized - let's meet with nadya to get a better idea of the requirements, anarcat will check for reusing the timeslot tomorrow ## lelutin - prometheus HA - garage conversion ## anarcat - wiki problem? experimented a lot with mkdocs/zensical for a [personal project][] [personal project]: https://lora.reseaulibre.ca/ # AI brainstorm? - anarcat: was extremely skeptical with capacity and morals of AI, now he's worried with the profession. We might lose an entire generation of programmers. Worried with reliability of software, environmental and political impact. But he's using it -- not vibe coding, rarely using it for coding -- it causes skills atrophy, but uses it for spell checking. Disclosure should be mandatory: disclose the model and prompt (eg. in commit messages). (Other messages here are unattributed, but from each team member.) - It's hard, and getting harder, to not use it: e.g. google pushes you towards it when you search. Concerned with our jobs and pressure on "efficiency", and that we might be forced to use LLMs. Could we have [RAG][] for our documentation? [RAG]: https://en.wikipedia.org/wiki/Retrieval-augmented_generation - groente: As for job security and pressure for "efficiency", one would hope there will always be a market for people that understand how systems work. The pressure to use LLMs will likely grow: compare it to household appliances (or many other technologies) that were thought to save us time, but in the end just created higher expectations. Resisting this will likely be extremely hard within a capitalist environment, but hopefully we can carve out some space within non-profits at least. It's kind of ironic, this LLM use is once again creating a huge dependency on a small number of US tech companies. There's now a lot of geopolitical momentum to decrease infrastructural dependency on the US, but at the same time we're massively walking into the same pitfall with AI. Let's hope Tor is smarter than that. The earlier push towards cloud computing was successfully resisted, so I'm still hopeful here. - We still have jobs through the cloud migration, even though we were told our jobs would stop existing. I like to code so I don't want to use AI, but all my friends are using it, and the reason I was getting crap outputs in first attempts was that I wasn't sending enough context. Concerned about people's mental health, especially after an article [shared this morning about "How to Talk to Someone Experiencing 'AI Psychosis'"][]. [shared this morning about "How to Talk to Someone Experiencing 'AI Psychosis'"]: https://www.404media.co/ai-psychosis-help-gemini-chatgpt-claude-chatbot-del… - Not using it. Search results are getting worse and worse. Really hesitant in jumping in, fundamentally misanthropic technology. As a temporary moratorium, anarcat announced that TPA team members are forbidden to grant any sort of execution access to LLMs for machines under their stewardship. If you want to experiment with AI, you can copy-paste things, feed it input, but in no way should you execute code from LLMs without the same level of review you would give to an untrusted contributor. This applies, in particular, to agents: if you experiment with agents like Claude Code, run those in a virtual machine. # Next meeting Next month's first Monday is Easter in some cultures and a holiday in most of our workers, so the roadmap meeting will be held the second Monday of April. # Metrics of the month * host count: 95, LDAP 140 (!), Puppet 136 (!) * number of Apache servers monitored: 32, hits per second: 659 * number of self-hosted nameservers: 6, mail servers: 13 * pending upgrades: 0, reboots: 0 * average load: 1.38, memory available: 4.3 TB/6.8 TB, running processes: 160 * disk free/total: 111.3 TB/216.5 TB * bytes sent: 534.4 MB/s, received: 362.1 MB/s * [GitLab tickets][]: 272 tickets including... * Needs Triage: 1 * Not Scheduled: 164 * Backlog: 66 * Next: 29 * Doing: 12 * (closed: 4416) * [~Needs Information][]: 3 open, 125 closed * [~Needs Review][]: 7 open, 201 closed * [~Technical Debt][]: 10 open, 38 closed [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards [~Needs Information]: https://gitlab.torproject.org/groups/tpo/tpa/-/issues/?state=opened&label_n… [~Needs Review]: https://gitlab.torproject.org/groups/tpo/tpa/-/issues/?state=opened&label_n… [~Technical Debt]: https://gitlab.torproject.org/groups/tpo/tpa/-/issues/?state=opened&label_n… Upgrade prediction graph lives at https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/trixie/ -- Antoine Beaupré torproject.org system administration

1 0

PSA: North america changes time forward soon, Europe next
by Antoine Beaupré 09 Mar '26

09 Mar '26

Hi! This is your bi-yearly reminder that time is changing soon! # What's happening? For people not on tor-internal, you should know that I've been sending semi-regular announcements when daylight saving changes occur. Starting now, I'm making those announcements public so they can be shared with the wider community because, after all, this affects everyone (kind of). For those of you lucky enough to have no idea what I'm talking about, you should know that some places in the world implement what is called Daylight saving time or DST: https://en.wikipedia.org/wiki/Daylight_saving_time Normally, you shouldn't have to do anything: computers automatically change time following local rules, assuming they are correctly configured, provided recent updates have been applied in the case of a recent change in said rules (because yes, this happens). Appliances, of course, will likely *not* change time and will need to adjusted unless they are so-called "smart" (also known as "part of a bot net"). If your clock is flashing "0:00" or "12:00", you have no action to take, congratulations on having the right time once or twice a day. If you haven't changed those clocks in six months, congratulations, they will be accurate again! In any case, you should still consider DST because it might affect some of your meeting schedules, particularly if you set up a new meeting schedule in the last 6 months and forgot to consider this change. # If your location does not have DST Properly scheduled meetings affecting multiple time zones are set in UTC time, which does *not* change. So if your location does not observer time changes, your (local!) meeting time will *not* change. But be aware that some other folks attending your meeting *might* have the DST bug and *their* meeting times will change. They might miss entire meetings or arrive late as you frantically ping them over IRC, Matrix, Signal, SMS, Ricochet, Mattermost, SimpleX, Whatsapp, Discord, Slack, Wechat, Snapchat, Telegram, XMPP, Briar, Zulip, RocketChat, DeltaChat, talk(1), write(1), actual telegrams, Meshtastic, Meshcore, Reticulum, APRS, snail mail, and, finally, flying a remote presence drone to their house, asking what's going on. (Sorry if I forgot your preferred messaging client here, I tried my best.) Be kind; those poor folks might be more sleep deprived as DST *steals* one hour of sleep from them on the night that implements the change. # If you do observe DST If you are affected by the DST bug, your *local* meeting times *will* change access the board. Normally, you can trust that your meetings are scheduled to take this change into account and the new time should still be reasonable. Trust, but verify; make sure the new times *are* adequate and there are no scheduling conflicts. Do this *now*: take a look at your calendar in two week *and* in April. See if any meeting need to be rescheduled because of an impossible or conflicting time. # When does time change, how and where? Notice how I mentioned "North America" in the subject? That's a lie. ("The doctor lies", as they say on the BBC.) Other places, including Europe, also changes times, just not all at once (and not all North America). We'll get into "where" soon, but first let's look at the "how". As you might already know, the trick is: > Spring forward, fall backwards. This northern-centric (sorry!) proverb says that clocks will move *forward* by an hour this "spring", after moving *backwards* last "fall". This is why we lose an hour of work, sorry, sleep. It sucks, to put it bluntly. I want it to stop and will keep writing those advisories until it does. To see where and when, we, unfortunately, still need to go into politics. ## USA and Canada First, we start with "North America" which, really, is just some *parts* of USA[1] and Canada[2]. As usual, on the Second Sunday in March (the 8th) at 02:00 local (not UTC!), the clocks will move forward. This means that properly set clocks will flip from 1:59 to 3:00, coldly depriving us from an hour of sleep that was perniciously granted 6 months ago and making calendar software stupidly hard to write. Practically, set your wrist watch and alarm clocks[3] back one hour before going to bed and go to bed early. [1] except Arizona (except the Navajo nation), US territories, and Hawaii [2] except Yukon, most of Saskatchewan, and parts of British Columbia (northeast), one island in Nunavut (Southampton Island), one town in Ontario (Atikokan) and small parts of Quebec (Le Golfe-du-Saint-Laurent), a list which I keep recopying because I find it just so amazing how chaotic it is. When your clock has its own Wikipedia page, you know something is wrong: https://en.wikipedia.org/wiki/Time_in_Saskatchewan [3] hopefully not managed by a botnet, otherwise kindly ask your bot net operator to apply proper software upgrades in a timely manner ## Europe Next we look at our dear Europe, which will change time on the last Sunday in March (the 29th) at 01:00 *UTC* (not local!). I *think* it means that, Amsterdam-time, the clocks will flip from 1:59 to 3:00 AM *local* on that night. (Every time I write this, I have doubts. I would welcome independent confirmation from night owls that observe that funky behavior experimentally.) Just like your poor fellows out west, just fix your old-school clocks before going to bed, and go to sleep early, it's good for you. ## Rest of the world with DST Renewed and recurring apologies again to the people of Cuba, Mexico, Moldova, Israel, Lebanon, Palestine, Egypt, Chile (except Magallanes Region), parts of Australia, and New Zealand which *all* have their own *individual* DST rules, omitted here for brevity. In general, changes also happen in March, but either on different times or different days, except in the south hemisphere, where they happen in April. ## Rest of the world without DST All of you other folks without DST, rejoice! Thank you for reminding us how manage calendars and clocks normally. Sometimes, doing nothing is precisely the right thing to do. You're an inspiration for us all. # Changes since last time There were, again, no changes since last year on daylight savings that I'm aware of. It seems the US congress debating switching to a "half-daylight" time zone which is an half-baked idea that I should have expected from the current USA politics: https://www.usatoday.com/story/news/nation/2026/02/19/daylight-act-of-2026-… The plan is to, say, switch from "Eastern is UTC-4 in the summer" to "Eastern is UTC-4.5". The bill also proposes to do this 90 days after enactment, which is dangerously optimistic about our capacity at deploying any significant change in human society. In general, I rely on the Wikipedia time nerds for this: https://en.wikipedia.org/wiki/Daylight_saving_time_by_country ... and Paul Eggert which seems to singlehandledly be keeping everything in order for all of us: https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/latest This time, I've also looked at the normal mailing list: https://lists.iana.org/hyperkitty/list/tz@iana.org/latest ... which is where I learned about the congress bill. If your country has changed time and no one above noticed, now would be an extremely late time to do something about this, typically writing to the above list. (Incredibly, *I* need to write to the list because of this post: https://lists.iana.org/hyperkitty/list/tz@iana.org/thread/6HN5SWD2BJA7OVTPF…) One thing that *did* change since last year is that I've implemented what I hope to be a robust calendar for this, which was surprisingly tricky. If you have access to our Nextcloud, it should be visible under the heading "Daylight saving times". If you don't, you can access it using this link directly: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/time/dst.ics The procedures around how this calendar was created, how this email was written, and curses found along the way, are also documented in this wiki page, if someone ever needs to pick up the Time Lord duty: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/time A. -- Antoine Beaupré self-elected time lord in self-training torproject.org system administration

1 1

Anti-censorship team meeting notes, 2026-03-05
by Shelikhoo 05 Mar '26

05 Mar '26

Hey everyone! Here are our meeting logs: https://meetbot.debian.net/tor-meeting/2026/tor-meeting.2026-03-05-16.00.ht… And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, March 12 16:00 UTC Facilitator:meskio ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == * Should we priorize better matching logic on snowflake broker * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * See also: https://datatracker.ietf.org/doc/html/rfc5780 * [Option C] Fix it soon * proposal to get a separate domain name for bridge reachability tests * add a record for each known *.torproject.net bridge * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… == Actions == * == Interesting links == == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * * Is there future work that we want to call out in hopes that others will pick it up? * Next in the Reading Group Queue: * == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2026-03-05 Last week: - wrote a patch for go 1.22 support (snowflake#40490) - worked on proxy bridge reachability checks (snowflake#40504) - opened issue with TPA to get a bridge probe domain with multiple A records - tried out mobile snowflake proxy app by contributor - https://github.com/blocoio/snowflake - caught up on IPtProxy issue about snowflake proxy events - https://github.com/tladesignz/IPtProxy/issues/81 - created issue to disable summary stats task if duration is 0 (snowflake#40524) - implemented fix (snowflake!687) - wrote script to parse OONI stun reachability check results (snowflake#40523) - https://gitlab.torproject.org/-/snippets/240 - updated circumvention settings in rdsys (rdsys-admin!46) - more work on proxy fairness proposal Next week: - finish working on snowflake compatability with go1.22 - research snowflake enumeration attacks (snowflake#40396) - implement proxy fairness proposal - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2026-03-05 Last week: - reviewed on a "??" geoip fix in snowflake proxy https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - made an issue for OS upgrade on snowflake-02, necessary before being able to updgrade tor https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - wrote up a research idea for using rateless erasure codes for rendezvous https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Research-ide… - posted a short tutorial on using ooni-sync to download OONI measurements https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - reviewed an MR to enable disable stats reporting in the snowflake standalone proxy https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - upgrade OS on the snowflake-02 bridge https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2026-03-05 Last week: - grant writting Next week: - no webtunnel bridges in the https distributor (rdsys#262) Shelikhoo: 2026-03-05 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Merge request Reviews - Vantage point maintaince - Expore DNS tunneling options(https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/173) - [Research] proxy pool overload and potential blocking in Iran ( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) - [Research] Add three NAT type buckets to the snowflake broker ( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - Vantage point maintaince - [Research] proxy pool overload and potential blocking in Iran ( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) - [Research] Add three NAT type buckets to the snowflake broker ( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) onyinyang: 2026-02-26 Last week(s): - attended FOCI - Working on https distributor language selector https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/196 Next week: - Away until March 18 - Continue work on rdsys#196 - Continue Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed - Troubleshooting conjure not connecting in China - waiting for more information from conjure authors/maintainers Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2026-02-19 Last weeks: - Bumping pion stack version with backport: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Implementing DTLS 1.3 in pion Next weeks: - Implementing DTLS 1.3 in pion Help with: - Facilitator Queue: cohosh onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue

1 0

Anti-censorship team meeting notes, 2026-02-26
by onyinyang 26 Feb '26

26 Feb '26

Hey everyone! Here are our meeting logs: https://meetbot.debian.net/tor-meeting/2026/tor-meeting.2026-02-26-16.01.ht… And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, March 5 16:00 UTC Facilitator: shelikhoo ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == * (new) orbot asked us about using snowflake assets for their kindness mode improvements * snowflake client go 1.22 support * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * golang workspaces * https://go.dev/ref/mod#workspaces * https://go.dev/doc/tutorial/workspaces * https://go.dev/blog/get-familiar-with-workspaces * snowflake proxy pool depleted * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * we can recommend proxy operators that are concerned to reduce the poll-interval, by default is set to 5s * the actuall user experience right now is not too bad, snowflake connects after a couple of retries * lets investigate what is the actual problem in Iran blocking proxies and we'll see what we can do about it == Actions == * == Interesting links == * https://nordvpn.com/blog/nordwhisper-protocol/ 2025 == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * * Is there future work that we want to call out in hopes that others will pick it up? * Next in the Reading Group Queue: * == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2026-02-26 Last week: - tried to roll back KCP version - more work on implementing proxy fairness proposal - worked on proxy fairness simulations - attended FOCI - opened issue for potential snowflake proxy censorship in Iran - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - roll back KCP version - research snowflake enumeration attacks (snowflake#40396) - implement proxy fairness proposal - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2026-02-26 Last week: - commented on a "??" geoip fix in snowflake proxy https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - posted notes about the Russian National Domain Name System (NSDI) https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… https://github.com/net4people/bbs/issues/580 - merged a metrics-timeline merge request https://gitlab.torproject.org/tpo/network-health/metrics/timeline/-/merge_r… - posted ideas about counter-whitelisting circumvention in Russia https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… Next week: - see about upgrading tor on the snowflake-02 bridge https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2026-02-26 Last week: - rdsys stopped parsing extrainfo, no PTs were distributed (rdsys#291) - fetch translations in rdsys was failing (rdsys!633) - look at the snowflake proxies block in Iran (snowflake#40519) - release and deploy rdsys 1.2 (rdsys#296) - make template for rdsys releases (rdsys!632) Next week: - no webtunnel bridges in the https distributor (rdsys#262) Shelikhoo: 2026-02-26 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Merge request Reviews - Vantage point maintaince - Expore DNS tunneling options(https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/173) - fix containrrr/watchtower is no longer maintained (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Vaultwarden Data Loss Report: [error: cannot decrypt] (https://gitlab.torproject.org/tpo/tpa/team/-/issues/42511) - Disable Annoyance Element "#ai-panels/Gitlab Duo Agent Chat" at Gitlab instance (https://gitlab.torproject.org/tpo/tpa/team/-/issues/42509) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - MR Review - Design experment for internet shutdown - Vantage point maintaince - Deploy DNS tunneling options(https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/173) onyinyang: 2026-02-26 Last week(s): - attended FOCI - Working on https distributor language selector https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/196 Next week: - Away until March 18 - Continue work on rdsys#196 - Continue Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed - Troubleshooting conjure not connecting in China - waiting for more information from conjure authors/maintainers Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2026-02-19 Last weeks: - Bumping pion stack version with backport: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Implementing DTLS 1.3 in pion Next weeks: - Implementing DTLS 1.3 in pion Help with: - Facilitator Queue: cohosh onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

Anti-censorship team meeting notes, 2026-02-19
by Cecylia Bocovich 24 Feb '26

24 Feb '26

Hi everyone, Here are the meeting logs: https://meetbot.debian.net/tor-meeting/2026/tor-meeting.2026-02-19-16.00.ht… and the meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, February 19 16:00 UTC Facilitator: cohosh ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator:meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == Our anti-censorship roadmap: Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards The anti-censorship team's wiki page: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home Past meeting notes can be found at: https://lists.torproject.org/pipermail/tor-project/ Tickets that need reviews: from projects, we are working on: All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… Project 158 <-- meskio working on it https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == FOCI is today! https://foci.community/ == Discussion == Go version bump to v1.24 for snowflake? we are keeping support for go 1.22 because TB needs this version to support an old version of OSX https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… snowflake breaks support for go 1.22 with the latest version of kcp https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… cohosh will roll back kcp and make a release to update snowflake in TB Certificate Issues in Rust-based QUIC Pluggable Transport (UAT) and Future Plans https://forum.torproject.org/t/proposal-rust-based-quic-pluggable-transport… https://github.com/yo-4m/UAT == Actions == == Interesting links == https://nordvpn.com/blog/nordwhisper-protocol/ 2025 == Reading group == We will discuss "" on Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out in hopes that others will pick it up? Next in the Reading Group Queue: == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2026-02-19 Last week: - worked on snowflake broker proxy pool refactor (snowflake!663) - updated reading group wiki page - https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Anti-censors… - read some FOCI papers Next week: - roll back KCP version - research snowflake enumeration attacks (snowflake#40396) - implement proxy fairness proposal - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2026-02-19 Last week: Next week: - see about upgrading tor on the snowflake-02 bridge https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2026-02-19 Last week: - PT bridges are also distributed as vanilla (rdsys#291) - merge and deploy moat-shim with cert reload fix (team#172) - try and fail to add a CI test for building snowflake client with go 1.22 (snowflake#40490) - investigate Tor Browser problem switching from snowflake to obfs4 (tor-browser#44624) Next week: - PT bridges are also distributed as vanilla (rdsys#291) Shelikhoo: 2026-02-19 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Merge request Reviews - Vantage point maintaince - Expore DNS tunneling options(https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/173) - [Merge Request Done]fix incorrect format for capacity option in README (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - MR Review - Design experment for internet shutdown - Vantage point maintaince - Expore DNS tunneling options(https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/173) - - fix containrrr/watchtower is no longer maintained (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) onyinyang: 2026-02-19 Last week(s): -Completed https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/257#note_3… - Working on https distributor language selector https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/196 Next week: - Continue work on rdsys#196 - Continue Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed - Troubleshooting conjure not connecting in China - waiting for more information from conjure authors/maintainers Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2026-02-19 Last weeks: - Bumping pion stack version with backport: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Implementing DTLS 1.3 in pion Next weeks: - Implementing DTLS 1.3 in pion Help with: - Facilitator Queue: cohosh onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue

1 0

standardising cipher suites and protocols supported by TPA
by groente 19 Feb '26

19 Feb '26

Hello everyone, Here's TPA's new policy aiming to standardise which cipher suites and protocols are supported on our infra. Implemention will hopefully start soon. Cheers, groente

1 0

TPA switched from RFCs to ADRs!
by Antoine Beaupré 16 Feb '26

16 Feb '26

Hi folks, TPA has recently changed how we communicate and record decisions. If you've been around a bit, you might have seen complex, very detailed emails with a subject like "TPA-RFC-33" or something. We're changing away from this to a new "ADR" process. Concretely, this means you'll get more targeted, and simpler communications from us (like this message!). You don't need to do anything right now, but we're be happy to get your feedback on the process, as a stakeholder, either before or after you receive such communications. We're also curious to hear if such a process could be useful for your team. We don't intend this process to be adopted project wide; we're merely scratching our own itch here. We acknowledge each team has their own needs and workflows and we don't necessarily think all teams need to adopt this. But we're of course open to discussing this more broadly in the organization and amending the process if we want to adopt it more widely! See the details of the change in the blog post: https://blog.torproject.org/tpa-adr/ Let us know what you think, either here or in the discussion issue: https://gitlab.torproject.org/tpo/tpa/team/-/issues/41428 a. -- Antoine Beaupré torproject.org system administration

1 0

Anti-censorship team meeting notes, 2026-02-12
by meskio 12 Feb '26

12 Feb '26

Hey everyone! Here are our meeting logs: https://meetbot.debian.net/tor-meeting/2026/tor-meeting.2026-02-12-16.05.ht… And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, February 19 16:00 UTC Facilitator: cohosh ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator:meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * == Discussion == * Go version bump to v1.24 for snowflake? * we are keeping support for go 1.22 because TB needs this version to support an old version of OSX * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… == Actions == * == Interesting links == * Cf. https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… * FOCI 2026 Winter: February 19th 17:00 - 21:30 UTC (after this meeting) * https://foci.community/ * https://ahf.me/snowflake/ * https://mastodon.social/@ahf/116041345509536898 * looking into kindling (https://github.com/getlantern/kindling) I found out they use snowflake's amp cache implementation importing snowflake directly from https://github.com/getlantern/amp/ 😃 * https://opencollective.com/censorship-circumvention/projects/snowflake-dail… == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * * Is there future work that we want to call out in hopes that others will pick it up? * Next in the Reading Group Queue: * == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2026-02-12 Last week: - fixup snowflake message library refactor (snowflake!658) - snowflake broker proxy pool refactor (snowflake!663) - fix android CI test failures (snowflake!664) - worked more on simulations for proxy fairness proposal (snowflake#40507) Next week: - research snowflake enumeration attacks (snowflake#40396) - implement proxy fairness proposal - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2026-02-05 Last week: - commented on some bootstrapping reports from Iran https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2026-02-12 Last week: - Investigate lyrebird crash in TorBrowser (tor-browser#44624) - look into the status of builtin bridges - grants grants... Next week: - investigate why there is webtunnel bridges in the email distributor (rdsys#174) Shelikhoo: 2026-02-12 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Merge request Reviews - Vantage point maintaince - Expore DNS tunneling options(https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/173) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - MR Review - Design experment for internet shutdown - Vantage point maintaince - Expore DNS tunneling options(https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/173) onyinyang: 2026-02-12 Last week(s): -Completed first attempt at making it harder to inject a bridge to a specific client https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/257#note_3… - Use root key for rdsys to derive keys for each of the distributors - Working on https distributor language selector https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/196 - fixing some errors in the translated pages - does the translation work for bridges.torproject.org exist somewhere already? Next week: - Continue work on rdsys#196 - Continue Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed - Troubleshooting conjure not connecting in China - waiting for more information from conjure authors/maintainers Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2026-02-12 Last weeks: - Bumping pion stack version: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Implementing DTLS 1.3 in pion Next weeks: - Implementing DTLS 1.3 in pion Help with: - Facilitator Queue: cohosh onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

User Support report for January 2026
by ebanam 11 Feb '26

11 Feb '26

Hello everyone, This is the report from user support team for the month of January 2026. Note: (↑), (↓) and (-) are indicating if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively. - Summary of updates from user support - General user support - Farsi-speaking user support - Russian-speaking user support - Frontdesk (email user support channel) - Telegram, WhatsApp and Signal user support channels - Highlights from the Tor Forum - Highlights from Google Play Store # Summary of updates from user support ## General user support * 587 tickets in total (↑105 as compared to December) * 388 tickets on Email * 192 tickets on Telegram * 7 tickets on Signal * Across our various user support channels we received 14 tickets about Tor VPN Beta, mostly from users trying to configure [Tor VPN Beta with bridges][]. * For Tor Browser, we received a few more reports of Android users getting ["proxy refused" error][] when visiting websites. This is also one of the most reported topics on Google Play Store reviews (see the section '# Highlights from Google Play Store'). [Tor VPN Beta with bridges]: https://support.torproject.org/tor-vpn/circumvention/using-bridges/ ["proxy refused" error]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42714 ## Chinese-speaking user support * As obfs4 bridges are being enumerated by the Great Firewall, we have been recommending WebTunnel for users. We are considering to update our support entries to make more clear that users can get WebTunnel bridges using our Telegram bot (GetBridgesBot) and the bridges website. ## Farsi-speaking user support * 257 tickets in total (↑228 as compared to December) * 98 tickets on Email * 159 tickets on Telegram * On January 8, Iran experienced a nationwide internet blackout that lasted for nearly two weeks. Even after the blackout ended, internet access remained extremely unstable and operated under a whitelist model, where only a few sites such as Google were accessible. Towards the end of January, conditions gradually began to improve, and [Snowflake started working][] in some cases. All this while we gathered a significant amount of feedback from users who were able to connect to our support channels. As per user reports, the filtering system is still very unpredictable and tends to behave differently across the different ISPs and regions. TCI, one of the prominent ISPs, appears to have the most aggressive filtering, and bridges only worked there in very limited situations. Very surprisingly, we also received a few reports of users being able to connect to Tor Browser without any bridges. We have documented this [censorship event][] together with the anti-censorship team. [Snowflake started working]: https://forum.torproject.org/t/tor-not-working-in-iran/21144/4 [censorship event]:https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysi… ## Russian-speaking user support * 776 tickets in total (↓104 as compared to December) * 156 tickets on Email * 620 tickets on Telegram * We have seen a noticeable increase in support requests from Russia via our email channel, likely due to recent news about Telegram potentially being blocked in Russia. * In January, we created new tickets to monitor censorship in Russia: - [Russia] "Whitelist" and ways to deal with them: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… - [Russia] Blocking Tor resources (2026 edition): https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… # Frontdesk (email user support channel) * 632(↑) RT tickets created * 642(↑) RT tickets resolved Tickets by topics and numbers: 1. 315(↑) tickets: instructions to circumvent censorship for Chinese speaking users. 2. 156(↑) tickets: circumventing censorship in Russian speaking countries. 3. 98(↑) tickets: circumventing censorship with Tor in Farsi. 4. 37(↑) tickets: help with troubleshooting existing Tor Browser install on Desktop (Windows, macOS and Linux). 5. 6(-) tickets: reports of fake apps on iOS AppStore masquerading as official Tor Browser and questions about which Tor app to install on iOS (i.e. Onion Browser or Orbot). 6. 4(↓) tickets: questions, feedback and help with troubleshooting Tor VPN beta. 7. 3(↓) tickets: instructions to download Tor Browser 13.5 legacy for legacy operating systems. 8. 2(↑) tickets: reports of links on the new support portal giving a 404. 9. 2(↓) ticket: report of websites blocking Tor connections or not performing well in Tor Browser. 10. 1(↓) ticket: help with setting up Snowflake proxy. 11. 1(↓) ticket: users seeing a "proxy refused" error when visiting websites on Tor Browser for Android using Samsung devices. 12. 1(↑) ticket: help with post-install steps for running a Tor bridge and configuring a bridge distribution method for Tor bridge. 13. 1(↑) ticket: question about contributing to Tor. 14. 1(-) ticket: instructions on how to get Tor Browser binaries from GetTor. 15. 1(↑) ticket: question about modifying the Tor circuit in Tor Browser. # Telegram, WhatsApp and Signal user support channels * 978(↑) tickets resolved Breakdown: * 971(↑) tickets on Telegram * 7(↓) tickets on Signal * 0(↓) tickets on WhatsApp Tickets by topics and numbers: 1. 620(↓) tickets: circumventing censorship in Russian speaking countries. 2. 159(↑) tickets: circumventing censorship with Tor in Farsi. 3. 47(↑) tickets: instructions to circumvent censorship for Chinese speaking users. 4. 40(↑) tickets: instructions to use manually obtained bridges with Tor Browser. 5. 24(↑) tickets: helping users on iOS, using Onion Browser or Orbot, to use censorship circumvention methods. 6. 24(↑) tickets: help with instructions to use bridges with Orbot on Android. 7. 18(↑) tickets: help with troubleshooting existing Tor Browser install on Desktop (Windows, macOS and Linux). 8. 14(↑) tickets: instructions on how to get Tor Browser binaries from GetTor. 9. 10(↓) tickets: questions, feedback and help with troubleshooting Tor VPN beta. 10. 10(↑) tickets: help with troubleshooting existing Tor Browser install on Android. 11. 6(↑) ticket: help with using Snowflake with Tor to circumvent censorship. 12. 6(↑) tickets: instructions to use WebTunnel bridges with Tor Browser. 13. 5(↓) tickets: GetBridgesBot on Telegram freezes and stops sending bridges and users have to clear chat history. 14. 3(-) tickets: users seeing a "proxy refused" error when visiting websites on Tor Browser for Android using Samsung devices. 15. 3(↑) tickets: questions about onion services and how to access them. 16. 2(↓) tickets: help with installing Tor Browser on Desktop on Linux. 17. 2(-) tickets: help with configuring bridges to use with little-t tor (the network daemon). 18. 2(↓) tickets: instructions to download Tor Browser 13.5 legacy for legacy operating systems. # Highlights from the Tor Forum 1. [Internet censorship in Russia][]. 2. [Internet censorship in Iran][]. [Internet censorship in Russia]: https://forum.torproject.org/t/russia-rolled-out-whitelists-and-snowflake-s… [Internet censorship in Iran]: https://forum.torproject.org/t/tor-not-working-in-iran/21144 # Highlights from Google Play Store ## Tor Browser for Android * Tor Browser for Android (TBA) had a Google Play rating of 4.396 (↑0.007) stars in January, which is higher as compared to in December. * Tor Browser for Android (TBA) got 684 (↑29) new reviews. The total count of reviews for the app stands at 67,439. * For Tor Browser, quite similar to last month, the main issues highlighted by the users in their comments and reviews were: - internet censorship in Russia and users looking for ways to bypass it. - Tor Browser for Android has been reported as slow during browsing, with users encountering a “Proxy server refused connection” error. This issue has particularly affected users with Samsung Android devices. - we got multiple comments from Iranian users looking for help with bypassing censorship and a number of kind messages expressing their gratitude to Tor. ## Tor Browser for Android Alpha * Tor Browser for Android Alpha app had a rating of 4.132 (↓0.007) in January which is lower as compared to in December. * In January, Tor Browser for Android Alpha got 27 (↓23) new reviews. The total count of reviews for the app stands at 8,757. * For Tor Browser Alpha, the main issues highlighted by users in their comments and reviews were its similarity to Firefox for Android and the absence of the Tor circuit option. ## Tor VPN Beta * Tor VPN beta was installed almost 71000 (↑32800) times by the end of January. The top 5 countries by the number of installations being (in descending order): Turkmenistan, Iran, Russia, India, and Germany. Thanks! -- ebanam

1 0