- tor-project - lists.torproject.org

Anti-censorship team meeting notes, 2026-01-22
by Cecylia Bocovich 22 Jan '26

22 Jan '26

Hey everyone! Here are our meeting logs: https://meetbot.debian.net/tor-meeting/2026/tor-meeting.2026-01-22-16.04.ht… And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, January 22 16:00 UTC Facilitator: onyinyang ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == Our anti-censorship roadmap: Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards The anti-censorship team's wiki page: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home Past meeting notes can be found at: https://lists.torproject.org/pipermail/tor-project/ Tickets that need reviews: from projects, we are working on: All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… Project 158 <-- meskio working on it https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == Snowflake proxy fairness proposal: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… == Discussion == Maybe support pinning tls1.3 when using uTLS random fingerprint? https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/171 Got a report that in at least one environment, TLS 1.2 is completely blocked, only TLS 1.3 works. uTLS has a 40% probability of using TLS 1.3 with its random fingerprint, so the connection fails at least 60% of the time. Where is it that TLS 1.2 is blocked and TLS 1.3 works? Russia, IIRC. Enforce this in tls.Config MinVersion/MaxVersion? Perhaps uTLS should honor those? Even if it were supported by uTLS, if we add an option to control this "TLS >= 1.3 only", it puts more pressure on the already maxed out bridge line capacity. (I.e., there are two questions, implementation of the capability to restrict the TLS version in random fingerprints, and adding user interface controls or a default policy to make use of that feature.) cohosh suggests finding a working static fingerprint (randomized is our default configured fingerprint but a user can change the bridge line with a static one), and estimating the difficulty of adding a TLS version number restriction to see if it's worth pursuing. Snowflake library major version bump breaking changes e.g. in the messages package https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… want to make it look more like the client package in that directory https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… return structs intead of multiple returns, remove the need for "...WithRelayURL" duplicates of functions might be possible to keep compatibility by adding new functions alongside the old, and rewriting the old in terms of the new == Actions == == Interesting links == == Reading group == We will discuss "Fingerprint-resistant DTLS for usage in Snowflake" on Feb 5 https://www.petsymposium.org/foci/2025/foci-2025-0006.php Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out in hopes that others will pick it up? Next in the Reading Group Queue: == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2026-01-22 Last week: - wrote up proposal for increasing fairness and responsiveness in proxy distribution (snowflake#40507) - let broker inform proxies how often to poll (snowflake#25598) - reviews Next week: - research snowflake enumeration attacks (snowflake#40396) - implement proxy fairness proposal - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2026-01-22 Last week: - set up a champa server for Iran https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… Next week: - comment on cohosh's snowflake fairness proposal https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2026-01-15 Last week: - monitor Iran network blackout (censorship-analysis#40068) - write a proposal on how to handle censorship events https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/processes/ce… - start using matrix - merge obfs4-bridge docker CI so it generate images and publishes them (docker-obfs4-bridge!20) - clean up old issues Next week: - project reports Shelikhoo: 2026-01-22 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Write Report for 2025 Q4 - [Write up] Expore DNS tunneling options (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/173) - [MR] Update utls version with cherry-picked chrome120 fix (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - MR Review - Design experment for internet shutdown - Release new container release if necessary onyinyang: 2026-01-15 Last week(s): - Working on https distributor language selector - fixing some errors in the translated pages - does the translation work for bridges.torproject.org exist somewhere already? -Making it harder to inject a bridge to a specific client https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/257#note_3… - Added cronjob for gettor distributor Next week: - Continue Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed - Troubleshooting conjure not connecting in China - waiting for more information from conjure authors/maintainers Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2026-01-22 Last weeks: - MR: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Implementing DTLS 1.3 in pion Next weeks: - Implementing DTLS 1.3 in pion Help with: - Facilitator Queue: onyinyang shelikhoo meskio cohosh 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue

1 0

GitLab VM upgrade on Jan 27th 2026
by Zen Fu 21 Jan '26

21 Jan '26

Hello! This message is to inform that we'll upgrade the operating system of the VM that hosts Tor's GitLab next week, on Jan 27th 2026, starting around 17 utc. If all goes well, the process should take less than 2h, with some downtime during that period for service upgrades/restarts and system reboots. Thanks! -- Zen Fu

1 0

User Support report for December 2025
by ebanam 15 Jan '26

15 Jan '26

Hello everyone, This is the report from user support team for the month of December 2025. Note: (↑), (↓) and (-) are indicating if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively. - Summary of updates from user support - General user support - Farsi-speaking user support - Russian-speaking user support - Frontdesk (email user support channel) - Telegram, WhatsApp and Signal user support channels - Highlights from the Tor Forum - Highlights from Google Play Store # Summary of updates from user support ## General user support * 482 tickets in total (↑81 as compared to November) * 316 tickets on Email * 139 tickets on Telegram * 18 tickets on WhatsApp * 9 tickets on Signal ### Tor VPN beta * Across our various user support channels we received 33 tickets about Tor VPN beta, with some major topics being: - Users enquiring about WebTunnel support for Tor VPN. [WebTunnel bridges][] are now supported with the release Tor VPN Beta 4 and the Tor VPN user documentation was updated to reflect that. - Instructions to download and install Tor VPN beta. - Instructions to use the ['Kill Switch'][] on Tor VPN. - Users unable to connect to connect Tor VPN due to having [Private DNS][] configured. - Users unable to install [Tor VPN from Aurora Store][] on Android devices without Google Mobile Services (GMS). [WebTunnel bridges]:https://gitlab.torproject.org/tpo/applications/vpn/-/issues/411 ['Kill Switch']: https://support.torproject.org/tor-vpn/features/kill-switch/ [Private DNS]: https://gitlab.torproject.org/tpo/applications/vpn/-/issues/147 [Tor VPN from Aurora Store]: https://gitlab.torproject.org/tpo/applications/vpn/-/issues/395 ## Farsi-speaking user support * 29 tickets in total (↓1 as compared to November) * 6 tickets on Email * 23 tickets on Telegram ## Russian-speaking user support * 880 tickets in total (↓154 as compared to November) * 114 tickets on Email * 760 tickets on Telegram * 2 tickets on Signal * 4 tickets on WhatsApp ### Tor (and its PTs) is blocked during the "whitelisting" period Circumventing censorship during the "whitelisting" period in Russia is still not possible using Tor-powered tools. Users in Russia have been discussing this issue on the Tor Forum: https://forum.torproject.org/t/help-find-working-method-to-circumvent-inter…. Although [obfs4]() remains the most widely used pluggable transport in Russia, since July 2025, WebTunnel and Snowflake have seen increased usage as obfs4 is reported to be blocked by most of the mobile ISPs in Russia. [obfs4]: https://metrics.torproject.org/userstats-bridge-combined.html?start=2025-07… # Frontdesk (email user support channel) * 532(↑) RT tickets created * 436(↑) RT tickets resolved Tickets by topics and numbers: 1. 186(↓) tickets: instructions to circumvent censorship for Chinese speaking users. 2. 114(↑) tickets: circumventing censorship in Russian speaking countries. 3. 34(↑) tickets: help with troubleshooting existing Tor Browser install on Desktop (Windows, macOS and Linux). 4. 22(↑) tickets: questions, feedback and help with troubleshooting Tor VPN beta. 5. 10(↑) tickets: reports of websites blocking Tor connections or not performing well in Tor Browser. 6. 6(↓) tickets: circumventing censorship with Tor in Farsi. 7. 5(↑) tickets: instructions to download Tor Browser 13.5 legacy for legacy operating systems. 8. 6(↓) tickets: reports of fake apps on iOS AppStore masquerading as official Tor Browser and questions about which Tor app to install on iOS (i.e. Onion Browser or Orbot). 9. 8(↑) tickets: help with instructions to download, install or properly uninstalling Tor Browser. 10. 4(↑) tickets: help with getting started with Tor Browser and other general questions about the browser. 11. 3(↑) tickets: help with setting up Snowflake proxy. 12. 3(↑) tickets: question about onion services and how to access them. 13. 3(↑) tickets: users seeing a "proxy refused" error when visiting websites on Tor Browser for Android using Samsung devices. 14. 2(↑) tickets: [Unable to load websites][] after a fresh install / updating Tor Browser for Android. 15. 2(↑) tickets: queries about the internship programs that Tor is participating in. 16. 2(↑) tickets: [ExoneraTor][] giving incorrect messages. 17. 2(↑) tickets: Tor Browser on ChromeOS. 18. 1(-) ticket: help with installing little-t tor (the network daemon). 19. 1(↑) ticket: question about [Dark Mode][] in Tor Browser. 20. 1(↑) ticket: Bug report - [Snowflake WebExtension on Firefox][] needs a browser restart after the computer is put back on from hibernation 21. 1(↑) ticket: query about the Tab grouping feature on Tor Browser. 22. 1(↑) ticket: query about refreshing Tor Browser Developer's GPG keys to verify latest Tor Browser binary file. 23. 1(↑) ticket: question about the 'New Identity" feature in Tor Browser and how it works. 24. 1(↑) ticket: query about [importing and exporting bookmarks][] on Tor Browser for Android. 25. 1(↑) ticket: question about Canvas Fingerprinting protection in Tor Browser and how to disable it for a particular website. 26. 1(↑) ticket: instructions on how to get Tor Browser binaries from GetTor. [Unable to load websites]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/44398 [ExoneraTor]: https://gitlab.torproject.org/tpo/web/tpo/-/issues/520 [Dark Mode]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40337 [Snowflake WebExtension on Firefox]: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… [importing and exporting bookmarks]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/31617 # Telegram, WhatsApp and Signal user support channels * 955(↓) tickets resolved Breakdown: * 922(↓) tickets on Telegram * 11(↑) tickets on Signal * 22(↓) tickets on WhatsApp Tickets by topics and numbers: 1. 766(↓) tickets: circumventing censorship in Russian speaking countries. 2. 46(↑) tickets: instructions to circumvent censorship for Chinese speaking users. 3. 23(↓) tickets: [GetBridgesBot on Telegram freezes][], stops sending bridges and users have to clear chat history. 4. 23(-) tickets: circumventing censorship with Tor in Farsi. 5. 17(↑) tickets: help with troubleshooting existing Tor Browser install on Desktop (Windows, macOS and Linux). 6. 12(↓) tickets: helping users on iOS, using Onion Browser or Orbot, to use censorship circumvention methods. 7. 11(↓) tickets: questions, feedback and help with troubleshooting Tor VPN beta. 8. 9(↓) tickets: instructions on how to get Tor Browser binaries from GetTor. 9. 7(↑) tickets: help with troubleshooting existing Tor Browser install on Android. 10. 3(↑) tickets: users seeing a "proxy refused" error when visiting websites on Tor Browser for Android using Samsung devices. 11. 3(↑) tickets: help with installing Tor Browser on Desktop on Linux. 12. 3(↑) tickets: instructions to download Tor Browser 13.5 legacy for legacy operating systems. 13. 2(-) tickets: questions about onion services and how to access them. 14. 2(↑) tickets: help with using Snowflake with Tor to circumvent censorship. 15. 2(↓) tickets: help with configuring bridges to use with little-t tor (the network daemon). 16. 1(↓) ticket: help with instructions to use bridges with Orbot on Android. 17. 1(-) ticket: instructions to use WebTunnel bridges with Tor Browser. 18. 1(↑) ticket: instructions to use manually obtained bridges with Tor Browser. [GetBridgesBot on Telegram freezes]: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/286 # Highlights from the Tor Forum * [Troubleshooting Tor Browser on Windows 11][]. * [Tor Browser and uBlock Origin][]. [Troubleshooting Tor Browser on Windows 11]: https://forum.torproject.org/t/problem-to-use-tor-browser-on-windows-11/209… [Tor Browser and uBlock Origin]: https://forum.torproject.org/t/why-doesnt-tor-browser-ship-with-ublock-orig… # Highlights from Google Play Store * Tor Browser for Android (TBA) had a Google Play rating of 4.389 (↓0.006) stars in December, which is lower as compared to in November. * Tor Browser for Android (TBA) got 655 (↓36) new reviews. The total count of reviews for the app stands at 66,887. * Tor Browser for Android Alpha (TBA Alpha) app had a rating of 4.139 (↓0.043) in December which is lower as compared to in November. * In November, Tor Browser for Android Alpha (TBA Alpha) got 50 (↑21) new reviews. The total count of reviews for the app stands at 8,746. * Tor VPN beta was installed almost 38200 times by the end of December. The top 5 countries by the number of installations being (in descending order): Iran, India, United States, Russia, and France. * For Tor Browser, quite similar to last month, the main issues highlighted by the users in their comments and reviews were: - internet censorship in Russia and users looking for ways to bypass it. - Tor Browser for Android being slow to browse. - Tor Browser failing in the background with a "Proxy server refused connection" error while browsing. This bug has been particularly affecting users with Samsung Android devices. Thanks! -- ebanam

1 0

Anti-censorship team meeting notes, 2026-01-15
by meskio 15 Jan '26

15 Jan '26

Hey everyone! Here are our meeting logs: https://meetbot.debian.net/tor-meeting/2026/tor-meeting.2026-01-15-16.00.ht… And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, January 22 16:00 UTC Facilitator: onyinyang ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == * Add rate limiting back to broker for just /proxy endpoint for now * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * there is not ratelimit now, as it was creating client timeout errors * the proposal is to bring it only for /proxy as /client is trickier to do * we agree on adding the rate limit * Conjure test network * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… * since december is down to save electricity * will stay down until we need it, wich will take months == Actions == * == Interesting links == * == Reading group == * We will discuss "Fingerprint-resistant DTLS for usage in Snowflake" on Feb 5 * https://www.petsymposium.org/foci/2025/foci-2025-0006.php * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? * Next in the Reading Group Queue: * == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2026-01-15 Last week: - Implemented bridge reachability checks for proxies (snowflake#40504) - Commented on https://github.com/tladesignz/IPtProxy/issues/75 - Fixed Conjure pipeline image URLs - Looked at adding rate-limiting back to the broker (snowflake#40506) - talked to UCSC researchers about enumeration attacks and defences Next week: - research snowflake enumeration attacks (snowflake#40396) - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2026-01-15 Last week: - looked up some history of snowflake proxy preliminary reachability checks https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2026-01-15 Last week: - monitor Iran network blackout (censorship-analysis#40068) - write a proposal on how to handle censorship events https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/processes/ce… - start using matrix - merge obfs4-bridge docker CI so it generate images and publishes them (docker-obfs4-bridge!20) - clean up old issues Next week: - project reports Shelikhoo: 2026-01-08 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - [Merge] Add automated binary release support (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - [Deploy] Cherry-pick utls chrome120 fingerprint fix ( https://gitlab.torproject.org/shelikhoo/utls-temporary/-/tree/dev-backport-… ) - Snowflake MR for utls chrome120 fingerprint fix - Lyrebird MR for utls chrome120 fingerprint fix - Lyrebird 0.8.1 Release Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - Write Report for 2025 Q4 - Design experment for internet shutdown - Release new container release if necessary onyinyang: 2026-01-15 Last week(s): - Working on https distributor language selector - fixing some errors in the translated pages - does the translation work for bridges.torproject.org exist somewhere already? -Making it harder to inject a bridge to a specific client https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/257#note_3… - Added cronjob for gettor distributor Next week: - Continue Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed - Troubleshooting conjure not connecting in China - waiting for more information from conjure authors/maintainers Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2026-01-15 Last weeks: - MR: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Implementing DTLS 1.3 in pion Next weeks: - Implementing DTLS 1.3 in pion Help with: - Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

Usability tests of Conflux circuit display
by sajolida 14 Jan '26

14 Jan '26

Hi, In October, we did some usability tests of the display of Conflux diagrams in Tor Browser, based on Figma prototypes. I'm sending here the summary of the findings, if anybody wants to have a look. More details on: https://gitlab.torproject.org/tpo/ux/research/-/issues/168 -- sajolida The Tor Project — UX Designer

1 0

minutes from the sysadmins
by Antoine Beaupré 13 Jan '26

13 Jan '26

Here's your first blend of the year! # Roll call: who's there and emergencies @zen is AFK, otherwise everyone is there: anarcat, groente, lavamind and lelutin. We do have an emergency and had to spend a bit of the meeting discussing next steps on how to fix the new backup server that has ran out of disk space again, eating 4TB over the weekend. See issue [tpo/tpa/team#42446](https://gitlab.torproject.org/tpo/tpa/team/-/issues/424…. # Normal check in We did our normal full-length per person check-in. # Roadmap discussion We discussed the [2026 roadmap](https://gitlab.torproject.org/groups/tpo/tpa/-/epics/2). The situation with the roadmap is a bit unclear as some other stakeholders have brought up concerns that they wanted to have input in the roadmap and couldn't quite figure out a way to bring it up. For background, TPA has been doing [roadmaps since 2020](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/roadmap). Between 2020 and 2023, proposals were done informally, in wiki pages, but in 2024, RFCs were used for the [2024 roadmap](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-… and the [tails merge roadmap](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-…. In 2025, a more informal approach was again taken because [comments on the 2024 roadmap seemed to indicate no approval was necessary](https://gitlab.torproject.org/tpo/tpa/team/-/issues/41436#note_2…. Before end of 2025, the 2026 roadmap was first put on hold, but the [STF grant](https://gitlab.torproject.org/tpo/operations/proposals/-/issues/70) was submitted around that time which solidified some projects (like self-hosting email) which were challenged in the original roadmap. According to Isabela, if the grant is approved, then all the projects in the grant will be considered approved. For other projects, we are to continue with the roadmap until further notice. For self-hosted email, even if the grant doesn't automatically approve the work, we can still prepare a narrative and argument for (or against!) it, as basis for discussion if the grant doesn't go through. There's a web meeting tomorrow, where the roadmap will be discussed, alongside long-standing, stalled issues that we need to move ahead on. @lavamind will send a reminder about this. @anarcat will discuss the roadmap with @nadya at their check-in tomorrow as well. For now we keep working on the work as planned, but we might have an amended roadmap to discuss at our next meeting, in February. # Next meeting In 3 weeks, on February 2nd. # Metrics of the month * host count: 98, LDAP 143 (!), Puppet 137 (!) * number of Apache servers monitored: 32, hits per second: 696 * number of self-hosted nameservers: 6, mail servers: 12 * pending upgrades: 0, reboots: 97 * average load: 0.84, memory available: 4.7 TB/7.2 TB, running processes: 192 * disk free/total: 85.3 TB/230.2 TB * bytes sent: 421.7 MB/s, received: 257.7 MB/s * [GitLab tickets][]: 252 tickets including... * open: 0 * ~Roadmap::Icebox: 123 * ~Roadmap::Future: 38 * ~Needs Information: 3 * ~Roadmap::Backlog: 52 * ~Roadmap::Next: 20 * ~Roadmap::Doing: 8 * ~Needs Review: 8 * (closed: 4347) * [~Technical Debt][]: 11 open, 41 closed [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards [~Technical Debt]: https://gitlab.torproject.org/groups/tpo/tpa/-/issues/?state=opened&label_n… Upgrade prediction graph lives at https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/trixie/ -- Antoine Beaupré torproject.org system administration

1 0

Anti-censorship team meeting notes, 2026-01-08
by Shelikhoo 08 Jan '26

08 Jan '26

Hey everyone! Here are our meeting logs: https://meetbot.debian.net/tor-meeting/2026/tor-meeting.2026-01-08-16.01.ht… And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, January 15 16:00 UTC Facilitator: meskio ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator:shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == * Relay connect tests / feedback if proxies cannot reach the Snowflake bridge * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… == Actions == * == Interesting links == * https://filter.watch/english/2026/01/05/network-monitorig-december-2025-int… * https://opencollective.com/censorship-circumvention/projects/snowflake-dail… * €4,129.50 for snowflake-01 bandwidth in 2025 https://opencollective.com/censorship-circumvention/projects/snowflake-dail… == Reading group == * We will discuss "CenPush: Blocking-Resistant Control Channel Using Push * Notifications" on January 8th, 2026 * https://petsymposium.org/popets/2025/popets-2025-0153.pdf * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? * Next in the Reading Group Queue: * Fingerprint-resistant DTLS for usage in Snowflake: https://www.petsymposium.org/foci/2025/foci-2025-0006.php == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2026-01-08 Last week: - Finished moving to TPO AWS account for SQS (snowflake#40498) - deployed new Snowflake broker with multiple SQS queues - updated snowflake sqs bridge lines in circumvention settings (rdsys-admin!45) - Refrain from logging SQS cleanup error (snowflake!654) - Updated SQS costs - Completed proxy churn experiment analysis (snowflake#40494) - Successfully tested new Conjure bridge line - Opened an issue about proxy-bridge reachability checks - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - research snowflake enumeration attacks (snowflake#40396) - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2026-01-08 Last week: - archived snowflake-webext 0.9.8 https://archive.org/details/snowflake-webextension-0.9.8 Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2025-12-11 Last week: - make an alert for failing builtin bridges (team#141) - merge multi-domain meek and coordinate with TB to update it (lyrebird!142) - investigate gettor email issues (rdsys#290) - prepare grant Next week: - make gettor email reply Shelikhoo: 2026-01-08 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - [MR]Update WatchTower URL for WebTunnel (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) - [Invesgate] Invesage Report about utls randomlized fingerprint interference with tls1.3 (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/171) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - [Merge] Add automated binary release support (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) onyinyang: 2026-01-08 Last week(s): - Break - Closed #129 with regular cronjob to restart the distributor - Moving to go-imap v2 is on hold until the library is more stable Next week: - Continue Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed - Troubleshooting conjure not connecting in China - waiting for more information from conjure authors/maintainers Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2026-01-08 Last weeks: - MR: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Implementing DTLS 1.3 in pion Next weeks: - Implementing DTLS 1.3 in pion Help with: - Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue

1 0

sajolida's report for September 2025
by sajolida 18 Dec '25

18 Dec '25

Tails ===== Project 165 ----------- - Fixed all the less critical updates to our website for Tails 7.0: screenshots, style, advanced topics, etc.. (#20203) Overall, we applied more than 60 updates to our website and identified 10 other issues that were not triggered by Tails 7.0. - Wrote the lengthy release notes for Tails 7.0. (#21046) https://tails.net/news/version_7.0/ - Interviewed Joshua, an IT specialist who uses Tails both at work and at home. Despite Joshua not matching our personas, we learned a couple of interesting things. https://tails.net/contribute/how/user_experience/interviews/joshua/ - Updated the version of balenaEtcher and Rufus on our website. (#20989) Misc ---- - Made plans with intrigeri to migrate the homepage of Tor Browser in Tails to about:tor in time for the Year End Campaign. (#21003) - Removed the sponsors page from our website and tore down the infrastructure that we had to send newsletter to donors. * https://gitlab.torproject.org/tpo/team/-/work_items/399 * https://gitlab.torproject.org/tpo/team/-/work_items/382 Other Tor products ================== Tor Browser ----------- - Started preparing usability tests on the display of multi-path circuits (aka. Conflux) in Tor Browser Android and desktop. https://gitlab.torproject.org/tpo/ux/research/-/issues/168 Tor VPN ------- - Tested Tor VPN 1.0.0 Beta against the usability issues identified in August 2024 and reported 4 issues: * Connects despite being configured to use a bogus bridge https://gitlab.torproject.org/tpo/applications/vpn/-/issues/378 * Tapping on the circuit icon doesn't open the circuit view https://gitlab.torproject.org/tpo/applications/vpn/-/issues/379 * "No internet" displays network activity and app protection widgets on Internet deconnection https://gitlab.torproject.org/tpo/applications/vpn/-/issues/380 * Disable "Exit location" in "Configure" screen instead of hiding it when disconnected https://gitlab.torproject.org/tpo/applications/vpn/-/issues/382 -- sajolida The Tor Project — UX Designer

1 3

Anti-censorship team meeting notes, 2025-12-18
by onyinyang 18 Dec '25

18 Dec '25

Hey everyone! Here are our meeting logs: https://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-12-18-16.00.ht… And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, January 8 16:00 UTC Facilitator: shelikhoo ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator:onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * No meetings Dec 25 and Jan 1, we'll be AFK for the Tor's year end break == Discussion == == Actions == * == Interesting links == * == Reading group == * We will discuss "CenPush: Blocking-Resistant Control Channel Using Push * Notifications" on January 8th, 2026 * https://petsymposium.org/popets/2025/popets-2025-0153.pdf * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? * Next in the Reading Group Queue: * Fingerprint-resistant DTLS for usage in Snowflake: https://www.petsymposium.org/foci/2025/foci-2025-0006.php == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-12-18 Last week: - reviewed snowflake-webext patch to show snowflake status in icon for mv3 (snowflake-webext!97) - released snowflake-webext v0.9.8 - worked on proxy enumeration Next week: - research snowflake enumeration attacks (snowflake#40396) - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-12-18 Last week: Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2025-12-11 Last week: - make an alert for failing builtin bridges (team#141) - merge multi-domain meek and coordinate with TB to update it (lyrebird!142) - investigate gettor email issues (rdsys#290) - prepare grant Next week: - make gettor email reply Shelikhoo: 2025-12-18 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - [Review]Add covert-dtls to proxy and client (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Setup Staging Environment - Create Binary Release for snowflake(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-trans… -> https://gitlab.torproject.org/shelikhoo/testing_rz25wufuh4evo7uo1k7ts6qy657… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - [Review]Add covert-dtls to proxy and client (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Create Binary Release for snowflake onyinyang: 2025-12-18 Last week(s): - Splintercon Paris - - Presented on Signaling Channels - Monitoring email profiler for rdsys #129 - Attempting to move to go-imap v2 or moving to a new library Next week: - Tor winter break for 2 weeks Then: - Continue Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed - Troubleshooting conjure not connecting in China - waiting for more information from conjure authors/maintainers Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-12-1 Last weeks: - MR: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next weeks: - Implementing DTLS 1.3 in pion Help with: - Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

getting ready for the TPA holidays
by Antoine Beaupré 15 Dec '25

15 Dec '25

Hi! Like other teams, TPA has been getting ready for the holidays! As usual, we'll be ensuring minimal rotation during the TPI holidays, to deal with emergencies. The plan is to have someone checking on systems once in a while during the holidays so, basically, "How to report issues" doesn't change, see: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/support If you're curious, you can see who's on rotation in the "TPA rotations" calendar that should be shared with the TPI group in Nextcloud. I typically send this email long before the holidays to give people a last chance to ask us for last minute changes before we go. I didn't get time to send that email this time around, so it's pretty much too late for that now... Sorry! We haven't been able to merge our monitoring systems with Tails in 2025 as we had planned, so we still have two rotation teams for this holiday, but it will hopefully be the last! In any case, hopefully you won't need us, and we'll all have a quiet holiday, but we're around in case trouble hits. Have a good holiday and best of health to everyone in 2026. A. -- Antoine Beaupré torproject.org system administration

1 0