- tor-project - lists.torproject.org

Anti-censorship team meeting notes, 2025-10-23
by Shelikhoo 23 Oct '25

23 Oct '25

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-10-23-16.01.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, October 23 16:00 UTC Facilitator:meskio ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator:shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == This week: * CDN77 new domains? * there are few prospect domains that work in all our vantage points * we plan on selecting a couple and move back snowflake to those domains * SQS costs are considerable but not imposible, we might be able to enable it in more places * https://lists.torproject.org/mailman3/hyperkitty/list/anti-censorship-team@… * Proposal: repeat proxy churn measurement at broker, but one for each pool this time * should we auto enable utls-authority? * continued from last week about making sni imitation easier to configure * it make easier to configure * will make servername means differerent thing, depending on whether utls is used == Actions == * Remove webtunnel setuid script in 1 weeks.(decrease this by one every week) == Interesting links == * https://github.com/EndPositive/slipstream * DNS tunnel, like dnstt, but using QUIC as the session protocol. The better congestion control of QUIC proves to be important in performance. * https://endpositive.github.io/slipstream/protocol.html * https://geedge-docs.haruue.com/geedge_docs/OM/attachments/129101971_attachm… * *orbot.app, *phpmyadmin.net, *cdn77.com FQDN patterns in a Geedge Networks file * https://github.com/net4people/bbs/issues/519#issuecomment-3417659641 * https://geedge-docs.haruue.com/mesalab_docs/study/attachments/27716171_atta… * 1h44m screenshare video presentation about Tor and hidden services (Chinese text and audio). == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-10-23 Last week: - discussed potential conjure blocking - researched snowflake enumeration attacks (snowflake#40396) - commented on spike in snowflake client polls (snowflake#40493) - updated snowflake builtin bridge line with new cdn77 fronts (tor-browser-build!1333) Next week: - research snowflake enumeration attacks (snowflake#40396) - watch and follow up on Moat and Connect Assist metrics with new netlify front - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-10-23 Last week: - fixed a bug with snowflake-graphs client-match overcounting by a factor of 2 https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/4 - restarted the snowflake broker for a VPS provider migration https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - refactoring towards fixing minor snowflake-graphs coverage bug https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/3 Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2024-10-23 Last week: - SOTO preparation - grant planning - multi-front support in meek (lyrebird#40027) - look into snowflake bursts of requests (snowflake#40493) - lyrebird use go 1.22 in the CI Next week: - preparing SOTO presentation Shelikhoo: 2024-10-23 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - collect vantage point test result for fronting domains - SOTO script - merge request reviews Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - SOTO script onyinyang: 2025-10-23 Last week(s): - Troubleshooting conjure not connecting in China - updating the fronts led to different connection issues, looking into these in more detail - differing results connecting to conjure locally vs. from vantage point - investigating issues with the conjure authors/maintainers - Monitoring email profiler for rdsys #129 - Monitoring rdsys #rdsys #249 - Working on talk proposal for Splintercon + Presentation at York University Next week: - Continue troubleshooting conjure not connecting in China - Finish up debugging rdsys#129 and rdsys#249 hopefully (take 3? 4?) - Continue looking into bridgestrap#47 - Submit talk proposal for splintercon/present at York Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: meskio onyinyang shelikhoo 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue

1 1

Anti-censorship team meeting notes, 2025-10-16
by onyinyang 16 Oct '25

16 Oct '25

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-10-16-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, October 23 16:00 UTC Facilitator:shelikhoo ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator:onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == This week: * CDN77 new domains? * there are few prospect domains that work in all our vantage points * we plan on selecting a couple and move back snowflake to those domains * SQS costs are considerable but not imposible, we might be able to enable it in more places * https://lists.torproject.org/mailman3/hyperkitty/list/anti-censorship-team@… == Actions == * Remove webtunnel setuid script in 2 weeks.(decrease this by one every week) == Interesting links == == Reading group == * We will discuss "The Internet Coup" on October 23rd * https://interseclab.org/wp-content/uploads/2025/09/The-Internet-Coup_Septem… * Particularly relevant sections: "Blocking online privacy and circumvention tools" section of InterSecLab report on Geedge Networks, mentions Tor, Snowflake, WebTunnel * Notes: https://github.com/net4people/bbs/issues/519#issuecomment-3282101626 * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-10-16 Last week: - helped with rdsys profiling - reviews and todos - worked on shadow experiments of enumeration attacks and defences - did some SQS rendezvous cost analysis - https://lists.torproject.org/mailman3/hyperkitty/list/anti-censorship-team@… Next week: - research snowflake enumeration attacks (snowflake#40396) - watch and follow up on Moat and Connect Assist metrics with new netlify front - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-10-16 Last week: Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2024-10-16 Last week: - SOTO preparation - grant planning - P146 report - lyrebird CI using go 1.22 - issues triaging & merge reviews Next week: - preparing SOTO presentation Shelikhoo: 2024-10-16 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - SOTO script - backporting utls patch - updating lyrebird with patch - [MR] Update lyrebird version to v0.6.2: uTLS fix for chrome fingerprint imitation (https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re…) - [MR] Use updated utls fork with aes grease fix to avoid detection of utls when chrome fingerprint is used (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre…) - [MR] Always use hostname in url for http host header in webtunnel transport (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre…) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - SOTO script - collect vantage point test result for fronting domains onyinyang: 2025-10-16 Last week(s): - Troubleshooting conjure not connecting in China - updating the fronts led to different connection issues, looking into these in more detail - Deployed profiler to email distributor - Looking into GetBridgesBot freezes and stops sending bridgeshttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/286 Next week: - Continue troubleshooting conjure not connecting in China - Finish up debugging rdsys#129 and rdsys#249 hopefully (take 3? 4?) - Continue looking into bridgestrap#47 - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Switch back to some of these: As time allows: Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

User support report for September 2025
by ebanam 14 Oct '25

14 Oct '25

Hello everyone, This is the report from user support team for the month of September. Note: (↑), (↓) and (-) are indicating if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively. - Summary of updates from user support - Farsi-speaking user support - Russian-speaking user support - General user support - Frontdesk (email user support channel) - Telegram, WhatsApp and Signal user support channels - Topics from the Tor Forum - Highlights from Google Play Store # Summary of updates from user support * With the release of Tor VPN Beta, we have received number of questions on how to get started testing the app, signing up for the beta through Play Store, questions and feedback about the app as well as help with troubleshooting on the Tor Forum [1] and other support channels. We are keeping track of these requests and feedback on our bug tracker.[2] * Last month, we answered a significant number of support requests for WebTunnel bridges. For some context, newer Telegram accounts were unable to request these bridges directly from our Telegram Bridge Distributor (@GetBridgesBot) and were therefore encouraged to contact us on our support channels. With the Telegram distributor now sharing WebTunnel bridges with all Telegram users [3], we are noticing a big drop in such requests in October. A big shoutout to onyinyang for implementing these changes to the Telegram Bridge Distributor! ## Farsi-speaking user support * 88 tickets in total (↓3 as compared to August) * 83 tickets on Telegram * 5 tickets on Email ## Russian-speaking user support * 2045 tickets in total (↓234 as compared to August) * 1883 tickets on Telegram * 160 tickets on Email * 2 tickets on Signal * In recent months, we've noticed that among the group of Russian-speaking users, we're now also receiving bridge requests every month from users in Belarus. Although the Tor usage in the country on Tor Metrics appears normal, we don't know whether some parts of Tor are being blocked there, and further investigation into possible Tor censorship in the country is needed. * On the Tor Forum, Russian users pointed out a new 'whitelisting' method being implemented in the country and how Tor is unable to connect during the 'curfew' hours.[4] ## General user support * 927 tickets in total (↓159 as compared to August) * 504 tickets on Email * 405 tickets on Telegram * 18 tickets on Signal * Bridges with WebTunnel pluggable transport working most reliably for users in China, we received a number of tickets with queries on how to obtain such bridges and how to use them in Tor Browser and Tails. That's it for the summary, following is a more detailed report about the tickets our user support team worked on last month. # Frontdesk (email user support channel) * 605(↓) RT tickets created * 669(↑) RT tickets resolved Tickets by topics and numbers: 1. 309(↓) tickets: instructions to circumvent censorship for Chinese speaking users. 2. 160(↓) tickets: circumventing censorship in Russian speaking countries. 3. 54(↑) tickets: help with troubleshooting existing Tor Browser install on Desktop (Windows, macOS and Linux). 4. 15(↑) tickets: questions, feedback and help with troubleshooting Tor VPN beta. 5. 7(↑) tickets: questions about which Tor app to install on iOS (i.e. Onion Browser or Orbot). 6. 5(↑) tickets: circumventing censorship with Tor in Farsi. 7. 3(↓) tickets: help with troubleshooting existing Tor Browser install on Android. 8. 3(↑) tickets: help with instructions to download, install or properly uninstalling Tor Browser. 9. 3(↑) tickets: reports of websites blocking Tor connections or not performing well in Tor Browser. 10. 3(↑) tickets: reports of email bridge distributor (bridges(a)torproject.org) not responding. The issue is resolved. 11. 3(↑) tickets: reports of DuckDuckGo's HTML page and search results displayed incorrectly on Safest security level.[5] 12. 2(-) tickets: question about onion services and how to access them. 13. 2(↑) tickets: reports of fake apps on iOS AppStore masquerading as official Tor Browser. 14. 2(↑) tickets: users seeing a "proxy refused" error when visiting websites on Tor Browser for Android using Samsung devices. 15. 2(↑) tickets: question about changes to the Security level settings on latest versions of Tor Browser. The browser prompts a restart when changing the Security Level for changes to properly take effect. 16. 2(↑) tickets: instructions to download Tor Browser 13.5 legacy for legacy operating systems. 17. 2(↑) tickets: question about installing extensions and add-ons on Tor Browser. 18. 1(-) ticket: help with installing Tor Browser on Desktop on Linux. 19. 1(↑) ticket: help with verifying Tor Browser's GPG signature. 20. 1(↑) ticket: report of Tor Browser conflicting with anti-virus installed on users' device. (It was a false alarm and the issue is resolved). 21. 1(↑) ticket: question on how DNS resolution works when using Tor (Browser). 22. 1(↑) ticket: help with setting up a Tor relay. # Telegram, WhatsApp and Signal user support channels * 2391(↓) tickets resolved Breakdown: * 2371(↓) tickets on Telegram * 20(↑) tickets on Signal * No tickets on WhatsApp Tickets by topics and numbers: 1. 1885(↓) tickets: circumventing censorship in Russian speaking countries. 2. 155(↓) tickets: WebTunnel bridge requests from users with newer Telegram accounts and unable to receive one from the @GetBridgesBot on Telegram. 3. 202(↓) tickets: instructions to circumvent censorship for Chinese speaking users. Note: There is a significant overlap in the WebTunnel bridge request tickets on our support channels and support requests from Russian and Chinese speaking users. 4. 83(↓) tickets: circumventing censorship with Tor in Farsi. 5. 36(↑) tickets: instructions to use WebTunnel bridges with Tor Browser. 6. 22(↑) tickets: questions, feedback and help with troubleshooting Tor VPN beta. 7. 20(↓) tickets: helping users on iOS, using Onion Browser or Orbot, to use censorship circumvention methods. 8. 12(↑) tickets: help with instructions to troubleshoot Tails operating system. 9. 7(↓) tickets: instructions on how to get Tor Browser binaries from GetTor. 10. 5(↑) tickets: questions about onion services and how to access them. 11. 10(↓) tickets: help with troubleshooting Tor Browser Desktop on Windows, macOS and Linux. 12. 4(↓) tickets: help with using Snowflake with Tor to circumvent censorship. 13. 3(↓) tickets: users seeing a "proxy refused" error when visiting websites on Tor Browser for Android using Samsung devices. 14. 3(↑) tickets: help with installing Tor Browser on Desktop on Linux. 15. 3(↓) tickets: help with troubleshooting Tor Browser Android. 16. 2(↓) tickets: help with instructions to use bridges with Orbot on Android. 17. 2(↑) tickets: instructions to download Tor Browser 13.5 legacy for legacy operating systems. 18. 2(↑) tickets: help with troublehsooting tor, the network daemon, aka little-t tor. 19. 1(↓) ticket: instructions to verify Tor Browser's GPG signature. 20. 1(↑) ticket: reports of DuckDuckGo's HTML page and search results displayed incorrectly on Safest security level. 21. 1(↑) ticket: can't install Tor Browser for macOS when downloading the dmg file from Telegram GetTor.[6] # Topics from the Tor Forum * Help us test the new Tor User Support Portal.[7] Highlighting some other discussion topics and, in general, frequently asked questions on our support forums: * Should I set Tor Browser as my default browser? [8] * Tor support and discussion channel.[9] * Images uploaded on Tor Browser (Desktop and Android) are randomized for Canvas Fingerprinting protection.[10] # Highlights from Google Play Store * Tor Browser for Android (TBA) had a Google Play rating of 4.4 (↑0.008) stars in September, which is higher as compared to in August. * In September, Tor Browser for Android (TBA) got 724 (↓46) new reviews. The total count of reviews for the app stands at 65,186. * Tor Browser for Android Alpha (TBA Alpha) app had a rating of 4.196 (↑0.016) in September, which is higher as compared to in August. * In September, Tor Browser for Android Alpha (TBA Alpha) got 32 (↑2) new reviews. The total count of reviews for the app stands at 8,671. * The major concern that Tor Browser users express in the comments is regarding the browsing speed. This issue is currently under investigation [11]. * Also there are many comments from users in regions where Tor is censored and whenever possible, we are encouraging users to reach out to our support channels directly. Thanks! -- ebanam [1]: https://forum.torproject.org/tag/torvpn-beta [2]: https://gitlab.torproject.org/tpo/community/support/-/issues/40225 [3]: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/589 [4]: https://forum.torproject.org/t/help-find-working-method-to-circumvent-inter… [5]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/44239 [6]: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [7]: https://forum.torproject.org/t/tor-project-soft-release-help-us-test-the-ne… [8]: https://forum.torproject.org/t/tor-browser-as-default-browser/20580 [9]: https://forum.torproject.org/t/tor-users-chats/20569 [10]: https://forum.torproject.org/t/why-cant-i-upload-images-using-the-tbb/20525 [11]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43841

2 1

Anti-censorship team meeting notes, 2025-10-09
by meskio 09 Oct '25

09 Oct '25

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-10-09-16.00.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, October 16 16:00 UTC Facilitator:onyinyang ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == * Reported blocking of www.cdn77.com by SNI, blocking of STUN servers in Russia, 2025-09-21 * https://github.com/net4people/bbs/issues/422#issuecomment-3316062302 * "I've noticed that stun protocol was blocked from mid-summer till today (it worked in June last time when I've used public stun to punch through NAT). Seems that only stun to public stun servers like stun.l.google.com, stun.bethesda.net were affected. Stun between webtunnel client and other webtunnel peer is not affected as can be seen in attached captures below. The only stun server that was accessible all that time was stun.rtc.yandex.net (of all the gists and lists of public stun servers I could find)." * "Had to change front though ... where <...> is another website using cdn77 I know. www.cdn77.com is blocked by SNI (session freezes after client hello), and www.phpmyadmin.net, though it doesn't cause hetzner to be blocked anymore, might cause stricter filtering or other side-effects." * We've been testing netlify in the alpha channel of Tor Browser, maybe it is time to use it in stable. * cdn77 domain fronts are already known to be blocked in China * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/168 * meskio has a list of cdn77 domain names. * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/168#note_32… * Could prioritize adding multiple builting snowflake bridge options * https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43842 * onyinyang will make a forum post with workarounds * CDN77 blocking (new oct 09) * suspected blocking of phpmyadmin.net in Belarus: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… * Tor Browser 14.5.8 shipped on October 7 and 15.0 is expected to ship at the end of October * Snowflake builtin bridge line now uses netlify: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… * Moat and Connect Assist should use netlify settings in stable now: https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… * Netlify has limits on total data transfer and number of requests * we plan to keep using netlify for moat * next week we'll have tests results on what domain names work for CDN77 and switch snowflake to use one of them * the post on the forum is life * https://forum.torproject.org/t/snowflake-and-conjure-inaccessible-due-to-cn… * maintain go 1.22 in PT clients * https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… * shelikhoo has been backporting security patches * we need to bring 1.22 back to the snowflake CI for the client * let's use 1.22 in lyrebird's CI * Decide whether to simplify webtunnel setting for sni imitation use case * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre… == Actions == * Remove webtunnel setuid script in 2 weeks.(decrease this by one every week) == Interesting links == * Mention of snowflake SNIs in the galaxy/platform/galaxy-qgw-service repo of MESA Git. The filenames include "E21" which is Ethiopia. * https://geedge-git.haruue.com/mesalab_git/galaxy/platform/galaxy-qgw-servic… E21-SNI-Top120W-20221020.txt snowflake-broker.freehaven.net 903971 110 snowflake-broker.torproject.net 8667377 55 snowflake-broker.bamsoftware.com 1611029 49 snowflake.torproject.net 105990565 16 snowflake.freehaven.net 24545 6 E21-SNI-Top200w.txt snowflake-broker.bamsoftware.com 14468 snowflake-broker.torproject.net 50 snowflake.bamsoftware.com 8 * https://geedge-git.haruue.com/mesalab_git/galaxy/platform/galaxy-qgw-servic… * "Galaxy SQL, the unified query gateway, is built with Spring Boot 2.0 technology. It provides interactive SQL analysis and routine scheduling windows, supports streaming and batch jobs, and makes it easier to write and submit ETL programs and efficiently execute big data computations, aiming to make big data processing easier." * Mention of torproject.net domain names in tango/maat/test/tsgrule/TSG_OBJ_FQDN.E21. TSG is Tiangou Secure Gateway, E21 is Ethiopia, Maat is a rules matching engine. * https://geedge-git.haruue.com/mesalab_git/tango/maat.git/tree/test/tsgrule?… 592177551 151465 .snowflake-broker.torproject.net 0 1 0 1 1683275236000000 0 key=592177551 592561443 151465 .snowflake.torproject.net 0 1 0 1 1683275236000000 0 key=592561443 592691531 151465 .forum.torproject.net 0 1 0 1 1683275236000000 0 key=592691531 594169529 151469 snowflake-broker.torproject.net 0 3 0 1 1683276253000000 0 key=594169529 594553421 151469 snowflake.torproject.net 0 3 0 1 1683276253000000 0 key=594553421 594683509 151469 forum.torproject.net 0 3 0 1 1683276253000000 0 key=594683509 * You can decode the microsecond timestamps like so: $ date -u --iso=sec --date=@1683275236 2023-05-05T08:27:16+00:00 * https://filter.watch/english/2025/10/02/irans-stealth-blackout-a-multi-stak… * https://filter.watch/wp-content/uploads/sites/2/2025/10/Click-here-to-read-… * Discussion of Tor starting on PDF page 23 == Reading group == * We will discuss "The Internet Coup" on October 23rd * https://interseclab.org/wp-content/uploads/2025/09/The-Internet-Coup_Septem… * Particularly relevant sections: "Blocking online privacy and circumvention tools" section of InterSecLab report on Geedge Networks, mentions Tor, Snowflake, WebTunnel * Notes: https://github.com/net4people/bbs/issues/519#issuecomment-3282101626 * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-10-09 Last week: - updated snowflake builtin bridge line in Tor Browser (tor-browser-build#41574) - followed up with applications team about Moat and Connect Assist settings in the stable release - commented on increase of tickets in Belarus (censorship-analysis#40067) - researched snowflake enumeration attacks (snowflake#40396) - released and deployed version 0.9.7 Next week: - research snowflake enumeration attacks (snowflake#40396) - watch and follow up on Moat and Connect Assist metrics with new netlify front - follow up on snowflake rendezvous failures (snowflake#40447) - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-10-09 Last week: Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2024-10-09 Last week: - SOTO preparation - grant planning - finding CDN77 domain fronts (team#168) - remove backend deadlock (rdsys!597) - investigate Telegram distributor silence (rdsys#286) Next week: - P146 report Shelikhoo: 2024-10-09 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Published Snowflake UDP mode test post: https://forum.torproject.org/t/invitation-to-test-snowflake-unreliable-tran… - vantage point maintaince - deploy new vantage point version with fixed performance - [MR]Always use hostname in url for http host header in webtunnel transport. (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre…) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - SOTO script - collect vantage point test result for fronting domains onyinyang: 2025-10-02 Last week(s): - Deployed updated telegram distributor distributing a proportion of webtunnel bridges to telegram users with new accounts https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/283 - Managed some hiccups in the updated deployment - Wrote profiling patch for rdsys: kraken and email - Looked into conjure issue from China: fronts we are using appear to be blocked Next week: - Troubleshoot conjure not connecting in China - Finish up debugging rdsys#129 and rdsys#249 hopefully - Continue looking into bridgestrap#47 - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Switch back to some of these: As time allows: Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

minutes from the sysadmins
by Antoine Beaupré 07 Oct '25

07 Oct '25

# Roll call: who's there and emergencies all folks on the team present # Normal check-in Went through the normal per person check-in. # Roadmap review (Q4) postponed to next week # Other discussions ## incident response proposal feedback: - good to have procedure, nice that we can keep it simple and the complexity is optional - do we want to document *when* we need to start the procedure? some incidents are not documented right now... yes. - unclear exactly what happens, when roles get delegated... current phrasing implies the original worker is the only one who can delegate - people can bump in and join the team, e.g. "seems like you need someone on comms, i'll start doing that, ok?" - add examples of past or theoretical incidents to the proposal to clarify the process - residual command position, once all roles have been delegated, should default to team lead? it's typically the team lead's role to step in those situation, and rotate into that role - no pager escalation - define severity - discomfort at introducing military naming, we can call it incident lead anarcat will work on improvements to the proposal following the discussion. # Next meeting Next week, we'll try to work again on the roadmap review. # Metrics of the month * host count: 99 * number of Apache servers monitored: 33, hits per second: 659 * number of self-hosted nameservers: 6, mail servers: 99 * pending upgrades: 0, reboots: 0 * average load: 3.40, memory available: 4.1 TB/7.2 TB, running processes: 276 * disk free/total: 106.2 TB/231.7 TB * bytes sent: 564.3 MB/s, received: 382.2 MB/s * [GitLab tickets][]: 248 tickets including... * open: 1 * ~Roadmap::Icebox: 126 * ~Roadmap::Future: 43 * ~Needs Information: 3 * ~Roadmap::Backlog: 38 * ~Roadmap::Next: 16 * ~Roadmap::Doing: 15 * ~Needs Review: 6 * (closed: 4227) * [~Technical Debt][]: 11 opened, 35 closed [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards [~Technical Debt]: https://gitlab.torproject.org/groups/tpo/tpa/-/issues/?state=opened&label_n… -- Antoine Beaupré torproject.org system administration

1 0

Soft release - Help us test the new Tor User Support portal!
by gus 06 Oct '25

06 Oct '25

Hello everyone, This week we're soft releasing the new Tor User Support portal! Please help us test it and report any issues you find. ## Background Over the past month, we've been migrating the content from Tor Browser User Manual and the (old) Support portal into a new single, unified resource, the new Support portal. Our goal is simple: to give Tor users one place where they can find support information about our products. After this migration, tb-manual.torproject.org will redirect to support.torproject.org. ## How to help 1. Visit and browse the new staging website on your favorite platforms: https://tor-www@support.staging.torproject.net 2. Found an issue or have feedback? - First, check if it's already reported, - If not, open a new issue here: https://gitlab.torproject.org/tpo/web/marble/support/-/issues 3. Or if you prefer to chat, join us on Matrix: #tor-www:matrix.org / #tor-www on irc.oftc.net. ## Localization Because we moved and adapted the website content, we'll need new translations. Please use Weblate to translate the new support website into your language! https://hosted.weblate.org/projects/tor/new-support-portal/ ## Next steps After this soft release, we're planning to officially announce the new Support portal next week on our blog, so your feedback now will help us make it ready for everyone. Thank you for your help! cheers, Gus -- The Tor Project Community Team Lead

1 0

Anti-censorship team meeting notes, 2025-10-02
by Shelikhoo 02 Oct '25

02 Oct '25

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-10-02-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, October 9 16:00 UTC Facilitator:meskio ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == * Reported blocking of www.cdn77.com by SNI, blocking of STUN servers in Russia, 2025-09-21 * https://github.com/net4people/bbs/issues/422#issuecomment-3316062302 * "I've noticed that stun protocol was blocked from mid-summer till today (it worked in June last time when I've used public stun to punch through NAT). Seems that only stun to public stun servers like stun.l.google.com, stun.bethesda.net were affected. Stun between webtunnel client and other webtunnel peer is not affected as can be seen in attached captures below. The only stun server that was accessible all that time was stun.rtc.yandex.net (of all the gists and lists of public stun servers I could find)." * "Had to change front though ... where <...> is another website using cdn77 I know. www.cdn77.com is blocked by SNI (session freezes after client hello), and www.phpmyadmin.net, though it doesn't cause hetzner to be blocked anymore, might cause stricter filtering or other side-effects." * We've been testing netlify in the alpha channel of Tor Browser, maybe it is time to use it in stable. * cdn77 domain fronts are already known to be blocked in China * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/168 * meskio has a list of cdn77 domain names. * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/168#note_32… * Could prioritize adding multiple builting snowflake bridge options * https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43842 * onyinyang will make a forum post with workarounds == Actions == * Remove webtunnel setuid script in 2 weeks.(decrease this by one every week) == Interesting links == * https://github.com/net4people/bbs/issues/422#issuecomment-3316062302 (2025-09-21) * (Russia) "I've noticed that stun protocol was blocked from mid-summer till today (it worked in June last time when I've used public stun to punch through NAT). Seems that only stun to public stun servers like stun.l.google.com, stun.bethesda.net were affected. Stun between webtunnel client and other webtunnel peer is not affected as can be seen in attached captures below. The only stun server that was accessible all that time was stun.rtc.yandex.net (of all the gists and lists of public stun servers I could find)." * "<...> is another website using cdn77 I know. www.cdn77.com is blocked by SNI (session freezes after client hello), and www.phpmyadmin.net, though it doesn't cause hetzner to be blocked anymore, might cause stricter filtering or other side-effects." * Mention of snowflake SNIs in the galaxy/platform/galaxy-qgw-service repo of MESA Git. The filenames include "E21" which is Ethiopia. * https://geedge-git.haruue.com/mesalab_git/galaxy/platform/galaxy-qgw-servic… E21-SNI-Top120W-20221020.txt snowflake-broker.freehaven.net 903971 110 snowflake-broker.torproject.net 8667377 55 snowflake-broker.bamsoftware.com 1611029 49 snowflake.torproject.net 105990565 16 snowflake.freehaven.net 24545 6 E21-SNI-Top200w.txt snowflake-broker.bamsoftware.com 14468 snowflake-broker.torproject.net 50 snowflake.bamsoftware.com 8 * https://geedge-git.haruue.com/mesalab_git/galaxy/platform/galaxy-qgw-servic… * "Galaxy SQL, the unified query gateway, is built with Spring Boot 2.0 technology. It provides interactive SQL analysis and routine scheduling windows, supports streaming and batch jobs, and makes it easier to write and submit ETL programs and efficiently execute big data computations, aiming to make big data processing easier." * Mention of torproject.net domain names in tango/maat/test/tsgrule/TSG_OBJ_FQDN.E21. TSG is Tiangou Secure Gateway, E21 is Ethiopia, Maat is a rules matching engine. * https://geedge-git.haruue.com/mesalab_git/tango/maat.git/tree/test/tsgrule?… 592177551 151465 .snowflake-broker.torproject.net 0 1 0 1 1683275236000000 0 key=592177551 592561443 151465 .snowflake.torproject.net 0 1 0 1 1683275236000000 0 key=592561443 592691531 151465 .forum.torproject.net 0 1 0 1 1683275236000000 0 key=592691531 594169529 151469 snowflake-broker.torproject.net 0 3 0 1 1683276253000000 0 key=594169529 594553421 151469 snowflake.torproject.net 0 3 0 1 1683276253000000 0 key=594553421 594683509 151469 forum.torproject.net 0 3 0 1 1683276253000000 0 key=594683509 * You can decode the microsecond timestamps like so: $ date -u --iso=sec --date=@1683275236 2023-05-05T08:27:16+00:00 * https://filter.watch/english/2025/10/02/irans-stealth-blackout-a-multi-stak… * https://filter.watch/wp-content/uploads/sites/2/2025/10/Click-here-to-read-… * Discussion of Tor starting on PDF page 23 == Reading group == * We will discuss "The Internet Coup" on October 23rd * https://interseclab.org/wp-content/uploads/2025/09/The-Internet-Coup_Septem… * Particularly relevant sections: "Blocking online privacy and circumvention tools" section of InterSecLab report on Geedge Networks, mentions Tor, Snowflake, WebTunnel * Notes: https://github.com/net4people/bbs/issues/519#issuecomment-3282101626 * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-10-02 Last week: - wrote up a roadmap for researching snowflake enumeration attacks (snowflake#40396) - helped debug email bridge distributor (rdsys#129) - reviewed update to telegram bridge distributor (rdsys!589) - removed some legacy code from snowflake-webext and fixed minor bugs (snowflake-webext#121) Next week: - research snowflake enumeration attacks (snowflake#40396) - follow up on snowflake rendezvous failures (snowflake#40447) - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-10-02 Last week: Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2024-10-02 Last week: - be AFK - catch up Next week: Shelikhoo: 2024-10-02 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Published Snowflake UDP mode test post: https://forum.torproject.org/t/invitation-to-test-snowflake-unreliable-tran… - vantage point maintaince Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - deploy new vantage point version with fixed performance onyinyang: 2025-10-02 Last week(s): - Deployed updated telegram distributor distributing a proportion of webtunnel bridges to telegram users with new accounts https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/283 - Managed some hiccups in the updated deployment - Wrote profiling patch for rdsys: kraken and email - Looked into conjure issue from China: fronts we are using appear to be blocked Next week: - Troubleshoot conjure not connecting in China - Finish up debugging rdsys#129 and rdsys#249 hopefully - Continue looking into bridgestrap#47 - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Switch back to some of these: As time allows: Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: meskio onyinyang shelikhoo 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue

1 0

sajolida's report for September 2025
by sajolida 30 Sep '25

30 Sep '25

Tails ===== Project 165 ----------- - Fixed all the less critical updates to our website for Tails 7.0: screenshots, style, advanced topics, etc.. (#20203) Overall, we applied more than 60 updates to our website and identified 10 other issues that were not triggered by Tails 7.0. - Wrote the lengthy release notes for Tails 7.0. (#21046) https://tails.net/news/version_7.0/ - Interviewed Joshua, an IT specialist who uses Tails both at work and at home. Despite Joshua not matching our personas, we learned a couple of interesting things. https://tails.net/contribute/how/user_experience/interviews/joshua/ - Updated the version of balenaEtcher and Rufus on our website. (#20989) Misc ---- - Made plans with intrigeri to migrate the homepage of Tor Browser in Tails to about:tor in time for the Year End Campaign. (#21003) - Removed the sponsors page from our website and tore down the infrastructure that we had to send newsletter to donors. * https://gitlab.torproject.org/tpo/team/-/work_items/399 * https://gitlab.torproject.org/tpo/team/-/work_items/382 Other Tor products ================== Tor Browser ----------- - Started preparing usability tests on the display of multi-path circuits (aka. Conflux) in Tor Browser Android and desktop. https://gitlab.torproject.org/tpo/ux/research/-/issues/168 Tor VPN ------- - Tested Tor VPN 1.0.0 Beta against the usability issues identified in August 2024 and reported 4 issues: * Connects despite being configured to use a bogus bridge https://gitlab.torproject.org/tpo/applications/vpn/-/issues/378 * Tapping on the circuit icon doesn't open the circuit view https://gitlab.torproject.org/tpo/applications/vpn/-/issues/379 * "No internet" displays network activity and app protection widgets on Internet deconnection https://gitlab.torproject.org/tpo/applications/vpn/-/issues/380 * Disable "Exit location" in "Configure" screen instead of hiding it when disconnected https://gitlab.torproject.org/tpo/applications/vpn/-/issues/382 -- sajolida The Tor Project — UX Designer

1 0

Anti-censorship team meeting notes, 2025-09-25
by onyinyang 25 Sep '25

25 Sep '25

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-09-25-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, October 2 16:00 UTC Facilitator: meskio ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == * Dual-stack bridges * Serge has been change not to test reachability, so its opinion on "Running" is useful again. * Now need to work on Onionoo and metrics. * But: the data that bridgestrap sends to CollecTor is incorrect for bridges that run multiple transports. * "collector output doesn't handle multiple transports correctly" https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/48 * (A bridge can be "Running" with respect to one transport but not "Running" with respect to another transport.) * Related: obfs4 (say) bridges that run on multiple IPv4 addresses. * This is not generally technically possible at the moment, because both torrc syntax and the PT protocol have limitations that assume there is at most one instance of any transport name. * "Multiple ServerTransportListenAddr entries should be allowed per transport" https://gitlab.torproject.org/tpo/core/tor/-/issues/11211 * But it is possible with dual-stack (IPv4 and IPv6) bridges: they effectively have 2 IP addresses (one IPv4, one IPv6) that they listen on, with the same relay fingerprint and obfs4 cert. * A desired feature is the ability to run multiple instances of obfs4, with a *different* obfs4 cert per listening IP address. For this, just being able to pass multiple bindaddrs would suffice. * Another desired feature: run a single bridge with many listening IP addresses, an IPv4 /24 or IPv6 /56 for example. * Where to send a written-up change proposal? * There is a repo for spec proposals, https://gitlab.torproject.org/tpo/core/torspec/, but for this it's probably better to write it up in https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/48. * "for the format changes, i would suggest specing out what those would look like more precisely and the changes they'd require in onionoo and metrics so that meskio and someone from the metrics team can review it and discuss" == Actions == * Remove webtunnel setuid script in 3 weeks.(decrease this by one every week) == Interesting links == * == Reading group == * We will discuss "The Internet Coup" on October 23rd * https://interseclab.org/wp-content/uploads/2025/09/The-Internet-Coup_Septem… * Particularly relevant sections: "Blocking online privacy and circumvention tools" section of InterSecLab report on Geedge Networks, mentions Tor, Snowflake, WebTunnel * Notes: https://github.com/net4people/bbs/issues/519#issuecomment-3282101626 * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-09-25 Last week: - released new version of snowflake webext with translation fix - cleaned up some remaining snowflake website decoupling tasks (snowflake-webext#121) - bug fix for available translations - wrote shadow experiment generation scripts - started researching proxy distribution changes and enumeration attacks on snowflake Next week: - release a new webext version to fix available translation bug - follow up on snowflake rendezvous failures - deploy new snowflake webextension with translation fixes - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-09-25 Last week: - merged a metrics timeline event https://gitlab.torproject.org/tpo/network-health/metrics/timeline/-/merge_r… - updated links gitweb→gitlab in metrics-timeline https://gitlab.torproject.org/tpo/network-health/metrics/timeline/-/issues/… - closed a metrics-timeline issue about automatically importing events from outside sources as not planned https://gitlab.torproject.org/tpo/network-health/metrics/timeline/-/issues/7 Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2024-09-11 Last week: - brainstorm on dual stack bridges (tor!786) - catch up with emails and fail Next week: Shelikhoo: 2024-09-18 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Compiled patched tor browser for snowflake udp transport mode - parpared test instruction for snowflake udp transport mode ( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - repair russian vantage point issues onyinyang: 2025-09-25 Last week(s): - Refactored solution for distributing a proportion of webtunnel bridges to telegram users with new accounts https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/283 - #249 bug is back: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/593 - Looked into conjure issue from China Next week: - Continue looking into bridgestrap#47 - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Switch back to some of these: As time allows: Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: meskio onyinyang shelikhoo 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

Anti-censorship team meeting notes, 2025-09-18
by Shelikhoo 18 Sep '25

18 Sep '25

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-09-18-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, Sep 25 16:00 UTC Facilitator: meskio ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == (Sep 18 New) * Disable duplicatedContainerImages mirroring: make sure you are not using it anymore == Actions == * Remove webtunnel setuid script in 4 weeks.(decrease this by one every week) == Interesting links == * https://github.com/net4people/bbs/issues/519#issuecomment-3289654410 * wangmeiqi/obfs4_verify, simple obfs4 active prober from Geedge/MESA * https://github.com/net4people/bbs/issues/519#issuecomment-3290129409 * wangmeiqi/obfs4_meek_snowflake, deep fingerprinting for meek, obfs4, Snowflake from Geedge/MESA == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? * Next: * https://interseclab.org/wp-content/uploads/2025/09/The-Internet-Coup_Septem… * "Blocking online privacy and circumvention tools" section of InterSecLab report on Geedge Networks, mentions Tor, Snowflake, WebTunnel == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-09-11 Last week: - fixed snowflake extension translation bug (snowflake-webext#120) - updated wiki page for integrating new PTs into Tor Browser - https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Tor-Browser-… -Transports - implemented and deployed new prometheus metrics to track proxy answers by implementation - met with Rob to discuss proteus integration steps - updated analysis of snowflake proxy timeouts (snowflake#40447) Next week: - follow up on snowflake rendezvous failures - deploy new snowflake webextension with translation fixes - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-09-18 Last week: Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2024-09-11 Last week: - brainstorm on dual stack bridges (tor!786) - catch up with emails and fail Next week: Shelikhoo: 2024-09-18 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Choosing domain fronting targets for domain fronting tests - (Many merge reviews) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - monitor russian vantage point issues onyinyang: 2025-09-18 Last week(s): - Implemented a solution for distributing a proportion of webtunnel bridges to telegram users with new accounts https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/283 Next week: - Continue looking into bridgestrap#47 - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Switch back to some of these: As time allows: Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: meskio onyinyang shelikhoo 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue

1 0