tor-project

tor-project@lists.torproject.org

16 participants
2324 discussions

PieroV's Monthly Status Report, February 2024
by Pier Angelo Vendrame 01 Mar '24

01 Mar '24

Hi everyone! Here is my status report for February 2024. As anticipated in my previous report, I have been working on implementing the possibility of setting Mullvad Browser as the default browser on Windows for most of this month. It involved several steps. The first one was to start customizing MOZ_APP_DISPLAYNAME in our browsers to allow installing one build from each channel (stable, alpha, nightly) without conflicts [0]. As a wanted side effect, alpha and nightly app bundles for macOS now contain the channel in their name. The original issue about this [1] was opened in 2018 😄️. The second step was to adapt Firefox's default browser agent. It's a companion exe that helps in various tasks. We disabled it because it isn't compatible with MinGW. Luckily, the compatibility problems affect only some features we are not interested in, so we could disable them and create a reduced agent that is enough for our needs. The final step was to extend the installer to register all the various file associations. I hoped to deal with this step later because it was very involved (lots of Windows registry), but it turned out to be necessary. We're implementing these changes in Mullvad Browser. Only the macOS changes apply also to Tor Browser. This month, I also took some time to start a different approach to the big rebases we do for our browsers. Traditionally, we stay on Mozilla ESR's channel, and once per year, we skip all the Firefox versions between the two ESRs. I wondered if we could instead spread this work during the year and make more rebases that are smaller and, therefore, potentially easier to review. I've started from Firefox 115 and arrived at Firefox 120. So far, it seems to me that the differences are indeed easier to recognize and explain. Other tasks I did include the usual monthly rebase and fixing more fingerprinting issues. I also turned off the OS spoofing in HTTP User-Agent in Mullvad Browser [2] and helped a volunteer who's trying to reproduce our builds in F-Droid [3]. Finally, I opened an issue about what we'll need from Arti for Tor Browser [4]. Best, Pier [0] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42398 [1] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [2] https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/234 [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27539 [4] https://gitlab.torproject.org/tpo/core/arti/-/issues/1303

1 0

Anti-censorship team meeting notes, 2024-02-29
by meskio 29 Feb '24

29 Feb '24

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-02-29-15.57.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, March 7 16:00 UTC Facilitator: onyinyang Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == - Ireland Constitution Amendment Referendum: March 8th Anything to note? * Belarus - General elections (2024-02-25): https://explorer.ooni.org/chart/mat?probe_cc=BY&since=2024-01-16&until=2024… * Cambodia - Senate election (2024-02-25): https://explorer.ooni.org/chart/mat?probe_cc=KH&since=2024-01-16&until=2024… == Discussion == * Mysterious reported snowflake issue in China has maybe gone away as of 2024-02-26? But reportedly still slow/unreliable https://github.com/net4people/bbs/issues/325#issuecomment-1963226429 * looks like we can reproduce the issue: https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… * shelikhoo will investigate when time is available * Unclear whether AWS will allow public disclosure of credentials * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * we are waiting for their response == Actions == == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-02-29 Last week: - released v2.9.1 for snowflake - merged shadow ci integration tests for snowflake - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - responded to AWS warning about public disclosure of credentials - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - set up a cdn77 endpoint for meek - worked on snowflake webext source code instructions for 0.7.3 rejection - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… This week: - continue following up on AWS support case - review lox synchronization fix - compile a list of next-steps for lox - update wasm-bindgen fork to fix some bugs and hopefully upstream changes - tor-browser-build updates for lox wasm + bindings generation - Conjure bridge maintenance - more testing of available domain fronts Needs help with: dcf: 2024-02-29 Last week: - archived snowflake-webext-0.7.3 https://archive.org/details/snowflake-webextension-0.7.3 - rebased https://gitlab.torproject.org/dcf/snowflake/-/commits/handshake-padding and for testers in China Next week: - review draft MR for unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker - move snowflake-02 to new VM Help with: meskio: 2023-02-29 Last week: - email tor-relays to request bridges for lox (lox#56) - mark bridges with local addresses as dysfunciontional in rdsys (rdsys!270) - get the version number from git in lyrebird (lyrebird!31) - try and fail to use iptables to bloc local connections from bridgestrap Next week: - moat distributor in rdsys Shelikhoo: 2024-02-29 Last Week: - [Merge Request]HTTPS distributors in rdsys: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/260 - [Research] Inspect Snowflake Situation In China - Update WebTunnel Container Image(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transport… - Merge request reviews Next Week/TODO: - Inspect Snowflake Situation In China and create ticket for that - Create Issue for "Merging webtunnel + lyrebird" onyinyang: 2023-02-29 Last week(s): - continued prep for HACS/DRL meeting - Thought about/work on other Lox test deployment milestone pieces -https://gitlab.torproject.org/tpo/anti-censorship/lox/-/milestones/1#tab-issues - worked on better invitation encoding issue: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/58, implemented base64 serialization/deserialization but waiting for more feedback from the wider team - looked into bridge blockage reporting: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/57 This week: - continue prep for HACS/DRL meeting - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum - attempt hyper upgrade again (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2023-01-11 Last weeks: - Currently in the start phase of writing my master thesis (to be finished late june 2024) in communication technology on reducing distinguishability of DTLS. The goal is to implement a validated DTLS anti-fingerprinting library similar to uTLS (useful for Snowflake). Next weeks: - Talk with Sean DuBois about contributing to adding anti-fingerprinting capabilities to the pion library Help with: - Find recent data set of captured DTLS traffic -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

Anti-censorship team meeting notes, 2024-02-22
by Shelikhoo 22 Feb '24

22 Feb '24

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-02-22-15.57.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, February 29 16:00 UTC Facilitator: onyinyang Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * Belarus - General elections (2024-02-25): https://explorer.ooni.org/chart/mat?probe_cc=BY&since=2024-01-16&until=2024… * Cambodia - Senate election (2024-02-25): https://explorer.ooni.org/chart/mat?probe_cc=KH&since=2024-01-16&until=2024… * Ireland Constitution Amendment Referendum: March 8th == Discussion == * == Actions == == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-02-15 Last week: - caught up on manifest v3 updates - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - release new version of snowflake addon (0.7.3) - updated addon stores - updated website - opened tor-browser-build MR to get SQS rendezvous in Tor Browser - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… - fixed shadow integration tests - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - opened an issue for country-specific client rendezvous poll counts - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - caught up on dependency update backlog - mostly caught up on review backlog This week: - review lox synchronization fix - compile a list of next-steps for lox - update wasm-bindgen fork to fix some bugs and hopefully upstream changes - tor-browser-build updates for lox wasm + bindings generation - Conjure bridge maintenance - more testing of available domain fronts Needs help with: dcf: 2024-02-15 Last week: - snowflake azure CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - review draft MR for unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker - move snowflake-02 to new VM Help with: meskio: 2023-02-22 Last week: - limit the size of requests in rdsys (rdsys!261) - configure if web proxy headers are trusted in rdsys (rdsys!262) - block connections to localhost in webtunnel (webtunnel!20) - review HTTPS distributor in rdsys (rdsys!260) Next week: - draft an email to request bridges for lox in tor-relays (lox#56) - moat distributor in rdsys Shelikhoo: 2024-02-22 Last Week: - [Merge Request]HTTPS distributors in rdsys: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/260 - [Research] Inspect Snowflake Situation In China - [Merge Request] Update Renovate Golang version to 1.21(https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_reques… - [Merge Request Review] Automatically build container on release and push to our registry. (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - [Merge Request Review] client: Only accept connections to remote hosts (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) - Attend Online FOCI - Merge request reviews Next Week/TODO: - Inspect Snowflake Situation In China - Create Issue for "Merging webtunnel + lyrebird" - Update WebTunnel Container Image onyinyang: 2023-02-15 Last week(s): - Finished up fixing problems with syncing functions - Opened ticket to Lox invitation endpoint only accessible via telegram This week: - redeploy rdsys and lox-distributor with bug fixes and telegram bot - improve metrics collection/think about how to show Lox is working/valuable - start prep for HACS/DRL meeting - sketch out Lox blog post/usage notes for forum - attempt hyper upgrade again (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2023-01-11 Last weeks: - Currently in the start phase of writing my master thesis (to be finished late june 2024) in communication technology on reducing distinguishability of DTLS. The goal is to implement a validated DTLS anti-fingerprinting library similar to uTLS (useful for Snowflake). Next weeks: - Talk with Sean DuBois about contributing to adding anti-fingerprinting capabilities to the pion library Help with: - Find recent data set of captured DTLS traffic

1 0

Job Opportunity - Rust Developer
by Patricia Robinson 21 Feb '24

21 Feb '24

** *Hi Everyone!* * Sending along again for improved readability. :) We have two new job openings for Rust Developers! https://www.torproject.org/about/jobs/rust-developer-network-team/ <https://www.torproject.org/about/jobs/rust-developer-network-team/> If you are or know someone who would be a good fit and wants to join our team, please apply/share. Have a great week and thanks for helping us spread the word! :) Warmly, Patricia Robinson Tor Project, Inc. Recruiting Coordinator *

1 0

Job Opportunity- Rust Developer
by Patricia Robinson 21 Feb '24

21 Feb '24

** *Hi Everyone!* * We have two new job openings for Rust Developers! https://www.torproject.org/about/jobs/rust-developer-network-team/ <https://www.torproject.org/about/jobs/rust-developer-network-team/> If you are or know someone who would be a good fit and wants to join our team, please apply/share. Have a great week and thanks for helping us spread the word! :) Warmly, Patricia Robinson Tor Project, Inc. Recruiting Coordinator *

1 0

Tor Browser Meeting moved to 2024-02-20
by Richard Pospesel 15 Feb '24

15 Feb '24

Hi Everyone, Monday is a holiday so we'll be moving our regularly scheduled Tor Browser weekly meeting to Tuesday (2024-02-20) at 1500 UTC in #tor-meeting on OFTC IRC. best, -richadr

1 0

Anti-censorship team meeting notes, 2024-02-15
by meskio 15 Feb '24

15 Feb '24

Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-02-15-15.57.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, February 22 16:00 UTC Facilitator: shelikhoo Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * Elections in Indonesia (2024-02-14): https://explorer.ooni.org/chart/mat?probe_cc=ID&since=2024-01-16&until=2024… * Belarus - General elections (2024-02-25): https://explorer.ooni.org/chart/mat?probe_cc=BY&since=2024-01-16&until=2024… * Cambodia - Senate election (2024-02-25): https://explorer.ooni.org/chart/mat?probe_cc=KH&since=2024-01-16&until=2024… == Discussion == * == Actions == == Interesting links == * FOCI registration is open (attendance is free): https://foci.community/register * February 19th == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-02-15 Last week: - caught up on manifest v3 updates - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - release new version of snowflake addon (0.7.3) - updated addon stores - updated website - opened tor-browser-build MR to get SQS rendezvous in Tor Browser - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… - fixed shadow integration tests - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - opened an issue for country-specific client rendezvous poll counts - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - caught up on dependency update backlog - mostly caught up on review backlog This week: - review lox synchronization fix - compile a list of next-steps for lox - update wasm-bindgen fork to fix some bugs and hopefully upstream changes - tor-browser-build updates for lox wasm + bindings generation - Conjure bridge maintenance - more testing of available domain fronts Needs help with: dcf: 2024-02-15 Last week: - snowflake azure CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - review draft MR for unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker - move snowflake-02 to new VM Help with: meskio: 2023-02-15 Last week: - catching up after long vacation Next week: - react to S96 code audit Shelikhoo: 2024-02-15 Last Week: - [Merge Request]HTTPS distributors in rdsys: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/260 - [Research] Inspect Snowflake Situation In China - Merge request reviews Next Week/TODO: - Inspect Snowflake Situation In China - Create Issue for "Merging webtunnel + lyrebird" - Update WebTunnel Container Image onyinyang: 2023-02-15 Last week(s): - Finished up fixing problems with syncing functions - Opened ticket to Lox invitation endpoint only accessible via telegram This week: - redeploy rdsys and lox-distributor with bug fixes and telegram bot - improve metrics collection/think about how to show Lox is working/valuable - start prep for HACS/DRL meeting - sketch out Lox blog post/usage notes for forum - attempt hyper upgrade again (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2023-01-11 Last weeks: - Currently in the start phase of writing my master thesis (to be finished late june 2024) in communication technology on reducing distinguishability of DTLS. The goal is to implement a validated DTLS anti-fingerprinting library similar to uTLS (useful for Snowflake). Next weeks: - Talk with Sean DuBois about contributing to adding anti-fingerprinting capabilities to the pion library Help with: - Find recent data set of captured DTLS traffic -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

Job Opportunity - Mullvad Browser Software Engineer (Contractor)
by Tyler Corn 09 Feb '24

09 Feb '24

Hi Everyone! We have a new job opening for a Browser Software Engineer (Contractor)! https://www.torproject.org/about/jobs/browser-software-engineer/ If you are or know someone who would be a good fit and wants to join our team, please apply/share. Have a great weekend and thanks for helping us spread the word! 🙂 Best, Tyler

1 0

Announcing Onionspray 1.6.0 with a SECURITY fix for Onion Services rewriting proxies
by rhatto 09 Feb '24

09 Feb '24

Hello everyone, I'd like to announce Onionspray, a tool for setting up Onion Services for existing public websites, working as a HTTPS rewriting proxy: https://tpo.pages.torproject.net/onion-services/onionspray/ It's a fork of Alec Muffett's EOTK (https://github.com/alecmuffett/eotk), with many enhancements but retaining compatibility, and relying on C Tor until an alternative in Arti is available. The first Onionspray version is 1.6.0, following the pre-existing version sequence from EOTK. Security fixes: * This release fixes a CRITICAL security vulnerability related to upstream HTTPS certificate verification, which is detailed at https://tpo.pages.torproject.net/onion-services/onionspray/security/advisor… A related fix is also available for EOTK: https://github.com/alecmuffett/eotk/pull/116 We urge Onionspray users that were testing the software while it was being on it's early stages to upgrade ASAP to 1.6.0 and update their configurations, and we recommend that EOTK to the same with the corresponding patch. This issue might also affect other similar rewriting proxy setups, and we urge operators to review and fix their Onion Service configurations. Main improvements over EOTK: * MetricsPort support (for gathering metrics data from the tor instances). * Denial of Service (DoS) protections. * Circuit ID exporting to NGINX logs and optionally to the upstream proxy (through the X-Onion-CircuitID HTTP header). * Onionbalance v3 support ("softmaps" are working again). * Revamped documentation. * Installation procedures added for recent Debian and Ubuntu releases. * Tor and OpenResty upgraded to the latest versions. * Option to keep Onionspray running in the foreground (`--no-daemonize`). * Local healthcheck action (`--health-local`), useful for containerized execution. The full ChangeLog is available at https://tpo.pages.torproject.net/onion-services/onionspray/changelog/ For those wishing to switch from EOTK to Onionspray, there's a migration guide at https://tpo.pages.torproject.net/onion-services/onionspray/migrating/ We also welcome people to report issues, send merge requests etc: https://tpo.pages.torproject.net/onion-services/onionspray/contact/ And we have a bunch of issues waiting for contributions: https://gitlab.torproject.org/tpo/onion-services/onionspray/-/issues Finally, I'd like to thank Alec Muffett for his important work with EOTK and for promoting Onion Services all these years :) Thanks! -- Silvio Rhatto pronouns he/him

1 0

Anti-censorship team meeting notes, 2024-02-08
by onyinyang 08 Feb '24

08 Feb '24

Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-02-08-15.59.html And our meeting pad: https://pad.riseup.net/p/r.9574e996bb9c0266213d38b91b56c469 Anti-censorship -------------------------------- Next meeting: Thursday, February1516:00 UTC Facilitator: meskio Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… <https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s…> * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * PSA: Elections in Pakistan Today!. == Discussion == * Internet outage in PK: * https://twitter.com/CloudflareRadar/status/1755435530873888990 * > Disruptions to #mobile #Internet connectivity in #Pakistan have been observed on @telenorpakistan, @Zongers, and @jazzpk starting at 0200 UTC, despite assurances from @PTAofficialpk that mobile services would remain active on Election Day, February 8. https://radar.cloudflare.com/pk?dateRange=1d * https://explorer.ooni.org/findings/108298926901 * Elections in Azerbaijan yesterday, connectivity status unknown * https://explorer.ooni.org/chart/circumvention?since=2023-02-08&until=2024-0… <https://explorer.ooni.org/chart/circumvention?since=2023-02-08&until=2024-0…> * Elections in Senegal earlier this week with Internet shutdown * Elections postponed to December 2024, Internet connection restored * == Actions == == Interesting links == * TorKameleon appeared at TrustCom/ITCCN 2023 * https://arxiv.org/abs/2303.17544 * https://hpcn.exeter.ac.uk/trustcom2023/accepted-paper-list.phpITCCN-456 * Uses WebRTC data channels with Encoded Transforms, as discussed at https://lists.torproject.org/pipermail/anti-censorship-team/2023-February/0… * https://github.com/AfonsoVilalonga/TorKameleon * Previously discussed at 2023-10-19 meeting https://forum.torproject.org/t/tor-project-anti-censorship-team-meeting-not… * FOCI registration is open (attendance is free): https://foci.community/register * February 19th == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: * This week: * - What you worked on this week. * Next week: * - What you are planning to work on next week. * Help with: * - Something you need help with. cecylia (cohosh): 2024-02-08 * Last week: * - merged and deployed update to circumvention settings for Egypt * - https://gitlab.torproject.org/tpo/anti-censorship/rdsys-admin/-/merge_reque… * - opened issue for snowflake update in Tor Browser build * - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… * This week: * - create tor-browser-build MR for snowflake version bump * - update snowflake web[site, extension] translations * - update wasm-bindgen fork to fix some bugs and hopefully upstream changes * - tor-browser-build updates for lox wasm + bindings generation * - rebase and try out manifest v3 patch * - Conjure bridge maintenance * Needs help with: dcf: 2024-02-08 * Last week: * - reconfirmed eclips.is account(where the snowflake broker is hosted) * - "You have EUR 184.1 per month value of resources in use. If eclips.is were to transition to a (partly) paid service, would you be able to cover these costs from your own resources?" * Next week: * - review draft MR for unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * - open issue to disable /debug endpoint on snowflake broker * - move snowflake-02 to new VM Help with: meskio: 2023-12-21 Last week: - grant writing Next week: Shelikhoo: 2024-02-08 Last Week: * - HTTPS distributors in rdsys: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/191 * - Merge request reviews Next Week/TODO: * - HTTPS distributors in rdsys: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/191 * - Create Issue for "Merging webtunnel + lyrebird" * - Update WebTunnel Container Image * - Inspect Snowflake Situation In China onyinyang: 2023-02-08 * Last week(s): * - Continuing with bug fixing the syncing function, nearly finished * * This week: * - Finish up fixingproblemswith syncing functions * -Make Lox invitation endpoint only accessible via telegram * - attempt hyper upgrade again * * (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep * - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice * Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? * 1. Are there some obvious grouping strategies that we can already consider? * e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) * 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? * theodorsm: 2023-01-11 * Last weeks: * - Currently in the start phase of writing my master thesis (to be finished late june 2024) in communication technology on reducing distinguishability of DTLS. The goal is to implement a validated DTLS anti-fingerprinting library similar to uTLS (useful for Snowflake). * Next weeks: * - Talk with Sean DuBois about contributing to adding anti-fingerprinting capabilities to the pion library * Help with: * - Find recent data set of captured DTLS traffic -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project