Hello :)
*
Tails report for November 2023 <https://tails.net/news/report_2023_11/>*
Highlights
*
We had asked Radically Open Security
<https://www.radicallyopensecurity.com/> to audit Tails. The results
of the audit <https://tails.net/news/audit_by_ROS/index.en.html>
reinforced Tails credentials as a "solid" operating system for
preserving anonymity.
We were super proactive with addressing the reported
vulnerabilities, fixing them all within 3 weeks of being reported.
This is a reminder that as good as Tails is, it needs to be updated
regularly!
*
We undertook a bunch of home improvement projects for our new
address <https://tails.net/news/new_domain/index.en.html>. Highlights:
o the language switcher on the website is more prominent, and also
in the website footer,
o warning buttons display warnings better - in a new colour, and
with wrapped text,
o our redesigned security page
<https://tails.net/security/index.en.html> better showcases the
history of our security advisories.
*
We have a new sponsor: igaming.com <https://www.igaming.com/> joined
our mission! Our donors also received the quarterly newsletter with
early insights into upcoming Tails features. You, too, could
subscribe while making your next donation
<https://tails.net/donate/index.en.html>. Help make our ongoing
fundraiser <https://tails.net/news/gift_of_privacy/index.en.html> a
success!
Releases
November featured 2 new versions of Tails: 5.19.1 and 5.20.
5.19.1 <https://tails.net/news/version_5.19.1/index.en.html> was an
emergency release. We updated the Tor client to bring the fix to the
TROVE-2023-006 vulnerability
<https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE>
to Tails users.
And in 5.20 <https://tails.net/news/version_5.20/index.en.html>, we:
*
brought the usual, latest updates to Tor Browser and Thunderbird,
*
fixed a security vulnerability in uBlock Origin to protect Tails
users from advanced browser fingerprinting techniques, and
*
continued making Persistent Storage more usable, and made it even
easier to report issues when it doesn't work through improvements to
WhisperBack.
Metrics
Tails was started more than 825,741 times this month. That's a daily
average of over 27,520 boots
Hello,
This email shares OONI's monthly report for November 2023.
*# OONI Monthly Report: November 2023*
Throughout November 2023, the OONI team worked on the following sprints:
* Sprint 103 (1st - 5th November 2023)
* Sprint 104 (6th - 19th November 2023)
* Sprint 105 (20th - 30th November 2023)
Our work can be tracked through the various OONI GitHub repositories:
https://github.com/ooni
Highlights are shared in this report below.
*## Launched the OONI Censorship Findings platform*
We are excited to share that we launched a new Censorship Findings platform!
Along with the launch, we published:
* 20 reports on censorship events that emerged in 2023:
https://explorer.ooni.org/findings
* Blog post sharing information about the Censorship Findings platform:
https://ooni.org/post/2023-launch-ooni-censorship-findings-platform/
The Censorship Findings platform was also featured as a “Tool of the Week”
in Top10VPN’s newsletter:
https://top10vpn.substack.com/p/friday-digest-4-fb-messenger-whatsapp
The Censorship Findings platform includes 20 reports on internet censorship
events that emerged around the world in 2023 based on OONI data. These
short reports include key censorship findings and charts based on OONI
data. We describe the criteria that inform which cases we report on in our
blog post:
https://ooni.org/post/2023-launch-ooni-censorship-findings-platform/#limita…
Our goal is to support research and advocacy efforts aimed at monitoring
and responding to internet censorship around the world. In response to
emergent censorship events, we will continue to publish reports on the
Censorship Findings platform on an ongoing basis.
We thank the global OONI community for contributing measurements, making
the creation of this platform possible.
*## OONI Team Meeting 2023*
Our team is distributed in various countries (and continents) and
throughout the year, we work remotely online. Once a year, we come together
for an in-person OONI Team Meeting to discuss projects, strategic
priorities, and to refine our roadmaps.
Between 8th-10th November 2023, we hosted our annual OONI Team Meeting in
Nairobi, Kenya.
We chose Nairobi as a location for our team meeting based on our script
which automatically provides locations that are visa-friendly, safe, and
cost-effective to help ensure in person attendance from all of our team
members. We took this measure because last year, half of our team was not
able to travel to Rome for our 2022 Team Meeting due to visa issues (and we
therefore had to host a hybrid event).
This year, hosting the meeting in Kenya meant that all of our team members
were able to join in person! And this meeting provided us the opportunity
to meet some of our colleagues in person for the first time! In addition to
our team, the meeting also included an OTF research fellow who we will be
hosting over the next year.
As part of the 3-day OONI Team Meeting 2023, we facilitated the following
15 sessions:
1) OONI Strategy: Now and in the Future
2) Automating censorship detection and characterization, and creating a
Social Media Censorship Alert System: Discussion of current status and next
steps
3) Community engagement and new community roadmap
4) Supporting richer testing input: Discussion of current status and next
steps
5) Presenting thematic censorship findings on OONI Explorer: Discussion of
current status and next steps
6) Measuring the blocking of VPNs and evolving circumvention games
7) Evolution of OONI measurement representations: Moving towards a flexible
architecture and data model for research and presentation
8) Methods for measuring throttling: Discussion of current status and next
steps
9) OONI Run v2: Discussion of current status and next steps towards launch
10) Team Health Check
11) Psychological safety and supportive group norms
12) Roadmap session (Part 1)
13) Roadmap session (Part 2)
14) OONI funds and finances for 2024
15) OONI fundraising priorities
As an outcome, we have significantly improved roadmaps, and we made
important progress on many of our high-priority projects and activities. We
also had an opportunity to discuss strategic priorities for the future, as
well as approaches for improving our team’s health and organization’s
long-term resilience.
On 11th November 2023 (after the 3-day team meeting), we hosted a “team
bonding day”, providing our team some extra time for in person bonding –
which is important given that we work remotely throughout the year.
*## Published blog post about IMC 2023 internet measurement hackathon*
In collaboration with ISOC, M-Lab, Censored Planet, and IODA, OONI
co-hosted an internet measurement hackathon alongside the Internet
Measurement Conference (IMC) 2023.
In November 2023, we published a blog post sharing the great projects that
came out of the hackathon: https://ooni.org/post/imc-hackathon-results-2023/
The hackathon participants worked on using OONI data to investigate IPv6
connectivity, data triangulation to infer censorship or shutdown events,
and on correlating alarms across multiple datasets. We were very impressed
with the results produced by the participants!
During the hackathon, OONI's Arturo created "The Sound of Internet
Shutdowns": a sonification project which transforms some of the features of
the IODA dataset into synthesized sounds: https://shutdown-sound.vercel.app/
Here is an example of how an internet shutdown in Iraq based on IODA data
sounds like: https://www.youtube.com/watch?v=Z1TFc1AyqI4
The "Sound of Internet Shutdowns" project was featured as a “Tool of the
Week” in Top10VPN’s newsletter:
https://top10vpn.substack.com/p/friday-digest-3-vpn-vulnerabilities
We thank all the participants and co-organizers for making the hackathon a
great event!
*## OONI Probe Mobile*
In November 2023, we released OONI Probe Mobile 3.8.5 for both Android (
https://github.com/ooni/probe-android/releases/tag/v3.8.5) and iOS (
https://github.com/ooni/probe-ios/releases/tag/v3.8.5), which included some
minor improvements and maintenance work.
*## OONI Run*
As part of our work on creating the next generation version of OONI Run
(“OONI Run v2”), we continued to iterate on the user interface designs for
the web and mobile applications. Most notably, we updated the run button
from the dashboard to display the new flow for selecting tests (
https://github.com/ooni/probe-android/pull/632) and we updated the
preferences to reflect the new designs (
https://github.com/ooni/probe-android/pull/633). We also started working on
our test plans to prepare for internal testing and QA next year.
Moreover, we added OONI Run link ID support (
https://github.com/ooni/backend/pull/768) and backend support for searching
measurements from a specific OONI Run v2 link (
https://github.com/ooni/backend/issues/701) to the fastpath pipeline.
*## OONI Probe CLI*
We released OONI Probe CLI versions 3.19.1 and 3.19.2 to address data
quality issues caused by changes in the endpoints used by the Signal
application. You can read the changelogs at the following links:
* https://github.com/ooni/probe-cli/releases/tag/v3.19.1
* https://github.com/ooni/probe-cli/releases/tag/v3.19.2
We also continued working on improving our throttling methodology by
merging work into the master branch (see the throttling section) and
starting to prepare for the OONI Probe CLI 3.20 release.
Our community has asked us to add support for Go 1.21, but unfortunately it
seems we will not be able to do that for OONI Probe 3.20. We will
nonetheless try our best to support Go 1.21 before Go 1.20 goes EOL in
February 2024. You can read more about this topic here:
https://github.com/ooni/probe/issues/2548
*## Expanding OONI’s testing model to support richer testing input*
As part of our OONI Team Meeting 2023 in Nairobi, we facilitated a session
on “supporting richer testing input”, as part of which we discussed the
current status and next steps. As part of this, we documented the next
milestones and improved upon our relevant roadmap. We illustrate the
updated plan in the following GitHub issue:
https://github.com/ooni/ooni.org/issues/1291
In summary, we aim to incrementally add richer testing input to the data
structure returned by the check-in API for the experiments that would
benefit the most from obtaining richer input.
Based on our current plan, the OONI experiments that would benefit most
from richer testing input include:
* DNS Check: Richer testing input would allow us to serve information about
HTTP/3 and start testing DNS-over-HTTP3.
* Signal: Richer testing input would enable us to serve the custom CA and
to measure the endpoints from the backend, thus eliminating the need to
make emergency releases (such as with OONI Probe CLI 3.19.1 and 3.19.2) to
handle endpoint changes.
*STUN Reachability: Richer testing input will allow us to serve the STUN
endpoints used by the snowflake client and to keep updating them without
making new releases.
* Tor Snowflake: Richer testing input will allow us to modify some
parameters used by snowflake to bootstrap and to reduce the number of cases
where we need to issue new bug-fixing releases.
* RiseupVPN: Richer testing input will allow us to eliminate the functional
coupling in the experiment implementation between checking for Riseup’s API
reachability and obtaining the endpoints to measure, thus making the
experiment more robust and adaptable.
* (Potentially) urlgetter: Richer testing input will allow us to run
custom measurements when there is an emerging censorship condition for
which we don’t already have an experiment.
These changes will modify the OONI Probe client and, for some experiments,
we will take advantage of the new ooni/data processing pipeline (
https://github.com/ooni/data).
*## Creating a methodology for measuring throttling*
We already implemented better support for measuring throttling in Web
Connectivity v0.5, which is currently not enabled for most OONI Probe apps
users. To enable this experiment for everyone, we first need to make sure
that it is fully compatible with the current stable version (v0.4). That
is, if a website was previously marked as blocked in a specific way by
v0.4, we would like v0.5 to say the same. We would also like v0.5 to
provide a more nuanced view of the blocking that is happening, but we
definitely don’t want to introduce data quality issues.
During November 2023, we made significant progress to make this happen.
Specifically, we ran A/B testing between Web Connectivity v0.5 and v0.4
using our Gvisor-based QA suite. As part of this work, we wrestled with the
difficulty of mapping the results produced by v0.5 to the ones produced by
v0.4. The underpinning issue is that v0.5 results answer the question of
“all the ways in which the tested website is blocked.” Conversely, v0.4
analysis code aims to answer the question of “the first way in which the
website is blocked.” To reconcile these differences, we needed to
significantly enrich our in-probe data processing capabilities.
To this end, we authored a new Go package named “minipipeline.” We
implemented this package to mirror the data analysis architecture
implemented in the new ooni/data processing pipeline (
https://github.com/ooni/data). The general idea is that an OONI measurement
(i.e., the piece of JSON OONI Probe sends to the backend and you can
inspect in Explorer) goes through the following set of standard
transformations:
1) We process the fundamental results inside the measurement (e.g., the
results of DNS lookups, TCP connects, TLS handshakes) to produce flat
“observations.” Each observation is a statement about measurements
performed by OONI Probe with a single possible failure. In other words,
each DNS lookup produces an observation, and each attempt at measuring an
endpoint (e.g., “8.8.8.8:443” with SNI equal to “dns.google”) is also an
observation. We also link DNS and endpoints observations together, take
note of the redirect depth (i.e., is this the first request or the N-th
redirect?), and distinguish between observations that aim to fetch a
webpage and observations that just enrich the measurement.
2) We analyze the observations to produce a synthetic representation called
“analysis,” which contains metrics such as (a) which DNS lookups failed
where we expected them to succeed based on the control measurement and (b)
the linear list of operations performed to fetch the final webpage, sorted
by descending redirect depth, type, and result.
In turn, Web Connectivity v0.5 uses the “analysis” results to produce its
top-level keys (e.g., the blocking and accessible fields also produced by
Web Connectivity v0.4).
Thanks to this more comprehensive and more accurate measurement analysis
process, and by filtering observations to only include into the analysis
those observations that would also be produced by v0.4, we’re now able to
obtain the same documented top-level test keys in v0.4 and v0.5 for all the
test cases defined in our GVisor-based QA suite.
This result is a significant milestone for us, because it means we can
start running A/B testing in production using existing probes once the new
code has been shipped. The aim of this further A/B testing stage would be
to collect real world data that is useful to compare v0.4 and v0.5,
possibly leading to additional bug fixes and new QA test cases.
Additionally, from the engineering perspective, using a similar data
processing architecture between OONI Probe and the ooni/data pipeline
enables running A/B testing between the two tools in the future, and
potentially opens up the possibility of sharing code between them.
*## OONI Explorer*
As part of our OONI Team Meeting 2023 in Nairobi, we facilitated a session
on “presenting thematic censorship findings on OONI Explorer”. As part of
this session, we discussed the challenges associated with grouping OONI
measurements by resource and presenting thematic censorship findings (while
eliminating the risk of false positives) in an automated way. We also
discussed and determined the next steps towards implementing this area of
work over the next months.
In November 2023, we also launched the new Censorship Findings (
https://explorer.ooni.org/findings) page on OONI Explorer (as discussed
previously in this report).
*## Creating a Social Media Censorship Alert System*
As part of our OONI Team Meeting 2023 in Nairobi, we facilitated a session
on “creating a Social Media Censorship Alert System”. As part of this, our
colleagues presented the current status of the alert system, and we
discussed related challenges and next steps.
*## Automating censorship detection and characterization based on OONI
measurements*
In November 2023, we made significant progress in the area of automating
the detection and characterization of internet censorship.
Specifically, we came up with a new metric for representing the outcomes
related to blocking happening, called the Likelihood of Network
Interference (LoNI). This metric represents the likelihood that access to a
given resource is being restricted via a particular method within the
specified network region over some period of time.
The LoNI metric is implemented through a new data model called Experiment
Results. The analysis code of ooni/data (https://github.com/ooni/data) has
been significantly refactored to generate Experiment Results through an
intermediate data model called Analysis. The basic idea is to take the
Analysis keys that are generated by comparing an individual observation
with ground truth data. Through a very large set of rules we are able to
assign individual blocking, down and ok rules based on how confident we are
in that particular signal being a sign for censorship.
We then take all the scores pertaining to a particular observation group
relevant to a measurement and generate a MeasurementExperimentResult which
should be backward compatible with our existing data model. In terms of
performance, some cursory benchmarks were run on the dataset from
2023-09-01 to 2023-11-01 and it was processing data at a rate of ~7k
observations per second, scaling on 34 cores.
As part of our work (https://github.com/ooni/data/pull/44), we:
* Implemented the Experiment Result generation based on the analysis tables;
* Implemented minimal UI for MeasurementExperimentResult;
* Added support for generating MeasurementExperimentResult as part of
mkanalysis cli command;
* Added more tests for all of the above.
Moreover, we implemented a basic web interface for exploring these
Experiment results (https://github.com/ooni/data/pull/43). We started
working on creating a fastapi based HTTP API to expose this data to other
OONI services, such as OONI Explorer (https://github.com/ooni/data/pull/45).
We also wrote a minimal PoC that makes use of the backward compatible
aggregation API that is using the new LoNI based experiment results (
https://github.com/ooni/explorer/pull/892).
*## Preparing OONI backend documentation*
In November 2023, we started working towards writing OONI backend
documentation that describes the architecture of the main components of
OONI infrastructure. Specifically, we focused on improving the
documentation of our backend architecture, data flows, and deployment
workflows.
You can see a work in progress of the documentation here:
https://github.com/ooni/backend-documentation/blob/main/backend_documentati…
*## Published OONI Outreach Kit in French and Spanish*
The OONI Outreach Kit is now available in both French and Spanish (in
addition to Russian and English)!
* French OONI Outreach Kit: https://ooni.org/fr/support/ooni-outreach-kit/
* Spanish OONI Outreach Kit: https://ooni.org/es/support/ooni-outreach-kit/
We thank our partner, Computech Institute (
https://ooni.org/partners/computech/) for the French translation, and we
thank OONI community members, Mariengracia Chirinos and Katherine
Pennachio, for the Spanish translation.
We hope that the French and Spanish versions of the OONI Outreach Kit will
help support OONI community engagement efforts!
*## Published OONI Risks documentation in Burmese*
The OONI Risks documentation is now available in Burmese:
https://ooni.org/my/about/risks
We thank the community members who translated this documentation to
Burmese. We generally consider it important to have this documentation
translated in as many languages as possible (particularly in languages
spoken in high-risk countries), as it communicates the potential risks
associated with running OONI Probe.
The OONI Risks documentation (https://ooni.org/about/risks/) is also
available in Arabic, Farsi, French, Russian, Spanish, and Swahili.
*## Creating OONI Community Interview videos*
In previous months, we interviewed community members so that they can share
their work and their experience with using OONI tools and data. The goal of
these interviews is to share how community members around the world make
use of OONI tools and data as part of their work. As an outcome, we hope
that such interviews will encourage others to use OONI tools too, and that
our community members will receive more support for their important work.
Throughout November 2023, we collaborated with a videographer on editing
footage for OONI community interviews. Specifically, we worked on multiple
rounds of video edits and iterations towards producing final short videos
(based on lengthy footage).
*## Rapid response efforts### Kenya blocked Telegram during KCSE 2023 exams*
On 16th November 2023, we were notified by our community that access to
Telegram was intermittently blocked in Kenya. We analyzed OONI data and
rapidly responded on Twitter, where we shared OONI data findings and
charts: https://twitter.com/OpenObservatory/status/1725202738370290053
We were surprised by this block, as this was the first time that we
observed the blocking of a popular instant messaging app in Kenya.
Overall, OONI data shows intermittent signs of Telegram blocking on several
networks in Kenya between 8th to 24th November 2023. The timings of the
blocks correlate with the timings of the KCSE 2023 exams. However, it’s
worth noting that the block did not appear to be implemented on all
networks, as OONI data shows that Telegram was accessible on many other
networks in Kenya in November 2023. Out of all tested networks, Jambonet
appears to have implemented the heaviest restrictions, as Telegram appears
to have been consistently blocked since 8th November 2023. Interestingly,
OONI data only shows signs of Telegram blocking until 24th November 2023,
which was the last day of the KCSE 2023 exams.
We also reported on this case on the OONI Censorship Findings platform:
https://explorer.ooni.org/findings/228466228201
*### Guinea blocked WhatsApp, Telegram, Facebook, Twitter, Instagram, and
YouTube*
As of 24th November 2023, OONI data suggests that some ISPs in Guinea
started blocking access to WhatsApp, Telegram, Facebook, Twitter,
Instagram, and YouTube. OONI data shows that the blocks appear to be
implemented by means of TLS interference.
On 27th November 2023, we responded to this block by sharing relevant OONI
data findings and charts on Twitter:
https://twitter.com/OpenObservatory/status/1729105525437346052
We also reported on this case on the OONI Censorship Findings platform:
https://explorer.ooni.org/findings/296303006301
Recent OONI data suggests that these blocks remain ongoing.
*### Nepal blocked TikTok*
In late November 2023, we were notified by our community that access to
TikTok was blocked in Nepal. We immediately responded by making a public
call for OONI Probe testing (sharing relevant testing instructions) on
Twitter: https://twitter.com/OpenObservatory/status/1729499672694161890
We subsequently published a report on the OONI Censorship Findings
platform, documenting the blocking of TikTok in Nepal based on OONI data:
https://explorer.ooni.org/findings/112092297601
OONI data only shows signs of TikTok blocking in Nepal between 24th to 29th
November 2023.
*## Community use of OONI data### Access Now’s press statement on the
blocking of Telegram in Kenya*
In response to the blocking of Telegram in Kenya, Access Now published a
press statement which cites OONI data:
https://www.accessnow.org/press-release/telegram-kenya-connected-national-e…
*## Community activities### OONI training for human rights defenders in the
DRC*
Between 15th-17th November 2023, OONI’s Maria and Arturo facilitated an
online OONI training for human rights defenders and journalists in the
Democratic Republic of Congo (DRC).
This training was organized by Partenariat pour la Protection Integree
(PPI) and the Integrated Refugee Organization (IRO), and it included 2 OONI
training programmes for 2 groups of human rights defenders and journalists
from the DRC. We were initially intending to travel to Kinshasa to
facilitate a week-long training in person, but we unfortunately were unable
to due to visa issues. As a result, we adapted the training programme
accordingly and facilitated it entirely online.
As part of this online training, we facilitated the following OONI sessions
(twice each for 2 groups):
* Introduction to OONI
* Using OONI Probe and OONI Run: Hands-on workshop
* Updating the DRC test list: Hands-on workshop
* Using OONI Explorer: Hands-on workshop
As part of these sessions, we provided relevant online presentations,
followed by Q&A and hands-on exercises. Due to connectivity issues, we also
created videos for each of the above sessions to enable the participants to
watch the presentations without internet connectivity. To create the
videos, we wrote 4 scripts (one for each session) and we automatically
converted the scripts to French, which were read as part of the videos.
That way, participants were able to watch the video presentations in
French. We also followed up with the participants and organizers to share
the training surveys and relevant resources for further learning.
*### OONI presentation at RIPE 87*
On 28th November 2023, OONI’s Arturo presented the Measurement Aggregation
Toolkit (MAT) as part of a presentation (“Measuring Internet Censorship
with OONI”) at RIPE 87 in Rome, Italy. Information about the event is
available here: https://ripe87.ripe.net/programme/meeting-plan/mat-wg/
*### OONI Community Meeting*
On 28th November 2023, we hosted the monthly OONI Community Meeting on our
Slack channel (https://slack.ooni.org/), during which we shared OONI
updates from the past month, and we discussed our thoughts for improving
future OONI community meetings. As part of this discussion, we asked
participants to share their thoughts and feedback on how we can improve the
structure and format of future OONI community meetings to help make them as
useful as possible to the community.
*## Measurement coverage*
In November 2023, 48,336,322 OONI Probe measurements were collected from
3,134 networks in 174 countries around the world.
This information can also be found through our measurement stats on OONI
Explorer (see chart on “monthly coverage worldwide”):
https://explorer.ooni.org/
~ OONI team.
Hi,
[[_TOC_]]
# Roll call: who's there and emergencies
anarcat, kez, lavamind
# Roadmap review
Everything postponed, to focus on fixing alerts and preparing for the
holidays. A discussion of the deluge and a list of postponed issues
has been documented in [issue 41411][].
[issue 41411]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/41411
# Holidays
We've looked at the coming holidays and allocated schedules for
rotation, documented in the "TPA" Nextcloud calendar. A handoff should
occur on December 30th.
# Next meeting
Planned for January 15th, when we'll hopefully be able to schedule a
roadmap for the coming 2024 year.
Anarcat has ordered 2024 to be better than 2023 or else.
# Metrics of the month
* hosts in Puppet: 88, LDAP: 88, Prometheus exporters: 165
* number of Apache servers monitored: 35, hits per second: 602
* number of self-hosted nameservers: 6, mail servers: 10
* pending upgrades: 0, reboots: 36
* average load: 0.56, memory available: 3.40 TiB/4.80 TiB, running
processes: 420
* disk free/total: 68.51 TiB/131.80 TiB
* bytes sent: 366.92 MB/s, received: 242.77 MB/s
* planned bookworm upgrades completion date: 2024-08-03
* [GitLab tickets][]: 206 tickets including...
* open: 0
* icebox: 159
* backlog: 21
* next: 11
* doing: 5
* needs review: 4
* (closed: 3383)
[Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards
Upgrade prediction graph lives at
https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bookworm/
Now also available as the main Grafana dashboard. Head to
<https://grafana.torproject.org/>, change the time period to 30 days,
and wait a while for results to render.
--
Antoine Beaupré
torproject.org system administration
Hey everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-12-07-15.57.html
And our meeting pad:
Anti-censorship work meeting pad
--------------------------------
Anti-censorship
--------------------------------
Next meeting: Thursday, Dec 14 16:00 UTC
Facilitator: cohosh
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
This week's Facilitator: shelikhoo
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the
Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap:
*
Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
* The anti-censorship team's wiki page:
*
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
* Past meeting notes can be found at:
* https://lists.torproject.org/pipermail/tor-project/
* Tickets that need reviews: from sponsors, we are working on:
* All needs review tickets:
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s…
* Sponsor 96 <-- meskio, shell, onyinyang, cohosh
* https://gitlab.torproject.org/groups/tpo/-/milestones/24
* Sponsor 150 <-- meskio working on it
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na…
== Announcements ==
== Discussion ==
will wait for cohosh to be around:
* manifest v3 deprecation in browsers and snowflake webextension
*
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
* https://developer.chrome.com/blog/resuming-the-transition-to-mv3/
* google chrome will stop supporting mv2 June 2024
* will the snowflake webextension stop working? do we want to
do something? or just recommend firefox?
== Actions ==
== Interesting links ==
*
== Reading group ==
* We will discuss "NetShuffle: Circumventing Censorship with
Shuffle Proxies at the Edge" on December 14
* https://www.cs-pk.com/papers/3/
* Questions to ask and goals to have:
* What aspects of the paper are questionable?
* Are there immediate actions we can take based on this work?
* Are there long-term actions we can take based on this work?
* Is there future work that we want to call out in hopes
that others will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): 2023-11-09
Last week:
- conjure bridge maintenance
- caught a bug in safelog library
-
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- caught problem with domain front in conjure
-
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj…
This week:
- lox tor browser UX integration
- lox distributor testing
- look into alternative domain fronting providers
Needs help with:
dcf: 2023-11-30
Last week:
- did some review of SQS rendezvous merge request
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- answered a question about AMP cache rendezvous in China
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
Next week:
- open issue to have snowflake-client log whenever KCPInErrors
is nonzero
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- parent:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…
- open issue to disable /debug endpoint on snowflake broker
Before EOY 2023:
- move snowflake-02 to new VM
Help with:
meskio: 2023-12-07
Last week:
- prepare and give a talk in the Open Source Security Summit
- grant writing
- investigate gettor telegram not distributing android apks,
was a bug on the TB release
- break down rdsys staging server and fill up the disk with logs
Next week:
- prepare settings anti-listing logic to be reused by HTTP
distributor (rdsys#181)
- setup rdsys staging server (rdsys#170)
Shelikhoo: 2023-12-07
Last Week:
- Work on snowflake performance improvement (WIP):
https://gitlab.torproject.org/shelikhoo/snowflake/-/tree/dev-speedwithudp?r…
Now udp-like transport is slightly faster than tcp-like
ready for a review of its draft
- Merge request reviews
Next Week/TODO:
- Write Tor Spec for Armored URL (continue)
- Work on snowflake performance improvement (WIP):
https://gitlab.torproject.org/shelikhoo/snowflake/-/tree/dev-speedwithudp?r…
- Merge request reviews
onyinyang: 2023-11-30
Last week(s):
- Finished up remaining docs tasks for crates.io publishing
-published all relevant Lox crates to crates.io
- SOTO anti-censorship team presentation preparation
- looked into Telegram bot
- attempted hyper upgrade, many breaking changes so this will
take some work
This week:
- continue Telegram bot dev
- attempt hyper upgrade again
- Splintercon
(long term things were discussed at the meeting!):
https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep
- brainstorming grouping strategies for Lox
buckets (of bridges) and gathering context on how types of bridges are
distributed/use in practice
Question: What makes a bridge usable for a
given user, and how can we encode that to best ensure we're getting the
most appropriate resources to people?
1. Are there some obvious grouping
strategies that we can already consider?
e.g., by PT, by bandwidth (lower
bandwidth bridges sacrificed to open-invitation buckets?), by locale (to
be matched with a requesting user's geoip or something?)
2. Does it make sense to group 3
bridges/bucket, so trusted users have access to 3 bridges (and untrusted
users have access to 1)? More? Less?
Hello everyone!
During the hackweek, I worked on reviewing and updating documentation as
part of the project to clean up and improve entries on our Support
Portal[0]. For Tor Browser, I worked on user support post-release(s) and
handled a couple of bug reports of Tor Browser not working with Windows
7[1], issues with 'New Identity' in Tor Browser[2] and Tor circuit not shown
when the bridge line doesn't contain the fingerprint[3], respectively.
I worked with users in regions where Tor is censored, assisting with using
pluggable transports, investigating Tor logs and collecting some general
user feedback and handled some more tickets in light of our ongoing
year-end campaign; questions including but not limited to downloading
and installing Tor Browser, about letterboxing in Tor Browser,
contributing and volunteering and reports of websites blocking Tor
traffic.
Following is a thorough breakdown of tickets our user support team
handled in November:
# Frontdesk (email support channel)
* 630(↓) RT tickets created
* 710(↓) RT tickets resolved
Tickets by numbers:
1. 285(↑) RT tickets: private bridge requests from Chinese speaking users.
2. 189(↑) RT tickets: circumventing censorship in Russian speaking countries.
3. 6(↓) RT tickets: circumventing censorship with Tor in Farsi.
4. 5 RT tickets: reports of websites blocking Tor traffic.
5. 4 RT tickets: reports of apps on iOS App Store masquerading as Tor Browser.
6. 2 RT tickets: questions on how to download and install Tor Browser.
7. 2(↓) RT tickets: Tor Browser 13 does not work with Windows 7[1]
8. 2 RT tickets: Issue with 'New Identity' on Tor browser[2]
9. 2 RT tickets: The circuit display is not shown when the
bridge line doesn't contain the node fingerprint[3]
Highlighting some other topics we received a single RT ticket for:
10. Help setting up onion service
11. What does 'onionize' in the search bar on about:tor mean?
12. Question about volunteering and contributing
13. Question about letterboxing in Tor Browser[4]
14. Help with using bridges with little-t-tor.
15. Tor Browser crashes when extensions popups are opened with Wayland enabled[5]
16. Instructions to refresh Tor Browser signing key[6]
17. Can I access video conferencing platforms over Tor Browser?
# Telegram, WhatsApp and Signal Support channel
* 559(↓) tickets resolved
Breakdown:
* 532(↓) tickets on Telegram
* 19(↓) tickets on WhatsApp
* 8(↓) tickets on Signal
Tickets by numbers:
1. 327(↓) tickets: circumventing censorship in Russian speaking countries.
2. 47(↑) tickets: private bridge requests from Chinese speaking users.
3. 42(↑) tickets: circumventing censorship with Tor in Farsi.
4. 3(↑) tickets: "Proxy Server Refused Connection" bug not related to the bootstrapping or
using it as a default browser on Tor Browser Android[7]
5. 3 tickets: Queries about the correct Tor app to download for iOS (Onion Browser + Orbot)
6. 2 tickets: Queries about onionsites not available (these particular onion sites are offline)
Highlighting some other topics we received a single ticket for:
7. Help with setting up onion service.
8. Help with GetTor bot on Telegram.
9. Question about some images not visible on Tor Browser (because of HTML5 canvas fingerprinting
is blocked in Tor Browser)
10. Question about Letterboxing in Tor Browser
11. Help with setting up Tor Project's Debian package repository on Debian-based linux[8]
# Highlights from the Tor Forum
1. "(Tor Browser) V13.0.1 Locked Settings and Startup Homepage"[9]
2. Explain what "onionize" in the new Tor Browser homepage does[10]
3. Static Firefox theme and can it affect browser fingerprint?[11]
Thanks!
e.
Note: (↑), (↓) and (-) are indicating if the number of tickets we
received for these topics have been increasing, decreasing or have been
the same from the previous month respectively.
[0]: https://gitlab.torproject.org/tpo/community/hackweek/-/issues/17
[1]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42179
[2]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42244
[3]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42180
[4]: https://support.torproject.org/tbb/maximized-torbrowser-window/
[5]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42306
[6]: https://support.torproject.org/tbb/how-to-verify-signature/
[7]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41289
[8]: https://support.torproject.org/apt/tor-deb-repo/
[9]: https://forum.torproject.org/t/v13-0-1-locked-settings-and-startup-homepage…
[10]: https://forum.torproject.org/t/onionize-site-explanation/10352
[11]: https://forum.torproject.org/t/static-theme-browser-fingerprints-question/1…
Hi all,
I've published a self-organised-session on the congress wiki for a Tor
meetup at 37C3: https://e.as207960.net/w4bdyj/lw7a3gag
If anyone would like to present anything during the meetup let me know.
Thanks,
Q Misell
------------------------------
Any statements contained in this email are personal to the author and are
not necessarily the statements of the company unless specifically stated.
AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace,
Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company
registered in Wales under № 12417574
<https://find-and-update.company-information.service.gov.uk/company/12417574>,
LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876
<https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU
VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №:
522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru
maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca
Digital, is a company registered in Estonia under № 16755226. Estonian VAT
№: EE102625532. Glauca Digital and the Glauca logo are registered
trademarks in the UK, under № UK00003718474 and № UK00003718468,
respectively.
Hi all :)
This is my monthly status report for November 2023 with the main relevant
activities I have done during the period.
## 0. Research
* Analysis about RFC 7686 and transparent proxies:
https://lists.torproject.org/pipermail/tor-dev/2023-November/014862.html
* Tor Browser Quality Assurance for Onion Services: ongoing activities.
## 1. Development
* Worked in many Hackweek projects, and here's the mini-report:
https://rhatto.pages.torproject.net/presentations/2023/hackweek/report/
## 2. Support
* Ongoing sponsored work with deployment, maintenance and monitoring of Onion
Services.
## 3. Organization
Time spent (from the total available for Tor-related work):
| Category | Percentage
|---------------|------------
| Research | 19
| Development | 41
| Support | 12
| Organization | 28
|---------------|------------
| Total | 100
--
Silvio Rhatto
pronouns he/him