- tor-project - lists.torproject.org

OONI Monthly Report: September 2024
by Maria Xynou 17 Oct '24

17 Oct '24

Hello, This email shares OONI's monthly report for September 2024. *# OONI Monthly Report: September 2024* Throughout September 2024, the OONI team’s work can be tracked through the various OONI GitHub repositories: https://github.com/ooni Highlights are shared in this report below. *## New partnership with Digital Rights Nepal* In September 2024, we established a new partnership with Digital Rights Nepal (https://digitalrightsnepal.org/) a leading non-profit organization dedicated to safeguarding and advancing digital rights in Nepal. As part of our partnership, we will collaborate on studying internet censorship in Nepal. We published a page featuring Digital Rights Nepal as a new OONI partner and highlighting their important work: https://ooni.org/partners/digital-rights-nepal/ *## Research report on internet censorship in Kazakhstan* On 19th September 2024, in collaboration with our partners Internet Freedom Kazakhstan (IFKZ) and Eurasian Digital Foundation, we co-published a new research report documenting TLS MITM attacks and the blocking of news media, human rights, and circumvention tool sites in Kazakhstan. We published the research report in both: * English: https://ooni.org/post/2024-kazakhstan-report/ * Russian: https://ooni.org/ru/post/2024-kazakhstan-report/ Our partner, Internet Freedom Kazakhstan (IFKZ), published the following article about our joint research report: https://ifkz.org/ru/article/internet-censorship-in-kazakhstan Our report shares censorship findings based on the analysis of OONI data collected from Kazakhstan over the past year, as well as legal analysis and interviews with a few media representatives. Our analysis of OONI data from Kazakhstan reveals: * TLS Man-In-The-Middle (MITM) attacks * Blocking of at least 17 news media websites * Blocking of petition sites and of the Russian language edition of Amnesty International's website * Blocking of at least 73 circumvention tool websites In almost all cases, the blocks appear to be implemented by means of TLS interference, as OONI data shows that the TLS handshakes result in timeout errors after the Client Hello message. This is observed uniformly on all tested networks in Kazakhstan during the analysis period. Notably, we documented the use of the latest government-mandated root certificate authority (CA) – and its use to emit 6 distinct intermediate certificates – that were used to carry out TLS MITM attacks, targeting at least 14 domains on at least 19 networks in Kazakhstan. We found that these intermediate certificates were even being used to perform MITM attacks during periods of certificate invalidity. Overall, as the timing and types of blocked URLs are consistent across networks, ISPs in Kazakhstan likely implement blocks in a coordinated manner. Coordination among ISPs is further suggested by the fact that we found the same certificate used by 19 distinct ISPs to implement TLS MITM attacks. These TLS MITM attacks raise concerns because such practices weaken the online privacy and security of internet users in Kazakhstan. Our report received press coverage from the following outlets: * FactCheck Kazakhstan: https://factcheck.kz/novosti/internet-tsenzura-v-kazahstane-rezultaty-issle… * Ulysmedia Kazakhstan: https://ulysmedia.kz/rassledovaniya/38144-ramki-rukopozhatiia-i-lichnye-dan… * SecurityLab Russia: https://www.securitylab.ru/news/552299.php * Sledstvie Info: https://sledstvie.info/news/45234-informatcionnaja_izoljatsija_kazahstana_k… *## Report on the blocking of OONI Explorer in Russia* In September 2024, Russia started blocking access to OONI Explorer. We published a report, documenting the blocking of OONI Explorer in Russia based on OONI data: https://ooni.org/post/2024-russia-blocked-ooni-explorer/ On 11th September 2024, we received an email from Roskomnadzor, informing us of their decision to block access to OONI Explorer. On the same day, OONI data shows that ISPs in Russia started implementing the block. While Roskomnadzor mentioned their intention to restrict access to the Russian translation of our circumvention tool reachability measurements, in practice, the restriction is far-reaching. The block restricts access to all OONI data hosted on OONI Explorer. On some networks in Russia, we are able to automatically confirm the blocking of OONI Explorer based on fingerprints. For example, OONI data shows that DNS resolution returns an IP that hosts a block page. As part of this report, we made use of the data analysis capabilities of our upcoming OONI pipeline v5 to produce a chart with the breakdown of failure types and errors that enable the characterization of the block. On most networks in Russia, access to OONI Explorer appears to be blocked by means of TLS interference, as many measurements resulted in timeout errors and connection reset errors right after the Client Hello message during the TLS handshake. On 18th September 2024, our Russian partner, Roskomsvoboda ( https://roskomsvoboda.org/) shared news of the blocking of OONI Explorer with Russian communities via Telegram: https://t.me/ru_tech_talk/560 *## Report on the blocking of Twitter/X in Tanzania* On 30th August 2024, Tanzania blocked access to Twitter/X. In early September 2024, we published a short report on our Censorship Findings platform, documenting the block through OONI data. Our report on the (temporary) blocking of Twitter/X in Tanzania is available here: : https://explorer.ooni.org/findings/188763810301 It’s worth noting that our community members also independently reported on the blocking of Twitter/X in Tanzania through the use of OONI tools and data: https://x.com/MelamiVictoria/status/1829502734078185879 https://x.com/ZainaFoundation/status/1829536688890085645 *## Report on the blocking of Twitter/X in Brazil* On 31st August 2024, Brazil blocked access to Twitter/X. In early September 2024, we published a short report on our Censorship Findings platform, documenting the block through OONI data. Our report on the blocking of Twitter/X in Brazil is available here: https://explorer.ooni.org/findings/174962608001 It’s worth noting that our community members also independently reported on the blocking of Twitter/X in Brazil through the use of OONI tools and data: https://x.com/vesinfiltro/status/1830262921789669543 https://x.com/vinifortuna/status/1830349458384486599 https://x.com/OliverLinow/status/1829846237203333282 *## Presenting thematic censorship findings on OONI Explorer* In September 2024, we started developing the new thematic censorship findings pages for OONI Explorer based on the user research and mockups designed in previous months. These pages will focus on OONI measurements pertaining to News Media (https://github.com/ooni/explorer/issues/940) Social Media (https://github.com/ooni/explorer/issues/939) and Circumvention Tools (https://github.com/ooni/explorer/issues/941) and will offer users a way to explore OONI data focused on these specific themes. We also added support for theme tags that will enable the display of relevant reports on each thematic page of OONI Explorer ( https://github.com/ooni/explorer/pull/965) The launch date of these new pages will be determined in the coming weeks. *## Automating censorship detection and characterization based on OONI measurements* We released the OONI Pipeline v5.0.0-alpha4: https://github.com/ooni/data/pull/83 As part of this release, we: * Added a web interface for viewing observations; * Added an API for returning aggregates of observations; * Added a web view for plotting aggregates of observations; * Added support for performing observation generation using multiple cores (instead of multiple threads since it's CPU bound); * Separated the observation activities into distinct smaller activities allowing for more narrowly scoped scheduling and retry policies; * Changed the type of PrevRange so that it's possible to serialize it in JSON allowing to pass it as a parameter to activities; * Moved the update_assets into the observation activity; * Added support for passing config file via `CONFIG_FILE` environment variable; * Made improvements to the CLI commands; * Dropped several CLI arguments that should only be read from the config file; * Made other improvements related to typing. Following this release, we made some important improvements to the schema of the observation tables. Specifically, we: * Replaced observation_id with observation_idx ( https://github.com/ooni/data/issues/87) * Used the PARTITION KEY for deduplication instead of running deletes ( https://github.com/ooni/data/issues/88) These improvements are mainly targeted towards improving the performance of update operations and making them more robust to reprocessing since deduplication is handled natively using the MergeTree table engine deduplication. *## Data analysis for upcoming research report* As part of an upcoming research report on internet censorship in Russia, we analyzed OONI measurements collected from Russia over the past year. We completed this data analysis in September 2024, and further details about the analysis are available here: https://github.com/ooni/backend/issues/847 *## Activities supported by OTF FOSS### OONI Explorer* Notably, we launched an improved navigation menu for OONI Explorer ( https://explorer.ooni.org/) This work is available here: https://github.com/ooni/explorer/pull/950 Based on community feedback shared through our user research in previous months, we improved the navigation menu of OONI Explorer to enhance the discoverability of resources and to enable us to add upcoming new pages in the next months. *### OONI Probe Mobile* We continued to make progress on our multi-platform project that aims to refactor the OONI Probe mobile app. After making good progress on our internal MVP, we turned our attention to leveraging our initial work to start developing the iOS version of Deutsche Welle’s News Media Scan application. This includes tasks like creating the onboarding flow ( https://github.com/ooni/probe-multiplatform/issues/104) building the results summary view (https://github.com/ooni/probe-multiplatform/issues/109) and adding the ability to filter results ( https://github.com/ooni/probe-multiplatform/issues/98) Additionally, we worked on the ability to update OONI Run v2 tests for our own internal MVP ( https://github.com/ooni/probe-multiplatform/issues/53) Here is a list of all issues completed in September 2024 for our multi-platform project: https://github.com/ooni/probe-multiplatform/issues?q=is%3Aissue+is%3Aclosed… *### OONI Run* As part of our final preparation for the launch of OONI Run v2, we took steps to ensure that by releasing OONI Run v2 we would not accidentally introduce any bugs that cause a drop in measurements. We improved our ability to filter measurements by different release channels, ensuring we can filter measurements by our open testing or “beta” channel for our Android application on the Google Play store. This way, we can more accurately compare different versions of our applications as we make changes and enhancements so we can increase our confidence in not introducing issues (https://github.com/ooni/probe/issues/2803) *### OONI Backend Maintenance & DevOps* We worked on switching api.ooni.org to be served from AWS ( https://github.com/ooni/devops/issues/94) focusing first on what was necessary for the OONI Run v2 project so that both the mobile application and the web-based dashboard use the production API. As part of that work, we had to move our test helpers back to Digital Ocean as AWS was proving too costly (https://github.com/ooni/devops/issues/91) We also worked on several other items related to this overall task. ( https://github.com/ooni/devops/issues/93, https://github.com/ooni/devops/issues/95) *## Hiring process for OONI Junior Backend Developer job opening* As part of the ongoing hiring process for a new OONI Junior Backend Developer (https://ooni.org/post/2024-job-opening-ooni-backend-developer/) we continued to review incoming applications and interview shortlisted candidates. *## Test list updates* Throughout September 2024, we did multiple minor updates to the test lists for Kenya, Algeria, Iran, Armenia, Georgia, and Uganda, as well as to the Global test list. All of these updates have been merged ( https://github.com/citizenlab/test-lists/pulls?q=is%3Apr+is%3Aclosed) We also reviewed and merged a more extensive update to the Cambodian test list submitted by the iMAP project: https://github.com/citizenlab/test-lists/pull/1699/files *## Collaboration with agency to boost OONI’s social media presence* In September 2024, we started collaborating with Latte ( https://www.lattecreative.com/en/) an agency in Rome which supports organizations (including many nonprofit organizations, such as Amnesty International and Greenpeace) on improving their communication, branding, advocacy, and fundraising efforts. We are collaborating with Latte on designing an end-of-year fundraising strategy with the goal of boosting OONI’s donations, as well as on improving OONI’s communication and social media presence. *## Fellowship at the Berkman Klein Center for Internet and Society* In September 2024, OONI’s Maria started a research fellowship at the Berkman Klein Center for Internet and Society at Harvard University. As part of her year-long fellowship, Maria will explore how internet censorship changed globally over the past eight years through OONI data. She will also carry out interviews to explore the role of advocacy and circumvention tool groups in responding to emergent censorship events. More information about the 2024-2025 Berkman Klein Center fellowship cohort is available here: https://cyber.harvard.edu/story/2024-07/incoming-2024-25-bkc-fellows *## Rapid response### Blocking of Telegram in El Salvador* On 15th September 2024, El Salvador blocked access to Telegram. On the same day, we rapidly responded by sharing relevant OONI data and findings on social media: https://x.com/OpenObservatory/status/1835360393906074078 The information we shared included a chart produced by OONI data analysis that we performed to examine the reachability of Telegram IPs in El Salvador by probe ASN and target. We found that access to Telegram was blocked on at least 5 networks in El Salvador (starting from around 4am UTC on 15th September 2024), with some ISPs blocking access to Telegram IPs, while others blocked access to Telegram by means of TLS interference. This blocking event resulted in a significant OONI measurement spike in El Salvador on 15th September 2024, as well as in ongoing measurement coverage thereafter (suggesting increased OONI Probe adoption and use of automated testing following the block). This is evident through aggregated OONI measurement coverage in El Salvador: https://explorer.ooni.org/chart/mat?probe_cc=SV&since=2024-08-12&until=2024… *## Community use of OONI tools and data### Sinar Project Blocked or Not tool* Notably, our long-term Malaysian partner, Sinar Project ( https://sinarproject.org/) launched a new “Blocked or Not” tool, which makes use of our miniooni research client and submits data to OONI. Their tool is available here: https://blockedornot.sinarproject.org/ Sinar Project’s Blocked or Not tool is a web service that enables users to easily and quickly check if a website is blocked or not in Malaysia. *### Sinar Project report on the blocking of an entertainment platform* On 20th September 2024, our partner, Sinar Project ( https://sinarproject.org/) published a report documenting the blocking of ArtStation.com, a prominent platform for showcasing games, film, media, and entertainment art. As part of their report, Sinar Project made use of OONI data and encouraged further OONI Probe testing in Malaysia. Read their report here: https://imap.sinarproject.org/resources/internet-censorship-update-blocking… *### Access Now’s press statement on the blocking of Twitter/X in Tanzania* In response to the blocking of Twitter/X in Tanzania, Access Now published a press release condemning the blocking of the platform. Their press release cites OONI data as technical evidence on the block. Read their press statement here: https://www.accessnow.org/press-release/civil-society-asks-who-blocked-x-ta… *### Cloudflare blog post on a global assessment of third-party connection tampering* In September 2024, Cloudflare published a blog post providing a global assessment of third-party connection tampering: https://blog.cloudflare.com/connection-tampering/ As part of this post, they provide case studies through which they compare Cloudflare TCP connection anomalies with OONI reports of connection tampering. Specifically, they compared anomalous Cloudflare TCP connection data with relevant OONI data from our reports on connection tampering cases in Tanzania and Ethiopia, and found that relevant Cloudflare data was consistent with OONI data. This is very interesting because by publishing data on TCP connection anomalies ( https://radar.cloudflare.com/security-and-attacks#tcp-resets-and-timeouts) Cloudflare enable researchers to have stronger signals of connection tampering when compared (and corroborated) with OONI data (and other relevant datasets). Learn more about the launch of Cloudflare Radar’s new dashboard on TCP resets and timeouts here: https://blog.cloudflare.com/tcp-resets-timeouts/ *## Community activities### Workshop for human rights defenders in Nepal* On 19th September 2024, OONI’s Elizaveta facilitated an online OONI workshop for human rights defenders in Nepal. This workshop was hosted in coordination with our new partner, Digital Rights Nepal ( https://ooni.org/partners/digital-rights-nepal/) *### Quarterly OONI Partner Meeting* On 20th September 2024, we hosted the quarterly OONI Partner Meeting via an online video platform. As part of this meeting, we presented and discussed the OONI training calendar for October 2024 and November 2024, which will involve a series of online OONI workshops that we will facilitate for our partners. These workshops include: * Introduction to internet censorship (9th October 2024) * How to use OONI Probe (16th October 2024) * OONI Run v2 demo (23rd October 2024) * Maintaining/updating the Citizen Lab test lists (6th November 2024) * OONI Explorer #1 (13th November 2024) * OONI Explorer #2 (20th November 2024) As part of these upcoming workshops, we aim to share relevant skills and knowledge to enable our partners to participate in OONI censorship measurement activities in their countries and regions. As an outcome, we hope that our partners will be equipped to share such knowledge further with their communities. As part of our Quarterly Partner Meeting, we also discussed updates to our partnership MoUs, plans for censorship monitoring during the upcoming 2025 elections around the world, as well as plans for other future partner events. *### Global Gathering 2024* Between 27th-29th September 2024, OONI’s Elizaveta and Jessie traveled to Portugal to attend the Global Gathering 2024. The detailed agenda of the event is available here: https://wiki.digitalrights.community/index.php?title=Global_Gathering_Agend… As part of their participation, Elizaveta and Jessie: Hosted an OONI booth, during which they provided a live demo of our upcoming OONI Run v2 tool and shared OONI swag (27th and 29th September 2024) Facilitated a discussion on rapid response (28th September 2024) *### OONI Community Meeting* On 24th September 2024, we hosted the monthly OONI Community Meeting on our Slack channel (https://slack.ooni.org/) As part of this meeting, we provided updates from the OONI team, and we discussed the recent blocking of OONI Explorer in Russia, as well as the (global) community’s need to measure the availability of more VPN services and protocols. *## Measurement coverage* In September 2024, 56,049,250 OONI Probe measurements were collected from 3,182 networks in 176 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on “monthly coverage worldwide”): https://explorer.ooni.org/ ~ OONI team.

1 0

Anti-censorship team meeting notes, 2024-10-17
by Shelikhoo 17 Oct '24

17 Oct '24

Hey everyone! Here are our meeting logs: https://gitlab.torproject.org/-/snippets/206 And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, October 24 16:00 UTC Facilitator: meskio ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * == Discussion == (Oct 10 New): * Prepare DeploymentTool for Publishing * https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… (Oct 17 New) * Start Snowflake Broker Transition? * Installation guide updated at https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Gui… * shelikhoo will run the port scan test from https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…, then tell dcf to reallocate resources from the current broker VM to the new one. * Is there a good case study for bridge blocking that would be represented well for a particular region in tor metrics * context: running a simulation for troll-patrol * possible ideal scenario: known instance of a country uniformly blocking obfs4 * https://gitlab.torproject.org/tpo/network-health/metrics/timeline * https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/blo… * https://censorbib.nymity.ch/#Ramesh2023a Section 6.2 * https://www.bamsoftware.com/papers/snowflake/#block-ru * "Analyzing China's Blocking of Unpublished Tor Bridges" https://censorbib.nymity.ch/#Dunna2018a https://groups.google.com/g/traffic-obf/c/-z0gzKONGtI == Actions == == Interesting links == == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-10-17 Last week: - mostly afk - started iptproxy rewrite This week: - catch up on reviews and todos - finish iptproxy rewrite - finish snowflake dependency upgrades that were causing problems - take a look at snowflake web and webext translations and best practices - make changes to Lox encrypted bridge table - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/147 Needs help with: dcf: 2024-10-17 Last week: - snowflake azure CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: - tell me when to restart the brokers for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… meskio: 2024-10-17 Last week: - plan the work on snowflake proxy packaging - distribute vanilla bridges in HTTPS (rdsys!420) - use lyrebird in obfs4-bridge docker image (docker-obfs4-bridge!16) - rotate internet archive gettor passwords after the breach (rdsys#241) - create a golang base container in our gitlab (tpa/base-images!32) Next week: - investigate if bridges are still jumping distributors (rdsys#232) Shelikhoo: 2024-10-17 Last Week: - [Next Action Pending] snowflake broker update/reinstall(cont.): https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - [Awaiting Review] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) improvements - [Awaiting Input] Review CI: fix `latest` container image tag. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Setup vantage point cn-next-2 (https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/…) - Update probetest image(https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measur… - Merge request reviews Next Week/TODO: - Merge request reviews - Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.) ( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) improvements - Work on finishing snowflake container release(and fix the comments) - Work on Parpare DeploymentTool for Publishing https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… - Update vantage point image on cnnext, russia onyinyang: 2024-10-17 Last week(s): - continue troll-patrol integration for Lox bridge blockage detection Next week: - finish up exploratory and cursory troll-patrol integration for Lox bridge blockage detection - update lox protocols to return duplicate responses for an already seen request - implement and deploy test distributor - Work on outstanding milestone issues: in particular: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/69 - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2024-09-12 Last weeks: - Next weeks: - Update Snowflake to use latest pion upstream releases, waiting for WebRTC v4 beta. - Test Snowflake fork with covert-dtls - Condensing thesis into paper Help with: - Feedback on thesis Facilitator Queue: meskio onyinyang shelikhoo 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue

1 0

Tor Relay Operator Community Health - Final report (June 2024)
by gus 17 Oct '24

17 Oct '24

Hello, I wanted to share the "Tor Relay Operator Community Health - Final Project report" (June 2024) made by Ana and Victoria. You can access the report via these links: - Main report: https://www.sr2.uk/reports/2024-TorRelayOperatorCommunityHealth.pdf - Mirror: https://gitlab.torproject.org/-/project/60/uploads/846d7d1816aee92fd2ee283b… best, Gus -- The Tor Project Community Team Lead

1 0

minutes from the sysadmin meeting
by Antoine Beaupré 16 Oct '24

16 Oct '24

# Roll call: who's there and emergencies No emergencies, some noises in Karma because of TLS monitoring misconfigurations. - anarcat - groente - lavamind - lelutin (late) - zen Note: we could have the star of the week responsible for calling and facilitating meetings, instead of always having anarcat do it. # Dashboard review Normal per-user check-in: * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… General dashboards: * https://gitlab.torproject.org/tpo/tpa/team/-/boards/117 * https://gitlab.torproject.org/groups/tpo/web/-/boards * https://gitlab.torproject.org/groups/tpo/tpa/-/boards Note: ~"First contribution" labels issues that are good for people looking for small, bite-sized chunks of easy work. It is used across GitLab, but especially in the `tpo/web` namespace. # Roadmap review Review priorities for October and the quarter. Here are the focuses of people in the team: - lavamind: web issues (build times, search boxes, share buttons), then Puppet 7 server upgrade, possibly Ganeti cluster upgrades after - anarcat and groente will focus on mail (mailman 3 and SRS, respectively) - lelutin will focus on finishing high priority work in the phase B of the Prometheus roadmap - zen will focus on the Nextcloud work and merge roadmap # Next meeting In the next meeting, we'll need to work on: - holidays shift rotations planning - roadmap 2025 brainstorming and elaboration # Metrics of the month * hosts in Puppet: 90, LDAP: 90, Prometheus exporters: 536 * number of Apache servers monitored: 34, hits per second: 594 * number of self-hosted nameservers: 6, mail servers: 10 * pending upgrades: 0, reboots: 0 * average load: 0.66, memory available: 3.51 TiB/4.98 TiB, running processes: 300 * disk free/total: 67.69 TiB/140.19 TiB * bytes sent: 469.78 MB/s, received: 305.60 MB/s * planned bookworm upgrades completion date: 2024-09-09 * [GitLab tickets][]: 259 tickets including... * open: 0 * icebox: 164 * future: 20 * needs information: 6 * backlog: 43 * next: 10 * doing: 8 * needs review: 9 * (closed: 3716) [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards Upgrade prediction graph lives at https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bookworm/ Now also available as the main Grafana dashboard. Head to <https://grafana.torproject.org/>, change the time period to 30 days, and wait a while for results to render. -- Antoine Beaupré torproject.org system administration

1 0

Anti-censorship team meeting notes, 2024-10-10
by onyinyang 10 Oct '24

10 Oct '24

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-10-10-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, October 10 16:00 UTC Facilitator: shelikhoo ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * == Discussion == (Oct 3:) * Broker installation over at: * snowflake-broker-debianupgradestaging-j33r3zahe.torproject.net * ready to be tested and then switch to be the primary broker * ./proxy -nat-probe-server https://snowflake-broker-debianupgradestaging-j33r3zahe.torproject.net:8443… -broker https://snowflake-broker-debianupgradestaging-j33r3zahe.torproject.net/ -verbose * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Follow up Oct 10: * Testing from commandline worked * testing from tor browser still connects to original broker but should be fine once domain name is switched (Oct 10 New): * Prepare DeploymentTool for Publishing * https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… == Actions == == Interesting links == == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-09-26 Last week: - worked with meek bridge operator to update domain names - dove into family support for bridges (tor#40935) - TROVE-2024-012 - merged and then unmerged kcp library update This week: - take a look at WofWca's big changes to snowflake - finish snowflake dependency upgrades that were causing problems - take a look at snowflake web and webext translations and best practices - make changes to Lox encrypted bridge table - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/147 dcf: 2024-10-03 Last week: - more review of snowflake webextension Manifest V3 running in background https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - commented installation procedure for replacement snowflake broker https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - snowflake azure CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: - tell me when to restart the brokers for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… meskio: 2023-10-03 Last week: - Travel to the Global Gathering Next week: - investigate if bridges are still jumping distributors (rdsys#232) - plan the work on snowflake proxy packaging Shelikhoo: 2024-10-10 Last Week: - snowflake broker update/reinstall(cont.): https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) improvements - Review CI: fix `latest` container image tag. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Merge request reviews Next Week/TODO: - Merge request reviews - Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.) ( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) improvements - Work on finishing snowflake container release(and fix the comments) - Work on Parpare DeploymentTool for Publishing https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… onyinyang: 2023-10-10 Last week(s): - continue troll-patrol integration for Lox bridge blockage detection Next week: - continue troll-patrol integration for Lox bridge blockage detection - update lox protocols to return duplicate responses for an already seen request - Work on outstanding milestone issues: in particular: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/69 - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2024-09-12 Last weeks: - Next weeks: - Update Snowflake to use latest pion upstream releases, waiting for WebRTC v4 beta. - Test Snowflake fork with covert-dtls - Condensing thesis into paper Help with: - Feedback on thesis Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

Tor Browser Meeting Rescheduled to 15 October, 2024
by Morgan 07 Oct '24

07 Oct '24

Hi folks, Next Monday is a holiday, so our regularly scheduled meeting will be delayed a day to Tuesday the 15th at 1500 UTC in #tor-meeting. best, -morgan

1 0

cohosh's monthly status report, September 2024
by Cecylia Bocovich 05 Oct '24

05 Oct '24

Hi! This is my status report for contract work done in September 2024. I was AFK for a lot of the month, and spent a lot of my time catching up on gitlab reviews and todos. I also did a bit of work on grant writing to fund Conjure development, which ended up falling through, but should hopefully be useful for a future application. # Snowflake Most of my work on snowflake this month was reviewing or commenting on several large merge requests. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… There was a bug in the snowflake web extension that caused us to lose more browser proxies. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… We also had some upstream library upgrades that caused CI failures. These have yet to be fully addressed, but I spent some time narrowing down the causes. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… # meek We have some follow up tasks for the meek bridge handover. I reached out to the bridge operator to help switch over domains and take care of a few remaining tasks. https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/133 https://gitlab.torproject.org/tpo/tpa/team/-/issues/41742 Dove into family support for bridges and caught TROVE-2024-012 https://gitlab.torproject.org/tpo/core/tor/-/issues/40976

1 0

ebanam's monthly status report and user support report for September 2024
by ebanam 04 Oct '24

04 Oct '24

Hello everyone, This is a summary of the work I did in the month of September followed by a more detailed report of the work done by our user support team. I made some small additions to the user-facing documentation on our Support Portal[0]. With 7 Tor Browser (Alpha and Stable) releases in the month, I answered a number of Tor Browser related user support tickets and allocated some time to test the latest Alpha releases. Majority of my work was dedicated to help users in regions where Tor is censored which includes but is not limited to helping users with instructions to download Tor Browser binaries from GetTor and/or official mirrors, verifying Tor Browser's GPG signature, help with using censorship circumvention methods that works best for them and overall troubleshooting. Here's a more detailed breakdown of the tickets our user support team worked on last month: # Frontdesk (email user support channel) * 543(↓) RT tickets created * 712(↑) RT tickets resolved Tickets by topics and numbers: 1. 322(↓) RT tickets: private bridge requests from Chinese speaking users. 2. 193(↓) RT tickets: circumventing censorship in Russian speaking countries. 3. 8 RT tickets: help with installing Tor Browser on desktop operating systems. 4. 6 RT tickets: questions about Tor Browser dropping support for legacy operating systems, i.e. Windows 7/8/8.1 and macOS ≤ 10.14[1]. 5. 3 RT tickets: questions about using Tor from users in Brazil after X (Twitter) was blocked. 6. 3 RT tickets: Captchas missing when fetching bridges from BridgeDB[2]. 7. 3 RT tickets: instructions to download Tor Browser binaries from GetTor (email and Telegram). 8. 3 RT tickets: questions about contributing to Tor. 9. 2(↓) RT tickets: circumventing censorship with Tor in Farsi. 10. 2 RT tickets: help with instructions to verify Tor Browser signature. 11. 2 RT tickets: reports of Letterboxing in Tor Browser visible even if disabled with tiled window managers[3]. 12. 2 RT tickets: reports of websites blocking Tor. 13. 2 RT tickets: reports of fake apps on iOS AppStore masquerading as official Tor Browser. 14. 2 RT tickets: how to add/change default search engine on Tor Browser. 15. 2 RT tickets: questions about the 'Security Levels' in Tor Browser. 16. 1 RT ticket: help with setting up a Snowflake proxy. 17. 1 RT ticket: help with setting up a Bridge relay. 18. 1 RT ticket: anti-virus (on Windows) blocking Tor Browser. # Telegram, WhatsApp and Signal Support channel * 814(↑) tickets resolved Breakdown: * 773(↑) tickets on Telegram * 41(↑) tickets on WhatsApp * 0(-) ticket on Signal Tickets by topics and numbers: 1. 471(↓) tickets: circumventing censorship in Russian speaking countries. 2. 45(↓) tickets: circumventing censorship with Tor in Farsi. 3. 30(↑) tickets: private bridge requests from Chinese speaking users. 4. 20 tickets: helping users on iOS, using Onion Browser or Orbot, to use censorship circumvention methods. 5. 11 tickets: instructions on how to get Tor Browser binaries from GetTor. 6. 8 tickets: questions about what onion services are and how to access them. 7. 6 tickets: help with using bridges with Orbot. 8. 5 tickets: help with troubleshooting Tor Browser install on Linux. 9. 4 tickets: troubleshooting Tor Browser install on Android. 10. 3 tickets: instructions to use bridges with Tails. 11. 2 tickets: help with troubleshooting Tor Browser install on macOS. 12. 2 tickets: help with setting up Snowflake proxy. 13. 2 tickets: help with using bridges with little-t-tor. 14. 1 ticket: question about using Tor from a user in Brazil after X (Twitter) was blocked. # Highlights from the Tor Forum 1. Call for alpha testers to help test the latest Tor Alpha before Tor Browser 14 release[4]. 2. Disable compatibility mode on Windows 10/11 to not get notified about Tor Browser dropping support for legacy operating systems[5][1]. 3. NoScript per-site permissions on Tor Browser[6]. 4. Do not disable NoScript in Tor Browser[7]. Thanks! e. Note: (↑), (↓) and (-) are indicating if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively. [0]: https://gitlab.torproject.org/tpo/web/support/-/commits/main?author=ebanam [1]: https://support.torproject.org/tbb/tor-browser-and-legacy-os/ [2]: https://lists.torproject.org/pipermail/tor-relays/2024-September/021868.html [3]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42670 [4]: https://forum.torproject.org/t/new-alpha-release-tor-browser-14-0a7/14862 [5]: https://forum.torproject.org/t/dont-understand-warning-about-windows-releas… [6]: https://forum.torproject.org/t/noscript-per-site-permissions-question-about… [7]: https://forum.torproject.org/t/should-i-disable-noscript-in-tor-browser/144…

1 0

Anti-censorship team meeting notes, 2024-10-03
by meskio 03 Oct '24

03 Oct '24

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-10-03-16.00.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, October 10 16:00 UTC Facilitator: onyinyang ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * == Discussion == (Sep 26 New:) * probetest delay-before-disconnect to reduce incorrect "restricted" measurements * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * shelikhoo will deploy next week, maybe Monday 2024-09-30 (Oct 3 New:) * Broker installation over at: * snowflake-broker-debianupgradestaging-j33r3zahe.torproject.net * ready to be tested and then switch to be the primary broker * ./proxy -nat-probe-server https://snowflake-broker-debianupgradestaging-j33r3zahe.torproject.net:8443… -broker https://snowflake-broker-debianupgradestaging-j33r3zahe.torproject.net/ -verbose * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… == Actions == == Interesting links == Notes from our circle on signalling channel at the Global Gathering are posted: - https://pad.riseup.net/p/GG-2024-Day2-Village1b == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-09-26 Last week: - worked with meek bridge operator to update domain names - dove into family support for bridges (tor#40935) - TROVE-2024-012 - merged and then unmerged kcp library update This week: - take a look at WofWca's big changes to snowflake - finish snowflake dependency upgrades that were causing problems - take a look at snowflake web and webext translations and best practices - make changes to Lox encrypted bridge table - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/147 dcf: 2024-10-03 Last week: - more review of snowflake webextension Manifest V3 running in background https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - commented installation procedure for replacement snowflake broker https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - snowflake azure CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: - tell me when to restart the brokers for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… meskio: 2023-10-03 Last week: - Travel to the Global Gathering Next week: - investigate if bridges are still jumping distributors (rdsys#232) - plan the work on snowflake proxy packaging Shelikhoo: 2024-10-03 Last Week: - snowflake broker update/reinstall(cont.): https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) improvements - Merge request reviews Next Week/TODO: - Merge request reviews - Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.) ( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) improvements - Work on finishing snowflake container release onyinyang: 2023-10-03 Last week(s): - Global Gathering Next week: - continue troll-patrol integration for Lox bridge blockage detection - update lox protocols to return duplicate responses for an already seen request - Work on outstanding milestone issues: in particular: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/69 - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2024-09-12 Last weeks: - Next weeks: - Update Snowflake to use latest pion upstream releases, waiting for WebRTC v4 beta. - Test Snowflake fork with covert-dtls - Condensing thesis into paper Help with: - Feedback on thesis Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

Rhatto's Monthly Status Report, September 2024
by rhatto 02 Oct '24

02 Oct '24

Hi all :) This is my monthly status report for September 2024 with the main relevant activities I have done, was involved or are related to my work during the period. For other Onion Services news, check this post: https://forum.torproject.org/t/some-news-from-the-onionspace-2024-09/14963 # Planning Helped with the overall planning for the upcoming Onion Service tooling development. It allowed me to figure out priorities, and finally clean my backlog. This also resulted in creating an Onion Services feature matrix comparing Arti and C Tor: https://onionservices.torproject.org/dev/implementations/ The current plan is summarized below. ## Oniongroove - next generation onionsite manager Project page: https://onionservices.torproject.org/apps/web/oniongroove/ Plan: have Oniongroove acting as a middleware, abstracting specifics from the underlying Tor (and perhaps the HTTPS rewriting proxy) implementation. Advantages: it might be easier for Onion Service Operators to adopt a tool supporting both backends. They can start using the C Tor backend and later on switch for Arti, eg. once the needed feature set becomes supported. Current goals: * Goal 1: support both C Tor and Arti as backends (prototype). * Goal 2: feature-parity with Onionspray, for the C Tor backend (taking some onionsites we manage as a reference for the requirements); migration procedure from Onionspray (production-ready). ## Onionspray - current onionsite manager Project page: https://onionservices.torproject.org/apps/web/onionspray/ Current focus: * Keep supporting Onionspray until there's feature parity with Oniongroove, plus a migration procedure. * Merge requests are welcome :) ## Onionbalance - load balancer for Onion Services Project page: https://onionservices.torproject.org/apps/base/onionbalance/ The road mapping discussion for Onionbalance is still ongoing. Meanwhile, my focus would be to keep the software working, and going through issues and MRs when doable. It's still uncertain how load balancing with Onion Services should be done in the long term, since: * Proof of Work (PoW) Support in Onionbalance is still in the discussion phase: https://gitlab.torproject.org/tpo/onion-services/onionbalance/-/issues/13 * A replacement built-in directly on Arti still needs design; it will possibly be based on changes in the descriptor; a publisher node would be way simpler than the current functionality. There's still no timeline for that. On the other hand, Onionbalance is basically a descriptor publisher. So, roughly speaking, migrating away from Onionbalance to an Arti-equivalent implementation won't require Operators to migrate all their C Tor setup to Arti: they could just replace their Onionbalance instance with something else and keep all their backend onionsites with C Tor for a while. That said, depending on the design changes to implement PoW, it would still be needed to backport this feature to the C Tor backends and clients, which may not be a lot of stuff (possibly just descriptor changes). In summary, one way to move forward could be (but these are still only speculations): 1. Creating a spec for PoW with descriptor-based load balancing: this seems to be mostly about (new) descriptor field(s). 2. Evaluate/scope what would be needed to: * Implement this both for Onionbalance. Maybe it's just a few changes... * Implement this on Arti. That involves implementing the whole load balancing feature. * Backport the changes needed on C Tor both for backends and clients. 3. Then we could decide whether to do it for Onionbalance to win time, or just skip it in favor of a migration. ## Onionprobe - monitoring tool for onionsites Project page: https://onionservices.torproject.org/apps/web/onionprobe/ Current focus: properly set the Grafana dashboard within Tor Project: https://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/93 Support for the Arti backend was postponed to future (2026+), after Arti's RPC is stabilized. This is being tracked at https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/86 There are lots of ideas for improvements, that may be implemented opportunistically. # Documentation Did some documentation updates, including: * The Certificate Proposals page: https://onionservices.torproject.org/research/proposals/usability/certifica… * Some roadmap scenarios (but these still need more work): https://onionservices.torproject.org/research/scenarios/ux/ https://onionservices.torproject.org/research/scenarios/network/ -- Silvio Rhatto pronouns he/him

1 0