- tor-project - lists.torproject.org

PieroV's Monthly Status Report, July 2024
by Pier Angelo Vendrame 01 Aug '24

01 Aug '24

Hi everyone! Here is my status report for July 2024. I worked almost exclusively on the ESR transition also this month. I reviewed the rebased patchset more deeply to find potential runtime and logic errors caused by upstream changes or similar problems [0]. For example, upstream worked a lot on search engines, and the patch we had for providing our custom default selection broke as a result, and we had to re-implement it. Then, before the 14.0a1 release, I rebased Tor Browser and Mullvad Browser onto 128.0. After that, I switched to audits. During every ESR transition, we check all the bugs Mozilla closed to see if some need particular attention [1]. Until last year, this work was carried out only by a person. This year, we decided to spread it to all the team and have multiple persons review each Firefox version. I was assigned Firefox 116 to 119, and so far, I've reviewed 119+118 and started 117. Apart from that, I worked on the usual maintenance tasks: I rebased the 13.5 series onto 115.13.0esr for 13.5.1 at the beginning of the month, and yesterday, I rebased onto 115.14.0esr and 128.1.0esr for 13.5.2 and 14.0a2, respectively. Finally, I worked on sunsetting Windows 7 support on 14.0 [2], and I updated our pipeline to fetch Firefox's translations after they were moved to GitHub [3], as this blocked 13.5.1. Cheers, Pier [0] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42616 [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42757 [2] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [3] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…

1 0

Anti-censorship team meeting notes, 2024-07-25
by meskio 25 Jul '24

25 Jul '24

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-07-25-16.00.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, August 1 16:00 UTC Facilitator: shelikhoo ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * Roger wrote up his Snowflake blocking experiment notes, https://lists.torproject.org/pipermail/anti-censorship-team/2024-July/00034… -- more hackweek/experiment opportunities remain :) == Discussion == == Actions == == Interesting links == * https://arxiv.org/abs/2405.13310 "Bytes to Schlep? Use a FEP: Hiding Protocol Metadata with Fully Encrypted Protocols" * update to https://censorbib.nymity.ch/#Fenske2023a "Security Notions for Fully Encrypted Protocols" from FOCI 2023 * https://github.com/tst-race/raceboat/tree/documentation Raceboat source code * https://github.com/v2fly/v2ray-core/discussions/3096 * V2Ray has received a security audit from 7ASecurity * https://www.opentech.fund/security-safety-audits/v2ray-security-audit/ == Reading group == * We will discuss "" on * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-06-27 Last week: - snowflake-webext updates - reviewed mv3 prototype - helped onyinyang on rebasing and debugging wasm-bindgen - worked on squashing Conjure PT into lyrebird - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre… - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… This week: - take a look at snowflake web and webext translations and best practices - make changes to Lox encrypted bridge table - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/147 Needs help with: dcf: 2024-07-11 Last week: - snowflake azure CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - review snowflake unreliable+unordered data channels rev2 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker - move snowflake-02 to new VM Help with: - tell me when to restart the brokers for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… meskio: 2023-07-25 Last week: - investigate what builtin bridges are offline and contact operators (team#141) - work on Sponsor 96 final report - ignore dots on emails on the email distributor (rdsys#208) Next week: - check if lyrebird reduces size removing old PTs (lyrebird#40016) Shelikhoo: 2024-07-25 Last Week: - Chrome Manifest V3 transition: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Merge request review - S96 Report Response to feedback - Merge request reviews Next Week/TODO: - Merge request reviews - Chrome Manifest V3 transition: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… onyinyang: 2023-07-25 Last week(s): - FOCI/PETS online - Working on tor-browser integration with updated lox-wasm binary: - switched back to building modules and using them with a downloaded Tor browser - tor-browser-build was mixing up inputs for one function which caused the module to error at load time, flipping them seems to have fixed the error - updating Lox module for key rotation logic - Identified that the lastPassed variable is not working as expected for Lox: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/209 and is probably the reason behind this issue: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/milestones/1#tab-is… Next week: - continue with key rotation integration work - fix lastPassed issue in rdsys (or lox if the rdsys fix is too complicated) - Work on outstanding milestone issues: in particular: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/69 - key rotation automation Later: - begin implementing some preliminary user feedback mechanism to identify bridge blocking based on Vecna's work - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2023-07-11 Last weeks: - Completed my master thesis (https://theodorsm.net/thesis) - Had some time off Next weeks: - Wait for pion upstream releases - Test Snowflake fork with covert-dtls - Condensing thesis into paper Help with: - Feedback on thesis Facilitator Queue: shelikhoo onyinyang meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

Anti-censorship team meeting notes, 2024-07-11
by onyinyang 11 Jul '24

11 Jul '24

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-07-11-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, July 25 16:00 UTC Facilitator: meskio ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * No meeting next week July 18, people are at PETS. == Discussion == - Censorship in Russia: - Apple blocking apps in Russia: https://github.com/net4people/bbs/issues/377 - Some fake Tor apps were affected too: https://applecensorship.com/app-store-monitor/test/Onion%20Browser - Tor bridges issue: https://ntc.party/t/%D0%B1%D0%BB%D0%BE%D0%BA%D0%B8%D1%80%D0%BE%D0%B2%D0%BA%… - Some tor web mirrors were blocked too - ticket discussing this ongoing situation in censorship-analysis: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… == Actions == == Interesting links == * https://theodorsm.net/thesis * "Reducing distinguishability of DTLS for usage in Snowflake" Master thesis by Theodor Signebøen Midtlien (theodorsm) https://theodorsm.net/thesis * will be condensed into a paper in the near future which we will discuss in a reading group * https://forum.torproject.org/t/snowflake-daily-operations-june-2024-update/… == Reading group == * We will discuss "" on * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-06-27 Last week: - snowflake-webext updates - reviewed mv3 prototype - helped onyinyang on rebasing and debugging wasm-bindgen - worked on squashing Conjure PT into lyrebird - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre… - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… This week: - take a look at snowflake web and webext translations and best practices - make changes to Lox encrypted bridge table - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/147 Needs help with: dcf: 2024-07-11 Last week: - commented on news report of Chinese involvement in VPN blocking in Myanmar https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… - archived snowflake-webextension-0.8.4 https://archive.org/details/snowflake-webextension-0.8.4 - upgraded OpenSSH on snowflake-02 for CVE-2024-6387 - opened an issue for pluggable transport `STATUS TYPE=version` message incompatibility with Arti https://gitlab.torproject.org/tpo/core/arti/-/issues/1488 Next week: - review snowflake unreliable+unordered data channels rev2 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker - move snowflake-02 to new VM Help with: - tell me when to restart the brokers for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… meskio: 2023-06-11 Last week: - fix snowflake test issue double registering metrics (snowflake#40367) - report other PT versions to tor (snowflake, webtunnel) - investigate bridgestrap failures and why all bridges are dysfunciontal, it was a regression using an old tor version - write S96 final report - test lyrebird issue reporting the version (lyrebird#40018) Next week: - investigate what builtin bridges are offline (team#141) Shelikhoo: 2024-07-11 Last Week: - Chrome Manifest V3 transition: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Vantage point maintaince - Merge request review - S96 Report screening - Merge request reviews Next Week/TODO: - Merge request reviews - Chrome Manifest V3 transition: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… onyinyang: 2023-07-11 Last week(s): - Global Gathering Application - Fixed Key Rotation MR for hyper v1 - Working toward building tor-browser with lox-wasm binary to help out with integration work as needed: resolve build issues on Fedora - switched to building modules and using them with a downloaded Tor browser - ran into this and tried to fix it to no avail (so far) https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/71 - attempted to build tor-browser on ubuntu 24.04 but ran into other issues: https://bugzilla.mozilla.org/show_bug.cgi?id=1907294 Next week: - - Work on outstanding milestone issues: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/milestones/1#tab-is… in particular: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/69 and key rotation automation - after this bug fix is merged: https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… continue with wasm-bindgen rebase fixes and updating lox for browser integration in order to prepare for end to end testing of the Lox system with browser integration Later: - begin implementing some preliminary user feedback mechanism to identify bridge blocking based on Vecna's work - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2023-07-11 Last weeks: - Completed my master thesis (https://theodorsm.net/thesis) - Had some time off Next weeks: - Wait for pion upstream releases - Test Snowflake fork with covert-dtls - Condensing thesis into paper Help with: - Feedback on thesis Facilitator Queue: onyinyang meskio shelikhoo 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

ebanam's monthy status report and user support report for June 2024
by ebanam 10 Jul '24

10 Jul '24

Hello all, This is my monthly report for June. Much of my focus last month was around the Tor Browser 13.5 release, i.e. updating various user-facing documentation and post-release user support. I finished updating the Tor Browser Manual[0] in preparation for the release as well as the Support Portal[1]. After the release, we received numerous tickets about the 'New Identity' feature not working in Tor Browser for Android[2] and questions about the banner warning users about the upcoming end-of-life for Windows ≤8.1 and macOS ≤10.14[3]. Last month, we saw another uptick in support request from Chinese speaking users which can be attributed to the ongoing outreach work[4]. Continuing our investigation of the significant drop in user support tickets via email from Russian speaking users we found there were a few emails wrongly flagged by our email spam filters[5], although that still doesn't explain what's the main issue. Following is a more detailed breakdown of tickets our user support team handled in June: # Frontdesk (email support channel) * 569(↑) RT tickets created * 501(↑) RT tickets resolved Tickets by numbers: 1. 305(↑) RT tickets: private bridge requests from Chinese speaking users. 2. 72(↓) RT tickets: circumventing censorship in Russian speaking countries. Tor Browser 13.5 related tickets: 3. 7 RT tickets: 'New Identity' feature is not working in latest versions of Tor Browser for Android[2]. 4. 4 RT tickets: Questions about the banner warning users about the upcoming EOL for Win ≤8.1 and macOS ≤10.14[3]. Highlighting some other topics we received questions and feedback: 5. 3 RT tickets: Help troubleshooting Tor Browser on Windows 10/11. 6. 3 RT tickets: Instructions and help with verifying Tor Browser's PGP signature. 7. 3 RT tickets: Report of websites blocking Tor. 8. 2 RT tickets: Reports of Tor Browser for Android not working with Samsung devices[6]. 9. 2 RT tickets: Circumventing censorship with Tor in Farsi 10. 2 RT tickets: Reports of fake apps on iOS AppStore, masquerading as Tor Browser. 11. 2 RT tickets: Questions about modifying torrc to select specific countries to exit from. We discourage users from modifying this and let Tor Browser choose it's own circuit, until and unless they are really sure of what they are trying to do. 12. Help with setting up an onion service. 13. Instructions on how to import bookmarks in Tor Browser (Desktop). # Telegram, WhatsApp and Signal Support channel * 555(↓) tickets resolved Breakdown: * 532(↓) tickets on Telegram * 20(↓) tickets on WhatsApp * 3(↑) ticket on Signal Tickets by numbers: 1. 299(↓) tickets: circumventing censorship in Russian speaking countries. 2. 45(↑) tickets: private bridge requests from Chinese speaking users. 3. 37(↓) tickets: circumventing censorship with Tor in Farsi. 4. 14 tickets: helping users on iOS, using Onion Browser or Orbot, to use censorship circumvention methods. Highlighting some other topics we received questions about: 5. 3 tickets: instructions on how to get Tor Browser binaries from GetTor. 6. 3 tickets: Troubleshooting Tor Browser on Linux. 7. 3 tickets: instructions on using bridges with little-t-tor. 8. 3 tickets: Troubleshooting Tor Browser on macOS # Highlights from the Tor Forum 1. Snowflake browser extension requires opt-in consent.[7] 2. Support for Windows 7, 8, and 8.1 will be discontinued after the release of Tor Browser 14, scheduled for the end of 2024. Users on these operating systems are strongly advised to upgrade to maintain access to the most recent updates and security features provided by Tor Browser.[8] Thanks! e. Note: (↑), (↓) and (-) are indicating if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively. [0]: https://gitlab.torproject.org/tpo/web/manual/-/commits/main?author=ebanam [1]: https://gitlab.torproject.org/tpo/web/support/-/commits/main?author=ebanam [2]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42589 [3]: https://tb-manual.torproject.org/installation/#system-requirements [4]: https://github.com/torproject/tor4zh [5]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/41664 [6]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42714 [7]: https://forum.torproject.org/t/snowflake-browser-extension-requires-opt-in-… [8]: https://forum.torproject.org/t/what-happens-when-using-older-than-windows-1…

1 0

Nina's Monthly Status Report, June 2024
by Nina 08 Jul '24

08 Jul '24

Hi! Below is my June’24 report! In June, I resolved 735 tickets: On Telegram (@TorProjectSupportBot) - 455 On RT (frontdesk@tpo) - 264 On WhatsApp (+447421000612) - 13 and on Signal (+17787431312) - 3. In June, I helped Russian-speaking users bypass censorship: I shared bridges and instructions and assisted with using them and troubleshooting; I also collected user feedback. The major event of June wasthe release of Tor Browser 13.5. To prepare for the release, I updated all the user support templates in Russian to include new features and new menu options. Also, after the release, I monitored user feedback, where the main issue with the new release was Tor Browser notifications on Android (with speed and Tor circuit) not working after the update [1]. This work is still in process. I monitor user feedback on our services to notify the Anti-censorship Team when necessary [2]. I continue to take part in investigating the issue of Tor bridges not working in Tails in Russia [3]. [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42589 [2] https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40070 [3] https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40072

1 0

Rhatto's Monthly Status Report, June 2024
by rhatto 08 Jul '24

08 Jul '24

Hi all :) This is my monthly status report for June 2024 with the main relevant activities I have done during the period. ## 0. Research ### Tor Browser Quality Assurance for Onion Services (TB .onion QA) - 2024.Q2 In the 2024.Q2 period, the TB .onion QA had the following output: * Versions tested: * 13.5. * 13.5a9. * 13.5a8. * 13.5a7. * 13.0.16. * 13.0.14. * 13.0.15. * No new serious issues were found. * We did an evaluation after this round of QA to understand how this activity can be improved. ## 1. Development * Did some minor fixes and improvements on Onionspray, Onionprobe, Onion MkDocs and Onion TeX Slim. ## 2. Support * Ongoing sponsored work with deployment, maintenance and monitoring of Onion Services. -- Silvio Rhatto pronouns he/him

1 0

cohosh's monthly status report, June 2024
by Cecylia Bocovich 01 Jul '24

01 Jul '24

Hi! This is my status report for contract work done in June 2024. # Reputation-based bridge distribution Most of my work last month on reputation-based bridge distribution (Lox) was focused on on-boarding onyinyang on how to maintain and work on the integration of Lox with Tor Browser. In particular, how to reproducibly build the Lox client into .wasm binaries, where to put these binaries in Tor Browser, and how to test and debug the Lox module. The Lox client updates also required a rebase of our wasm-bindgen fork that produces the Javascript bindings for the Lox module to be able to call from .wasm. - Fixed the Lox database tests https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/188 - Onboarded onyinyang on the Lox integration with Tor Browser - Helped debug wasm-bindgen and lox-wasm update issues https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/71 - Reviewed merge requests and updated dependencies # Snowflake webextension We are still dealing with some of the effects of Mozilla's changes to their requirements for web extensions. The consent prompt updates we rolled out previously caused a sharp decline in proxies polling the broker from both web stores. We have been iterating on fixing bugs and incorporating UX feedback from users and have released new versions on both stores. Progress is also being made on a manifest v3 prototype for the Chrome web store. - Looked into sharp decline of browser extension proxies https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/142 - Wrote up a forum post to guide users through snowflake browser extension consent prompt https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Found and fixed a bug with the consent prompt flow https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Released v0.8.3 of the snowflake extension - Fixed a few other bugs with the extension UX https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Added promo tile for Snowflake to Chrome web store https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Reviewed manifest v3 prototype - Released v0.8.4 of snowflake browser extension # Pluggable Transports In addition to reproducing and documenting followups to some experience reports about the SQS rendezvous feature, my work on PTs last month was focused on requirements to reduce PT binary sizes in Tor Browser android. I looked at two potential ideas for reducing binary sizes: by integrating Conjure with Lyrebird and using go build tags in Snowflake. - Reproduced reported SQS rendezvous bug with two bridges https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Followed up on idea to set SQS anonymous access policies https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Looked into the use of build tags to reduce snowflake binary size https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Reverted a bad dependency update in Snowflake - Reviewed merge requests and updated dependencies - Worked on squashing Conjure PT into lyrebird https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj…

1 0

PieroV's Monthly Status Report, June 2024
by Pier Angelo Vendrame 01 Jul '24

01 Jul '24

Hi everyone! Here is my status report for June 2024. This month, I worked almost exclusively on the ESR transition. Once we got the tags for Firefox 128.0b1, I rebased my RR branch once again and opened the MR [0] to merge it to our first tor-browser-128 branch. After that, I finalized the document with comments on the range-diff converted to HTML with the procedure described in my previous report. It forced me to be more meticulous about every change, and I found some errors I had initially missed. You can find it in the linked MR. After that, I switched to the tor-browser-build part. First for desktop, then for Android. Linux and macOS were smooth, and the builds were reproducible at the first attempt. Windows was more involved for a couple of reasons. First, Firefox now requires the windows-rs crate. Mozilla decided not to vendor it for some reason I haven't investigated. Then, I had problems with llvm-windres. I solved this by restoring the wrapper the upstream project deleted some years ago [1]. Indeed, Mozilla is still using it, but their version would break OpenSSL, so I used a more recent one. After this, I could get a build, but it wasn't reproducible. I noticed that only some binaries were different, and my hypothesis was that it was binaries that included some Rust code. We verify reproducibility by building in different machines (I used my workstation and one of our build servers). We don't share any artifacts: every machine has to compile everything from scratch (we bootstrap several compilers, including Rustc). So, I verified my conjecture using the Rustc artifact I created on my computer on the build server, and it solved the reproducibility problem. The differences were only in std, so I think they were due to the differences in the GCC-based mingw-w64 toolchain. We've had a ticket about building Rustc with the LLVM-based mingw toolchain we use for everything else [2] for a long time, but it isn't trivial due to Rust's hard dependency on libgcc. A series of new target triples [3] was created to avoid hacking around to resolve this problem, but Firefox doesn't recognize them (and Mozilla doesn't officially support this toolchain). I wrote a small patch to solve the problem, and the build became reproducible. We will have to discuss more about the disadvantages of this approach. The Android part was much more involved. Our builds run offline, whereas Mozilla's don't. So, I had to write several workarounds, including a patch for a custom Gradle plugin, and I wrote some Groovy for the first time in my life 😄️. The monorepo migration was not troublesome at all: the commands we used to build in firefox-android.git still work without changes. Eventually, our build scripts were simplified a little bit. The Android builds aren't reproducible yet. One reason is that only GeckoView was patched; our Android Components and Fenix patches haven't been rebased yet, and they include some changes to make the builds reproducible. Another reason is that the developments on nimbus-fml between 115 and 128 introduced a regression, and its output became non-deterministic. I wrote a patch and opened a PR [4]. I expect all the reproducibility problems to disappear once our patches are rebased. The merge request with all the build changes [5] has been reviewed and approved, but I am waiting for the rebase MR to be merged first. Apart from the ESR transition work, I rebased 13.0 and 13.5 onto Firefox 115.12.0, did some QA on the 13.5 RCs, and investigated the reproducibility problem we had with the 13.5 builds. Cheers, Pier [0] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [1] https://github.com/mstorsjo/llvm-mingw/commit/8915db817ce728833b8628abadedc… [2] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/2… [3] https://doc.rust-lang.org/rustc/platform-support/pc-windows-gnullvm.html [4] https://github.com/mozilla/application-services/pull/6283 [5] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re…

1 0

Anti-censorship team meeting notes, 2024-06-27
by Shelikhoo 27 Jun '24

27 Jun '24

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-06-27-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, July 11 16:00 UTC Facilitator: onyinyang ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * No meeting July 4 (Tor's midyear break) == Discussion == * Snowflake WebExtension for Manifest version 3 is almost done, only lacking user info consent support. (shelikhoo) * Ongoing censorship events: * https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… (Myanmar) * https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… (Algeria) * https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… (Uzbekistan) == Actions == == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-06-27 Last week: - snowflake-webext updates - reviewed mv3 prototype - helped onyinyang on rebasing and debugging wasm-bindgen - worked on squashing Conjure PT into lyrebird - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre… - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… This week: - take a look at snowflake web and webext translations and best practices - make changes to Lox encrypted bridge table - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/147 Needs help with: dcf: 2024-06-27 Last week: - archived snowflake-webextension-0.8.3 https://archive.org/details/snowflake-webextension-0.8.3 Next week: - review snowflake unreliable+unordered data channels rev2 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker - move snowflake-02 to new VM Help with: - tell me when to restart the brokers for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… meskio: 2023-06-27 Last week: - fix a parsing problem for cache-extrainfo when there is transport-info, don't reject the PT part of bridges (rdsys#205) - sponsor 96 final report - debug moat domain front failures - add transport-info to the cached-extrainfo spec (torspec!63) - report lyrebird version to tor (lyrebird!51) Next week: - investigate what builtin bridges are offline (team#141) - report other PT versions to tor (snowflake, webtunnel) Shelikhoo: 2024-06-27 Last Week: - Chrome Manifest V3 transition: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Merge request reviews Next Week/TODO: - Merge request reviews - Chrome Manifest V3 transition: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… onyinyang: 2023-06-20 Last week(s): - MSR talk - Working toward building tor-browser with lox-wasm binary to help out with integration work as needed: ran into many issues trying to do this with Fedora Next week: - Global Gathering Application - Fix Key Rotation MR for hyper v1 - Working toward building tor-browser with lox-wasm binary to help out with integration work as needed: resolve build issues on Fedora - Work on outstanding milestone issues: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/milestones/1#tab-is… - prepare for end to end testing of the Lox system with browser integration Later: - begin implementing some preliminary user feedback mechanism to identify bridge blocking based on Vecna's work - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2023-06-20 Last weeks: - Writing my thesis - Add randomized ClientHello fingerprints to library Next weeks: - Wait for pion upstream releases - Test Snowflake fork with covert-dtls - Taking time off (AFK) Help with: - Test Snowflake fork with covert-dtls Facilitator Queue: onyinyang meskio shelikhoo 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue

1 0

Anti-censorship team meeting notes, 2024-06-20
by onyinyang 20 Jun '24

20 Jun '24

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-06-20-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, June 27 16:00 UTC Facilitator: shelikhoo ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * No meeting July 4 (Tor's midyear break) == Discussion == * theodorsm's thesis and DTLS library * https://github.com/theodorsm/covert-dtls * trouble integrating it into snowflake - dependency/version issues * breaking changes with the version of pion/stun used in snowflake * but snowflake is already using the latest pion/stun? * theodorsm forked the older version of pion/dtls used by snowflake and re-applied the covert-dtls changes * snowflake is using pion/dtls v2.2.7 while latest is v2.2.11, but unreleased code is needed (should come with v2.2.12) * as specified by current pion/webrtc v3.2.42 https://github.com/pion/webrtc/blob/v3.2.42/go.mod#L7 == Actions == == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-06-20 Last week: - wrote up a forum post to guide users through snowflake browser extension consent prompt - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - found and fixed a bug with the consent prompt flow - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - deployed version 0.8.3 of the snowflake extension - showed onyinyang how to test and debug the Lox module in Tor Browser - reproduced reported SQS rendezvous bug with two bridges - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - followed up on idea to set SQS anonymous access policies - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - reviewed merge requests and updated dependencies This week: - followup on snowflake extension UX fixes - take a look at shell's mv3 changes - take a look at snowflake web and webext translations and best practices - make changes to Lox encrypted bridge table - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/147 - update wasm-bindgen fork to fix some bugs and hopefully upstream changes Needs help with: dcf: 2024-06-20 Last week: Next week: - review snowflake unreliable+unordered data channels rev2 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker - move snowflake-02 to new VM Help with: - tell me when to restart the brokers for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… meskio: 2023-06-20 Last week: - clean up bridgestrap logs to make them more readable (bridgestrap#43) - investigate why bridgestrap is filling polyanthum disk - look into the builtin bridges being offline and figure more problems with bridgestrap to look into (tpa/team##41651) - review and merge refactor on lyrebird copyLoop (lyrebird!50) Next week: - investigate what builtin bridges are offline (team#141) - why is the status page mentioning vanilla part of obfs4 bridges? (rdsys#205) Shelikhoo: 2024-06-06 Last Week: - [Merge Request Waiting] Add Container Image Mirroring from Tor Gitlab to Docker Hub(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/… - [Merge Request Waiting] Snowflake Performance Improvement rev2 (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Chrome Manifest V3 transition: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Upgrade snowflake broker machine from Debian 10 (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Address TTP-03-001 WP1: Snowflake broker vulnerability(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-t… - Vantage point maintaince - merge request processing - Merge request reviews Next Week/TODO: - Merge request reviews onyinyang: 2023-06-20 Last week(s): - MSR talk - Working toward building tor-browser with lox-wasm binary to help out with integration work as needed: ran into many issues trying to do this with Fedora Next week: - Global Gathering Application - Fix Key Rotation MR for hyper v1 - Working toward building tor-browser with lox-wasm binary to help out with integration work as needed: resolve build issues on Fedora - Work on outstanding milestone issues: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/milestones/1#tab-is… - prepare for end to end testing of the Lox system with browser integration Later: - begin implementing some preliminary user feedback mechanism to identify bridge blocking based on Vecna's work - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2023-06-20 Last weeks: - Writing my thesis - Add randomized ClientHello fingerprints to library Next weeks: - Wait for pion upstream releases - Test Snowflake fork with covert-dtls - Taking time off (AFK) Help with: - Test Snowflake fork with covert-dtls Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0