tor-project

tor-project@lists.torproject.org

16 participants
2324 discussions

TPA-RFC-58: Podman CI runner deployment, help needed
by Antoine Beaupré 30 Aug '23

30 Aug '23

Summary: I deployed a new GitLab CI runner backed by Podman instead of Docker, we hope it will improve the stability and our capacity at building images, but I need help testing it. # Background We've been having [stability issues][] with the Docker runners for a while now. We also started looking again at container image builds, which are currently failing without Kaniko. [stability issues]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/41295 [ships instructions on how to build containers inside Podman]: https://docs.gitlab.com/runner/executors/docker.html#use-podman-to-build-co… # Proposal ## Testers needed I need help testing the new runner. Right now it's marked as not running "untagged jobs", so it's unlikely to pick your CI jobs and run them. It would be great if people could test the new runner. See the [GitLab tag documentation][] for how to add tags to your configuration. It's basically done by adding a `tags` field to the `.gitlab-ci.yml` file. Note that in TPA's [ci-test gitlab-ci.yaml file][], we use a `TPA_TAG_VALUE` variable to be able to pass arbitrary tags down into the jobs without having to constantly change the .yaml file, which might be a useful addition to your workflow. The tag to use is `podman`. You can send any job you want to the `podman` runner, but we'd like to test a broad variety of things before we put it in production, but especially image buildings. Upstream even has a [set of instructions to build packages inside podman][]. [ci-test gitlab-ci.yaml file]: https://gitlab.torproject.org/tpo/tpa/ci-test/-/blob/main/.gitlab-ci.yml [GitLab tag documentation]: https://docs.gitlab.com/ee/ci/yaml/#tags [set of instructions to build packages inside podman]: https://docs.gitlab.com/runner/executors/docker.html#use-podman-to-build-co… ## Long term plan If this goes well, we'd like to converge towards using `podman` for all workloads. It's better packaged in Debian, and better designed, than Docker. It also allows us to run containers as non-root. That, however, is not part of this proposal. We're already running Podman for another service (MinIO) but we're not proposing to *convert* all existing services to `podman`. If things work well enough for a long enough period (say 30 days), we might turn off the older Docker running instead. # Alternatives considered To fix the stability issues in Docker, it might be possible to upgrade to the latest upstream package and abandon the packages from Debian.org. We're hoping that will not be necessary thanks to Podman. To build images, we could create a "privileged" runner. For now, we're hoping Podman will make building container images easier. If we do create a privileged runner, it needs to take into account the long term [tiered runner approach](https://gitlab.torproject.org/tpo/tpa/team/-/issues/41044). # Deadline The service is already available, and will be running untagged jobs in two weeks unless an objection is raised. # Status This proposal is currently in the `proposed` state. # References Feedback can be provided in the [discussion issue][]. [discussion issue]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/41296 -- Antoine Beaupré torproject.org system adminicd stration

1 3

eRPC - An Efficient Relay Partition Checker (GSoC Final Report)
by Rishad Baniya 29 Aug '23

29 Aug '23

Hey everyone, I hope everyone is doing well :) I started working on eRPC <https://gitlab.torproject.org/rishadbaniya/erpc> few weeks back as part of GSoC and since I've started this project, new doors of knowledge have opened every single day for me. I never thought the abstractions on which the tor browser runs would be this fun to peel through "arti". I've had days where I spent my entire day just trying to understand how different tor spec files were implemented in "arti", it was a fun journey that I still want to continue. The problem this project(*eRPC) *aims to solve is, a tool for checking partition among relays(by attempting to create all possible two hop circuits) and using the circuits that were built by OnionPerf running hosts(they release OnionPerf analysis file). Currently *eRPC* handles the basic fundamentals i.e creating two hop circuits, taking OnionPerf analysis file as input and adds extra feature on top of it, such as distributing among different host machines using gRPC, pause and resume the state of the application, saving data to relational database sqlite or/and graph database neo4j. This data then can be used to visualize the partition within the Tor Network. You can view more about the project at https://gitlab.torproject.org/rishadbaniya/erpc I've attached a report regarding the current state and future plans of this project, you can find the most details regarding the project at the WiKi of the repository. Finally, I would like to thank everyone at the Tor community for being extremely helpful every time and guiding me through the entire journey, especially to my mentors "GeKo" and "juga". With regards, Rishad Baniya

1 0

Research grant opportunity - how open digital infrastructure is built, deployed and maintained
by Al Smith 25 Aug '23

25 Aug '23

Hello Tor community, Attention researchers! There is a new grant opportunity from a coalition of funders (Ford Foundation, Alfred P. Sloan Foundation, Omidyar Network, Schmidt Futures and Open Collective) that may be of interest to you called the Digital Infrastructure Insights Fund: https://fordfoundation.forms.fm/2023-digital-infrastructure-insights-fund-r…. This funding is for research projects designed to gain a deeper understanding of how open digital infrastructure is built, deployed and maintained. They are looking for projects that examine: > * underlying free and open-source software (FOSS) interacts with > politics, sovereign responsibilities, diverse economic sectors, > and the advancement of knowledge in the sciences and beyond. > > * the convergence of open-source software and digital infrastructure > with social movements focused on democracy, rights, justice, the > environment and scientific research. > > * the issue of under-maintenance and occasional undermining of FOSS, > as well as explore any geographical or other disparities within > the communities responsible for providing and sustaining these > software components amid evolving regulatory and socio-technical > circumstances. > If you have a project in mind related to the Tor community, you can let the Tor Fundraising team (grants(a)torproject.org, or directly to me) know; we'd be happy to help you develop your idea. Al -- Al Smith (they/them) Fundraising Director The Tor Project

1 0

Anti-censorship team meeting notes, 2023-08-24
by Shelikhoo 24 Aug '23

24 Aug '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-08-24-15.58.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, Sep 07 16:00 UTC Facilitator: meskio Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == No meeting August 31st due to TPI wide AFK == Discussion == * No webtunnel and conjure options at https://metrics.torproject.org/userstats-bridge-transport.html == Actions == * Next week (August 10th): follow up on Snowflake/Pion incompatibility with Android 11+ and SDK >29) when Guardian project responds and shelikhoo returns: * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * might only affect android apps that target android>11, but google will start requiring it soon (end of August 2023) * https://support.google.com/googleplay/android-developer/answer/11926878 * Issue on pion side, closed as wontfix: https://github.com/pion/transport/issues/228 * we ought to be up to date with dependencies, as renovatebot is connected to the snowflake repo * meskio will cc Guardian Project on #40278 to see if they have any insight * shelikhoo will try to reproduce and will try the available patches * no news 2023-08-03 == Interesting links == * "Citation Filtered: Iran’s Censorship of Wikipedia" (ca. 2013) * https://repository.upenn.edu/handle/20.500.14332/37498 * https://web.archive.org/web/20181226101810/http://citationfiltered.org/ * https://github.com/collina/citationreference * https://en.greatfire.org/blog/2023/aug/14-million-people-used-freebrowser-c… == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2023-08-17 Last week: - rebased tor-browser-build MR for lox client integration - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… This week: - tidy up and share shadow simulations guide for PTs - deploy the lox distributor for testing with rdsys - https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/issues/19 - finish testing tor-browser-build MR for lox client integration - followup on conjure reliability issues Needs help with: dcf: 2023-08-24 Last week: - snowflake Azure CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - merge goptlib STATUS TYPE=version https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/gopt… - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-08-10 Last week: - review webtunnel documentation for the community portal (web/community!310) - fix snowflake release CI (snowflake!157) - create an issue to discuss HTTP CONNECT and MASQUE for the future of PTs (team#130) - lox reviews (lox-rs!22 lox-rs!20) Next week: - be AFK at CCCamp Shelikhoo: 2023-08-24 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - [Deployment] Collect prometheus data from Centralized Probe Log(probetelemetry-01@) https://gitlab.torproject.org/tpo/tpa/team/-/issues/41302 - [Merge Request] Workaround for Android 30+ restriction for netlinkrib API https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - [Merge Request Review] **** Too many **** Next Week/TODO: - logcollector alert system <- immediate todo - Add Remote Network Address Mapping in HTTP Upgrade Transport (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) onyinyang: 2023-08-24 Last week(s): - Vacation! - Finalized db implementation in sled - Working on a different approach for getting resources from rdsys since Lox requires knowledge of bridge state over time: https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/issues/8#note_29… This week: - Continue with refactoring of rdsys_backend_api and integration with lox-distributor - Work on adding metrics (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-06-08 Last week: - fixed snowflake pipeline due to outdated Debian image - continue working on rdsys#56 implementation. Still need to do the following: - finish up computing bridge distribution in Kraken - does it have to be deterministic? - does the disproportion have to be strictly followed - finish writing tests - refactor code because some functions are getting extremely long - what to do with stencil package? This week: - review MRs - continue working on rdsys#56 implementation. Still need to do the following: - fixed a problem with vanilla bridges not being added properly to the database - still working on tests - adding a migaration patch (https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/56#note_29…)

1 0

Anti-censorship team meeting notes, 2023-08-17
by Shelikhoo 17 Aug '23

17 Aug '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-08-17-15.57.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, Aug 24 16:00 UTC Facilitator: shelikhoo Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == * No webtunnel and conjure options at https://metrics.torproject.org/userstats-bridge-transport.html == Actions == * Next week (August 10th): follow up on Snowflake/Pion incompatibility with Android 11+ and SDK >29) when Guardian project responds and shelikhoo returns: * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * might only affect android apps that target android>11, but google will start requiring it soon (end of August 2023) * https://support.google.com/googleplay/android-developer/answer/11926878 * Issue on pion side, closed as wontfix: https://github.com/pion/transport/issues/228 * we ought to be up to date with dependencies, as renovatebot is connected to the snowflake repo * meskio will cc Guardian Project on #40278 to see if they have any insight * shelikhoo will try to reproduce and will try the available patches * no news 2023-08-03 == Interesting links == * "Citation Filtered: Iran’s Censorship of Wikipedia" (ca. 2013) * https://repository.upenn.edu/handle/20.500.14332/37498 * https://web.archive.org/web/20181226101810/http://citationfiltered.org/ * https://github.com/collina/citationreference == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2023-08-17 Last week: - rebased tor-browser-build MR for lox client integration - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… This week: - tidy up and share shadow simulations guide for PTs - deploy the lox distributor for testing with rdsys - https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/issues/19 - finish testing tor-browser-build MR for lox client integration - followup on conjure reliability issues Needs help with: dcf: 2023-08-17 Last week: - Next week: - merge goptlib STATUS TYPE=version https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/gopt… - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-08-10 Last week: - review webtunnel documentation for the community portal (web/community!310) - fix snowflake release CI (snowflake!157) - create an issue to discuss HTTP CONNECT and MASQUE for the future of PTs (team#130) - lox reviews (lox-rs!22 lox-rs!20) Next week: - be AFK at CCCamp Shelikhoo: 2023-08-17 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - [Invesagate] Snowflake failed to connect on Android 11 and above (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Next Week/TODO: - logcollector alert system <- immediate todo onyinyang: 2023-08-03 Last week(s): - Implemented db - decided against polodb and went for sled instead https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/22 - not sure if reading/writing the lox-context to json should still be supported at all or just removed - Implemented and tested a basic k-invites for open entry distribution https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/20 - Thought more deeply about how best to sync Lox with rdsys given https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/168 - the rdsys API is really not designed for a distributor like Lox that needs persistence. Even a lastPassed flag will only be helpful for `gone` resources if Lox stores all of the resource info from rdsys and checks it regularly. This diverges from the original intention of rdsys, in which rdsys should be the 'arbiter of truth' for the status of resources - The next step is to check the rdsys API and see if the get functionality can improve this situation. I think ideally we want a list of all resources assigned to Lox and their current statuses that can then be checked against something like the `lastPassed` flag each time Lox polls rdsys. This week: - Continue with implementing db and synchronization between Lox/rdsys (possibly reliant on some aspects of the former point) - Work on adding metrics - AFK from August 5 - 21! (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-06-08 Last week: - fixed snowflake pipeline due to outdated Debian image - continue working on rdsys#56 implementation. Still need to do the following: - finish up computing bridge distribution in Kraken - does it have to be deterministic? - does the disproportion have to be strictly followed - finish writing tests - refactor code because some functions are getting extremely long - what to do with stencil package? This week: - review MRs - continue working on rdsys#56 implementation. Still need to do the following: - fixed a problem with vanilla bridges not being added properly to the database - still working on tests - adding a migaration patch (https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/56#note_29…)

1 0

Anti-censorship team meeting notes, 2023-08-10
by meskio 10 Aug '23

10 Aug '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-08-10-15.57.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, Aug 17 16:00 UTC Facilitator: meskio Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == * Webtunnel documentation in the community portal: * https://community.torproject.org/relay/setup/webtunnel/ == Discussion == * HTTP CONNECT and MASQUE for the future of PTs * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/130 * coordination with other PT teams? * https://github.com/Pluggable-Transports/Pluggable-Transports-spec * https://github.com/twisteroidambassador/ptadapter * https://community.internetfreedomfestival.org/community/channels/pluggable-… == Actions == * Next week (August 10th): follow up on Snowflake/Pion incompatibility with Android 11+ and SDK >29) when Guardian project responds and shelikhoo returns: * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * might only affect android apps that target android>11, but google will start requiring it soon (end of August 2023) * https://support.google.com/googleplay/android-developer/answer/11926878 * Issue on pion side, closed as wontfix: https://github.com/pion/transport/issues/228 * we ought to be up to date with dependencies, as renovatebot is connected to the snowflake repo * meskio will cc Guardian Project on #40278 to see if they have any insight * shelikhoo will try to reproduce and will try the available patches * no news 2023-08-03 == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): away until 2023-08-17 Last week: This week: Needs help with: dcf: 2023-08-10 Last week: - contributed some review to STATUS TYPE=version for server pluggable transports in core tor https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/731 - reviewed STATUS TYPE=version in goptlib https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/gopt… - did more investigation of past snowflake blocking in Turkmenistan, particularly the rise an fall in users from May to August 2022 https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… Next week: - merge goptlib STATUS TYPE=version https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/gopt… - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-08-10 Last week: - review webtunnel documentation for the community portal (web/community!310) - fix snowflake release CI (snowflake!157) - create an issue to discuss HTTP CONNECT and MASQUE for the future of PTs (team#130) - lox reviews (lox-rs!22 lox-rs!20) Next week: - be AFK at CCCamp Shelikhoo: 2023-07-27 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - logcollector alert system - ongoing - Reviewing & comment on merge requests - FOCI Keynote and attendence Next Week/TODO: - logcollector alert system <- immediate todo onyinyang: 2023-08-03 Last week(s): - Implemented db - decided against polodb and went for sled instead https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/22 - not sure if reading/writing the lox-context to json should still be supported at all or just removed - Implemented and tested a basic k-invites for open entry distribution https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/20 - Thought more deeply about how best to sync Lox with rdsys given https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/168 - the rdsys API is really not designed for a distributor like Lox that needs persistence. Even a lastPassed flag will only be helpful for `gone` resources if Lox stores all of the resource info from rdsys and checks it regularly. This diverges from the original intention of rdsys, in which rdsys should be the 'arbiter of truth' for the status of resources - The next step is to check the rdsys API and see if the get functionality can improve this situation. I think ideally we want a list of all resources assigned to Lox and their current statuses that can then be checked against something like the `lastPassed` flag each time Lox polls rdsys. This week: - Continue with implementing db and synchronization between Lox/rdsys (possibly reliant on some aspects of the former point) - Work on adding metrics - AFK from August 5 - 21! (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-06-08 Last week: - fixed snowflake pipeline due to outdated Debian image - continue working on rdsys#56 implementation. Still need to do the following: - finish up computing bridge distribution in Kraken - does it have to be deterministic? - does the disproportion have to be strictly followed - finish writing tests - refactor code because some functions are getting extremely long - what to do with stencil package? This week: - review MRs - continue working on rdsys#56 implementation. Still need to do the following: - fixed a problem with vanilla bridges not being added properly to the database - still working on tests - adding a migaration patch (https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/56#note_29…) -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

ebanam's monthly status report for July 2023
by ebanam 05 Aug '23

05 Aug '23

Hello everyone, Most of my work, during July, revolved around helping users in places where Tor is censored. This, in general, involved helping people use Connection Assist, use Pluggable Transports in Tor Browser and little-t-tor. I also worked to collect Tor logs and general user feedback during the ongoing webtunnel soft launch. With two Tor Browser release in this month (one stable, one alpha) some of my work went into providing post-release user support. Apart from this, I made some changes to our user-facing documentation on the Tor Browser Manual and Support Portal. Added updated instructions on installing, updating and uninstalling Tor Browser for Android from the Play Store[0] and improved the section about how to prioritize onion sites in Tor Browser (thanks to feedback from a translator)[1] and section on how to make Tor Browser work with antivirus software on the Support Portal[2]. Also helped with reviewing the support templates that we have for the webtunnel soft release. Following is a breakdown of tickets our user support team handled in July: Timeframe: 01 - 31 July 2023 # Frontdesk (email) * 648 (↑) RT tickets created * 514 (↓) RT tickets resolved Most frequent tickets by numbers: 1. 203 (↑) RT tickets: circumventing censorship in Russian speaking countries. 2. 61 (↓) RT tickets: private bridge requests from China. 3. 6 (-) RT tickets: circumventing censorship with Tor in Iran. # Telegram, WhatsApp and Signal Support channel * 959 (↑) tickets resolved Breakdown: * 932 (↑) tickets on Telegram * 20 (↑) tickets on WhatsApp * 7 (↑) tickets on Signal The most frequent tickets on cdr.link have been about: 1. 653 (↑) tickets: Circumventing censorship in Russian speaking countries. 2. 41 (↓) tickets: Circumventing censorship in Iran. 3. 10 (↓) tickets: Circumventing censorship in China. # Highlights from the Tor Forum 1. We updated the instructions on the Support Portal regarding how to make Tor Browser work with antivirus[2] owing to some user feedback on the Forum[3] 2. Update about censorship in Turkmenistan (thanks to Gus)[4] 3. "How do I connect to a WebTunnel bridge?"[5] 4. (Upcoming Event) "Tor Project sessions for the Feira at Global Gathering"[6] 5. Outgoing email outage on Forum (issue resolved. thanks to TPA!)[7] Thanks! e. Note: (↑), (↓) and (-) are indicative if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively [0]: https://tb-manual.torproject.org/mobile-tor/ [1]: https://tb-manual.torproject.org/onion-services/ [2]: https://support.torproject.org/tbb/tbb-10/ [3]: https://forum.torproject.org/t/new-release-tor-browser-12-5/8105/4 [4]: https://forum.torproject.org/t/tor-relays-help-turkmens-to-bypass-internet-… [5]: https://forum.torproject.org/t/how-do-i-connect-to-a-webtunnel-bridge-i-wis… [6]: https://forum.torproject.org/t/tor-project-sessions-for-the-feira-at-global… [7]: https://forum.torproject.org/t/outgoing-email-outage-on-forum-resolved/8412

1 0

Anti-censorship team meeting notes, 2023-08-03
by onyinyang 04 Aug '23

04 Aug '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-07-31-15.58.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, Aug 10 16:00 UTC Facilitator: shelikhoo Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == * == Discussion == This week: * ptspec status version support * to be included in 0.4.8 * https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/731 * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/gopt… * goptlib not blocking core tor * Webtunnel soft release and next phase: https://gitlab.torproject.org/tpo/community/team/-/issues/94 * Feedback collected * improving the docs for compiling from the source * some ppl asked apache instructions and not just nginx * didn't work in china and worked in russia * Next steps * gus will improve and move the documentation to the community portal * will talk with applications to include webtunnel in the upcoming TB 13 in september * we'll organize a call for bridges * HTTP CONNECT as an alternative to SOCKS for PT interfacing * HTTP CONNECT proxy has advantages over SOCKS4/5, one of which is abundant room to encode bridge parameters * Mentioned in an issue about bridge line length * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/104#note_29… * dcf: server-side SOCKS (needed for client PT) has poor support in standard programming language packages, which is why goptlib and Proteus implement their own SOCKS server: * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/gopt… * https://github.com/unblockable/proteus/tree/v0.1.0/src/net/proto/socks * What about MASQUE (https://datatracker.ietf.org/wg/masque/about/) more generally (HTTP proxying but more general than just HTTP CONNECT, would leave room for e.g. datagram-based proxying)? * "The primary goal of this working group is to develop mechanism(s) that allow configuring and concurrently running multiple proxied stream- and datagram-based flows inside an HTTP connection." == Actions == * Next week (August 10th): follow up on Snowflake/Pion incompatibility with Android 11+ and SDK >29) when Guardian project responds and shelikhoo returns: * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * might only affect android apps that target android>11, but google will start requiring it soon (end of August 2023) * https://support.google.com/googleplay/android-developer/answer/11926878 * Issue on pion side, closed as wontfix: https://github.com/pion/transport/issues/228 * we ought to be up to date with dependencies, as renovatebot is connected to the snowflake repo * meskio will cc Guardian Project on #40278 to see if they have any insight * shelikhoo will try to reproduce and will try the available patches * no news 2023-08-03 == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): away until 2023-08-17 Last week: This week: Needs help with: dcf: 2023-08-03 Last week: - wrote forum post for proxy churn measurements https://forum.torproject.org/t/advisory-mistakenly-collected-proxy-churn-me… and made issue public https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - fixed standalone proxy DefaultRelayURL to point back at snowflake.torproject.net https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - review goptlib STATUS TYPE=version https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/gopt… - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-08-03 Last week: - release and deploy rdsys with telegram bot translations - test tor's support for status version (tor!731) - add support for goptlib for status version (goptlib!1) - review and deploy new circumvention rules for Turkmenistan (rdsys-admin!16) - update obfs4 docker image to don't expose OrPort (team#129) - review lox merge requests (lox-rs!15 !18 !21) Next week: - organize work for BridgeDB deprecation Shelikhoo: 2023-07-27 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - logcollector alert system - ongoing - Reviewing & comment on merge requests - FOCI Keynote and attendence Next Week/TODO: - logcollector alert system <- immediate todo onyinyang: 2023-08-03 Last week(s): - Implemented db - decided against polodb and went for sled instead https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/22 - not sure if reading/writing the lox-context to json should still be supported at all or just removed - Implemented and tested a basic k-invites for open entry distribution https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/20 - Thought more deeply about how best to sync Lox with rdsys given https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/168 - the rdsys API is really not designed for a distributor like Lox that needs persistence. Even a lastPassed flag will only be helpful for `gone` resources if Lox stores all of the resource info from rdsys and checks it regularly. This diverges from the original intention of rdsys, in which rdsys should be the 'arbiter of truth' for the status of resources. - The next step is to check the rdsys API and see if the get functionality can improve this situation. I think ideally we want a list of all resources assigned to Lox and their current statuses that can then be checked against something like the `lastPassed` flag each time Lox polls rdsys. This week: - Continue with implementing db and synchronization between Lox/rdsys (possibly reliant on some aspects of the former point) - Work on adding metrics - AFK from August 5 - 21! (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-06-08 Last week: - fixed snowflake pipeline due to outdated Debian image - continue working on rdsys#56 implementation. Still need to do the following: - finish up computing bridge distribution in Kraken - does it have to be deterministic? - does the disproportion have to be strictly followed - finish writing tests - refactor code because some functions are getting extremely long - what to do with stencil package? This week: - review MRs - continue working on rdsys#56 implementation. Still need to do the following: - fixed a problem with vanilla bridges not being added properly to the database - still working on tests - adding a migaration patch (https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/56#note_29…) -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

2 1

Nina’s Monthly Status Report, July 2023
by Nina 04 Aug '23

04 Aug '23

Hi! This is my July 2023 report! In July, I resolved 1080 tickets: On Telegram (@TorProjectSupportBot) - 786 On RT (frontdesk@tpo) - 276 Additionally, I resolved 13 tickets on WhatsApp (+447421000612) and 5 on Signal (+17787431312). Most of the tickets I deal with are related to censorship circumvention in Russian-speaking countries - bridges and troubleshooting around them. I also gathered user feedback on what worked for them and what did not prove helpful. In July, I noticed atrendinusersfrom Russian-speaking countries touselittle-t-tor on Windows by adding bridges directly in torrc, mostly obfs4 and meek.We believe they are using little-t-tor to proxy other applications in their operating systems.So I spent some time gathering best practices to share with users. This month we started testing the new, WebTunnel bridge[1], so I prepared templates for our support channels, added them, and started gathering users' feedback. This month I devoted significant time to editing support templates to keep them relevantand up-to-date. I continued working on Conjure feedback, gathering logs and discussing with users their experience with this type of pluggable transport. [1] https://gitlab.torproject.org/tpo/community/team/-/issues/94

2 1

Rhatto's Monthly Status Report, July 2023
by rhatto 01 Aug '23

01 Aug '23

Hi all :) This is my monthly status report for July 2023 with the main activities I have done during the period. ## 0. Research * Certificates: followed the recent updates on IETF ACME Working Group on the ACME for Onions (https://acmeforonions.org) Internet Draft: * The draft was approved back in June: https://mailarchive.ietf.org/arch/msg/acme/h61EvyQjFER9geA5adKa8u9T-x8/ * The proposal was presented during IETF 117: https://play.conf.meetecho.com/Playout/?session=IETF117-ACME-20230725-0030 * Quality Assurance for Tor Browser: continued research and investigation on issues with Tor Browser when accessing Onion Services. ## 1. Development * Onionprobe milestone planning: * https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/milestones/1 * https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/79 ## 2. Support * PoW defense for Onion Services: documentation preparation for the feature release: * https://gitlab.torproject.org/tpo/web/community/-/issues/312 * https://gitlab.torproject.org/tpo/community/team/-/issues/93 * The usual sponsored work with deployment, maintenance and monitoring of Onion Services. ## 3. Organization Time spent (from the total available for Tor-related work): | Category | Percentage |---------------|------------ | Research | 12 | Development | 0 | Support | 52 | Organization | 36 |---------------|------------ | Total | 100 -- Silvio Rhatto pronouns he/him

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project