tor-project

tor-project@lists.torproject.org

16 participants
2324 discussions

ebanam's monthly status report for May 2023
by ebanam 08 Jun '23

08 Jun '23

Hello everyone! Here are my updates from the month of May. Like past few months, most of my work has been concentrated on helping users from regions where Tor is censored. I resolved 384 tickets across our user support channels on email, Telegram, WhatsApp and Signal. Following is a thorough breakdown of tickets our user support team handled in May: Timeframe: 01 - 31 May 2023 # Frontdesk (email) * 490 RT tickets created * 495 RT tickets resolved Most frequent tickets by numbers: 1. 143(↓) RT tickets: private bridge requests from China. 2. 65(↓) RT tickets: circumventing censorship in Russian speaking countries. 3. 7(↑) RT tickets: circumventing censorship with Tor in Iran. 4. 3(-) RT tickets: Tor Browser doesn't run with Mandatory ASLR on Windows (the issue is fixed with the 12.0.5 Tor Browser release and the users just had to update their browser)[0] # Telegram, WhatsApp and Signal Support channel * 661 tickets resolved Breakdown: * 627 tickets on Telegram * 27 tickets on WhatsApp * 7 tickets on Signal The most frequent tickets on cdr.link have been about: 1. 373(↑) tickets: Circumventing censorship in Russian speaking countries. 2. 43(↓) tickets: Circumventing censorship in Iran. 3. 22(↓) tickets: Circumventing censorship in China. 4. 3(-) tickets: Windows installer for Tor Browser from our website is outdated (We are in the process of updating our build signing infrastructure, and unfortunately are unable to ship code-signed latest installers for Windows systems currently. Automatic build-to-build upgrades from 12.0.4 and 12.0.5 should continue to work as expected)[1] # Tor Forum 1. "Threat secured in snowflake firefox add-on"[2] 2. Some users in China reported that Snowflake wasn't working for them [3] 3. "How to enable Firefox Account Sync?"[4] 4. "How can I get an onion domain email address?"[5] 5. "Why does Tor network not use certificates issued by CAs?"[6] Thanks! e. Note: (↑), (↓) and (-) are indicative if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively [0]: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [1]: https://blog.torproject.org/new-release-tor-browser-1206/ [2]: https://forum.torproject.net/t/threat-secured-in-snowflake-firefox-add-on/7… [3]: https://forum.torproject.net/t/snowflake-bridge-does-not-work-in-china-sinc… [4]: https://forum.torproject.net/t/how-to-enable-firefox-account-sync/7735/ [5]: https://forum.torproject.net/t/how-can-i-get-an-onion-domain-email-address/… [6]: https://forum.torproject.net/t/why-does-tor-network-not-use-certificates-is…

1 0

Anti-censorship team meeting notes, 2023-06-08
by meskio 08 Jun '23

08 Jun '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-06-08-16.02.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, June 8 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == >From last week: * Report of TLS-in-DTLS detection and throttling in China that affects Snowflake * https://github.com/net4people/bbs/issues/255 * Padding the first client→server send is reported to disrupt the packet size signature and avoid throttling * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * https://gitlab.torproject.org/dcf/snowflake/-/commit/01ac0373a887c63a325aad… * The reporter on BBS says it started happening to them (in a non-Snowflake WebRTC proxy) around 2023-05-14. We have measurements of high packet loss rates in China from 2023-03-20, at least. * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * shelikhoo did run packet loss tests with the padding patch but the packet loss was not pressent from our vantage point. Could be a regional problem not affecting our machine or be gone. NEW: * meek-azure deprecation * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/33#note_290… * New snowflake tests from a vantage in China do not show signs of the high packet loss that was observed in March 2023 * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * This test was meant to evaluate whether it is a good idea to add some padding to change the traffic analysis features of the beginning of the connection, in order to resist possible TLS-in-DTLS detection: https://github.com/net4people/bbs/issues/255 * The results were inconclusive because both the tests without and with padding showed the same low rate of packet loss, this time. * It is a good idea to proactively introduce some padding anyway? * Documents for bridge operators about how to run a webtunnel bridge * https://pad.riseup.net/p/6hiwvSWJanxml7DS299z == Actions == * == Interesting links == * https://opencollective.com/censorship-circumvention/projects/snowflake-dail… (snowflake-01 only) == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-06-08 Last week: - working on snowflake configs for shadow simulations - rebasing and continued work on lox client and wasm-bingen projects for tor-browser-build This week: - tidy up and share shadow simulations guide for PTs - Lox tor browser integration - conjure maintenance Needs help with: dcf: 2023-06-08 Last week: - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… - commented on the snowflake tests with and without padding in China (which did not show signs of high packet loss this time) https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-06-08 Last week: - fix rdsys tests (rdsys!130) - brainstorm on meek-azure deprecation (team#30) - review 'more aggresive retry for dysfunctional bridges' (rdsys!107) Next week: - add i18n support in rdsys (rdsys#11) Shelikhoo: 2023-06-08 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - Snowflake Performance Analysis (Ongoing, https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Research about designing an armored bridge line sharing URL format (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126) - Webtunnel Document for bridge opertaors(container setup) Next Week/TODO: - webtunnel document for proxy operator <- immediate todo - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - logcollector alert system - Snowflake Performance Analysis onyinyang: 2023-06-08 Last week: - Moved Lox group to a rust workspace, now everything is at: https://gitlab.torproject.org/tpo/anti-censorship/lox-rs - Still Adding tests Lox distributor - Finished up changes to rdsys: - more aggressive `gone` labelling: This still needs some tweaks! This week: - with the new workspace in place, lox-distributor tests are moving along - reorganization of things within lox-rs (i.e., moving helper files etc. into lox_utils, adding documentation, pipelines, etc.) - tweak the `gone` resources from rdsys so that the lox-distributor can handle them appropriately - Look into a more reasonable way of storing Lox library data structures: - https://gitlab.torproject.org/onyinyang/lox/-/issues/2 - https://gitlab.torproject.org/onyinyang/lox/-/issues/3 - First change the vectors in the bridge_table to maps. (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice. Question: What makes a bridge useable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-06-08 Last week: - fixed snowflake pipeline due to outdated Debian image - continue working on rdsys#56 implementation. Still need to do the following: - finish up computing bridge distribution in Kraken - does it have to be deterministic? - does the disproportion have to be strictly followed - finish writing tests - refactor code because some functions are getting extremely long - what to do with stencil package? This week: - review MRs - continue working on rdsys#56 implementation. Still need to do the following: - fixed a problem with vanilla bridges not being added properly to the database - still working on tests - adding a migaration patch (https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/56#note_29…) hackerncoder: 2023-04-20 last week: - (py-)ooni-exporter torsf (snowflake) - (py-)ooni-exporter web_connectivity Next week: - work on "bridgetester"? - how does Iran block bridges? -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

Nina's report, May 2023
by Nina 06 Jun '23

06 Jun '23

Hi! This is my May 2023 report! In May, I resolved 722 tickets: On Telegram (@TorProjectSupportBot) - 501 On RT (frontdesk@tpo) - 200 Additionally, I also resolved some tickets on WhatsApp (+447421000612) and Signal (+17787431312) - 21. My three main directions of activity are: - helping users with censorship circumvention - sharing bridges, explaining other ways to connect to Tor; - getting users' feedback about what worked for them, what was their interaction with our services, what is their experience with censorship circumvention; - troubleshooting. The common issues here are using VPNs and bridges simultaneously, incorrect usage of bridges, Tor Browser and anti-viruses, Tor for iOS. The issue that popped up in May is OPPO phones and the "Proxy server refused connection" bug [1] [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41289

1 0

minutes from the sysadmin meeting
by Antoine Beaupré 05 Jun '23

05 Jun '23

Hello everyone, Here's your again regular dose of sysadmin meeting goodies. # Roll call: who's there and emergencies anarcat, gaba, lavamind. kez AFK. https://gitlab.torproject.org/tpo/tpa/team/-/issues/incident/41176 # Dashboard cleanup Normal per-user check-in: * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… (not checked) * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… General dashboards: * https://gitlab.torproject.org/tpo/tpa/team/-/boards/117 * https://gitlab.torproject.org/groups/tpo/web/-/boards * https://gitlab.torproject.org/groups/tpo/tpa/-/boards Delegated web dashboard review to gaba/anarcat sync on Thursday. We noticed we don't have the sponsor work in the roadmap page, we'll try to fix this shortly. # Vacations planning Discussed the impact of the unlimited PTO policy which, counter-intuitively, led some team member to schedule less vacation time. There are concerns that the overlap between anarcat and lavamind during the third week of july could lead to service degradation or delays in other deliverables. Both lavamind and anarcat have only scheduled "PTO" (as opposed to "AFK") time, so will be available if problems come up. There should probably be a discussion surrounding how emergencies and availabilities are managed, because right now it falls on individuals to manage this pressure and it can lead to people taking up more load than they can tolerate. # Metrics of the month * hosts in Puppet: 86, LDAP: 85, Prometheus exporters: 156 * number of Apache servers monitored: 35, hits per second: 652 * number of self-hosted nameservers: 6, mail servers: 8 * pending upgrades: 111, reboots: 2 * average load: 0.74, memory available: 3.39 TiB/4.45 TiB, running processes: 588 * disk free/total: 36.98 TiB/110.79 TiB * bytes sent: 316.32 MB/s, received: 206.46 MB/s * planned bullseye upgrades completion date: 2023-02-11 (!) * [GitLab tickets][]: 193 tickets including... * open: 0 * icebox: 147 * backlog: 22 * next: 9 * doing: 10 * needs review: 1 * needs information: 4 * (closed: 3164) [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards Upgrade prediction graph lives at https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bullseye/ The completion date is still incorrect, but at least it moved ahead in time (but is still passed). -- Antoine Beaupré torproject.org system administration

1 0

cohosh's monthly status report, May 2023
by Cecylia Bocovich 05 Jun '23

05 Jun '23

Hi! This is my status report for contract work done in May 2023. # Reputation-based bridge distribution - Summarized notes from the team meeting into a Roadmap for Lox https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/wikis/… - Made progress on reproducible builds of the lox client https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… - Started working on a wasm-bindgen project in tor-browser-build for generating the javascript bindings that the Lox client needs - Opened an issue to bump the version of Rust in tor-browser-build https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… - Reviewed Lox distributor merge requests # Conjure PT - Updated Conjure PT to use gotapdance v1.5.0 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - Prepared Conjure for usability testing https://gitlab.torproject.org/tpo/community/team/-/issues/88

1 0

Job Opening -- Android Developer
by Erin Wyatt 02 Jun '23

02 Jun '23

Hi everyone, We have a new opening for an Android Developer! If you are or know someone who would be a good fit and wants to join our awesome Applications Team, please apply/share. https://www.torproject.org/about/jobs/android-developer/ Have a nice weekend and thanks for helping us spread the word! :) Erin Wyatt Director of People Operations (she/her) ewyatt(a)torproject.org <mailto:ewyatt@torproject.org> PGP: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE https://www.torproject.org <https://www.torproject.org/> http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/ <http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/>

1 0

Rhatto's Monthly Status Report, May 2023
by rhatto 01 Jun '23

01 Jun '23

Hi all :) This is my monthly status report for May 2023 with the main activities I have done during the period. ## 0. Research * Completed a Tor Browser Quality Assurance for Onion Services (2023.Q2). Results were reported to the Applications Team. * Onion Plan: * Many updates! https://tpo.pages.torproject.net/onion-services/onionplan/ https://gitlab.torproject.org/tpo/onion-services/onionplan/activity * ACME for Onions (https://acmeforonions.org) evaluation. Still compiling a feedback to be sent later on. * The Onion Services Timeline now is part of The Onion Plan: https://tpo.pages.torproject.net/onion-services/onionplan/0%20-%20Introduct… Do you know about any relevant technology or event that changed the landscape of Onion Services? Please contact me so it can be included in the timeline :) ## 1. Development * Minor improvements at the eotk-get-logs-from-s3fs script: https://gitlab.torproject.org/tpo/onion-services/eotk-log-parser/-/blob/mai… * Minor EOTK pull requests with fixes and enhancements: * CDPATH fix: https://github.com/alecmuffett/eotk/pull/113 * Debian bullseye support: https://github.com/alecmuffett/eotk/pull/114 * Internal security policy work for Tor. ## 2. Support * Onion Services session at CryptoRave 2023 https://gitlab.torproject.org/tpo/community/outreach/-/issues/40026 * Created some "first contribution" issues for the "cebollitas" project: https://gitlab.torproject.org/tpo/onion-services/cebollitas/-/issues/?label… Those are good starting points if you want start doing Onion Service development. Please submit merge requests :) ## 3. Organization Time spent (from the total available for Tor-related work): | Category | Percentage |---------------|------------ | Research | 34 | Development | 8 | Support | 24 | Organization | 34 |---------------|------------ | Total | 100 -- Silvio Rhatto pronouns he/him

1 0

Anti-censorship team meeting notes, 2023-06-01
by Itchy Onion 01 Jun '23

01 Jun '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-06-01-15.58.log… And our meeting pad: ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, June 1 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == Our anti-censorship roadmap: Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards The anti-censorship team's wiki page: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home Past meeting notes can be found at: https://lists.torproject.org/pipermail/tor-project/ Tickets that need reviews: from sponsors, we are working on: All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… Sponsor 96 <-- meskio, shell, onyinyang, cohosh https://gitlab.torproject.org/groups/tpo/-/milestones/24 Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == Report of TLS-in-DTLS detection and throttling in China that affects Snowflake https://github.com/net4people/bbs/issues/255 Padding the first client→server send is reported to disrupt the packet size signature and avoid throttling https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://gitlab.torproject.org/dcf/snowflake/-/commit/01ac0373a887c63a325aad… The reporter on BBS says it started happening to them (in a non-Snowflake WebRTC proxy) around 2023-05-14. We have measurements of high packet loss rates in China from 2023-03-20, at least. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… shelikhoo will run packet loss tests with the padding patch and report the results Research about designing an armored bridge line sharing URL format https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126 we will not include forward error correction shelikhoo will do a test implementation (updated, discuss again) Update on Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… after a lot of research the proposed solution is to enable datagram transport on webrtc to deal with the packet loss situation that will convert webrtc into an unreliable channel, and snowflake will add reliability with kcp (maybe related to the first topic?) == Actions == == Interesting links == Large oscillations in relay users in China the past 6 weeks: https://people.torproject.org/~dcf/metrics-country.html?start=2023-03-01&en… == Reading group == We will discuss "" on Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-06-01 Last week: - revisited old snowflake shadow simulations work - opened an issue with shadow for supporting AF_NETLINK and produced a workaround - https://github.com/shadow/shadow/issues/2980 - updated sfnettools to work with the new verison of shadow - opened an issue for bumping the version of rust in tor-browser-build - worked on FOCI workshop prep - a little bit of conjure maintenance This week: - tidy up and share shadow simulations guide for PTs - Lox tor browser integration - conjure maintenance Needs help with: dcf: 2023-06-01 Last week: - commented on a second report of Avast antivirus blocking snowflake proxy connections https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - commented on the latest design for unreliable data channels in snowflake https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - made a patch that adds padding to attempt to work around snowflake throttling in China https://github.com/net4people/bbs/issues/255#issuecomment-1566227484 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-06-01 Last week: - fix bridgedb webtunnel implementation (rdsys#142) - deploy rdsys, bridgestrap and bridedb with webtunnel support - migrate missing repos from git.tpo to gitlab (team#86) - rename obfs4 into lyrebird (lyrebird#40010) - update BridgeDB dependencies to fix CVEs Next week: - add i18n support in rdsys (rdsys#11) Shelikhoo: 2023-06-01 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - Snowflake Performance Analysis (Ongoing, https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Trying to fix vantage point (Done) - Research about designing an armored bridge line sharing URL format (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126) Next Week/TODO: - webtunnel document for proxy operator <- immediate todo - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - logcollector alert system - Snowflake Performance Analysis onyinyang: 2023-05-25 Last week: - Added tests for Lox library and worked on doing the same for Lox distributor - Refactored rdsys metrics changes to prevent risk of testing in deployment - https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/122 - Looking into a more reasonable way of storing Lox library data structures: - https://gitlab.torproject.org/onyinyang/lox/-/issues/2 - https://gitlab.torproject.org/onyinyang/lox/-/issues/3 - Met with Ian & Vecna (MMath student) on possible future research directions for Lox: - https://pad.riseup.net/p/lox-tor-stuff-keep - Sent a follow up email to provide more info about tooling/infrastructure that _does_ exist to inform about blocked bridges This week: - Still Adding tests Lox distributor - Finish up changes to rdsys: - metrics: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/122 - more aggressive `gone` labelling to follow that being merged - Looking into a more reasonable way of storing Lox library data structures: - https://gitlab.torproject.org/onyinyang/lox/-/issues/2 - https://gitlab.torproject.org/onyinyang/lox/-/issues/3 - First change the vectors in the bridge_table to maps. (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice. Question: What makes a bridge useable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-06-01 Last week: - Holiday - Worked on rdsys#56 (https://gitlab.torproject.org/itchyonion/rdsys/-/tree/use-embedded-db?ref_t…) - Discussed about what attributes to use to identify a single bridge (decided to use fingerprint + transport) - Discussed about the role of the stencil package and whether we should keep using it (decided to compute bridge distribution in Kraken) This week: - fixed snowflake pipeline due to outdated Debian image - continue working on rdsys#56 implementation. Still need to do the following: - finish up computing bridge distribution in Kraken - does it have to be deterministic? - does the disproportion have to be strictly followed - - finish writing tests - refactor code because some functions are getting extremely long - what to do with stencil package? hackerncoder: 2023-04-20 last week: - (py-)ooni-exporter torsf (snowflake) - (py-)ooni-exporter web_connectivity Next week: - work on "bridgetester"? - how does Iran block bridges?

1 0

PieroV's Monthly Status Report, May 2023
by Pier Angelo Vendrame 01 Jun '23

01 Jun '23

Hi everyone! Here is my status report for May 2023. I spent almost the entire month rebasing Tor Browser and Mullvad Browser to Firefox 115, which will be the next ESR version from this June. I rebased all our patches and updated all the toolchains we use in our reproducible build system. I have a merge-request [0] for the first chunk of patches. The rest is still on work-in-progress branches. Desktop is already in a very good shape. Probably, we will need to update the Rust compiler again (to 1.70, published today), but it should be easy enough. Android will need a big rework, because Mozilla unified Android Components and Fenix in a single repository. At the moment, Dan is working on that. Since we were almost in sync with mozilla-central (Firefox's development repository), I took the occasion to try to upstream a few more patches, such as the one to allow using NSS to verify MAR signatures also on Windows and macOS [1]. Finally, I worked on the rebases for 12.0.6, 12.5a6, 12.0.7, 12.5a7 and helped with the various releases of May. Best, Pier [0] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [1] https://phabricator.services.mozilla.com/D177743

1 0

Snowflake tutorial notes
by Roger Dingledine 29 May '23

29 May '23

Hi folks, Micah and I did a session teaching people about Snowflake a few weeks back, and here are the notes that I wrote up for ourselves going into that session, in case they are useful to anybody in the future. (It was more of a decentralized peer-to-peer session so we don't have anything so organized as a slide deck.) It's separated into five main sections, with the goal that you can adapt how much time you spend on each section depending on the audience. Snowflake topics, 2023-05-15: (1) History and architecture Born out of the Flashproxy idea (PETS 2012), but Flashproxy didn't do nat piercing and didn't do webrtc <describe intuition around design> The basic idea is to handle DPI attacks by looking enough like WebRTC, and to handle IP enumeration attacks by having so many diverse and changing addresses that blocking them all is pointless. Started with Serene Han's OTF fellowship, then leaped forward again when we made an anti-censorship team and had Cecylia on it multiple components (more client interactions, more surface area for problems) - stun server for client to learn about connection info - domain front to reach broker - webrtc channel to volunteer proxy early engineering tradeoff: go-pion vs chrome's libwebrtc prateek at princeton wrote a short paper guessing some distinguishers that attackers could use. some of them turned out to be good guesses! used to use azure for the domain front, now use fastly Scaling to multiple snowflake back-end servers one in sweden one at umich now pushing >25terabytes/day of traffic (2) Real-world events - Russia censorship in Dec 2021 - spike in users, but block by webrtc DPI - Iran censorship in Oct 2022 - spike in users, but block by domain front https - #1 app in google play store, and also #2 app, for that day - China, works but sometimes quite slow - packet loss over the GFW leads to poor webrtc performance? ooni tests for snowflake, showing it working in most places including china (3) Ways to be a Snowflake volunteer - browser extension for Firefox, Chrome - and edge now? - headless go proxy for server people - Orbot has a 'kindness mode' - Brave ships the extension as of January - Mullvad considering something similar NAT piercing, kinds of volunteers >100k volunteers but the vast majority of them are the less useful kind gamifying the snowflake badge (4) developer side iptproxy wrapper in-process library for ios and android The Orbot 17.0 prerelease offers a better experience, since it is the first Orbot version to use snowflake-02 https://github.com/guardianproject/orbot/releases/tag/17.0.0-RC-1-tor.0.4.7… reliability layers: - turbotunnel - conflux - striping over multiple snowflakes data channel vs media webrtc channel -- impacts both realism and reliability domain fronting isn't the only signaling channel we could use orbot ships with google amp cache as an alternative channel we could also use dnstt or other ideas in the future surprises, e.g. people in censored countries becoming snowflake volunteers (5) future work, funding, community Reusing our Snowflake volunteer pool for other projects? Too risky because whichever project draws the most attention blocks the snowflake pool for everybody else Besides, you really (should) want the distributed-trust features of Tor, to keep your users and your Snowflakes safe. how to handle enumeration attacks on the broker? tension between really simple broker and handling more attacks future work: realistic behavior layer a la Raven future work: better user counting We currently suffer from the same user (under)counting issues as Tor Funding groups to run Snowflake volunteers? part of otf rapid response plan for iran, short term maybe future plans to fund groups too? but centralizing our snowflakes kind of defeats the point Other ideas for growing the community, e.g. integrating Snowflake into your project

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project