- tor-project - lists.torproject.org

OONI Monthly Report: February 2024
by Maria Xynou 15 Apr '24

15 Apr '24

Hello, This email shares OONI's monthly report for February 2024. *# OONI Monthly Report: February 2024* Throughout February 2024, the OONI team worked on the following sprints: * Sprint 110 (1st-11th February 2024) * Sprint 111 (12th - 25th February 2024) Our work can be tracked through the various OONI GitHub repositories: https://github.com/ooni Highlights are shared in this report below. *## New partnership with Digital Rights Foundation Pakistan* In February 2024, we had the opportunity to formally establish a partnership with Digital Rights Foundation ( https://digitalrightsfoundation.pk/) a leading digital rights organization in Pakistan. As part of this partnership, we aim to collaborate on the study of internet censorship. *## Published report on blocks in Pakistan ahead of 2024 elections* In February 2024, we published a report (based on OONI data) on the blocking of an investigative news platform (Fact Focus), as well as on the blocking of PTI political party websites in Pakistan leading up to the country’s 2024 general election. The report is available here: https://explorer.ooni.org/findings/108298926901 *## Published FOCI paper on EU internet sanctions on Russian media* In collaboration with researchers from the University of Illinois Chicago, the University of Twente and the University of Amsterdam, we co-authored a paper which analyzes how different ISPs in EU member states implement sanctions on Russian media. This paper (which made extensive use of OONI data) was published by FOCI in February 2024: https://petsymposium.org/foci/2024/foci-2024-0001.pdf SIDN Labs published a blog post, providing a summary of the paper: https://www.sidnlabs.nl/en/news-and-blogs/internet-sanctions-on-russian-med… This blog post was cross-posted on the OONI blog: https://ooni.org/post/2024-eu-sanctions/ *## OONI Probe Mobile* We released OONI Probe Mobile 3.8.6 on iOS: https://github.com/ooni/probe-ios/releases/tag/v3.8.6 The latest version includes an important fix for the data quality of the Signal Private Messenger App experiment results. The Signal experiment fix is also available in the latest versions of OONI Probe Android (3.8.6), OONI Probe Desktop (3.9.3), and OONI Probe CLI. As part of the OONI Probe iOS 3.8.6 release, we also fixed an issue with RTL language support on the iOS app (https://github.com/ooni/probe/issues/2578) and we made several other bug fixes and improvements. To enable the localization of Deutsche Welle’s News Media Scan app ( https://play.google.com/store/apps/details?id=com.dw.ooniprobe) we added support for Transifex in the app ( https://github.com/ooni/translations/pull/32) *## OONI Run* As part of our work on creating the next generation version of OONI Run (“OONI Run v2”), there were several key activities we undertook this month. The main highlight is that we officially started QA testing for the Android version of the new OONI Probe app that has both an improved UI and support for new OONI Run links. This is a big next step in the progress for this project! Thus far, we completed a major initial testing pass to test the new user-interface. We also started QA testing for the new OONI Run v2 dashboard, which will allow users to create and maintain their OONI Run links. Some other highlights worth noting: * We ensured alignment between the spec and backend ( https://github.com/ooni/backend/issues/787) and we refactored the API as a result (https://github.com/ooni/backend/issues/788) * We started implementing support for OONI Run v2 in the iOS app ( https://github.com/ooni/ooni.org/issues/1518) *## OONI Probe CLI* Most of the OONI Probe CLI development work in February 2024 was focused on continuing to bring Web Connectivity v0.5 to production (as documented further in the next section). We also: * Added Wikimedia DNS as a DNS-over-HTTPS session resolver ( https://github.com/ooni/probe/issues/2532) * Reworked the code to generate summaries and made it more robust and safe ( https://github.com/ooni/probe/issues/2667) * Improved building tor as a library to make it work under ArchLinux ( https://github.com/ooni/probe/issues/2651) * Reworked test case generation for our QA suite to reduce churn and simplify the process of spotting bugs ( https://github.com/ooni/probe/issues/2677) * Fixed a bug in the test lists Gardener script to avoid trusting a URL database that has become stale (https://github.com/ooni/probe/issues/2684) *## Creating a methodology for measuring throttling* To measure throttling more effectively, we need to ship Web Connectivity v0.5, which is based on an underlying measurement library specifically designed to collect additional throttling-related information and, more generally, easier-to-process measurements. To this end, we continued our efforts to ensure a high standard of data quality for Web Connectivity v0.5 and made progress on our plans for rolling it out to production. Specifically, we: * Fixed a regression introduced in a previous release where Web Connectivity v0.5 was missing network events ( https://github.com/ooni/probe/issues/2674) * Refined the functionality to read partial response bodies when interrupted by a timeout (https://github.com/ooni/probe/issues/2654) which is relevant for throttling. * Ensured Web Connectivity v0.5 counted the bytes sent and received ( https://github.com/ooni/probe/issues/2655) * Made some updates to the Web Connectivity v0.5 specification ( https://github.com/ooni/probe/issues/2666) * Added the `tcptls_experiment` tag that was missing in Web Connectivity v0.5 to be backward compatible with v0.4 ( https://github.com/ooni/probe/issues/2673) * Addressed an issue that left the `client_resolver` field empty to ensure backward compatibility with v0.4 (https://github.com/ooni/probe/issues/2676 ). * Addressed a list of to-do items to clean up, refactor and add tests to the codebase (https://github.com/ooni/probe/issues/2669) which included: * Implementing DNS cache expiration for the DNS whoami code used by Web Connectivity v0.5 so that we can periodically update our understanding of the DNS we’re using (https://github.com/ooni/probe-cli/pull/1499) * Using a random DNS-over-UDP resolver drawn from a list of well known resolvers (rather than using 8.8.4.4) in response to community feedback ( https://github.com/ooni/probe-cli/pull/1500) *## OONI Design System* As part of our work on the OONI design system ( https://github.com/ooni/design-system/) we upgraded dependencies and configured storybook to use Vite instead of Webpack ( https://github.com/ooni/design-system/pull/172) which makes Storybook faster and requires less configuration. We also replaced Eslint and Prettier with Biome for code linting and formatting ( https://github.com/ooni/design-system/pull/173) which is all part of maintenance work to simplify the repository. We explored different frameworks for building and maintaining frontend components. To this end, we created two different examples of Button component implementation, using two of the most popular approaches in 2024: * TailwindCSS as an example of utility-first CSS library, using Class Variance Authority (https://github.com/ooni/design-system/pull/170) * Vanilla-Extract as an example of zero-runtime CSS-in-TS ( https://github.com/ooni/design-system/pull/171) *## OONI Explorer* To identify which censorship findings would be most useful (for the internet freedom community) to present on OONI Explorer ( https://explorer.ooni.org/) we organized a user research study ( https://github.com/ooni/ooni.org/issues/1543) so that we can better understand the habits and needs of our community (and determine how best to present this information on OONI Explorer). In February 2024, we drafted and finalized the user research survey, and we prepared for the user research interviews. We disseminated the survey and conducted user research interviews in March 2024. *## Test list updates* Ahead of Pakistan’s 2024 general elections, we updated the Citizen Lab test list for Pakistan: https://github.com/citizenlab/test-lists/pull/1651 *## Research collaborations with partners on upcoming reports* In February 2024, we continued to coordinate with our partners on research efforts required for upcoming research reports. Specifically, we coordinated with our partners on extensive updates to the Citizen Lab test lists for Russia, Kazakhstan, Bangladesh, and Iran. Each of these test list updates has a thematic focus based on the specific research questions of each (upcoming) research report. *## Planning the OONI Partner Gathering 2024* In preparation for the upcoming OONI Partner Gathering in Malaysia in May 2024, we continued to coordinate with the travel agency on booking flights for participants and other travel logistics. We also continued to coordinate with participants and the hotel on numerous other logistics. *## Updated the OONI Data Policy* On 23rd February 2024, we updated the OONI Data Policy: https://ooni.org/about/data-policy As part of this update, we replaced the use of Matomo analytics with Umami analytics. The Data Policy changes are visible here: https://github.com/ooni/ooni.org/pull/1550/files *## Rapid response efforts### Blocking of TikTok in Senegal* Starting from (at least) 25th January 2024, OONI data suggests that Senegal had been blocking access to TikTok. OONI data shows that the block was primarily visible on Sonatel (AS8346), and appears to have been implemented by means of TLS interference. In response, we posted about the block on Twitter/X ( https://twitter.com/OpenObservatory/status/1754944166130327716) and we shared relevant OONI data with local partners and advocacy groups. *### Unblocking of social media in Guinea* On 23rd February 2024, we reported the unblocking of social media platforms in Guinea on Twitter/X ( https://twitter.com/OpenObservatory/status/1761049064752177282) and shared relevant OONI data and information with advocacy groups. We had previously published a report on the blocking of social media platforms in Guinea, sharing OONI data on the blocking of WhatsApp, Telegram, Facebook, Twitter, Instagram, and YouTube ( https://explorer.ooni.org/findings/296303006301) OONI data shows that the blocks lasted between 24th November 2023 to 22nd February 2024. *## OONI citations### Tor Project blog post about defending internet freedom during elections in 2024* In February 2024, the Tor Project published a blog post about defending internet freedom with Tor during elections in 2024. As part of this blog post, they cite OONI research reports documenting censorship events that emerged during previous elections in countries around the world, and encourage the use of OONI tools and data. Their blog post is available here: https://blog.torproject.org/2024-defend-internet-freedom-during-elections/ *### CPJ statement on West African lawsuit against Senegal internet shutdowns* In February 2024, the Committee to Protect Journalists (CPJ) published a statement on the lawsuit filed against Senegal at the Economic Community of West African States (ECOWAS) Court of Justice challenging Senegal’s internet shutdowns in 2023. This statement cites OONI’s research report, which documented social media blocks and network outages in Senegal during political unrest in 2023 ( https://ooni.org/post/2023-senegal-social-media-blocks/) CPJ’s statement is available here: https://cpj.org/2024/02/cpj-welcomes-west-african-lawsuit-against-senegal-i… *## OONI Community Meeting* On 27th February 2024, we hosted the monthly OONI Community Meeting on our Slack channel (https://slack.ooni.org/) The topic of this meeting was “Litigation against internet censorship and shutdowns”, and we invited the following speakers: * Natalia Krapiva, Tech-Legal Counsel, Access Now * Toby Mendel, Executive Director of the Centre for Law and Democracy * Yelzhan Kabyshev, Director, Internet Freedom Kazakhstan (IFKZ) * Unggul Sagena, Head of Internet Access Division, Southeast Asia Freedom of Expression Network (SAFEnet) As part of this meeting, our invited guests shared their experiences from litigating against cases of internet censorship and internet shutdowns, while other community members who participated in the meeting shared questions (https://pad.riseup.net/p/ooni-community-meeting-keep) *## Measurement coverage* In February 2024, 57,616,784 OONI Probe measurements were collected from 2,981 networks in 173 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on “monthly coverage worldwide”): https://explorer.ooni.org/ ~ OONI team.

1 0

OONI Monthly Report: January 2024
by Maria Xynou 15 Apr '24

15 Apr '24

Hello, This email shares OONI's monthly report for January 2024. *# OONI Monthly Report: January 2024* Throughout January 2024, the OONI team worked on the following sprints: * Sprint 108 (1st - 14th January 2024) * Sprint 109 (15th - 28th January 2024) Our work can be tracked through the various OONI GitHub repositories: https://github.com/ooni Highlights are shared in this report below. *## Published report on news media censorship in Bangladesh during 2024 elections* In January 2024, we published a short report documenting the blocking of news media websites in Bangladesh (based on OONI data) amid the country’s 2024 general elections. The report is available here: https://explorer.ooni.org/findings/11686385001 *## OONI Probe Mobile* We released OONI Probe Mobile 3.8.6 on Android: https://github.com/ooni/probe-android/releases/tag/v3.8.6 This release includes an important fix for the data quality of the Signal Private Messenger App experiment (https://ooni.org/nettest/signal) results. It also ensures that the measurement engine is synced with OONI Probe CLI v3.20.0, and it includes several bug fixes and improvements. *## OONI Run* As part of our work on creating the next generation version of OONI Run (“OONI Run v2”), there were several key activities we undertook this month. Specifically, we continued to work towards achieving a ‘feature complete’ status for the Android application so that we can begin end-to-end testing. This included focusing on finishing the initial implementation of the add link flow, including addressing some feedback from early testing ( https://github.com/ooni/probe/issues/2595) We worked on implementing the dashboard link loading and we reviewed the updates ( https://github.com/ooni/probe/issues/2594) and we continued to work on the dashboard (https://github.com/ooni/run/pull/131) which is now ready for testing. Additionally, we enumerated the remaining backend work we need to complete as part of this project ( https://github.com/ooni/ooni.org/issues/1519) *## OONI Probe CLI* Most of the development work in January 2024 was focused on bringing Web Connectivity v0.5 to production (as documented in the next section below). In addition to this work, we reworked the output of the DNS Ping experiment to make it more actionable (https://github.com/ooni/probe-cli/pull/1444) by taking into account specific feedback provided by community members. We also increased the robustness of the internal libtor package to prevent concurrent tor instances, which would lead to a crash because libtor uses several shared, unlocked, global data structures ( https://github.com/ooni/probe-cli/pull/1445) This issue emerged while debugging Tor Snowflake experiment crashes ( https://github.com/ooni/probe/issues/2406) While addressing this issue is not enough to prevent crashes (given that we were not running libtor concurrently anyway), we tried to structurally prevent this from happening directly inside the libtor codebase. *## Creating a methodology for measuring throttling* To measure throttling more effectively, we need to ship Web Connectivity v0.5, which is based on an underlying measurement library specifically designed to collect additional throttling-related information and, more generally, easier-to-process measurements. To this end, in the previous month we ensured that Web Connectivity v0.5 produced the same results as version v0.4 (the one currently running in production) for all test cases in our QA suite. In January 2024, we continued this work by fixing additional data quality issues affecting Web Connectivity v0.4 and v0.5 so that when we release Web Connectivity v0.5, we are sure there are hopefully no regressions and only improvements. Specifically, we: * Ensured that the data analysis engine used by Web Connectivity v0.5 behaves correctly and detects multiple cases of blocking ( https://github.com/ooni/probe/issues/2640) While the overall result of the experiment uses a logic that is still compatible with v0.4, the result also contains flags indicating all the anomalies observed. For example, as part of the same measurement, OONI could detect both DNS and TLS interference. * Enumerated and fixed a number of edge cases where otherwise the measurement result would have been inaccurate, including cases where (a) a domain does not exist anymore but there’s still DNS censorship returning the IP address where a blockpage is hosted and (b) domains for which there are no A or AAAA records, which are now correctly recognized as not accessible and not blocked (https://github.com/ooni/probe/issues/2652) * Handled more cases where a website is not TCP or TLS reachable, which are now marked as not accessible, not blocked ( https://github.com/ooni/probe/issues/2299) * Ensured that IDNA (Internationalized Domain Names) are handled correctly by adding test cases and fixes (https://github.com/ooni/probe/issues/1925) * Added test cases to avoid flagging TCP blocking when IPv6 is available but there are no IPv6 routes (https://github.com/ooni/probe/issues/2456) * Ensured that cases where a website address is a loopback address (due to censorship or misconfiguration) are handled correctly ( https://github.com/ooni/probe/issues/1517) * Ensured that v0.5 does not include cached DNS responses to avoid confusing pipelines processing OONI data ( https://github.com/ooni/probe/issues/1530) * Fixed a bug where v0.5 was not able to correctly process URLs containing IPv4 or IPv6 addresses (https://github.com/ooni/probe/issues/1511) In addition to the code and test case changes described above, we also verified ~40 data quality issues and we started sketching out fixes for other outstanding issues. All the data quality issues that we vetted and closed in January 2024 can be found here: https://github.com/ooni/probe/issues?q=is%3Aissue+label%3A2024-01-data-qual… *## OONI Explorer* In January 2024, we worked on updating dependencies for OONI Explorer ( https://github.com/ooni/explorer/issues/901) and we started working towards building design system components ( https://github.com/ooni/design-system/issues/168) We also started working towards presenting thematic censorship findings on OONI Explorer through brainstorming sessions to discuss the potential scope of work and agree on next steps. *## OONI Backend* We made significant progress on coming up with a plan about the future of OONI infrastructure. Specifically, we started exploring several solutions for having a better pattern for deploying frontend and server-side components. As part of this work, we carried out an internal survey with our development team. After experimenting with several different solutions, we concluded that it’s probably ideal to go for an approach which can be adopted iteratively and that connects well with the existing patterns. We will therefore have a system for defining our infrastructure as code and start using (where it makes sense) more cloud infrastructure ( https://github.com/ooni/backend/issues/785) We also started making a big refactor of backend components to make it easier to deploy our OONI data analysis tool (https://github.com/ooni/data) as part of the OONI backend (https://github.com/ooni/backend/pull/791) *## Test list updates* Throughout January 2024, we coordinated with community members on updating the Citizen Lab test lists and we reviewed many pull requests. These include: * Updates to the Bangladesh test list ahead of the country’s January 2024 general elections (https://github.com/citizenlab/test-lists/pull/1544, https://github.com/citizenlab/test-lists/pull/1543, https://github.com/citizenlab/test-lists/pull/1531) * Updates to the Indonesian test list ( https://github.com/citizenlab/test-lists/pull/1527) * Updates to the Japanese and Global test lists ( https://github.com/citizenlab/test-lists/pull/1504, https://github.com/citizenlab/test-lists/pull/1511) * Updates to the Philippines test list ( https://github.com/citizenlab/test-lists/pull/1461, https://github.com/citizenlab/test-lists/pull/1559) * Updates to the Senegalese test list ( https://github.com/citizenlab/test-lists/pull/1600, https://github.com/citizenlab/test-lists/pull/1602) * Updates to the Thai test list ( https://github.com/citizenlab/test-lists/pull/1521) *## Research collaborations with partners on upcoming reports* In January 2024, we coordinated with the Tor Project on signing Fixed Award Agreements (FAAs) with 4 of our local partners to financially support their contributions to upcoming research reports (as part of a DRL grant). This officially initiated the research collaborations, and we started collaborating with our partners on several research reports. Specifically, we started this research process by finalizing the research scope for each of the upcoming reports, and collaborating with our partners on updating the Citizen Lab test lists for Russia, Kazakhstan, Bangladesh, and Iran. Each of these test list updates has a thematic focus based on the specific research questions of each (upcoming) research report. *## Planning the OONI Partner Gathering 2024* We are excited to share that on 8th and 9th May 2024, we will host an in-person OONI Partner Gathering in Kuala Lumpur, Malaysia. As part of this 2-day event, we will bring our partners (primarily from Asia and the Middle East) together to share skills and knowledge on internet censorship research. The goal of the event is to strengthen regional and global collaboration on censorship measurement research and advocacy. To host this event, we had previously (in 2023) carried out all the necessary fundraising and logistical planning work. As we were not able to reach the target overall budget that would have allowed us to bring all our partners from around the world, we decided to limit the scope of the event primarily to our partners from Asia and the Middle East (while also inviting some of our international partners, whose work is relevant/important to our regional partners). We decided this because countries in Asia and the Middle East experience the most pervasive forms of internet censorship (and we therefore prioritized these regions over other regions which experience less internet censorship). In an effort to ensure that the OONI Partner Gathering is hosted in a location that is as visa-friendly as possible for our participants, we developed a script which identifies such locations based on various parameters, such as visa requirements, safety index, and flight travel time (https://github.com/hellais/global-gather) Based on this data-driven approach, Malaysia was identified as one of the top visa-free countries in the world for our specific list of participants. This was another reason why we decided to limit the event primarily to our partners from Asia. That said, we hope to host additional OONI Partner Gathering events for our partners in Africa and Latin America over the next few years. In January 2024, we sent official invitations (along with a Concept Note) to our partners from Asia (Southeast Asia, South Asia, East Asia, Central Asia), the Middle East, and to some of our international partners. We also started coordinating with a travel agency on the booking of flights, with the hotel on the booking of rooms and meeting spaces, and on a number of other logistics. We expect to welcome 46 participants at the OONI Partner Gathering in May 2024. *## OONI workshops and presentations### OONI training for Digital Rights Foundation Pakistan* On 12th January 2024, OONI’s Elizaveta hosted an online OONI workshop for Pakistan’s Digital Rights Foundation (https://digitalrightsfoundation.pk/) training their team members on how to use OONI tools in preparation for Pakistan’s upcoming 2024 elections. The goal of this training was to enable Digital Rights Foundation to train local journalists on how to use OONI tools to measure and monitor censorship events. *### OONI Q&A for BebasID Indonesia* On 12th January 2024, OONI’s Elizaveta and Simone hosted an online OONI Q&A session with the BebasID community in Indonesia (https://bebasid.com/) As part of this session, we answered questions regarding the use of OONI tools, we collected community feedback, and we discussed the current state of internet censorship in Indonesia with the BebasID community. *### OONI training for human rights advocates in Senegal* Between 16th-18th January 2024, OONI’s Elizaveta co-hosted a 3-day hybrid training for human rights advocates in Dakar, Senegal. We organized this training in collaboration with our local partners, Computech ( https://computechinstitute.com/) and Jonction ( https://jonction.e-monsite.com/) and the event was possible thanks to support from Access Now. The goal of the training was to share OONI skills and knowledge that would enable Senegalese human rights advocates and trainers to run OONI workshops for their communities in 5 different regions of Senegal. As part of this training, Elizaveta facilitated the following sessions: * Introduction to Internet Censorship * Using OONI Probe and OONI Run: Hands-on workshop * Updating the Senegalese test list: Hands-on workshop * Using OONI Explorer: Hands-on workshop As part of this training, the participants created the programmes for their own training and scheduled them for January and February 2024. Overall, the goal was to enable local Senegalese trainers and human rights defenders to lead and facilitate OONI censorship measurement workshops in their communities in preparation for the country’s 2024 elections. *### OONI presentation at IAB Workshop on Barriers to Internet Access of Services (BIAS)* On 17th January 2024, OONI’s Simone presented our research report on how internet censorship in Russia changed during the first year of military conflict in Ukraine ( https://ooni.org/post/2023-russia-a-year-after-the-conflict/) as part of the IAB Workshop on Barriers to Internet Access of Services (BIAS), 2024 ( https://datatracker.ietf.org/group/biasws/about/) The presentation is available on YouTube: https://youtu.be/rz2qkRfaNVE?si=i33_45UTX96Vs21z&t=3404 *## Activities by the OONI community### OONI workshop by Digital Rights Foundation for journalists in Pakistan* In January 2024, our partner, Digital Rights Foundation ( https://digitalrightsfoundation.pk/) facilitated two workshops for 60 journalists in Pakistan in preparation for the country’s 2024 elections. As part of this workshop, Digital Rights Foundation introduced participants to OONI tools and encouraged them to run OONI Probe tests leading up to the election. As part of their 2024 election monitoring efforts, Pakistan’s Digital Rights Foundation encouraged the use of OONI Probe as part of their ElectionDesk resource: https://election2024.digitalrightsfoundation.pk/internet-shutdowns/ *### OONI training by Digital Rights Lab for journalists in Sudan* On 13th January 2024, our partner, Digital Rights Lab Sudan ( https://ooni.org/partners/drlab/) facilitated online OONI training sessions in Arabic for journalists in Sudan. As part of the training sessions, they introduced participants to OONI tools and internet measurement. *### OONI training by Computech and Jonction in Senegal* On 27th January 2024, our partners, Computech ( https://computechinstitute.com/) and Jonction ( https://jonction.e-monsite.com/) hosted an OONI training session in Saint Louis, Senegal. This training (run by local trainers) included hands-on workshops on using OONI Probe and OONI Run. *### OONI training by Advocacy Assembly fellow for human rights defenders in Sierra Leone* On 29th January 2024, the Center for Advocacy and Sustainable Empowerment hosted an in-person workshop in Bo, Sierra Leone, as part of the Advocacy Assembly Internet Shutdown Mentored Training Program ( https://advocacyassembly.org/en/news/236) As part of this workshop, they introduced participants to OONI tools. OONI’s Elizaveta joined this workshop for the online Q&A session to address participants’ questions in relation to OONI’s work and tools. *## OONI Community Meeting* On 30th January 2024, we hosted the monthly OONI Community Meeting on our Slack channel (https://slack.ooni.org/) during which we discussed the following topics: Preparing for elections in 2024: How to monitor and respond to censorship events Improving OONI Explorer: Request for community feedback on needs and challenges *## Measurement coverage* In January 2024, 64,404,108 OONI Probe measurements were collected from 3,028 networks in 167 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on “monthly coverage worldwide”): https://explorer.ooni.org/ ~ OONI team.

1 0

ebanam's monthly status report and user support report for March 2024
by ebanam 08 Apr '24

08 Apr '24

Hello all, Last month we saw a massive uptick in support requests from Chinese speaking users due the outreach work[0]. Helped users with troubleshooting and using pluggable transport that works best for them. With three Tor Browser stable releases, much of my work went into post-release user support work. We got a number of reports about the Snowflake domain fronting issue with Fastly[1], which was fixed with Tor Browser 13.0.11. We got a few questions about the removal of automatic onionsite prioritization[2] with Tor Browser 13.0.12. In terms of documentation, I added a unified section about installing little-t-tor (tor the network daemon) to our support portal[3]. Following is a thorough breakdown of tickets our user support team handled in March: # Frontdesk (email support channel) * 645(↑) RT tickets created * 617(↑) RT tickets resolved Tickets by numbers: 1. 292(↑) RT tickets: private bridge requests from Chinese speaking users. 2. 154(↑) RT tickets: circumventing censorship in Russian speaking countries. 3. 23 RT tickets: Snowflake domain fronting issue with Fastly. 4. 10(↓) RT tickets: private bridge and help with circumventing censorship requests from regions where Tor is not blocked. The issues were mostly resolved by troubleshooting and analysing Tor logs and the issues ranged from - firewall, VPN & antivirus interrupting the connection to having an incorrect system clock. 5. 5 RT tickets: Reports of websites blocking Tor. 6. 3 RT tickets: Questions about removal of automatic .onion site prioritization in Tor Browser. 7. 3 RT tickets: Help with installing Tor Browser on Linux. 8. 2(↓) RT tickets: circumventing censorship with Tor in Farsi. Highlighting some other topics we received questions and feedback: 9. Help with verifying Tor Browser's signature. 10. Question if Tor Browser can be installed on Chromebooks[4] 11. Report of an app on iOS App Store masquerading as Tor Browser. 12. Troubleshooting Tor Browser post-update on Windows. Issue with anti-virus software flagging Tor Browser. 13. Troubleshooting Tor Browser install on macOS. User was on a very old and unsupported version of macOS. 14. Questions about how to get started with Tor Browser after installation[5]. # Telegram, WhatsApp and Signal Support channel * 628(↑) tickets resolved Breakdown: * 592(↑) tickets on Telegram * 35(↑) tickets on WhatsApp * 1(↓) ticket on Signal Tickets by numbers: 1. 351(↑) tickets: circumventing censorship in Russian speaking countries. 2. 57(↑) tickets: circumventing censorship with Tor in Farsi. 3. 49(↑) tickets: private bridge requests from Chinese speaking users. 4. 14 tickets: Which Tor apps to install on iOS and questions about Onion Browser and Orbot for iOS. 5. 3 tickets: Snowflake domain fronting issue with Fastly. Highlighting some other topics we received questions about: 6. 2 tickets: Reports of onion services (not maintained by us) being offline. We asked the users to contact the concerned onion service maintainers. 7. 2 tickets: Help with GPG signature verification while installing Tor Browser. 8. 2 tickets: Instructions on how to fetch latest Tor Browser binaries from GetTor. 9. Help with troubleshooting Tor Browser for Android. 10. Help with using bridges with Tor Browser on TailsOS. 11. Help with installing Tor Browser on Linux (ArchLinux). 12. Question whether Tor Browser is supported on AndroidTV. # Highlights from the Tor Forum 1. Snowflake add-on no longer listed on addons.mozilla.org[6]. 2. iPad: Need Help With Download & Installation (Onion Browser and Orbot)[7]. 3. Removal of automatic .onion site prioritization in Tor Browser[8]. 4. (Fix) Problems with Snowflake since 2024-03-01: "broker failure Unexpected error, no answer."[9] Thanks! e. Note: (↑), (↓) and (-) are indicating if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively. [0]: https://github.com/torproject/tor4zh/ [1]: https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/135 [2]: https://blog.torproject.org/new-release-tor-browser-13012/ [3]: https://support.torproject.org/little-t-tor/install-little-t-tor/ [4]: https://support.torproject.org/tbb/tbb-15/ [5]: https://tb-manual.torproject.org/running-tor-browser/ [6]: https://forum.torproject.org/t/snowflake-add-on-no-longer-listed-on-addons-… [7]: https://forum.torproject.org/t/ipad-need-help-with-download-installation/11… [8]: https://forum.torproject.org/t/connect-to-onion-when-available/12134 [9]: https://forum.torproject.org/t/fix-problems-with-snowflake-since-2024-03-01…

1 0

Job Opportunities: Individual Giving Manager, Product Designer, and User Research Coordinator
by Patricia Robinson 04 Apr '24

04 Apr '24

** *Hi Everyone!* * We have new job openings for an Individual Giving Manager, Product Designer, and User Research Coordinator. https://www.torproject.org/about/jobs/individual-giving-manager/ <https://www.torproject.org/about/jobs/individual-giving-manager/> https://www.torproject.org/about/jobs/product-designer/ <https://www.torproject.org/about/jobs/product-designer/> https://www.torproject.org/about/jobs/user-research-coordinator/ <https://www.torproject.org/about/jobs/user-research-coordinator/> If you are or know someone who would be a good fit and wants to join our team, please apply/share. Have a great weekend and thanks for helping us spread the word! :) Cheers, Patricia Robinson *

1 0

Nina’s Monthly Status Report: March 2024
by Nina 04 Apr '24

04 Apr '24

Hi! Below is my March’24 report! In March, I resolved 571 tickets: On Telegram (@TorProjectSupportBot) - 405 On RT (frontdesk@tpo) - 154 On WhatsApp (+447421000612) - 11 and on Signal (+17787431312) - 1. My main focus remains the same - I help Russian-speaking users use Tor Browser and circumvent internet censorship; I also test and report bugs that users find and share with me. There were presidential elections in March in Russia, so to prepare for the event, I reviewed and improved existing user support templates we use on Frondesk, Telegram, WhatsApp, Signal, and the guide in Russian in the Torforum. Also, at the beginning of March, I helped to find an issuewith Snowflakefront domains[1] and prepared a workaroundtemplatein Russianto help users fix the problem manually before the problem was solved in aTor Browseremergency release [2]. I reportedthe issue of Tor Browser for macOS not working after being downloaded from our telegram bot (https://t.me/ <https://t.me/gettor_bot>gettor_bot <https://t.me/gettor_bot>) by gathering users' feedback and testing myself [3]. [1] https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/135 [2] https://blog.torproject.org/new-release-tor-browser-13011/ [3] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…

1 0

cohosh's monthly status report, March 2024
by Cecylia Bocovich 03 Apr '24

03 Apr '24

Hi! This is my status report for contract work done in March 2024. # Snowflake development The major updates to Snowflake I worked on this month were reviewing an deploying some SQS rendezvous fixes and improvements, and updates to our distributed bridge lines to account for an issue with the front domain we were using. There were also some fixes to the Shadow integration tests. These were rolled out in v2.9.2 - SQS queue work - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - shadow integration fixes - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - released snowflake v2.9.2 - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… # Snowflake web extension We've been updating our publishing process since Mozilla modified the review procedure for their addon store. This has required several back-and-forth discussions with reviewers and some modifications to our packaging preparation. - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… # Reputation-based bridge distribution Our implementation of Lox is undergoing some improvements and fixes as we encounter bugs from its deployment. The major changes from me this month were some refactoring for code quality, more and an overhaul of the encrypted bridge table. - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/143 - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/144 - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/147 # Domain fronting At the very beginning of the month, we had an issue with the front domain we were using for most of our anti-censorship tools and services: https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/135 Addressing this issue required various updates to recover. - https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… - set up new domain fronting accounts for meek and conjure - coordinated with a new meek bridge operator and debugged their setup # Conjure Mainly just did some bridge maintenance and added an IP to the bridge config for a moved station.

1 0

Rhatto's Monthly Status Report, March 2024
by rhatto 01 Apr '24

01 Apr '24

Hi all :) This is my monthly status report for March 2024 with the main relevant activities I have done during the period. ## 0. Research * Tor Browser Quality Assurance for Onion Services (TB .onion QA) - 2024.Q1: * In the 2024.Q1 period, the TB .onion QA had the following output: * 9 Tor Browser versions were formally tested. * No serious issues were found affecting onionsites. * A few minor issues were identified and need further investigation or be reported to the browser team. * Versions tested ranged from 13.09 to 13.0.13 and from 13.5a3 to 13.5a6. * Did some internal Onion Planning. ## 1. Development * The Onion Services Ecosystem documentation is now available at the Community Portal: https://community.torproject.org/onion-services/ecosystem An alternative URL is still available at https://tpo.pages.torproject.net/onion-services/ecosystem Details at https://gitlab.torproject.org/tpo/onion-services/ecosystem/-/issues/1 * Onionspray. * Released the 1.6.1 version: * https://lists.torproject.org/pipermail/tor-announce/2024-March/000313.html * https://forum.torproject.org/t/onionspray-release-1-6-1/12083 * Onionspray Log Parser: * Renamed eotk-log-parser to onionspray-log-parser: https://gitlab.torproject.org/tpo/onion-services/onionspray-log-parser/-/is… * Added support for aggregating page hits with the same circuit ID. * Launched version 1.0.0 (nothing special with this number, it just means that there was a backward-incompatible change from previous versions). ## 2. Support * Ongoing sponsored work with deployment, maintenance and monitoring of Onion Services. * Did some other support related to setting up Onion Services. ## 3. Organization Time spent (from the total available for Tor-related work): | Category | Percentage |---------------|------------ | Research | 21 | Development | 2 | Support | 54 | Organization | 23 |---------------|------------ | Total | 100 -- Silvio Rhatto pronouns he/him

1 0

PieroV's Monthly Status Report, March 2024
by Pier Angelo Vendrame 01 Apr '24

01 Apr '24

Hi everyone, here is my status report for March 2024. This month, I continued the rebase on the Firefox Rapid Release channel. I've arrived on par with mozilla-beta, i.e., I have a branch based on Firefox 125b, and I'm following that channel. I'm trying to rebase my branch onto each beta tag. I've also fixed the various build and runtime errors, and the branch can be built and used (even though this is seriously discouraged as it hasn't been reviewed and we haven't done our audit work yet). However, this is quite reassuring because it reduces the uncertainty of our ESR transition work. I've opened an issue [0] to document this process and all the conflicts I had to merge manually, both trivial and non-trivial. At a certain point, while working on this task, I implemented a script that act as a helper for our usual rebase review procedures [1]. I'm sure it has a lot of margin for improvement, but it should handle our most common cases. My idea is to use it also for the script to perform continuous automatic rebases of our branches. I wrote a proof of concept in 30 minutes, but nothing was ready for production and/or publication. Still, I'm very excited by the possibilities of automation we could implement. Apart from that, I worked on refactoring our TorConnect module [2]. I started it to fix an issue detected by the linter we've had for one year and a half [3]. It was not trivial to fix, and eventually, I ended up reorganizing the whole file, even though the contents haven't changed much. At the end of the month, I also opened another merge request specifically for error handling [4]. Together, they should hopefully help the further Android developments other apps team members are working on. Finally, I worked on some issues about fingerprinting vectors and helped with our March releases. Best, Pier [0] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42441 [1] https://gitlab.torproject.org/pierov/lazy-scripts/-/blob/main/diff-of-diffs… [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41114 [4] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests…

1 0

Anti-censorship team meeting notes, 2024-03-28
by Shelikhoo 28 Mar '24

28 Mar '24

Hey everyone! Here are our meeting logs: https://paste.debian.net/1312310/ And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, Apr 04 16:00 UTC Facilitator: onyingyang Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == * Latest snowflake addon reviewer feedback requires a consent prompt for the collection of personal data * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… == Actions == == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-03-28 Last week: - debugged some issues with conjure and added a new station to the allowed-ips at the server - set up new domain fronting accounts for meek and conjure - updated torrc files - worked on some shadow network model updates - resumed work on adding a consent prompt for the snowflake addon - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… This week: - address latest review comments for snowflake addon - work on reproducing some reported SQS errors and open a public issue for it - update wasm-bindgen fork to fix some bugs and hopefully upstream changes - tor-browser-build updates for lox wasm + bindings generation Needs help with: dcf: 2024-03-21 Last week: - reviewed a snowflake-webext README fix https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - merged some missing commits from meek gitolite into gitlab https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek… Next week: - review draft MR for unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker - move snowflake-02 to new VM Help with: meskio: 2023-03-21 Last week: - captcha moat in rdsys (rdsys#182) - prometheus metrics for moat in rdsys (rdsys#124) - deploy rdsys and bridgestrap testing bridges every hour (bridgestrap#39) - fix and publish obfs4-bridge docker image for armv7 (docker-obfs4-proxy#18) - fix bugs introduced by me in bridgestrap (bridgestrap#41) Next week: - persistency for resources in rdsys (rdsys#56) Shelikhoo: 2024-03-28 Last Week: - [Merge Request Done] Add WebTunnel Client Support Integration to lyrebird (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre…) - [Merge Request WIP] Add Container Image Mirroring from Tor Gitlab to Docker Hub(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/… - [Merge Request] Update lyrebird version to v0.2.0 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre… - [Merge Request] Rename Stable Container Tags to Latest https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Prepare for 3-min presentation - Prepare for the discussion session - Merge request reviews Next Week/TODO: onyinyang: 2023-03-14 Last week(s): - continued prep for HACS/DRL meeting - Sync-test rebase This week: - continue prep for HACS/DRL meeting - Attend HACS, then RWC, then DRL meeting (later things) - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum - attempt hyper upgrade again (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2023-03-14 Last weeks: - Created a setup for extracting fingerprints from DLTS handshakes and analyzed the previous webrtc/dtls data sets from https://github.com/kyle-macmillan/snowflake_fingerprintability. Found more fingerprints than presented in the original paper, but the fingerprints are not present in newer snowflake versions. - Contacted Sean DuBois at Pion, he is very supporting of the project and happy to merge features related to anti-censorsip - Started on a setup for collecting DTLS handshakes to be used for mimicking - Exploring and planning features for anti-fingerprinting techniques to implement in the Pion lib. Next weeks: - Creating a setup for generating DTLS handshakes of web-browsers with selenium/playwright. This will hopefully generate common handshakes/fingerprints Help with:

1 0

Retirement of Gitolite and GitWeb started, please migrate by end of year
by Antoine Beaupré 26 Mar '24

26 Mar '24

Hi, Gitolite (`git.torproject.org` and `git-rw.torproject.org`) and GitWeb (<https://gitweb.torproject.org>) will be fully retired within 9 to 12 months (by the end of Q2 2024). TPA will implement redirections on the web interfaces to maintain limited backwards compatibility for the old URLs. Start migrating your repositories now by following the [migration procedure][], and please complete the migration by the end of year 2023. See the full discussion in [TPA-RFC-36][]. [migration procedure]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/git#how-to-migrate… [TPA-RFC-36]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-36-gitoli… A. -- Antoine Beaupré torproject.org system administration

1 2