tor-project

tor-project@lists.torproject.org

16 participants
2324 discussions

Tails report for February 2023
by intrigeri 14 Mar '23

14 Mar '23

Hi, Tails report for February 2023 <https://tails.boum.org/news/report_2023_02/> Highlights * @bokonon <https://gitlab.tails.boum.org/bokonon>joined our team, as our Fundraising Lead. bokonon will help us develop and grow our fundraising initiatives, to support the work we do to accomplish ourmission <https://tails.boum.org/contribute/mission/>. * We prepared usability tests planned in Ecuador in March. Releases Wereleased Tails 5.10 on February 16 <https://tails.boum.org/news/version_5.10/index.en.html>. As part of our focus on polishing user experience, Tails now asks for confirmation when starting without unlocking the Persistent Storage. Because we humans sometimes forget stuff. It's OK :) Tails 5.10 fixed a few problems introduced in Tails 5.8 in December, and some more: * Fixed another case of Persistent Storage not activating. (#19432 <https://gitlab.tails.boum.org/tails/tails/-/issues/19432>) * Avoid opening the Persistent Storage settings each time after login. (#19410 <https://gitlab.tails.boum.org/tails/tails/-/issues/19410>) * Solve a possible privilege escalation through a symlink attack. Metrics Tails has been started more than 652 918 times this month. This makes 23 318 boots a day on average.

1 0

minutes from the sysadmin meeting
by Antoine Beaupré 13 Mar '23

13 Mar '23

Hi! Here's your monthly dose of quality sysadmin updates. # Roll call: who's there and emergencies anarcat, gaba, kez, lavamind # Q1 prioritisation Discuss the priorities for the remaining month, consider Q2. Donate page, Ganeti "dal" cluster and the Discourse self-hosting are the priorities. Completing the bullseye upgrades and converting the installers to bookworm would be nice, alongside pushing some proposals ahead (email, gitolite, etc). # Dashboard review We reviewed the dashboards like in our usual per-user check-in: * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… General dashboards: * https://gitlab.torproject.org/tpo/tpa/team/-/boards/117 * https://gitlab.torproject.org/groups/tpo/web/-/boards * https://gitlab.torproject.org/groups/tpo/tpa/-/boards # Early vacation planning We went over people's planned holidays and things look okay, not too much overlap. Don't forget to ask for your holidays in advance as per the handbook. # Metrics of the month * hosts in Puppet: 97, LDAP: 98, Prometheus exporters: 167 * number of Apache servers monitored: 32, hits per second: 658 * number of self-hosted nameservers: 6, mail servers: 9 * pending upgrades: 0, reboots: 0 * average load: 0.58, memory available: 5.92 TiB/7.04 TiB, running processes: 783 * disk free/total: 34.43 TiB/92.96 TiB * bytes sent: 354.56 MB/s, received: 211.38 MB/s * planned bullseye upgrades completion date: 2022-12-29 (!) * [GitLab tickets][]: 177 tickets including... * open: 1 * icebox: 141 * backlog: 22 * next: 4 * doing: 7 * needs information: 2 * (closed: 3070) [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards Upgrade prediction graph lives at: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bullseye/ Obviously, the planned date is incorrect. We are lagging behind on the hard core of ~10 machines that are trickier to upgrade. -- Antoine Beaupré torproject.org system administration

1 0

Anti-censorship team meeting notes, 2023-03-09
by meskio 09 Mar '23

09 Mar '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-03-09-15.58.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, March 16 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 28 * must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 * possible-do tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == * No news yet about the inclusion of snowflake-02 in Orbot, after asking at S96 meeting. * the are asking meskio by email privately, but he didn't answer being in vacation, will do today * What is the procedure for creating a new repository under https://gitlab.torproject.org/tpo/anti-censorship ? Do I need to ask someone to create a repository or can I just do it? * dcf wants to move other repositories there: * https://gitlab.torproject.org/dcf/extor-static-cookie * https://gitweb.torproject.org/pluggable-transports/goptlib.git * It should be possible to just create new repos. * dcf will try it, and report back if there's trouble. * Resynchronization with Upsteamed Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) * Syncing with upstream will require dropping one version of golang from CI, are we okay with that? * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… "The only problem I'm having with this is that it no longer builds with go1.15 due to the x/crypto dependency update. Is it possible to keep the old version or perhaps rebase these changes off of the versions of pion/dtls and pion/webrtc that we currently have pinned rather than the master branches?" * go1.15 is the version in current Debian stable (bullseye), go1.19 is available in backports. go1.19 will be the version in the next stable (bookworm) coming in a few months. == Actions == * move the ampcache snowflake fallback forward == Interesting links == * == Reading group == This paper is about detecting Tor-in-obfs4 when you only have a traffic sample; e.g., you only get to look at every 100th packet that passes through a router that handles both obfs4 and non-obfs4 flows. Traffic sampling means you cannot use features like "look at the first n packets of a flow" or "compare the timing of two consecutive packets". Instead, you can only look at aggregate statistical features and have to be memory-efficient. The system collects 12 statistics (Table III in the appendix) and stores them in a data structure called a nest count Bloom filter (NCBF), which essentially is just a composition of 12 counting Bloom filters (https://en.wikipedia.org/wiki/Counting_Bloom_filter). The statistics are things like "number of non-empty upstream packets" (C₂) and "number of downstream packets with payload length between 62 and 465" (C₁₁). From these 12 statistics, they derive 14 features (mostly ratios of statistics) and feed them to a random forest classifier. For evaluation they use a 15-minute sample of backbone traffic provided by a third party, MAWI (https://mawi.wide.ad.jp/mawi/ditl/ditl2019-G/201904090000.html) and insert their own self-collected obfs4 traffic into it. They say the detection has few false negatives (finds almost all obfs4 bridges), but too many false positives to be usable directly for blocking decisions; they mention the need for "secondary testing" of suspected bridges. * We will discuss "Detecting Tor Bridge from Sampled Traffic in Backbone Networks" on March 9 * https://www.ndss-symposium.org/wp-content/uploads/madweb2021_23011_paper.pdf * https://www.youtube.com/watch?v=kL7YCRer3To&list=PLfUWWM-POgQvGOVAk1HjP3uFK… * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-03-02 Last week: - Lox tor browser integration work in progress - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/116 - Finished getting the wasm client integrated as a Tor Browser module This week: - continue Lox tor browser integration - find a better way to generate and call wasm client in tor-browser-build - make team repos for Lox pieces - expand client-side support for more Lox features - continue work on conjure client-side recovery Needs help with: dcf: 2023-03-09 Last week: - drafted snowflake-01 bridge update for February 2023 https://opencollective.com/censorship-circumvention/projects/snowflake-dail… - attended 2023-03-04 relay operators meetup and answered questions about snowflake https://lists.torproject.org/pipermail/tor-relays/2023-March/021080.html - documented further sporadic blocking of cdn.sstatic.net in some networks in Iran https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/115#note_28… - made a graph of users in Russia since Tor Browser 12.0.3 and the Hello Verify mitigation; curiously it increased users in snowflake-02 but not snowflake-01 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - noticed that conntrack changes did not persist after a reboot on the snowflake bridges, and started an experiment to measure the effect https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… (for real) Help with: meskio: 2023-03-09 Last week: - catch up (or fail to) after vacation - deploy and break bridgedb (bridgedb#40064) - test bridges without ORPort public (rdsys#154) - review nil pointer fix in webtunnel (webtunnel!5) - coordinate the update of pion libraries and snowflake in debian, including the HelloVerify patch Next week: - rdsys fixes to use onbasca (rdsys#153) Shelikhoo: 2023-03-09 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - WebTunnel @ TorBrowser mobile(https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/m… - Upstreaming Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Fix return nil error on unrecognized request http upgrade failure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) - Research on dynamic bridge DOL in china(https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measur… - meta: fill the "donate" link on addons.mozilla.org (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - consider propagating 2FA everywhere, maybe at the April Tor Meeting (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138) - Review Proxy: add an option to bind to a specific address (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Resynchronization with Upsteamed Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Next Week: - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - Fix return nil error on unrecognized request http upgrade failure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) - Resynchronization with Upsteamed Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) onyinyang: 2023-03-09 Last week: - Working on distributor backend for Lox server (integration with rdsys) - enabling Lox server to communicate with rdsys through rdsys-backend-api This week: - Continuing work on Lox server integration with rdsys - Reconfigure Lox Bridgeline to fit with Tor's bridge info - Figure out the proper multithreading in Rust to add bridges to Lox's bridgedb - (later) Consider a reasonable approach for bridge groupings for Lox buckets Itchy Onion: 2023-03-08 Last week: - Finished most of issue #40252 (Standalone proxy outbound address) (!136) - Worked on issue #40252 (NAT probetest for standalone proxy) - Started looking at #40231 (Client sometimes send offer with no ICE candidates) This week: - Add warning message if the user provided IP address is not used by proxy to establish WebRTC connection (issue #40252 !136). In my testing, sometimes the IP obtained from Pion's selectedCandidatePair is not accurate. I chatted with Pion dev and think there might a bug in Pion. But from my testing it only happens on the first peerconnecion so not a huge problem for us. - Closed issue #40252 (NAT probetest for standalone proxy) - Working on #40231 (Client sometimes send offer with no ICE candidates). My current understanding is that this shouldn't happen. There was a similar issue but is fixed and merged: https://github.com/pion/webrtc/issues/1143. Doing more research on it. hackerncoder: 2023-03-09 last week: Next week: - getting ooni-exporter to work with torsf (snowflake) - ooni-exporter web_connectivity - work on "bridgetester"? - how does iran block bridges cece: 2022-12-22 This week: - working on creating a dummy WhatsApp bot Next week: - My bot is not yet working as expected s? still trying to figure that out Help with: - resources -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

Joydeep's Monthly Status Report for February 2023
by Joydeep Sen Gupta 06 Mar '23

06 Mar '23

Hello everyone! Here are my updates from February. In total, I resolved 626 tickets across our email, telegram, whatsapp and signal user support channels. I am happy and excited to share that we launched[1] our user support channel on WhatsApp last month! I helped with the planning, pre-release testing and updating[2] some of our support documentation in relation to this. Continuing my work with users in places where Tor is censored, I was able to gather some valuable feedback from users. Owing to some of this feedback, I along with Nina (@nina13), added information about bridge-moji[3] as a means to verify whether the intended bridge lines have been entered by the user successfully. Also made a very small documentation update to our manual[4] with the latest Tor Browser 12.0.3 release. Now, a look at our user support channels: Timeline: 01 - 28 February 2023 # Frontdesk tickets created: 684 tickets resolved: 625 Most frequent tickets by numbers: 1. 289 RT Tickets - Private Bridge requests from China 2. 49 RT Tickets - How to use a Tor Bridge in Russia 3. 18 RT Tickets - Circumventing censorship with Tor in Iran # Telegram, WhatsApp and Signal Support channel (cdr.link) tickets resolved: 588 The most frequent tickets we received have been about: 1. 142 tickets: Circumventing censorship in Russia 2. 90 tickets: Circumventing censorship in Turkmenistan 3. 84 tickets: Circumventing censorship in Iran 4. 31 tickets - Circumventing censorship in China # Tor Forum Most popular topics in the Support category (in terms of number of views): 1. "Guard is failing a very large amount of circuits"[5] 2. "SSH over Tor including unto Onion Service"[6] 3. "Tor Browser Android >> Cannot install Add-ons if language any other than English"[7] 4. "Why is the telegram account publishing bridges in the open!?"[8] 5. "Relay or Bridge? What are the Network needs for the moment"[9] Thanks, -- Joydeep [1]: https://blog.torproject.org/meeting-you-where-you-are-we-added-whatsapp-use… [2]: https://gitlab.torproject.org/tpo/web/support/-/issues/321 [3]: https://gitlab.torproject.org/tpo/community/support/-/issues/40107 [4]: https://gitlab.torproject.org/tpo/web/manual/-/issues/139 [5]: https://forum.torproject.net/t/guard-is-failing-a-very-large-amount-of-circ… [6]: https://forum.torproject.net/t/ssh-over-tor-including-unto-onion-service/67… [7]: https://forum.torproject.net/t/tor-browser-android-cannot-install-add-ons-i… [8]: https://forum.torproject.net/t/why-is-the-telegram-account-publishing-bridg… [9]: https://forum.torproject.net/t/relay-or-bridge-what-are-the-network-needs-f…

1 0

cohosh's monthly status report, February 2023
by Cecylia Bocovich 05 Mar '23

05 Mar '23

This is my status report for contract work done in February 2023. # Conjure Development * Began debugging reliability issues with Conjure and planning a fix https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… * Worked with conjure devs on wireguard setup and added documentation https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… # Reputation-based Bridge Distribution * Made a very minimal integration of the Lox client with Tor Browser https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/116 * Fixed a bug in BridgeDB's rdsys backend code that caused crashes due to incompletely removed resources https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/119 P.S. more details and a very minimal (it just fetches an open invite) integration of Lox is available to try out. Details: https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/116 Cecylia

1 0

Nina’s Monthly status report for February’23
by Nina 03 Mar '23

03 Mar '23

Hi! This is my report for February 2023. In that month, I resolved 554 tickets: On Telegram (@TorProjectSupportBot) - 352 On RT (frontdesk@tpo) - 172 On WhatsApp (+447421000612) and on Signal (+17787431312) it was 20 tickets in common. The majority of the user requests I dealt with were about bypassing internet censorship in different countries and troubleshooting around it - like using Tor Browser with bridges and VPN simultaneously or finding working bridges. During February I edited our templates for cdr.link and RT (frontdesk@tpo) to make them more detailed and meet the users' needs and to add information about bridge-moji. At the very end of the month after some preparation and testing, we added WhatsApp (+447421000612) to our support channels to reach as maximum users as possible with the communication tools they are comfortable with [1]. I also took part in a small-scale educational project as a translator and content creator. >From time to time with the help of our users I spotted some miscellaneous problems with our services like bridges.torproject.org and our Telegram bot @getbridgesbot. [1] https://blog.torproject.org/meeting-you-where-you-are-we-added-whatsapp-use…

1 0

Rhatto's Monthly Status Report, February 2023
by rhatto 03 Mar '23

03 Mar '23

Hi all :) This is my monthly status report for February 2023 with the main activities I have done during the period. ## 0. Research * Joined Network Team's Onion Service Working Group, which is aimed at improving the current technology. I'm joining as someone who's more at the operational side of things and that's interested in a range of usability topics, from enhanced deployment/monitoring tools to certificates and service discovery. ## 1. Development * Internal security policy work for the Onion Support Group and the Community Team. Such work might in the future be another step towards the broader security policies work at Tor, which is detailed at https://gitlab.torproject.org/tpo/team/-/issues/41 ## 2. Support * Ongoing Sponsor 123 deployments, monitoring and maintenance. * Custom support for Onion Service deployment. This is being an interesting experiment about setting up an Onion Service for an organization without dedicated IT staff, requiring a setup with minimum maintenance effort. ## 3. Organization * Detailed planning on my workload allocation and activity scenarios, split between research, development and support. This is helping me to figure out how my time can be split between different teams, initiatives, sponsors etc and also reduce the number of daily/weekly/monthly context changes. -- Silvio Rhatto pronouns he/him

1 0

Anti-censorship team meeting notes, 2023-03-02
by Shelikhoo 02 Mar '23

02 Mar '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-03-02-15.58.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, March 9 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 28 * must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 * possible-do tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == * Should we improve anti-censorship measures against Tor without bridges? Should we fix the fingerprints and randomize them? (ValdikSS) * Currently, proposals to make any change in C-tor are being closed in favor of Arti, which is not available in any relays yet. * Is Arti going to be implemented the same as C-tor with respect to anti-censorship of its Tor-protocol connections, or will it try better to resist blocking in its native state? * Team has not yet reviewed Anti's anti-censorship design and stance. * Old history (circa May 2012, tor 0.2.3.15) of plain tor's attempts to enhance blocking resistance (by imitating Firefox ciphersuites, etc.), before pluggable transports: https://gitlab.torproject.org/tpo/team/-/wikis/projects/Tor/TLSHistory * In Turkmenistan, huge ranges of foreign addresses are blocked, perhaps 40% of the space. Tor relays are a good resource for testing and reachability because they are all listed; unlike obfs4 for example which are only attainable in small quantities are are usually 100% blocked anyway. * But will it remain that way if the reachable Tor relays start being used on a large scale? * In Iran, there is an SNI regexp filter for the Tor client's default fake SNI of www.[a-z].com; changing .com to .net evades the filter. * valdikss will make an issue to collect all this information. == Actions == * meskio will write a survival guide on onbasca * move the ampcache snowflake fallback forward == Interesting links == * https://www.fortinet.com/blog/threat-research/dissecting-tor-bridges-plugga… * In which the intrepid FortiNet analyst busts out OllyDbg rather than read the source code. * Workaround for server-side Tor block: https://web.archive.org/web/20221205135630/https://www.fortinet.com/blog/th… * Part 2: https://www.fortinet.com/blog/threat-research/dissecting-tor-bridges-plugga… * https://www.youtube.com/watch?v=kL7YCRer3To&list=PLfUWWM-POgQvGOVAk1HjP3uFK… * Video for reading group paper. * https://www.youtube.com/watch?v=dbOf8U2GDZ8 Q&A video, 0:00–3:36 and 10:14–11:11 are about this paper. == Reading group == * We will discuss "Detecting Tor Bridge from Sampled Traffic in Backbone Networks" on March 9 * https://www.ndss-symposium.org/wp-content/uploads/madweb2021_23011_paper.pdf * https://www.youtube.com/watch?v=kL7YCRer3To&list=PLfUWWM-POgQvGOVAk1HjP3uFK… * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-03-02 Last week: - Lox tor browser integration work in progress - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/116 - Finished getting the wasm client integrated as a Tor Browser module This week: - continue Lox tor browser integration - find a better way to generate and call wasm client in tor-browser-build - make team repos for Lox pieces - expand client-side support for more Lox features - continue work on conjure client-side recovery Needs help with: dcf: 2023-03-02 Last week: - restarted snowflake bridges for haproxy CVE-2023-0056, CVE-2023-25725 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - increased tor instances from 4 to 12 on snowflake-02 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… (for real) Help with: meskio: 2023-02-23 Last week: - integrate onbasca into rdsys to test bridge speed (rdsys#150) - deploy onbasca in polyanthum - patch onbasca API to be easier to parse (onbasca!60) - investigate bridgestrap issue, is reporting 30% of functional bridges Next week: - Vacation!!! Shelikhoo: 2023-03-02 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - WebTunnel @ TorBrowser mobile(https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/i…, https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re…, https://gitlab.torproject.org/tpo/applications/tor-android-service/-/merge_…) - Upstreaming Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Next Week: - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - WebTunnel @ TorBrowser mobile(https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/m… onyinyang: 2023-03-02 Last week: - Finished up Lox wasm bindings for Tor integration: - issue invitation - check blockage - blockage migration This week: - Working on distributor backend for Lox server (integration with rdsys) Itchy Onion: 2023-03-02 Last week: - Holiday - Contine working on issue #40252 (NAT probetest for standalone proxy) This week: - Finished most issue #40252 (!136) - Started looking at #40231 (Client sometimes send offer with no ICE candidates) hackerncoder: 2023-03-02 last week: - work on monitoring bridges health Next week: - getting ooni-exporter to work with torsf (snowflake) - work on "bridgetester"? cece: 2022-12-22 This week: - working on creating a dummy WhatsApp bot Next week: - My bot is not yet working as expected s? still trying to figure that out Help with: - resources

1 0

onyinyang's monthly status report, January 2023
by onyinyang 01 Mar '23

01 Mar '23

Hello everyone, This is my status report for the contract work done in January 2023. Apologies for the delay! # Lox Implementation * Updated Lox library to implement serialization/de-serialization as required for wasm bindings https://gitlab.torproject.org/onyinyang/lox <https://gitlab.torproject.org/onyinyang/lox>note: these changes could likely be merged into the main library (https://git-crysp.uwaterloo.ca/iang/lox) once this effort is complete. * Implemented wasm bindings for the first (open-invitation) Lox protocol in the Lox client https://gitlab.torproject.org/onyinyang/lox-wasm <https://gitlab.torproject.org/onyinyang/lox-wasm> * Implemented test server in rust to handle the requests made by the client https://gitlab.torproject.org/onyinyang/lox-server So far it's been interesting and exciting to help out with this effort :) onyinyang

1 1

PieroV's Monthly Status Report, February 2023
by Pier Angelo Vendrame 01 Mar '23

01 Mar '23

Hi everyone! Here is my status report for February 2023. At the beginning of the month, I continued improving the profile directory patch of Tor Browser [0]. Then, for the rest of the month, I kept polishing tiny details in the browser and in our build system. I am very satisfied with some changes, such as the one to display the commit hash Tor Browser has been built from in about:buildconfig [1]. I also sent a patch to Mozilla to generalize the browser name on that page [2]. I also sent a patch to prevent the network ID computed by Firefox from being persistent [3]. Another couple of tasks I worked on were fixes and improvements on the system font normalization patch [4], and I tried to fix the reproducibility problems with RLBox [5]. Best, Pier [0] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [1] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1814416 [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1817756 [4] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41646 [5] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project