- tor-project - lists.torproject.org

minutes from the sysadmins
by Antoine Beaupré 07 Oct '25

07 Oct '25

# Roll call: who's there and emergencies all folks on the team present # Normal check-in Went through the normal per person check-in. # Roadmap review (Q4) postponed to next week # Other discussions ## incident response proposal feedback: - good to have procedure, nice that we can keep it simple and the complexity is optional - do we want to document *when* we need to start the procedure? some incidents are not documented right now... yes. - unclear exactly what happens, when roles get delegated... current phrasing implies the original worker is the only one who can delegate - people can bump in and join the team, e.g. "seems like you need someone on comms, i'll start doing that, ok?" - add examples of past or theoretical incidents to the proposal to clarify the process - residual command position, once all roles have been delegated, should default to team lead? it's typically the team lead's role to step in those situation, and rotate into that role - no pager escalation - define severity - discomfort at introducing military naming, we can call it incident lead anarcat will work on improvements to the proposal following the discussion. # Next meeting Next week, we'll try to work again on the roadmap review. # Metrics of the month * host count: 99 * number of Apache servers monitored: 33, hits per second: 659 * number of self-hosted nameservers: 6, mail servers: 99 * pending upgrades: 0, reboots: 0 * average load: 3.40, memory available: 4.1 TB/7.2 TB, running processes: 276 * disk free/total: 106.2 TB/231.7 TB * bytes sent: 564.3 MB/s, received: 382.2 MB/s * [GitLab tickets][]: 248 tickets including... * open: 1 * ~Roadmap::Icebox: 126 * ~Roadmap::Future: 43 * ~Needs Information: 3 * ~Roadmap::Backlog: 38 * ~Roadmap::Next: 16 * ~Roadmap::Doing: 15 * ~Needs Review: 6 * (closed: 4227) * [~Technical Debt][]: 11 opened, 35 closed [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards [~Technical Debt]: https://gitlab.torproject.org/groups/tpo/tpa/-/issues/?state=opened&label_n… -- Antoine Beaupré torproject.org system administration

1 0

Soft release - Help us test the new Tor User Support portal!
by gus 06 Oct '25

06 Oct '25

Hello everyone, This week we're soft releasing the new Tor User Support portal! Please help us test it and report any issues you find. ## Background Over the past month, we've been migrating the content from Tor Browser User Manual and the (old) Support portal into a new single, unified resource, the new Support portal. Our goal is simple: to give Tor users one place where they can find support information about our products. After this migration, tb-manual.torproject.org will redirect to support.torproject.org. ## How to help 1. Visit and browse the new staging website on your favorite platforms: https://tor-www@support.staging.torproject.net 2. Found an issue or have feedback? - First, check if it's already reported, - If not, open a new issue here: https://gitlab.torproject.org/tpo/web/marble/support/-/issues 3. Or if you prefer to chat, join us on Matrix: #tor-www:matrix.org / #tor-www on irc.oftc.net. ## Localization Because we moved and adapted the website content, we'll need new translations. Please use Weblate to translate the new support website into your language! https://hosted.weblate.org/projects/tor/new-support-portal/ ## Next steps After this soft release, we're planning to officially announce the new Support portal next week on our blog, so your feedback now will help us make it ready for everyone. Thank you for your help! cheers, Gus -- The Tor Project Community Team Lead

1 0

Anti-censorship team meeting notes, 2025-10-02
by Shelikhoo 02 Oct '25

02 Oct '25

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-10-02-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, October 9 16:00 UTC Facilitator:meskio ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == * Reported blocking of www.cdn77.com by SNI, blocking of STUN servers in Russia, 2025-09-21 * https://github.com/net4people/bbs/issues/422#issuecomment-3316062302 * "I've noticed that stun protocol was blocked from mid-summer till today (it worked in June last time when I've used public stun to punch through NAT). Seems that only stun to public stun servers like stun.l.google.com, stun.bethesda.net were affected. Stun between webtunnel client and other webtunnel peer is not affected as can be seen in attached captures below. The only stun server that was accessible all that time was stun.rtc.yandex.net (of all the gists and lists of public stun servers I could find)." * "Had to change front though ... where <...> is another website using cdn77 I know. www.cdn77.com is blocked by SNI (session freezes after client hello), and www.phpmyadmin.net, though it doesn't cause hetzner to be blocked anymore, might cause stricter filtering or other side-effects." * We've been testing netlify in the alpha channel of Tor Browser, maybe it is time to use it in stable. * cdn77 domain fronts are already known to be blocked in China * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/168 * meskio has a list of cdn77 domain names. * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/168#note_32… * Could prioritize adding multiple builting snowflake bridge options * https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43842 * onyinyang will make a forum post with workarounds == Actions == * Remove webtunnel setuid script in 2 weeks.(decrease this by one every week) == Interesting links == * https://github.com/net4people/bbs/issues/422#issuecomment-3316062302 (2025-09-21) * (Russia) "I've noticed that stun protocol was blocked from mid-summer till today (it worked in June last time when I've used public stun to punch through NAT). Seems that only stun to public stun servers like stun.l.google.com, stun.bethesda.net were affected. Stun between webtunnel client and other webtunnel peer is not affected as can be seen in attached captures below. The only stun server that was accessible all that time was stun.rtc.yandex.net (of all the gists and lists of public stun servers I could find)." * "<...> is another website using cdn77 I know. www.cdn77.com is blocked by SNI (session freezes after client hello), and www.phpmyadmin.net, though it doesn't cause hetzner to be blocked anymore, might cause stricter filtering or other side-effects." * Mention of snowflake SNIs in the galaxy/platform/galaxy-qgw-service repo of MESA Git. The filenames include "E21" which is Ethiopia. * https://geedge-git.haruue.com/mesalab_git/galaxy/platform/galaxy-qgw-servic… E21-SNI-Top120W-20221020.txt snowflake-broker.freehaven.net 903971 110 snowflake-broker.torproject.net 8667377 55 snowflake-broker.bamsoftware.com 1611029 49 snowflake.torproject.net 105990565 16 snowflake.freehaven.net 24545 6 E21-SNI-Top200w.txt snowflake-broker.bamsoftware.com 14468 snowflake-broker.torproject.net 50 snowflake.bamsoftware.com 8 * https://geedge-git.haruue.com/mesalab_git/galaxy/platform/galaxy-qgw-servic… * "Galaxy SQL, the unified query gateway, is built with Spring Boot 2.0 technology. It provides interactive SQL analysis and routine scheduling windows, supports streaming and batch jobs, and makes it easier to write and submit ETL programs and efficiently execute big data computations, aiming to make big data processing easier." * Mention of torproject.net domain names in tango/maat/test/tsgrule/TSG_OBJ_FQDN.E21. TSG is Tiangou Secure Gateway, E21 is Ethiopia, Maat is a rules matching engine. * https://geedge-git.haruue.com/mesalab_git/tango/maat.git/tree/test/tsgrule?… 592177551 151465 .snowflake-broker.torproject.net 0 1 0 1 1683275236000000 0 key=592177551 592561443 151465 .snowflake.torproject.net 0 1 0 1 1683275236000000 0 key=592561443 592691531 151465 .forum.torproject.net 0 1 0 1 1683275236000000 0 key=592691531 594169529 151469 snowflake-broker.torproject.net 0 3 0 1 1683276253000000 0 key=594169529 594553421 151469 snowflake.torproject.net 0 3 0 1 1683276253000000 0 key=594553421 594683509 151469 forum.torproject.net 0 3 0 1 1683276253000000 0 key=594683509 * You can decode the microsecond timestamps like so: $ date -u --iso=sec --date=@1683275236 2023-05-05T08:27:16+00:00 * https://filter.watch/english/2025/10/02/irans-stealth-blackout-a-multi-stak… * https://filter.watch/wp-content/uploads/sites/2/2025/10/Click-here-to-read-… * Discussion of Tor starting on PDF page 23 == Reading group == * We will discuss "The Internet Coup" on October 23rd * https://interseclab.org/wp-content/uploads/2025/09/The-Internet-Coup_Septem… * Particularly relevant sections: "Blocking online privacy and circumvention tools" section of InterSecLab report on Geedge Networks, mentions Tor, Snowflake, WebTunnel * Notes: https://github.com/net4people/bbs/issues/519#issuecomment-3282101626 * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-10-02 Last week: - wrote up a roadmap for researching snowflake enumeration attacks (snowflake#40396) - helped debug email bridge distributor (rdsys#129) - reviewed update to telegram bridge distributor (rdsys!589) - removed some legacy code from snowflake-webext and fixed minor bugs (snowflake-webext#121) Next week: - research snowflake enumeration attacks (snowflake#40396) - follow up on snowflake rendezvous failures (snowflake#40447) - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-10-02 Last week: Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2024-10-02 Last week: - be AFK - catch up Next week: Shelikhoo: 2024-10-02 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Published Snowflake UDP mode test post: https://forum.torproject.org/t/invitation-to-test-snowflake-unreliable-tran… - vantage point maintaince Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - deploy new vantage point version with fixed performance onyinyang: 2025-10-02 Last week(s): - Deployed updated telegram distributor distributing a proportion of webtunnel bridges to telegram users with new accounts https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/283 - Managed some hiccups in the updated deployment - Wrote profiling patch for rdsys: kraken and email - Looked into conjure issue from China: fronts we are using appear to be blocked Next week: - Troubleshoot conjure not connecting in China - Finish up debugging rdsys#129 and rdsys#249 hopefully - Continue looking into bridgestrap#47 - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Switch back to some of these: As time allows: Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: meskio onyinyang shelikhoo 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue

1 0

Anti-censorship team meeting notes, 2025-09-25
by onyinyang 25 Sep '25

25 Sep '25

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-09-25-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, October 2 16:00 UTC Facilitator: meskio ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == * Dual-stack bridges * Serge has been change not to test reachability, so its opinion on "Running" is useful again. * Now need to work on Onionoo and metrics. * But: the data that bridgestrap sends to CollecTor is incorrect for bridges that run multiple transports. * "collector output doesn't handle multiple transports correctly" https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/48 * (A bridge can be "Running" with respect to one transport but not "Running" with respect to another transport.) * Related: obfs4 (say) bridges that run on multiple IPv4 addresses. * This is not generally technically possible at the moment, because both torrc syntax and the PT protocol have limitations that assume there is at most one instance of any transport name. * "Multiple ServerTransportListenAddr entries should be allowed per transport" https://gitlab.torproject.org/tpo/core/tor/-/issues/11211 * But it is possible with dual-stack (IPv4 and IPv6) bridges: they effectively have 2 IP addresses (one IPv4, one IPv6) that they listen on, with the same relay fingerprint and obfs4 cert. * A desired feature is the ability to run multiple instances of obfs4, with a *different* obfs4 cert per listening IP address. For this, just being able to pass multiple bindaddrs would suffice. * Another desired feature: run a single bridge with many listening IP addresses, an IPv4 /24 or IPv6 /56 for example. * Where to send a written-up change proposal? * There is a repo for spec proposals, https://gitlab.torproject.org/tpo/core/torspec/, but for this it's probably better to write it up in https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/48. * "for the format changes, i would suggest specing out what those would look like more precisely and the changes they'd require in onionoo and metrics so that meskio and someone from the metrics team can review it and discuss" == Actions == * Remove webtunnel setuid script in 3 weeks.(decrease this by one every week) == Interesting links == * == Reading group == * We will discuss "The Internet Coup" on October 23rd * https://interseclab.org/wp-content/uploads/2025/09/The-Internet-Coup_Septem… * Particularly relevant sections: "Blocking online privacy and circumvention tools" section of InterSecLab report on Geedge Networks, mentions Tor, Snowflake, WebTunnel * Notes: https://github.com/net4people/bbs/issues/519#issuecomment-3282101626 * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-09-25 Last week: - released new version of snowflake webext with translation fix - cleaned up some remaining snowflake website decoupling tasks (snowflake-webext#121) - bug fix for available translations - wrote shadow experiment generation scripts - started researching proxy distribution changes and enumeration attacks on snowflake Next week: - release a new webext version to fix available translation bug - follow up on snowflake rendezvous failures - deploy new snowflake webextension with translation fixes - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-09-25 Last week: - merged a metrics timeline event https://gitlab.torproject.org/tpo/network-health/metrics/timeline/-/merge_r… - updated links gitweb→gitlab in metrics-timeline https://gitlab.torproject.org/tpo/network-health/metrics/timeline/-/issues/… - closed a metrics-timeline issue about automatically importing events from outside sources as not planned https://gitlab.torproject.org/tpo/network-health/metrics/timeline/-/issues/7 Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2024-09-11 Last week: - brainstorm on dual stack bridges (tor!786) - catch up with emails and fail Next week: Shelikhoo: 2024-09-18 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Compiled patched tor browser for snowflake udp transport mode - parpared test instruction for snowflake udp transport mode ( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - repair russian vantage point issues onyinyang: 2025-09-25 Last week(s): - Refactored solution for distributing a proportion of webtunnel bridges to telegram users with new accounts https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/283 - #249 bug is back: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/593 - Looked into conjure issue from China Next week: - Continue looking into bridgestrap#47 - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Switch back to some of these: As time allows: Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: meskio onyinyang shelikhoo 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

Anti-censorship team meeting notes, 2025-09-18
by Shelikhoo 18 Sep '25

18 Sep '25

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-09-18-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, Sep 25 16:00 UTC Facilitator: meskio ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == (Sep 18 New) * Disable duplicatedContainerImages mirroring: make sure you are not using it anymore == Actions == * Remove webtunnel setuid script in 4 weeks.(decrease this by one every week) == Interesting links == * https://github.com/net4people/bbs/issues/519#issuecomment-3289654410 * wangmeiqi/obfs4_verify, simple obfs4 active prober from Geedge/MESA * https://github.com/net4people/bbs/issues/519#issuecomment-3290129409 * wangmeiqi/obfs4_meek_snowflake, deep fingerprinting for meek, obfs4, Snowflake from Geedge/MESA == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? * Next: * https://interseclab.org/wp-content/uploads/2025/09/The-Internet-Coup_Septem… * "Blocking online privacy and circumvention tools" section of InterSecLab report on Geedge Networks, mentions Tor, Snowflake, WebTunnel == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-09-11 Last week: - fixed snowflake extension translation bug (snowflake-webext#120) - updated wiki page for integrating new PTs into Tor Browser - https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Tor-Browser-… -Transports - implemented and deployed new prometheus metrics to track proxy answers by implementation - met with Rob to discuss proteus integration steps - updated analysis of snowflake proxy timeouts (snowflake#40447) Next week: - follow up on snowflake rendezvous failures - deploy new snowflake webextension with translation fixes - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-09-18 Last week: Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2024-09-11 Last week: - brainstorm on dual stack bridges (tor!786) - catch up with emails and fail Next week: Shelikhoo: 2024-09-18 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Choosing domain fronting targets for domain fronting tests - (Many merge reviews) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - monitor russian vantage point issues onyinyang: 2025-09-18 Last week(s): - Implemented a solution for distributing a proportion of webtunnel bridges to telegram users with new accounts https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/283 Next week: - Continue looking into bridgestrap#47 - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Switch back to some of these: As time allows: Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: meskio onyinyang shelikhoo 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue

1 0

User Support Report for August 2025
by ebanam 15 Sep '25

15 Sep '25

Hello everyone, This is the report from user support team for the month of August. Note: (↑), (↓) and (-) are indicating if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively. - Summary of updates from user support - Farsi-speaking user support - Russian-speaking user support - General user support - Frontdesk (email user support channel) - Telegram, WhatsApp and Signal user support channels - Topics from the Tor Forum - Highlights from Google Play Store # Summary of updates from user support * With our Telegram Bridge Distributor (@GetBridgesBot) now sharing WebTunnel bridges[1] and bridges with WebTunnel pluggable transport working most reliably in censored regions like Russia and China, newer Telegram accounts[2] are unable to request these bridges directly from the bot. Users with new accounts are therefore encouraged to contact us on our support channels. As a result, last month alone we responded to 224 users with this issue. We have opened a ticket for the anti-censorship team[3] reporting this urgent issue. * We also provided feedback[4] and worked with anti-censorship team to improve the workflow for users interacting with the Telegram Bridge distributor, including some adjustments[5] to the user interface. ## Farsi-speaking user support * 91 tickets in total (↑8 as compared to July) * 89 tickets on Telegram * 2 tickets on Email ## Russian-speaking user support * 2279 tickets in total (↑24 as compared to July) * 2082 tickets on Telegram * 191 tickets on Email * 3 tickets on WhatsApp * 3 tickets on Signal * August marked a record high in user support requests coming from Russian-speaking users. Among Russian users, the main problem is that obfs4 is blocked on certain mobile networks. The recommended workaround - using WebTunnel bridges - has also been impacted, as since June these have been blocked through SNI filtering, and other bridges have likewise been affected by DPI rules targeting OVH, Hetzner, and Linode/DigitalOcean infrastructure. The difficulty of finding an unblocked bridge to access Tor has become a major pain point for Russian users and is significantly increasing the load on our support channels. ## General user support * 1086 tickets in total (↑365 as compared to July) * 461 tickets on Email * 606 tickets on Telegram * 8 tickets on WhatsApp * 11 tickets on Signal * Massive uptick in user support requests from users trying to connect to Tor from Chinese-speaking users on our Telegram user support channel. This can be attributed to the fact that with WebTunnel working most reliably in China, users with newer Telegram accounts are unable to get WebTunnel bridges and reaching out on the support channels. That's it for the summary, following is a more detailed report about the tickets our user support team worked on last month. # Frontdesk (email user support channel) * 728(↓) RT tickets created * 654(↑) RT tickets resolved Tickets by topics and numbers: 1. 377(↓) tickets: instructions to circumvent censorship for Chinese speaking users. 2. 191(↓) tickets: circumventing censorship in Russian speaking countries. 3. 47(↓) tickets: help with troubleshooting existing Tor Browser install on Desktop (Windows, macOS and Linux). 4. 5(-) tickets: help with troubleshooting existing Tor Browser install on Android. 5. 4(↑) tickets: questions about which Tor app to install on iOS (i.e. Onion Browser or Orbot) 6. 2(↓) tickets: circumventing censorship with Tor in Farsi. 7. 2(↑) tickets: question about onion services and how to access them. 8. 2(↑) tickets: help with instructions to download and install Tor Browser. 9. 2(↑) tickets: instructions on how to get Tor Browser binaries from GetTor. 10. 1(↓) ticket: help with installing Tor Browser on Desktop on Linux. 11. 1(↓) ticket: reports of fake apps on iOS AppStore masquerading as official Tor Browser. 12. 1(↑) ticket: question about what are "Bridges" in Tor Browser and what purpose they serve. # Telegram, WhatsApp and Signal user support channels * 2796(↑) tickets resolved Breakdown: * 2771(↑) tickets on Telegram * 11(-) tickets on WhatsApp * 14(↑) tickets on Signal Tickets by topics and numbers: 1. 2082(↑) tickets: circumventing censorship in Russian speaking countries. 2. 224(↑) tickets: WebTunnel bridge requests from users with newer Telegram accounts and unable to receive one from the @GetBridgesBot on Telegram. 3. 221(↑) tickets: instructions to circumvent censorship for Chinese speaking users. 4. 89(↑) tickets: circumventing censorship with Tor in Farsi. 5. 27(↑) tickets: helping users on iOS, using Onion Browser or Orbot, to use censorship circumvention methods. 6. 18(↑) tickets: help with troubleshooting Tor Browser Android. 7. 17(-) tickets: help with troubleshooting Tor Browser Desktop on Windows, macOS and Linux. 8. 17(↑) tickets: instructions on how to get Tor Browser binaries from GetTor. 9. 8(↑) tickets: help with using Snowflake with Tor to circumvent censorship. 10. 7(↑) tickets: help with instructions to use bridges with Tails. 11. 6(↑) tickets: help with instructions to use bridges with Orbot on Android. 12. 4(↑) tickets: users seeing a "proxy refused" error when visiting websites on Tor Browser for Android using Samsung devices. 13. 4(↑) tickets: instructions to verify Tor Browser's GPG signature. 14. 2(↓) tickets: questions about onion services and how to access them. 15. 1(↓) ticket: instructions to download Tor Browser 13.5 legacy for legacy operating systems. # Topics from the Tor Forum * Web Authentication (WebAuthn) and Universal 2nd Factor (U2F) (i.e. YubiKey) support is disabled in Tor Browser.[6] Couple of discussions about installing/running Tor Browser on Linux which we sometimes get asked about on our other user support channels as well: * Folder access permissions after installing Tor Browser on Linux.[7] * Executable permission error when installing Tor Browser on Linux.[8] # Highlights from Google Play Store * Tor Browser for Android (TBA) had a Google Play rating of 4.392 (↑0.009) stars in August, which is higher as compared to in July. * Tor Browser for Android (TBA) got 770 (↓6) new reviews. The total count of reviews for the app stands at 64,625. * Tor Browser for Android Alpha (TBA Alpha) app had a rating of 4.18 (↑0.002) which is higher as compared to in July. * In August, Tor Browser for Android (TBA Alpha) got 30 (↓2) new reviews. The total count of reviews for the app stands at 8,649. The major complaints we are receiving in the comments are about Tor Browser for Android being slow to browse. We are actively investigating[9] this issue for instances where it's clear that it's not a censorship-circumvention related issue and when the user has already tried some basic steps like refreshing the Tor circuit. We are also receiving a lot of comments from Russian-speaking users experiencing issues connecting to Tor. We are sharing instructions that will work for them and directing them to our user support channels. Thanks! -- ebanam [1]: https://forum.torproject.org/t/the-telegram-bot-getbridgesbot-now-supports-… [2]: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/271 [3]: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/283 [4]: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/279 [5]: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/276 [6]: https://forum.torproject.org/t/i-cant-use-google-passkey/20523 [7]: https://forum.torproject.org/t/i-cant-access-files-in-my-home-directory-fro… [8]: https://forum.torproject.org/t/tor-browser-linux-tar-xz-for-tor-browser-doe… [9]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43841

1 0

Anti-censorship team meeting notes, 2025-09-11
by onyinyang 11 Sep '25

11 Sep '25

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-09-11-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, Sep 18 16:00 UTC Facilitator:shelikhoo ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator:onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == (Sep 11 New) * Rechecked webtunnel bridge extra info intensity(before=3011): * $ tar -O -xf bridge-extra-infos-2025-09.tar.xz | grep -B3 '^transport webtunnel' | grep '^published '|grep 2025-09-10|wc -l * 3041 * $ tar -O -xf bridge-extra-infos-2025-09.tar.xz | grep -B3 '^transport webtunnel' | grep '^published '|grep 2025-09-09|wc -l * 3023 * $ tar -O -xf bridge-extra-infos-2025-09.tar.xz | grep -B3 '^transport webtunnel' | grep '^published '|grep 2025-09-08|wc -l * 3014 * tor#7349 and proposed changes for bridges * https://gitlab.torproject.org/tpo/core/tor/-/issues/7349 * https://gitlab.torproject.org/tpo/network-health/team/-/issues/318#note_325… * tldr: should onionoo only get the Running flag for bridges from bridgestrap and ignore Serge's reachability check? * recommend not exposing ORPort: https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/129 == Actions == * Remove webtunnel setuid script in 5 weeks.(decrease this by one every week) == Interesting links == * https://opencollective.com/censorship-circumvention/projects/snowflake-dail… * https://interseclab.org/wp-content/uploads/2025/09/The-Internet-Coup_Septem… * "Blocking online privacy and circumvention tools" section of InterSecLab report on Geedge Networks, mentions Tor, Snowflake, WebTunnel * https://www.amnesty.org/en/documents/asa33/0206/2025/en/ * Pakistan: Shadows of Control: Censorship and mass surveillance in Pakistan * https://github.com/net4people/bbs/issues/519 * Leak of Geedge Networks internal documents (100,000+ from Jira, Confluence, GitLab * (Protests in Nepal turned deadly after thousands of youngsters marched against the blocking of social media platforms.) == Reading group == * We will discuss "IRBlock: A Large-Scale Measurement Study of the Great Firewall of Iran" on September 11 * https://www.usenix.org/system/files/usenixsecurity25-tai.pdf * https://irblock.org/ is supposed to have public data according to Section 8, but it shows a "Cloudflare Tunnel error" * https://zenodo.org/records/15572895 has limited data from November 2024 to January 2025, not raw data, but already aggregated * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? * Next: * https://interseclab.org/wp-content/uploads/2025/09/The-Internet-Coup_Septem… * "Blocking online privacy and circumvention tools" section of InterSecLab report on Geedge Networks, mentions Tor, Snowflake, WebTunnel == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-09-11 Last week: - fixed snowflake extension translation bug (snowflake-webext#120) - updated wiki page for integrating new PTs into Tor Browser - https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Tor-Browser-… -Transports - implemented and deployed new prometheus metrics to track proxy answers by implementation - met with Rob to discuss proteus integration steps - updated analysis of snowflake proxy timeouts (snowflake#40447) Next week: - follow up on snowflake rendezvous failures - deploy new snowflake webextension with translation fixes - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-09-11 Last week: Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2024-09-11 Last week: - brainstorm on dual stack bridges (tor!786) - catch up with emails and fail Next week: Shelikhoo: 2024-09-11 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - [Deploy Over] Add Domain Fronting Test Support to probeobserver - Support the Testing of domain fronting sites ( https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… ) (Done) - (Many merge reviews) Next (working) Week/TODO: - Merge request reviews - Choosing domain fronting targets for domain fronting tests - invesgate russian vantage point issues onyinyang: 2025-09-11 Last week(s): -Deployed and merged https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/562 - Confirmed that we are still distributing malfunctioning webtunnel bridges https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/47 - Looking into why ^ - Looking into a solution for distributing a proportion of webtunnel bridges to telegram users with new accounts https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/283 Next week: - Continue looking into bridgestrap#47 - Continue looking into rdsys#283 - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Switch back to some of these: As time allows: Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

minutes from the sysadmin meeting
by Antoine Beaupré 09 Sep '25

09 Sep '25

Time for your monthly dose of sysadmin minutes! # Roll call: who's there and emergencies all team present, no emergencies ## Normal per-user check-in we went through our normal check-in * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… ## General dashboards We noticed a lot of untriaged issues in the web boards, and @lelutin is a little overloaded, so we picked issues off his board. * https://gitlab.torproject.org/tpo/tpa/team/-/boards/117 * https://gitlab.torproject.org/groups/tpo/web/-/boards * https://gitlab.torproject.org/groups/tpo/tpa/-/boards # Roadmap review anarcat mentioned that we need to review Q3 and plan Q4 in the next monthly meeting. keep in mind that what we don't do from the 2025 roadmap in q4 will get postponed to 2026, and that has an influence on the tails merge roadmap! we would really like to finish the puppet merge this year, at least. we hope to start brainstorming a proper 2026 roadmap in october. # Other discussions ## state of the onion do we do it? what do we want to present? we haven't presented for the last two years, didn't seem to cause an issue for the grand public, no one asked us for it... maybe we could do a talk to TPI/TPO directly instead of at the SOTO? But then again, not talking contributes to an invisibilisation of our work... It's important for the world to know that developers need help to do their work and sysadmins are important: this organization wouldn't *immediately* collapse if we would go away, but it would certainly collapse *soon*. It's also important for funders to understand (and therefore fund) our work! Ideas of things to talk about: - roadmap review? we've done a lot of work this year, lots of things we could talk about - asncounter? - interactions with upstreams (debian, puppet, gitlab, etc) - people like anecdotes: wrong gitlab shrink? mailman3 memory issues and fix anarcat will try to answer the form and talk with pavel for some help on next steps. # Next meeting as usual, first monday of october. # Metrics of the month * host count: 99 * number of Apache servers monitored: 33, hits per second: 696 * number of self-hosted nameservers: 6, mail servers: 99 * pending upgrades: 0, reboots: 99 * average load: 1.62, memory available: 4.6 TB/7.2 TB, running processes: 240 * disk free/total: 88.7 TB/204.3 TB * bytes sent: 514.4 MB/s, received: 334.0 MB/s * [GitLab tickets][]: 244 tickets including... * open: 0 * ~Roadmap::Icebox: 130 * ~Roadmap::Future: 44 * ~Needs Information: 3 * ~Roadmap::Backlog: 38 * ~Roadmap::Next: 12 * ~Roadmap::Doing: 15 * ~Needs Review: 3 * (closed: 4198) * [~Technical Debt][]: 12 [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards [~Technical Debt]: https://gitlab.torproject.org/groups/tpo/tpa/-/issues/?state=opened&label_n… Upgrade prediction graph lives at https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/trixie/ We've past our estimated finish date for the trixie upgrades (2025-08-06), which means we've slowed down quite a bit in our upgrade batches. But we're close to completion! We're still hoping to finish in 2025, but it's possible this drags into 2026. -- Antoine Beaupré torproject.org system administration

1 0

matrix room upgrades coming next week
by Antoine Beaupré 05 Sep '25

05 Sep '25

Hi, Matrix rooms will be "upgraded" next week due to a security issue with the old room version. This involves clicking a link in your Matrix client to keep communicating over Matrix in Tor rooms. # What? Concretely, this means you will see a message like this from me or another Matrix admin in many rooms you are in: > this room will be upgraded to v12 as per https://gitlab.torproject.org/tpo/tpa/team/-/issues/42240 Then a message in your Matrix client directing you to the new room. For example, in Element, you will see: > This room has been replaced and is no longer active. > *The conversation continues here.* The latter is a link, and you should click it to join the new room. Once you do, you should see a message, again from me, like: > this room was upgraded to v12 as per https://gitlab.torproject.org/tpo/tpa/team/-/issues/42240 That is all normal, even if it looks really fishy. Sorry, this is how Matrix protocol upgrades work. In theory, most room settings should be retained and everything should work as normal. The new room doesn't have the history of the old room, but the old room is still there and *that* history is still available. In practice, let us know (in the above issue) if you find any *new* issue with the rooms. # Who? I'll be doing this work, and most people shouldn't be affected. There is a small fraction (2-3% of users) who are on home servers that do *not* support the new room versions. Those users will not be able to join the new rooms, and are encouraged to help their home server administrators to upgrade, or to switch to an up to date home server. If you use matrix.org or matrix.debian.social, you should be fine: those servers are updated and your clients should follow the upgrade without problem. # When? Some time next week. I don't have a precise coordinated time because I need # How? This change is done for Security Reasons, across the entire Matrix federation. It affects only servers (like matrix.org and matrix.debian.social) that federate with other servers, so it affects us. The details upstream are somewhat scarce, but we're following this announcement: https://matrix.org/blog/2025/07/security-predisclosure/ ... along with other news and documentation we find online. The issue is tracked at TPA in: https://gitlab.torproject.org/tpo/tpa/team/-/issues/42240 # Where? The list of rooms that will be migrated, and the progress of the migration, is tracked in the summary of the aforementioned issue. A. -- Antoine Beaupré torproject.org system administration

1 0

Anti-censorship team meeting notes, 2025-09-04
by meskio 04 Sep '25

04 Sep '25

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-09-04-16.00.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, Sep 11 16:00 UTC Facilitator: onyinyang ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == * Check webtunnel bridge counts again (deferred action from 2025-08-28 meeting: "We will take another sample from bridge metrics in 1 week, see how much the count has recovered, and then reevaluate the need for a setuid binary"). $ tar -O -xf bridge-extra-infos-2025-08.tar.xz | grep -B3 '^transport webtunnel' | grep '^published '|grep 2025-08-27|wc -l 2597 $ tar -O -xf bridge-extra-infos-2025-08.tar.xz | grep -B3 '^transport webtunnel' | grep '^published '|grep 2025-08-28|wc -l 2600 $ tar -O -xf bridge-extra-infos-2025-08.tar.xz | grep -B3 '^transport webtunnel' | grep '^published '|grep 2025-08-29|wc -l 2805 $ tar -O -xf bridge-extra-infos-2025-08.tar.xz | grep -B3 '^transport webtunnel' | grep '^published '|grep 2025-08-30|wc -l 2875 $ tar -O -xf bridge-extra-infos-2025-08.tar.xz | grep -B3 '^transport webtunnel' | grep '^published '|grep 2025-08-31|wc -l 2884 $ tar -O -xf bridge-extra-infos-2025-09.tar.xz | grep -B3 '^transport webtunnel' | grep '^published '|grep 2025-09-01|wc -l 2873 $ tar -O -xf bridge-extra-infos-2025-09.tar.xz | grep -B3 '^transport webtunnel' | grep '^published '|grep 2025-09-02|wc -l 2900 * we'll deploy a setuid script that solves the permition problem and remove it in 6 weeks * (Aug 28 New:) * WebTunnel container's setuid volume migration trade-off * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt… * The problem was initially reported by gus at https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt… * The issue is that changing the base of the container from Debian bullseye to bookworm changed the uid of the system debian-tor user from 101 to 100. The unpatched new bookworm container image assumes a uid of 100, so permissions are wrong. * Instructions for affected users have been published: * https://forum.torproject.org/t/tor-relays-bridge-operators-fix-required-for… * There has already been a merged change for the debian-tor UID to be pinned at 101 (but it can only be compatible with one or the other, not both) * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt… * Proposal in !33 is to add a setuid binary to the container (with attendant security risks) whose purpose is to chown the relevant files and force them to correct UID for debian-tor, whatever that UID may be. * How many WebTunnel bridges are affected? * This would tell us how important it is to take the step of installing a setuid binary. If only a small number of bridges are affected, than maybe it's not worth it. * Affected bridges won't even get to the bridgestrap step, so we won't have those logs. * We could get a quick approximate count (to see if the number of webtunnel bridges has declined and how much) with https://metrics.torproject.org/collector.html#bridgedb-metrics. * Never mind, actually what we need are the extra-info descriptors. * Rough counts from the tor-metrics tarballs, shows a decrease of about 400 or 14% compared to 7 days earlier: $ tar -O -xf bridge-extra-infos-2025-08.tar.xz | grep -B3 '^transport webtunnel' | grep '^published '|grep 2025-08-21|wc -l 3011 $ tar -O -xf bridge-extra-infos-2025-08.tar.xz | grep -B3 '^transport webtunnel' | grep '^published '|grep 2025-08-27|wc -l 2597 * We will take another sample from bridge metrics in 1 week, see how much the count has recovered, and then reevaluate the need for a setuid binary. == Actions == == Interesting links == * == Reading group == * We will discuss "IRBlock: A Large-Scale Measurement Study of the Great Firewall of Iran" on September 11 * https://www.petsymposium.org/foci/2025/foci-2025-0016.pdf * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-08-28 Last week: - reviewed lots of MRs - finished an updated of kcp-go and fixed some race conditions in the tests (snowflake#40483) - worked on tracking down reason for snowflake rendezvous failures (snowflake#40447) Next week: - follow up on snowflake rendezvous failures - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-09-04 Last week: - helped redeploy snowflake-server on snowflake-01 for golang.org/x/net security fix https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2024-09-04 Last week: - being AFK - catch up with stuff Next week: - organize work Shelikhoo: 2024-09-04 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - [Deployment]Snowflake Staging Service offline after debian upgrade (https://gitlab.torproject.org/shelikhoo/snowflakestaging/-/issues/2, https://gitlab.torproject.org/tpo/tpa/team/-/issues/42279) - (Many merge reviews) Next (working) Week/TODO: - Merge request reviews - Support the Testing of domain fronting sites ( https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… ) (cont.) - [Deploy] Add Domain Fronting Test Support to probeobserver onyinyang: 2025-08-28 Last week(s): - Monitoring fix for: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/249 https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/562 - Created visualizations for flickering bridges - Fixing up translatable elements on bridges.torproject.org https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/57… Next week: -Finish up with !574 - Deploy rdsys!567 when rdsys!562 is confirmed to be fixed and remove extra logs from rdsys!562 - Look into why we are distributing malfunctioning webtunnel bridges https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/47 - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Switch back to some of these: As time allows: Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0