- tor-project - lists.torproject.org

sajolida's report for September 2025
by sajolida 18 Dec '25

18 Dec '25

Tails ===== Project 165 ----------- - Fixed all the less critical updates to our website for Tails 7.0: screenshots, style, advanced topics, etc.. (#20203) Overall, we applied more than 60 updates to our website and identified 10 other issues that were not triggered by Tails 7.0. - Wrote the lengthy release notes for Tails 7.0. (#21046) https://tails.net/news/version_7.0/ - Interviewed Joshua, an IT specialist who uses Tails both at work and at home. Despite Joshua not matching our personas, we learned a couple of interesting things. https://tails.net/contribute/how/user_experience/interviews/joshua/ - Updated the version of balenaEtcher and Rufus on our website. (#20989) Misc ---- - Made plans with intrigeri to migrate the homepage of Tor Browser in Tails to about:tor in time for the Year End Campaign. (#21003) - Removed the sponsors page from our website and tore down the infrastructure that we had to send newsletter to donors. * https://gitlab.torproject.org/tpo/team/-/work_items/399 * https://gitlab.torproject.org/tpo/team/-/work_items/382 Other Tor products ================== Tor Browser ----------- - Started preparing usability tests on the display of multi-path circuits (aka. Conflux) in Tor Browser Android and desktop. https://gitlab.torproject.org/tpo/ux/research/-/issues/168 Tor VPN ------- - Tested Tor VPN 1.0.0 Beta against the usability issues identified in August 2024 and reported 4 issues: * Connects despite being configured to use a bogus bridge https://gitlab.torproject.org/tpo/applications/vpn/-/issues/378 * Tapping on the circuit icon doesn't open the circuit view https://gitlab.torproject.org/tpo/applications/vpn/-/issues/379 * "No internet" displays network activity and app protection widgets on Internet deconnection https://gitlab.torproject.org/tpo/applications/vpn/-/issues/380 * Disable "Exit location" in "Configure" screen instead of hiding it when disconnected https://gitlab.torproject.org/tpo/applications/vpn/-/issues/382 -- sajolida The Tor Project — UX Designer

1 3

Anti-censorship team meeting notes, 2025-12-18
by onyinyang 18 Dec '25

18 Dec '25

Hey everyone! Here are our meeting logs: https://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-12-18-16.00.ht… And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, January 8 16:00 UTC Facilitator: shelikhoo ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator:onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * No meetings Dec 25 and Jan 1, we'll be AFK for the Tor's year end break == Discussion == == Actions == * == Interesting links == * == Reading group == * We will discuss "CenPush: Blocking-Resistant Control Channel Using Push * Notifications" on January 8th, 2026 * https://petsymposium.org/popets/2025/popets-2025-0153.pdf * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? * Next in the Reading Group Queue: * Fingerprint-resistant DTLS for usage in Snowflake: https://www.petsymposium.org/foci/2025/foci-2025-0006.php == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-12-18 Last week: - reviewed snowflake-webext patch to show snowflake status in icon for mv3 (snowflake-webext!97) - released snowflake-webext v0.9.8 - worked on proxy enumeration Next week: - research snowflake enumeration attacks (snowflake#40396) - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-12-18 Last week: Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2025-12-11 Last week: - make an alert for failing builtin bridges (team#141) - merge multi-domain meek and coordinate with TB to update it (lyrebird!142) - investigate gettor email issues (rdsys#290) - prepare grant Next week: - make gettor email reply Shelikhoo: 2025-12-18 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - [Review]Add covert-dtls to proxy and client (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Setup Staging Environment - Create Binary Release for snowflake(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-trans… -> https://gitlab.torproject.org/shelikhoo/testing_rz25wufuh4evo7uo1k7ts6qy657… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - [Review]Add covert-dtls to proxy and client (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Create Binary Release for snowflake onyinyang: 2025-12-18 Last week(s): - Splintercon Paris - - Presented on Signaling Channels - Monitoring email profiler for rdsys #129 - Attempting to move to go-imap v2 or moving to a new library Next week: - Tor winter break for 2 weeks Then: - Continue Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed - Troubleshooting conjure not connecting in China - waiting for more information from conjure authors/maintainers Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-12-1 Last weeks: - MR: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next weeks: - Implementing DTLS 1.3 in pion Help with: - Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

getting ready for the TPA holidays
by Antoine Beaupré 15 Dec '25

15 Dec '25

Hi! Like other teams, TPA has been getting ready for the holidays! As usual, we'll be ensuring minimal rotation during the TPI holidays, to deal with emergencies. The plan is to have someone checking on systems once in a while during the holidays so, basically, "How to report issues" doesn't change, see: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/support If you're curious, you can see who's on rotation in the "TPA rotations" calendar that should be shared with the TPI group in Nextcloud. I typically send this email long before the holidays to give people a last chance to ask us for last minute changes before we go. I didn't get time to send that email this time around, so it's pretty much too late for that now... Sorry! We haven't been able to merge our monitoring systems with Tails in 2025 as we had planned, so we still have two rotation teams for this holiday, but it will hopefully be the last! In any case, hopefully you won't need us, and we'll all have a quiet holiday, but we're around in case trouble hits. Have a good holiday and best of health to everyone in 2026. A. -- Antoine Beaupré torproject.org system administration

1 0

minutes from the sysadmins
by Antoine Beaupré 15 Dec '25

15 Dec '25

Here's your last dose of sysadmin minutes for the year! # Roll call: who's there and emergencies all hands present # Express check-in How are you doing, and are there any blockers? Then pass the mic to the next person. # ADR approval Introduction to the three-document model, and last chance for objections. https://gitlab.torproject.org/tpo/tpa/team/-/issues/41428 The ADR process was adopted! # tails server replacement https://gitlab.torproject.org/tpo/tpa/tails-sysadmin/-/issues/18238 Option 2 (2 servers rented at Hetzner with 108.60 USD setup, monthly cost: 303.52$/mth) was approved, do we go ahead with this? We shouldn't be working on this during the holidays, but having the servers available for emergencies might be good. We might be able to get an isoworker ready by the end of the week. Tails 7.4 is scheduled for January 15, that gives us about a week to prepare after the break. Speed tests performed showed: 16MB/s fsn -> riseup, 6MB/s -> riseup -> fsn. Ultimately we need to migrate the orchestrator next to the workers to optimize this. New servers will have less disks. This move must be communicated to the Tails team today. # Next meeting Next year! # Metrics of the month * host count: 98, LDAP 127 (!), Puppet 126 (!) * number of Apache servers monitored: 33, hits per second: 665 * number of self-hosted nameservers: 6, mail servers: 12 * pending upgrades: 0, reboots: 0 * average load: 1.03, memory available: 4.6 TB/7.2 TB, running processes: 185 * disk free/total: 100.5 TB/224.6 TB * bytes sent: 451.6 MB/s, received: 289.3 MB/s * [GitLab tickets][]: 253 tickets including... * open: 0 * ~Roadmap::Icebox: 126 * ~Roadmap::Future: 40 * ~Needs Information: 2 * ~Roadmap::Backlog: 55 * ~Roadmap::Next: 15 * ~Roadmap::Doing: 5 * ~Needs Review: 10 * (closed: 4329) * [~Technical Debt][]: 11 open, 41 closed [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards [~Technical Debt]: https://gitlab.torproject.org/groups/tpo/tpa/-/issues/?state=opened&label_n… -- Antoine Beaupré torproject.org system administration

1 0

(December 19, 2025 to January 4, 2026) Tor User Support team will be partly unavailable during the holidays
by ebanam 15 Dec '25

15 Dec '25

Hello, Tor User Support team will be partly unavailable between December 19th, 2025 and January 4th, 2026. If you reach out to us on our user support channels via email[0], Tor Forum[1], Telegram[2], WhatsApp[3] or Signal[4], it may take longer than usual for us to respond. Please rest assured we will get back to your messages as soon as possible. Our team will be back at our regular office hours[5] from January 5th, 2026. Thank you! Community Team Tor Project [0]: frontdesk(a)torproject.org [1]: https://forum.torproject.org/ [2]: https://t.me/TorProjectSupportBot [3]: https://wa.me/447421000612 [4]: https://signal.me/#p/+17787431312 [5]: https://support.torproject.org/get-in-touch/user-support/

1 0

Anti-censorship team meeting notes, 2025-12-11
by meskio 11 Dec '25

11 Dec '25

Hey everyone! Here are our meeting logs: https://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-12-11-16.00.ht… And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, December 18 16:00 UTC Facilitator: onyinyang ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator:meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * No meetings Dec 25 and Jan 1, we'll be AFK for the Tor's year end break == Discussion == == Actions == * == Interesting links == * == Reading group == * We will discuss "CenPush: Blocking-Resistant Control Channel Using Push * Notifications" on January 8th, 2026 * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? * Next in the Reading Group Queue: * Fingerprint-resistant DTLS for usage in Snowflake: https://www.petsymposium.org/foci/2025/foci-2025-0006.php == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-12-11 # Weekly Work Last week: - added support for multiple SQS channels at broker - worked on moving SQS queue to TPO AWS account (snowflake#40498) - updated analysis of snowflake churn tests Next week: - research snowflake enumeration attacks (snowflake#40396) - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-12-11 Last week: - made an inventory of snowflake bridge files that need to be restored in case of a disk failure https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - commented on covert-dtls test deployment plan https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2025-12-11 Last week: - make an alert for failing builtin bridges (team#141) - merge multi-domain meek and coordinate with TB to update it (lyrebird!142) - investigate gettor email issues (rdsys#290) - prepare grant Next week: - make gettor email reply Shelikhoo: 2025-12-11 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - [Review]Add covert-dtls to proxy and client (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Setup Staging Environment - Create Binary Release for snowflake(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-trans… -> https://gitlab.torproject.org/shelikhoo/testing_rz25wufuh4evo7uo1k7ts6qy657… Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - [Review]Add covert-dtls to proxy and client (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Create Binary Release for snowflake onyinyang: 2025-12-04 Last week(s): - Attended Ontario Cryptography Day - Splintercon Prep Next week: - Splintercon - Continue Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed - Troubleshooting conjure not connecting in China - waiting for more information from conjure authors/maintainers - Monitoring email profiler for rdsys #129 - Attempting to move to go-imap v2 Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

User support report for November 2025
by ebanam 10 Dec '25

10 Dec '25

Hello everyone, This is the report from user support team for the month of November. Note: (↑), (↓) and (-) are indicating if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively. - Summary of updates from user support - General user support - Farsi-speaking user support - Russian-speaking user support - Frontdesk (email user support channel) - Telegram, WhatsApp and Signal user support channels - Topics from the Tor Forum - Highlights from Google Play Store # Summary of updates from user support ## General user support * 401 tickets in total (↓63 as compared to October) * 265 tickets on Email * 135 tickets on Telegram * 1 ticket on WhatsApp * Our user support channel on Signal was temporarily unavailable in November but it is back online and reachable via text on our Signal number, +17787431312, or Signal username, @torsupport.89 * In the aftermath of the third Tor VPN beta release, we received numerous tickets with the major topics being: - Users enquiring about [WebTunnel support][] for Tor VPN, which is an upcoming feature. - Instructions to install Tor VPN beta. - Instructions to use the ['Kill Switch'][] on Tor VPN. - Users unable to connect to connect Tor VPN due to having [Private DNS][] configured. [WebTunnel support]: https://gitlab.torproject.org/tpo/applications/vpn/-/issues/411 ['Kill Switch']: https://support.torproject.org/tor-vpn/features/kill-switch/ [Private DNS]: https://gitlab.torproject.org/tpo/applications/vpn/-/issues/147 ## Farsi-speaking user support * 30 tickets in total (↓4 as compared to October) * 7 tickets on Email * 23 tickets on Telegram ## Russian-speaking user support * 1034 tickets in total (↓159 as compared to October) * 108 tickets on Email * 1 ticket on Signal * 25 tickets on WhatsApp * 900 tickets on Telegram * With more resources and apps being blocked in Russia - most recently the online game Roblox - the number of Tor users continues to grow. [Restrictions]() on mobile internet are significantly stricter, with periodic activation of a "whitelist" or "allowlist" mode during which only government-approved, Russia-based resources remain accessible for several hours. During those period, users have reported that Tor and our pluggable transports do not work. [Restrictions]: https://forum.torproject.org/t/help-find-working-method-to-circumvent-inter… That's it for the summary, following is a more detailed report about the tickets our user support team worked on last month. # Frontdesk (email user support channel) * 438(↓) RT tickets created * 380(↓) RT tickets resolved Tickets by topics and numbers: 1. 192(↓) tickets: instructions to circumvent censorship for Chinese speaking users. 2. 108(↓) tickets: circumventing censorship in Russian speaking countries. 3. 24(↓) tickets: help with troubleshooting existing Tor Browser install on Desktop (Windows, macOS and Linux). 4. 7(↓) tickets: questions, feedback and help with troubleshooting Tor VPN beta. 5. 7(↑) tickets: circumventing censorship with Tor in Farsi. 6. 7(↑) tickets: reports of fake apps on iOS AppStore masquerading as official Tor Browser and questions about which Tor app to install on iOS (i.e. Onion Browser or Orbot). 6. 5(↑) tickets: reports of websites blocking Tor connections or not performing well in Tor Browser. 7. 4(↑) tickets: help with instructions to download, install or properly uninstalling Tor Browser. 8. 2(-) tickets: question about onion services and how to access them. 9. 2(↑) tickets: instructions to import and export bookmarks on Tor Browser. 10. 1(↓) ticket: help with troubleshooting existing Tor Browser install on Android. 11. 1(-) ticket: users seeing a "proxy refused" error when visiting websites on Tor Browser for Android using Samsung devices. 12. 1(-) ticket: help with instructions to troubleshoot Tails operating system. 13. 1(↑) ticket: instructions to sign up for a account on Tor's GitLab instance. 14. 1(↑) ticket: help with installing little-t tor (the network daemon). 15. 1(↑) ticket: help with getting started with Tor Browser and other general questions about the browser. # Telegram, WhatsApp and Signal user support channels * 1084(↓) tickets resolved Breakdown: * 1058(↓) tickets on Telegram * 1(↓) ticket on Signal * 26(↑) tickets on WhatsApp Tickets by topics and numbers: 1. 926(↓) tickets: circumventing censorship in Russian speaking countries. 2. 32(↓) tickets: instructions to circumvent censorship for Chinese speaking users. 3. 32(↑) tickets: [GetBridgesBot on Telegram freezes][], stops sending bridges and users have to clear chat history. 4. 23(↓) tickets: circumventing censorship with Tor in Farsi. 5. 19(↑) tickets: questions, feedback and help with troubleshooting Tor VPN beta. 6. 14(↑) tickets: help with troubleshooting existing Tor Browser install on Desktop (Windows, macOS and Linux). 7. 13(-) tickets: helping users on iOS, using Onion Browser or Orbot, to use censorship circumvention methods. 8. 12(↑) tickets: instructions on how to get Tor Browser binaries from GetTor. 9. 3(↓) tickets: help with troubleshooting Tor Browser Desktop on Windows, macOS and Linux. 10. 3(↓) tickets: help with instructions to troubleshoot Tails operating system. 11. 3(↑) tickets: help with configuring bridges to use with little-t tor (the network daemon). 12. 2(-) tickets: help with instructions to use bridges with Orbot on Android. 13. 2(↑) tickets: questions about onion services and how to access them. 14. 1(↑) ticket: instructions to import and export bookmarks on Tor Browser. 15. 1(↓) ticket: users seeing a "proxy refused" error when visiting websites on Tor Browser for Android using Samsung devices. 16. 1(↓) ticket: help with installing Tor Browser on Desktop on Linux. 17. 1(↓) ticket: instructions to download Tor Browser 13.5 legacy for legacy operating systems. 18. 1(↓) ticket: instructions to use WebTunnel bridges with Tor Browser. 19. 1(-) ticket: help with instructions to verify Tor Browser GPG signature. 20. 1(-) ticket: help with using Snowflake with Tor to circumvent censorship. 21. 1(↑) ticket: reports of websites blocking Tor connections or not performing well in Tor Browser. [GetBridgesBot on Telegram freezes]: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/286 # Topics from the Tor Forum 1. Accessing Tor Browser's configuration files on [Flatpak Tor Browser][] on Linux. 2. Discussion on Firefox's [Tab view][] not available on Tor Browser. [Flatpak Tor Browser]: https://forum.torproject.org/t/path-to-torrc-file-using-flatpak-tor-browser… [Tab view]: https://forum.torproject.org/t/firefox-view-tab-view/20790 # Highlights from Google Play Store * Tor Browser for Android (TBA) had a Google Play rating of 4.395 (↓0.005) stars in November, which is lower as compared to in October. * Tor Browser for Android (TBA) got 691 (↓49) new reviews. The total count of reviews for the app stands at 66,284. * Tor Browser for Android Alpha (TBA Alpha) app had a rating of 4.182 (↓0.01) in November which is lower as compared to in October. * In November, Tor Browser for Android Alpha (TBA Alpha) got 29 (↑7) new reviews. The total count of reviews for the app stands at 8,708. * Tor VPN beta was installed almost 30000 times by the end of November. The top 5 countries by the number of installations being (in descending order): United States, India, Iran, Russia and France. * For Tor Browser, the main issues highlighted by the users in their comments and reviews were: - internet censorship in Russia and users looking for ways to bypass it. - Tor Browser for Android being slow to browse. - Tor failing in the background with a "Proxy server refused connection" error while browsing. Thanks! -- ebanam

1 0

Anti-censorship team meeting notes, 2025-12-04
by Shelikhoo 04 Dec '25

04 Dec '25

Hey everyone! Here are our meeting logs: https://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-12-04-16.00.ht… And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, December 11 16:00 UTC Facilitator:meskio ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator:shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * No meetings Dec 25 and Jan 1, we'll be AFK for the Tor's year end break == Discussion == == Actions == * == Interesting links == * https://blog.torproject.org/staying-ahead-of-censors-2025/ == Reading group == * We will discuss "CenPush: Blocking-Resistant Control Channel Using Push * Notifications" on January 8th, 2026 * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? * Next in the Reading Group Queue: * Fingerprint-resistant DTLS for usage in Snowflake: https://www.petsymposium.org/foci/2025/foci-2025-0006.php == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-12-04 Last week: - refined proxy churn experiments (snowflake#40494) - deployed proxy churn metrics - discussed signalling channel library - adapted snowflake paper scripts for proxy churn graphs - restarted proxy churn test with proxy type metrics fix (snowflake!645) Next week: - switch to using Tor's AWS account for SQS signalling channel - research snowflake enumeration attacks (snowflake#40396) - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-10-30 Last week: - made snowflake-graphs use SQLite as intermediate data representation rather than CSV https://gitlab.torproject.org/dcf/snowflake-graphs/-/merge_requests/3 - fixed a bug with snowflake-graphs undercounting coverage for certain rarely occurring levels of factors https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/3#note_3281215 - opened an issue for coverage=2.00 in snowflake-stats descriptors during a time when 2 brokers were running simultaneously https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/5 Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2025-12-04 Last week: - talk with the operators of failing builtin in bridges (team#141) - update the list of builtin bridges (tor-browser-build!1373) - review blogpost on anti-censorship 2025 - contact yunohost and sandstorm about packaging snowflake proxy - prepare grant Next week: - make an alert for failing builtin bridges (team#141) Shelikhoo: 2025-12-04 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Release Lyrebird v0.7.0 - Update lyrebird version to v0.7.0 (https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…) - [Merge Request] Release v0.7.0 (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre…) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - [Review]Add covert-dtls to proxy and client (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) onyinyang: 2025-12-04 Last week(s): - Attended Ontario Cryptography Day - Splintercon Prep Next week: - Splintercon - Continue Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed - Troubleshooting conjure not connecting in China - waiting for more information from conjure authors/maintainers - Monitoring email profiler for rdsys #129 - Attempting to move to go-imap v2 Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue

1 0

Anti-censorship team meeting notes, 2025-11-27
by onyinyang 27 Nov '25

27 Nov '25

Hey everyone! Here are our meeting logs: https://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-11-27-16.00.ht… And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, December 4 16:00 UTC Facilitator:shelikhoo ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator:onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * == Discussion == == Actions == * bring interesting papers to decide on our next reading group == Interesting links == * == Reading group == * We will discuss "CenPush: Blocking-Resistant Control Channel Using Push * Notifications" on January 8th, 2026 * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? * Next in the Reading Group Queue: * Fingerprint-resistant DTLS for usage in Snowflake: https://www.petsymposium.org/foci/2025/foci-2025-0006.php == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-11-20 Last week: - reviewed meek-lite url front pairs implementation - started work on moving SQS to torproject AWS account - more research on enumeration defences Next week: - deploy proxy churn metrics patch (snowflake#40494) - research snowflake enumeration attacks (snowflake#40396) - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-10-30 Last week: - made snowflake-graphs use SQLite as intermediate data representation rather than CSV https://gitlab.torproject.org/dcf/snowflake-graphs/-/merge_requests/3 - fixed a bug with snowflake-graphs undercounting coverage for certain rarely occurring levels of factors https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/3#note_3281215 - opened an issue for coverage=2.00 in snowflake-stats descriptors during a time when 2 brokers were running simultaneously https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/5 Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2025-11-27 Last week: - make prometheus monitor the builtin bridges (team#141) - redesign meek multifront domain MR (lyrebird!142) - granwriting - a blogpost based on the SOTO presentation - transfer brdg.es to TPI, for bridge URIs Next week: - investigate the status of builtin bridges (team#141) Shelikhoo: 2025-11-27 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Many dependencies update merge request review - [Merge Request] Rename UTLSInsecureServerNameToVerify option to cert-domain (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre…) - [Merge Request Review] Count IP churn by proxy type (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - Release Lyrebird v0.7.0 onyinyang: 2025-11-27 Last week(s): - Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed - The ApplyDiff function was suspicious but after investigation, it seems like this is not the issue. . .the search continues - Troubleshooting conjure not connecting in China - waiting for more information from conjure authors/maintainers - Monitoring email profiler for rdsys #129 - Attempting to move to go-imap v2 - Making arrangements for talk/travel to Splintercon Next week: - Attending Ontario Cryptography Day - Splintercon Prep - Continue troubleshooting conjure not connecting in China - Finish up debugging rdsys#129 and rdsys#248 hopefully (take 3? 4?) - Continue monitoring rdsys#249 Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

Anti-censorship team meeting notes, 2025-11-20
by meskio 20 Nov '25

20 Nov '25

Hey everyone! Here are our meeting logs: https://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-11-20-16.00.ht… And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, November 27 16:00 UTC Facilitator:onyinyang ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator:meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * duplicatedcontainerimages is being removed(done) == Discussion == * meek: add support for multiple domain front providers * what bridgeline format makes sense? * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre… * we will not decide it for now, we'll wait for people to give feedback on the MR == Actions == * bring interesting papers to decide on our next reading group == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-11-20 Last week: - reviewed meek-lite url front pairs implementation - started work on moving SQS to torproject AWS account - more research on enumeration defences Next week: - deploy proxy churn metrics patch (snowflake#40494) - research snowflake enumeration attacks (snowflake#40396) - follow up on snowflake rendezvous failures (snowflake#40447) - revisit conjure integration with lyrebird - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-10-30 Last week: - made snowflake-graphs use SQLite as intermediate data representation rather than CSV https://gitlab.torproject.org/dcf/snowflake-graphs/-/merge_requests/3 - fixed a bug with snowflake-graphs undercounting coverage for certain rarely occurring levels of factors https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/3#note_3281215 - opened an issue for coverage=2.00 in snowflake-stats descriptors during a time when 2 brokers were running simultaneously https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/5 Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2025-11-20 Last week: - multi-front support in meek (lyrebird#40027) - update obfs4-bridge docker images - deprecate arm and 386 in obfs4-bridge docker - write a blogpost using the SOTO script Next week: - investigate the status of builtin bridges (team#141) Shelikhoo: 2025-11-20 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Add sni-imitation syntex sugar option (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre…) - Remove setuid migration script after it have finished its work: Revert "Add state migration setuid script chown-states.sh" (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) - [Cross Team] Some CJK characters cannot be rendered by Tor which uses the Noto font family (https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/44227#n…) - lyrebird Release v0.7.0 (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyre…) - WebTunnel: Use tpa managed podman for working defaults values (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) - Relicense uget under 3-bsd license (https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/…) - [Cross Team] Broken PGP public key link on db.torproject.org (https://gitlab.torproject.org/tpo/tpa/team/-/issues/42387) - [MR Review]Measure proxy churn for both proxy pools (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Next (working) Week/TODO: - Merge request reviews - [Deployment]Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) Building custom Tor Browser with patch applied - Release Lyrebird v0.7.0 onyinyang: 2025-11-20 Last week(s): - Investigating rdsys#248 i.e., why dysfunctional webtunnel bridges are being distributed - The ApplyDiff function was suspicious but after investigation, it seems like this is not the issue. . .the search continues - Troubleshooting conjure not connecting in China - waiting for more information from conjure authors/maintainers - Monitoring email profiler for rdsys #129 - Efforts to fix the (likely) bug in the waitForEmailUpdate function failed - Attempting to move to go-imap v2 - Making arrangements for talk/travel to Splintercon Next week: - Continue troubleshooting conjure not connecting in China - Finish up debugging rdsys#129 and rdsys#248 hopefully (take 3? 4?) - Continue monitoring rdsys#249 Switch back to some of these: As time allows: - Lox still seems to be filling up the disk on the rdsys-test server despite changes made to delete old entries, look into what's going wrong Blog post for conjure: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: onyinyang shelikhoo meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0