- tor-project - lists.torproject.org

Tor Browser meeting moved to Tuesday (2024-01-16)
by Richard Pospesel 15 Jan '24

15 Jan '24

Hey everyone, Monday is a holiday so we'll be moving our weekly meeting to Tuesday this week at 1500 UTC in #tor-meeting on OFTC IRC. best, -richard

1 0

ebanam's monthly status report and user support report for December 2023
by ebanam 11 Jan '24

11 Jan '24

Hello everyone! Like the past few months, much of my focus in December was to help users in regions where Tor is censored which includes but is not limited to using pluggable transports which are likely to work in their region, help with troubleshooting and answering other common Tor Browser related questions. With four Tor Browser stable releases I also worked on post-release user support work. We received numerous reports of PTs crashing for users on Windows 7 after the Tor Browser 13.0.7 update. Although the issue is resolved now (with Tor Browser 13.0.8) we expect to see more tickets from Windows 7 as Tor Browser will neccessarily have to drop support for Windows 7 and 8 after the Firefox ESR 128 transition this year. For any Windows 7 tickets we receive, we are encouraging Tor Browser users to either upgrade their systems to a modern Linux distribution, or at least to a supported version of Windows (10 or higher). Following is a thorough breakdown of tickets our user support team handled in December: # Frontdesk (email support channel) * 537(↓) RT tickets created * 474(↓) RT tickets resolved Tickets by numbers: 1. 199(↓) RT tickets: private bridge requests from Chinese speaking users. 2. 150(↓) RT tickets: circumventing censorship in Russian speaking countries. 3. 5 RT tickets: PTs on Tor Browser 13 do not work with Windows 7 (issue is resolved with Tor Browser 13.0.8)[0] 4. 2 RT tickets: "Proxy Server Refused Connection" on Tor Browser for Android specific to Oppo/Realme devices[1] Highlighting some other topics we received questions and feedback: 5. Circumventing censorship with Tor in Farsi. 6. Help with setting up onion service 7. Explaination about the "New Identity" and "New Tor Circuit" in Tor Browser[2] 8. How to import bookmarks in Tor Browser from other browsers[3] 9. Adding a search engine to Tor Browser 10. One report of an app masquerading as official Tor Browser app on iOS AppStore. 11. Tor Browser binary disappeared on Windows (this was likely because of anti-virus software installed on the user's system) 12. Contributing and volunteering to Tor 13. Tor Browser crashes when extensions popups are opened with Wayland enabled[4] 14. Images unable to render on some sites due to HTML5 Canvas fingerprinting being blocked in Tor Browser # Telegram, WhatsApp and Signal Support channel * 550(↓) tickets resolved Breakdown: * 521(↓) tickets on Telegram * 16(↓) tickets on WhatsApp * 13(↑) tickets on Signal Tickets by numbers: 1. 349(↑) tickets: circumventing censorship in Russian speaking countries. 2. 23(↓) tickets: private bridge requests from Chinese speaking users. 3. 42(-) tickets: circumventing censorship with Tor in Farsi. 4. 8 tickets: PTs on Tor Browser 13 do not work with Windows 7 (issue is resolved with Tor Browser 13.0.8) Highlighting some other topics we received questions about: 5. 2 tickets: user feedback about WebTunnel from regions where Tor is censored 6. 2 tickets: Configuring little-t-tor to use Pluggable Transports 7. 2 tickets: Unable to reach some onion site (these particular onion sites were offline) 8. "Proxy Server Refused Connection" on Tor Browser for Android specific to Oppo/Realme devices 9. Question about letterboxing on Tor Browser # Highlights from the Tor Forum 1. Tor Browser freezes/lags after update[5] 2. Tor Browser locking up on Windows 10 with all the latest patches[6] 3. Onion sites unreachable[7] (These are all v2 onion sites, which have been deprecated way back in 2021)[8] Thanks! e. Note: (↑), (↓) and (-) are indicating if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively. [0]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42179 [1]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41289 [2]: https://tb-manual.torproject.org/managing-identities/ [3]: https://support.torproject.org/tbb/export-and-import-bookmarks/ [4]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42306 [5]: https://forum.torproject.org/t/problem-tor-freezes-lags-after-update-to-v13… [6]: https://forum.torproject.org/t/tor-browser-locking-up-on-windows-10-with-al… [7]: https://forum.torproject.org/t/impossible-dafficher-le-contenu-des-pages/10… [8]: https://support.torproject.org/onionservices/v2-deprecation/

1 0

Anti-censorship team meeting notes, 2024-01-11
by Shelikhoo 11 Jan '24

11 Jan '24

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-01-11-15.57.html And our meeting pad: cohosh Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, January 18 16:00 UTC Facilitator: Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * Since December 2023, getting TLS certificates for subdomains of torproject.net (e.g. snowflake-broker.torproject.net) requires asking the sysadmin team to create a CAA record in DNS to authorize a specific account. * https://gitlab.torproject.org/tpo/tpa/team/-/issues/41462 * https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/tls?version_id=41c… == Discussion == * DTLS anti-fingerprinting library similar to uTLS * Useful for snowflake: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Sean DuBois (from pion) has been interested in this and may have ideas on what this library could look like == Actions == == Interesting links == * https://opencollective.com/censorship-circumvention/projects/snowflake-dail… == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-01-11 Past weeks: - Lox + Tor Browser integration - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/116 - worked on Lox distributor bug fixes and testing - spun up a few temporary Lox bridges for testing - integration testing of Snowflake with Shadow - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - proxy command-line option to specify probe server URL - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - SetNet fix for probetest - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - probetest command-line option to specify STUN URL - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - opened shadow issue to deal with missing setsockopt support for snowflake - https://github.com/shadow/shadow/issues/3278 - unit testing feedback on SQS rendezvous MR - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… This week: - Lox + Tor Browser integration - figure out what we need to get the snowflake server running in shadow again - rebase and try out manifest v3 patch - Conjure bridge maintenance Needs help with: dcf: 2024-01-11 Last week: - upgraded snowflake bridges to 0.4.8.10 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - figured out a CAA issue to prevented renewing TLS certificates for torproject.net domains (e.g. snowflake.torproject.net, snowflake-broker.torproject.net) https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - opened an issue to let the snowflake bridge and broker use a newer type of ACME challenge https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - documented WireGuard setup for the snowflake-01 bridge https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Gui… - azure CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - review draft MR for unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Before EOY 2023: - move snowflake-02 to new VM Help with: meskio: 2023-12-21 Last week: - grant writing Next week: Shelikhoo: 2024-01-11 Last Week: - Work on snowflake performance improvement (WIP): https://gitlab.torproject.org/shelikhoo/snowflake/-/tree/dev-udp-performanc… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - HTTPS distributors in rdsys: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/191 - Merge request reviews Next Week/TODO: onyinyang: 2023-01-11 Last week(s): - Finished Telegram bot dev - Continue to support Lox wasm stubs as needed - Holiday! This week: - Bug fixing and other things that come up as lox integration is rolled out - document API for lox client/server requests - Other Lox bug fixes/improvements - attempt hyper upgrade again (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?

1 0

OONI Monthly Report: December 2023
by Maria Xynou 09 Jan '24

09 Jan '24

Hello, Happy New Year! We wish you all the best for 2024. :) This email shares OONI's monthly report for December 2023. *# OONI Monthly Report: December 2023* Throughout December 2023, the OONI team worked on the following sprints: * Sprint 106 (4th - 17th December 2023) * Sprint 107 (18th - 31st December 2023) Our work can be tracked through the various OONI GitHub repositories: https://github.com/ooni Highlights are shared in this report below. *## Year in Review: OONI in 2023* We published our "Year in Review: OONI in 2023" blog post: https://ooni.org/post/2023-year-in-review/ In our annual end-of-year post, we share: * OONI highlights from 2023 * Highlights from the OONI community (i.e. how OONI tools and data were used by the community) * Upcoming OONI projects in 2024 Warm thanks to everyone who supported our work in 2023! We’re excited for 2024. *## Published new reports on the OONI Censorship Findings page* Following the launch of the OONI Censorship Findings page ( https://explorer.ooni.org/findings) in November 2023, we published more reports on the platform in December 2023. Specifically, we published the following new reports: * Nepal blocked TikTok: https://explorer.ooni.org/findings/112092297601 * Malaysia blocked MalaysiaNow and website of former MP: https://explorer.ooni.org/findings/178720534001 We also updated our Kenya report (published in November 2023) to communicate the unblocking of Telegram: https://explorer.ooni.org/findings/228466228201 *## OONI Probe Mobile* In December 2023, we worked towards addressing a bug impacting RTL on OONI Probe iOS (https://github.com/ooni/probe/issues/2578) and we worked towards coming up with better ways of sharing apk for testing ( https://github.com/ooni/probe/issues/2643) *## OONI Run* As part of our work on creating the next generation version of OONI Run (“OONI Run v2”), there were several key activities we undertook this month: * We developed a test plan in preparation for a round of internal testing we’d like to complete in early 2024; * We began testing the link flow; * We continued to work on implementing the add link flow ( https://github.com/ooni/probe/issues/2595) * We worked on implementing the dashboard link loading and we reviewed the updates (https://github.com/ooni/probe/issues/2594) * As part of testing and adding polish to the application, we also worked on revising the UX for adding an expiry date to links, as well as improved layout for status messaging. *## OONI Probe CLI* We released OONI Probe 3.20.0. The main improvement consists of changes making sure Web Connectivity v0.5 produces the same top-level keys (e.g., `blocking`) of v0.4 when running integration tests in our Gvisor-based QA suite. We also added experimental functionality to miniooni to run scripts written in JavaScript, which supports research use cases where it is not practical to follow a develop-build-deploy-test-edit-repeat loop. See the full changelog for more information: https://github.com/ooni/probe-cli/releases/tag/v3.20.0 We also improved the Web Connectivity Test Helper (oohelperd) to be more robust in case of excessive load (as documented here: https://github.com/ooni/probe/issues/2649) We included this improvement into the 3.20.1 OONI Probe release. *## Expanding OONI’s testing model to support richer testing input* The JavaScript based functionality for miniooni that we included in the OONI Probe 3.20 release is an evolution of experimental code that we implemented for richer testing input. You may remember that in May 2023 we created the richer testing input repository ( https://github.com/ooni/2023-05-richer-input) to experiment with several possible richer-input designs. We decided to go with a more minimal richer-input design. But, some of the code we produced as part of this experiment turned out valuable in situations in which we or on-the-field testers require greater flexibility to inform changes in the implementation of existing experiments or in the development of new experiments. *## Creating a methodology for measuring throttling* The Web Connectivity v0.5 improvements included in the OONI Probe 3.20.0 release are such that we can move forward with the A/B testing of v0.4 and v0.5 more widely thanks to the richer-input feature flags now included in the check-in API. We therefore will be able to run this A/B testing, identify additional issues with Web Connectivity v0.5, and make it the default Web Connectivity implementation. In turn, this will allow us to collect better throttling data, given the superior v0.5 capabilities in this regard. *## OONI Explorer* As a result of having added several new menu items to OONI Explorer throughout 2023, the main navigation ended up taking too much space on mobile. To improve the user experience on mobile, we made adjustments to the menu items on OONI Explorer (https://github.com/ooni/explorer/issues/896) We also fixed a bug impacting the display of the countries page in the mobile version of OONI Explorer (https://github.com/ooni/explorer/issues/860) *## New OONI backend documentation* Throughout December 2023, we worked on OONI backend documentation that describes the architecture of the main components of OONI infrastructure. Specifically, we focused on improving the documentation of our backend architecture, data flows, and deployment workflows. We also documented the application metric data flows, our backend systems for monitoring and providing alerts on any infrastructure issues, the dashboards that we use, how we manage logs, as well as information about our pipeline, API, test helpers, URL prioritization system, and other backend information. Our new OONI backend documentation is available here: https://github.com/ooni/backend-documentation/blob/main/backend_documentati… *## Published OONI Community Interview with Ihueze Nwobilor (Paradigm Initiative)* In December 2023, we published a new OONI community interview with Ihueze Nwobilor, the Senior Programs Officer at Paradigm Initiative ( https://paradigmhq.org/) Notably, Ihueze’s advocacy and policy work helped unblock Twitter in Nigeria in 2022! Ihueze’s interview (which we published on the OONI YouTube channel) can be viewed here: https://www.youtube.com/watch?v=eVHeROiypF4 This interview is part of our “OONI Community Interviews” series, through which we highlight the important work of OONI community members. We also published a blog post to share the interview and information about Paradigm Initiative’s work: https://ooni.org/post/2023-interview-with-ihueze-nwobilor/ *## Published OONI Outreach Kit in Swahili* The OONI Outreach Kit is now available in Swahili (in addition to Russian, Spanish, French, and English)! Access the Swahili version of the OONI Outreach Kit here: https://ooni.org/sw/support/ooni-outreach-kit/ We thank our partner, Zaina Foundation ( https://ooni.org/partners/zaina-foundation/) for the Swahili translation of the OONI Outreach Kit. We also thank Small Media (https://smallmedia.org.uk/) for sharing translations for the speaker notes in the OONI workshop slides (included in the Outreach Kit). We hope that the Swahili version of the OONI Outreach Kit will help support OONI community engagement efforts! *## Published the OONI FAQ in Burmese* The OONI Frequently Asked Questions (FAQ) documentation is now available in Burmese: https://ooni.org/my/support/faq We thank the community members who translated this documentation to Burmese. We generally consider it important to have this documentation translated in as many languages as possible (particularly in languages spoken in high-risk countries), as it provides answers to the most frequently asked questions involving the use of OONI tools. The OONI FAQ documentation (https://ooni.org/support/faq/) is also available in Arabic, Farsi, Khmer, Russian, Spanish, Swahili, and Vietnamese. *## Published OONI Probe Mobile User Guide in Burmese* The OONI Probe Mobile User Guide is now available in Burmese: https://ooni.org/my/support/ooni-probe-mobile We thank the community members who translated this documentation to Burmese. The OONI Probe Mobile User Guide (https://ooni.org/support/ooni-probe-mobile) is also available in Farsi, Russian, German, Turkish, and Vietnamese. *## Published OONI Probe Desktop User Guide in Portuguese* The OONI Probe Desktop User Guide is now available in Portuguese: https://ooni.org/pt/support/ooni-probe-desktop We thank Cauan Henrique Zorzenon from the Localization Lab community for the translation. The OONI Probe Desktop User Guide ( https://ooni.org/support/ooni-probe-desktop) is also available in Farsi, Russian, German, Turkish, and Vietnamese. *## End-of-year fundraising efforts* As part of our end-of-year fundraising efforts, we improved upon our Donations page (https://ooni.org/donate) and we published a new “Supporters & Funders” page (https://ooni.org/about/supporters) introducing new supporter tiers and benefits for those interested in supporting OONI's mission. On OONI’s 11th Anniversary (5th December 2023), we launched the OONIque Boutique (https://shop.ooni.org) through which the public can get OONI swag (t-shirts, water bottles, mugs, stickers, tote bags) in support of OONI’s work. *## Rapid response efforts### Pakistan blocked access to Facebook, Twitter, Instagram, and YouTube* On 17th December 2023, ISPs in Pakistan blocked access to Facebook, Twitter, Instagram, and YouTube. We rapidly responded by sharing real-time OONI data on the blocks (via our social media platforms) on the same day ( https://twitter.com/OpenObservatory/status/1736461861338431903) We also shared relevant OONI data and findings with the KeepItOn advocacy community. Most OONI measurements suggest that the blocks were implemented by means of TLS interference. OONI data shows that these platforms were unblocked by the next day (18th December 2023): https://explorer.ooni.org/chart/mat?probe_cc=PK&since=2023-11-18&until=2023… *## Resources created by the community### Open Culture Foundation’s (OCF) OONI Research project* Our partner, Open Culture Foundation ( https://ooni.org/partners/open-culture-foundation/) launched a new OONI Research project to support OONI censorship measurement in Taiwan. You can find information about OCF’s OONI Research project here: https://ocf.tw/en/p/ooni/ OCF’s OONI Research project is also available on GitHub: https://github.com/ocftw/ooni-research Their OONI Research project covers the following areas: * ASN coverage analysis * Updating the Citizen Lab test list for Taiwan * Localizing OONI tools and documentation In December 2023, OCF published their first observation report (based on the analysis of OONI data from 1st September 2023 to 3rd December 2023): https://ocf.tw/en/p/ooni/report/202312.html *### Building Digital Resilience Comic Strip* Access Now and Core23Lab published a comic strip for journalists, politicians, and human rights activists ahead of the DRC’s 2023 elections. This comic strip features OONI (among other tools) and is available here: https://www.accessnow.org/wp-content/uploads/2023/12/Ngao-Comics-V5-English… *## Citations### Top10VPN December 2023 Newsletter* OONI is cited in Top10VPN’s last newsletter for 2023, which provides a “Year in Review” on internet shutdowns, digital privacy and AI surveillance. Their newsletter is available here: https://top10vpn.substack.com/p/year-in-review-internet-shutdowns The newsletter includes quotes from OONI’s Maria, as well as links to many of the research reports that we published in 2023. The newsletter also discusses the new OONI Explorer features that we launched in 2023 (including our new Censorship Findings page), as well as our plans for releasing a new version of OONI Run in 2024. *## Community activities### State of the Onion 2023* On 6th December 2023, OONI’s Arturo presented OONI at the Tor Project’s annual State of the Onion Community event ( https://blog.torproject.org/state-of-the-onion-2023/) As part of his presentation, Arturo shared OONI highlights from 2023, as well as upcoming OONI projects for 2024. The live-stream of the presentation is available here: https://www.youtube.com/watch?v=TtgTwho1wfQ *### SplinterCon* Between 7th-8th December 2023, OONI’s Simone attended the SplinterCon conference (https://splintercon.net/) in Montreal, Canada. As part of his participation, Simone delivered an OONI presentation and facilitated a workshop on how to use OONI Probe in adversarial networks. This workshop touched upon the following topics: * Basic usage of OONI Probe Desktop, CLI, Mobile, and the miniooni research client; * Failures contacting the OONI backend, tunnel options (psiphon, tor, etc.), and the possibility of configuring circumvention using the `bridges.conf` file; * Failures geolocating the probe’s IP address and plans to make this step more robust; * Using OONI Run v1 for personal research and to coordinate measurement campaigns; * OONI Run v2 with miniooni as a tool to execute any experiment; * Overview of what is possible to measure using the urlgetter research experiment; * The JavaScript functionality introduced in miniooni 3.20.0. The general goal of the workshop was to discuss how to overcome common issues in heavily-censored networks and use miniooni (and hence the OONI Engine) as a platform to collect data that is useful for research, as well as to contribute to improving OONI Probe methodologies. *## Measurement coverage* In December 2023, 54,838,460 OONI Probe measurements were collected from 2,975 networks in 180 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on “monthly coverage worldwide”): https://explorer.ooni.org/ ~ OONI team.

1 0

Nina’s Monthly Status Report: December 2023
by Nina 08 Jan '24

08 Jan '24

Hi! Below is my December’23 report! In December, I resolved 570 tickets: On Telegram (@TorProjectSupportBot) - 410 On RT (frontdesk@tpo) - 150 On WhatsApp (+447421000612) - 5 and on Signal (+17787431312) - 5 In December, we had an issue with bridges not working for the users with OS Windows 7 [1]. The issue was caused by the most recent Go toolchain update, that discontinued Windows 7 support and affected many Russianspeakingusers. We had more than 20 user requests regarding this issuein less than 24 hours. The problem was solved with an emergency Tor Browser desktop-only release 13.0.8 [2]. This month, we were still getting requests from OPPO users concerned that Tor Browser does not work on their devices [3]. In December, I also: 1. Helped Russian-speaking users to bypass censorship: shared bridges, helped with troubleshooting; 2. Collected user feedback on Tor circumvention settings and apps; 3. Helped to solve Windows-related Tor Browser issues like antivirus software blocking Tor Browser or non-ASCII characters in your username or lack of admin or escalated privileges to install and run Tor Browser. [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42179 [2] https://blog.torproject.org/new-release-tor-browser-1308/ [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41289

1 0

Rhatto's Monthly Status Report, December 2023
by rhatto 04 Jan '24

04 Jan '24

Hi all :) This is my monthly status report for December 2023 with the main relevant activities I have done during the period. ## 0. Research * Did another round of Onion Services Quality Assurance for Tor Browser. Full results not published yet, pending a review/decision on some (still) confidential issues. ## 1. Development * No notable development activities during the period. ## 2. Support * Ongoing sponsored work with deployment, maintenance and monitoring of Onion Services. ## 3. Organization * A lot of my time was invested in organization/reporting/planning/etc to wrap up 2023 and get ready to 2024. * Time spent (from the total available for Tor-related work): | Category | Percentage |---------------|------------ | Research | 10 | Development | 0 | Support | 37 | Organization | 53 |---------------|------------ | Total | 100 -- Silvio Rhatto pronouns he/him

1 0

PieroV's Monthly Status Report, December 2023
by Pier Angelo Vendrame 02 Jan '24

02 Jan '24

Hi everyone! Here is my status report for December 2023. For most of the month, I kept working on the connection assist for Android. I wrote some quick styling for about:torconnect to make it appear like the native UI we are still implementing. I also wrote a gating mechanism Claire used to write an opt-in UI for the latest TBA alpha. While working on this, I also found that the Onion Location setting wasn't persisted [0], and I wrote a fix. All this work went into the 13.5a3 alpha. Richard wrote a great blog post [1] with more information about that. In addition to that, I worked on quicker tasks, such as: - Preparing the 13.0.7 releases and rebasing the alpha branches. - Resizing all the wordmarks to the same size to address fingerprintability of nightly vs. alpha [2]. - Enabling GeckoDriver on all desktop platforms and including it in the released artifacts [3]. - Using LLD on all Linux platforms, re-enabling debug symbols for Linux i686 [4], and improving the format of our debug symbol archives [5]. - Use Go 1.20 on Windows to restore Windows 7 compatibility on pluggable transports [6]. Best, Pier [0] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42324 [1] https://blog.torproject.org/new-alpha-release-tor-browser-135a3/ [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42319 [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42337 [4] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42146 [5] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [6] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42179

1 0

Anti-censorship team meeting notes, 2023-12-21
by meskio 21 Dec '23

21 Dec '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-12-21-15.57.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, January 11 16:00 UTC Facilitator: shelikhoo Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * No meetings December 28, neither January 4 == Discussion == * Tor Browser users on Windows 7/8 have started having problems with PTs because Go 1.21 removed support * tor-browser-build now uses Go 1.20 for everything except Snowflake: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… * we'll try to fix the issue by providing our own random source and see how invasive si the change * manifest v2 deprecation in browsers and snowflake webextension * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * https://developer.chrome.com/blog/resuming-the-transition-to-mv3/ * google chrome will stop supporting mv2 June 2024 * will the snowflake webextension stop working? do we want to do something? or just recommend firefox? * cohosh will look into this next year and see how hacky needs to be the solution * validation for bridgelines * https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41913#n… * there is no fingerprint in the conjure bridgeline we shared, and we have some doubts if giving an error on bridgelines without fingerprint in TB or not * we'll include a fingerprint in future conjure bridgelines * and we'll not give an error for now on missing fingerprint bridgelines == Actions == == Interesting links == == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2023-12-21 Last week: - debugged some issues with the lox distributor deployment - https://gitlab.torproject.org/tpo/tpa/team/-/issues/41406 - lox tor browser integration work - removed extra log message for snowflake connection closure - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - worked on finding alternative domain fronting providers This week: - conjure bridge maintenance - review SQS rendezvous Needs help with: dcf: 2023-12-14 Last week: - opened issue to upgrade snowflake bridges to 0.4.8.10 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - azure CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - upgrade snowflake bridges to 0.4.8.10 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - review draft MR for unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Before EOY 2023: - move snowflake-02 to new VM Help with: meskio: 2023-12-21 Last week: - grant writing Next week: Shelikhoo: 2023-12-21 Last Week: - Work on snowflake performance improvement (WIP): https://gitlab.torproject.org/shelikhoo/snowflake/-/tree/dev-udp-performanc… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Analysis of S150 HTTPS distributors design: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/191 - Merge request reviews Next Week/TODO: onyinyang: 2023-12-21 Last week(s): - Worked on Telegram bot: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/223 - Added several additional Lox wasm stubs needed by applications team This week: - Finish up Telegram bot dev - Continue to support Lox wasm stubs as needed - attempt hyper upgrade again - Holiday! (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

The Tor Project Community Policies new website!
by gus 15 Dec '23

15 Dec '23

Hello Tor Community, I'm happy to announce that the Tor Project Community Policies have a new website! You can visit our Policies website here: <https://community.torproject.org/policies>. The website hosts the Tor Project Community governance policies, including our Code of Conduct, Social Contract, Relay Operators docs, and other important documents. The website was generated using Onion MkDocs[1] and was part of our project at Tor Hackweek[2]. We've also updated all links directing to the old repository (gitweb.tpo) to the new website. If you find any issue or have suggestions for improvements, please feel invited to open a ticket in the Community/Policies repository: <https://gitlab.torproject.org/tpo/community/policies>. A special thanks to Rhatto and Lavamind for their support and assistance with the deployment. I'm very happy to have a more accessible and user friendly page for the Tor Community. Best regards, Gus [1] Onion MkDocs: https://gitlab.torproject.org/tpo/web/onion-mkdocs [2] Tor Hackweek: https://gitlab.torproject.org/tpo/community/hackweek/-/issues/13 -- The Tor Project Community Team Lead

3 3

Anti-censorship team meeting notes, 2023-12-14
by onyinyang 14 Dec '23

14 Dec '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-12-14-15.59.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, Dec 21 16:00 UTC Facilitator: meskio Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == Our anti-censorship roadmap: Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards The anti-censorship team's wiki page: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home Past meeting notes can be found at: https://lists.torproject.org/pipermail/tor-project/ Tickets that need reviews: from sponsors, we are working on: All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… Sponsor 96 <-- meskio, shell, onyinyang, cohosh https://gitlab.torproject.org/groups/tpo/-/milestones/24 Sponsor 150 <-- meskio working on it https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == Snowflake UDP-like transport ready for a draft review: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… since the prior draft, disabled KCP stream mode, and disabled data channel retransmission (the earlier draft had only turned off "ordered" mode, but had not also turned off "reliable" mode): https://lists.torproject.org/pipermail/anti-censorship-team/2023-March/0002… will wait for cohosh to be around: manifest v3 deprecation in browsers and snowflake webextension https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://developer.chrome.com/blog/resuming-the-transition-to-mv3/ google chrome will stop supporting mv2 June 2024 will the snowflake webextension stop working? do we want to do something? or just recommend firefox? == Actions == == Interesting links == https://opencollective.com/censorship-circumvention/projects/snowflake-dail… https://ooni.org/post/2023-interview-with-ihueze-nwobilor/ https://explorer.ooni.org/findings https://ooni.org/post/2023-launch-ooni-censorship-findings-platform/ == Reading group == We will discuss "NetShuffle: Circumventing Censorship with Shuffle Proxies at the Edge" on December 14 https://www.cs-pk.com/papers/3/ Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2023-11-09 Last week: - conjure bridge maintenance - caught a bug in safelog library - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - caught problem with domain front in conjure - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… This week: - lox tor browser UX integration - lox distributor testing - look into alternative domain fronting providers Needs help with: dcf: 2023-12-14 Last week: - opened issue to upgrade snowflake bridges to 0.4.8.10 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - azure CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - upgrade snowflake bridges to 0.4.8.10 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - review draft MR for unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Before EOY 2023: - move snowflake-02 to new VM Help with: meskio: 2023-12-14 Last week: - grant writing - prepare settings anti-listing logic to be reused by HTTP distributor (rdsys#181) - setup rdsys staging server (rdsys#170) Next week: - investigate missing bridges in the assignments (rdsys#190) Shelikhoo: 2023-12-14 Last Week: - Work on snowflake performance improvement (WIP): https://gitlab.torproject.org/shelikhoo/snowflake/-/tree/dev-speedwithudp?r… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Merge request reviews Next Week/TODO: - Write Tor Spec for Armored URL (continue) - Work on snowflake performance improvement (WIP): https://gitlab.torproject.org/shelikhoo/snowflake/-/tree/dev-speedwithudp?r… - Check any blockers for s150 rdsys HTTPS distributor - Merge request reviews onyinyang: 2023-12-14 Last week(s): - continued and nearly finished Telegram bot dev - Splintercon This week: - Finish up Telegram bot dev - Add Lox wasm stubs needed by applications team - Start of Tor browser integration - attempt hyper upgrade again (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0