- tor-project - lists.torproject.org

PieroV's Monthly Status Report, September 2023
by Pier Angelo Vendrame 02 Oct '23

02 Oct '23

Hi everyone! Here is my status report for September 2023. This month, I continued working on the refactoring of the Tor integration in Tor Browser and finally merged the merge requested with the biggest changes [0]. During the month, I also fixed some bugs it caused and improved the compatibility with the external Tor daemons. Then, I worked on some audits for the 102 to 115 transition. In particular, I reviewed our profiles [1]. Some other tasks included swapping a few branding assets, such as the About dialog wordmark and the Windows installer icons. I also fixed the reproducibility bug with generated headers on Windows [2] and upstreamed the patch to Firefox. During September, we had two emergency releases. I helped with the stable channel: I prepared and built both 12.5.4 and 12.5.6. For 13.0a4, I only rebased it on top of Firefox 115.2.1. Finally, I worked on enabling system-wide installs for Mullvad Browser. However, it's a work in progress as it requires some non-trivial changes to the updater. Best, Pier [0] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41496 [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41995

1 0

shadow update 2023-09-27
by Jim Newsome 29 Sep '23

29 Sep '23

Mirrored from <https://github.com/shadow/shadow/discussions/3187>: This is part of a series of periodic updates of development in Shadow. This work is sponsored by the [NSF](https://shadow.github.io/docs/guide/nsf_sponsorship.html). Previous update: [2023-06](https://github.com/shadow/shadow/discussions/3061). We've merged [74 non-dependabot pull requests](https://github.com/shadow/shadow/pulls?q=is%3Apr+merged%3A2023-06… and closed [8 issues](https://github.com/shadow/shadow/issues?q=closed%3A2023-06-30..2023… since our previous update. # Latest improvements ## Spawning processes Shadow now supports running programs that spawn additional processes. Technically, this means it now supports `fork`, `vfork`, `execve`, and other related syscalls. Some uses for this: * The primary way for `tor` to work with [pluggable transports](https://blog.torproject.org/tor-heart-bridges-and-pluggable-tra… is for the `tor` process to dynamically spawn the pluggable transport process. This is currently the *only* way that pluggable transports are supported in `arti`. This now works in `shadow`. * Orchestration of multiple processes on a single host in `shadow` can now be done using e.g. `sh` or `python` scripts, instead of having to specify every process directly in `shadow`'s configuration file. * `shadow` can now run other software that spawns worker or helper processes. Another exciting application for this in `shadow` *development* is that we can now more easily run third party test suites, which typically spawn multiple test processes. For example, running `tor`'s own self-tests helps validate that `shadow` is correctly emulating the platform functionality that `tor` uses; currently [more than 99% of the tests pass](https://github.com/shadow/shadow/issues/3168)! ## New TCP stack Shadow's experimental new TCP stack is merged, and can be enabled with the experimental command-line flag `--use-new-tcp`. This new implementation is in Rust instead of C, and is developed to be very testable (e.g. in its own crate decoupled from the rest of Shadow, and with pluggable system dependencies). While some functionality is still being finished, we expect it will be much easier to maintain and to validate its correctness than the previous C implementation. Improved support for pcap file output also makes it easier to review Shadow's simulated network traffic. ## Shim stability We've occasionally run into problems due to `shadow`'s preloaded shim calling into `libc`. This is unsafe because some initialization can run before `libc` itself is fully initialized, and much of the code runs in a seccomp signal handler, running afoul of [async-signal-safety](https://man7.org/linux/man-pages/man7/signal-safety.7.…. Luckily, Rust has a rich ecosystem of code that doesn't depend on libc (`no_std` code). We've made substantial progress in migrating the shim's C code to `no_std` Rust code. ## Socket API improvements Our UDP socket implementation has been migrated from C to Rust, and along the way we've made many improvements to the socket API for UDP, TCP, and Unix sockets. We've added support for the following: * `sendmsg`, `recvmsg`, and `shutdown` syscall support for UDP sockets * `MSG_TRUNC` support for UDP and Unix sockets * `MSG_PEEK` support for UDP sockets * `SO_DOMAIN`, `SO_PROTOCOL`, and `SO_ACCEPTCONN` socket options for TCP and UDP sockets * `SIOCGSTAMP` ioctl support for TCP and UDP sockets We've also made various fixes and improvements to existing socket functionality so that Shadow more accurately follows the behaviour of Linux. ## C to Rust migration We continue to progress our migration from C to Rust. In addition to Rust progress in the shim and in the new TCP stack, other notable migrations since the last update include the shared memory allocator, epoll and timerfd descriptors and syscalls, UDP sockets, and several time-related syscalls. Our current status is 74% Rust code and 21.4% C code (much of this being C tests) according to Github statistics. # Release status We expect to release Shadow 3.1.0 some time in the next few weeks. # Project status - NSF grant is wrapping up The last three years of development on Shadow have been sponsored by an [NSF](https://shadow.github.io/docs/guide/nsf_sponsorship.html) grant. That grant ends at the end of this month (September 2023). This isn't the end of development on Shadow — Rob Jansen (@robgjansen) at the U.S. Naval Research Laboratory continues to head the project. Over the course of this project, The Tor Project has incorporated Shadow into its own research and testing workflows, and is likely to continue contributing as well. We look forward to continue improving and maintaining Shadow, but at a slower pace of development since we no longer expect contributions from programmers singularly dedicated to Shadow development. Jim Newsome (@sporksmith) is continuing to be a Tor Project employee but shifting focus to other Tor projects; Steven Engler (@stevenengler) is open to opportunities. Happy simulating! The Shadow team

1 0

Anti-censorship team meeting notes, 2023-09-28
by onyinyang 28 Sep '23

28 Sep '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-09-28-15.57.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, Oct 05 16:00 UTC Facilitator: meskio Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == - Update on snowflake domain fronting issues: - problem with cdn.sstatic.net affected more than just snowflake, also moat, conjure (no deployment change required) - fixed in new tor browser update but some users relying on snowflake/moat bridges will be unable to update - relying on a the same new front may be detrimental to improve connection issues for some users, perhaps a pool of randomly selected domains would improve the situation: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… == Actions == == Interesting links == == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2023-09-28 Last week: - rdsys merge request !157 - wrote a feature for snowflake that allows multiple domain fronts - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - wrote a forum post for the domain fronting issue with moat - https://forum.torproject.org/t/temporary-fix-for-moat-and-connection-assist… - looked into orbot use of circumvention settings api - https://github.com/guardianproject/orbot/issues/983 This week: - finish deploying lox distributor - follow up on conjure reliability issues - visualize and write up some snowflake shadow simulation results Needs help with: dcf: 2023-09-21 Last week: - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… - noticed a problem with the fastly domain front and coordinated with cohosh to analyze it https://lists.torproject.org/pipermail/anti-censorship-team/2023-September/… Next week: - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Before EOY 2023: - move snowflake-02 to new VM Help with: meskio: 2023-09-21 Last week: - make fake descriptors for rdsys (rdsys#171) - document rdsys development process (rdsys#131) - use the right content-type in moat (rdsys#175) - add token authentication to onbasca requests (rdsys#174) Next week: - add a DB for bridges to rdsys (rdsys#56) Shelikhoo: 2023-09-28 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - Write Tor Spec for Armored URL - Remove Go 1.20 CI for Snowflake: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Consolidated Snowflake Update dependencies:https://gitlab.torproject.org/tpo/anti-censorship/pluggable-tr… - Merge request reviews Next Week/TODO: - Write Tor Spec for Armored URL(continue) - Merge request reviews onyinyang: 2023-09-28 Last week(s): - Still need to merge the updated dependencies and make MR to upstream ZK lib: - found bug in the zkp crate and will push a change to this to the upstream branch - reach out to dalek-cryptography maintainers to give them a heads up and get a sense of the plan for zkp lib - we may end up maintaining the zkp lib - Finished changes to rdsys API at the /resources endpoint to meet the needs of Lox - Working on required changes to lox-distributor This week: - Hopefully,finish up with the dependencies issue - Finish up changes to Lox distributor - continue with metrics (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

Anti-censorship team meeting notes, 2023-09-21
by Shelikhoo 21 Sep '23

21 Sep '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-09-21-15.57.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, Sep 28 16:00 UTC Facilitator: onyinyang Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: Shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == * deprecation of CAPTCHA moat * https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/173 * captchas seem to be easy for censors to solve, and hard for some users to solve * prefer the circumvention settings API instead, it's not great but it seems to work better (distributes different subsets of bridges each day, you cannot enumerate them all in one day) * meskio has been ontifying downstream users about the planned deprecation * ggus: since we are planning to turn this off, before we do, could we experiment with different/harder captchas and see if bridges continue being blocked. (The hypothesis being that the captcha API is the primary way that they discover bridges.) * A proposal to phase out captchas in bridgedb from 2021: https://lists.torproject.org/pipermail/tor-dev/2021-July/014602.html * Replies suggested doing an experiment with captcha removal for 50% of bridges, that way they don't all get burned if it doesn't work * https://lists.torproject.org/pipermail/tor-dev/2021-July/014603.html * https://lists.torproject.org/pipermail/tor-dev/2021-July/014604.html * agreement on removing the in-house captcha * meskio will create an issue to explore captcha experiments * https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/176 * snowflake domain front resolving to a mix of fastly and cloudflare since 2023-09-20 * https://lists.torproject.org/pipermail/anti-censorship-team/2023-September/… * https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42120 * options for remediation: * change the domain front to one that still always resolves to fastly * not a lot of good options, also we don't have good knowledge of which are already censored https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * locally pin the IP address of the front domain we are using now * or resolve a different (fastly) name, but keep using the same front that we use now * creates an inconsistency between DNS and TLS * we can change the front domain for circumvention settings users, which does not require waiting for a TB/orbot/etc. release * change the domain to foursquare.com * guardian project / orbot? meskio says orbot is already using circumvention settings. But circumvention settings might be ignored for built-in bridges. * dcf will make a forum post and contact guardian project * community team will try to get testing of fourquare.com in the next week * meskio will make the change in Tor Browser and circumvention settings * Remove Go 1.20 support? kcp library seems to crash compiler: * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * # github.com/xtaci/kcp-go/v5 * /go/pkg/mod/github.com/xtaci/kcp-go/v5@v5.6.3/timedsched.go:19:6: internal compiler error: panic: interface conversion: interface is nil, not ir.Node * Please file a bug report including a short program that triggers the error. * https://go.dev/issue/new * note: module requires Go 1.21 * https://github.com/xtaci/kcp-go/blob/v5.6.3/timedsched.go#L19 * Go compiler issue: https://github.com/golang/go/issues/61074 * Has to do with new compiler builtin "clear" in go1.21 https://tip.golang.org/doc/go1.21#language * ...which kcp-go started using 10 days ago https://github.com/xtaci/kcp-go/commit/691fc2febef3dd927dca7815b207fb4dad19… * shelikhoo will go ahead and remove go1.20 support == Actions == == Interesting links == * https://www.bamsoftware.com/papers/fep-flaws/#sec:obfs4 * writeup of Elligator distinguishers that have affected obfs4proxy == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2023-09-21 Last week: - dealt with dependency updates for snowflake and lox - discussed rdsys resource endpoints - opened an issue to create a lox user on rdsys-frontend-01 - https://gitlab.torproject.org/tpo/tpa/team/-/issues/41330 - wrote some next steps for conjure work - https://gitlab.torproject.org/tpo/operations/proposals/-/issues/51 This week: - finish deploying lox distributor - follow up on conjure reliability issues - visualize and write up some snowflake shadow simulation results Needs help with: dcf: 2023-09-21 Last week: - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… - noticed a problem with the fastly domain front and coordinated with cohosh to analyze it https://lists.torproject.org/pipermail/anti-censorship-team/2023-September/… Next week: - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Before EOY 2023: - move snowflake-02 to new VM Help with: meskio: 2023-09-21 Last week: - make fake descriptors for rdsys (rdsys#171) - document rdsys development process (rdsys#131) - use the right content-type in moat (rdsys#175) - add token authentication to onbasca requests (rdsys#174) Next week: - add a DB for bridges to rdsys (rdsys#56) Shelikhoo: 2023-09-21 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - Add Remote Network Address Mapping in HTTP Upgrade Transport (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) (Done pass the client IP to tor for country usage stadistics, https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) - Release new version of snowflake(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-trans… - Update CI targets to test Android from Golang 1.21 (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Merge request reviews Next Week/TODO: - Write Tor Spec for Armored URL - Merge request reviews onyinyang: 2023-09-21 Last week(s): - Continued updating dependencies, including: - found issues with zkp library and am working on determining how to best handle those going forward, fixes are required to keep other dalek-cryptography libraries up to date: https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/51 - additionally, there is a bug in the zkp crate that is noted in the blockage migration protocol so we might try to fix it: https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/blob/main/crates… - Attempted changes to rdsys API at the /resources endpoint to meet the needs of Lox - Started on adding metrics This week: - Hopefully sort out the dependencies issue - Finish up changes to the API - continue with metrics (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?

1 0

Job Opportunity - Project Manager
by Erin Wyatt 18 Sep '23

18 Sep '23

Hi everyone! We have a new job opening for a Project Manager! https://www.torproject.org/about/jobs/project-manager/ <https://www.torproject.org/about/jobs/project-manager/> If you are or know someone who would be a good fit and wants to join our team, please apply/share. Have a great week and thanks for helping us spread the word! :) Cheers, Erin Wyatt Director of People Operations (she/her) ewyatt(a)torproject.org <mailto:ewyatt@torproject.org> PGP: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE https://www.torproject.org <https://www.torproject.org/> http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/ <http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/>

1 0

Anti-censorship team meeting notes, 2023-09-14
by onyinyang 14 Sep '23

14 Sep '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-09-14-15.58.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, Sep 21 16:00 UTC Facilitator: Shelikhoo Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == == Actions == == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2023-09-14 Last week: - posted shadow + PT guide on the forum - https://forum.torproject.org/t/experimenting-with-tor-pluggable-transports-… - followed up on a report that snowflake is being blocked in russia - https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… - https://ntc.party/t/ooni-shows-blocking-on-snowflake-in-select-isps-in-russ… - opened issue with OONI for adding probe-engine version filter to MAT - https://github.com/ooni/probe/issues/2533 - filed an upstream issue with conjure on not relying on the replace directive - https://github.com/refraction-networking/conjure/issues/226 - updated gotapdance library version in Conjure PT to fix a stall issue - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - worked on deploying lox distributor - https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/167 This week: - finish deploying lox distributor - map out next steps for conjure work - followup on conjure reliability issues - visualize and write up some snowflake shadow simulation results Needs help with: dcf: 2023-09-13 Last week: - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-09-07 Last week: - vacation :) - coordinate with TPA to get a VM for a rdsys staging server - review lyrebird merge requests Next week: - deploy the rdsys staging server Shelikhoo: 2023-09-07 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - logcollector alert system - Add Remote Network Address Mapping in HTTP Upgrade Transport (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) - Merge request reviews Next Week/TODO: - Add Remote Network Address Mapping in HTTP Upgrade Transport (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) (Continue) - Release new version of snowflake - Merge request reviews onyinyang: 2023-09-14 Last week(s): - Continued updating dependencies, including: - aes-gcm: https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/35 - base64: https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/36 - found issues with zkp library and am working on determining how to best handle those going forward, fixes are required to keep other dalek-cryptography libraries up to date: https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/51 - Started on adding metrics This week: - Update rdsys API at the /resources endpoint to meet the needs of Lox - Continue with adding metrics (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

Tor at the Global Gathering Feira
by isabela fernandes 14 Sep '23

14 Sep '23

Hello community! Many Tor people will be at the Feira, we are looking forward to hanging out with y'all soon! We will be hosting conversation circles at our Onion table :) right in front of our booth. Here is the schedule: Friday Sept 15: - 14:00-15:00 -> *How to contribute to the Tor project* -> Our welcoming circle! Come meet Tor people and learn more about the project and how you can contribute to it. - 17:00-18:00 -> *Shaping the Tor advocates program* -> We are starting to organize a “Tor advocates program” and we want to host a circle for people who train others on Tor to learn about this idea and give us feedback on it. Saturday Sept 16: - 15:30-16:30 -> *Sharing between anti-censorship tools builders* -> We would like to invite other people working on building anti-censorship tools for a circle to share and build collaboration. - 17:00-18:00 ->* Experience of censored users* -> Members of our Anti-Censorship team will be hosting a circle for users to come and share their experience using our circumvention tools so we can learn what is working and how to improve what is not working. Sunday Sep 17: - 14:00-15:00 ->* Sharing lesson on usability research / user needs* -> We made big changes at Tor to have the user as the center of everything we do. In 2017 we started to implement usability research as the key director for our decisions on development and organization strategy. We would like to share about what we learned during this process and how it has been beneficial to us. - 17:00-18:00 -> *NoScript conversation* -> NoScript is a critical piece of privacy online that every user interacts with. At this circle the creator of NoScript will be sharing information about the project’s status and future plans. We would like to invite you to join the conversation to share your feedback or ask questions about NoScript and its integration in the Tor Browser. Looking forward to seeing you! cheers, isabela

1 0

Canceling the Network Team Monday meetings on IRC
by Alexander Færøy 11 Sep '23

11 Sep '23

Hello list! After the end of Sponsor 61, the Network Team Monday meetings on IRC returned to being a simple checklist meeting that is done in roughly 10 to 15 min. in average with zero external participants. I can do the checklist items directly with people over IRC without forcing a context switch for everybody by getting them into a meeting every week. The team have for a long time wanted to cut down on meetings and the BBB format where we have focused working groups works much better after the team started having multiple projects going on in parallel instead of "just" maintaining C Tor. The team continues to be readily available both via GitLab, the tor-dev@ mailing list, and via #tor-dev on IRC. All the best, Alex -- Alexander Færøy

1 0

ebanam's monthly status report for August 2023
by ebanam 07 Sep '23

07 Sep '23

Hello everyone, We saw a uptick in user support requests from Chinese speaking users in the past month, but in general most of my work focussed on providing help to users in regions where Tor is censored. With the release of Proof of Work (PoW) defense for Onion Services[0], I also worked on gathering some initial feedback. # PoW defense for Onion Services feedback Most of the initial feedback and questions have been about (1) how it will affect user's connecting to Onion Services, (2) whether users will have to solve a captcha puzzle, and, (3) discussion about the underlying algorithm used. Following is a thorough breakdown of tickets our user support team handled in August: Timeframe: 01 - 31 August 2023 # Frontdesk (email) * 1041 (↑) RT tickets created * 942 (↑) RT tickets resolved Most frequent tickets by numbers: 1. 650 (↑) RT tickets: circumventing censorship in Russian speaking countries. 2. 284 (↑) RT tickets: private bridge requests from Chinese speaking users. 3. 1 (↓) RT ticket: circumventing censorship with Tor in Farsi. # Telegram, WhatsApp and Signal Support channel * 642 (↓) tickets resolved Breakdown: * 609 (↓) tickets on Telegram * 22 (↑) tickets on WhatsApp * 11 (↑) tickets on Signal The most frequent tickets on cdr.link have been about: 1. 393 (↓) tickets: Circumventing censorship in Russian speaking countries. 2. 16 (↑) tickets: Circumventing censorship in Chinese speaking users. 3. 16 (↓) tickets: Circumventing censorship in Farsi. # Highlights from the Tor Forum 1. Proof of Work (PoW) defense for Onion Service is released.[1] 2. "How Snowflake works?"[2] 3. EFF’s university Tor relay campaign[3] 4. New Alpha Release: Tor Browser 13.0a3 (Android, Windows, macOS, Linux)[4]. Help us test the 13.0ax series of Tor Browser for Alpha prior to the Tor Browser 13 stable release. Thanks! e. Note: (↑), (↓) and (-) are indicative if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively [0]: https://blog.torproject.org/introducing-proof-of-work-defense-for-onion-ser… [1]: https://forum.torproject.org/t/proof-of-work-pow-defense-for-onion-service-… [2]: https://forum.torproject.org/t/how-about-snowflake-works/8710 [3]: https://forum.torproject.org/t/tor-relays-effs-university-tor-relay-campaig… [4]: https://forum.torproject.org/t/new-alpha-release-tor-browser-13-0a3-android…

1 0

Anti-censorship team meeting notes, 2023-09-07
by meskio 07 Sep '23

07 Sep '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-09-07-15.57.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, Sep 14 16:00 UTC Facilitator: onyinyang Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == * No webtunnel and conjure options at https://metrics.torproject.org/userstats-bridge-transport.html * there is an issue on the metrics side: https://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/4… * is already developed and will be deployed next week * Upgrading Go toolchain for snowflake * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * some dependencies like uTLS need go 1.20+ * debian stable has go 1.19, it will be harder to make packages for backports * we'll try to get the package in apt.tpo * we think is more important to keep up to date with dependencies * release new snowflake version * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * is broken in android API 30+ we need a release to fix it * shelikhoo will make a release * snowflake-02 outage https://lists.torproject.org/pipermail/anti-censorship-team/2023-September/… * https://www.insidehighered.com/news/tech-innovation/teaching-learning/2023/… * the university got disconnected from the internet for we days == Actions == == Interesting links == * Firefox planning to ship ECH by default. Think about resurrecting meek-esni? * https://github.com/net4people/bbs/issues/280 * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek… * https://opencollective.com/censorship-circumvention/projects/snowflake-dail… == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2023-09-07 Last week: - finished writing shadow simulations guide for PTs (will post later today) - discussed weird increase in Snowflake client polls This week: - deploy the lox distributor for testing with rdsys - https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/issues/19 - followup on conjure reliability issues - visualize and write up some snowflake shadow simulation results Needs help with: dcf: 2023-09-07 Last week: - investigated a snowflake-02 bridge outage that caused a temporary increase in client polls https://lists.torproject.org/pipermail/anti-censorship-team/2023-September/… - merged goptlib STATUS TYPE=version and tagged v1.5.0 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/gopt… - opened a merge request to remove the unique proxy IP address counting code from the broker https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-09-07 Last week: - vacation :) - coordinate with TPA to get a VM for a rdsys staging server - review lyrebird merge requests Next week: - deploy the rdsys staging server Shelikhoo: 2023-09-07 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - logcollector alert system - Add Remote Network Address Mapping in HTTP Upgrade Transport (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) - Merge request reviews Next Week/TODO: - Add Remote Network Address Mapping in HTTP Upgrade Transport (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) (Continue) - Release new version of snowflake - Merge request reviews onyinyang: 2023-09-07 Last week(s): - Finished up implementation of new approach for getting resources https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/24 - Bug hunting for what turned out to be a serialize/deserialize issue caused by the Dedup filter implementation https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/42 - Updating dependencies from renovate bot MRs This week: - Continue updating dependencies, check how complicated it will be to update failing updates, such as: - aes-gcm: https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/35 - base64: https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/merge_requests/36 - Work on adding metrics (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0