- tor-project - lists.torproject.org

Anti-censorship team meeting notes, 2023-11-02 [FIXED]
by Shelikhoo 02 Nov '23

02 Nov '23

Hey everyone! [FIXED]: In the last email, next meeting date was not appropriately updated. Sorry for the inconvenience. Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-11-02-15.57.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, Nov 09 16:00 UTC Facilitator: onyinyang Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: *https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: *https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None * Sponsor 96 <-- meskio, shell, onyinyang, cohosh *https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it *https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_name%5B%5D=Sponsor%20150 == Announcements == == Discussion == * Fastly to block domain fronting in February 2024 https://lists.torproject.org/pipermail/anti-censorship-team/2023-October/00… * azure is closing domain front support next month * there are some alternatives to domain fronting we could use (ampcache or tapdance), but it might be trickier to integrate with moat * cohosh will investigate if cnd77, netlify or akamai are alternatives we could use * let's stress tests ampcache using it in one of our default bridges * we can add metrics to the broker to know if the clients come from ampcache or domain front * don't reject unrestricted client if there are no restricted proxies https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * we'll merge it, it should not affect our deployment (New: Nov 2) * Maybe move to use a private pad? == Actions == == Interesting links == * webtunnel testers call out: * https://forum.torproject.org/t/call-for-testers-webtunnel-a-new-way-to-bypa… * blog post of the sponsor 30 code audit * https://blog.torproject.org/security-audit-report-tor-browser-ooni/ * New paper PTPerf: On the Performance Evaluation of Tor Pluggable Transports: https://dl.acm.org/doi/10.1145/3618257.3624817 == Reading group == * We will discuss "On Precisely Detecting Censorship Circumvention in Real-World Networks" on November 9 * https://www.robgjansen.com/publications/precisedetect-ndss2024.html * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2023-11-02 Last week: - continued lox integration with tor browser - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/34 - Changed how proxy stats logging works - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Reviewed addition of prometheus metrics to lox - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/63 This week: - lox tor browser UX integration - follow up on conjure reliability issues - visualize and write up some snowflake shadow simulation results Needs help with: dcf: 2023-11-02 Last week: - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Before EOY 2023: - move snowflake-02 to new VM Help with: meskio: 2023-10-26 Last week: - test the whatsapp bot (rdsys#147) - investiage a failure on telegram bot, was on applications side (onionsproutsbot#54) - some lox merge request reviews (lox!62 !68) Next week: - set up staging server for rdsys (rdsys#170) Shelikhoo: 2023-11-02 Last Week: - Work on snowflake performance improvement(WIP):https://gitlab.torproject.org/shelikhoo/snowflake/-/tree/d… - Restart broker without proxy churn measurements https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Merge request reviews Next Week/TODO: - Write Tor Spec for Armored URL (continue) - Merge request reviews onyinyang: 2023-11-02 Last week(s): - Finished up metrics - Added functionality to handle blocked bridges in a single location for MVP - Started work on telegram distributor bot for Lox This week: - Continue work on Lox telegram bot - Hackweek: Docs for Lox https://gitlab.torproject.org/tpo/community/hackweek/-/issues/20 - Fix flakey test if time (long term things were discussed at the meeting!):https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?

1 0

Anti-censorship team meeting notes, 2023-11-02
by Shelikhoo 02 Nov '23

02 Nov '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-11-02-15.57.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, Nov 2 16:00 UTC Facilitator: shelikhoo Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: *https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: *https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None * Sponsor 96 <-- meskio, shell, onyinyang, cohosh *https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it *https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_name%5B%5D=Sponsor%20150 == Announcements == == Discussion == * Fastly to block domain fronting in February 2024 https://lists.torproject.org/pipermail/anti-censorship-team/2023-October/00… * azure is closing domain front support next month * there are some alternatives to domain fronting we could use (ampcache or tapdance), but it might be trickier to integrate with moat * cohosh will investigate if cnd77, netlify or akamai are alternatives we could use * let's stress tests ampcache using it in one of our default bridges * we can add metrics to the broker to know if the clients come from ampcache or domain front * don't reject unrestricted client if there are no restricted proxies https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * we'll merge it, it should not affect our deployment (New: Nov 2) * Maybe move to use a private pad? == Actions == == Interesting links == * webtunnel testers call out: * https://forum.torproject.org/t/call-for-testers-webtunnel-a-new-way-to-bypa… * blog post of the sponsor 30 code audit * https://blog.torproject.org/security-audit-report-tor-browser-ooni/ * New paper PTPerf: On the Performance Evaluation of Tor Pluggable Transports: https://dl.acm.org/doi/10.1145/3618257.3624817 == Reading group == * We will discuss "On Precisely Detecting Censorship Circumvention in Real-World Networks" on November 9 * https://www.robgjansen.com/publications/precisedetect-ndss2024.html * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2023-11-02 Last week: - continued lox integration with tor browser - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/34 - Changed how proxy stats logging works - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Reviewed addition of prometheus metrics to lox - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/63 This week: - lox tor browser UX integration - follow up on conjure reliability issues - visualize and write up some snowflake shadow simulation results Needs help with: dcf: 2023-11-02 Last week: - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Before EOY 2023: - move snowflake-02 to new VM Help with: meskio: 2023-10-26 Last week: - test the whatsapp bot (rdsys#147) - investiage a failure on telegram bot, was on applications side (onionsproutsbot#54) - some lox merge request reviews (lox!62 !68) Next week: - set up staging server for rdsys (rdsys#170) Shelikhoo: 2023-11-02 Last Week: - Work on snowflake performance improvement(WIP):https://gitlab.torproject.org/shelikhoo/snowflake/-/tree/d… - Restart broker without proxy churn measurements https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Merge request reviews Next Week/TODO: - Write Tor Spec for Armored URL (continue) - Merge request reviews onyinyang: 2023-11-02 Last week(s): - Finished up metrics - Added functionality to handle blocked bridges in a single location for MVP - Started work on telegram distributor bot for Lox This week: - Continue work on Lox telegram bot - Hackweek: Docs for Lox https://gitlab.torproject.org/tpo/community/hackweek/-/issues/20 - Fix flakey test if time (long term things were discussed at the meeting!):https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?

1 0

Anti-censorship team meeting notes, 2023-10-05
by meskio 02 Nov '23

02 Nov '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-09-28-15.57.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, Oct 12 16:00 UTC Facilitator: shelikhoo Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == - Update on snowflake domain fronting issues: - https://github.com/guardianproject/orbot/releases/tag/17.1.0-RC-1-tor.0.4.7… - "Fix snowflake Fastly and Moat Activity front" https://github.com/guardianproject/orbot/commit/594c49edc0ee7c702852aac2c14… - at this point, this release is apparently only available by sideloading an APK https://lists.mayfirst.org/pipermail/guardian-dev/2023-October/005712.html - problem with cdn.sstatic.net affected more than just snowflake, also moat, conjure (no deployment change required) - fixed in new tor browser update, but some users relying on snowflake/moat bridges will be unable to update - foursquare.com seems to not work in Iran? Do we need to update this for Moat so that users can access circumvention settings? - https://lists.mayfirst.org/pipermail/guardian-dev/2023-October/005712.html "I am getting reports though that the new front domain chosen may not be reachable in Iran" - https://explorer.ooni.org/chart/mat?test_name=web_connectivity&axis_x=measu… - https://lists.torproject.org/pipermail/anti-censorship-team/2023-October/00… "On snowflake-01, not all countries were equally affected. Russia and China had bigger relative decreases than Iran did." - relying on a the same new front may be detrimental to improve connection issues for some users, perhaps a pool of randomly selected domains would improve the situation: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - we are thinking about caching the most recently working front domain, so that the selection is only random the first time, and it doesn't hurt so much if a broken/blocked domain gets in the list - we have asked OONI about github.githubassets.com, they said it was throttled in Iran 1.5 years ago - currently, if the circumvention API ("smart connect"?) returns a snowflake bridge, Orbot uses its own built-in snowflake settings rather than the ones returned by the API https://github.com/guardianproject/orbot/issues/983 - short term: what, if anything, to do about Moat? - switch to githubassets for next release - test in alpha first? - cdn.sstatic.net no longer resolving to a mix of fastly and cloudflare in ooni tests, just cloudflare now - snowflake-02 not getting as much use as before - why? - https://lists.torproject.org/pipermail/anti-censorship-team/2023-September/… - until yesterday, 2023-10-04 ~12:00, it suddenly popped up - https://share.riseup.net/#2ycoKPORT4HuqeHMnnMJOw - about 4 hours after a reboot of snowflake-01, related? https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - future of PTs, plugins vs. different processes over the network - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/130 - Remove proxy churn measurement - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - (Network Health) 'Running' flag for counting bridges and network size https://gitlab.torproject.org/tpo/network-health/team/-/issues/318 == Actions == == Interesting links == * https://opencollective.com/censorship-circumvention/projects/snowflake-dail… == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2023-10-05 Last week: - opened PR to update domain front for OONI snowflake tests - https://github.com/ooni/probe-cli/pull/1337 - met with ooni to discuss tor ooni tests - more work on deploying the lox distributor - updated MR to randomly select front domain from a list - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - looked into blocking of foursquare.com and alternative fronts This week: - deploy lox distributor - follow up on conjure reliability issues - visualize and write up some snowflake shadow simulation results Needs help with: dcf: 2023-10-05 Last week: - posted a note in the forum about the fastly domain front issue https://forum.torproject.org/t/problems-with-snowflake-since-2023-09-20-bro… - wrote an email speculating about possible reasons why snowflake-01 and snowflake-02 were unequally affected: https://lists.torproject.org/pipermail/anti-censorship-team/2023-September/… Next week: - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Before EOY 2023: - move snowflake-02 to new VM Help with: meskio: 2023-10-05 Last week: - fix lyrebird dependencies (lyrebird!14) - add authentication token to onbasca-rdsys communication (rdsys#174) - release and deploy a new version of rdsys Next week: - test the whatsapp bot (rdsys#147) Shelikhoo: 2023-10-05 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - Write Tor Spec for Armored URL (continue) - Merge request reviews - Finally write a script to automatically merge bot MR: https://gist.githubusercontent.com/xiaokangwang/eecf2c7c9a6bc57a8bf5fe3b7a2… Next Week/TODO: - Write Tor Spec for Armored URL (continue) - Merge request reviews onyinyang: 2023-10-05 Last week(s): - Finished changes to rdsys API at the /resources endpoint to meet the needs of Lox - Finished up required changes to lox-distributor - Still need to merge the updated dependencies and make MR to upstream ZK lib: - fixed bug (? hopefully this can be reviewed) in the zkp crate - will make MRs to both dalek-cryptography and zkcrypto and maintain a new fork This week: - Finish up with the dependencies issue - Continue with metrics - Time permitting, start work on telegram distributor bot for Lox (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

2 2

Rhatto's Monthly Status Report, October 2023
by rhatto 01 Nov '23

01 Nov '23

Hi all :) This is my monthly status report for October 2023 with the main relevant activities I have done during the period. ## 0. Research ### Onion Plan * Renamed section "Roadmaps" to "Scenarios", since The Onion Plan is not an authoritative instance for defining roadmaps. Instead, it merely produces research studies and scenarios: https://tpo.pages.torproject.net/onion-services/onionplan * Started to work again on Onion Discovery, trying to draft a plan for it. More info about discovery is available at https://tpo.pages.torproject.net/onion-services/onionplan/proposals/usabili… https://tpo.pages.torproject.net/onion-services/onionplan/scenarios/discove… * Other minor improvements. ### Tor Browser Quality Assurance for Onion Services * Did a presentation during the Applications Team meetup: https://gitlab.torproject.org/tpo/applications/team/-/wikis/Goteburg-2023-M… * Ongoing QA activities. ## 1. Development ### Onionbalance * Basic maintenance, including contact info update, fixing the GitHub mirror, adding GitLab CI and other improvements to avoid bit rotting: https://gitlab.torproject.org/tpo/onion-services/onionbalance/activity ### Onion MkDocs * General enhancements: https://gitlab.torproject.org/rhatto/onion-mkdocs/activity ## 2. Support ### Maintenance * Ongoing sponsored work with deployment, maintenance and monitoring of Onion Services. ## 3. Organization Time spent (from the total available for Tor-related work): | Category | Percentage |---------------|------------ | Research | 44 | Development | 6 | Support | 13 | Organization | 37 |---------------|------------ | Total | 100 -- Silvio Rhatto pronouns he/him

1 0

PieroV's Monthly Status Report, October 2023
by Pier Angelo Vendrame 01 Nov '23

01 Nov '23

Hi everyone! Here is my status report for October 2023. We have finally released Tor Browser 13.0. I prepared that release, and writing its changelog took me a surprising amount of time. The changes it contains are numerous; we hope you enjoy them! It's also the first release not to have Torbutton as a backend, and I've written a blog post about that [0]. In addition to that, in the first half of the month, I've been doing last-minute fixes, such as some preferences that we missed [1], a way to allow using Tor Browser with Tor set as a proxy but without connecting to the control port [2], fixed a build problem of Android that happened only with the release channel [3], and a few more. Speaking of Android, I also helped to find a way to improve its building time when we run our reproducible builds [4]. Then, I worked a little to make the DLL blocklist file obey the portable mode [5]. We haven't merged my proposed MR because it relied on Win32 APIs, but we might use std::filesystem instead to work around certain limitations. I haven't done that in the first place because Firefox used to disable it in libc++, but it has been enabled in Firefox 116, and we might do the same to our 115 ESR and revisit the patch. Last week, we were at the Mullvad offices for a team meeting. It was a very productive week, and we've taken a lot of notes. We've already published a first draft [6], but we might have to go back to it and do some more formatting and add any missing information. Finally, I've started hacking on Android because we want to bring the connection assist there as well. My dream is to unify our code base and handle both desktop and Android. It helps feature parity, it reduces the maintenance time, and in case of bugs, we can fix them on all our platforms at once. I'm not sure we'll do it for the front end eventually (there have been some discussions about that [7]), but even doing it only for the back end would be a great help. I've already managed to hook up a Tor daemon to the TorProvider I worked on last Summer and also to plumb the creation of a lyrebird instance for the domain fronting proxy. So, I'd expect it to be feasible, even though it'll take a while to create a polished patch. I plan to keep working on Android a little bit. I've done the first exploration because I implemented the desktop part, so I know very well, but I might pass it to someone else. Then, I might go back to Mullvad Browser packaging changes. Best, Pier [0] https://blog.torproject.org/torbutton-retired/ [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41496 [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42160 [3] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [4] https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40062 [5] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42163 [6] https://gitlab.torproject.org/tpo/applications/team/-/wikis/Goteburg-2023-M… [7] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41188

1 0

Online Tor's Hackweek - Nov 6th to Nov 19th, 2023
by Tyler Corn 31 Oct '23

31 Oct '23

Hi everyone 🙂 More friendly reminders about Hackweek (happening Nov 6th - 9th): (1) Like Pavel mentioned, don't forget to add your Hackweek project proposal to the issue queue in Gitlab this week (see Rhatto's Aug. 30 email below); (2) If you don't have a Hackweek documentation project proposal, you can join someone else's proposed project; (3) Next week's All Hands Meeting (November 1st) - (after the Finance Update) each Hackweek project proposer will have about 5 minutes to present their submitted project and everyone will have a chance to ask questions; and (4) Project proposers - be thinking about where your group will be meeting (BBB room?) during Hackweek (on Nov. 6th) and what time folks will start working on the projects. Thanks everyone! Best, Tyler On 8/30/2023 11:13 AM, rhatto wrote: Hi! The Tor Project and Tor community is going to be gathering online from November 6th to November 9th this year for a 4 days hackweek. ## About This is a call for projects for whoever wants to participate, put together a team and hack through one working week with us. In the context of this hackweek, a project is anything related to Tor documentation that you can work with other people in 4 days. It could be improving the documentation for a project, a tutorial or could also be a cartoon, a screencast or anything that do not necessary requires coding skills. You will work on this project during 4 days with other people in your team. This is an opportunity to discuss how documentation is working or not in your projects, as well as thinking, proposing, researching and testing solutions. Documentation is very important for any free software project as it is the way for people to start understanding the work we are doing, the way they can use our tools and start contributing with it. In the next All-Hands following the Hackweek we are going to have a demo in a Big Blue Button's room where your team will present the work you did through the hackweek. ## Timeline This will be the timeline for the hackweek this year: * Until Monday, November 6th: * Send hackweek project proposals to this issue queue: https://gitlab.torproject.org/tpo/community/hackweek/-/issues (please use the "Proposal" issue template for the ticket Description). * Before hackweek begins, start looking for other people to join your team. * In order to join a proposal you liked, subscribe yourself to it's ticket. * Wednesday, November 1st - 16:00 UTC: All-Hands session prior to the Hackweek were people/teams will present their project proposals for other people to join their team if they want to. * Monday, November 6th: Hackweek begins. People start working on whatever they want related to documentation. By this time, you should have a few members of your team already identified. Hack hack hack hack... in whatever way you organize yourself. We will have the room #tor in irc.oftc.net to discuss general hackweek things. * Thursday, November 9th: Hackweek ends. * Wednesday, November 15th - 16:00 UTC: Each team presents the work they did in the All-Hands session happening after the Hackweek. ## Projects The updated list of projects will be available at https://gitlab.torproject.org/tpo/community/hackweek/-/issues. Each project can have one pad (you can usehttps://pad.riseup.net) and also use it's ticket to add all information that people need to add themselves to that project. ## References For best practices on documentation, we recommend the following material: * Diátaxis, "The Grand Unified Theory of Documentation": https://diataxis.fr/ * How to pick up a project with an audit: https://bluesock.org/~willkg/blog/dev/auditing_projects.html cheers, -- Silvio Rhatto pronouns he/him

1 1

Tor Browser Meeting Cancelled 2023-10-30
by richard 27 Oct '23

27 Oct '23

Hey Everyone, I think we've met enough for one week, so let's cancel our meeting next week and think about things that are not browser related. The next meeting will be the following week, 2023-11-06 at 1500 UTC in OFTC IRC per usual. best, -richard

1 0

Anti-censorship team meeting notes, 2023-10-26
by meskio 26 Oct '23

26 Oct '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-10-26-15.57.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, Nov 2 16:00 UTC Facilitator: shelikhoo Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: meskio == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == == Discussion == * Fastly to block domain fronting in February 2024 https://lists.torproject.org/pipermail/anti-censorship-team/2023-October/00… * azure is closing domain front support next month * there are some alternatives to domain fronting we could use (ampcache or tapdance), but it might be trickier to integrate with moat * cohosh will investigate if cnd77, netlify or akamai are alternatives we could use * let's stress tests ampcache using it in one of our default bridges * we can add metrics to the broker to know if the clients come from ampcache or domain front * don't reject unrestricted client if there are no restricted proxies * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * we'll merge it, it should not affect our deployment == Actions == == Interesting links == * webtunnel testers call out: * https://forum.torproject.org/t/call-for-testers-webtunnel-a-new-way-to-bypa… * blog post of the sponsor 30 code audit * https://blog.torproject.org/security-audit-report-tor-browser-ooni/ * New paper PTPerf: On the Performance Evaluation of Tor Pluggable Transports: https://dl.acm.org/doi/10.1145/3618257.3624817 == Reading group == * We will discuss "On Precisely Detecting Censorship Circumvention in Real-World Networks" on November 9 * https://www.robgjansen.com/publications/precisedetect-ndss2024.html * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2023-10-26 Last week: - reviewed duplication fix for lox-distributor (lox!42) - deployed lox distributor, finally :) (rdsys#167) - updated rdsys survival guide - https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Gui… - reviewed snowflake outbound proxy support (snowflake!200) - opened issue for regression in client since !182 - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - rebased lox tor browser UX integration to continue working on that This week: - fix snowflake regression (snowflake#40301) - lox tor browser UX integration - follow up on conjure reliability issues - visualize and write up some snowflake shadow simulation results Needs help with: dcf: 2023-10-26 Last week: Next week: - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Before EOY 2023: - move snowflake-02 to new VM Help with: meskio: 2023-10-26 Last week: - test the whatsapp bot (rdsys#147) - investiage a failure on telegram bot, was on applications side (onionsproutsbot#54) - some lox merge request reviews (lox!62 !68) Next week: - set up staging server for rdsys (rdsys#170) Shelikhoo: 2023-10-26 Last Week: - [Merge Request Merged] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (continue) (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Work on snowflake performance improvement - Finialize alert for log collector https://gitlab.torproject.org/tpo/tpa/prometheus-alerts/-/merge_requests/37… - [Merge Request Reviews] lots of... Next Week/TODO: - Write Tor Spec for Armored URL (continue) - Work on snowflake performance improvement - Merge request reviews onyinyang: 2023-10-26 Last week(s): - Finalized a bunch of existing MRs including zkp crate fixes - these are now merged into lox! - Added to metrics, nearly finished This week: - Finish up metrics - Add functionality to handle blocked bridges in a single location for MVP - Start work on telegram distributor bot for Lox - Fix flakey test if time (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

Anti-censorship team meeting notes, 2023-10-19
by onyinyang 19 Oct '23

19 Oct '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-10-19-15.59.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, Oct 26 16:00 UTC Facilitator: meskio Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * A poll to set a date for a 'Future of PTs' voice conversation * https://www.systemli.org/poll/#/poll/YRRF8K19Bq/evaluation?encryptionKey=e1… * Times in UTC == Discussion == (Oct 12) * Armored Bridge line Spec(Oct-19: let's discuss again) https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126#note_29… * the spec is ready to review * we'll discuss it next week * examples of bridgelines and their encoding will be handy * currently is not possible with goptlib to publish non-ascii bridgelines, we seem to be safe to assume ASCII bridgelines * SmethodArgs calls encodeSmethodArgs, which does not do anything to escape non-ASCII bytes, then the line function calls argIsSafe to check the encoded line for non-ASCII before allowing it to be printed https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/gopt… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/gopt… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/gopt… * we'll use brdg.es as domain name for urls * snowflake broker restart(deployment) needed, and deletion of ip-count-mask key https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * shelikhoo will tag a snowflake version and deploy it * v2.7.0 has been deployed https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * still need destruction of ip masking key https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… == Actions == == Interesting links == * "On Precisely Detecting Censorship Circumvention in Real-World Networks" * https://www.robgjansen.com/publications/precisedetect-ndss2024.html * develops new classifiers for Snowflake rendezvous and data transfer, among other things * "Covertness Analysis of Snowflake Proxy Request" * https://ieeexplore.ieee.org/document/10152736 * https://github.com/Xanole/SnowDT * "TorKameleon: Improving Tor's Censorship Resistance With K-anonymization and Media-based Covert Channels" * https://arxiv.org/abs/2303.17544 * https://github.com/AfonsoVilalonga/TorKameleon * https://restoreprivacy.com/torkameleon-strengthening-tor-against-deanonymiz… * uses WebRTC Encoded Transforms for efficient encoding of data into WebRTC media streams (rather than data channels), which we have discussed before for Snowflake: * https://lists.torproject.org/pipermail/anti-censorship-team/2023-February/0… * https://github.com/AfonsoVilalonga/TorKameleon/blob/c6ef7116043dfd74701ddb6… * const transformStream = new TransformStream * https://github.com/AfonsoVilalonga/TorKameleon/blob/c6ef7116043dfd74701ddb6… * if (encodedFrame instanceof RTCEncodedVideoFrame && enconding.length > 0) == Reading group == * We will discuss "On Precisely Detecting Censorship Circumvention in Real-World Networks" on November 9 * https://www.robgjansen.com/publications/precisedetect-ndss2024.html * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2023-10-19 Last week: - reviewed lox!51 - commented on snowflake!187 - commented on conjure#28 - attended meeting on PT-tor integration This week: - deploy lox distributor - follow up on conjure reliability issues - visualize and write up some snowflake shadow simulation results Needs help with: dcf: 2023-10-19 Last week: - commented on tor incorrectly reporting PT metrics since 0.4.8.4 https://gitlab.torproject.org/tpo/core/tor/-/issues/40871#note_2954288 - closed an obsolete uTLS-in-Snowflake issue https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - commented on reported "Unexpectedly high use successes counts" with snowflake-02 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42161#n… - read some new snowflake-related papers (see Interesting Links) Next week: - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Before EOY 2023: - move snowflake-02 to new VM Help with: meskio: 2023-10-19 Last week: - look at win7 lyrebrid crash in Tor Browser (tor-browser#42179) - debug renovate bot issues in rdsys and snowflake (snowflake!199) - deploy the latest onionsproutsbot and update translations (onionsproutsbot#53) - review lox rdsys integration (lox-rs!24) - write Sponsor 96 report - fail to get a phone number to register the whatsapp bot Next week: - test the whatsapp bot (rdsys#147) Shelikhoo: 2023-10-12 Last Week: - [Merge Request] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (continue): proceed to rebase (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - [Merge Request Done] Refine argument error processing in WebTunnel server(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transpor… - [Merge Request Done] Release Snowflake 2.7.0(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transport… - [Deployment] Snowflake Broker Deployment 23-10-16 (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - [Merge Request Reviews] lots of... Next Week/TODO: - Write Tor Spec for Armored URL (continue) - Begin to work on snowflake performance improvement - Merge request reviews onyinyang: 2023-10-19 Last week(s): - Continued with metrics - Added functionality for a MAX_DAILY_BRIDGES (the number of bridges that can be distributed each day) - Found some bugs in static-resources MR and updated it after review This week: - Hopefully finish up metrics work - Start work on telegram distributor bot for Lox - Add functionality to handle blocked bridges in a single location for MVP (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

Tor's annual fundraising campaign launches today 💜
by Al Smith 16 Oct '23

16 Oct '23

Hello Tor world! Today is the launch of our annual year-end fundraising campaign. If you’ve been a Tor supporter for a while, you probably know that this is the moment we add a new message to about:tor, a banner to the torproject.org sites, and use our social channels to highlight how your support empowers people all over the world to exercise their right to privacy. This year we’re keeping our message simple: *if you value the privacy that Tor provides to yourself or to other people, please make a donation.* Support from the community ensures that the Tor Project remains strong on an organizational level, and that the ecosystem of Tor services and tools continue to reach the people who need privacy online the most. Please check out our latest campaign here: https://blog.torproject.org/2023-fundraiser-make-a-donation-to-Tor/ The newest Tor t-shirt here: https://donate.torproject.org And spread the word! Thank you for the ongoing support. Al -- Al Smith (they/them) Fundraising Director The Tor Project My working hours may not be your working hours. If I message you outside of your working hours, know that I do not expect an immediate response and that I support your right to disconnect.

1 0