- tor-project - lists.torproject.org

cohosh's monthly status report, May 2023
by Cecylia Bocovich 05 Jun '23

05 Jun '23

Hi! This is my status report for contract work done in May 2023. # Reputation-based bridge distribution - Summarized notes from the team meeting into a Roadmap for Lox https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/wikis/… - Made progress on reproducible builds of the lox client https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… - Started working on a wasm-bindgen project in tor-browser-build for generating the javascript bindings that the Lox client needs - Opened an issue to bump the version of Rust in tor-browser-build https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… - Reviewed Lox distributor merge requests # Conjure PT - Updated Conjure PT to use gotapdance v1.5.0 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - Prepared Conjure for usability testing https://gitlab.torproject.org/tpo/community/team/-/issues/88

1 0

Job Opening -- Android Developer
by Erin Wyatt 01 Jun '23

01 Jun '23

Hi everyone, We have a new opening for an Android Developer! If you are or know someone who would be a good fit and wants to join our awesome Applications Team, please apply/share. https://www.torproject.org/about/jobs/android-developer/ Have a nice weekend and thanks for helping us spread the word! :) Erin Wyatt Director of People Operations (she/her) ewyatt(a)torproject.org <mailto:ewyatt@torproject.org> PGP: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE https://www.torproject.org <https://www.torproject.org/> http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/ <http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/>

1 0

Rhatto's Monthly Status Report, May 2023
by rhatto 01 Jun '23

01 Jun '23

Hi all :) This is my monthly status report for May 2023 with the main activities I have done during the period. ## 0. Research * Completed a Tor Browser Quality Assurance for Onion Services (2023.Q2). Results were reported to the Applications Team. * Onion Plan: * Many updates! https://tpo.pages.torproject.net/onion-services/onionplan/ https://gitlab.torproject.org/tpo/onion-services/onionplan/activity * ACME for Onions (https://acmeforonions.org) evaluation. Still compiling a feedback to be sent later on. * The Onion Services Timeline now is part of The Onion Plan: https://tpo.pages.torproject.net/onion-services/onionplan/0%20-%20Introduct… Do you know about any relevant technology or event that changed the landscape of Onion Services? Please contact me so it can be included in the timeline :) ## 1. Development * Minor improvements at the eotk-get-logs-from-s3fs script: https://gitlab.torproject.org/tpo/onion-services/eotk-log-parser/-/blob/mai… * Minor EOTK pull requests with fixes and enhancements: * CDPATH fix: https://github.com/alecmuffett/eotk/pull/113 * Debian bullseye support: https://github.com/alecmuffett/eotk/pull/114 * Internal security policy work for Tor. ## 2. Support * Onion Services session at CryptoRave 2023 https://gitlab.torproject.org/tpo/community/outreach/-/issues/40026 * Created some "first contribution" issues for the "cebollitas" project: https://gitlab.torproject.org/tpo/onion-services/cebollitas/-/issues/?label… Those are good starting points if you want start doing Onion Service development. Please submit merge requests :) ## 3. Organization Time spent (from the total available for Tor-related work): | Category | Percentage |---------------|------------ | Research | 34 | Development | 8 | Support | 24 | Organization | 34 |---------------|------------ | Total | 100 -- Silvio Rhatto pronouns he/him

1 0

Anti-censorship team meeting notes, 2023-06-01
by Itchy Onion 01 Jun '23

01 Jun '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-06-01-15.58.log… And our meeting pad: ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, June 1 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == Our anti-censorship roadmap: Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards The anti-censorship team's wiki page: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home Past meeting notes can be found at: https://lists.torproject.org/pipermail/tor-project/ Tickets that need reviews: from sponsors, we are working on: All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… Sponsor 96 <-- meskio, shell, onyinyang, cohosh https://gitlab.torproject.org/groups/tpo/-/milestones/24 Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == Report of TLS-in-DTLS detection and throttling in China that affects Snowflake https://github.com/net4people/bbs/issues/255 Padding the first client→server send is reported to disrupt the packet size signature and avoid throttling https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://gitlab.torproject.org/dcf/snowflake/-/commit/01ac0373a887c63a325aad… The reporter on BBS says it started happening to them (in a non-Snowflake WebRTC proxy) around 2023-05-14. We have measurements of high packet loss rates in China from 2023-03-20, at least. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… shelikhoo will run packet loss tests with the padding patch and report the results Research about designing an armored bridge line sharing URL format https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126 we will not include forward error correction shelikhoo will do a test implementation (updated, discuss again) Update on Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… after a lot of research the proposed solution is to enable datagram transport on webrtc to deal with the packet loss situation that will convert webrtc into an unreliable channel, and snowflake will add reliability with kcp (maybe related to the first topic?) == Actions == == Interesting links == Large oscillations in relay users in China the past 6 weeks: https://people.torproject.org/~dcf/metrics-country.html?start=2023-03-01&en… == Reading group == We will discuss "" on Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-06-01 Last week: - revisited old snowflake shadow simulations work - opened an issue with shadow for supporting AF_NETLINK and produced a workaround - https://github.com/shadow/shadow/issues/2980 - updated sfnettools to work with the new verison of shadow - opened an issue for bumping the version of rust in tor-browser-build - worked on FOCI workshop prep - a little bit of conjure maintenance This week: - tidy up and share shadow simulations guide for PTs - Lox tor browser integration - conjure maintenance Needs help with: dcf: 2023-06-01 Last week: - commented on a second report of Avast antivirus blocking snowflake proxy connections https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - commented on the latest design for unreliable data channels in snowflake https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - made a patch that adds padding to attempt to work around snowflake throttling in China https://github.com/net4people/bbs/issues/255#issuecomment-1566227484 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-06-01 Last week: - fix bridgedb webtunnel implementation (rdsys#142) - deploy rdsys, bridgestrap and bridedb with webtunnel support - migrate missing repos from git.tpo to gitlab (team#86) - rename obfs4 into lyrebird (lyrebird#40010) - update BridgeDB dependencies to fix CVEs Next week: - add i18n support in rdsys (rdsys#11) Shelikhoo: 2023-06-01 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - Snowflake Performance Analysis (Ongoing, https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Trying to fix vantage point (Done) - Research about designing an armored bridge line sharing URL format (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126) Next Week/TODO: - webtunnel document for proxy operator <- immediate todo - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - logcollector alert system - Snowflake Performance Analysis onyinyang: 2023-05-25 Last week: - Added tests for Lox library and worked on doing the same for Lox distributor - Refactored rdsys metrics changes to prevent risk of testing in deployment - https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/122 - Looking into a more reasonable way of storing Lox library data structures: - https://gitlab.torproject.org/onyinyang/lox/-/issues/2 - https://gitlab.torproject.org/onyinyang/lox/-/issues/3 - Met with Ian & Vecna (MMath student) on possible future research directions for Lox: - https://pad.riseup.net/p/lox-tor-stuff-keep - Sent a follow up email to provide more info about tooling/infrastructure that _does_ exist to inform about blocked bridges This week: - Still Adding tests Lox distributor - Finish up changes to rdsys: - metrics: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/122 - more aggressive `gone` labelling to follow that being merged - Looking into a more reasonable way of storing Lox library data structures: - https://gitlab.torproject.org/onyinyang/lox/-/issues/2 - https://gitlab.torproject.org/onyinyang/lox/-/issues/3 - First change the vectors in the bridge_table to maps. (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice. Question: What makes a bridge useable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-06-01 Last week: - Holiday - Worked on rdsys#56 (https://gitlab.torproject.org/itchyonion/rdsys/-/tree/use-embedded-db?ref_t…) - Discussed about what attributes to use to identify a single bridge (decided to use fingerprint + transport) - Discussed about the role of the stencil package and whether we should keep using it (decided to compute bridge distribution in Kraken) This week: - fixed snowflake pipeline due to outdated Debian image - continue working on rdsys#56 implementation. Still need to do the following: - finish up computing bridge distribution in Kraken - does it have to be deterministic? - does the disproportion have to be strictly followed - - finish writing tests - refactor code because some functions are getting extremely long - what to do with stencil package? hackerncoder: 2023-04-20 last week: - (py-)ooni-exporter torsf (snowflake) - (py-)ooni-exporter web_connectivity Next week: - work on "bridgetester"? - how does Iran block bridges?

1 0

PieroV's Monthly Status Report, May 2023
by Pier Angelo Vendrame 01 Jun '23

01 Jun '23

Hi everyone! Here is my status report for May 2023. I spent almost the entire month rebasing Tor Browser and Mullvad Browser to Firefox 115, which will be the next ESR version from this June. I rebased all our patches and updated all the toolchains we use in our reproducible build system. I have a merge-request [0] for the first chunk of patches. The rest is still on work-in-progress branches. Desktop is already in a very good shape. Probably, we will need to update the Rust compiler again (to 1.70, published today), but it should be easy enough. Android will need a big rework, because Mozilla unified Android Components and Fenix in a single repository. At the moment, Dan is working on that. Since we were almost in sync with mozilla-central (Firefox's development repository), I took the occasion to try to upstream a few more patches, such as the one to allow using NSS to verify MAR signatures also on Windows and macOS [1]. Finally, I worked on the rebases for 12.0.6, 12.5a6, 12.0.7, 12.5a7 and helped with the various releases of May. Best, Pier [0] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [1] https://phabricator.services.mozilla.com/D177743

1 0

Snowflake tutorial notes
by Roger Dingledine 28 May '23

28 May '23

Hi folks, Micah and I did a session teaching people about Snowflake a few weeks back, and here are the notes that I wrote up for ourselves going into that session, in case they are useful to anybody in the future. (It was more of a decentralized peer-to-peer session so we don't have anything so organized as a slide deck.) It's separated into five main sections, with the goal that you can adapt how much time you spend on each section depending on the audience. Snowflake topics, 2023-05-15: (1) History and architecture Born out of the Flashproxy idea (PETS 2012), but Flashproxy didn't do nat piercing and didn't do webrtc <describe intuition around design> The basic idea is to handle DPI attacks by looking enough like WebRTC, and to handle IP enumeration attacks by having so many diverse and changing addresses that blocking them all is pointless. Started with Serene Han's OTF fellowship, then leaped forward again when we made an anti-censorship team and had Cecylia on it multiple components (more client interactions, more surface area for problems) - stun server for client to learn about connection info - domain front to reach broker - webrtc channel to volunteer proxy early engineering tradeoff: go-pion vs chrome's libwebrtc prateek at princeton wrote a short paper guessing some distinguishers that attackers could use. some of them turned out to be good guesses! used to use azure for the domain front, now use fastly Scaling to multiple snowflake back-end servers one in sweden one at umich now pushing >25terabytes/day of traffic (2) Real-world events - Russia censorship in Dec 2021 - spike in users, but block by webrtc DPI - Iran censorship in Oct 2022 - spike in users, but block by domain front https - #1 app in google play store, and also #2 app, for that day - China, works but sometimes quite slow - packet loss over the GFW leads to poor webrtc performance? ooni tests for snowflake, showing it working in most places including china (3) Ways to be a Snowflake volunteer - browser extension for Firefox, Chrome - and edge now? - headless go proxy for server people - Orbot has a 'kindness mode' - Brave ships the extension as of January - Mullvad considering something similar NAT piercing, kinds of volunteers >100k volunteers but the vast majority of them are the less useful kind gamifying the snowflake badge (4) developer side iptproxy wrapper in-process library for ios and android The Orbot 17.0 prerelease offers a better experience, since it is the first Orbot version to use snowflake-02 https://github.com/guardianproject/orbot/releases/tag/17.0.0-RC-1-tor.0.4.7… reliability layers: - turbotunnel - conflux - striping over multiple snowflakes data channel vs media webrtc channel -- impacts both realism and reliability domain fronting isn't the only signaling channel we could use orbot ships with google amp cache as an alternative channel we could also use dnstt or other ideas in the future surprises, e.g. people in censored countries becoming snowflake volunteers (5) future work, funding, community Reusing our Snowflake volunteer pool for other projects? Too risky because whichever project draws the most attention blocks the snowflake pool for everybody else Besides, you really (should) want the distributed-trust features of Tor, to keep your users and your Snowflakes safe. how to handle enumeration attacks on the broker? tension between really simple broker and handling more attacks future work: realistic behavior layer a la Raven future work: better user counting We currently suffer from the same user (under)counting issues as Tor Funding groups to run Snowflake volunteers? part of otf rapid response plan for iran, short term maybe future plans to fund groups too? but centralizing our snowflakes kind of defeats the point Other ideas for growing the community, e.g. integrating Snowflake into your project

1 0

Tor Browser weekly meeting rescheduled to 2023-05-30 @ 1500 UTC
by Richard Pospesel 25 May '23

25 May '23

Hello everyone, Monday 29th is an official holiday so we'll be moving our weekly meeting to the 30th at 1515 (not 1500) UTC in #tor-meeting on OFTC IRC. best, -Richard

1 0

Anti-censorship team meeting notes, 2023-05-25
by Shelikhoo 25 May '23

25 May '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-05-25-15.57.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, June 1 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == * Research about designing an armored bridge line sharing URL format * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126 * we will not include forward error correction * shelikhoo will do a test implementation * Update on Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * after a lot of research the proposed solution is to enable datagram transport on webrtc to deal with the packet loss situation * that will convert webrtc into an unreliable channel, and snowflake will add reliability with kcp * PT implementation version in the descriptors * https://gitlab.torproject.org/tpo/core/tor/-/issues/11101 * Will be included in next Tor version (0.4.8???) * we'll need to update goptlib and the different PTs == Actions == * == Interesting links == * Unofficial(?) Snowflake extension for Safari in Apple App Store? * https://apps.apple.com/us/app/torproject-snowflake/id1597501940 * Previously noted at https://lists.torproject.org/pipermail/anti-censorship-team/2022-February/0… == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-05-25 Last week: - mostly away - foci stuff This week: - open issue about archiving snowflake prometheus metrics - lox-wasm tor browser builds - catch up on gitlab todos Needs help with: dcf: 2023-05-25 Last week: - did more analysis of blocking of the snowflake broker front domain in China https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… - upgraded snowflake-01 bridge to tor 0.4.7.13 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - opened a merge request to use IP_BIND_ADDRESS_NO_PORT in snowflake-server's localhost connections, necessary tor upgrade 0.4.7.13+ https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - migrated goptlib, meek, flashproxy, bundle, fog projects from gitolite to gitlab https://gitlab.torproject.org/tpo/tpa/team/-/issues/41182 https://gitlab.torproject.org/tpo/tpa/team/-/issues/41190 - commented on interpreting Tor Metrics data https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/123#note_29… - participated more in discussion on shelikhoo's proposal for a new snowflake client–proxy protocol based on unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-05-25 Last week: - fix rdsys handling webtunnel bridges (rdsys!126) - debug bridgedb webtunnel implementation (rdsys#142) - fix build errors of obfs4 in Tor Browser (obfs4#40011) - redesign the OnionSproutsBot deployment using plugins (onionsproutsbot#52) - review bridge flikering metrics in rdsys (rdsys!122) - review webtunnel IP for bridge line (webtunnel!9) Next week: - finish webtunnel rdsys support - migrate missing repos from git.tpo to gitlab (team#86) Shelikhoo: 2023-05-25 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - Snowflake Performance Analysis (Ongoing, https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Trying to fix vantage point (Ongoing) - Snowflake Performance Analysis - read & comments on papers Next Week/TODO: - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - logcollector alert system - webtunnel document for proxy operator - Snowflake Performance Analysis - Trying to fix vantage point (Ongoing) onyinyang: 2023-05-25 Last week: - Added tests for Lox library and worked on doing the same for Lox distributor - Refactored rdsys metrics changes to prevent risk of testing in deployment - https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/122 - Looking into a more reasonable way of storing Lox library data structures: - https://gitlab.torproject.org/onyinyang/lox/-/issues/2 - https://gitlab.torproject.org/onyinyang/lox/-/issues/3 - Met with Ian & Vecna (MMath student) on possible future research directions for Lox: - https://pad.riseup.net/p/lox-tor-stuff-keep - Sent a follow up email to provide more info about tooling/infrastructure that _does_ exist to inform about blocked bridges This week: - Still Adding tests Lox distributor - Finish up changes to rdsys: - metrics: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/122 - more aggressive `gone` labelling to follow that being merged - Looking into a more reasonable way of storing Lox library data structures: - https://gitlab.torproject.org/onyinyang/lox/-/issues/2 - https://gitlab.torproject.org/onyinyang/lox/-/issues/3 - First change the vectors in the bridge_table to maps. (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice. Question: What makes a bridge useable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-05-11 Last week: - Continue investigating offline bridges (team#112) - Discovered bridgestrap#37 (cache gives wrong status of bridge sometimes) - Start working on rdsys#56 (persistent storage for certain bridge arributes) This week: - Continue working on rdsys#56 (https://gitlab.torproject.org/itchyonion/rdsys/-/tree/use-embedded-db?ref_t…) hackerncoder: 2023-04-20 last week: - (py-)ooni-exporter torsf (snowflake) - (py-)ooni-exporter web_connectivity Next week: - work on "bridgetester"? - how does Iran block bridges?

1 0

User support report for April 2023
by ebanam 24 May '23

24 May '23

Hello everyone! Here are updates from the user support team for last month (April, 2023). Most of our work has been around helping users in countries where Tor is censored and some user support work in light of the new stable Tor Browser release (Tor Browser 12.0.5). With the release of Mullvad Browser[0], we also published some documentation for our Support Portal[1]. Timeframe: 01 - 30 April 2023 # Frontdesk (email) -584 RT tickets created -428 RT tickets resolved Most frequent tickets by numbers: 1. 158 RT tickets: Private Bridge requests from China. 2. 39 RT tickets: Circumventing censorship in Russia. 3. 21 RT tickets: Circumventing censorship in Turkmenistan. 4. 4 RT tickets: Circumventing censorship with Tor in Iran. 5. 3 RT tickets: Tor Browser doesn't run with Mandatory ASLR on Windows (the issue is fixed with the 12.0.5 Tor Browser release)[2] # Telegram, WhatsApp and Signal Support channel -751 tickets resolved Breakdown: -697 tickets on Telegram -42 tickets on WhatsApp -12 tickets on Signal The most frequent tickets on cdr.link have been about: 1. 209 tickets: Circumventing censorship in Russia. 2. 137 tickets: Circumventing censorship in Turkmenistan. 3. 77 tickets: Circumventing censorship in Iran. 4. 39 tickets: Circumventing censorship in China. Thanks! e. [0]: https://blog.torproject.org/releasing-mullvad-browser/ [1]: https://support.torproject.org/mullvad-browser/ [2]: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4…

1 0

Anti-censorship team meeting notes, 2023-05-18
by onyinyang 18 May '23

18 May '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-05-18-15.58.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, May 25 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == * Reported blocking of Snowflake in China since 2023-05-12 * https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… * https://github.com/net4people/bbs/issues/249 * https://forum.torproject.net/t/snowflake-bridge-does-not-work-in-china-sinc… * May have something to do with double rendezvous caused by having 2 bridge lines * "two or more TLS connections with the same SNI within a short time to a Fastly IP address" * got similar reports from two users * for one user the blocking threshold was 2 (https://github.com/net4people/bbs/issues/249#issuecomment-1547034480) for the other the threshold was 3 (https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss…) * Seems to have stopped since 2023-05-15 * List of mitigations at https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… * first step, if it happens again, is to specify just 1 bridge in Connection Assist for China * use snowflake-02 as it is currently more lightly loaded * Web browsers also make 2 or more near-simultaneous connections, maybe they were getting overblocked and that's why it stopped? * https://kb.mozillazine.org/Network.http.max-connections-per-server * Setting MaxConnsPerHost=1 in snowflake-client still does a double rendezvous, but to 2 *different* Fastly IP addresses rather than the some one twice. * https://gitlab.torproject.org/tpo/core/tor/-/issues/40578 was for two bridges already, so would not directly fix this case * "we could set numentryguards 1 for snowflake users i guess, but i think we want two" * Update on Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * after a lot of research the proposed solution is to enable datagram transport on webrtc to deal with the packet loss situation * that will convert webrtc into an unreliable channel, and snowflake will add reliablity with kcp * (Proposal under discussion, discuss on irc meeting next week) * Research about designing an armored bridge line sharing URL format * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126 * Regarding bridge churn for Lox (https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/wikis/…) * past research and source code on relay (not bridge) churn: * https://metrics.torproject.org/networkchurn.html * https://nymity.ch/sybilhunting/churn-values/ * https://www.cs.kau.se/philwint/spoiled_onions/ * https://nymity.ch/papers/pdf/winter2014a.pdf#page=22 == Actions == * == Interesting links == * Unofficial(?) Snowflake extension for Safari in Apple App Store? * https://apps.apple.com/us/app/torproject-snowflake/id1597501940 * Previously noted at https://lists.torproject.org/pipermail/anti-censorship-team/2022-February/0… == Reading group == * We will discuss "Lox: Protecting the Social Graph in Bridge Distribution" on 2023 May 18 * https://cypherpunks.ca/~iang/pubs/lox-popets23.pdf * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-05-18 Last week: - away - foci stuff - reviewed some Lox MRs - wrote up a Lox roadmap from meeting - https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/wikis/… This week: - open issue about archiving snowflake prometheus metrics - lox-wasm tor browser builds Needs help with: dcf: 2023-05-18 Last week: - did analysis of blocking of the snowflake broker front domain in China https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… - commented on shelikhoo's proposal for a new snowflake client–proxy protocol based on unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - upgrade tor on snowflake-01 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Help with: meskio: 2023-05-18 Last week: - catching up after vacation - review rdsys metrics for flickering bridges (rdsys!122) Next week: - finish webtunnel rdsys support Shelikhoo: 2023-05-18 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - Research about designing an armored bridge line sharing URL format (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126) - Snowflake Performance Analysis (Ongoing, https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Trying to fix vantage point(Ongoing) - logcollector alert system(https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measu… Next Week/TODO: - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - logcollector alert system - webtunnel document for proxy operator - Snowflake Performance Analysis onyinyang: 2023-05-11 Last week: - Finished up the Lox library changes to replace gone bridges with new bridges - Added tests and changes to Lox distributor to support this - Refactored lox-distributor for readability This week: - Adding tests for both Lox library and Lox distributor - Refactoring rdsys metrics changes to prevent risk of testing in deployment - https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/122 - Looking into a more reasonable way of storing Lox library data structures: - https://gitlab.torproject.org/onyinyang/lox/-/issues/2 - https://gitlab.torproject.org/onyinyang/lox/-/issues/3 (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice. Question: What makes a bridge useable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Needs Help with: - figuring out whether or not the metrics I added to rdsys actually collect what we want them to. I can run prometheus locally, but am unsure how to match this with a realistic onbasca test that can actually show whether the metrics are useful/correct. Is there a known way to do such tests other than deploy and find out? Update: Not yet! but we are going to work on staging for this soon Itchy Onion: 2023-05-11 Last week: - Continue investigating offline bridges (team#112) - Discovered bridgestrap#37 (cache gives wrong status of bridge sometimes) - Start working on rdsys#56 (persistent storage for certain bridge arributes) This week: - Continue working on rdsys#56 (https://gitlab.torproject.org/itchyonion/rdsys/-/tree/use-embedded-db?ref_t…) hackerncoder: 2023-04-20 last week: - (py-)ooni-exporter torsf (snowflake) - (py-)ooni-exporter web_connectivity Next week: - work on "bridgetester"? - how does Iran block bridges?

1 0