- tor-project - lists.torproject.org

Cecylia's monthly status report, January 2023
by Cecylia Bocovich 02 Feb '23

02 Feb '23

1 0

Rhatto's Monthly Status Report, January 2023
by rhatto 01 Feb '23

01 Feb '23

Hi all :) This is my monthly status report for January 2023 with the main activities I have done during the period. ## 0. Onion Launchpad, a landing page helper for accessing Onion Services * Semi-automated GitHub deployments: Onion Launchpad now comes with a handy script to configure a repository and build a landing page on GitHub. More information at https://gitlab.torproject.org/tpo/onion-services/onion-launchpad#github-dep… * Analytics gathering using the Matomo API: * This is disabled by default. * Basic analytics can be sent to a backend Matomo or Clean Insights endpoint. * Gathering is opt-in through a consent UX. * Upcoming changes will include a customizable Privacy Policy URL. More information at https://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/blob/mai… * Misc fixes and enhancements. ## 2. Sponsor 123 I've also done the regular Sponsor 123 deployments, monitoring, maintenance and development. -- Silvio Rhatto pronouns he/him

1 0

PieroV's Monthly Status Report, January 2023
by Pier Angelo Vendrame 01 Feb '23

01 Feb '23

Hi everyone! Here is my status report for January 2023. This month I worked on several small tasks to polish many small details, especially on the tor-browser-build repository. For example, I removed a shim used to launch tor on Tor Browser for macOS. It was used to declare some Python 2.x compatibility variables for obfs3, so it has not been needed for a long time [0]. Another macOS task was switching our DMG installers from ISO images to HFS filesystems to show a custom volume image [1]. This was quite involved because it introduced reproducibility issues, for which I had to patch the HFS creation to use a deterministic volume UUID [2]. All were part of a parent ticket about cleaning up the "Bundle-Data" directory of Tor Browser [3]. In a somehow related topic, I reviewed how we ship extensions [4]. Moving them to the distribution directory might allow us to enable some profile repair tools if needed, or multiple profiles. On the Tor Browser side, I fixed a problem when running the browser for a long time [5]. I did not handle stdout correctly when switching from nsIProcess to Subprocess. Shoutout to the members of our community for finding the cause, and apologies for any inconvenience it caused! Then, I investigated and tried to remove some calls to home that we inherited from Firefox [6]. Finally, I went back to improving our portable profile directory patch. I feel we are reaching its final form. Best, Pier [0] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41569 [1] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/2… [2] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [3] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [4] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [5] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41549 [6] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40788

1 0

UX Team Meeting cancelled today
by Duncan Larsen-Russell 31 Jan '23

31 Jan '23

Hi folks, The UX Team meeting is cancelled today due to a conflict. But fear not, we shall meet again next week on Tuesday the 7th of Feb. Thanks, Duncan

1 0

Anti-censorship team meeting notes, 2023-01-26
by Shelikhoo 26 Jan '23

26 Jan '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-01-26-16.01.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship team meeting pad -------------------------------- Next meeting: Thursday, February 2 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 28 * must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 * possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == * == Discussion == * * ln5 asks: does the anti-censorship team want a paid-for host to run STUN/TURN servers on? This is something that could be made part of a grant/fund request. * A server we run ourselves is, in principle, easy to block. The intent is either (not fully sure at this point): * Run a server that is open to the public, so that there are collateral users besides just Snowflake users. * Run a server just for Snowflake, and let it be blocked by the censors that know to block it, simply to reduce load on the other servers we use, in the places where it does not get blocked. (Like the default obfs4 bridges, which are also easy to block, but are not in many places.) * Not a lot of excitement for either idea, since connecting to a distinguished STUN/TURN server is a protocol identification risk. * Suggestion is to run a public STUN/TURN server, but only for Snowflake, and only for proxies (not clients), so that it does not become an identifier for clients. * Proxies-only would work for STUN, but if it were TURN, the connection would still be identifiable by censors (because both the proxy and client would relay through the same TURN IP address). * Will ask ln5 and cohosh for more context. * snowflake fallback from domain fronting to amp cache, how/whether/when/etc to implement (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) * arma is going to check how hard would be to change c-tor to only connect to two bridges instead of all of them at once. So maybe we can duplicate bridges with domain fronting and amp cache * we need to check the consecuences of using amp cache, and if we are ok having half of our users using it * use ampcache for snowflake in IR? * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/115 * https://gitlab.torproject.org/tpo/anti-censorship/rdsys-admin/-/merge_reque… * our domain front for both snowflake and circumvention settings is blocked in Iran * that will mean configuring amp cache in Circumvention Settings, the people that will get this configuration will still be able to use domain fronting to access snowflake, but they will keep == Actions == * We should make a ticket for pion to cache its stun answers when possible, because right now it surprises us by asking way more stun questions than it actually needs to. * We might want to be able to spin up our own stun servers, on our own ip/port, for debugging. We should talk to TPA about that goal at some point (not urgent). * Roger will look more at https://gitlab.torproject.org/tpo/core/tor/-/issues/40578 ("only contact the first few working bridges on your bridge list" and plan to have a sense of whether it will be an easy hack or a hard one, for next week. == Interesting links == == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-01-26 Last week: - FOCI workshop prep - some progress on rust library for rdsys backend - https://gitlab.torproject.org/cohosh/rdsys-backend-api This week: - wrap up conjure documentation and write an announcement asking for testers - finish rust library for rdsys backend - continue working on lox client integration in Tor Browser - take a look at the dead on arrival rotating bridge problem - https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… Needs help with: dcf: 2023-01-19 Last week: - made merge request to bring sample snowflake client torrc up to date https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - more review on abbreviating ice specifications https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - promoted the patch to remove Hello Verify Request and asked for testing https://ntc.party/t/second-snowflake-bridge-available-for-testing/3445/11 https://ntc.party/t/in-case-snowflake-rendezvous-gets-blocked/1857/25 - hacking on snowflake-graphs to do per-country graphs Next week: - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… - try Conjure PT development version https://forum.torproject.net/t/tor-dev-introducing-a-conjure-pt-for-tor/4429 Help with: meskio: 2023-01-26 Last week: - give support to bridgesanner (rdsys#143) - review gettor whatsapp implementation (rdsys!66) - investigate the situation of meek in uzbekistan (censorship-analysis#40031) - write S96 report - prepare a Circumvention Settings configuration with ampcache for IR (rdsys-admin!13) - explore snowflake proxy docker options to avoid using the host network (docker-snowflake-proxy#11) Next week: - implement bridgescanner needs (rdsys#143) Shelikhoo: 2023-01-26 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Discussion & Deployment] Rollout of Distributed Snowflake Support - [Coding & Deployment] Proposal: Centralized Probe Result Collector (anti-censorship/team#54) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - reply a lot of tickets - [Merge Request] Automated Container Image Building in Continuous integration (https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/…) Next Week: - [Research] WebTunnel planning (Continue) - push the chunked upload raw data upload change to vantage points - research snowflake's performance issue in China Itchy Onion: 2023-1-26 Last week: - Investigate whether stun over TLS is beneficial to us (issues#40240) - Looking at options for standalone proxy runners to specify an interface (issue#40108) This week: - Lunar New Year break - Continue working on issue #40108 (standalone proxy bind specific IP) - Review MRs hackerncoder: 2023-01-12 last week: - figure out what makes ooni-exporter put all reports from a country in either success or failure (I still don't know why. But I got it to work) Next week: - getting ooni-exporter to work with torsf (snowflake) - work on monitoring bridges health cece: 2022-12-22 This week: - working on creating a dummy WhatsApp bot Next week: - My bot is not yet working as expected s still trying to figure that out Help with: - resources

1 0

PSA: noisy GitLab bot on the loose
by Antoine Beaupré 26 Jan '23

26 Jan '23

Hi everyone, You might have noticed getting a little more email from GitLab than usual this week. It's because I have deployed the fancy 🤖Triage Bot🤖 that was already in operation inside the "team" TPA project to all TPA and web projects over the week. This has first generated a flurry of email as the bot went through all the stale issues we had lying around (and we had a lot!). It also was pinging the author of the ticket instead of the assignee. That was partly fixed: it doesn't explicitly ping anyone now, but still makes a comment. A discussion is ongoing on how to improve that workflow here: https://gitlab.torproject.org/tpo/tpa/triage-ops/-/issues/11 More stale issues are bound to come up in the future: the trick here is that, when you have an issue assigned to you and it's marked Next, Doing, or Needs Information, you MUST update it once in a while, at *least* once every other week. Technically, the bot should be even more aggressive: the ~Doing label is supposed to be "work done this week": https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-5-gitlab#… (On the other hand, the ~Next label is "work done this cycle, typically a month", so it's a bit too aggressive on that.. I personnally do not mind the reminder after two weeks, personnally, but I'm happy to tweak this if people find that too noisy.) I should probably have made a TPA-RFC for this since it seems to affect more people than I expected, but for now this announcement will have to do. Comments welcome in the above issue or please make a new issue in the triage-ops repository if you have more concerns about the bot! https://gitlab.torproject.org/tpo/tpa/triage-ops/-/issues Have a nice day and thanks for flying TPA. :) -- Antoine Beaupré torproject.org system administration

1 1

Notification of my blog posts and internship progress
by Cecilia Orji 25 Jan '23

25 Jan '23

Hi, My name is Orji Cecilia, an Outreachy intern working to Extend GetTor to distribute TorBrowser on censored networks over IM and social media <https://www.outreachy.org/outreachy-december-2022-internship-round/communit…>. My mentors are meskio and Gaba. I am writing to notify you of my blog posts which talk about my internship and how it is going. Below are links to my blog post which I will like to be added to the archives if possible; - https://dev.to/vivcis/introducing-cecilia-35jc - https://dev.to/vivcis/everybody-struggles-1085 - https://dev.to/vivcis/think-about-your-audience-extend-gettor-browser-2904 Regards, Cecilia

2 2

Proxy Leak Detector/Preventor (Outreachy)
by Robert Mindo 17 Jan '23

17 Jan '23

Greetings! I wanted to share an update on the progress of the project. So far, the ability to detect the IP address and port that socket system calls are sending data to has been successfully implemented. Additionally, the capability to block system calls that are sending data to an IP address and port that is not the desired proxy. An option to kill the application if a proxy leak occurs has been added, which is useful for manual QA testing of applications. Furthermore, an option to allow proxy leaks but log any that occur has also been added, which is useful for automated testing of applications. Additionally, the capability to use the environment variables that Tor Browser uses, such as TOR_SOCKS_PORT, to decide what the desired proxy is, has been included. SOCKSification is currently being implemented. The approach is to intercept the connect syscall's entry point and modify the destination IP/Port by manipulating the syscall. The exit of the connect syscall is then intercepted in order to capture the returning file descriptor representing the established socket. The file descriptor is duplicated using pidfd getfd, then a SOCKS5 handshake is done. Overall, the project is progressing well and any suggestions are much welcomed. Github Repository <https://github.com/namecoin/heteronculous-horklump> Project Summary <https://www.namecoin.org/2022/11/29/introducing-intern-robert-nganga.html> Thank You, Robert.

1 0

Next Tor Browser Meeting Moved to 2023-01-17
by Richard Pospesel 13 Jan '23

13 Jan '23

Hi Everyone, The 16th is a US Federal Holiday and therefore an official Tor Project holiday as well. We will therefore move the weekly applications dev meeting to Tuesday the 17th at 1500 UTC in #tor-meeting on OFTC IRC. best, -Richard

1 0

Anti-censorship team meeting notes, 2023-01-12
by Shelikhoo 12 Jan '23

12 Jan '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-01-12-15.58.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship team meeting pad -------------------------------- Next meeting: Thursday, January 19 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 28 * must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 * possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == * Open Collective funding for Snowflake bridge operations is open * https://opencollective.com/censorship-circumvention/projects/snowflake-dail… * First update post: https://opencollective.com/censorship-circumvention/projects/snowflake-dail… == Discussion == * Enable snowflake-02 in Orbot * snowflake-02 (enabled in Tor Browser only) currently gets only about 5% the traffic of snowflake-01 * at this moment: * snowflake-01: 445 MiB/s * snowflake-02: 21 MiB/s * snowflake-01 reaching its CPU limit * discuss with topic with guardian project at next S96 meeting * deofuscation obfs4 issues are public * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs… * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/91 * is the stun.stunprotocol.org situation resolved to everyone's satisfaction, or is more attention required? * https://lists.torproject.org/pipermail/anti-censorship-team/2022-December/0… * removed from default lists https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * it is resolved * (From last week) arti-based obfs4 quick reachability monitor https://gitlab.torproject.org/tpo/core/arti/-/issues/717#note_2866528 * feel free to comment on it * snowflake blocking in Russia (maybe TSPU only) by Hello Verify Request (since about 2022-07-20) * https://ntc.party/t/second-snowflake-bridge-available-for-testing/3445/7 * https://ntc.party/t/in-case-snowflake-rendezvous-gets-blocked/1857/9 * https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… * https://explorer.ooni.org/chart/circumvention?since=2022-07-08&until=2022-0… * Side note: see how correlated the number of daily reports is between CA and RU. Originally dcf included CA on this graph to highlight a potential problem in the OONI torsf test, since Snowflake should not be blocked in Canada. But a more likely explanation may be geolocation errors; i.e., that IPs in Russia are being mistakenly attributed to Canada, and therefore Canda shows an unexpectedly high rate of anomalies. We suspect something similar happened with IR->US in https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…. * shelikhoo will look into it == Actions == * == Interesting links == == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2022-01-12 (away this week) Last week: - updated default STUN servers in the proxy and client - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - submitted MR for conjure on desktop TB - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… - worked on debugging domian fronting issues with conjure - https://gitlab.torproject.org/tpo/tpa/team/-/issues/41023 - wrote up an analysis of BridgeDB anti-enumeration methods - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/84 This week: - continue work on conjure client - more work on lox integration Needs help with: dcf: 2023-01-12 Last week: - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… - experimented with increasing conntrack limits on snowflake-01 and documented how to do it in the installation guide https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - reviewed merge request to abbreviate stun server specifications https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - made a public repo with code to generate snowflake graphs https://gitlab.torproject.org/dcf/snowflake-graphs, used for the graph at https://opencollective.com/censorship-circumvention/projects/snowflake-dail… - restarted snowflake-01 with 4 KCP state machines https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - made a public repo for obfs4 remote testing scripts https://gitlab.torproject.org/dcf/obfs4-checks and made a graph of obfs4 bridge upgrade progress https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs… Next week: - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… - try Conjure PT development version https://forum.torproject.net/t/tor-dev-introducing-a-conjure-pt-for-tor/4429 Help with: meskio: 2023-01-12 Last week: - publish obfs4 deobfuscation bugs - start working on localization support for rdsys (rdsys#11) - review dummy whatsapp bot (rdsys!66) - add microsoft edge installation to snowflake website (snowflake-webext!62) Next week/after holidays: - add localization support to rdsys (rdsys#11) - support bridgescanner (rdsys#143) Shelikhoo: 2023-01-12 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Discussion & Deployment] Rollout of Distributed Snowflake Support - [Coding & Deployment] Proposal: Centralized Probe Result Collector (anti-censorship/team#54) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - [Merge Request Done] Update to support chunked upload of probe log(https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurem… - [Merge Request Done] Add Resumable Upload to Log Collector (https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/…) - [Merge Request Done] cumulative updates on providing more options: loopback traffic collection, raw log collection, remove obfs4 bridge line input for snowflake (https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/…) Next Week: - [Research] WebTunnel planning (Continue) - Fixing the vantage point in Russia - push the chunked upload raw data upload change to vantage points Itchy Onion: 2022-1-12 Last week: - worked on RACE performance issue This week: - Made progress on the RACE performance improvement -- the plugin now is able to reuse snowflake connections to send multiple messages between the same hosts. I'm not entirely convinced the improvements are substantial yet. Will run some tests and see if it can be further improved hackerncoder: 2022-01-12 last week: - figure out what makes ooni-exporter put all reports from a country in either success or failure (I still don't know why. But I got it to work) Next week: - getting ooni-exporter to work with torsf (snowflake) - work on monitoring bridges health cece: 2022-12-22 This week: - working on creating a dummy WhatsApp bot Next week: - My bot is not yet working as expected s still trying to figure that out Help with: - resources

1 0