tor-project

tor-project@lists.torproject.org

17 participants
2325 discussions

minutes from the sysadmin meeting
by Antoine Beaupré 15 Feb '22

15 Feb '22

Hi everyone, We had our monthly sysadmin meeting (a bit late for various reasons) for February, and here are the minutes. # Roll call: who's there and emergencies No emergencies: we have an upcoming maintenance about chi-san-01 which will require a server shutdown at the end of the meeting. Present: anarcat, gaba, kez, lavamind # Storage brainstorm The idea is to just throw ideas for this ticket: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40478 anarcat went to explain the broad strokes around the current storage problems (lack of space, performance issues) and solutions we're looking for (specific to some service, but also possibly applicable everywhere without creating new tools to learn) We specifically focused on the storage problems on gitlab-02, naturally, since that's where the problem is most manifest. lavamind suggested that there were basically two things we could do: 1. go through each project one at a time to see how changing certain options would affect retention (e.g. "keep latest artifacts") 2. delete all artifacts older than 30 or 60 days, regardless of policy about retention (e.g. keep latest), could or could not include job logs other things we need to do: * encourage people to: "please delete stale branches if you do have that box checked" * talk with jim and mike about the 45GB of old artifacts * draft new RFC about artifact retention about deleting old artifacts and old jobs (option two above) We also considered unchecking the "keep latest artifacts" box at the admin level, but this would disable the feature in all projects with no option to opt-in, so it's not really an option. We considered the following technologies for the broader problem: * S3 object storage for gitlab * ceph block storage for ganeti * filesystem snapshots for gitlab / metrics servers backups prototype with image/cache storage on runners? safer because easy to rollback We'll look at setting up a VM with minio for testing. We could first test the service with the CI runners image/cache storage backends, which can easily be rebuilt/migrated if we want to drop that test. This would disregard the block storage problem, but we could pretend this would be solved at the service level eventually (e.g. redesign the metrics storage, split up the gitlab server). Anyways, migrating away from DRBD to Ceph is a major undertaking that would require a lot of work. It would also be part of the largest "[trusted high performance cluster][]" work that we recently de-prioritized. [trusted high performance cluster]: https://gitlab.torproject.org/groups/tpo/tpa/-/milestones/2 # Other discussions We should process the pending TPA-RFCs, particularly TPA-RFC-16, about the i18 lektor plugin rewrite. # Next meeting Our regular schedule would bring us to March 7th, 18:00UTC. # Metrics of the month * hosts in Puppet: 88, LDAP: 88, Prometheus exporters: 143 * number of Apache servers monitored: 25, hits per second: 253 * number of self-hosted nameservers: 6, mail servers: 8 * pending upgrades: 0, reboots: 0 * average load: 2.10, memory available: 3.98 TiB/5.07 TiB, running processes: 722 * disk free/total: 35.81 TiB/83.21 TiB * bytes sent: 296.17 MB/s, received: 182.11 MB/s * planned bullseye upgrades completion date: 2024-12-01 * [GitLab tickets][]: 166 tickets including... * open: 1 * icebox: 149 * needs information: 2 * backlog: 7 * next: 5 * doing: 2 * (closed: 2613) [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards Upgrade prediction graph lives at: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bullseye/ # Number of the month -3 months. Since the last report, our bullseye upgrade completion date moved backwards by three months, from 2024-09-07 to 2024-12-01. That's because we haven't started yet, but it's interesting that it's seems to be moving back faster than time itself... We'll look at deploying a perpetual movement time machine on top of this contraption in the next meeting. -- Antoine Beaupré torproject.org system administration

1 0

Anti-censorship team meeting notes, 2022-02-10
by meskio 10 Feb '22

10 Feb '22

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-02-10-15.59.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday February 10th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == Our anti-censorship roadmap: Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards The anti-censorship team's wiki page: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home Past meeting notes can be found at: https://lists.torproject.org/pipermail/tor-project/ Tickets that need reviews: from sponsors we are working on: All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… Sponsor 30 https://gitlab.torproject.org/groups/tpo/-/milestones/4 https://gitlab.torproject.org/groups/tpo/-/milestones/7 https://gitlab.torproject.org/groups/tpo/-/milestones/5 https://gitlab.torproject.org/groups/tpo/-/milestones/6 Sponsor 28 must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… == Announcements == == Discussion == Add SOCKS5 forward proxy support: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… a complex non-essential function, do we want it in? previous discussion on the topic: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-12-02-15.59.html current implementation has DNS leaks in osx/ios shell is going to implement the work around the DNS leaks, and we'll evaluate if is mergeable or too complex. What failures count as emergencies for the anti-censorship team? https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/48 https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Processes/Em… will close after a few days if there is nothing to add == Actions == == Interesting links == https://ntc.party/t/ooni-reports-of-tor-blocking-in-certain-isps-since-2021… report of meek probabilistically not working in Russia since 2022-02-06 > Statistical analysis with respect to meek-azure is not unique, apparently, some VPN services are blocked in a similar way. The difference is in the number of packets. > Blocking meek-azure (fixed address and SNI) requires fewer than 20 TCP segments with data (including TLSv1.3 handshake), client traffic is not counted. Blocking is probabilistic. > By changing the address (in the hosts file) or the front domain, exclude this analysis. Change the server traffic (within the analysis window), bypass it. For example, add to the line with meek-azure: utls=helloios_auto Lessons from the January 2022 Internet shutdown in Kazakhstan for censorship circumvention https://github.com/net4people/bbs/issues/102 == Reading group == We will discuss "Weaponizing Middleboxes for TCP Reflected Amplification" on 2022-02-17 https://censorbib.nymity.ch/#Bock2021b Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. anadahz: 2022-01-27 Last week: - Increase timeout check cycles for default-bridge-felix-1 and default-bridge-felix-2 as they have been generating too many alerts: https://gitlab.torproject.org/tpo/anti-censorship/monit-configuration/-/mer… cecylia (cohosh): last updated 2022-02-10 Last week: - remove oneshot mode from snowflake server (snowflake#40098) - lots of documentation for handing off s28 work - bumped version of snowflake library to v2.1.0 - responded again to ooni's snowflake test questions - wrote patch to fix unitialized field of SnowflakeListener (snowflake#40099) - finished prepping our s28 snowflake evaluation for this month - wrote up a wiki page documenting what counts as an emergency (team#48) This week: - reviews if needed - shadow testing - around for questions Needs help with: dcf: 2022-02-10 Last week: - updated snowflake bridge installation and survival guides for the load-balanced setup https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Gui… https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Gui… - opened an issue for metrics graphs with load-balanced relays https://gitlab.torproject.org/tpo/network-health/metrics/onionoo/-/issues/4… - started a thread on tor-dev about alternatives for ExtORPort authentication and disabling onion key rotation https://lists.torproject.org/pipermail/tor-dev/2022-February/014695.html - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: Help with: agix: 2021-02-10 Last week: - Continued work on gettor-twitter Next week: - Hopefully finish the task Help with: - arlolra: 2022-01-20 Last week: - [added 2022-01-20 by dcf] ALPN support for pion DTLS https://github.com/pion/dtls/pull/415 Next week: - Figure out where in pion/webrtc ALPN should be configured and used - Maybe add Chacha20Poly1305 to pion/dtls https://github.com/pion/dtls#planned-features https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: - maxb: 2021-09-23 Last week: - Worked on https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… re: utls for broker negotiation - Had conversation with someone about upstream utls http round tripper https://github.com/refraction-networking/utls/pull/74 - Too busy with work :/ Next week: - _Really_ want to get a PR for utls round tripper meskio: 2022-02-10 Last week: - bridgedb reconnection issues with rdsys - fixes on bridge port scan (bridge-port-scan#6) - digging into bridge authority IPv6 issues - obfs4 debian package support (obfs4#33736) - telegram bot bridges rotation - test deployment for the new rdsys/bridgedb setup is live!!! (rdsys#12) - review snowflakes suppression of verbosity in logs (snowflake!74) Next week: - make easier to test bridgedb ater rdsys change (bridgedb#40034) - bridgestrap is not displaying the results (bridgestrap#31) - bridgedb reconnection issues with rdsys Shelikhoo: 2022-02-10 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake(snowflake!64) - [Merge Request Done] Add verbosity switch to suppress diagnostic output(snowflake#40079, snowflake!74) - [Discussion] Implement metrics to measure snowflake churn(snowflake#34075) - [Discussion] Proposal: Support for Dynamic IP obfs4 bridges with unattended proxy information update(aka "Subscription") - [Discussion] Proposal: Push Notification Based Signaling Channel - [Discussion] Proposal: Centralized Probe Result Collector(anti-censorship/team#54) - [Discussion] HTTPT & Websocket(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-trans… - [Investigate] Is there a better moat/snowflake SNI than cdn.sstatic.net? (snowflake#40068) - [Investigate] Multi-instance Load Balanced Tor - Snowflake Deployment - [Investigate] China "Anti-Fraud" Webpage Redirection Censorship(censorship-analysis#40026) - [Investigate] uTLS for broker negotiation Next Week: - [Discussion] Implement metrics to measure snowflake churn (snowflake#34075) - [Discussion] Proposal: Push Notification Based Signaling Channel - [Coding] uTLS for broker negotiation - [Coding] Proposal: Centralized Probe Result Collector(anti-censorship/team#54) HackerNCoder: 2021-12-16 This week: Last/done: Setup web mirror on tor.encryptionin.space Next: Get (new VPs with) new IP and setup new web mirror on new domain hanneloresx: 2021-3-4 Last week: - Submitted MR for bridgestrap issue #14 Next week: - Finish bridgestrap #14 - Find new issue to work on Help with: - -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

Onion Service SRE Kickstart notes and meeting minutes
by rhatto 09 Feb '22

09 Feb '22

Hi all :) Here goes the initial notes and first meeting minutes about the Onion Services SRE work which is part of the Sponsor 123 project. # Onion Services Site Reliability Engineering - Kickstart ## About The Onion Services SRE is focusing on procedures for automated setup and maintenance of high availability Onion Services sites. ### Objectives and key results (OKRs) Objective: this project is part of the "Increase the adoption of Onion Services" priority for 2022 (https://miro.com/app/board/uXjVOQz6oZg=/), for which we can select the following goals: 0. Easy to setup and maintain. How to measure this? 1. Sane defaults. How to measure this? 2. Configurable and extensible. How to measure this? ## Initial plan 0. Meeting with dgoulet, hiro and anarcat to get advice on kickstarting the project: what/where to look for about specs, tools, goals, security checklists, limits etc (meeting minutes bellow). 1. Research on all relevant deployment technologies: build a first matrix. 2. Then meeting with the media organizations: inventory, compliances check etc. 3. Build the second matrix (use cases). ## Kickstart meeting agenda ### Dimensions Split discussion in two dimensions: 0. What are the possible architectures to build an Onion balanced service? 1. What are the available stacks/tools to implement those architectures? ### Initial considerations While brainstorming about this project, the following considerations were sketched: 0. Software suite: Sponsor 123 project includes provisioning/monitoring onion services as deliverables, but the effort could be used to create a generic product (a "suite") which would include an Onionbalance deployer. 1. Key generation: such suite could generate all .onion keys locally (sysadmin's box), encrypting and pushing to a private repository (at least for the frontend onion keypair for each site/service). Then other sysadmins could clone that internal repository and start managing the sites/machines. 2. Disposability: depending on design choice, the frontend .onion address could be the only persistent data, and everything else could be disposable/recycled/recreated in case of failure or major infrastructure/design revamp.. That of course depends if Onionbalance supports backend rotation. Consequence: initial effort could be focused in a good frontend implementation (Oniobalance instance etc), while backends and other nodes could be reworked later if time is limited right now. 3. Elasticity: that leads to the follow requirement: shall this system be such that backend nodes can be added and removed at will? In a way that enables the system to be elastic in the future, adding and removing nodes according to average load or sysadmin command? Or that would need the Onionbalance instance to be restarted (resulting in unwanted downtimes), or even breaking it? Currently Onionbalance supports only up to 8 backends: https://gitlab.torproject.org/tpo/core/onionbalance/-/issues/7 Initial proposal for Sponsor 123 project would be to use a fixed number of 8 backends per .onion site, but experiments could be made to test if a site could have a dynamic number of backends. 4. Uniformity with flexibility: looks like most (if not all) sites can have the same "CDN" fronting setup, while it's "last mile"/endpoints might be all different. That said, the "first half" of the solution could be based in the same software suite and workflow which could be flexible enough to accept distinct endpoint configurations. 5. External instance(s): for the Sponsor 123 contract, a single instance of this "CDN" solution could be used to manage all sites, instead of having to manage many instances (and dashboards) in parallel. Future contracts with other third-parties could either be managed using that same instance or having their own instances (isolation). 6. Internal instance: another, internal instance could be set to manage all sites listed at https://onion.torproject.org if TPA likes and decides to adopt the solution :) 7. Migration support: the previous point would depend in built-in support to migrate existing onion services into the CDN instance. 8. Other considerations: see rhatto's skill-test research. ### Questions General: 0. If you were the Onion Services SRE, how would you implement this project? 1. What existing solutions to look at, and what to avoid? 2. What limits we should expect from the current technology, and how we could work around those? Architecture: 0. What people think about the architecture proposed by rhatto during his skill-test (without paying attention to the improvised implementation he coded)? 1. Tor daemon is single process, no threads. How it scales under load for Onion Services and with a varying number of Onion Services? 2. Which other limits are important to be considered in the scope of this project, like the current upper bound of 8 Onionbalance backend servers? Implementation: 0. What are the dimensions for the comparison matrix of existing DevOps solutions such as Puppet, Ansbile, Terraform and Salt (and specific modules/recipes/cookbooks /roles)? 1. Shall this suite be tested using Chutney or via the shadow simulator (Gitlab CI)? Makes sense? 2. Which other tests should be considered? 3. How TPA manages passphrases and secrets for existing systems and keys? 4. What (if any) TPA (or other) security policies should be observed in this project? 5. Which solutions are in use to manage the sites listed at https://onion.torproject.org/? Management: 0. Sponsor 123 Project Plan timeline predicts setup of first .onion sites on M1 and M2, with 2-5 business days to set up a single .onion site. But coding a solution could take longer. How to do then? Suggested approach is to have a detailed discovery phase while coding the initial solution in parallel. Some rework migth be needed, but we can gain time in overall. ## Possible next tasks 0. Gather all relevant docs on onion services. 1. Build a comprehensible Onion Service checklist/documentation, including stuff like: * Basic: * Relay security checklist (if exists). * Best practices and references: see existing and legacy docs like https://gitlab.torproject.org/legacy/trac/-/wikis/doc/OperationalSecurity * Making sure the system clock is synchronized. * Setup the Onion Location header. * Encrypted backup of .onion keys. * Optional: * Vanity address generation (using `mkp224o`)? * Setup HTTPS with valid x509 certificates (and automatic HTTP -> HTTPS connection upgrade). * Setup Onion Names (HTTPS Everywhere patch, or whatever is on it's place). * Onion v3 auth (current unsupported by Onionbalance, see https://gitlab.torproject.org/tpo/core/onionbalance/-/issues/5). 2. Create repository (suggested name: Oniongroove - gives groove to Onionbalance!). 3. Write initial spec proposal for the system after both matrixes are ready and other requirements are defined, dealing with architecture, implementation and UX. 4. Write a threat model for the current implementation, considering issues such as lack of support for offline Onion Services keys, which makes the protection of the frontend keys a critical issue. 5. Create tickets for these and other tasks. ## Meeting Minutes - 2022-02-08 ### Participants * Anarcat * David * Hiro * Rhatto ### Discussion (Free note taking, don't necesarilly/preciselly represents what people said) Rhatto: * Short intro, summarizing stuff above. Hiro: * When talking last year with NYT: something that helps on the community side: someone that does a course (bootcamp) on devops, applying stuff like Terraform, Ansible etc. * What would be easier to rhatto to do (script, ansible ). Anarcat: * Puppet/agent: * TPA is a big puppet shop. But don't think it's the good tool for the job: too central, like having a central puppet server. * Also ansible is more popular. * Ansible has little requirement, easier to deploy and to reuse. * Not sure about Terraform, issues provisioning to Hetzner or Ganeti. Rhatto: * Maybe something to deploy node instances and atop of that using stuff like ansible to provision the services? * How TPA provision nodes at Hetzner and Ganeti? * Shall we look at Kubernetes? Anarcat: * Before joining Tor: what kind of a mess and shell scripts. * Wrote a kind of a debian installer with python + fabric. * The installer makes a machine configured up to be added do LDAP/Puppet. * Maybe a MVP that uses ansible (services setup) and then another using Terraform (node setup). Hiro: * Docker Swarm using Terraform. * Likes ansible (because of python+ssh only requirement). * About Kubernetes: same issue with puppet: have to run a centralized set of control nodes. * Ansible: lots of recipes available to harden the machine. * Puppet is complicated I think because it works for your own infrastructure. * It works for companies because it is tailored to providers. David: * There are lots of recipes and blog posts about ansible for Tor. Anarcat: * Docker: does provide some standard environment. * Like what rhatto did at his skill test. * Question with Docker: what to do? Swawm, Kubernets, Compose? Irony with Docker, with is not obvious in how to use at production. * Docker might be interesting for use to produce docker containers. * Part of the job is to do that evaluation. Rhatto: * Could do all this research. Anarcat: * About stopping using NGINX: having troubles with the blog, upstream charging a lot for the traffic. * NGINX: generic webserver, had heard lots of good things about. * Setup 2 VMs caching the blog, but them retired as the caching is not. * NGINX as an opencore, specially tricking when you want to do monitoring. * OpenResty is very interesting. Hiro: * OpenResty: similar opencore model like NGINX. Rhatto: * How to connect the sollution and the endpoint. * Questions: * Local .onion keypair generation is a good approach? * Could offline .onion keys support be in the roadmap? * Are backend keys disposable? David: * Offline key is very unlikelly to have it until the Rust rewrite. Would not bet on that to come for this project. * Local key generationg and deployment: there will be a need for this. * Would not bet that we could rotate the Onionbalance keys. ### Next See "Possible next tasks" section above :) -- Silvio Rhatto pronouns he/him

1 0

Tails report for January 2022
by intrigeri 09 Feb '22

09 Feb '22

Tails report for January 2022 <https://tails.boum.org/news/report_2022_01/> Releases Tails 4.26 was released on January 11 <https://tails.boum.org/news/version_4.26/index.en.html>. Among other changes, it added a shortcut to open the /Tor Connection/ assistant when starting /Tor Browser/ if Tails is not connected to the Tor network yet. Usability improvements Installation pages We fixed all the low-hanging fruits among the issues identified in December during usability tests of first-time use <https://tails.boum.org/news/report_2021_12/>: * #18764 <https://gitlab.tails.boum.org/tails/tails/-/issues/18764>: "Start in macOS" is confusing when obvious * #18765 <https://gitlab.tails.boum.org/tails/tails/-/issues/18765>: QR code in steps is unclear * #18771 <https://gitlab.tails.boum.org/tails/tails/-/issues/18771>: Add screenshot of Plymouth to installation steps * #18773 <https://gitlab.tails.boum.org/tails/tails/-/issues/18773>: Update time estimates in overview After which we started a bigger project to restructure our installation pages. Stay tuned! Connecting to Tor Polishing the user experience of connecting to Tor from Tails is one of our top priorities for 2021-2023. We are continuously designing and implementing improvements in this area. Here's the January 2021 edition :) We noticed a while ago, thanks to usability tests, that users not accustomed to the GNOME desktop have difficulties connecting to Wi-Fi. So we made this more discoverable last year, by making Wi-Fi settings reachable from /Tor Connection/. Unfortunately, while our initial implementation looked OK in a simplified test environment, it turns out it was not working in real user scenarios, so we fixed it (#18587 <https://gitlab.tails.boum.org/tails/tails/-/issues/18587>). Metrics Tails has been started more than 773 496 times this month. This makes 24 951 boots a day on average.

1 0

UX team meeting notes, February 8th
by Duncan Russell 08 Feb '22

08 Feb '22

Hello, Thanks to everyone who made it to today's UX Team meeting! We’re looking forward to seeing you all again in a week’s time on February 15th. Here are the minutes: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-02-08-16.59.log… <http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-02-08-16.59.log…> Today we shared an update on our progress with the research and specification of the Tor VPN Client for Android (Sponsor 101), briefly discussed the UX Team roadmap for Q1, and reviewed Joydeep's user support report for January. *** == User Experience Team Meeting == UX Team meetings happen every Tuesday at 1700 UTC in #tor-meeting on OFTC. Here are the logs from our last meeting on February 8th: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-02-08-16.59.log… <http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-02-08-16.59.log…> == Useful links == About the UX Team: https://gitlab.torproject.org/tpo/ux/team <https://gitlab.torproject.org/tpo/ux/team> UX repository: https://gitlab.torproject.org/tpo/ux <https://gitlab.torproject.org/tpo/ux> UX roadmap: https://www.figma.com/file/n4ETd0cUkcfj3KyclJQnt3/UX-Team-Planning?node-id=… <https://www.figma.com/file/n4ETd0cUkcfj3KyclJQnt3/UX-Team-Planning?node-id=…> UX kanban: https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… <https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&…> Team kanban: https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&label_name[]=UX… <https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&label_name[]=UX…> -------------------------- Tuesday February 8th 17:00 UTC -------------------------- == What projects are we working on? == S9 - Usability and Community Intervention on Support for Democracy and Human Rights https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… <https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&…> S30 - Empowering Communities in the Global South to Bypass Censorship https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… <https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&…> S96 – Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibet https://gitlab.torproject.org/groups/tpo/-/milestones/24 <https://gitlab.torproject.org/groups/tpo/-/milestones/24> S101 - Tor VPN Client for Android https://gitlab.torproject.org/groups/tpo/-/milestones/32 <https://gitlab.torproject.org/groups/tpo/-/milestones/32> == Announcements == * Tor Browser 11.0.5 for Android release: https:// <https://blog.torproject.org/new-release-tor-browser-1105/>blog.torproject.org/new-release-tor-browser-11 <https://blog.torproject.org/new-release-tor-browser-1105/>05 <https://blog.torproject.org/new-release-tor-browser-1105/>/ <https://blog.torproject.org/new-release-tor-browser-1105/> == Agenda == 1. Announcements 2. Weekly planning 3. UX Team Q1 roadmap review 4. Joydeep's user support report for Jan 2022 (https://lists.torproject.org/pipermail/tor-project/2022-February/003283.html <https://lists.torproject.org/pipermail/tor-project/2022-February/003283.html>) == Weekly planning == Note: Please highlight anything you'd like to discuss below in **bold** Duncan Last week (actual): - Started the UX evaluation of comparable Android apps for S101 (VPN) - Began writing user stories for S101 (VPN) - Attended first thread models committee meeting for S101 (VPN) - Briefed nicob on onion glyph project for Tor Browser - Iterated on the arti logo with nicob - Purchased Figjam licenses for team - Continued to support S96 (torconnect) development - Restarted release meetings & discussed plan for immediate releases This week (planned): - Continue UX evaluation of comparable Android apps and user stories for S101 - Presenting Objective 1 (UX) progress for S101 (VPN) on Wednesday - Update the UX Team roadmap - Present the UX Team roadmap at this week's All Hands - Start work on additional designs for S96 (torconnect) - Finish and distribute the tor-qa survey - Review UX Research report template Nah Last week (actual): - S9 survey to find human rights defenders’ challenges and needs * https://gitlab.torproject.org/tpo/ux/research/-/issues/72 <https://gitlab.torproject.org/tpo/ux/research/-/issues/72> * Understand and work on: https://gitlab.torproject.org/tpo/ux/research/-/issues/61 <https://gitlab.torproject.org/tpo/ux/research/-/issues/61> - S30 training and user research planning * https://gitlab.torproject.org/tpo/ux/research/-/issues/71 <https://gitlab.torproject.org/tpo/ux/research/-/issues/71> - S101 interviews planning - screening survey * https://gitlab.torproject.org/tpo/ux/research/-/issues/70 <https://gitlab.torproject.org/tpo/ux/research/-/issues/70> - updated UR roadmap This week (planned): - S9 survey to find human rights defenders’ challenges and needs. Status: creating questionnaire on limesurvey in spanish and english, trying to make it look better, sharing with S9 partners. * https://gitlab.torproject.org/tpo/ux/research/-/issues/72 <https://gitlab.torproject.org/tpo/ux/research/-/issues/72> * Study and summarize our User Research material to create a primer to share with S9 partners: https://gitlab.torproject.org/tpo/ux/research/-/issues/61 <https://gitlab.torproject.org/tpo/ux/research/-/issues/61> - S30 call for participation is live! Sharing with communities in Brazil and Mexico, and planning User Research (both for Tor and Orbot) * https://gitlab.torproject.org/tpo/ux/research/-/issues/71 <https://gitlab.torproject.org/tpo/ux/research/-/issues/71> - S101 interviews planning. Status: creating the questionnaire on Limesurvey. * https://gitlab.torproject.org/tpo/ux/research/-/issues/70 <https://gitlab.torproject.org/tpo/ux/research/-/issues/70> - S96: starting to research/plan our next activities Nicob Last week (actual): - Glyph audit - Started combination mark exploration for Tor Browser - ARTI color and background exploration - CFP graphics - Safer Internet Day graphic - Revised two onion glyph SVGs - Research for Comms 22 vis direction This week (planned): - Sketch onion glyph explorations - Update mono onion sticker for print - Continue research for Comms 22 vis direction == Open Call for User Research == Find out how to contribute to the UX team: https://community.torproject.org/user-research/how-to-volunteer/ <https://community.torproject.org/user-research/how-to-volunteer/> Thanks everyone! *** Duncan Larsen-Russell Product Manager & UX Team Lead duncan(a)torproject.org <mailto:duncan@torproject.org>

1 0

Community Team meeting notes - February 07 2022
by gus 07 Feb '22

07 Feb '22

Hi, Here's our meeting log: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-02-07-13.59.log… Next meeting: Monday, February 14, 2022 - 1400 UTC Weekly meetings, every Monday at 14:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) ## Goal of this meeting Weekly checkin about the status of Community Team work at Tor. ## Links to Useful documents * Relay operators - Tor 0.3.5.x EOL: https://forum.torproject.net/t/tor-relays-tor-0-3-5-x-is-unsupported-please… ## Discussion * welcome rhatto * Workshop - Relay operator sysadmin 101 (gman): https://gitlab.torproject.org/tpo/community/relays/-/issues/36 * Tor training with human rights defenders in brazil and mexico (March - April) * announcement: Chinese (TW, HK) website releases upcoming! ## Updates Gus: This week: - S30 - organizing Tor training in Brazil and Mexico - Outreachy: following up the relay operators interviews with Miko - Outerachy: reviewing relay operators personas - Working on the Training partners page: https://gitlab.torproject.org/tpo/web/community/-/merge_requests/149 - Monitoring telegram bridges health: https://gitlab.torproject.org/tpo/community/support/-/issues/40054 - Network health EOL work with GeKo - Following up with Rhatto and onion services deployment plan Help with: - Something you need help with. Joydeep: This week: - Evaluate Discourse trust levels (https://gitlab.torproject.org/tpo/community/support/-/issues/40060) - Tor Browser support work (pending release) - Review some articles/templates on RT Miko: Last week: - Worked on multiple reports - Finished our first interview with a Relay Operator This week: - Working on rough mockups - Blog posts - Gamification pt 3, My Personal Job Opportunities blog post Help with: - Setting up more interviews with Relay Operators Nina: Last week: - User support on Telegram and RT. We hit 500 hunderd tickets on Telegram - Took part in the meeting - Added one more template on Telegram on how to download Tor Browser This week - User support on Telegram and RT Rhatto: Last week: - Onboarding: https://gitlab.torproject.org/tpo/community/team/-/issues/57 This week: - S123 - Onion Services SRE Kickstart Meeting - Continue on onboarding tasks Help with: - Forking projects on Gitlab: https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/118 emmapeel: Last week: - l10n and merge request previews - small website corrections - rapid response fund support - content updates This week: - l10n docs - prepare weblate move -- The Tor Project Community Team Lead

1 0

Joydeep's Monthly Status Report for January 2022
by Joydeep Sen Gupta 04 Feb '22

04 Feb '22

Hello everyone! This is my monthly status report for January, 2022. This month much of my user support work was concentrated around the three Tor Browser releases (11.0.4 for Desktop [1], 11.5.a2 for Desktop [2], 11.5.a3 for Android [3]), internet shutdown in Kazakhstan [4] and Tor censorship in Russia [5]. For the latter two, I have mostly been helping out with users reporting issues related to Tor Browser and little-t tor. Near the end of month, we also launched a Telegram support channel for users in Russia and I have been working on testing and evaluating our new cdr.link instance [6] from a long term user support perspective. This is ongoing work so definitely stay tuned for more updates! As we wrapped up the year-end campaign [7], we generate lot of interest and support requests from users and supporters of Tor. This month, I resolved all of the tickets we had in this regard on frontdesk. Apart from this, I have been continuing my work moderating and helping users on the Forum (forum.torproject.net), our IRC/Matrix channels and social media platforms. # Frontdesk Timeline : 01 Jan - 31 Jan 2021 Tickets: new: 12 open: 17 resolved: 1711 Breakdown of number of RT tickets received with respect to operating system: (Note: This includes tickets where the user mentioned the operating system or it was evident from the issue they were running into and/or enclosed screenshots.) Windows - 17 macOS - 11 GNU/Linux - 3 Android- 8 Breakdown of most frequent tickets (at least 3 RT tickets): 1. 857 RT Tickets - How to use Tor Bridges in Russia. [5] 2. 452 RT Tickets - Internet shutdown in Kazakhstan: how to circumvent censorship with Tor. [4] 3. 75 RT Tickets - Submissions for 'Help Censored Users, Run a Tor Bridge' campaign. [8] 4. 16 RT Tickets - Private Bridge requests. This is not related to the .ru censorship but requests from Tor users in China, Iran, etc. [9] 5. 6 RT Tickets - Tor Browser incompatible with older versions of macOS. [10] 6. 5 RT Tickets - Missing features in Tor Browser on first-time launch in macOS/Windows. [11] 7. 4 RT Tickets - Issues with downloading files on Tor Browser for Android. [12] # Tor Forum Most popular topics (in terms of views) after January 2022: 1. Internet shutdown in Kazakhstan: how to circumvent censorship with Tor. [4] 2. "Gah. Your tab just crashed" (Tor Browser 11-11.0.2 crashing on certain websites). [13] 3. "Torrent imitation" (Imitate Tor traffic to be similar to torrent traffic). [14] 4. (How to) Check if a bridge is broken using the terminal. [15] 5. Problems with GitHub.com registration CAPTCHA and Tor Browser [16] If you have any suggestions, questions or want to discuss anything in detail please feel free to get in touch. Thanks, -- Joydeep [1]: https://blog.torproject.org/new-release-tor-browser-1104/ [2]: https://blog.torproject.org/new-release-tor-browser-115a2/ [3]: https://blog.torproject.org/new-release-tor-browser-115a3/ [4]: https://forum.torproject.net/t/internet-shutdown-in-kazakhstan-how-to-circu… [5]: https://forum.torproject.net/t/tor-blocked-in-russia-how-to-circumvent-cens… [6]: https://gitlab.torproject.org/tpo/community/support/-/issues/40059 [7]: https://blog.torproject.org/fundraising-2021-results/ [8]: https://blog.torproject.org/wrapping-up-bridges-campaign/ [9]: https://support.torproject.org/censorship/connecting-from-china/ [10]: https://forum.torproject.net/t/version-of-tor-browser-compatible-with-macos… [11]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40679 [12]: https://gitlab.torproject.org/tpo/applications/fenix/-/issues/40192 [13]: https://forum.torproject.net/t/gah-your-tab-just-crashed/1614/10 [14]: https://forum.torproject.net/t/torrent-imitation/1733/6 [15]: https://forum.torproject.net/t/check-if-a-bridge-is-broken-using-the-termin… [16]: https://forum.torproject.net/t/problems-with-github-com-registration-captch…

1 0

Monthly status report for Nina
by nina13＠riseup.net 03 Feb '22

03 Feb '22

Hi everyone, This is my status report for January 2022 Internet shutdown in Kazakhstan During the Kazakh government shut down the Internet in the country[1], it was found that users from that country can still access the Internet using the Tor Browser and specific obfs4 bridges. Taking part in the campaign against censorship and the internet shutdown in Kazakhstan, I translated all the necessary instructions on connecting to Tor into Russian. It's public available on the Forum[2]. After this information was spread among the people in Kazakhstan, there was a massive amount of bridge requests, which were fulfilled as soon as possible. I've answered 452 tickets only about KZ. At the moment, users in the country don't need to use a bridge anymore. See this ticket[3]. Censorship in Russia In January, I continued to support Russian-speaking users via e-mail. In addition, I translated one more RT template - "Russian: Basic troubleshooting when users can't access any particular website". Also I tested the new support platform[4], which allows user support via Telegram. At the end of the month, this channel went live. I looked into the software used to support, familiarized myself with it, translated some templates in Russian and started to use it to communicate with the Tor Browser users. Overall, I closed around 1250 tickets from Russia and Kazakhstan this month on Telegram and RT (frontdesk). From January 24 - February 3, I've answered and closed around 280 support requests in Telegram. Additionally, I translated one website page and advised Russian-speaking users on the IRC channel. Notes [1] https://github.com/net4people/bbs/issues/99 [2] https://forum.torproject.net/t/internet-shutdown-in-kazakhstan-how-to-circu… [3] https://gitlab.torproject.org/tpo/community/support/-/issues/40058 [4] https://gitlab.torproject.org/tpo/community/support/-/issues/40059

1 0

Anti-censorship team meeting notes, 2022-02-03
by meskio 03 Feb '22

03 Feb '22

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-02-03-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday February 3rd 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == Our anti-censorship roadmap: Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards The anti-censorship team's wiki page: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home Past meeting notes can be found at: https://lists.torproject.org/pipermail/tor-project/ Tickets that need reviews: from sponsors we are working on: All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… Sponsor 30 https://gitlab.torproject.org/groups/tpo/-/milestones/4 https://gitlab.torproject.org/groups/tpo/-/milestones/7 https://gitlab.torproject.org/groups/tpo/-/milestones/5 https://gitlab.torproject.org/groups/tpo/-/milestones/6 Sponsor 28 must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… == Announcements == == Discussion == snowflake bridge is now switched back from staging to production https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… load balancing is effective - the bridge is now using all its CPU resources effectively, and is no longer bottlenecked on tor as a consequence, the bridge is providing about twice as much bandwidth as before (now 20 MB/s, from 10 MB/s) however, it is now at the limit of its CPU capability, and will not be able to go faster than it does now for the 6 days the staging server was in use, it was going even faster, up to 30 MB/s. there's no obvious low-hanging fruit in the snowflake-server CPU profile https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… profiling extor-static-cookie could be worthwhile == Actions == == Interesting links == == Reading group == We will discuss "Weaponizing Middleboxes for TCP Reflected Amplification" on 2022-02-17 https://censorbib.nymity.ch/#Bock2021b Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. anadahz: 2022-01-27 Last weeek: - Increase timeout check cycles for default-bridge-felix-1 and default-bridge-felix-2 as they have been generating too many alerts: https://gitlab.torproject.org/tpo/anti-censorship/monit-configuration/-/mer… cecylia (cohosh): last updated 2022-02-03 Last week: - deployed new version of snowflake webextension + badge - fixed issue with file limits at probetest (snowflake#40096) - Updated documentation on schleuder mailing list admin (tpa/wiki-replica!22) - filed issue about mailing list public key change (tpa/team#40609) - reviews - responded to ooni questions about snowflake tests (snowflake#40097) - https://github.com/ooni/probe/issues/2004 - lots of meetings This week: - more reviews - try out recent shadow bug fixes - work with ooni on tor related tests - s28 evaluation prep - look at what's necessary for tapdance/conjure - write up more documentation Needs help with: dcf: 2022-02-03 Last week: - profiled snowflake-server on the staging bridge https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - found a solution to prevent onion key rotation on the load-balanced bridge: a preexisting directory at a destination path https://forum.torproject.net/t/tor-relays-how-to-reduce-tor-cpu-load-on-a-s… - opened an issue for an assertion failure that happens when onion key rotation is prevented https://gitlab.torproject.org/tpo/core/tor/-/issues/40554 - monitored the switchover from the staging snowflake bridge to production, and debugged resulting issues https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - wrote scripts to graph multi-instance bandwidth and clients https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - discovered a couple of minor bugs in snowflake-server https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - update snowflake bridge installation and survival guides - open an issue for metrics graphs correctly showing graphs for fingerprints with multiple instances - start a discussion on tor-dev about alternatives for ExtORPort authentication (remove the need for extor-static-cookie) - start a discussion on tor-dev about supported ways to disable onion key authentication Help with: agix: 2021-01-13 Last week: - Busy with work on Censored Planet Next week: - Continue work on gettor-twitter Help with: - arlolra: 2022-01-20 Last week: - [added 2022-01-20 by dcf] ALPN support for pion DTLS https://github.com/pion/dtls/pull/415 Next week: - Figure out where in pion/webrtc ALPN should be configured and used - Maybe add Chacha20Poly1305 to pion/dtls https://github.com/pion/dtls#planned-features https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: - maxb: 2021-09-23 Last week: - Worked on https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… re: utls for broker negotiation - Had conversation with someone about upstream utls http round tripper https://github.com/refraction-networking/utls/pull/74 - Too busy with work :/ Next week: - _Really_ want to get a PR for utls round tripper meskio: 2022-02-03 Last week: - test deployment for the new rdsys/bridgedb setup (rdsys#12) - read the rdsys token from a file (bridgedb!33) - fixes on country block mechanism for rdsys and bridgedb (rdsys!26) - review bridgedb web redesign in lektor (bridgedb!31) - feedback on the debian package for obfs4proxy (obfs4#33736) - API rethinking for circumvention settings (bridgedb#40043 TorBrowser#40781) Next week: - make easier to test bridgedb ater rdsys change (bridgedb#40034) Shelikhoo: 2022-02-03 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake(snowflake!64) - [Merge Request Done] Privacy preserving stats in Snowflake standalone proxy(snowflake#40079, snowflake!72) - [Merge Request Review Done] Configure what distributor does distribute each resource type - [Discussion] Implement metrics to measure snowflake churn(snowflake#34075) - [Discussion] Proposal: Support for Dynamic IP obfs4 bridges with unattended proxy information update(aka "Subscription") - [Discussion] Proposal: Push Notification Based Signaling Channel - [Discussion] Proposal: Centralized Probe Result Collector(anti-censorship/team#54) - [Discussion] HTTPT & Websocket(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-trans… - [Investigate] Is there a better moat/snowflake SNI than cdn.sstatic.net? (snowflake#40068) - [Investigate] Multi-instance Load Balanced Tor - Snowflake Deployment - [Investigate] China "Anti-Fraud" Webpage Redirection Censorship(censorship-analysis#40026) - [Investigate] uTLS for broker negotiation Next Week: - [Discussion] Implement metrics to measure snowflake churn (snowflake#34075) - [Discussion] Proposal: Push Notification Based Signaling Channel - [Merge Request] Add verbosity switch to suppress diagnostic output(snowflake#40079, snowflake!74) - [Discussion] Proposal: Centralized Probe Result Collector(anti-censorship/team#54) - [Investigate] uTLS for broker negotiation HackerNCoder: 2021-12-16 This week: Last/done: Setup web mirror on tor.encryptionin.space Next: Get (new VPs with) new IP and setup new web mirror on new domain hanneloresx: 2021-3-4 Last week: - Submitted MR for bridgestrap issue #14 Next week: - Finish bridgestrap #14 - Find new issue to work on Help with: - -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

Network Team - Upcoming 0.4.5.12 and 0.4.6.10 - February 2022
by David Goulet 02 Feb '22

02 Feb '22

Greetings! There was a problem in our release engineering flow for our last 0.4.5 and 0.4.6 releases back in December 2021. In short, the git history was merged foward (from previous maintained versions) but not the actual changes for specific commits! Yes this can happen because we use `git merge -s ours` in our workflow at a very specific step in the process which lead to this problem. How it happened, we don't know but since this part is still done manually, it was a human error and likely the normal merge forward was not done for some parts and was done through the "-s ours". Anyway, someone noticed (huge thanks!), you can track it here: https://gitlab.torproject.org/tpo/core/tor/-/issues/40557 The good news is that it was only the new fallbackdir list and GeoIP updates. And thus, these two new releases will just be about that. Quick reminder as well that 0.3.5.x is EOL since Feb 1st and so network team is now done maintaining that version. Upcoming version: - 0.4.5.12 - 0.4.6.10 We've just asked the authorities to recommend these new versions. Cheers! David -- JdqWtdb2QqepPCR0HlXnXo1juV9HTc7FhjLutGwwn2I=

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project