tor-project

tor-project@lists.torproject.org

17 participants
2325 discussions

User Feedback Report - August 2021
by Kulsoom Zahra 03 Sep '21

03 Sep '21

Greetings, everyone! This is a report of the work done by the Community Team in the past month and general user feedback that we've received across our official support channels. Report Period - July 31 upto 31 August, 2021 Tickets resolved in the past month: 165 Here is a list of issues which got the most attention (at least 2 tickets on RT): # Tor Browser Breakdown of number of RT tickets received with respect to operating system: Windows (10,8,7 ...all the way upto Vista) - 24 macOS - 5 Android - 8 GNU/Linux - 2 iOS - 4 (Note: This includes tickets where the user mentioned the operating system or it was evident from the issue they were running into or enclosed screenshots.) 1. 12 RT tickets - Unable to access websites; Login fails. Users also reported issues with payment on sites like eBay, PayPal etc. Regarding websites blocking Tor users, Hackhard GSoC project is tracking the top 500 websites.[1] 2. 5 RT tickets - YouTube not accessible renders the error "Our system have detected unusual traffic from your computer network". We point users to the "Basic Troubleshooting when users can't access any particular website" article (template) on the RT. 3. 5 RT tickets - "Tor Unexpectedly Exited": Failure to launch Tor Browser. We direct users to the "Seven-point basic troubleshooting" article (template) on the RT to help users. 4. 5 RT tickets - Installation Issue (OS - Windows) We ask users to make sure they've downloaded the correct version of TB depending on their Operating System 32-bit or 64-bit. [2] 5. 4 RT tickets - Fake Tor App on Apple Store. Users are being charged after installing a fake Tor Browser app on iOS. We educate users about fake apps and recommend them to solely use the Onion Browser for iOS. 6. 3 RT tickets - Cannot download files on Tor Browser for Android. Regarding this we have a ticket on our GitLab. [3] A workaround for this recurring issue is to make a new Tor connection and relaunch the download. 7. 3 RT tickets - Error "Proxy Server Refused Connection". We ask users NOT to set TBA as their default browser and point them to the article on the Support Portal. [4] 8. 2 RT tickets - Reporting bad onion sites. The Tor Project doesnot host or control onion sites, we answer users taking help from the article on our Support portal. [5] 9. 1 RT ticket - Error "RSA_get0_d could not be located in the dynamic link library tor.exe" on Windows. We have a GitLab ticket regarding this long standing issue. [6] # Onion Services 1. 9 RT tickets - v2 onion deprecation. Users were confused 'how' to upgrade v2 onions to v3. They were asking for a direct link/button to upgrade. We help users identify v2 and v3 onions, point them to the "v2 onion deprecation" article (template) on the RT and FAQ on the Support Portal. [7] # UI/UX and documentation 1. Google Play Store - In terms of user experience, reviews mostly revolve around- 'Unable to access to YouTube and other sites', 'Tor freezes', 'Can't download anything files/images', 'Tor Browser is slow', 'can't upload files' and 'too many captchas'. However, in terms of reviews we have quite a good number of 4 and 5 star ratings. 2. Tor Stack Exchange - Statistics of what the discussion has been about (6 most active tags): hidden-services- 17 questions anonymity- 12 questions security- 9 questions configuration (questions about configuring Tor software)- 6 questions tor-browser-bundle- 6 questions onion-routing - 4 questions 3. Reddit Discussions have been around: * Tor browser is Looping same exits. * Hidden Service for Minecraft * Can't access YouTube and other sites over Tor * Tor is very slow * VPN and Tor - How does using VPN decrease anonymity? * fdroid version from the guardian project not updated * Onion sites # Anti-censorship 1. 5 RT tickets - Bridges not working Tor logs revealed that it was caused by users editing their torrc file; overriding the exit nodes and 'general SOCKS server failure' errors. We educate users NOT to modify their torrc file and one gets the best security Tor can provide when they leave the route selection up to Tor. Then point them to the FAQ on the Support Portal. [8] 2. 4 RT tickets - Bridge requests We got users requesting help to connect to Tor which have been from Iran, China and other countries. We provided private bridges for them. 3. In the past month, there have been instances of censorship and internet shutdowns in countries like Iran and South Sudan. We're following up on their situation.[9] There has also been a decrease in users connecting directly to Tor from Turkmenistan. We've a ticket open to track the status. [10] If you have any suggestions, questions or want to discuss anything in detail please feel free to reach out to me and/or anyone from the Community Team! Thanks, Kulsoom IRC - kulsoom_z Links: [1]: https://gitlab.torproject.org/woswos/CAPTCHA-Monitor/-/wikis/GSoC-2021 [2]: https://www.torproject.org/download/ [3]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/31013 [4]: https://support.torproject.org/tbb/#tbb-32 [5]: https://support.torproject.org/abuse/remove-content-from-onion-address/ [6]: https://gitlab.torproject.org/tpo/core/tor/-/issues/33702 [7]: https://support.torproject.org/onionservices/#v2-deprecation [8]: https://support.torproject.org/tbb/#tbb-16 [9]: https://gitlab.torproject.org/tpo/community/support/-/issues/40034 [10]: https://gitlab.torproject.org/tpo/community/support/-/issues/40030

1 0

Anti-censorship meeting notes, 2021 September 2
by Cecylia Bocovich 02 Sep '21

02 Sep '21

Hi everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-09-02-16.00.html and our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday September 2nd 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Announcements == Job opening on the anti-censorship team: https://www.torproject.org/about/jobs/software-developer-anticensorship-2/ \o/ == Discussion == - CPU use in proxies and bridge - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - bridge is sitting at about 200% CPU: about 30% tor, 170% snowflake-server - might be worth doing one round of profiling? - how to profile the bridge? in production or separately? - can use snowbox as a simulation - proxies can control CPU use with -capacity option - Reading group? - we'll read "BlindTLS" https://dl.acm.org/doi/10.1145/3473604.3474564 - DocsHackathon: - Add a new support item about using Tor in China: https://gitlab.torproject.org/tpo/web/support/-/issues/210 - Merging support.torproject.org/gettor into support.torproject.org/censorship - TM censorship update - do any of our gettor endpoints work in Turkmenistan? - archive.org seems to be ok for DNS, HTTP, and HTTPS == Actions == Update the monthly report for July + August: https://pad.riseup.net/p/l7d6oBd40EQa3u7cFxIk == Interesting links == https://ntc.party/t/an-open-encyclopedia-of-internet-censorship-persian/1223 ACM FOCI 2021 papers https://dl.acm.org/doi/proceedings/10.1145/3473604 "Even Censors Have a Backup: Examining China's Double HTTPS Censorship Middleboxes" https://dl.acm.org/doi/10.1145/3473604.3474559 "Measuring QQMail's automated email censorship in China" https://dl.acm.org/doi/10.1145/3473604.3474560 "A multi-perspective view of Internet censorship in Myanmar" https://dl.acm.org/doi/10.1145/3473604.3474562 "Exploring Simple Detection Techniques for DNS-over-HTTPS Tunnels" https://dl.acm.org/doi/10.1145/3473604.3474563 "BlindTLS: Circumventing TLS-based HTTPS censorship" https://dl.acm.org/doi/10.1145/3473604.3474564 USENIX Security 2021 papers https://www.usenix.org/conference/usenixsecurity21/technical-sessions "Domain Shadowing: Leveraging Content Delivery Networks for Robust Blocking-Resistant Communications" https://www.usenix.org/conference/usenixsecurity21/presentation/wei "How Great is the Great Firewall? Measuring China's DNS Censorship" https://www.usenix.org/conference/usenixsecurity21/presentation/hoang "Balboa: Bobbing and Weaving around Network Censorship" https://www.usenix.org/conference/usenixsecurity21/presentation/rosen "Weaponizing Middleboxes for TCP Reflected Amplification" https://www.usenix.org/conference/usenixsecurity21/presentation/bock "Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations" https://www.usenix.org/conference/usenixsecurity21/presentation/nasr == Reading group == We will discuss "BlindTLS: Circumventing TLS-based HTTPS censorship" on 2021-09-23 https://dl.acm.org/doi/10.1145/3473604.3474564 Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2021-09-02 Last week: - hiring tasks for ac team and network team - more s28 scrimmage work - got snowflake working in shadow - https://github.com/shadow/shadow/pull/1601 - implemented parsing of networkstatus documents for rdsys (rdsys!14) - wrote a draft plug for implementing RTCPeerConnection for v3 manifests - reviewed GetTor implementation in rdsys (rdsys!11) - reviewed snowflake!52 - couple other small reviews This week: - snowflake package documentation and API changes (snowflake#40063) - more rdsys + BridgeDB deployment work - network simulations of Snowflake with shadow - censorship measurement tests and tools - lots of miscellaneous gitlab TODOs Needs help with: - feedback on v3 plug: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… arlolra: 2021-08-12 Last week: - Migrate to v3 of the webextension manifest Next week: - Maybe get back to snowflake-webext #10 - Write up the pitch for our use case for supporting creating PeerConnections in background service workers https://github.com/w3c/webrtc-extensions/issues/77 Help with: - dcf: 2021-09-02 Last week (since 2021-08-19): - helped review snowflake-client SOCKS args https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - more investigation of blocking in Turkmenistan https://gitlab.torproject.org/tpo/community/support/-/issues/40030#note_274… - helped analyze go mod issue with goptlib https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - attended pluggable transports meetup https://internetfreedomfestival.org/wiki/index.php/September_2_2021_GM Next week: - fix meek-client test errors https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek… - identify cause and fix for the goptlib go.mod issue https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - reply to Alexander Mages re SCTP pluggable transport https://lists.torproject.org/pipermail/anti-censorship-team/2021-August/000… Help with: agix:2021-07-15 Last week: -Off due to final exams Next week: -Work on bridgebox for rdsys -More research on httpt #4 Help with: - hanneloresx: 2021-3-4 Last week: - Submitted MR for bridgestrap issue #14 Next week: - Finish bridgestrap #14 - Find new issue to work on Help with: - maxb: 2021-07-15 Last week: - Opened https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… re: utls for broker negotiation - Worked on github.com/max-b/nat-testing for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Added a snowflake-proxy-no-nat and a snowflake-client-no-nat to help with debugging - Successfully making connections from snowflake-client and snoflake-client-no-nat through the snowflake-proxy-no-nat, but not having any success with the snowflake-proxy (with nat). - Added a local dockerized STUN server Next week: - Use wireshark to figure out the difference between successful snowflake-proxy-no-nat and unsuccessful snowflake-proxy-nat - Work on implementing different NAT types, particularly in a way that's conducive to automatic testing - Add testing wrapper w/ "pass/fail" conditions meskio: 2021-09-02 Last week: - work on the moat Censorsip snapshot (bridgedb#40025) - merge gettor implemenation (rdsys!11) - update snowflake debian package (snowflake#19409) - write gettor documentation (rdsys#44) - test fixes into snowflake (snowflake!55) - run rdsys tests in the CI (rdsys#58) - review networkstatus parser (rdsys!14) - review rearquitecture to smaller docker image for snowflake-proxy (docker-snowflake-proxy!1) - review and merge gettor updater script (gettor!17) - review snowflake Check error for calls to preparePeerConnection (snowflake!54) - review and merge obfs4 docker build for multiple archs (docker-obfs4-bridge!4) Next week: - implement censorship snapsot available on moat (bridgedb#40025) - add more providers to gettor (rdsys#43) - get the snowflake debian package reviewed by a DD (snowflake#19409) Help with: -

1 0

Anti-censorship meeting notes, 2021 August 26
by Cecylia Bocovich 01 Sep '21

01 Sep '21

Hey everyone! This is a little late, but here were our logs from the meeting last week: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-08-26-15.59.html and here is our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday August 19th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Announcements == Job opening on the anti-censorship team: https://www.torproject.org/about/jobs/software-developer-anticensorship-2/ \o/ == Discussion == == Actions == == Interesting links == USENIX Security 2021 papers https://www.usenix.org/conference/usenixsecurity21/technical-sessions "Domain Shadowing: Leveraging Content Delivery Networks for Robust Blocking-Resistant Communications" https://www.usenix.org/conference/usenixsecurity21/presentation/wei "How Great is the Great Firewall? Measuring China's DNS Censorship" https://www.usenix.org/conference/usenixsecurity21/presentation/hoang "Balboa: Bobbing and Weaving around Network Censorship" https://www.usenix.org/conference/usenixsecurity21/presentation/rosen "Weaponizing Middleboxes for TCP Reflected Amplification" https://www.usenix.org/conference/usenixsecurity21/presentation/bock "Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations" https://www.usenix.org/conference/usenixsecurity21/presentation/nasr == Reading group == We will discuss "" on Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2021-08-26 Last week: - hiring tasks for ac team and network team - mostly just s28 integration/scrimmage - more work on making OONI's tor tests look more like tor - helped plan tor's autoconnect feature This week: - more hiring and s28 meetings - censorship measurement tests and tools - reviews - snowflake!52 followup - snowflake#25595 followup - lots of miscellaneous gitlab TODOs Needs help with: arlolra: 2021-08-12 Last week: - Migrate to v3 of the webextension manifest Next week: - Maybe get back to snowflake-webext #10 - Write up the pitch for our use case for supporting creating PeerConnections in background service workers https://github.com/w3c/webrtc-extensions/issues/77 Help with: - dcf: 2021-08-19 Last week: - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… - posted a summary of the Turkmenistan situation https://ntc.party/t/recent-drop-in-tor-users-from-turkmenistan-testers-want… https://gitlab.torproject.org/tpo/community/support/-/issues/40030 Next week: Help with: agix:2021-07-15 Last week: -Off due to final exams Next week: -Work on bridgebox for rdsys -More research on httpt #4 Help with: - hanneloresx: 2021-3-4 Last week: - Submitted MR for bridgestrap issue #14 Next week: - Finish bridgestrap #14 - Find new issue to work on Help with: - maxb: 2021-07-15 Last week: - Opened https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… re: utls for broker negotiation - Worked on github.com/max-b/nat-testing for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Added a snowflake-proxy-no-nat and a snowflake-client-no-nat to help with debugging - Successfully making connections from snowflake-client and snoflake-client-no-nat through the snowflake-proxy-no-nat, but not having any success with the snowflake-proxy (with nat). - Added a local dockerized STUN server Next week: - Use wireshark to figure out the difference between successful snowflake-proxy-no-nat and unsuccessful snowflake-proxy-nat - Work on implementing different NAT types, particularly in a way that's conducive to automatic testing - Add testing wrapper w/ "pass/fail" conditions meskio: 2021-08-26 Last week: - make bridgestrap CollecTor metrics resistant to restarts (bridgestrap#22) - change bridgedb to send obfs4 bridges by default over email (bridgedb#50) - review gettor upload script mr (gettor!17) - review docker-obfs4-bridge multi arch build (docker-obfs4-bridge!4) - review docker-obfs4-bridge fix for the new debian release (docker-obfs4-bridge!3) - review new translations for GettorWeb (gettor-web!7) Next week: - make censorship snapsot available on moat (bridgedb#40025) - act on comments on rdsys-gettor (rdsys!11) Help with: -

1 0

Monthly status report for irl
by Iain R. Learmonth 01 Sep '21

01 Sep '21

Hi All, This is my monthly status report for work complete during August 2021. This will be my last status report for this contract, please direct all queries about metrics tooling going forward to the network health team. I released and deployed updates for CollecTor to archive bridgestrap data. This is currently disabled until the bridgestrap results can be declared stable by the anti-censorship team. If you're interested in following this, see: https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/25 I completed an update to Onionoo that reads in this data from CollecTor and will use the bridgestrap test result to override the Running flag from the bridge authority, such that bridges with their OR ports hidden do not always show as offline, instead using the reachability of their PT port. I have spent time focussed on getting hiro up to speed on working with the Metrics codebases. During August, we saw releases of metrics-lib and Onionoo, including work on the overload-* lines in server/extra-info descriptors, that should give new insights into bottlenecks in the network. Finally, I have been around in Matrix/IRC to answer Metrics questions and on occasion to provide a little end-user support in #tor. Thanks, Iain.

1 0

Onionoo 8.0-1.28.0 released
by Silvia/Hiro 30 Aug '21

30 Aug '21

Hi, I have released Onionoo 8.0-1.28.0. Onionoo provides current and historical data about relays and bridges via a web-based API. * Medium changes - Reads bridgestrap statistics from CollecTor. - If a bridgestrap test has been recently performed, the result of that test will override the presence of the Running flag. If no test has been recently performed, the flags present in the bridge network status continue to be used. Note: the presence of the running flag determines the value of the "running" field in details documents. - Allow search by overload status * Minor changes - The overload-general server descriptor should be null when not present and not 0 You can find the release at: https://dist.torproject.org/onionoo/8.0-1.28.0/ You can find the sources at: https://gitlab.torproject.org/tpo/metrics/onionoo/-/tree/onionoo-8.0-1.28.0/ Thanks, hiro

1 0

Tor's Bug Smash Fund: Fundraising Campaign
by Al Smith 27 Aug '21

27 Aug '21

Hello Tor! Today, the Tor Project is launching our *third* annual *Bug Smash Fund*,[1] a month-long fundraising campaign (8/1 - 8/31). The goal of the Bug Smash Fund campaign is to raise unrestricted funds that we allocate to finding and fixing bugs / doing maintenance / and addressing issues that aren’t flashy or exciting for most funders, but totally necessary for the health of Tor and all of the third-party apps that rely on Tor to provide privacy, security, and anonymity to their users. Unrestricted funding, like what we’re raising for the Bug Smash Fund, is key for the Tor Project to improve our agility and stop relying on the slow, piecemeal process of grant funding in order to accomplish our goals and respond to emergent issues. _*In the last two years, we’ve used the Bug Smash Fund to close 370 tickets*_ ranging from anti-censorship development, onion services changes, improvements to documentation, Tor Browser UX changes, and creating tooling for development. We posted two updates over the past year where you can read more about what we were able to do with this fund.[2][3] We need your help to amplify the campaign! How to help: * Tweet about the Bug Smash Fund using the #TorBugSmash and a link to our launch blog post. * Quote tweet @torproject posts about the Bug Smash Fund with your own take about why unrestricted funds are so important for the health of Tor. * Forward this email to those who might be able to amplify the campaign. How you can contribute: * Make a one-time donation <https://donate.torproject.org/> (and get swag like Tor stickers and t-shirts in return) * Donate in ten different cryptocurrencies <https://donate.torproject.org/cryptocurrency/> * Become a monthly donor and your own Defenders of Privacy patch <https://donate.torproject.org/monthly-giving/> * Make a contribution of $1,000 and join the major donor group Champions of Privacy <https://donate.torproject.org/champions-of-privacy/> * Transfer your Open Collective gift card <https://opencollective.com/thetorproject> If you have any questions about or ideas for the Bug Smash Fund campaign, please email me or Isabela or grants(a)torproject.org, we would be happy to discuss. Thanks everyone! Al [1] https://blog.torproject.org/tor-bug-smash-fund-2021 [2] https://blog.torproject.org/tor-bug-smash-fund-2020-final-update [3] https://blog.torproject.org/tor-bug-smash-fund-yr2-progress -- Al Smith (they/them) Fundraising • Communications The Tor Project https://www.torproject.org | http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/

1 1

Debian 11 bullseye released!
by Antoine Beaupré 27 Aug '21

27 Aug '21

Hi everyone, The latest release of Debian, the operating system running on all the machines managed by the Tor Project system Administrators (TPA), has been published! We're at release eleven, code name "buster". The press release is here: https://www.debian.org/News/2021/20210814 And nerds might particularly enjoy the release notes: https://www.debian.org/releases/bullseye/amd64/release-notes/index.en.html On top of the above, Debian 11 ships with tor 0.4.5 while the previous release (Debian 10 "buster") shipped with 0.3.5, back in 2019. Doesn't time fly? (And yes, that's just two years - who said Debian was slow?) As for TPA, we'll probably start upgrading machines to bullseye soon, but it's a slow process, and it's not actually on the 2021 roadmap yet, so that process *may* just start in 2022. We will, however, try very hard to avoid creating any more "old" machines, which means that any new machine you request from here on will run the latest and greated, Debian 11 bullseye. This may mean a slightly bumpier ride, for example if you expect some Python 2 packages, they might just be missing as there's been a large push to remove Python 2 from Debian (which unfortunately did not completely succeed). Another example is how the "debian:latest" Docker image was broken for a few days after the release. That issue has now been *fixed*, so you can resume using the "debian:latest" and "greatest" (not an actual tag ;) for your GitLab CI builds! The "known issues" section of the release notes has a lot more information than what would be practical to copy here: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information… Finally note that I wrote an upgrade guide for my own uses: https://anarc.at/services/upgrades/bullseye/ Note that it's a highly technical guide aimed at upgrading many machines as quickly as possible. If you have a single laptop or desktop to upgrade, you might want to follow the normal upgrade guide: https://www.debian.org/releases/bullseye/amd64/release-notes/ch-upgrading.e… ... but I did use it for my home machine, and a similar guide will eventually be published (and maintained) by TPA for our own infrastructure. So that's it, enjoy the new release! a. -- Antoine Beaupré torproject.org system administration

1 1

((Tor Demo Day)) Next Wednesday, August 25th 2021, 1600 UTC
by gus 25 Aug '21

25 Aug '21

Dear Tor contributors, Next Wednesday, August 25th @ 1600 UTC, we will have a Tor Demo Day! You're invited! This edition will have presentations about Tor & CAPTCHAs, running relays at universities, helping Tor users, and exit bridges to circumvent blocked pages. To ensure a safe, friendly, and pleasant experience during the event, we ask all participants to read and follow the Tor Project Code of Conduct: https://community.torproject.org/training/code-of-conduct/ The presentation will be recorded. Agenda ------ * "CAPTCHA Monitor: Check if websites block Tor or return CAPTCHAs using real web browsers!" by Barkin Simsek (woswos) * "Tor Captcha and Block Monitoring" (GSoC 2021) by Apratim (_ranchak_) * "Help Tor users" (Outreachy 2021) by Kulsoom * "HebTor: Bypassing Tor Exit Blocking" by Micah Sherr * "Operating Tor Relays at Universities" by kantorkel Meeting room ------------ https://tor.meet.coop/gus-viu-5wr-7cb Full description ---------------- * "CAPTCHA Monitor: Check if websites block Tor or return CAPTCHAs using real web browsers!" - Barkin Simsek (woswos) The CAPTCHA Monitor project aims to track how often various websites block or return CAPTCHAs to Tor clients. The project aims to achieve this by fetching webpages via both Tor & other mainstream web browsers and comparing the results. The tests are repeated periodically to find the patterns over time. Collected metadata, metrics, and results are analyzed and displayed on a dashboard to understand how Tor users get discriminated against while using browsing the internet. * "Tor Captcha and Block Monitoring" - Apratim (_ranchak_) The Project focuses on tracking top websites from alexa/moz500 ranking and aims to get a detailed knowledge of the websites partially blocking, fully blocking or returning Captchas or even websites limiting functionalities. The results will be then collected and will be used to find the answers to different metric related questions (Example: What percentages of websites are blocked by a certain exit node). Further I hope that the metrics could be useful for the campaign to unblock Tor and even the DBM (DontBlockMe) Project * "Help Tor Project support our users" - Kulsoom Zahra During her internship with the Tor Project and Outreachy, Kulsoom Zahra helped Tor users to bypass censorship, fix their Tor Browsers, updated the Tor user documentation and much more. She will share with us her experience on helping Tor users. * "HebTor: Bypassing Tor Exit Blocking" - Micah Sherr Tor exit blocking, in which websites disallow clients arriving from Tor, is a growing and potentially existential threat to the anonymity network. We introduce two architectures that provide ephemeral exit bridges for Tor which are difficult to enumerate and block. Our techniques employ a micropayment system that compensates exit bridge operators for their services, and a privacy-preserving reputation scheme that prevents freeloading. We show that our exit bridge architectures effectively thwart server-side blocking of Tor with little performance overhead. https://seclab.cs.georgetown.edu/hebtor/ * "Operating Tor Relays at Universities" by kantorkel We* report on our experience of operating exit relays at two German universities and provide lessons learned. (*) https://arxiv.og/abs/2106.04277 -- The Tor Project Community Team Lead

1 1

Onionoo 8.0-1.27.0 released
by Silvia/Hiro 23 Aug '21

23 Aug '21

Hi, I have released Onionoo 8.0-1.27.0. Onionoo provides current and historical data about relays and bridges via a web-based API. * Medium changes - Add overload-ratelimits and overload-fd-exhausted ExtraInfo descriptor line fields to the bandwidth document. - Add overoload-general server descriptor line fields to the details document. * Minor changes - Update to metrics-lib 2.19.0 You can find the release at: https://dist.torproject.org/onionoo/8.0-1.27.0/ You can find the sources at: https://gitlab.torproject.org/tpo/metrics/onionoo/-/tree/onionoo-8.0-1.27.0/ Thanks, hiro

1 0

Anti-censorship meeting notes, 2021 August 19
by Cecylia Bocovich 19 Aug '21

19 Aug '21

Hi everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-08-19-16.00.html and our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday August 19th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Announcements == Job opening on the anti-censorship team: https://www.torproject.org/about/jobs/software-developer-anticensorship-2/ \o/ == Discussion == - v3 of the webext manifest doesn't support creating peerconnections in the background - last time: - we will present our need to https://github.com/w3c/webrtc-extensions/issues/77 to encourage them to permit WebRTC in service workers - no updates this week: cohosh will take over drafting a comment for the linked issue - Tor and obfs4/meek blocking in TM: https://gitlab.torproject.org/tpo/community/support/-/issues/40030 - last time: - https://metrics.torproject.org/userstats-relay-country.html?start=2021-05-1… - ggus found a volunteer to help with testing. obfs4, meek-azure, and snowflake did not work; a private obfs4 bridge worked. - http://emma.mhgb.net/ was not reachable, so ggus set up a mirror at http://emma.gus.computer/ - our tester is having difficulty installing a recent Tor browser on an old Windows computer - will ask to install ooniprobe - cohosh will ask OONI (arturo and maria) for contacts in TM - Snowflake reporting its own connection failures and sending messages to tor logs - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - useful for diagnosing failures to connect, by users or our own testing, without having to enable the snowflake-client log file - e.g. using PT protocol LOG or STATUS messages - Ukraine is experiencing an increase in relay users - https://metrics.torproject.org/userstats-relay-country.html?country=ua - in the past this was due to a browser bundling tor for anti-blocking purposes - https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… == Interesting links == USENIX Security 2021 papers https://www.usenix.org/conference/usenixsecurity21/technical-sessions "Domain Shadowing: Leveraging Content Delivery Networks for Robust Blocking-Resistant Communications" https://www.usenix.org/conference/usenixsecurity21/presentation/wei "How Great is the Great Firewall? Measuring China's DNS Censorship" https://www.usenix.org/conference/usenixsecurity21/presentation/hoang "Balboa: Bobbing and Weaving around Network Censorship" https://www.usenix.org/conference/usenixsecurity21/presentation/rosen "Weaponizing Middleboxes for TCP Reflected Amplification" https://www.usenix.org/conference/usenixsecurity21/presentation/bock "Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations" https://www.usenix.org/conference/usenixsecurity21/presentation/nasr == Reading group == We will discuss "" on Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2021-08-19 Last week: - hiring tasks for ac team and network team - 3 full days of s28 integration/scrimmage prep x_x - checked on censorship measurement tests - looked in TM blocking of Tor bridges (support#40030) - parse SOCKS args for Snowflake (snowflake#40059) This week: - more hiring and s28 meetings - censorship measurement tests and tools - help the browser team with tor's autoconnect feature - reviews - rdsys!11 - snowflake!52 followup - snowflake#25595 followup - follow up on OONI tor tests - lots of miscellaneous gitlab TODOs Needs help with: arlolra: 2021-08-12 Last week: - Migrate to v3 of the webextension manifest Next week: - Maybe get back to snowflake-webext #10 - Write up the pitch for our use case for supporting creating PeerConnections in background service workers https://github.com/w3c/webrtc-extensions/issues/77 Help with: - dcf: 2021-08-19 Last week: - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… - posted a summary of the Turkmenistan situation https://ntc.party/t/recent-drop-in-tor-users-from-turkmenistan-testers-want… https://gitlab.torproject.org/tpo/community/support/-/issues/40030 Next week: Help with: agix:2021-07-15 Last week: -Off due to final exams Next week: -Work on bridgebox for rdsys -More research on httpt #4 Help with: - maxb: 2021-07-15 Last week: - Opened https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… re: utls for broker negotiation - Worked on github.com/max-b/nat-testing for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Added a snowflake-proxy-no-nat and a snowflake-client-no-nat to help with debugging - Successfully making connections from snowflake-client and snoflake-client-no-nat through the snowflake-proxy-no-nat, but not having any success with the snowflake-proxy (with nat). - Added a local dockerized STUN server Next week: - Use wireshark to figure out the difference between successful snowflake-proxy-no-nat and unsuccessful snowflake-proxy-nat - Work on implementing different NAT types, particularly in a way that's conducive to automatic testing - Add testing wrapper w/ "pass/fail" conditions meskio: 2021-08-19 Last week: - catch up after 3 weeks AFK (still in process) - debug bridgestrap CollecTor metrics and why are not produced (bridgestrap#22) - review bridgestrap fix to test only uncached bridges (bridgestrap!11) - review bridgedb parse X-Forwarded-For header properly (bridgedb!21) - review snowflake SOCKS arguments (snowflake!53) Next week: - make bridgestrap CollecTor metrics resistant to restarts (bridgestrap#22) - change bridgedb to send obfs4 bridges by default over email (bridgedb#50) - gettor in rdsys architecture documentation (rdsys#44) - make a proposal for duplicated tests in bridgestrap CollecTor metrics (bridgestrap#23) Help with: -

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project