- tor-project - lists.torproject.org

Onion Service SRE Kickstart notes and meeting minutes
by rhatto 09 Feb '22

09 Feb '22

Hi all :) Here goes the initial notes and first meeting minutes about the Onion Services SRE work which is part of the Sponsor 123 project. # Onion Services Site Reliability Engineering - Kickstart ## About The Onion Services SRE is focusing on procedures for automated setup and maintenance of high availability Onion Services sites. ### Objectives and key results (OKRs) Objective: this project is part of the "Increase the adoption of Onion Services" priority for 2022 (https://miro.com/app/board/uXjVOQz6oZg=/) for which we can select the following goals: 0. Easy to setup and maintain. How to measure this? 1. Sane defaults. How to measure this? 2. Configurable and extensible. How to measure this? ## Initial plan 0. Meeting with dgoulet, hiro and anarcat to get advice on kickstarting the project: what/where to look for about specs, tools, goals, security checklists, limits etc (meeting minutes bellow). 1. Research on all relevant deployment technologies: build a first matrix. 2. Then meeting with the media organizations: inventory, compliances check etc. 3. Build the second matrix (use cases). ## Kickstart meeting agenda ### Dimensions Split discussion in two dimensions: 0. What are the possible architectures to build an Onion balanced service? 1. What are the available stacks/tools to implement those architectures? ### Initial considerations While brainstorming about this project, the following considerations were sketched: 0. Software suite: Sponsor 123 project includes provisioning/monitoring onion services as deliverables, but the effort could be used to create a generic product (a "suite") which would include an Onionbalance deployer. 1. Key generation: such suite could generate all .onion keys locally (sysadmin's box), encrypting and pushing to a private repository (at least for the frontend onion keypair for each site/service). Then other sysadmins could clone that internal repository and start managing the sites/machines. 2. Disposability: depending on design choice, the frontend .onion address could be the only persistent data, and everything else could be disposable/recycled/recreated in case of failure or major infrastructure/design revamp.. That of course depends if Onionbalance supports backend rotation. Consequence: initial effort could be focused in a good frontend implementation (Oniobalance instance etc), while backends and other nodes could be reworked later if time is limited right now. 3. Elasticity: that leads to the follow requirement: shall this system be such that backend nodes can be added and removed at will? In a way that enables the system to be elastic in the future, adding and removing nodes according to average load or sysadmin command? Or that would need the Onionbalance instance to be restarted (resulting in unwanted downtimes), or even breaking it? Currently Onionbalance supports only up to 8 backends: https://gitlab.torproject.org/tpo/core/onionbalance/-/issues/7 Initial proposal for Sponsor 123 project would be to use a fixed number of 8 backends per .onion site, but experiments could be made to test if a site could have a dynamic number of backends. 4. Uniformity with flexibility: looks like most (if not all) sites can have the same "CDN" fronting setup, while it's "last mile"/endpoints might be all different. That said, the "first half" of the solution could be based in the same software suite and workflow which could be flexible enough to accept distinct endpoint configurations. 5. External instance(s): for the Sponsor 123 contract, a single instance of this "CDN" solution could be used to manage all sites, instead of having to manage many instances (and dashboards) in parallel. Future contracts with other third-parties could either be managed using that same instance or having their own instances (isolation). 6. Internal instance: another, internal instance could be set to manage all sites listed at https://onion.torproject.org if TPA likes and decides to adopt the solution :) 7. Migration support: the previous point would depend in built-in support to migrate existing onion services into the CDN instance. 8. Other considerations: see rhatto's skill-test research. ### Questions General: 0. If you were the Onion Services SRE, how would you implement this project? 1. What existing solutions to look at, and what to avoid? 2. What limits we should expect from the current technology, and how we could work around those? Architecture: 0. What people think about the architecture proposed by rhatto during his skill-test (without paying attention to the improvised implementation he coded)? 1. Tor daemon is single process, no threads. How it scales under load for Onion Services and with a varying number of Onion Services? 2. Which other limits are important to be considered in the scope of this project, like the current upper bound of 8 Onionbalance backend servers? Implementation: 0. What are the dimensions for the comparison matrix of existing DevOps solutions such as Puppet, Ansbile, Terraform and Salt (and specific modules/recipes/cookbooks /roles)? 1. Shall this suite be tested using Chutney or via the shadow simulator (Gitlab CI)? Makes sense? 2. Which other tests should be considered? 3. How TPA manages passphrases and secrets for existing systems and keys? 4. What (if any) TPA (or other) security policies should be observed in this project? 5. Which solutions are in use to manage the sites listed at https://onion.torproject.org/? Management: 0. Sponsor 123 Project Plan timeline predicts setup of first .onion sites on M1 and M2, with 2-5 business days to set up a single .onion site. But coding a solution could take longer. How to do then? Suggested approach is to have a detailed discovery phase while coding the initial solution in parallel. Some rework migth be needed, but we can gain time in overall. ## Possible next tasks 0. Gather all relevant docs on onion services. 1. Build a comprehensible Onion Service checklist/documentation, including stuff like: * Basic: * Relay security checklist (if exists). * Best practices and references: see existing and legacy docs like https://gitlab.torproject.org/legacy/trac/-/wikis/doc/OperationalSecurity * Making sure the system clock is synchronized. * Setup the Onion Location header. * Encrypted backup of .onion keys. * Optional: * Vanity address generation (using `mkp224o`)? * Setup HTTPS with valid x509 certificates (and automatic HTTP -> HTTPS connection upgrade). * Setup Onion Names (HTTPS Everywhere patch, or whatever is on it's place). * Onion v3 auth (current unsupported by Onionbalance, see https://gitlab.torproject.org/tpo/core/onionbalance/-/issues/5) 2. Create repository (suggested name: Oniongroove - gives groove to Onionbalance!). 3. Write initial spec proposal for the system after both matrixes are ready and other requirements are defined, dealing with architecture, implementation and UX. 4. Write a threat model for the current implementation, considering issues such as lack of support for offline Onion Services keys, which makes the protection of the frontend keys a critical issue. 5. Create tickets for these and other tasks. ## Meeting Minutes - 2022-02-08 ### Participants * Anarcat * David * Hiro * Rhatto ### Discussion (Free note taking, don't necesarilly/preciselly represents what people said) Rhatto: * Short intro, summarizing stuff above. Hiro: * When talking last year with NYT: something that helps on the community side: someone that does a course (bootcamp) on devops, applying stuff like Terraform, Ansible etc. * What would be easier to rhatto to do (script, ansible ). Anarcat: * Puppet/agent: * TPA is a big puppet shop. But don't think it's the good tool for the job: too central, like having a central puppet server. * Also ansible is more popular. * Ansible has little requirement, easier to deploy and to reuse. * Not sure about Terraform, issues provisioning to Hetzner or Ganeti. Rhatto: * Maybe something to deploy node instances and atop of that using stuff like ansible to provision the services? * How TPA provision nodes at Hetzner and Ganeti? * Shall we look at Kubernetes? Anarcat: * Before joining Tor: what kind of a mess and shell scripts. * Wrote a kind of a debian installer with python + fabric. * The installer makes a machine configured up to be added do LDAP/Puppet. * Maybe a MVP that uses ansible (services setup) and then another using Terraform (node setup). Hiro: * Docker Swarm using Terraform. * Likes ansible (because of python+ssh only requirement). * About Kubernetes: same issue with puppet: have to run a centralized set of control nodes. * Ansible: lots of recipes available to harden the machine. * Puppet is complicated I think because it works for your own infrastructure. * It works for companies because it is tailored to providers. David: * There are lots of recipes and blog posts about ansible for Tor. Anarcat: * Docker: does provide some standard environment. * Like what rhatto did at his skill test. * Question with Docker: what to do? Swawm, Kubernets, Compose? Irony with Docker, with is not obvious in how to use at production. * Docker might be interesting for use to produce docker containers. * Part of the job is to do that evaluation. Rhatto: * Could do all this research. Anarcat: * About stopping using NGINX: having troubles with the blog, upstream charging a lot for the traffic. * NGINX: generic webserver, had heard lots of good things about. * Setup 2 VMs caching the blog, but them retired as the caching is not. * NGINX as an opencore, specially tricking when you want to do monitoring. * OpenResty is very interesting. Hiro: * OpenResty: similar opencore model like NGINX. Rhatto: * How to connect the sollution and the endpoint. * Questions: * Local .onion keypair generation is a good approach? * Could offline .onion keys support be in the roadmap? * Are backend keys disposable? David: * Offline key is very unlikelly to have it until the Rust rewrite. Would not bet on that to come for this project. * Local key generationg and deployment: there will be a need for this. * Would not bet that we could rotate the Onionbalance keys. ### Next See "Possible next tasks" section above :) -- Silvio Rhatto pronouns he/him

1 0

Tails report for January 2022
by intrigeri 09 Feb '22

09 Feb '22

Tails report for January 2022 <https://tails.boum.org/news/report_2022_01/> Releases Tails 4.26 was released on January 11 <https://tails.boum.org/news/version_4.26/index.en.html>. Among other changes, it added a shortcut to open the /Tor Connection/ assistant when starting /Tor Browser/ if Tails is not connected to the Tor network yet. Usability improvements Installation pages We fixed all the low-hanging fruits among the issues identified in December during usability tests of first-time use <https://tails.boum.org/news/report_2021_12/>: * #18764 <https://gitlab.tails.boum.org/tails/tails/-/issues/18764>: "Start in macOS" is confusing when obvious * #18765 <https://gitlab.tails.boum.org/tails/tails/-/issues/18765>: QR code in steps is unclear * #18771 <https://gitlab.tails.boum.org/tails/tails/-/issues/18771>: Add screenshot of Plymouth to installation steps * #18773 <https://gitlab.tails.boum.org/tails/tails/-/issues/18773>: Update time estimates in overview After which we started a bigger project to restructure our installation pages. Stay tuned! Connecting to Tor Polishing the user experience of connecting to Tor from Tails is one of our top priorities for 2021-2023. We are continuously designing and implementing improvements in this area. Here's the January 2021 edition :) We noticed a while ago, thanks to usability tests, that users not accustomed to the GNOME desktop have difficulties connecting to Wi-Fi. So we made this more discoverable last year, by making Wi-Fi settings reachable from /Tor Connection/. Unfortunately, while our initial implementation looked OK in a simplified test environment, it turns out it was not working in real user scenarios, so we fixed it (#18587 <https://gitlab.tails.boum.org/tails/tails/-/issues/18587>). Metrics Tails has been started more than 773 496 times this month. This makes 24 951 boots a day on average.

1 0

UX team meeting notes, February 8th
by Duncan Russell 08 Feb '22

08 Feb '22

Hello, Thanks to everyone who made it to today's UX Team meeting! We’re looking forward to seeing you all again in a week’s time on February 15th. Here are the minutes: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-02-08-16.59.log… <http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-02-08-16.59.log…> Today we shared an update on our progress with the research and specification of the Tor VPN Client for Android (Sponsor 101), briefly discussed the UX Team roadmap for Q1, and reviewed Joydeep's user support report for January. *** == User Experience Team Meeting == UX Team meetings happen every Tuesday at 1700 UTC in #tor-meeting on OFTC. Here are the logs from our last meeting on February 8th: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-02-08-16.59.log… <http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-02-08-16.59.log…> == Useful links == About the UX Team: https://gitlab.torproject.org/tpo/ux/team <https://gitlab.torproject.org/tpo/ux/team> UX repository: https://gitlab.torproject.org/tpo/ux <https://gitlab.torproject.org/tpo/ux> UX roadmap: https://www.figma.com/file/n4ETd0cUkcfj3KyclJQnt3/UX-Team-Planning?node-id=… <https://www.figma.com/file/n4ETd0cUkcfj3KyclJQnt3/UX-Team-Planning?node-id=…> UX kanban: https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… <https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&…> Team kanban: https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&label_name[]=UX… <https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&label_name[]=UX…> -------------------------- Tuesday February 8th 17:00 UTC -------------------------- == What projects are we working on? == S9 - Usability and Community Intervention on Support for Democracy and Human Rights https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… <https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&…> S30 - Empowering Communities in the Global South to Bypass Censorship https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… <https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&…> S96 – Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibet https://gitlab.torproject.org/groups/tpo/-/milestones/24 <https://gitlab.torproject.org/groups/tpo/-/milestones/24> S101 - Tor VPN Client for Android https://gitlab.torproject.org/groups/tpo/-/milestones/32 <https://gitlab.torproject.org/groups/tpo/-/milestones/32> == Announcements == * Tor Browser 11.0.5 for Android release: https:// <https://blog.torproject.org/new-release-tor-browser-1105/>blog.torproject.org/new-release-tor-browser-11 <https://blog.torproject.org/new-release-tor-browser-1105/>05 <https://blog.torproject.org/new-release-tor-browser-1105/>/ <https://blog.torproject.org/new-release-tor-browser-1105/> == Agenda == 1. Announcements 2. Weekly planning 3. UX Team Q1 roadmap review 4. Joydeep's user support report for Jan 2022 (https://lists.torproject.org/pipermail/tor-project/2022-February/003283.html <https://lists.torproject.org/pipermail/tor-project/2022-February/003283.html>) == Weekly planning == Note: Please highlight anything you'd like to discuss below in **bold** Duncan Last week (actual): - Started the UX evaluation of comparable Android apps for S101 (VPN) - Began writing user stories for S101 (VPN) - Attended first thread models committee meeting for S101 (VPN) - Briefed nicob on onion glyph project for Tor Browser - Iterated on the arti logo with nicob - Purchased Figjam licenses for team - Continued to support S96 (torconnect) development - Restarted release meetings & discussed plan for immediate releases This week (planned): - Continue UX evaluation of comparable Android apps and user stories for S101 - Presenting Objective 1 (UX) progress for S101 (VPN) on Wednesday - Update the UX Team roadmap - Present the UX Team roadmap at this week's All Hands - Start work on additional designs for S96 (torconnect) - Finish and distribute the tor-qa survey - Review UX Research report template Nah Last week (actual): - S9 survey to find human rights defenders’ challenges and needs * https://gitlab.torproject.org/tpo/ux/research/-/issues/72 <https://gitlab.torproject.org/tpo/ux/research/-/issues/72> * Understand and work on: https://gitlab.torproject.org/tpo/ux/research/-/issues/61 <https://gitlab.torproject.org/tpo/ux/research/-/issues/61> - S30 training and user research planning * https://gitlab.torproject.org/tpo/ux/research/-/issues/71 <https://gitlab.torproject.org/tpo/ux/research/-/issues/71> - S101 interviews planning - screening survey * https://gitlab.torproject.org/tpo/ux/research/-/issues/70 <https://gitlab.torproject.org/tpo/ux/research/-/issues/70> - updated UR roadmap This week (planned): - S9 survey to find human rights defenders’ challenges and needs. Status: creating questionnaire on limesurvey in spanish and english, trying to make it look better, sharing with S9 partners. * https://gitlab.torproject.org/tpo/ux/research/-/issues/72 <https://gitlab.torproject.org/tpo/ux/research/-/issues/72> * Study and summarize our User Research material to create a primer to share with S9 partners: https://gitlab.torproject.org/tpo/ux/research/-/issues/61 <https://gitlab.torproject.org/tpo/ux/research/-/issues/61> - S30 call for participation is live! Sharing with communities in Brazil and Mexico, and planning User Research (both for Tor and Orbot) * https://gitlab.torproject.org/tpo/ux/research/-/issues/71 <https://gitlab.torproject.org/tpo/ux/research/-/issues/71> - S101 interviews planning. Status: creating the questionnaire on Limesurvey. * https://gitlab.torproject.org/tpo/ux/research/-/issues/70 <https://gitlab.torproject.org/tpo/ux/research/-/issues/70> - S96: starting to research/plan our next activities Nicob Last week (actual): - Glyph audit - Started combination mark exploration for Tor Browser - ARTI color and background exploration - CFP graphics - Safer Internet Day graphic - Revised two onion glyph SVGs - Research for Comms 22 vis direction This week (planned): - Sketch onion glyph explorations - Update mono onion sticker for print - Continue research for Comms 22 vis direction == Open Call for User Research == Find out how to contribute to the UX team: https://community.torproject.org/user-research/how-to-volunteer/ <https://community.torproject.org/user-research/how-to-volunteer/> Thanks everyone! *** Duncan Larsen-Russell Product Manager & UX Team Lead duncan(a)torproject.org <mailto:duncan@torproject.org>

1 0

Community Team meeting notes - February 07 2022
by gus 07 Feb '22

07 Feb '22

Hi, Here's our meeting log: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-02-07-13.59.log… Next meeting: Monday, February 14, 2022 - 1400 UTC Weekly meetings, every Monday at 14:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) ## Goal of this meeting Weekly checkin about the status of Community Team work at Tor. ## Links to Useful documents * Relay operators - Tor 0.3.5.x EOL: https://forum.torproject.net/t/tor-relays-tor-0-3-5-x-is-unsupported-please… ## Discussion * welcome rhatto * Workshop - Relay operator sysadmin 101 (gman): https://gitlab.torproject.org/tpo/community/relays/-/issues/36 * Tor training with human rights defenders in brazil and mexico (March - April) * announcement: Chinese (TW, HK) website releases upcoming! ## Updates Gus: This week: - S30 - organizing Tor training in Brazil and Mexico - Outreachy: following up the relay operators interviews with Miko - Outerachy: reviewing relay operators personas - Working on the Training partners page: https://gitlab.torproject.org/tpo/web/community/-/merge_requests/149 - Monitoring telegram bridges health: https://gitlab.torproject.org/tpo/community/support/-/issues/40054 - Network health EOL work with GeKo - Following up with Rhatto and onion services deployment plan Help with: - Something you need help with. Joydeep: This week: - Evaluate Discourse trust levels (https://gitlab.torproject.org/tpo/community/support/-/issues/40060) - Tor Browser support work (pending release) - Review some articles/templates on RT Miko: Last week: - Worked on multiple reports - Finished our first interview with a Relay Operator This week: - Working on rough mockups - Blog posts - Gamification pt 3, My Personal Job Opportunities blog post Help with: - Setting up more interviews with Relay Operators Nina: Last week: - User support on Telegram and RT. We hit 500 hunderd tickets on Telegram - Took part in the meeting - Added one more template on Telegram on how to download Tor Browser This week - User support on Telegram and RT Rhatto: Last week: - Onboarding: https://gitlab.torproject.org/tpo/community/team/-/issues/57 This week: - S123 - Onion Services SRE Kickstart Meeting - Continue on onboarding tasks Help with: - Forking projects on Gitlab: https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/118 emmapeel: Last week: - l10n and merge request previews - small website corrections - rapid response fund support - content updates This week: - l10n docs - prepare weblate move -- The Tor Project Community Team Lead

1 0

Joydeep's Monthly Status Report for January 2022
by Joydeep Sen Gupta 04 Feb '22

04 Feb '22

Hello everyone! This is my monthly status report for January, 2022. This month much of my user support work was concentrated around the three Tor Browser releases (11.0.4 for Desktop [1], 11.5.a2 for Desktop [2], 11.5.a3 for Android [3]), internet shutdown in Kazakhstan [4] and Tor censorship in Russia [5]. For the latter two, I have mostly been helping out with users reporting issues related to Tor Browser and little-t tor. Near the end of month, we also launched a Telegram support channel for users in Russia and I have been working on testing and evaluating our new cdr.link instance [6] from a long term user support perspective. This is ongoing work so definitely stay tuned for more updates! As we wrapped up the year-end campaign [7], we generate lot of interest and support requests from users and supporters of Tor. This month, I resolved all of the tickets we had in this regard on frontdesk. Apart from this, I have been continuing my work moderating and helping users on the Forum (forum.torproject.net) our IRC/Matrix channels and social media platforms. # Frontdesk Timeline : 01 Jan - 31 Jan 2021 Tickets: new: 12 open: 17 resolved: 1711 Breakdown of number of RT tickets received with respect to operating system: (Note: This includes tickets where the user mentioned the operating system or it was evident from the issue they were running into and/or enclosed screenshots.) Windows - 17 macOS - 11 GNU/Linux - 3 Android- 8 Breakdown of most frequent tickets (at least 3 RT tickets): 1. 857 RT Tickets - How to use Tor Bridges in Russia. [5] 2. 452 RT Tickets - Internet shutdown in Kazakhstan: how to circumvent censorship with Tor. [4] 3. 75 RT Tickets - Submissions for 'Help Censored Users, Run a Tor Bridge' campaign. [8] 4. 16 RT Tickets - Private Bridge requests. This is not related to the .ru censorship but requests from Tor users in China, Iran, etc. [9] 5. 6 RT Tickets - Tor Browser incompatible with older versions of macOS. [10] 6. 5 RT Tickets - Missing features in Tor Browser on first-time launch in macOS/Windows. [11] 7. 4 RT Tickets - Issues with downloading files on Tor Browser for Android. [12] # Tor Forum Most popular topics (in terms of views) after January 2022: 1. Internet shutdown in Kazakhstan: how to circumvent censorship with Tor. [4] 2. "Gah. Your tab just crashed" (Tor Browser 11-11.0.2 crashing on certain websites). [13] 3. "Torrent imitation" (Imitate Tor traffic to be similar to torrent traffic). [14] 4. (How to) Check if a bridge is broken using the terminal. [15] 5. Problems with GitHub.com registration CAPTCHA and Tor Browser [16] If you have any suggestions, questions or want to discuss anything in detail please feel free to get in touch. Thanks, -- Joydeep [1]: https://blog.torproject.org/new-release-tor-browser-1104/ [2]: https://blog.torproject.org/new-release-tor-browser-115a2/ [3]: https://blog.torproject.org/new-release-tor-browser-115a3/ [4]: https://forum.torproject.net/t/internet-shutdown-in-kazakhstan-how-to-circu… [5]: https://forum.torproject.net/t/tor-blocked-in-russia-how-to-circumvent-cens… [6]: https://gitlab.torproject.org/tpo/community/support/-/issues/40059 [7]: https://blog.torproject.org/fundraising-2021-results/ [8]: https://blog.torproject.org/wrapping-up-bridges-campaign/ [9]: https://support.torproject.org/censorship/connecting-from-china/ [10]: https://forum.torproject.net/t/version-of-tor-browser-compatible-with-macos… [11]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40679 [12]: https://gitlab.torproject.org/tpo/applications/fenix/-/issues/40192 [13]: https://forum.torproject.net/t/gah-your-tab-just-crashed/1614/10 [14]: https://forum.torproject.net/t/torrent-imitation/1733/6 [15]: https://forum.torproject.net/t/check-if-a-bridge-is-broken-using-the-termin… [16]: https://forum.torproject.net/t/problems-with-github-com-registration-captch…

1 0

Monthly status report for Nina
by nina13＠riseup.net 03 Feb '22

03 Feb '22

Hi everyone, This is my status report for January 2022 Internet shutdown in Kazakhstan During the Kazakh government shut down the Internet in the country[1], it was found that users from that country can still access the Internet using the Tor Browser and specific obfs4 bridges. Taking part in the campaign against censorship and the internet shutdown in Kazakhstan, I translated all the necessary instructions on connecting to Tor into Russian. It's public available on the Forum[2]. After this information was spread among the people in Kazakhstan, there was a massive amount of bridge requests, which were fulfilled as soon as possible. I've answered 452 tickets only about KZ. At the moment, users in the country don't need to use a bridge anymore. See this ticket[3]. Censorship in Russia In January, I continued to support Russian-speaking users via e-mail. In addition, I translated one more RT template - "Russian: Basic troubleshooting when users can't access any particular website". Also I tested the new support platform[4], which allows user support via Telegram. At the end of the month, this channel went live. I looked into the software used to support, familiarized myself with it, translated some templates in Russian and started to use it to communicate with the Tor Browser users. Overall, I closed around 1250 tickets from Russia and Kazakhstan this month on Telegram and RT (frontdesk). From January 24 - February 3, I've answered and closed around 280 support requests in Telegram. Additionally, I translated one website page and advised Russian-speaking users on the IRC channel. Notes [1] https://github.com/net4people/bbs/issues/99 [2] https://forum.torproject.net/t/internet-shutdown-in-kazakhstan-how-to-circu… [3] https://gitlab.torproject.org/tpo/community/support/-/issues/40058 [4] https://gitlab.torproject.org/tpo/community/support/-/issues/40059

1 0

Anti-censorship team meeting notes, 2022-02-03
by meskio 03 Feb '22

03 Feb '22

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-02-03-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday February 3rd 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == Our anti-censorship roadmap: Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards The anti-censorship team's wiki page: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home Past meeting notes can be found at: https://lists.torproject.org/pipermail/tor-project/ Tickets that need reviews: from sponsors we are working on: All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… Sponsor 30 https://gitlab.torproject.org/groups/tpo/-/milestones/4 https://gitlab.torproject.org/groups/tpo/-/milestones/7 https://gitlab.torproject.org/groups/tpo/-/milestones/5 https://gitlab.torproject.org/groups/tpo/-/milestones/6 Sponsor 28 must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… == Announcements == == Discussion == snowflake bridge is now switched back from staging to production https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… load balancing is effective - the bridge is now using all its CPU resources effectively, and is no longer bottlenecked on tor as a consequence, the bridge is providing about twice as much bandwidth as before (now 20 MB/s, from 10 MB/s) however, it is now at the limit of its CPU capability, and will not be able to go faster than it does now for the 6 days the staging server was in use, it was going even faster, up to 30 MB/s. there's no obvious low-hanging fruit in the snowflake-server CPU profile https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… profiling extor-static-cookie could be worthwhile == Actions == == Interesting links == == Reading group == We will discuss "Weaponizing Middleboxes for TCP Reflected Amplification" on 2022-02-17 https://censorbib.nymity.ch/#Bock2021b Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. anadahz: 2022-01-27 Last weeek: - Increase timeout check cycles for default-bridge-felix-1 and default-bridge-felix-2 as they have been generating too many alerts: https://gitlab.torproject.org/tpo/anti-censorship/monit-configuration/-/mer… cecylia (cohosh): last updated 2022-02-03 Last week: - deployed new version of snowflake webextension + badge - fixed issue with file limits at probetest (snowflake#40096) - Updated documentation on schleuder mailing list admin (tpa/wiki-replica!22) - filed issue about mailing list public key change (tpa/team#40609) - reviews - responded to ooni questions about snowflake tests (snowflake#40097) - https://github.com/ooni/probe/issues/2004 - lots of meetings This week: - more reviews - try out recent shadow bug fixes - work with ooni on tor related tests - s28 evaluation prep - look at what's necessary for tapdance/conjure - write up more documentation Needs help with: dcf: 2022-02-03 Last week: - profiled snowflake-server on the staging bridge https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - found a solution to prevent onion key rotation on the load-balanced bridge: a preexisting directory at a destination path https://forum.torproject.net/t/tor-relays-how-to-reduce-tor-cpu-load-on-a-s… - opened an issue for an assertion failure that happens when onion key rotation is prevented https://gitlab.torproject.org/tpo/core/tor/-/issues/40554 - monitored the switchover from the staging snowflake bridge to production, and debugged resulting issues https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - wrote scripts to graph multi-instance bandwidth and clients https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - discovered a couple of minor bugs in snowflake-server https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - update snowflake bridge installation and survival guides - open an issue for metrics graphs correctly showing graphs for fingerprints with multiple instances - start a discussion on tor-dev about alternatives for ExtORPort authentication (remove the need for extor-static-cookie) - start a discussion on tor-dev about supported ways to disable onion key authentication Help with: agix: 2021-01-13 Last week: - Busy with work on Censored Planet Next week: - Continue work on gettor-twitter Help with: - arlolra: 2022-01-20 Last week: - [added 2022-01-20 by dcf] ALPN support for pion DTLS https://github.com/pion/dtls/pull/415 Next week: - Figure out where in pion/webrtc ALPN should be configured and used - Maybe add Chacha20Poly1305 to pion/dtls https://github.com/pion/dtls#planned-features https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: - maxb: 2021-09-23 Last week: - Worked on https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… re: utls for broker negotiation - Had conversation with someone about upstream utls http round tripper https://github.com/refraction-networking/utls/pull/74 - Too busy with work :/ Next week: - _Really_ want to get a PR for utls round tripper meskio: 2022-02-03 Last week: - test deployment for the new rdsys/bridgedb setup (rdsys#12) - read the rdsys token from a file (bridgedb!33) - fixes on country block mechanism for rdsys and bridgedb (rdsys!26) - review bridgedb web redesign in lektor (bridgedb!31) - feedback on the debian package for obfs4proxy (obfs4#33736) - API rethinking for circumvention settings (bridgedb#40043 TorBrowser#40781) Next week: - make easier to test bridgedb ater rdsys change (bridgedb#40034) Shelikhoo: 2022-02-03 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake(snowflake!64) - [Merge Request Done] Privacy preserving stats in Snowflake standalone proxy(snowflake#40079, snowflake!72) - [Merge Request Review Done] Configure what distributor does distribute each resource type - [Discussion] Implement metrics to measure snowflake churn(snowflake#34075) - [Discussion] Proposal: Support for Dynamic IP obfs4 bridges with unattended proxy information update(aka "Subscription") - [Discussion] Proposal: Push Notification Based Signaling Channel - [Discussion] Proposal: Centralized Probe Result Collector(anti-censorship/team#54) - [Discussion] HTTPT & Websocket(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-trans… - [Investigate] Is there a better moat/snowflake SNI than cdn.sstatic.net? (snowflake#40068) - [Investigate] Multi-instance Load Balanced Tor - Snowflake Deployment - [Investigate] China "Anti-Fraud" Webpage Redirection Censorship(censorship-analysis#40026) - [Investigate] uTLS for broker negotiation Next Week: - [Discussion] Implement metrics to measure snowflake churn (snowflake#34075) - [Discussion] Proposal: Push Notification Based Signaling Channel - [Merge Request] Add verbosity switch to suppress diagnostic output(snowflake#40079, snowflake!74) - [Discussion] Proposal: Centralized Probe Result Collector(anti-censorship/team#54) - [Investigate] uTLS for broker negotiation HackerNCoder: 2021-12-16 This week: Last/done: Setup web mirror on tor.encryptionin.space Next: Get (new VPs with) new IP and setup new web mirror on new domain hanneloresx: 2021-3-4 Last week: - Submitted MR for bridgestrap issue #14 Next week: - Finish bridgestrap #14 - Find new issue to work on Help with: - -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

Network Team - Upcoming 0.4.5.12 and 0.4.6.10 - February 2022
by David Goulet 02 Feb '22

02 Feb '22

Greetings! There was a problem in our release engineering flow for our last 0.4.5 and 0.4.6 releases back in December 2021. In short, the git history was merged foward (from previous maintained versions) but not the actual changes for specific commits! Yes this can happen because we use `git merge -s ours` in our workflow at a very specific step in the process which lead to this problem. How it happened, we don't know but since this part is still done manually, it was a human error and likely the normal merge forward was not done for some parts and was done through the "-s ours". Anyway, someone noticed (huge thanks!), you can track it here: https://gitlab.torproject.org/tpo/core/tor/-/issues/40557 The good news is that it was only the new fallbackdir list and GeoIP updates. And thus, these two new releases will just be about that. Quick reminder as well that 0.3.5.x is EOL since Feb 1st and so network team is now done maintaining that version. Upcoming version: - 0.4.5.12 - 0.4.6.10 We've just asked the authorities to recommend these new versions. Cheers! David -- JdqWtdb2QqepPCR0HlXnXo1juV9HTc7FhjLutGwwn2I=

1 0

Monthly status report for irl
by Iain Learmonth 02 Feb '22

02 Feb '22

Hi, This is my monthly status report for work completed in January 2022. I have restructured the dynamic bridges such that they are now handled by unique identifiers, rather than by a numeric index. This makes it a lot easier to increase/decrease the number of bridges hosted on each provider, with targeted removal of specific bridges. Previously it was only possible to decrease the count, removing bridges according to their index. The bridges are now being monitored for the “overload” parameter in their descriptors, so that it’s possible to see when a pool is undersupplied to meet the demand. I now have a local dashboard for managing the bridges, making replacement easier and no longer requiring manual changes to text files with an editor. (Although any more advanced operations still require that.) I have deployed an instance of CDR Link (https://digiresilience.org/solutions/link/) for user support. This instance is being used to evaluate the platform with a view to eventually replacing RT as the hub for user support tickets. Throughout February, I am planning to add another cloud provider to the dynamic bridge framework and continue to monitor the deployed dynamic bridges and CDR Link instance for any maintenance that may be required. Thanks, Iain. -- Iain Learmonth (he/him) SR2 Communications Limited Phone: +44 (0)1224 900 202 | Email: irl(a)sr2.uk

1 0

PieroV's monthly status report
by Pier Angelo Vendrame 02 Feb '22

02 Feb '22

Hi everyone! This is my status report for January 2022. I took back from the patchset reordering and Tor Browser Bundle test. I got Richard's feedback, thanks to which we improved the result a lot. Now we can build Tor Browser (almost) at every commit of our patchset. Builds at two commits (around the integration of torbutton) produce a non-working browser, but this was an acceptable trade-off for us. Please, have a look at the original issue (tor-browser#40562 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40562>) and at the merge requests (tor-browser!242 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests…> and tor-browser!250 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests…>) for more details. For tests, I updated the ones that were not working anymore (tor-browser-bundle-testsuite!17 <https://gitlab.torproject.org/tpo/applications/tor-browser-bundle-testsuite…>) and added some issues to what we would like to fix/implement. Then, I had some new tasks. One was rebasing geckoview to version 96 (tor-browser#40769 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40769> and !243 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests…>) and Android components to 96.0.13. The latter were not merged; aguestuser rebased them to 96.0.15, instead. Anyway, this took me quite some time, but I learned a lot about our build system. Also, it made me find a problem with our configuration flags for Firefox that prevented geckoview from being compiled successfully and fixed them in tor-browser!251 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests…>. Eventually, this patch was also needed for Firefox 91.6. Another big task was updating Tor settings in the about:preferences (tor-browser#40774 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40774>); I am close to a conclusion with it. Finally, another pair of tasks were updating obfs4proxy (tor-browser-build!396 <https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re…>) and some localization strings (tor-browser!247 <https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests…>). If I have not forgotten anything, that is all for this month 🙂. Thanks, Pier

1 0