tor-project

tor-project@lists.torproject.org

17 participants
2325 discussions

Sponsor 38 2020-12 update (Shadow simulator)
by Jim Newsome 17 Dec '20

17 Dec '20

Our latest update on the Shadow simulator is in Shadow's new Discussions forum <https://github.com/shadow/shadow/discussions/1060>. Thanks, and Happy Holidays! The Shadow team <https://github.com/shadow/shadow/blob/master/docs/nsf-sponsorship.md#people>

1 0

Anti-censorship meeting notes, 17 Dec 2020
by Philipp Winter 17 Dec '20

17 Dec '20

Hi all, Here are our meeting minutes: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-12-17-15.57.html And here is our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday December 17th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors we are working on: * All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 30 * https://gitlab.torproject.org/groups/tpo/-/milestones/4 * https://gitlab.torproject.org/groups/tpo/-/milestones/7 * https://gitlab.torproject.org/groups/tpo/-/milestones/5 * https://gitlab.torproject.org/groups/tpo/-/milestones/6 * Sponsor 28 * must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 * possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… * Anti-censorship related tickets that we want other teams to fix: * https://pad.riseup.net/p/tor-anti-censorship-tickets-keep <-- it will be moved into gitlab with TPO labels <-- do we still need this? The label is 'for anticensorship team' * Public bug-reporting pad: * https://pad.riseup.net/p/tor-anti-censorship-bugs-keep == Announcements == * Tor is moving to ed25519 IDs as relay/bridge identifiers. * Current fingerprint format (SHA-1 over RSA key) may not be around anymore. == Discussion == * Post mortem of moat outage * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek… * How can we prevent this from happening again? * Is this the last meeting until 2021? == Actions == * == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. phw: This week (2020-12-17): * Wrote obfs4proxy patch that fixes -unsafeLogging. * https://gitlab.com/yawning/obfs4/-/merge_requests/1 * Helped Benjamin from Guardian Project debug ongoing obfs4proxy HPKP issue. * Still dealing with tor's dormant mode issue in bridgestrap. * https://gitlab.torproject.org/tpo/core/tor/-/issues/40228 * Created a Prometheus dashboard for bridgestrap. It's beautiful. * https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/13 * Mostly read rBridge paper. * Closed our obfs4proxy HPKP issue because numbers have mostly recovered. * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek… * Made progress on rdsys's persistence layer. * https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/5 Next week: * Progress on Salmon's privacy improvements. * Brainstorm a way to do censorship measurement for Salmon. Help with: * cecylia (cohosh): last updated 2020-12-17 Last week: - met with protozoa people about a new PT - did some research on issues with stacking reliable protocols - ran some tests for an increased window size in snowflake#40026 - merged snowflake!24 - read release notes for pion/webrtc v3.0.0 This week: (AWAY DEC 21 - JAN 06) - try an update to pion/webrtc/v3 (snowflake#40027) - update webrtc and snowflake versions in tor browser - continue to monitor snowflake stats - Figure out why we still have unknown proxies Needs help with: juggy : last updated before 2020-12-17 This week: - Got very basic "suggested readings" list up and running here : https://jugheadjones10.github.io/anti-censorship-reading/ Next week: - Keep studying BridgeDB to write architectural overview Help with: - Open issues here (https://github.com/jugheadjones10/anti-censorship-reading ) for papers/resources/readings that you think might be useful for newcomers arlolra: 2020-10-29 Last week: - Next week: - getting back up to speed - follow ups to #33365 - start on #31201 Help with: - dcf: 2020-12-17 Last week: - looked at cohosh's patch to increase the KCP window size https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: Help with: Antonela: 2020-08-27 This week: - Wrapping Babatunde's research on the use of circumvention tools during internet censorship in Africa. Wrapping Personas for s30 with it. For september: - We are planning interviews with users in China to run our bridges discovery issues script in real time. We discussed to include TBA + snowflake as a task for users to run over a week or two and report back. https://gitlab.torproject.org/tpo/ux/research/-/issues/4 - I still have bridges.tpo to lektor issue open - More work on UX/UI for TB 10.0/10.5 - Review Salmon related tickets (im late with it!) agix:2020-12-17 Last week: -More on research httpt #4 -Worked on rdsys #6 (took a deep dive into extra-info descriptors)¶ Next week: -Finish rdsys #6 -More work on httpt #4 Help with: - hanneloresx: 2020-10-22 Last week: - Took break to focus on work Next week: - #32117: Look at CAPTCHA success rate for users from the US across different types of bridges Help with: - thymbahutymba: 2020-04-02 Last week: - CI/CD pipeline for multiarch docker images, which has a problem with the apt tor version even though the apt repository have been changed into the Dockerfile. Next week: Help with: HashikD: 2020-11-19 This week: - Next week: - Research on how to implement a STUN check on Android. Help with: -

1 0

ANN: Updated Tor Browser Signing Key
by Matthew Finkel 14 Dec '20

14 Dec '20

Hello everyone, The OpenPGP Tor Browser signing key is due to expire this Saturday (19 December). While we usually rotate the signing key, we extended the expiration date instead due to the difficulty of activating a new key at this time. The signing key now expires on 12 June 2021. We may extend the expiration date again when we get closer to that date if key rotation is not a viable option over the next 6 months. The updated key is available from keys.openpgp.org [0], and it will be available from The Tor Project's key server [1] within the next few days. [0] https://keys.openpgp.org/search?q=torbrowser%40torproject.org [1] https://support.torproject.org/tbb/how-to-verify-signature/

1 0

You're invited: PrivChat hosted by Snowden | Friday 12/11 @ 18:00 UTC
by Al Smith 11 Dec '20

11 Dec '20

Hello Tor, Next Friday, *Edward Snowden *will host Tor’s third PrivChat (https://torproject.org/privchat), a fundraising livestream event and conversation with human rights defenders + real-life Tor users *Alison Macrina* (Founder, Library Freedom Project), *Berhan Taye *(Africa Policy Manager and Global Internet Shutdowns Lead, Access Now) and *Ramy Raoof* (Security Labs Technologist, Amnesty International). *What: *PrivChat | Tor Advancing Human Rights *When: *Friday, December 11 @ 18:00 UTC / 13:00 Eastern / 10:00 Pacific *Where: *The Tor Project’s YouTube channel: https://www.youtube.com/watch?v=S2N3GoewgC8 * **// What’s PrivChat? //* PrivChat is a fundraising event series held to raise donations for the Tor Project. Through PrivChat, we bring you important information related to what is happening in tech, human rights, and internet freedom by convening experts for a chat with our community. * **// Tor Advancing Human Rights //* The Tor Project's main mission is to advance human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies. People use our technology, namely the Tor network and Tor Browser, in diverse ways. Tor is used by whistleblowers who need a safe way to bring to light information about wrongdoing -- information that is crucial for society to know -- without sharing their identity. Tor is used by activists around the world who are fighting against authoritarian governments and to defend human rights, not only for their safety and anonymity, but also to circumvent internet censorship so their voices can be heard. Tor allows millions of people to protect themselves online, no matter what privilege they have or don't have. For our third edition of PrivChat, we are bringing you some real-life Tor users who will share how Tor has been important for them and their work to defend human rights and freedoms around the world. Please spread the word! There’s an easy tweet pinned to the top of our Twitter page: https://twitter.com/torproject/status/1334209034392465409?s=20 Hope to see you there, Al -- Al Smith (they/them) Fundraising • Communications The Tor Project

1 1

Anti-censorship meeting notes, 10 Dec 2020
by Philipp Winter 10 Dec '20

10 Dec '20

Hi all, Here are our meeting minutes: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-12-10-15.58.html And here is our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday December 10th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors we are working on: * All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 30 * https://gitlab.torproject.org/groups/tpo/-/milestones/4 * https://gitlab.torproject.org/groups/tpo/-/milestones/7 * https://gitlab.torproject.org/groups/tpo/-/milestones/5 * https://gitlab.torproject.org/groups/tpo/-/milestones/6 * Sponsor 28 * must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 * possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… * Anti-censorship related tickets that we want other teams to fix: * https://pad.riseup.net/p/tor-anti-censorship-tickets-keep <-- it will be moved into gitlab with TPO labels <-- do we still need this? The label is 'for anticensorship team' * Public bug-reporting pad: * https://pad.riseup.net/p/tor-anti-censorship-bugs-keep == Announcements == * == Discussion == * Your thoughts on httpt #4 ( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… ) * How would you approach this issue? * What does the threat model look like? == Actions == * == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. phw: This week (2020-12-10): * Reviewed https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Reviewed https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * A bit of brainstorming at https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… * Bridgestrap debugging https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/11 * Added rdsys's backend to our monit config. * Wrote a patch for obfs4proxy's certificate pinning issue. * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek… * Published Nov 2020 report on tor-project@ and on our blog. * Debugged a memory exhaustion issue in rdsys: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/30 * Attended some DRL meetings. * Filed TPA ticket to have rdsys's backend metrics scraped by Prometheus: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40113 * Realised that tor's dormant mode broke bridgestrap: https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/12 Next week: * Reach out to a few folks to have emma run in different places. * Progress on Salmon. Help with: * cecylia (cohosh): last updated 2020-12-10 Last week: - reviewed bridgestrap!4 - reviewed snowflake!22 - worked on debugging performance issues with snowflake#25723 - found some throughput bottlenecks in KCP (snowflake#40026) - created https://gitlab.torproject.org/tpo/anti-censorship/gettor-project/onionsprou… project and read through source code This week: - reduce KCP bottlenecks (snowflake#40026) - continue to monitor snowflake stats - Figure out why we still have unknown proxies - have broker inform proxies when to poll (snowflake#25598) - Finish work on avoiding double delays (snowflake#34080) - Continue snowflake multiplexing debugging (snowflake#25723) Needs help with: juggy : This week: - Got very basic "suggested readings" list up and running here : https://jugheadjones10.github.io/anti-censorship-reading/ Next week: - Keep studying BridgeDB to write architectural overview Help with: - Open issues here (https://github.com/jugheadjones10/anti-censorship-reading ) for papers/resources/readings that you think might be useful for newcomers arlolra: 2020-10-29 Last week: - Next week: - getting back up to speed - follow ups to #33365 - start on #31201 Help with: - dcf: 2020-12-09 (will miss 2020-12-10 meeting) Last week: Next week: Help with: Antonela: 2020-08-27 This week: - Wrapping Babatunde's research on the use of circumvention tools during internet censorship in Africa. Wrapping Personas for s30 with it. For september: - We are planning interviews with users in China to run our bridges discovery issues script in real time. We discussed to include TBA + snowflake as a task for users to run over a week or two and report back. https://gitlab.torproject.org/tpo/ux/research/-/issues/4 - I still have bridges.tpo to lektor issue open - More work on UX/UI for TB 10.0/10.5 - Review Salmon related tickets (im late with it!) agix:2020-12-10 Last week: -Did some research for httpt #4 -Started with rdsys #6 -More Go Next week: -Finish rdsys #6 -More work on httpt #4 Help with: - hanneloresx: 2020-10-22 Last week: - Took break to focus on work Next week: - #32117: Look at CAPTCHA success rate for users from the US across different types of bridges Help with: - thymbahutymba: 2020-04-02 Last week: - CI/CD pipeline for multiarch docker images, which has a problem with the apt tor version even though the apt repository have been changed into the Dockerfile. Next week: Help with: HashikD: 2020-11-19 This week: - Next week: - Research on how to implement a STUN check on Android. Help with: -

1 0

OONI Monthly Report: November 2020
by Maria Xynou 09 Dec '20

09 Dec '20

Hello, Throughout November 2020, the OONI team worked on the following sprints: * Sprint 25 - Näkki (October 26 - November 8, 2020) * Sprint 26 - Neerali (November 9 - 22, 2020) * Sprint 27 - Hexacorallia (Nov 23 - Dec 6, 2020) Our work can be tracked through the various OONI GitHub repositories: https://github.com/ooni Highlights are shared in this report below. ## OONI Probe Mobile ### Released OONI Probe Mobile 2.7.1 We released OONI Probe Mobile 2.7.1 for: * Android: https://github.com/ooni/probe-android/releases/tag/v2.7.1 * iOS: https://github.com/ooni/probe-ios/releases/tag/v2.7.1 This release includes the following noteworthy changes: * We have removed the "Include Network Info" setting (which enabled you to opt-out of ASN collection). Now ASN information (https://ooni.org/support/glossary/#asn) is collected by default. We decided to do this because measurements that don't include ASN information are non-actionable. * We have removed the setting which enabled you to share your IP address (on an opt-in basis). We decided to remove this setting because we think the potential risk associated with sharing IP addresses is greater than the benefit. Furthermore, when users did choose to share their IP addresses over the last years, we did not find them particularly useful. Following these changes, the "Sharing" setting is no longer available in the OONI Probe mobile app (since the above options have been removed), and the "Publish Results" setting (which is enabled by default) has been moved under the Privacy tab of the app. Through these changes (in OONI Probe Mobile 2.7.1), we aim to make OONI Probe measurements both more secure and more actionable. ### Progress on adding support for automated regular testing We continued to make progress towards adding support in the OONI Probe mobile app for automated regular testing, as documented through this ticket: https://github.com/ooni/probe/issues/916 We also worked on activities pertaining to the following tickets: https://github.com/ooni/probe/issues/1269 https://github.com/ooni/probe/issues/1271 https://github.com/ooni/probe/issues/970 https://github.com/ooni/probe/issues/1249 In addition, we released the beta version of OONI Probe Android 2.8.0: https://github.com/ooni/probe-android/releases/tag/v2.8.0-beta.1 ## Updated OONI Data Policy We updated the OONI Data Policy to reflect the changes made in the OONI Probe Mobile 2.7.1 release. The updated version (1.4.1) of the OONI Data Policy is available here: https://ooni.org/about/data-policy This is a minor update, mainly aiming to reflect that OONI Probe mobile app users can no longer opt-out from ASN collection, nor opt-in to IP address collection. These options are currently available through the OONI Probe desktop app (though future releases will remove these options too). ## OONI Probe Desktop ### Released OONI Probe Desktop 3.1.0 We released OONI Probe Desktop 3.1.0 for macOS and Windows: https://github.com/ooni/probe-desktop/releases/tag/v3.1.0 With the latest version (3.1.0) you can: * Choose the categories of websites that you want to test (by enabling/disabling website categories in the settings) * Change the language of your OONI Probe desktop app (thanks to support from the Localization Lab community!) The latest version also features a new settings screen layout. In preparation for the OONI Probe Desktop 3.1.0 release, the Localization Lab coordinated the translation of new OONI Probe strings. We also translated the new strings to Greek ourselves. Towards the end of November 2020, we released OONI Probe Desktop 3.1.1 with some bug fixes: https://github.com/ooni/probe-desktop/releases/tag/v3.1.1 We also worked on the activities documented through the following tickets and pull requests: https://github.com/ooni/probe/issues/1243 https://github.com/ooni/probe-desktop/pull/185 https://github.com/ooni/probe/issues/1274 https://github.com/ooni/probe/issues/1290 https://github.com/ooni/probe/issues/1291 ### Updated OONI Probe macOS homebrew package We worked on updating the OONI Probe macOS homebrew package with the OONI Probe Command Line Interface (CLI). This work is documented through the following tickets: https://github.com/ooni/probe/issues/1270 https://github.com/ooni/probe/issues/1289 We have opened a pull request for the new OONI Probe homebrew package here: https://github.com/Homebrew/homebrew-core/pull/66474 ## OONI Probe Command Line Interface (CLI) We continued to improve upon the OONI Probe CLI through the following releases: * 3.0.10: https://github.com/ooni/probe-cli/releases/tag/v3.0.10 * 3.0.11: https://github.com/ooni/probe-cli/releases/tag/v3.0.11 ## Building Debian package for OONI Probe We made progress on building a Debian package for OONI Probe. Our work on this is available here: https://github.com/ooni/probe-cli/pull/162 The Debian package for OONI Probe could optionally be periodically invoked by systemd to perform automatic testing. ## OONI Probe Engine In November 2020, we made the following improvements to the OONI Probe measurement engine: * Implemented fallback for lookup IP: https://github.com/ooni/probe-engine/issues/1026 * Routine releases: https://github.com/ooni/probe-engine/issues/1004 * Removed the ASN, country code, and IP settings (in line with the OONI Probe Mobile 2.7.1 release): https://github.com/ooni/probe-engine/issues/974 * Reverted the sanitization of the resolver IP in the Web Connectivity test: https://github.com/ooni/probe-engine/issues/1047 * Bug fix: https://github.com/ooni/probe-engine/issues/994 ## Expanding OONI Probe measurement methodologies As part of our ongoing efforts to expand our measurement capabilities, we: * Wrote the Web Connectivity test helper in Go: https://github.com/ooni/probe-engine/pull/1078 * Split TLS ClientHello to better characterise SNI blocking (as part of research on how to measure TLS middleboxes): https://github.com/ooni/probe-engine/issues/622 * Added support to the http3 experiment (contributed by community members) for using an alternative resolver: https://github.com/ooni/probe-engine/issues/1024 * Wrote a basic specification for the `urlgetter` experiment: https://github.com/ooni/spec/pull/205 * Made `urlgetter` experiment measurements public through the OONI API: https://github.com/ooni/probe-engine/issues/1056 We also fixed a bug which occurred when the new RiseupVPN experiment (contributed by community members) ran after the OONI Psiphon experiment, resulting in the failure of the RiseupVPN experiment. This bug occurred because the RiseupVPN experiment was mistakenly forced to pass through the tunnel created by Psiphon. This was caused by an implementation detail where the tunnel created by Psiphon was associated with the measurement session and subsequently reused by other experiments (in this case, the RiseupVPN experiment). The fix therefore entailed changing the codebase so that the OONI Psiphon experiment uses its own private tunnel and does not share it with the measurement session. This work is documented through the following ticket: https://github.com/ooni/probe-engine/issues/1050 ## OONI Explorer ### Website-centric stats page We made progress on creating a website-centric stats page for OONI Explorer: https://github.com/ooni/explorer/pull/475. The goal of this page is to present users with OONI measurement stats and visualizations based on a tested website around the world. We created an initial version of this page, which is available here: https://explorer.ooni.org/experimental/website We encourage community feedback! We are collecting feedback through the following ticket: https://github.com/ooni/explorer/issues/525 ### Other OONI Explorer improvements We also made progress on the activities documented through the following tickets: * Adding more end-to-end testing of OONI Explorer: https://github.com/ooni/explorer/issues/490 & https://github.com/ooni/explorer/pull/493 * UI improvements: https://github.com/ooni/explorer/issues/511 * Upgrading to the latest ooni-components: https://github.com/ooni/explorer/issues/509 * Adding nivo-toy to OONI Explorer: https://github.com/ooni/explorer/pull/514 * Fixing issues in WhatsApp measurement pages: https://github.com/ooni/explorer/issues/406 * Linking to measurements on OONI Explorer Country pages: https://github.com/ooni/explorer/issues/338 ## OONI backend Throughout November 2020, we worked on the following backend activities: * Created documentation, diagrams, dashboards, and runbooks * Monitored 500 status code errors * Looked into missing Telegram measurements * Changed the rate limiting * Wrote tooling to manage CI/CD deployments on test and prod hosts * Implemented a backup/export of the fastpath table into S3 * Wrote a measurement_forwarder * Deployed an event detector on test * Monitored coverage before switching all traffic to test-list/urls from ams-pg * Fixed Nginx logging and ipaddr truncation * Implemented API that allows OONI Probes to check-in before running tests * Implemented and deployed the reactive test-list * Added a dashboard to monitor the reactive test-list * Added 2 new test types to the OONI API * Tested the persistent journald * Implemented a deployer to support OSX ## Internet Shutdown Measurement Training for Advocates Throughout November 2020, we continued to facilitate (as a lead partner) Internews’ Internet Shutdown Measurement Training for human rights advocates in Sub-Saharan Africa. During the week of 2nd November 2020, we helped facilitate the synchronous training provided by M-Lab for the module on “Measuring Internet Performance”. During the week of 9th November 2020, we helped facilitate the synchronous training for the module on “Contextualizing Your Data: Using Local Insight and Qualitative Research”. During the week of 16th November 2020, we helped facilitate the synchronous training provided by Access Now for the module on “Using Measurements in Advocacy”. During the final week of November 2020, we helped training participants prepare for their group presentations (at the end of the training program on 1st December 2020). Throughout the training program, we supported the training participants by sharing relevant resources, addressing questions, reviewing their homework assignments, and helping them prepare their projects. ### Created post-training survey We created a (second, overall) survey for the participants of Internews’ Internet Shutdown Measurement Training program. This survey was distributed towards the end of the 6-week training program with the goal of collecting participant feedback on: * The overall training program * Each of the training modules (speaker and guest speaker sessions) * The quality of the training mentorship * Their intra-group collaboration * The homework assignments * How future training programs can be improved Through this post-training survey, we also aimed to gauge participant knowledge and skills acquired throughout the training program, in order to evaluate its effectiveness. ## Created videos for micro-course on internet censorship We created 3 short videos (as well as relevant slides and resources) for an online micro-course on internet censorship. Each of these videos cover the following topics: * What is Internet Censorship? * The Problem of Internet Censorship * How to Detect Internet Censorship with OONI Probe We expect to see these resources published by community members in 2021. ## Worked on research report on LGBTIQ website blocking In collaboration with OutRight Action International and the Citizen Lab, we have been working on a joint research report which examines the blocking of LGBTIQ websites in 6 countries based on OONI data. Throughout November 2020, we continued to edit the report. ## Collaboration with Netalitica on test lists Netalitica researchers continued to update the Citizen Lab test lists, and we reviewed (and shared feedback on) the updates to the Zimbabwean and Algerian test lists. We also made updates to several other test lists based on URLs shared by community members: https://github.com/citizenlab/test-lists/pull/682 https://github.com/citizenlab/test-lists/pull/694 https://github.com/citizenlab/test-lists/pull/684 ## Data analysis for Azerbaijan Internet Watch In support of our partner, Azerbaijan Internet Watch, we analyzed OONI measurements collected from Azerbaijan between September 2020 to November 2020. In recent months, OONI measurements show that a number of social media services started presenting signs of blocking in Azerbaijan (in addition to the ongoing blocking of media websites) over the last months as well. We documented the findings of our analysis in a report (including relevant charts), which we shared with Azerbaijan Internet Watch. ## Preparing new Partnerships page for the OONI website We have created a new page for the OONI website which features all of our partners, highlights their work, links to their websites, and shares some of the research reports and projects that we have collaborated on. We plan to publish this page in December 2020. In preparation, we reached out to our partners requesting their feedback on this new page and we edited accordingly. ## Creating a new Donate page for the OONI website We started working on creating a new Donate page for the OONI website. Our work on this front involved the design and creation of relevant mockups and frontend development. ## Community use of OONI data ### OTF Fellow research report on information controls in Myanmar Over the last year, we had the opportunity to collaborate with and support Phyu Phyu Kyaw, an OTF Information Controls Fellow, who investigated surveillance and internet censorship (through the use of OONI Probe and OONI data) in Myanmar. More specifically, we supported Phyu Phyu Kyaw with OONI data analysis (and relevant charts) on cases of internet censorship in Myanmar. Phyu Phyu Kyaw’s report is published here: https://www.opentech.fund/news/information-controls-unprotected-legal-lands… ### Internews community needs assessment report Internews carried out a study that aimed to document community needs with respect to advocating against internet shutdowns. Their report, based on this study, is available here: https://static1.squarespace.com/static/5a9efdd2f2e6b149480187ea/t/5fbd37cda… Internews’ research found that the vast majority of advocates who participated in this study reported that (out of several network measurement tools) they are mainly familiar with (and have experience using) OONI Probe. The community feedback collected through this study is valuable as it will help inform the development and improvement of our work. ## Community activities ### Internet Governance Forum (IGF) We participated in the Internet Governance Forum (IGF) 2020 (which took place entirely online) by hosting an OONI e-booth between 2nd to 13th November 2020. We also presented OONI during the IGF Village virtual tours. Through the OONI e-booth, we aimed to engage participants with OONI’s censorship measurement tools and datasets, share resources, address questions, and receive community feedback (through live consultations). Information about the OONI e-booth at the IGF Village is available here: https://www.intgovforum.org/multilingual/content/igf-2020-village-booth-60-… ### State of the Onion 2020 On 16th November 2020, OONI’s Maria presented OONI during the Tor Project’s annual State of the Onion 2020: https://blog.torproject.org/state-of-the-onion-2020 More specifically, we shared OONI highlights from 2020, as well as upcoming OONI projects for 2021. The State of the Onion 2020 event can be viewed here: https://www.youtube.com/watch?v=IyWyTypRGWQ ### OONI Community Meeting On 24th November 2020, we hosted the monthly OONI Community Meeting on our Slack channel (https://slack.ooni.org/), during which we discussed the following topics: 1. Brief updates from the OONI-verse 2. Open source and reliable auditing frameworks 3. Integrating the new DNSCheck experiment into the OONI Probe mobile and desktop apps 4. Requirements for running and shipping new experimental tests: Request for community feedback ## Userbase In November 2020, 3,368,016 OONI Probe measurements were collected from 4,679 networks in 195 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on “monthly coverage worldwide”): https://explorer.ooni.org/ We examined this drop in measurement coverage (in comparison to previous months), and we found that it is explained primarily by the following 2 reasons: * We recently stopped processing and publishing AS0 measurements, particularly because measurements without an ASN have very limited value; * Several legacy probes (which contributed large volumes of stable measurements) were discontinued over the last few months. That said, we aim to boost global measurement coverage over the next months once regular automatic testing is shipped as part of the OONI Probe mobile app. We also plan to release official Linux and macOS packages for OONI Probe, which will serve as a replacement for legacy probe users. ~ OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

Metrics meeting on Thursdays at 15UTC
by Gaba 08 Dec '20

08 Dec '20

Hi! The weekly meetings about Tor metrics are coming back to irc. We are going to meet every Thursday at 15UTC. Next meeting is December 10th at 15UTC in irc.oftc.net #tor-meeting Public pad in http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/tor… cheers, gaba -- pronouns she/her/they GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

Anti-censorship team monthly report: November 2020
by Philipp Winter 07 Dec '20

07 Dec '20

Hi everyone, Here's our monthly progress in anti-censorship: Snowflake --------- * Worked on getting Snowflake working for Onion Browser for iOS. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Set up and debugged a remote probe test to determine NAT compatibility of Snowflakes. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Modified the NAT type classifications of Snowflake clients to distribute proxies more evenly. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Created a patch that orders Snowflake's "snowflake-ips" metrics line by the number of requests. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Rdsys ----- * Created a page that shows a bridge's test result. This allows operators to check if their pluggable transports work correctly. You can query your bridge status by visiting: https://bridges.torproject.org/status?id=FINGERPRINT Note that the status page currently only tells you the status of your bridge's obfs2, obfs3, obfs4, and scramblesuit. https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/10 Also, the service is still experimental and occasionally offline. * Made it possible to look up a bridge's status by providing its hashed fingerprint. https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/28 * Finished documentation on rdsys's design and architecture. You can take a look at it here: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/master/doc/a… https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/16 * Researched libraries to do i18n for rdsys. The library go-i18n seems to check all of our boxes. https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/11 * Filed an issue to get a Transifex resource to do i18n for rdsys. https://gitlab.torproject.org/tpo/community/l10n/-/issues/40009 * Made rdsys pool bridgestrap requests to make the interaction between both services more efficient. https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/24 * Made rdsys's supported resources configurable. This is important because some bridge operators set up adventurous things like their own meek, and we don't want to distribute those. https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/29 Salmon ------ * Spent some time on our privacy-preserving Salmon modifications but haven't yet managed to come up with a clean implementation. More work is needed. https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/21 Bridgestrap ----------- * Made bridgestrap export metrics that are now scraped by our Prometheus instance. The raw metrics are publicly accessible at: https://bridges.torproject.org/bridgestrap-metrics https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/4 * Deployed bridgestrap on polyanthum, the host on which BridgeDB and rdsys run. https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/5 * Finally merged our SETCONF-based rework of how bridgestrap does its testing. https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/3 * Added a field to bridgestrap's test result that informs the requester when a bridge was last tested. https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/6 * Spent some time debugging why the number of functional bridges decreases as we test more bridges in parallel. More work is needed. https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/7 * Made bridgestrap's cache timeout configurable. https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/8 Other ----- * Cecylia presented the anti-censorship team's yearly progress as part of our State Of The Onion presentation: https://www.youtube.com/watch?v=IyWyTypRGWQ * Added a new obfs4 default bridge. Thanks to Louis-Philippe Véronneau for operating the bridge! https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40212 * Brainstormed ways to stream bridge updates from Serge (our bridge authority) to polyanthum (the host where rdsys and bridgestrap are running). https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/9 * Updated monit configuration to make it monitor Snowflake's probetest service and bridgestrap. * Worked with Gus to ask a few folks to run emma in countries that we believe block some aspects of Tor. * Philipp is going to review submissions for the DNSPRIVACY 2021 workshop. https://dnspriv21.hotcrp.com * Sponsor 28 scrimmage and PI meeting.

1 0

OONI Monthly Report: October 2020
by Maria Xynou 04 Dec '20

04 Dec '20

Hello, Throughout October 2020, the OONI team worked on the following sprints: * Sprint 23 - Ægir (Sep 28 - Oct 11, 2020) * Sprint 24 - Kelpie (Oct 12 - Oct 25, 2020) * Sprint 25 - Näkki (Oct 26 - Nov 8, 2020) Our work can be tracked through the various OONI GitHub repositories: https://github.com/ooni Highlights are shared in this report below. ## Completed migration of OONI infrastructure to Amsterdam In October 2020, we completed the process of migrating critical OONI infrastructure (hosting the OONI data processing pipeline) to servers in Amsterdam. This process involved: * Building a new OONI PostgreSQL metaDB (powered by the latest version of PostgreSQL 11) which uses a different set of tables based on our improved, fasthpath pipeline (https://github.com/ooni/backend/issues/322); * Refactoring the OONI API codebase to use the fastpath pipeline (https://github.com/ooni/backend/issues/437); * Implementing a fastpath pipeline-based API to support OONI Explorer (https://github.com/ooni/backend/issues/442); * Replacing the batch OONI data processing pipeline entirely with our new OONI fastpath pipeline; * Discontinuing all of our hosts on the Hong Kong data centre (https://github.com/ooni/backend/issues/390); * Consolidating our infrastructure on a single host on DigitalOcean (https://github.com/ooni/backend/issues/400); * Improving our infrastructure to include better monitoring and alerting (https://github.com/ooni/backend/issues/439, https://github.com/ooni/backend/issues/398); * Extensive testing to ensure that nothing breaks during (and after) the migration (https://github.com/ooni/backend/issues/372). We successfully replaced the batch OONI data processing pipeline with our new fastpath pipeline, and now all OONI measurements collected from around the world are processed and openly published in near real-time. Overall, the migration to new servers in Amsterdam was successful, as nothing broke and our services have significantly improved performance. ## Improved OONI Explorer performance As a result of the migration, OONI Explorer (https://explorer.ooni.org/) now has significantly improved performance! OONI Explorer fetches OONI measurements from the OONI API, which previously depended on both our batch data processing pipeline and our fastpath pipeline. In previous months, several OONI Explorer queries didn’t work and OONI Explorer itself faced several performance issues as a result of relying on both the new database tables and the legacy table for running queries. By consolidating our infrastructure and API, we have managed to significantly boost the performance of OONI Explorer. Now that the batch OONI data processing pipeline has been deprecated and replaced entirely by our new fastpath pipeline, all OONI measurements collected from around the world are processed and openly published in near real-time, and OONI Explorer queries work fast and reliably. This is further supported by our work involving the refactoring of the OONI API, switching to a new database schema, as well as upgrading to PostgreSQL 11. ## Discontinued PostgreSQL metaDB While we are excited to have migrated over to a new and improved pipeline (particularly since this significantly enhanced the performance of OONI Explorer!), this unfortunately affected the OONI PostgreSQL MetaDB, which was powered by an older version of PostgreSQL and which depended on the batch OONI data processing pipeline. As a result, the OONI PostgreSQL metaDB (which was powered by an older version of PostgreSQL) was inevitably discontinued in late October 2020. This means that users of the old OONI PostgreSQL metaDB would still have access to all previous OONI measurements, but they would not receive any updates once the migration (to servers in Amsterdam) was completed. We therefore reached out to OONI community members (particularly those who we knew relied on the OONI PostgreSQL metaDB for their projects) to share these updates, encourage them to share details about their use case, and we offered relevant help. ## Published report on censorship events amid Tanzania’s 2020 general election Starting from the eve of Tanzania’s 2020 general election, we started to observe the blocking of social media apps and websites. We published a report which shares OONI measurements and details on the blocking of social media in Tanzania on their election day. This report is available here: https://ooni.org/post/2020-tanzania-blocks-social-media-tor-election-day/ ## Worked on research report on LGBTIQ website blocking In collaboration with OutRight Action International and the Citizen Lab, we have been working on a joint research report which examines the blocking of LGBTIQ websites in 6 countries based on OONI data. Throughout October 2020, we made significant progress on the writing of this report (which we expect to co-publish in early 2021). ## Internet Shutdown Measurement Training for Advocates On 12th October 2020, we started a 6-week training program on internet shutdown measurement training for human rights defenders in Sub-Saharan Africa. This training program was organized by Internews, and OONI served as the lead partner on the program. Information about this program is available here: https://internews.org/call-applications-internet-shutdown-measurements-advo… As part of this training program, we led and facilitated the following 2 modules: * Introduction to Network Measurement * Detecting Blocking of Websites & Applications with OONI Probe For each of these two modules, we provided participants with a pre-recorded webinar for asynchronous learning. During the week of 12th October 2020, we provided several hours of synchronous training and mentorship for the module on “Introduction to Network Measurement”. During the week of 26th October 2020, we provided several hours of synchronous training and mentorship for the module on “Detecting Blocking of Websites & Applications with OONI Probe”. We also provided a live demo on how to use OONI Explorer in order to find OONI measurements on the blocking of social media in Tanzania amid its 2020 general election (which took place that week). Meanwhile, during the week of 19th October 2020, we helped facilitate the synchronous training provided by IODA for the module on “Detecting Internet Blackouts”. Throughout the training program, we also reviewed the homework assignments of the training participants, shared feedback and relevant resources. ## New OONI experiment for measuring encrypted DNS blocking India's Centre for Internet and Society (CIS) implemented a new OONI experiment (called `dnscheck`) for measuring the blocking of encrypted DNS transports. This experiment is currently available via the `miniooni` research client (https://github.com/ooni/probe-engine/tree/v0.19.0#building-miniooni) and we plan to integrate it as part of the Websites card in the OONI Probe apps. CIS India published a research report ("Investigating Encrypted DNS Blocking in India") based on this test, which is available here: https://cis-india.org/internet-governance/blog/investigating-encrypted-dns-… We also published a short blog post about this new experiment and CIS India’s report, which is available here: https://ooni.org/post/2020-encrypted-dns-blocking-india/ ## Code review of new nettests written by community members We are thrilled that community members are writing new experiments for OONI Probe! In October 2020, we reviewed the code of the following new nettests (written by community members): * RiseupVPN experiment; * HTTP host experiment; * DoH/DoT blocking experiment; * HTTP3 experiment. We hope to eventually ship such tests as part of the OONI Probe apps. ## Published OONI Probe ASN Incident Report In October 2020, we discovered an ASN-related bug in OONI Probe. In response, we published an Incident Report which shares details about the bug, what we did to fix it, and we document our next steps (as well as measures for limiting the possibility of similar bugs recurring in the future). Our Incident Report is available here: https://ooni.org/post/2020-ooni-probe-asn-incident-report/ ## OONI Probe Mobile ### Released OONI Probe Mobile 2.7.0 We fixed the ASN-related bug in the OONI Probe Mobile 2.7.0 release for: * Android: https://github.com/ooni/probe-android/releases/tag/v2.7.0 * iOS: https://github.com/ooni/probe-ios/releases/tag/v2.7.0 More specifically, this release includes the following improvements: * Fixed a bug to ensure that the ASN is not leaked in the report ID of measurements when users have opted out of ASN collection; * Removed all dependencies from the C++ Measurement Kit engine; * Made the app rely entirely on the new Go probe engine; * General improvements and minor bug fixes We are excited that following the 2.7.0 release, the OONI Probe mobile app relies entirely on our go-based probe engine! ### Progress on adding support for automated regular testing We continued to make progress towards adding support in the OONI Probe mobile app for automated regular testing, as documented through this ticket: https://github.com/ooni/probe/issues/916 ## OONI Probe Desktop We fixed the ASN-related bug on OONI Probe desktop through the following release: https://github.com/ooni/probe-cli/releases/tag/v3.0.8 We released OONI Probe 3.0.4 for macOS and Windows, which includes several bug fixes, UI improvements, and other changes: https://github.com/ooni/probe-desktop/releases/tag/v3.0.4 We also added support to OONI Probe Desktop to enable users to customize their testing based on the Citizen Lab category codes: https://github.com/ooni/probe/issues/1022 ## Removed AS0 measurements from the OONI API and from OONI Explorer As an extra measure in addressing the ASN-related bug, we also worked on removing all AS0 measurements from the OONI API. We also made adjustments to the fastpath pipeline so that it stops processing AS0 measurements (as well as measurements which don’t have a country code). This work is tracked through the following tickets: https://github.com/ooni/pipeline/pull/326 https://github.com/ooni/api/pull/194 https://github.com/ooni/api/pull/195 OONI Explorer measurements are fetched from the OONI API, so by removing the AS0 measurements from the OONI API, we limited the possibility of accessing affected measurements. We also made relevant adjustments to OONI Explorer by preventing users from searching measurements based on AS0. This is tracked through the following tickets: https://github.com/ooni/explorer/pull/501 https://github.com/ooni/explorer/pull/502 ## OONI Explorer releases We made a series of improvements to OONI Explorer, we addressed the ASN-related bug (by hiding AS0 measurements), and we added support to OONI Explorer for using the new factored OONI API. These changes are documented through the following OONI Explorer releases: * 2.0.9: https://github.com/ooni/explorer/releases/tag/v2.0.9 * 2.0.10: https://github.com/ooni/explorer/releases/tag/v2.0.10 (which addressed the AS0 measurements) * 2.1.0: https://github.com/ooni/explorer/releases/tag/v2.1.0 (which uses the new refactored OONI API) We also added more end-to-end tests for OONI Explorer (https://github.com/ooni/explorer/pull/493), and we upgraded OONI Explorer to use the latest ooni-components (https://github.com/ooni/explorer/issues/509). ## OONI Probe engine We made a series of improvements to the OONI Probe engine (which powers the OONI Probe apps) through the following releases: https://github.com/ooni/probe-engine/releases/tag/v0.18.0 https://github.com/ooni/probe-engine/releases/tag/v0.19.0 ## OONI team peer review To improve our practices and grow as a team, we designed a peer review feedback form for the OONI team. The goal of this feedback form was to offer all OONI team members an opportunity to share feedback (in a structured way) on their colleagues’ performance, as well as on their own. ## Ford Foundation Communications Training OONI’s Maria participated in the Ford Foundation’s Communications Training program during the last week of October 2020. We were offered this great opportunity because we are a grantee of the Ford Foundation, who support OONI’s community-related work. The knowledge and skills gained throughout this week-long communications training program will help support our work in the long-run. ## Community use of OONI data ### MIT Policy Hackathon 2020 The theme of the MIT Policy Hackathon 2020 (https://www.mitpolicyhackathon.org/) was based on OONI data! MIT students who participated in this hackathon explored OONI data to answer a variety of questions, which are detailed here: https://docs.google.com/document/d/1DCK_7djZvJrd41ls-2ThN0cWPbszDQ5EAJZqcij… ### Access Now report on censorship events in Tanzania amid elections Access Now published a report on the blocking of social media in Tanzania amid its 2020 general election. Their report, which cites OONI data, is available here: https://www.accessnow.org/tanzania-votes-government-forces-telcos-escalate-… ## Community activities ### CensorWatch India’s Centre for Internet and Society (CIS) released a new research tool designed to perform censorship measurements, called CensorWatch: https://cis-india.github.io/censorwatch/ Over the past months we have collaborated with CIS India developers and CensorWatch builds upon OONI Probe methodologies. ### Created OONI Probe testing guides for October 2020 elections We created (and shared) 3 documents with relevant OONI Probe testing instructions for local communities in Tanzania, Guinea, and Cote d’Ivoire so that they can participate in OONI Probe censorship measurement leading up to, during, and after their respective October 2020 elections. ## Coordinated Telegram testing in Cuba and Thailand Starting from 15th October 2020, OONI measurements suggest the blocking of Telegram in Cuba, and we were told that 4 Telegram IPs were recently added to the Thai blocklist (though we have not seen Telegram blocked in Thailand yet). We therefore coordinated the testing of Telegram in Cuba and Thailand to collect more measurements throughout October 2020. In Cuba, community members reported that they were unable to use the OONI Probe mobile app (following the blocking of Telegram), but the OONI Probe desktop app continued to work (which is how many measurements continued to be collected). We spent resources in October 2020 investigating why the OONI Probe mobile app didn’t work in Cuba. ### SMEX resource including OONI Probe SMEX published a post titled “Website Blocking in the Arab Region: Monitoring and Counteraction Techniques” (a translation of the Arabic resource published previously), which is available here: https://smex.org/website-blocking-in-the-arab-region-monitoring-and-counter… Among other tools, OONI Probe is mentioned in this post as a tool for measuring internet censorship in the Arab region. ### OONI Community Meeting On 27th October 2020, we hosted the monthly OONI Community Meeting on our Slack channel (https://slack.ooni.org/), during which we discussed the following topics: 1. Updates from the OONI team 2. Integrating the DNScheck test into the OONI Probe mobile and desktop apps (https://github.com/ooni/probe-engine/tree/master/experiment/dnscheck) 3. Analyzing OONI data. ## Userbase In October 2020, 5,324,739 OONI Probe measurements were collected from 5,333 networks in 204 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on “monthly coverage worldwide”): https://explorer.ooni.org/ ~ OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

minutes from the sysadmin meeting
by Antoine Beaupré 03 Dec '20

03 Dec '20

Hi! I forgot to add a fancy header like this like month, but I want to say "hi!" to everyone, and "welcome back to our monthly reports from the sysadmin team"! :) Hopefully everyone can manage to stay safe in this crazier-than-usual holiday season! **Agenda** - Roll call: who's there and emergencies - Roadmap review - Triage rotation - Holiday planning - TPA survey review - Other discussions - New intern - Next meeting - Metrics of the month # Roll call: who's there and emergencies anarcat, hiro, gaba, no emergencies The meeting took place on IRC because anarcat had too much noise. # Roadmap review Did a lot of cleanup in the dashboard: https://gitlab.torproject.org/tpo/tpa/team/-/boards In general, the following items were priotirized: * [GitLab CI][] * finish setting up the Cymru network, especially the [VPN][] * [BTCpayserver][] * [tor browser build boxes][] * small tickets like the [git stuff][] and triage (see below) [git stuff]: https://gitlab.torproject.org/tpo/tpa/team/-/boards?&label_name[]=Git [tor browser build boxes]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/34122 [BTCpayserver]: https://bugs.torproject.org/tpo/tpa/team/33750 [VPN]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40097 [GitLab CI]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40095 The following items were punted to the future: * SVN retirement (to January) * password management (specs in January?) * Puppet role account and verifications We briefly discussed Grafana authentication, because of a request to [create a new account on grafana2][]. anarcat said the current model of managing the htpasswd file in Puppet doesn't scale so well because we need to go through this process every time we need to grant access (or do a password reset) and identified 3 alternative authentication mechanisms: [create a new account on grafana2]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40102 1. htpasswd managed in Puppet (status quo) 2. Grafana users (disabling the htpasswd, basically) 3. LDAP authentication The current authentication model was picked because we wanted to automate user creation in Puppet, and because it's hard to create users in Grafana from Puppet. When a new Grafana server is setup, there's a small window during which an attacker could create an admin account, which we were trying to counter. But maybe those concerns are moot now. We also discussed passord management but that will be worked on in January. We'll try to set a roadmap for 2021 in January, after the results of the survey have come in. # Triage rotation Hiro brought up the idea of rotating the triage work instead of having always the same person doing it. Right now, anarcat looks at the board at the beginning of every week and deals with tickets in the "Open" column. Often, he just takes the easy tickets, drops them in ~Next, and just does them, other times, they end up in ~Backlog or get closed or at least have some response of some sort. We agreed to switch that responsability every two weeks # Holiday planning anarcat off from 14th to the 26th, hiro from 30th to jan 14th # TPA survey review anarcat is [working on a survey][] to get information from our users to plan the 2021 roadmap. [working on a survey]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40061 People like the survey in general, but the "services" questions were just too long. It was suggested to remove services TPA has nothing to do with (like websites or metrics stuff like check.tpo). But anarcat pointed out that we need to know which of those services are important: for example right now we "just know" that check.tpo is important, but it would be nice to have hard data that confirms it. Anarcat agreed to separate the table into teams so that it doesn't look that long and will submit the survey back for review again by the end of the week. # Other discussions ## New intern [MariaV][] just started as an Outreachy intern to work on Anonymous Ticket System. She may be joining the `#tpo-admin` channel and may join the gitlab/tooling meetings. Welcome MariaV! [MariaV]: https://mviolante.com/ # Next meeting Quick check-in on December 29th, same time. # Metrics of the month * hosts in Puppet: 79, LDAP: 82, Prometheus exporters: 133 * number of apache servers monitored: 28, hits per second: 205 * number of nginx servers: 2, hits per second: 3, hit ratio: 0.86 * number of self-hosted nameservers: 6, mail servers: 12 * pending upgrades: 1, reboots: 0 * average load: 0.34, memory available: 1.80 TiB/2.39 TiB, running processes: 481 * bytes sent: 245.34 MB/s, received: 139.99 MB/s * [GitLab tickets][]: 129 issues including... * open: 0 * icebox: 92 * backlog: 20 * next: 9 * doing: 8 * (closed: 2130) [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards The upgrade prediction graph has been retired since it keeps predicting the upgrades will be finished in the past, which no one seems to have noticed from the last report (including me). Metrics also available as the main Grafana dashboard. Head to <https://grafana.torproject.org/>, change the time period to 30 days, and wait a while for results to render. -- Antoine Beaupré torproject.org system administration

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project