- tor-project - lists.torproject.org

((Tor Demo Day)) Next Wednesday, August 25th 2021, 1600 UTC
by gus 25 Aug '21

25 Aug '21

Dear Tor contributors, Next Wednesday, August 25th @ 1600 UTC, we will have a Tor Demo Day! You're invited! This edition will have presentations about Tor & CAPTCHAs, running relays at universities, helping Tor users, and exit bridges to circumvent blocked pages. To ensure a safe, friendly, and pleasant experience during the event, we ask all participants to read and follow the Tor Project Code of Conduct: https://community.torproject.org/training/code-of-conduct/ The presentation will be recorded. Agenda ------ * "CAPTCHA Monitor: Check if websites block Tor or return CAPTCHAs using real web browsers!" by Barkin Simsek (woswos) * "Tor Captcha and Block Monitoring" (GSoC 2021) by Apratim (_ranchak_) * "Help Tor users" (Outreachy 2021) by Kulsoom * "HebTor: Bypassing Tor Exit Blocking" by Micah Sherr * "Operating Tor Relays at Universities" by kantorkel Meeting room ------------ https://tor.meet.coop/gus-viu-5wr-7cb Full description ---------------- * "CAPTCHA Monitor: Check if websites block Tor or return CAPTCHAs using real web browsers!" - Barkin Simsek (woswos) The CAPTCHA Monitor project aims to track how often various websites block or return CAPTCHAs to Tor clients. The project aims to achieve this by fetching webpages via both Tor & other mainstream web browsers and comparing the results. The tests are repeated periodically to find the patterns over time. Collected metadata, metrics, and results are analyzed and displayed on a dashboard to understand how Tor users get discriminated against while using browsing the internet. * "Tor Captcha and Block Monitoring" - Apratim (_ranchak_) The Project focuses on tracking top websites from alexa/moz500 ranking and aims to get a detailed knowledge of the websites partially blocking, fully blocking or returning Captchas or even websites limiting functionalities. The results will be then collected and will be used to find the answers to different metric related questions (Example: What percentages of websites are blocked by a certain exit node). Further I hope that the metrics could be useful for the campaign to unblock Tor and even the DBM (DontBlockMe) Project * "Help Tor Project support our users" - Kulsoom Zahra During her internship with the Tor Project and Outreachy, Kulsoom Zahra helped Tor users to bypass censorship, fix their Tor Browsers, updated the Tor user documentation and much more. She will share with us her experience on helping Tor users. * "HebTor: Bypassing Tor Exit Blocking" - Micah Sherr Tor exit blocking, in which websites disallow clients arriving from Tor, is a growing and potentially existential threat to the anonymity network. We introduce two architectures that provide ephemeral exit bridges for Tor which are difficult to enumerate and block. Our techniques employ a micropayment system that compensates exit bridge operators for their services, and a privacy-preserving reputation scheme that prevents freeloading. We show that our exit bridge architectures effectively thwart server-side blocking of Tor with little performance overhead. https://seclab.cs.georgetown.edu/hebtor/ * "Operating Tor Relays at Universities" by kantorkel We* report on our experience of operating exit relays at two German universities and provide lessons learned. (*) https://arxiv.og/abs/2106.04277 -- The Tor Project Community Team Lead

1 1

Onionoo 8.0-1.27.0 released
by Silvia/Hiro 23 Aug '21

23 Aug '21

Hi, I have released Onionoo 8.0-1.27.0. Onionoo provides current and historical data about relays and bridges via a web-based API. * Medium changes - Add overload-ratelimits and overload-fd-exhausted ExtraInfo descriptor line fields to the bandwidth document. - Add overoload-general server descriptor line fields to the details document. * Minor changes - Update to metrics-lib 2.19.0 You can find the release at: https://dist.torproject.org/onionoo/8.0-1.27.0/ You can find the sources at: https://gitlab.torproject.org/tpo/metrics/onionoo/-/tree/onionoo-8.0-1.27.0/ Thanks, hiro

1 0

Anti-censorship meeting notes, 2021 August 19
by Cecylia Bocovich 19 Aug '21

19 Aug '21

Hi everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-08-19-16.00.html and our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday August 19th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Announcements == Job opening on the anti-censorship team: https://www.torproject.org/about/jobs/software-developer-anticensorship-2/ \o/ == Discussion == - v3 of the webext manifest doesn't support creating peerconnections in the background - last time: - we will present our need to https://github.com/w3c/webrtc-extensions/issues/77 to encourage them to permit WebRTC in service workers - no updates this week: cohosh will take over drafting a comment for the linked issue - Tor and obfs4/meek blocking in TM: https://gitlab.torproject.org/tpo/community/support/-/issues/40030 - last time: - https://metrics.torproject.org/userstats-relay-country.html?start=2021-05-1… - ggus found a volunteer to help with testing. obfs4, meek-azure, and snowflake did not work; a private obfs4 bridge worked. - http://emma.mhgb.net/ was not reachable, so ggus set up a mirror at http://emma.gus.computer/ - our tester is having difficulty installing a recent Tor browser on an old Windows computer - will ask to install ooniprobe - cohosh will ask OONI (arturo and maria) for contacts in TM - Snowflake reporting its own connection failures and sending messages to tor logs - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - useful for diagnosing failures to connect, by users or our own testing, without having to enable the snowflake-client log file - e.g. using PT protocol LOG or STATUS messages - Ukraine is experiencing an increase in relay users - https://metrics.torproject.org/userstats-relay-country.html?country=ua - in the past this was due to a browser bundling tor for anti-blocking purposes - https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… == Interesting links == USENIX Security 2021 papers https://www.usenix.org/conference/usenixsecurity21/technical-sessions "Domain Shadowing: Leveraging Content Delivery Networks for Robust Blocking-Resistant Communications" https://www.usenix.org/conference/usenixsecurity21/presentation/wei "How Great is the Great Firewall? Measuring China's DNS Censorship" https://www.usenix.org/conference/usenixsecurity21/presentation/hoang "Balboa: Bobbing and Weaving around Network Censorship" https://www.usenix.org/conference/usenixsecurity21/presentation/rosen "Weaponizing Middleboxes for TCP Reflected Amplification" https://www.usenix.org/conference/usenixsecurity21/presentation/bock "Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations" https://www.usenix.org/conference/usenixsecurity21/presentation/nasr == Reading group == We will discuss "" on Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2021-08-19 Last week: - hiring tasks for ac team and network team - 3 full days of s28 integration/scrimmage prep x_x - checked on censorship measurement tests - looked in TM blocking of Tor bridges (support#40030) - parse SOCKS args for Snowflake (snowflake#40059) This week: - more hiring and s28 meetings - censorship measurement tests and tools - help the browser team with tor's autoconnect feature - reviews - rdsys!11 - snowflake!52 followup - snowflake#25595 followup - follow up on OONI tor tests - lots of miscellaneous gitlab TODOs Needs help with: arlolra: 2021-08-12 Last week: - Migrate to v3 of the webextension manifest Next week: - Maybe get back to snowflake-webext #10 - Write up the pitch for our use case for supporting creating PeerConnections in background service workers https://github.com/w3c/webrtc-extensions/issues/77 Help with: - dcf: 2021-08-19 Last week: - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… - posted a summary of the Turkmenistan situation https://ntc.party/t/recent-drop-in-tor-users-from-turkmenistan-testers-want… https://gitlab.torproject.org/tpo/community/support/-/issues/40030 Next week: Help with: agix:2021-07-15 Last week: -Off due to final exams Next week: -Work on bridgebox for rdsys -More research on httpt #4 Help with: - maxb: 2021-07-15 Last week: - Opened https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… re: utls for broker negotiation - Worked on github.com/max-b/nat-testing for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Added a snowflake-proxy-no-nat and a snowflake-client-no-nat to help with debugging - Successfully making connections from snowflake-client and snoflake-client-no-nat through the snowflake-proxy-no-nat, but not having any success with the snowflake-proxy (with nat). - Added a local dockerized STUN server Next week: - Use wireshark to figure out the difference between successful snowflake-proxy-no-nat and unsuccessful snowflake-proxy-nat - Work on implementing different NAT types, particularly in a way that's conducive to automatic testing - Add testing wrapper w/ "pass/fail" conditions meskio: 2021-08-19 Last week: - catch up after 3 weeks AFK (still in process) - debug bridgestrap CollecTor metrics and why are not produced (bridgestrap#22) - review bridgestrap fix to test only uncached bridges (bridgestrap!11) - review bridgedb parse X-Forwarded-For header properly (bridgedb!21) - review snowflake SOCKS arguments (snowflake!53) Next week: - make bridgestrap CollecTor metrics resistant to restarts (bridgestrap#22) - change bridgedb to send obfs4 bridges by default over email (bridgedb#50) - gettor in rdsys architecture documentation (rdsys#44) - make a proposal for duplicated tests in bridgestrap CollecTor metrics (bridgestrap#23) Help with: -

1 0

metrics-lib 2.19.0 released
by Silvia/Hiro 17 Aug '21

17 Aug '21

Hi, I have released metrics-lib 2.19.0. metrics-lib, which also goes by the name DescripTor, is a Java API that fetches Tor descriptors from a variety of sources like cached descriptors and directory authorities/mirrors. The DescripTor API is useful to support statistical analysis of the Tor network data and for building services and applications. This release is the sum of over 9 years of development, with the latest changes: * Medium changes - Expose overload-general fields in ServerDescriptor. * Minor changes - Document ExtraInfoDescriptor classes - Refactor javadoc to remove some style warnings You can find the release at: https://dist.torproject.org/metrics-lib/2.19.0/ You can find the sources at: https://gitlab.torproject.org/tpo/metrics/library/-/tree/metrics-lib-2.19.0 Thanks, -hiro

1 0

CollecTor 1.18.1 released
by Iain R. Learmonth 13 Aug '21

13 Aug '21

Hi, I have released CollecTor 1.18.1. CollecTor fetches data from various nodes and services in the public Tor network and makes it available to the world. The latest changes: * Minor changes - Extract published timestamp for bridgestrap results in the indexer task. You can find the release at: https://dist.torproject.org/collector/1.18.1/ You can find the sources at: https://gitlab.torproject.org/tpo/metrics/collector/-/tree/collector-1.18.1/ Thanks, Iain.

1 0

Anti-censorship meeting notes, 2021 August 12
by Cecylia Bocovich 12 Aug '21

12 Aug '21

Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-08-12-16.00.html and our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday August 12th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Announcements == Job opening on the anti-censorship team: https://www.torproject.org/about/jobs/software-developer-anticensorship-2/ \o/ == Discussion == v3 of the webext manifest doesn't support creating peerconnections in the background https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://github.com/w3c/webrtc-extensions/issues/77 we will present our need to https://bugs.chromium.org/p/chromium/issues/detail?id=1207214 to encourage them to permit WebRTC in service workers Testing Tor in TM: https://gitlab.torproject.org/tpo/community/support/-/issues/40030 relay users dropped off in the latter half of July 2021 https://metrics.torproject.org/userstats-relay-country.html?start=2021-05-1… ggus found a volunteer to help with testing. obfs4, meek-azure, and snowflake did not work; a private obfs4 bridge worked. http://emma.mhgb.net/ was not reachable, so ggus set up a mirror at http://emma.gus.computer/ hackerncoder is combining all the gettor scripts while doing so, it will be helpful to also start using 1 archive.org item or collection per release https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/32#note_27… == Actions == == Interesting links == USENIX Security 2021 papers https://www.usenix.org/conference/usenixsecurity21/technical-sessions "Domain Shadowing: Leveraging Content Delivery Networks for Robust Blocking-Resistant Communications" https://www.usenix.org/conference/usenixsecurity21/presentation/wei "How Great is the Great Firewall? Measuring China's DNS Censorship" https://www.usenix.org/conference/usenixsecurity21/presentation/hoang "Balboa: Bobbing and Weaving around Network Censorship" https://www.usenix.org/conference/usenixsecurity21/presentation/rosen "Weaponizing Middleboxes for TCP Reflected Amplification" https://www.usenix.org/conference/usenixsecurity21/presentation/bock "Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations" https://www.usenix.org/conference/usenixsecurity21/presentation/nasr == Reading group == We will discuss "" on Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2021-08-12 Last week: - hiring tasks - fix issue with bridgestrap metrics (bridgestrap#20) - visualized the result of our snowflake and obfs4 probe tests - s28 meetings and deliverables - discussions with OONI about OONI tor tests: - https://github.com/ooni/probe/issues/1730 - reviewed snowflake!52 - reviewed snowflake-webext!21 - debugged issue with snowflake#25595 - fixed bridgestrap restart by moving from cron to systemd timers - worked on BridgeDB X-Forwarded-For parsing for Moat (bridgedb#40027) - deployed snowflake#48 This week: - more hiring and s28 meetings - help the browser team with tor's autoconnect feature - reviews - rdsys!11 - follow up on OONI tor tests - bridgedb web page overhaul (bridgedb#34322) Needs help with: arlolra: 2021-08-12 Last week: - Migrate to v3 of the webextension manifest Next week: - Maybe get back to snowflake-webext #10 - Write up the pitch for our use case for supporting creating PeerConnections in background service workers https://github.com/w3c/webrtc-extensions/issues/77 Help with: - dcf: 2021-08-12 Last week: - approved snowflake buffer size increase https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - merged Snowflake AMP cache feature following review https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: Help with: maxb: 2021-07-15 Last week: - Opened https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… re: utls for broker negotiation - Worked on github.com/max-b/nat-testing for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Added a snowflake-proxy-no-nat and a snowflake-client-no-nat to help with debugging - Successfully making connections from snowflake-client and snoflake-client-no-nat through the snowflake-proxy-no-nat, but not having any success with the snowflake-proxy (with nat). - Added a local dockerized STUN server Next week: - Use wireshark to figure out the difference between successful snowflake-proxy-no-nat and unsuccessful snowflake-proxy-nat - Work on implementing different NAT types, particularly in a way that's conducive to automatic testing - Add testing wrapper w/ "pass/fail" conditions meskio: 2021-07-22 Last week: - submit the "final" gettor rdsys integration (rdsys!11 rdsys#32) - report number of clients on the snowflake webextension (snowflake-webext!19) - Wait pollInterval in snowflake between proxy offers (snowflake#40055 snowflake!51) - link anti-censorship doc from the TPA wiki (team#4) - review snowflake README clean ups (snowflake!49) - looking up at issues with bridgestrap tests and CollecTor (bridgestrap#20) - fixes in mutex usage in bridgestrap collector metrics (bridgestrap!10) Next week: - AFK for the next 3 weeks Help with: -

1 0

Test the Tor Forum Structure
by UX Team 12 Aug '21

12 Aug '21

Hi there, We're currently building a Discourse forum for the Tor Community. This is a call for participation to help us test and iterate on the proposed structure of our new Tor Forum. The methodology for this study is called 'tree testing', and it will help us to understand the usability of our structure and labels. You will be asked to solve 7 tasks, and this should take around 10 minutes. Before the tasks themselves you will be asked some demographics questions. All responses are anonimized. Please participate in this research in your own pace. We'd love your feedback! * link to the test: https://survey.torproject.org/index.php/786927 <https://survey.torproject.org/index.php/786927> * or visit the onion version: http://eh5esdnd6fkbkapfc6nuyvkjgbtnzq2is72lmpwbdbxepd2z7zbgzsqd.onion/index… <http://eh5esdnd6fkbkapfc6nuyvkjgbtnzq2is72lmpwbdbxepd2z7zbgzsqd.onion/index…> This test will be open for one week, starting today. Thanks for helping, UX Team The Tor Project -- UX Team The Tor Project

1 0

CollecTor 1.18.0 released
by Iain R. Learmonth 11 Aug '21

11 Aug '21

Hi, I have released CollecTor 1.18.0. CollecTor fetches data from various nodes and services in the public Tor network and makes it available to the world. The latest changes: Medium changes * Medium changes - Keep overload-* lines unmodified in sanitised bridge descriptors. - Introduces a new module to archive bridgestrap results. - Update metrics-lib to 2.18.0. You can find the release at: https://dist.torproject.org/collector/1.18.0/ You can find the sources at: https://gitlab.torproject.org/tpo/metrics/collector/-/tree/collector-1.18.0/ Thanks, Iain.

1 0

Network health meetings suspended until August 9th 2021
by Gaba 09 Aug '21

09 Aug '21

Hi! The network health meetings [0] that usually happen on Mondays in irc will be suspended until August 9th. If you have anything related to discuss please send a mail to the network-health mailing list. [1] cheers, gaba [0] http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/tor… [1] https://lists.torproject.org/cgi-bin/mailman/listinfo/network-health -- pronouns she/her/they GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

2 1

Monthly status report for irl
by Iain R. Learmonth 06 Aug '21

06 Aug '21

Hi All, This is my monthly status report for work complete during July 2021 (except the week that I was on vacation). This month saw the release of metrics-lib 2.18.0. I worked on adding bridgestrap test results into metrics-lib with a view to switching Onionoo's bridge "up/down indicator" to using bridgestrap rather than ORPort testing conducted by the bridge authority. I also reviewed/merged/tested other contibutions in this release. I have a working implementation of the CollecTor portion of the bridgestrap work, my local development branch can happily archive stats from bridgestrap, although some final remaining issues in bridgestrap itself mean that the deployment has been delayed. In August I plan to release and deploy this new CollecTor module and also complete the changes to Onionoo. Finally, I have been around in Matrix/IRC to answer Metrics questions and on occasion to provide a little end-user support in #tor. The weekly network health meetings have been suspended, but if you've got any questions about anything I'm working on, just send me an email or chat on Matrix/IRC. Thanks, Iain.

1 0