Hi everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-09-02-16.00.html and our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday September 2nd 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Announcements == Job opening on the anti-censorship team: https://www.torproject.org/about/jobs/software-developer-anticensorship-2/ \o/ == Discussion == - CPU use in proxies and bridge - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - bridge is sitting at about 200% CPU: about 30% tor, 170% snowflake-server - might be worth doing one round of profiling? - how to profile the bridge? in production or separately? - can use snowbox as a simulation - proxies can control CPU use with -capacity option - Reading group? - we'll read "BlindTLS" https://dl.acm.org/doi/10.1145/3473604.3474564 - DocsHackathon: - Add a new support item about using Tor in China: https://gitlab.torproject.org/tpo/web/support/-/issues/210 - Merging support.torproject.org/gettor into support.torproject.org/censorship - TM censorship update - do any of our gettor endpoints work in Turkmenistan? - archive.org seems to be ok for DNS, HTTP, and HTTPS == Actions == Update the monthly report for July + August: https://pad.riseup.net/p/l7d6oBd40EQa3u7cFxIk == Interesting links == https://ntc.party/t/an-open-encyclopedia-of-internet-censorship-persian/1223 ACM FOCI 2021 papers https://dl.acm.org/doi/proceedings/10.1145/3473604 "Even Censors Have a Backup: Examining China's Double HTTPS Censorship Middleboxes" https://dl.acm.org/doi/10.1145/3473604.3474559 "Measuring QQMail's automated email censorship in China" https://dl.acm.org/doi/10.1145/3473604.3474560 "A multi-perspective view of Internet censorship in Myanmar" https://dl.acm.org/doi/10.1145/3473604.3474562 "Exploring Simple Detection Techniques for DNS-over-HTTPS Tunnels" https://dl.acm.org/doi/10.1145/3473604.3474563 "BlindTLS: Circumventing TLS-based HTTPS censorship" https://dl.acm.org/doi/10.1145/3473604.3474564 USENIX Security 2021 papers https://www.usenix.org/conference/usenixsecurity21/technical-sessions "Domain Shadowing: Leveraging Content Delivery Networks for Robust Blocking-Resistant Communications" https://www.usenix.org/conference/usenixsecurity21/presentation/wei "How Great is the Great Firewall? Measuring China's DNS Censorship" https://www.usenix.org/conference/usenixsecurity21/presentation/hoang "Balboa: Bobbing and Weaving around Network Censorship" https://www.usenix.org/conference/usenixsecurity21/presentation/rosen "Weaponizing Middleboxes for TCP Reflected Amplification" https://www.usenix.org/conference/usenixsecurity21/presentation/bock "Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations" https://www.usenix.org/conference/usenixsecurity21/presentation/nasr == Reading group == We will discuss "BlindTLS: Circumventing TLS-based HTTPS censorship" on 2021-09-23 https://dl.acm.org/doi/10.1145/3473604.3474564 Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2021-09-02 Last week: - hiring tasks for ac team and network team - more s28 scrimmage work - got snowflake working in shadow - https://github.com/shadow/shadow/pull/1601 - implemented parsing of networkstatus documents for rdsys (rdsys!14) - wrote a draft plug for implementing RTCPeerConnection for v3 manifests - reviewed GetTor implementation in rdsys (rdsys!11) - reviewed snowflake!52 - couple other small reviews This week: - snowflake package documentation and API changes (snowflake#40063) - more rdsys + BridgeDB deployment work - network simulations of Snowflake with shadow - censorship measurement tests and tools - lots of miscellaneous gitlab TODOs Needs help with: - feedback on v3 plug: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... arlolra: 2021-08-12 Last week: - Migrate to v3 of the webextension manifest Next week: - Maybe get back to snowflake-webext #10 - Write up the pitch for our use case for supporting creating PeerConnections in background service workers https://github.com/w3c/webrtc-extensions/issues/77 Help with: - dcf: 2021-09-02 Last week (since 2021-08-19): - helped review snowflake-client SOCKS args https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - more investigation of blocking in Turkmenistan https://gitlab.torproject.org/tpo/community/support/-/issues/40030#note_2748... - helped analyze go mod issue with goptlib https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - attended pluggable transports meetup https://internetfreedomfestival.org/wiki/index.php/September_2_2021_GM Next week: - fix meek-client test errors https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek/... - identify cause and fix for the goptlib go.mod issue https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - reply to Alexander Mages re SCTP pluggable transport https://lists.torproject.org/pipermail/anti-censorship-team/2021-August/0001... Help with: agix:2021-07-15 Last week: -Off due to final exams Next week: -Work on bridgebox for rdsys -More research on httpt #4 Help with: - hanneloresx: 2021-3-4 Last week: - Submitted MR for bridgestrap issue #14 Next week: - Finish bridgestrap #14 - Find new issue to work on Help with: - maxb: 2021-07-15 Last week: - Opened https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... re: utls for broker negotiation - Worked on github.com/max-b/nat-testing for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - Added a snowflake-proxy-no-nat and a snowflake-client-no-nat to help with debugging - Successfully making connections from snowflake-client and snoflake-client-no-nat through the snowflake-proxy-no-nat, but not having any success with the snowflake-proxy (with nat). - Added a local dockerized STUN server Next week: - Use wireshark to figure out the difference between successful snowflake-proxy-no-nat and unsuccessful snowflake-proxy-nat - Work on implementing different NAT types, particularly in a way that's conducive to automatic testing - Add testing wrapper w/ "pass/fail" conditions meskio: 2021-09-02 Last week: - work on the moat Censorsip snapshot (bridgedb#40025) - merge gettor implemenation (rdsys!11) - update snowflake debian package (snowflake#19409) - write gettor documentation (rdsys#44) - test fixes into snowflake (snowflake!55) - run rdsys tests in the CI (rdsys#58) - review networkstatus parser (rdsys!14) - review rearquitecture to smaller docker image for snowflake-proxy (docker-snowflake-proxy!1) - review and merge gettor updater script (gettor!17) - review snowflake Check error for calls to preparePeerConnection (snowflake!54) - review and merge obfs4 docker build for multiple archs (docker-obfs4-bridge!4) Next week: - implement censorship snapsot available on moat (bridgedb#40025) - add more providers to gettor (rdsys#43) - get the snowflake debian package reviewed by a DD (snowflake#19409) Help with: -