Hi everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-09-02-16.00.html
and our meeting pad:
Anti-censorship work meeting pad --------------------------------
Next meeting: Thursday September 2nd 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor.
== Announcements ==
Job opening on the anti-censorship team: https://www.torproject.org/about/jobs/software-developer-anticensorship-2/ \o/
== Discussion ==
- CPU use in proxies and bridge
- https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
- bridge is sitting at about 200% CPU: about 30% tor, 170% snowflake-server
- might be worth doing one round of profiling?
- how to profile the bridge? in production or separately?
- can use snowbox as a simulation
- proxies can control CPU use with -capacity option
- Reading group?
- we'll read "BlindTLS" https://dl.acm.org/doi/10.1145/3473604.3474564
- DocsHackathon:
- Add a new support item about using Tor in China: https://gitlab.torproject.org/tpo/web/support/-/issues/210
- Merging support.torproject.org/gettor into support.torproject.org/censorship
- TM censorship update
- do any of our gettor endpoints work in Turkmenistan?
- archive.org seems to be ok for DNS, HTTP, and HTTPS
== Actions ==
Update the monthly report for July + August: https://pad.riseup.net/p/l7d6oBd40EQa3u7cFxIk
== Interesting links ==
https://ntc.party/t/an-open-encyclopedia-of-internet-censorship-persian/1223
ACM FOCI 2021 papers https://dl.acm.org/doi/proceedings/10.1145/3473604
"Even Censors Have a Backup: Examining China's Double HTTPS Censorship Middleboxes" https://dl.acm.org/doi/10.1145/3473604.3474559
"Measuring QQMail's automated email censorship in China" https://dl.acm.org/doi/10.1145/3473604.3474560
"A multi-perspective view of Internet censorship in Myanmar" https://dl.acm.org/doi/10.1145/3473604.3474562
"Exploring Simple Detection Techniques for DNS-over-HTTPS Tunnels" https://dl.acm.org/doi/10.1145/3473604.3474563
"BlindTLS: Circumventing TLS-based HTTPS censorship" https://dl.acm.org/doi/10.1145/3473604.3474564
USENIX Security 2021 papers https://www.usenix.org/conference/usenixsecurity21/technical-sessions
"Domain Shadowing: Leveraging Content Delivery Networks for Robust Blocking-Resistant Communications" https://www.usenix.org/conference/usenixsecurity21/presentation/wei
"How Great is the Great Firewall? Measuring China's DNS Censorship" https://www.usenix.org/conference/usenixsecurity21/presentation/hoang
"Balboa: Bobbing and Weaving around Network Censorship" https://www.usenix.org/conference/usenixsecurity21/presentation/rosen
"Weaponizing Middleboxes for TCP Reflected Amplification" https://www.usenix.org/conference/usenixsecurity21/presentation/bock
"Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations" https://www.usenix.org/conference/usenixsecurity21/presentation/nasr
== Reading group ==
We will discuss "BlindTLS: Circumventing TLS-based HTTPS censorship" on 2021-09-23
https://dl.acm.org/doi/10.1145/3473604.3474564
Questions to ask and goals to have:
What aspects of the paper are questionable?
Are there immediate actions we can take based on this work?
Are there long-term actions we can take based on this work?
Is there future work that we want to call out, in hopes that others will pick it up?
== Updates ==
Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with:
- Something you need help with.
cecylia (cohosh): last updated 2021-09-02 Last week: - hiring tasks for ac team and network team - more s28 scrimmage work - got snowflake working in shadow
- https://github.com/shadow/shadow/pull/1601
- implemented parsing of networkstatus documents for rdsys (rdsys!14) - wrote a draft plug for implementing RTCPeerConnection for v3 manifests - reviewed GetTor implementation in rdsys (rdsys!11) - reviewed snowflake!52 - couple other small reviews This week: - snowflake package documentation and API changes (snowflake#40063) - more rdsys + BridgeDB deployment work - network simulations of Snowflake with shadow - censorship measurement tests and tools - lots of miscellaneous gitlab TODOs Needs help with:
- feedback on v3 plug: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
arlolra: 2021-08-12
Last week:
- Migrate to v3 of the webextension manifest
Next week:
- Maybe get back to snowflake-webext #10
- Write up the pitch for our use case for supporting creating PeerConnections in background service workers https://github.com/w3c/webrtc-extensions/issues/77
Help with:
-
dcf: 2021-09-02
Last week (since 2021-08-19):
- helped review snowflake-client SOCKS args https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
- more investigation of blocking in Turkmenistan https://gitlab.torproject.org/tpo/community/support/-/issues/40030#note_2748...
- helped analyze go mod issue with goptlib https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
- attended pluggable transports meetup https://internetfreedomfestival.org/wiki/index.php/September_2_2021_GM
Next week:
- fix meek-client test errors https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek/...
- identify cause and fix for the goptlib go.mod issue https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
- reply to Alexander Mages re SCTP pluggable transport https://lists.torproject.org/pipermail/anti-censorship-team/2021-August/0001...
Help with:
agix:2021-07-15
Last week:
-Off due to final exams
Next week:
-Work on bridgebox for rdsys
-More research on httpt #4
Help with:
-
hanneloresx: 2021-3-4
Last week:
- Submitted MR for bridgestrap issue #14
Next week:
- Finish bridgestrap #14
- Find new issue to work on
Help with:
-
maxb: 2021-07-15
Last week:
- Opened https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... re: utls for broker negotiation
- Worked on github.com/max-b/nat-testing for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
- Added a snowflake-proxy-no-nat and a snowflake-client-no-nat to help with debugging
- Successfully making connections from snowflake-client and snoflake-client-no-nat through the snowflake-proxy-no-nat, but not having any success with the snowflake-proxy (with nat).
- Added a local dockerized STUN server
Next week:
- Use wireshark to figure out the difference between successful snowflake-proxy-no-nat and unsuccessful snowflake-proxy-nat
- Work on implementing different NAT types, particularly in a way that's conducive to automatic testing
- Add testing wrapper w/ "pass/fail" conditions
meskio: 2021-09-02
Last week:
- work on the moat Censorsip snapshot (bridgedb#40025)
- merge gettor implemenation (rdsys!11)
- update snowflake debian package (snowflake#19409)
- write gettor documentation (rdsys#44)
- test fixes into snowflake (snowflake!55)
- run rdsys tests in the CI (rdsys#58)
- review networkstatus parser (rdsys!14)
- review rearquitecture to smaller docker image for snowflake-proxy (docker-snowflake-proxy!1)
- review and merge gettor updater script (gettor!17)
- review snowflake Check error for calls to preparePeerConnection (snowflake!54)
- review and merge obfs4 docker build for multiple archs (docker-obfs4-bridge!4)
Next week:
- implement censorship snapsot available on moat (bridgedb#40025)
- add more providers to gettor (rdsys#43)
- get the snowflake debian package reviewed by a DD (snowflake#19409)
Help with:
-