Hi everyone,
Here's what happened in circumvention land last month:
BridgeDB ========
* Released version 0.8.0. This release incorporates patches from the following tickets: - https://bugs.torproject.org/9316 BridgeDB now exports usage metrics. We're still working on getting these metrics published over Tor Metrics. - https://bugs.torproject.org/26542 Fixed broken bridge distribution for vanilla IPv6 bridges. - https://bugs.torproject.org/22755 Use stem instead of leekspin for integration tests. This doesn't affect users but simplifies the code base. - https://bugs.torproject.org/31252 Add an anti-bot mechanism.
* Fixed https://bugs.torproject.org/17626. BridgeDB gets confused when users reply to a "get help" email. The issue is that BridgeDB interprets commands anywhere in the email body, even if it's in quoted text. To fix this issue, we are ignoring commands whose email body line starts with a '>' character, which is typically used for email quotes.
* Made BridgeDB sync its assignments.log file to our metrics infrastructure again. This file contains the mapping from a bridge's fingerprint to its assigned distribution pool. Once we are archiving these files again, bridge operators can check in what pool their bridge is.
Snowflake =========
* Added a dark mode to the Snowflake proxy: https://bugs.torproject.org/31170
* More work went towards Snowflake's metrics. We updated the /metrics handler and the associated specification. - https://bugs.torproject.org/31376 - https://bugs.torproject.org/31493
* Implemented a fix for the "proxy ID reuse" vulnerability: https://bugs.torproject.org/31460 Thanks to serna for discovering this issue!
* Made some progress towards Snowflake's sequencing layer: https://bugs.torproject.org/29206
* Handled a vulnerability in Go's net/http module by re-compiling and re-deploying affected binaries: https://bugs.torproject.org/31454 https://bugs.torproject.org/31455 https://bugs.torproject.org/31456
* Fixed a bug that caused Firefox-based Snowflakes to not do their work: https://bugs.torproject.org/31100
Outreach ========
* Roger did a Defcon talk on the Tor censorship arms race to several thousand people, including a call-for-testers for obfs4proxy and Snowflake, and then spent the rest of the weekend answering Tor questions. We are now counting approximately 400 Snowflakes!
* We've started reaching out to contacts like professors to try to regrow the set of "default" bridges in Tor Browser, which are the bridges that users get when they don't specify their own bridge.
* We started our "set up obfs4 bridges" bridge campaign: https://blog.torproject.org/run-tor-bridges-defend-open-internet So far, we are counting 39 new bridges. Thanks to everybody who contributed!
* Started interaction with IETF MASQUE working group by proposing the idea of turning it into a pluggable transport: https://mailarchive.ietf.org/arch/msg/masque/Cxh1phx6vFgn19jyANmt2YwLDqQ
GetTor ======
* Updated outdated Tor Browser copies on GitHub and GitLab and improved automation to keep them updated in the future.
Pluggable transports ====================
* We went to the FOCI workshop, and among other things talked to the person working on using a GAN to modify timing for meek traffic. He's thinking about grad school, so we tried to connect him to all the usual profs so he can do this more in grad school.
* Made some progress towards a better obfs4 by improving the way it obfuscates its flow signature: https://bugs.torproject.org/30716. This is experimental work-in-progress.
* David published Turbo Tunnel, which provides a sequencing and reliability layer for pluggable transports: https://github.com/net4people/bbs/issues/9
Miscellaneous =============
* Improved and extended our obfs4 bridge setup guides: https://community.torproject.org/relay/setup/bridge/