Hi everyone,
Here's what the anti-censorship team has been up to in November:
Snowflake =========
* Moved to using the gorilla/websocket library instead of an outdated custom library for connections between the proxies and the bridge: https://bugs.torproject.org/31028
* Expanded the coverage of Snowflake unit tests: https://bugs.torproject.org/30867 https://bugs.torproject.org/29259
* Updated the way proxies interact with the broker and began to collect and report metrics about how many proxies we have of each type (e.g., web extensions, badges, standalone instances): https://bugs.torproject.org/29207 https://bugs.torproject.org/31157
* Started more rigorously measuring Snowflake's network health: https://bugs.torproject.org/32545
* Fixed a race condition in the Snowflake broker that was causing crashes: https://bugs.torproject.org/32576
* Updated webextension and Snowflake badge deployments with new translations.
GetTor ======
* Started working on a GetTor survivial guide: https://dip.torproject.org/torproject/anti-censorship/gettor-project/gettor/wikis/home
* Worked on using the GitHub REST API for uploading Tor Browser binaries: https://bugs.torproject.org/32480
BridgeDB ========
* We significantly improved bridgestrap, our REST service that takes as input a bridge line, tests the given bridge, and then returns the test result: https://bugs.torproject.org/31874
The idea is that BridgeDB uses bridgestrap to learn if the bridges it knows about actually work. Broken bridges are not handed out to users, which will improve user experience.
Outreach ========
* Several Tor developers attended the OTF Summit in Taipei. We had numerous helpful conversations about circumvention, obfs4, and censorship analysis.
- Roger had a session on Tor, with an emphasis on how Tor Browser can circumvent censorship.
- Philipp talked to a few people who may be able to distribute private obfs4 bridges to users who need them.
- Philipp and Arturo had a chat about how BridgeDB and OONI should work together in the future: BridgeDB will provide OONI with bridges it wants measured, and OONI returns test results, which BridgeDB should take into account when handing out bridges. For example, if a bridge is blocked in Turkey, BridgeDB should no longer hand it out to users in Turkey.
Bridges =======
* Added a new default bridge at Georgetown University to Tor Browser: https://bugs.torproject.org/32606
* We're working on getting another default bridge at the University of Minnesota added to Tor Browser: https://bugs.torproject.org/32547
* We made our obfs4 docker image more usable. The image now uses a docker volume to persist tor's data directory, which makes it possible to keep your bridge identity when upgrading to a new docker image. We also added a new script, get-bridge-line, which conveniently gives you your bridge's bridge line. Take a look at our new installation instructions to learn more: https://community.torproject.org/relay/setup/bridge/docker/ https://bugs.torproject.org/31834
Thanks to thymbahutymba for providing us with plenty of helpful feedback!
* We sent two private obfs4 bridges to somebody who further distributed them to people in China. According to some initial feedback, the bridges work well for the recipients.
Miscellaneous =============
* Overhauled the DNS recommendations for exit relay operators: https://community.torproject.org/relay/setup/exit/#dns-on-exit-relays
* We tried to understand the Internet shutdown in Iran and look for circumvention opportunities. In fact, the incident was not a total shutdown. Some data centers in Iran still had connectivity, so it was possible to use VPS systems in these data centers as proxies.
Besides, The DNS resolvers of many ISPs in Iran still allowed requests for domains outside of Iran. That is, people could still resolve, say, foo.com and get its correct IP address. As a result, DNS tunneling was possible. We should invest in a DNS-based pluggable transport. Even if it may not have been very useful in this particular situation (throughput would have been excruciatingly low), it will certainly come in handy again in the future.
Take a look at OONI's blog post on the shutdown: https://ooni.org/post/2019-iran-internet-blackout/
* More grant writing and planning towards a "transition to practice" research grant.