Hey everyone!
Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-04-06-15.59.html
And our meeting pad:
Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------
Anti-censorship --------------------------------
Next meeting: Thursday, April 13 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?sc... * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad
== Announcements ==
== Discussion ==
* Update on Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... * after a lot of research the proposed solution is to enable datagram transport on webrtc to deal with the packet loss situation * that will convert webrtc into an unreliable channel, and snowflake will add reliablity with kcp * (NO update from shell @ Apr 6)
== Actions ==
== Interesting links ==
* https://opencollective.com/censorship-circumvention/projects/snowflake-daily...
== Reading group ==
* We will discuss "Lox: Protecting the Social Graph in Bridge Distribution" on 2023 May 18 * https://cypherpunks.ca/~iang/pubs/lox-popets23.pdf * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up?
== Updates ==
Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with.
cecylia (cohosh): last updated 2023-03-30 Last week: - enabled wasm target for rust in tor-browser-build - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40... - helped debug blocking of Snowflake in TM - https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... - discussed the problem of deciding whether a bridge is blocked or not - took a look at memory issues for the Snowflake proxy - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... This week: - Lox tor browser integration - fix conjure issues found by code audit Needs help with:
dcf: 2023-04-06 Last week: - wrote notes on WebRTC unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - made graphs of DTLS packet losses in China https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-cos... - revised snowflake-server listen error check fix and merged it https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - documented more cdn.sstatic.net anomalies in Iran in March 2023 https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/115#note_289... - wrote the March 2023 update for the snowflake-01 Open Collective https://opencollective.com/censorship-circumvention/projects/snowflake-daily... - wrote a sync.Pool performance optimization for snowflake QueuePacketConn and started bridge-side CPU and RAM measurements in advance of a test deployment https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - made a graph of snowflake users from Russia since the DTLS fingerprint fix (Hello Verify Request) in Tor Browser 12.0.3 (still awaiting an Orbot release) https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... Next week: - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_2823... (for real) - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - open issue to disable /debug endpoint on snowflake broker Help with:
meskio: 2023-04-06 Last week: - AFK time Next week: - webtunnel integration in rdsys
Shelikhoo: 2023-04-06 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/httpt... - Comment on S96 User Research Risk Assessment - Comment on various grant proposal - Write grant report - Fix Telegram Bridge Distributor responding with a blank message https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/158 - Work on TPA-RFC-53: consider propagating 2FA everywhere, maybe at the April Tor Meeting - X~X time was mostly spent on urgent task Next Week: - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - container image for webtunnel - consider propagating 2FA everywhere, maybe, at the April Tor Meeting (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138) - logcollector altert system - webtunnel document for proxy opertator
onyinyang: 2023-04-06 Last week: - Did a deep dive into rdsys to understand how it is handling `new`, `changed`, `gone` resources some results/discussion here: https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/issues/... - updated Lox library, rdsys-backend-api and lox distributor to handle new and changed resources in a way that is more aligned with rdsys' behaviour - added some preliminary documentation: https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/wikis/h... This week: - work on handling `gone resources` in a more appropriate way for Lox as outlined here: https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/issues/...
-If time: Start implementing a function in lox distributor/lox library to handle syncing of Lox bridgetable Needs help with: (medium term) Question 1: re: `gone` resources: under what circumstances should a `gone` bridge be replaced? - If a bridge is `gone` due to bandwidth issues or descriptors not being published, should they be replaced with working bridges in a Lox bucket ? Question 2: How easily can a censor manipulate the bridgepool/bridges to create a `gone` resource? - Does replacing bridges, especially at the untrusted user level, create an enumeration risk? My thought is that `gone` bridges should be replaced if they are determined to be unusable into the future (not just temporarily down) and the bucket risks becoming "unreachable" and requiring users to move to a new bucket. Maybe this should only be true for trusted users though?
(long term) - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice. Question: What makes a bridge useable for a given user and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrified to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?
Itchy Onion: 2023-03-22 Last week: - Closed #40252 (NAT probetest for standalone proxy) - Closed #40265 (mac user reporting standalone proxy complaning about broker cert) - Worked on #40231 (Client sometimes send offer with no ICE candidates) This week: - Tested and created a potential broker security issue (#40266) - Stil working on #40231 -- validate SDP contains candidate at the "/client" and "/answer" endpoints broke almsost all of the unit tests
hackerncoder: 2023-03-09 last week: Next week: - getting ooni-exporter to work with torsf (snowflake) - ooni-exporter web_connectivity - work on "bridgetester"? - how does Iran block bridges