Hey everyone!
Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-05-30-16.00.html
And our meeting pad:
Anti-censorship --------------------------------
Next meeting: Thursday, June 6 16:00 UTC Facilitator: shelikhoo ^^^(See Facilitator Queue at tail)
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress)
This week's Facilitator: meskio
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.
== Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?sc... * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_nam...
== Announcements ==
*
== Discussion ==
* Add nginx rate limiting to address "TTP-03-001 WP1: Snowflake broker vulnerability" * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... * It will be applied once we move the broker https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... * shelikhoo will apply the changes into the nginx of the new broker, it will take effect as soon as we migrate to it
* Is the broker migration ready to apply yet? https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... * dcf can change the VM memory configuration, then someone needs to contact TPA to ask them to change a DNS record * Example of asking for a DNS change: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40716 * Caveat: we will have to use the same Let's Encrypt account as the old broker, because of CAA records: * https://gitlab.torproject.org/tpo/tpa/team/-/issues/41462 * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... * https://gitlab.torproject.org/dcf/autocert-account-id
== Actions ==
== Interesting links ==
*
== Reading group == * We will discuss "Communication Breakdown: Modularizing Application Tunneling for Signaling Around Censorship" on May 30 * https://petsymposium.org/popets/2024/popets-2024-0027.php * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up?
== Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with.
cecylia (cohosh): 2024-05-30 Last week: - tor meeting - s152 final and monthly reports - commented on mv3 migration issue This week: - take a look at snowflake web and webext translations and best practices - get around to backlog of MR reviews - make changes to Lox encrypted bridge table - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/147 - follow up on reported SQS errors - update wasm-bindgen fork to fix some bugs and hopefully upstream changes Needs help with:
dcf: 2024-05-30 Last week: Next week: - review snowflake unreliable+unordered data channels rev2 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - open issue to disable /debug endpoint on snowflake broker - move snowflake-02 to new VM Help with: - tell me when to restart the brokers for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
meskio: 2023-05-30 Last week: - back from tormeeting and catching up - plan rdsys deployment to replace BridgeDB (tpa/team#41613) - look at onbasca issues failing to test bridges (onbasca#171) - map existing monit alerts into prometheus blackbox exporter (not pushed yet) Next week: - use safeprom in rdsys (rdsys#203) - add prometheus metrics to replace bridgedb metrics in rdsys (rdsys#188)
Shelikhoo: 2024-05-30 Last Week: - [Merge Request Waiting] Add Container Image Mirroring from Tor Gitlab to Docker Hub(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...) - [Merge Request Waiting] Snowflake Performance Improvement rev2 (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...) - Chrome Manifest V3 transition research - Vantage point maintaince - merge request processing - Merge request reviews Next Week/TODO: - Merge request reviews
onyinyang: 2023-05-30 Last week(s): - continued key rotation implementation - Fixed bug in blockage_migration protocol Next week: - Work on outstanding milestone issues: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/milestones/1#tab-iss... - prepare for end to end testing of the Lox system with browser integration Later: - begin implementing some preliminary user feedback mechanism to identify bridge blocking based on Vecna's work - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2023-05-16 Last weeks: - Pion dtls have merged my PR for hooking of client hellos, server hellos and certificate request (https://github.com/pion/dtls/pull/631). - Quick test with my mimicking library (https://github.com/theodorsm/covert-dtls) with snowflake: promising results - Writing for my thesis Next weeks: - Add hook to pion/webrtc so it can be used in snowflake. - Further test and validate mimicked client hello with snowflake. - Add randomized fingerprint - Writing my thesis - Might explore some stateful attacks/fingerprints Help with:
Facilitator Queue: shelikhoo onyinyang meskio 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue