Hey everyone!
Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-03-16-15.57.html
And our meeting pad:
Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------
Anti-censorship --------------------------------
Next meeting: Thursday, March 23 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?sc... * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad
== Announcements == Sponsor 28 ended
== Discussion ==
* Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... <- please read the updated comment before meeting, it is huge * snowflake-server buffer reuse bug postmortem * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... * The harm to users was minor, but incidents like this are a good opportunity to reflect on our process, to make similar things less likely in the future. * The bug (#40199) might have been caught, but was not, at multiple points: * Code understanding and review by the initial committer * Code review on the merge request * Automated tests / CI * End user reports or logs * Logs or instrumentation at the bridge * Which of these processes, if any, should we change, to decrease the chance of mistakes? * The good news: undoing the faulty commit has actually greatly increased performance: it is likely the memory corruption was causing frequenct retransmission at the KCP layer and/or frequently terminating Tor streams due to failed integrity checks. It is possible that the negative effects only started to show with a higher number of users. * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... * Brainstorming during the meeting: * Initial merge request should have included a test to prove the assumption that buffers were not reused. The reviewer might have requested that such a test be added. * Any such anomalies, if detected at the client, should be logged in such a way that they show up in the tor log. * dcf's private branch that logs KCP's internal error counters: https://gitlab.torproject.org/dcf/snowflake/-/commit/9f43843b59b9753686be836... https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... * The fix this week made the "KCPInErrors" counter go to zero: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... * We should log whenever KCPInErrors is non-zero, at least. * We are missing integration testing as part of CI. We have unit testing, but nothing where all the pieces are working together as in production. * shelikhoo's setup for distributed snowflake server testing https://github.com/xiaokangwang/snowflake-mu-docker/blob/master/docker-compo... * Should we have another more verbose level of log (debug/trace) so that it takes less effort to debug things in general? (no need to modify code then rebuilt like hazae41 did it https://hackerone.com/reports/1880610) * Docker Registry is removing obfs4, snowflake image: https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/89#note_2886686 * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/121
== Actions ==
* move the ampcache snowflake fallback forward
== Interesting links ==
* https://network.lantern.io/ * https://addons.mozilla.org/en-US/firefox/addon/lantern-network/
== Reading group ==
* We will discuss "" on * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up?
== Updates ==
Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with.
cecylia (cohosh): last updated 2023-03-02 Last week: - Lox tor browser integration work in progress - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/116 - Finished getting the wasm client integrated as a Tor Browser module This week: - continue Lox tor browser integration - find a better way to generate and call wasm client in tor-browser-build - make team repos for Lox pieces - expand client-side support for more Lox features - continue work on conjure client-side recovery Needs help with:
dcf: 2023-03-16 Last week: - helped debug snowflake-server buffer reuse bug, deployed the fix, and wrote an advisory https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... https://forum.torproject.net/t/security-advisory-cross-user-tls-traffic-mixi... - posted hints on updating OONI's list of STUN servers https://github.com/ooni/probe/issues/2417#issuecomment-1468478811 Next week: - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_2823... (for real) Help with:
meskio: 2023-03-16 Last week: - rdsys fixes to use onbasca (rdsys#153) Now onbasca ratio is being used by rdsys - Test if bridges without ORPort reachable are included in the bridge descriptor (rdsys#154) They don't! - deploy rdsys with support to TB pt_config.json (rdsys#146) - remove UAE from circumvention settings (team#106) - add authentication to rdsys resource registration (rdsys#156) - deal with the dockerhub closing of our account (team#112) Next week: - rdsys webtunnel support (rdsys#142)
Shelikhoo: 2023-03-16 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/httpt... - Upstreaming Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...) - Fix return nil error on unrecognized request http upgrade failure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtu...) - consider propagating 2FA everywhere, maybe, at the April Tor Meeting (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138) - Resynchronization with Upsteamed Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...) - Comment on OnionShare Rebrand - Comment on S96 User Research Risk Assessment - Comment on Analysis of speed deficiency of Snowflake in China, 2023 Q1(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...) - Comment on enable Gitlab Container Registry( https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/89#note_2886693) - Add utls-imitate, utls-nosni doc to README (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...) - Review Assign an accepted bandwidth ratio to TBLinks(https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/78#...) - Review Proxy: add an option to bind to a specific address (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...) Next Week: - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - Resynchronization with Upsteamed Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...) - consider propagating 2FA everywhere, maybe, at the April Tor Meeting (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138) - logcollector alter system - webtunnel document for proxy opertaor
onyinyang: 2023-03-16 Last week: - Working on distributor backend for Lox server (integration with rdsys) https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-distributor/-/issu...
- Continuing work on Lox server integration with rdsys - Reconfigure Lox Bridgeline to fit with Tor's bridge info - Figure out the proper multithreading in Rust to add bridges to Lox's bridgedb
This week: - Finish up Lox server integration with rdsys - Add more helpful comments/error handling and graceful shutdown - Improve client side handling of BridgeLines? - Discuss next steps with cohosh
Itchy Onion: 2023-03-16 Last week: - Closed issue #40252 (NAT probetest for standalone proxy) - Working on #40231 (Client sometimes send offer with no ICE candidates).
This week: - MR and Closed #40252 (NAT probetest for standalone proxy) - Almost done with #40231 -- just need to add some test cases - Worked on #40265 (mac user reporting standalone proxy complaning about broker cert)
hackerncoder: 2023-03-09 last week: Next week: - getting ooni-exporter to work with torsf (snowflake) - ooni-exporter web_connectivity - work on "bridgetester"? - how does Iran block bridges
cece: 2022-12-22 This week: - working on creating a dummy WhatsApp bot Next week: - My bot is not yet working as expected s? still trying to figure that out Help with: - resources