Hey everyone!
Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-05-18-15.58.html
And our meeting pad:
Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------
Anti-censorship --------------------------------
Next meeting: Thursday, May 25 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?sc... * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad
== Announcements ==
== Discussion ==
* Reported blocking of Snowflake in China since 2023-05-12 * https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... * https://github.com/net4people/bbs/issues/249 * https://forum.torproject.net/t/snowflake-bridge-does-not-work-in-china-since... * May have something to do with double rendezvous caused by having 2 bridge lines * "two or more TLS connections with the same SNI within a short time to a Fastly IP address" * got similar reports from two users * for one user the blocking threshold was 2 (https://github.com/net4people/bbs/issues/249#issuecomment-1547034480), for the other the threshold was 3 (https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu...) * Seems to have stopped since 2023-05-15 * List of mitigations at https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... * first step, if it happens again, is to specify just 1 bridge in Connection Assist for China * use snowflake-02 as it is currently more lightly loaded * Web browsers also make 2 or more near-simultaneous connections, maybe they were getting overblocked and that's why it stopped? * https://kb.mozillazine.org/Network.http.max-connections-per-server * Setting MaxConnsPerHost=1 in snowflake-client still does a double rendezvous, but to 2 *different* Fastly IP addresses rather than the some one twice. * https://gitlab.torproject.org/tpo/core/tor/-/issues/40578 was for two bridges already, so would not directly fix this case * "we could set numentryguards 1 for snowflake users i guess, but i think we want two" * Update on Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... * after a lot of research the proposed solution is to enable datagram transport on webrtc to deal with the packet loss situation * that will convert webrtc into an unreliable channel, and snowflake will add reliablity with kcp * (Proposal under discussion, discuss on irc meeting next week) * Research about designing an armored bridge line sharing URL format * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126 * Regarding bridge churn for Lox (https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/wikis/L...) * past research and source code on relay (not bridge) churn: * https://metrics.torproject.org/networkchurn.html * https://nymity.ch/sybilhunting/churn-values/ * https://www.cs.kau.se/philwint/spoiled_onions/ * https://nymity.ch/papers/pdf/winter2014a.pdf#page=22
== Actions == *
== Interesting links ==
* Unofficial(?) Snowflake extension for Safari in Apple App Store? * https://apps.apple.com/us/app/torproject-snowflake/id1597501940 * Previously noted at https://lists.torproject.org/pipermail/anti-censorship-team/2022-February/00...
== Reading group ==
* We will discuss "Lox: Protecting the Social Graph in Bridge Distribution" on 2023 May 18 * https://cypherpunks.ca/~iang/pubs/lox-popets23.pdf * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up?
== Updates ==
Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with.
cecylia (cohosh): last updated 2023-05-18 Last week: - away - foci stuff - reviewed some Lox MRs - wrote up a Lox roadmap from meeting - https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/wikis/L... This week: - open issue about archiving snowflake prometheus metrics - lox-wasm tor browser builds Needs help with:
dcf: 2023-05-18 Last week: - did analysis of blocking of the snowflake broker front domain in China https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... - commented on shelikhoo's proposal for a new snowflake client–proxy protocol based on unreliable data channels https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... Next week: - upgrade tor on snowflake-01 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - open issue to disable /debug endpoint on snowflake broker Help with:
meskio: 2023-05-18 Last week: - catching up after vacation - review rdsys metrics for flickering bridges (rdsys!122) Next week: - finish webtunnel rdsys support
Shelikhoo: 2023-05-18 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/httpt... - Research about designing an armored bridge line sharing URL format (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126) - Snowflake Performance Analysis (Ongoing, https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...) - Trying to fix vantage point(Ongoing) - logcollector alert system(https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/l...) Next Week/TODO: - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - logcollector alert system - webtunnel document for proxy operator - Snowflake Performance Analysis
onyinyang: 2023-05-11 Last week: - Finished up the Lox library changes to replace gone bridges with new bridges - Added tests and changes to Lox distributor to support this - Refactored lox-distributor for readability This week: - Adding tests for both Lox library and Lox distributor - Refactoring rdsys metrics changes to prevent risk of testing in deployment - https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/122 - Looking into a more reasonable way of storing Lox library data structures: - https://gitlab.torproject.org/onyinyang/lox/-/issues/2 - https://gitlab.torproject.org/onyinyang/lox/-/issues/3 (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice. Question: What makes a bridge useable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by pt, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Needs Help with: - figuring out whether or not the metrics I added to rdsys actually collect what we want them to. I can run prometheus locally, but am unsure how to match this with a realistic onbasca test that can actually show whether the metrics are useful/correct. Is there a known way to do such tests other than deploy and find out? Update: Not yet! but we are going to work on staging for this soon
Itchy Onion: 2023-05-11 Last week: - Continue investigating offline bridges (team#112) - Discovered bridgestrap#37 (cache gives wrong status of bridge sometimes) - Start working on rdsys#56 (persistent storage for certain bridge arributes) This week: - Continue working on rdsys#56 (https://gitlab.torproject.org/itchyonion/rdsys/-/tree/use-embedded-db?ref_ty...)
hackerncoder: 2023-04-20 last week: - (py-)ooni-exporter torsf (snowflake) - (py-)ooni-exporter web_connectivity Next week: - work on "bridgetester"? - how does Iran block bridges?