Anti-censorship meeting notes, 2021 September 2 - tor-project

2 Sep 2021


      Hi everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-09-02-16.00.html
and our meeting pad:
Anti-censorship work meeting pad
--------------------------------
Next meeting: Thursday September 2nd 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly checkin about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at Tor.
== Announcements ==
Job opening on the anti-censorship team:
https://www.torproject.org/about/jobs/software-developer-anticensorship-2/
\o/
== Discussion ==
- CPU use in proxies and bridge
-
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
- bridge is sitting at about 200% CPU: about 30% tor, 170%
snowflake-server
- might be worth doing one round of profiling?
- how to profile the bridge? in production or separately?
- can use snowbox as a simulation
- proxies can control CPU use with -capacity option
- Reading group?
- we'll read "BlindTLS" https://dl.acm.org/doi/10.1145/3473604.3474564
- DocsHackathon:
- Add a new support item about using Tor in China:
https://gitlab.torproject.org/tpo/web/support/-/issues/210
- Merging support.torproject.org/gettor into
support.torproject.org/censorship
- TM censorship update
- do any of our gettor endpoints work in Turkmenistan?
- archive.org seems to be ok for DNS, HTTP, and HTTPS
== Actions ==
Update the monthly report for July + August:
https://pad.riseup.net/p/l7d6oBd40EQa3u7cFxIk
== Interesting links ==
https://ntc.party/t/an-open-encyclopedia-of-internet-censorship-persian/1223
ACM FOCI 2021 papers https://dl.acm.org/doi/proceedings/10.1145/3473604
"Even Censors Have a Backup: Examining China's Double HTTPS
Censorship Middleboxes" https://dl.acm.org/doi/10.1145/3473604.3474559
"Measuring QQMail's automated email censorship in China"
https://dl.acm.org/doi/10.1145/3473604.3474560
"A multi-perspective view of Internet censorship in Myanmar"
https://dl.acm.org/doi/10.1145/3473604.3474562
"Exploring Simple Detection Techniques for DNS-over-HTTPS Tunnels"
https://dl.acm.org/doi/10.1145/3473604.3474563
"BlindTLS: Circumventing TLS-based HTTPS censorship"
https://dl.acm.org/doi/10.1145/3473604.3474564
USENIX Security 2021 papers
https://www.usenix.org/conference/usenixsecurity21/technical-sessions
"Domain Shadowing: Leveraging Content Delivery Networks for Robust
Blocking-Resistant Communications"
https://www.usenix.org/conference/usenixsecurity21/presentation/wei
"How Great is the Great Firewall? Measuring China's DNS Censorship"
https://www.usenix.org/conference/usenixsecurity21/presentation/hoang
"Balboa: Bobbing and Weaving around Network Censorship"
https://www.usenix.org/conference/usenixsecurity21/presentation/rosen
"Weaponizing Middleboxes for TCP Reflected Amplification"
https://www.usenix.org/conference/usenixsecurity21/presentation/bock
"Defeating DNN-Based Traffic Analysis Systems in Real-Time With
Blind Adversarial Perturbations"
https://www.usenix.org/conference/usenixsecurity21/presentation/nasr
== Reading group ==
We will discuss "BlindTLS: Circumventing TLS-based HTTPS censorship"
on 2021-09-23
https://dl.acm.org/doi/10.1145/3473604.3474564
Questions to ask and goals to have:
What aspects of the paper are questionable?
Are there immediate actions we can take based on this work?
Are there long-term actions we can take based on this work?
Is there future work that we want to call out, in hopes that others
will pick it up?
== Updates ==
Name:
    This week:
        - What you worked on this week.
    Next week:
        - What you are planning to work on next week.
    Help with:
- Something you need help with.
cecylia (cohosh): last updated 2021-09-02
Last week:
    - hiring tasks for ac team and network team
    - more s28 scrimmage work
    - got snowflake working in shadow
- https://github.com/shadow/shadow/pull/1601
- implemented parsing of networkstatus documents for rdsys (rdsys!14)
    - wrote a draft plug for implementing RTCPeerConnection for v3 manifests
    - reviewed GetTor implementation in rdsys (rdsys!11)
    - reviewed snowflake!52
    - couple other small reviews
This week:
    - snowflake package documentation and API changes (snowflake#40063)
    - more rdsys + BridgeDB deployment work
    - network simulations of Snowflake with shadow
    - censorship measurement tests and tools
    - lots of miscellaneous gitlab TODOs
Needs help with:
- feedback on v3 plug:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
arlolra: 2021-08-12
Last week:
- Migrate to v3 of the webextension manifest
Next week:
- Maybe get back to snowflake-webext #10
- Write up the pitch for our use case for supporting creating
PeerConnections in background service workers
https://github.com/w3c/webrtc-extensions/issues/77
Help with:
-
dcf: 2021-09-02
Last week (since 2021-08-19):
- helped review snowflake-client SOCKS args
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
- more investigation of blocking in Turkmenistan
https://gitlab.torproject.org/tpo/community/support/-/issues/40030#note_2748...
- helped analyze go mod issue with goptlib
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
- attended pluggable transports meetup
https://internetfreedomfestival.org/wiki/index.php/September_2_2021_GM
Next week:
- fix meek-client test errors
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek/...
- identify cause and fix for the goptlib go.mod issue
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
- reply to Alexander Mages re SCTP pluggable transport
https://lists.torproject.org/pipermail/anti-censorship-team/2021-August/0001...
Help with:
agix:2021-07-15
Last week:
-Off due to final exams
Next week:
-Work on bridgebox for rdsys
-More research on httpt #4
Help with:
-
hanneloresx: 2021-3-4
Last week:
- Submitted MR for bridgestrap issue #14
Next week:
- Finish bridgestrap #14
- Find new issue to work on
Help with:
-
maxb: 2021-07-15
Last week:
- Opened
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
re: utls for broker negotiation
- Worked on github.com/max-b/nat-testing for
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...
- Added a snowflake-proxy-no-nat and a snowflake-client-no-nat to
help with debugging
- Successfully making connections from snowflake-client and
snoflake-client-no-nat through the snowflake-proxy-no-nat, but not
having any success with the snowflake-proxy (with nat).
- Added a local dockerized STUN server
Next week:
- Use wireshark to figure out the difference between successful
snowflake-proxy-no-nat and unsuccessful snowflake-proxy-nat
- Work on implementing different NAT types, particularly in a way
that's conducive to automatic testing
- Add testing wrapper w/ "pass/fail" conditions
meskio: 2021-09-02
Last week:
- work on the moat Censorsip snapshot (bridgedb#40025)
- merge gettor implemenation (rdsys!11)
- update snowflake debian package (snowflake#19409)
- write gettor documentation (rdsys#44)
- test fixes into snowflake (snowflake!55)
- run rdsys tests in the CI (rdsys#58)
- review networkstatus parser (rdsys!14)
- review rearquitecture to smaller docker image for snowflake-proxy
(docker-snowflake-proxy!1)
- review and merge gettor updater script (gettor!17)
- review snowflake Check error for calls to preparePeerConnection
(snowflake!54)
- review and merge obfs4 docker build for multiple archs
(docker-obfs4-bridge!4)
Next week:
- implement censorship snapsot available on moat (bridgedb#40025)
- add more providers to gettor (rdsys#43)
- get the snowflake debian package reviewed by a DD (snowflake#19409)
Help with:
-