Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-04-13-15.58.log.... And our meeting pad: Anti-censorship work meeting pad ------------------------------------------------------------------------------------ - THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, April 13 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == - Our anti-censorship roadmap: - Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards - The anti-censorship team's wiki page: - https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home - Past meeting notes can be found at: - https://lists.torproject.org/pipermail/tor-project/ - Tickets that need reviews: from sponsors, we are working on: - All needs review tickets: - https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?sc... - Sponsor 96 - https://gitlab.torproject.org/groups/tpo/-/milestones/24 - Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it - https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == - Update on Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - after a lot of research the proposed solution is to enable datagram transport on webrtc to deal with the packet loss situation - that will convert webrtc into an unreliable channel, and snowflake will add reliablity with kcp - (NO update from shell @ Apr 13) == Actions == == Interesting links == - == Reading group == - We will discuss "Lox: Protecting the Social Graph in Bridge Distribution" on 2023 May 18 - https://cypherpunks.ca/~iang/pubs/lox-popets23.pdf - Questions to ask and goals to have: - What aspects of the paper are questionable? - Are there immediate actions we can take based on this work? - Are there long-term actions we can take based on this work? - Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name:     This week:         - What you worked on this week.     Next week:         - What you are planning to work on next week.     Help with: -      - Something you need help with. cecylia (cohosh): last updated 2023-04-13 Last week:     - released a new version of snowflake-webext (0.7.2)     - added CI and renovate bot to Conjure     - debugged wireguard setup and confirmed it works         - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conju...     - fixed a bug where SOCKS handles were being leaked in Conjure         - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conju...     - Added a content security policy to webextension         - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...     - Opened an upstream issue in gotapdance to restore functionality lost in a version upgrade         - https://github.com/refraction-networking/gotapdance/issues/113 This week:     - Lox tor browser integration     - conjure maintenance Needs help with: dcf: 2023-04-13 - Last week: - - posted performance measurements of a QueuePacketConn optimization and merged it https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - - made a graph of snowflake proxy NAT types over time, which highlights the times when probetest was failing and there was an increase in "unknown" NAT types https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - - archived snowflake-webextension-0.7.2 https://archive.org/details/snowflake-webextension-0.7.2 - Next week: - - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_2823... (for real) - - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - - open issue to disable /debug endpoint on snowflake broker - Help with: meskio: 2023-04-13    Last week: - - configure rdsys to distribute webtunnel bridges (rdsys#142) - - set up a webtunnel bridge to test - - review and merge a bunch of renovate MRs in rdsys - - brainstorm on pinning TLS certs in Tor Browser for bridges.torproject.org (tpa/team#41123) - - review bridgestrap aggressive retry for dysfunctional bridges (bridgestrap!16) - - review snowflake webextension CSP (webext!66) - - sponsor 96 report - - grant application work...    Next week: - - distribute webtunnel bridges in BridgeDB Shelikhoo: 2023-04-13    Last Week: - - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/httpt... - - [Merge Request] container image for webtunnel (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtu...) - - [Research] Fix crash on launch when unexpected input was supplyed over PT protocol https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtu... - - Write S96 report - - Comment on S96 User Research Risk Assessment    Next Week: - - [Research] WebTunnel planning (Continue) - - Try to find a place to host another vantage point - - container image for webtunnel - - consider propagating 2FA everywhere, maybe, at the April Tor Meeting (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138) - - logcollector altert system - - webtunnel document for proxy operator - onyinyang: 2023-04-13     Last week:        -  worked on handling `gone resources` in a more appropriate way for Lox as outlined here: https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/issues/...        - implemented a more aggressive testing schedule for failing bridgestrap resources https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/merge_reques...        - discovered that failed/low bandwidth resources are quietly marked to not be distributed and so don't show up as `gone`        - discussed implementing metrics to check how frequently badwidth ratio causes resources to "flicker" tracked here: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/160     This week:         - work on implementing metrics to check on flickering resources         - work on marking as `gone`, failing/low-bandwidth resources that are no longer distributed        -If time (and functionality above is in place): - - If a bridge is `gone` due to bandwidth issues or descriptors not being published, replace them with working bridges in Lox--this will have implications for syncing with rdsys but first things first :) - - (long term) - - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice. - Question: What makes a bridge useable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? - 1. Are there some obvious grouping strategies that we can already consider? -  e.g., by pt, by bandwidth (lower bandwidth bridges sacrified to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) - 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? Itchy Onion: 2023-04-13     Last week: - - Vacation     This week:      - Experimenting with additional SDP tests after discussion on MR #141 (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...)      - Learning about rdsys      - Started working on #110 (treat unknown bridge distribution request as "none") - hackerncoder: 2023-03-09     last week:     Next week:         - getting ooni-exporter to work with torsf (snowflake)         - ooni-exporter web_connectivity         - work on "bridgetester"?         - how does Iran block bridges