Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-06-12-16.01.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, June 19 16:00 UTC Facilitator: shelikhoo ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents ==     * Our anti-censorship roadmap:         * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards     * The anti-censorship team's wiki page:         * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home     * Past meeting notes can be found at:         * https://lists.torproject.org/pipermail/tor-project/     * Tickets that need reviews: from projects, we are working on:         * All needs review tickets:             * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?sc...         * Project 158 <-- meskio working on it             * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_nam... == Announcements ==     * == Discussion ==     * learning from the CDN77 outage         * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/161         * exposing snowflake rendezvous options in the transport selection menu             * (to make it easy for someone to activate ampcache, for example, without editing bridge lines and without downloading an update)             * we could bake the rendezvous option into the transport name in the dropdown menu, e.g. snowflake-cdn77, snowflake-google-amp, snowflake-amazon-sqs, ...                 * this could take just a couple of weeks to deploy                 * possible caveat: circumvention settings may rely on specific transport name labels. E.g., circumvention settings calls meek "meek-azure".             * a transport-specific configuration UI (allowing to edit all options, not just the rendezvous method) would take much longer, on the order of months                 * and would need discussion with the UX team about whether it's even a good idea to present that sort of interface             * consensus is to proceed with multiple transport labels         * let's diversify our domain fronts         * maybe configure some ampcache bridge by default             * no ampcache bridge for now, but try to get it included as one of the rendezvous options as discussed above         * was there monitoring in place that could have detected it earlier? (we noticed it about 2h after it happened)             * we could add an alert in prometheus, for example check for a large drop in the number of requests (such as is visible in the graph at https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/161#note_320...)         * netlify is set up now, should we move moat to it, so that snowflake rendezvous and moat are not coupled with regard to failures?             * netlify for our use case seems free                 * 100 GB/month                 * moat last month used 25.1 GB (seems ok)                 * snowflake rendezvous used 92.4 GB (that's pretty close to being billable)             * moat domain front is not that easy to change: it requires a new TB release                 * any way to test it before deploying it fully?                     * alpha only, for a while?                     * meskio will create an issue     * what do we do with moat bridges         * https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/233         * we stopped distributing moat bridges 8 months ago (with the deactivation of BridgeDB)         * operators of those bridges talk about their not being used         * they could be reassigned to another distributor or be used for some other purpose         * but there exists the risk that they are already blocking in China and Russia             * during the 2021 Tor blocking incident in Russia, meskio checked and most moat bridges were blocked there, whereas bridges of other distributors were not blocked to the same degree         * a query is pending with trinity to assess the actual usage level of moat bridges         * ggus suggests reassigning half of bridges to telegram, half to circumvention settings             * it is so decided, meskio will work on it             * also need to notify bridge operators who have manually set their bridges to moat distribution, so they can change it     * distribute webtunnel bridges over telegram         * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/158         * currently: webtunnel distributed only through https and settings         * community team reports user satisfaction with the telegram distributor, asks if it is possible to distribute webtunnel bridges there         * a required first step is to configure rdsys to start collecting (new) webtunnel bridges for the telegram distributor         * can't start distributing them until there is a sufficient number         * start collecting webtunnel bridges on rdsys and see what happens? (whether there appear enough of them?)         * it's also possible to temporarily increase the probability that new bridges get assigned to telegram (the probability distribution is defined by us)             * either just new webtunnel bridges, or any kind of bridge (i.e. obfs4 or webtunnel)             * probability ratios are not tied to transports, it's not currently possible to increase the ratio just for webtunnel         * issue assigned to onyinyang == Actions == == Interesting links ==     * https://opencollective.com/censorship-circumvention/projects/snowflake-daily...         * Snowflake usage in Turkmenistan remains elevated, though not as high as before.     * https://ntc.party/t/huge-increase-in-snowflake-users-from-turkmenistan-since...         * Asked on NTC about Snowflake users in Turkmenistan.         * One user points to InviZible Pro (https://invizible.net/en/), which agrees with https://gitlab.torproject.org/tpo/community/support/-/issues/40098#note_3192...     * https://theodorsm.net/FOCI25         * "Fingerprint-resistant DTLS for usage in Snowflake". (draft) accepted paper to FOCI 25. Condensed master thesis of theodorsm and some further analysis.         * Camera-ready deadline 2025-06-22         * Key takeaways:             * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable.             * Chrome webextensions are more unstable than standalone proxies             * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake.             * Chrome randomizes the order of extension list.             * Firefox uses DTLS 1.3 by default in WebRTC.             * A prompt adoption of DTLS 1.3 in both Snowflake and covert-dtls is needed to keep up with browsers             * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year.             * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users.             * Browser extensions make Snowflake resistant to ClientHello fingerprinting.             * Standalone proxies can serve more Snowflake clients per volunteer than webextensions.             * We need metrics on which types of proxies are actually being matched and successfully used by clients. == Reading group ==     * We will discuss "A Wall Behind A Wall: Emerging Regional Censorship in China (Henan firewall)" on June 19         * https://gfw.report/publications/sp25/en/         * Questions to ask and goals to have:             * What aspects of the paper are questionable?             * Are there immediate actions we can take based on this work?             * Are there long-term actions we can take based on this work?             * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name:         This week:             - What you worked on this week.         Next week:             - What you are planning to work on next week.         Help with:             - Something you need help with. cecylia (cohosh): 2025-06-12     Last week:         - responded to cdn77 outage         - updated SQS costs https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-cos...     This week:         - follow up on snowflake rendezvous failures         - take a look at potential snowflake orbot bug             - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-06-12     Last week:         - assisted with the CDN77 temporary outage issue https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/161     Next week:         - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...             - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... Help with: meskio: 2024-06-12     Last week:         - staging server is distributing bridges and sends emails (rdsys#219)         - servers upgrade to trixie, onbasca broke, but the rest is fine         - CDN77 outrage         - update telegram distributor config     Next week:         - steps towards a rdsys in containers (rdsys#219)         - investigate why we don't distribute webtunnel bridges over https some days (rdsys#262) Shelikhoo: 2024-06-12     Last Week:          - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... ) testing environment setup/research         - Snowfalke Staging Server Experiment         - Emergency fix of CDN77 https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/161#note_320...         - Merge request reviews     Next Week/TODO:         - Merge request reviews         - Support the Testing of domain fronting sites ( https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/l... ) (cont.)         - [Merge Request] Add Domain Fronting Testing Support to logcollector ( https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/l... ) onyinyang: 2025-06-12     Last week(s):         - Completed implementation of conjure DNS registrar             - using the min transport https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conju...         - Started looking into unresolved lox issues, signalling channel library Next week:       Switch back to some of these:           As time allows:               - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/...               - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305         - Work on outstanding milestone issues:             - key rotation automation         Later:         pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096):             - add pref to handle timing for pubkey checks in Tor browser             - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974         - improve metrics collection/think about how to show Lox is working/valuable         - sketch out Lox blog post/usage notes for forum     (long term things were discussed at the meeting!):         - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice             Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people?                 1. Are there some obvious grouping strategies that we can already consider?                     e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?)                 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12         Last weeks:             - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round.             - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25             - Key takeaways:                 * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable.                 * Chrome webextensions are more unstable than standalone proxies                 * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake.                 * Chrome randomizes the order of extension list.                 * Firefox uses DTLS 1.3 by default in WebRTC.                 * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers                 * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year.                 * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users.                 * Browser extensions make Snowflake resistant to ClientHello fingerprinting.                 * Standalone proxies can serve more Snowflake clients per volunteer than webextensions.                 * We need metrics on which types of proxies are actually being matched and successfully used by clients.         Next weeks:             - Getting paper camera ready.             - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...).         Help with:             - Should we do user testing of covert-dtls? Facilitator Queue:         meskio shelikhoo onyinyang 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036