1   Hey everyone!   1   2 Here are our meeting logs:   3 http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-02-13-16.00.html   4   5 And our meeting pad:   6   7 Anti-censorship work meeting pad   8 --------------------------------   9 Anti-censorship  10 --------------------------------  11  12 Next meeting: Thursday,Feb  27 16:00 UTC  13 Facilitator: shelikhoo  14 ^^^(See Facilitator Queue at tail)  15  16 Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC  17 (channel is logged while meetings are in progress)  18  19 This week's Facilitator: onyinyang  20  21 == Goal of this meeting ==  22  23 Weekly check-in about the status of anti-censorship work at Tor.  24 Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.  25  26  27 == Links to Useful documents ==  28     * Our anti-censorship roadmap:  29         * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards  30     * The anti-censorship team's wiki page:  31         * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home  32     * Past meeting notes can be found at:  33         * https://lists.torproject.org/pipermail/tor-project/  34     * Tickets that need reviews: from projects, we are working on:  35         * All needs review tickets:  36             * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?sc...  37         * Project 158 <-- meskio working on it  38             * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_nam...  39  40  41 == Announcements ==  42  43     * No meeting February 20th. There is FOCI at the same time  44         * https://foci.community/  45     * snowflake-graphs proxy CSV files (client-match.csv, proxy-country.csv, proxy-nat-type.csv, proxy-type.csv) are available again. (Working around a bad descriptor that had prevented updates since 2024-08.)  46         * https://gitlab.torproject.org/dcf/snowflake-graphs/-/commit/089e0af01aa63831...  47  48 == Discussion ==  49  50     * moderation of mailing lists to prevent spam  51         * https://lists.torproject.org/mailman3/hyperkitty/list/anti-censorship-team@l...  52         * we agree to moderate new subscribers and remove the moderation flag on first post if is not spam  53     * Whether to switch to debian fork of golang for CI  54         * https://gitlab.torproject.org/tpo/tpa/team/-/issues/42014#note_3159983  55             * The problem is sporadic CI failures due to container rate limits.  56             * The rate limit problem has been fixed, for the anti-censorship team at least, by maintaining our own mirror of container images:  57 https://gitlab.torproject.org/tpo/anti-censorship/duplicatedcontainerimages/  58             * tpo/tpa/team#42014 is a request to have the admin team take on the responsibility of mirroring those container images.  59             * The admin team prefers that we use their existing Debian images that contain golang, rather than take on a new set of container mirrors.  60             * shelikhoo has a distaste for Debian-based images, stemming from past experience with excessive patching and slow updates. shelikhoo prefers either to build our own golang from source (possibly on a Debian-based image), or else use a binary release of golang.  61                 * Debian patches to golang: https://sources.debian.org/patches/golang-1.19/1.19.13-1~bpo11%2B1/  62             * So the trilemma is: 1. extra maintenance for the anti-censorship team (duplicatedcontainerimages), 2. extra maintenance for the admin team, or 3. using the admin team–maintained images which shelikhoo does not want to use.  63             * The resolution is #1: keep using our own mirror at our own maintenance expense.  64         * TPA provides golang containers based on oldstable, stable, testing and sid versions of golang  65         * golang version in debian might be different than the official one  66         * we'll keep using our mirrors of containers  67     * Would we like to support WASM version of proxy?  68         * https://gitlab.torproject.org/WofWca/snowflake/-/compare/main...wasm?from_pr...  69         * we could replace the javascript logic of the webextension with the WASM version of the standalone proxy. Removing the need to duplicate functionallity in two languages  70         * When compiled to WASM, Pion acts as a wrapper around the browser's own WebRTC API (i.e. Pion doesn't craft its own DTLS records etc.). So it may be possible to keep browser protocol fingerprints the way they are already.  71             * https://github.com/pion/webrtc/blob/v4.0.9/examples/README.md#webassembly "Pion WebRTC can be used when compiled to WebAssembly, also known as WASM. In this case the library will act as a wrapper around the JavaScript WebRTC API."  72  73 for Feb 27:  74     * Should we user test snowflake with covert-dtls? It is difficult to force Snowflake client to become the DTLS client: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...  75     * "After some debugging, reading the pion webrtc source code, and referencing RFC 5763 (DTLS-SRTP framework) I realized why hook was never triggered. The Snowflake client will almost always become the server in the DTLS handshake as sends the SDP Offer every time. According to the RFC, only the offer can decide who becomes the client or server."  76  77 == Actions ==  78  79 == Interesting links ==  80  81     * https://opencollective.com/censorship-circumvention/projects/snowflake-daily...  82     * https://opencollective.com/censorship-circumvention/projects/snowflake-daily...  83         * €3,917.57 snowflake-01 bandwidth expenses in 2024  84  85 == Reading group ==  86  87     * We will discuss "Identifying VPN Servers through Graph-Represented Behaviors" on February 27  88         * https://dl.acm.org/doi/10.1145/3589334.3645552  89         * https://dl.acm.org/doi/pdf/10.1145/3589334.3645552  90         * https://github.com/chenxuStep/VPNChecker  91         * Questions to ask and goals to have:  92             * What aspects of the paper are questionable?  93             * Are there immediate actions we can take based on this work?  94             * Are there long-term actions we can take based on this work?  95             * Is there future work that we want to call out in hopes that others will pick it up?  96  97 == Updates ==  98 Name:  99         This week: 100             - What you worked on this week. 101         Next week: 102             - What you are planning to work on next week. 103         Help with: 104             - Something you need help with. 105 106 cecylia (cohosh): 2025-02-13 107     Last week: 108         - supported conjure work 109         - reviewed snowflake!315 110         - helped debug and and give feedback on snowflake website 111         - updated our jasmine tests for snowflake-webext CI (snowflake-webext#112) 112         - responded to emails on SQS rendezvous 113         - commented on onionperf + python3.13 issue (onionperf#40051) 114         - finally closed out the meek bridge handover issue (team#133) 115         - updated team#142 with recent proxy count graphs and closed it 116         - other random reviews and todos 117     This week: 118         - support conjure work 119         - debug SQS rendezvous 400 errors 120         - take a look at potential snowflake orbot bug 121             - https://github.com/guardianproject/orbot-android/issues/1183 122         - maybe do some lox work 123 124 dcf: 2025-02-13 125     Last week: 126         - snowflake azure CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-cos... 127         - decommissioned the snowflake-broker.azureedge.net CDN profile https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... 128         - decommissioned the old snowflake broker VPS instance https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... 129         - verified documentation fix for snowflake-broker journalctl command https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... 130     Next week: 131         - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... 132             - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... 133         - open issue to disable /debug endpoint on snowflake broker 134 Help with: 135 136 meskio: 2024-02-13 137     Last week: 138         - long discussions around rdsys in containers (rdsys#219) 139         - debug why webtunnel in lyrebird is not accepting https proxy (lyrebird#40024) 140         - fix moat so it will distribute webtunnel bridges in russia (rdsys#256) 141         - bring backward compatibility on the moat captcha API (rdsys!480) 142     Next week: 143         - steps towards a rdsys in containers (rdsys#219) 144 145 Shelikhoo: 2024-02-13 146     Last Week: 147          - [Refine] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... ) improvements 148          - [Invesgate]Add support for using a proxy to connect to the PTs(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyreb...) 149         - Merge request reviews 150     Next Week/TODO: 151         - Merge request reviews 152         - [Refine] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... ) improvements 153         - [Deploy] Remove domain snowflake-broker.bamsoftware.com from snowflake broker's ACME tool 154         - [Fix] Add support for using a proxy to connect to the PTs(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyreb...) 155 156 onyinyang: 2025-02-13 157     Last week(s): 158         - continued work on ampcache registration method for conjure 159             - WIP MR: https://github.com/cohosh/conjure/pull/1 160     Next week: 161         - finish up ampcache registration method (sqs on hold for now) 162         - Begin work on either obfs4 transport or decoy registration option 163         - FOCI 164         - add TTL cache to lox MR for duplicate responses: 165 https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 166         As time allows: 167         - Continue work on implementing issuer efficiency for check-blockage and trust-promotion protocols 168         - Work on outstanding milestone issues: 169             - key rotation automation 170 171         Later: 172         pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096): 173             - add pref to handle timing for pubkey checks in Tor browser 174             - add trusted invitation logic to tor browser integration: 175 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 176         - improve metrics collection/think about how to show Lox is working/valuable 177         - sketch out Lox blog post/usage notes for forum 178 179     (long term things were discussed at the meeting!): 180         - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice 181             Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 182                 1. Are there some obvious grouping strategies that we can already consider? 183                     e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 184                 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? 185 186 theodorsm: 2025-02-13 187         Last weeks: 188                 - Debugging Tor Build with covert-dtls: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... 189         Next weeks: 190             - Update covert-dtls to handle new DTLS extensions in recent browsers 191             - Write instructions on how to configure covert-dtls with snowflake client 192             - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...). 193             - Condensing thesis into paper (on hold) 194         Help with: 195             - Test stability of covert-dtls in snowflake 196 197 198 199 Facilitator Queue: 200          onyinyang shelikhoo meskio 201 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 202 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue ~ ~ ~ ~