Anti-censorship team meeting notes, 2025-05-29
Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-05-29-16.03.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, June 5 16:00 UTC Facilitator: meskio ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?sc... * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_nam... == Announcements == * == Discussion == * Happy Families https://blog.torproject.org/happy-families/ * does not solve the fundamental bridges + exits issue * there are 2 things going on * 1. Families currently ask operators to disclose the fingerprints of their other relays, that is solved by happy families * https://gitlab.torproject.org/tpo/core/tor/-/blob/36cd4a50fc9d861c6c35a0f6dc... * 2. The other problem is how circuit selection works * https://gitlab.torproject.org/tpo/core/tor/-/issues/40935#note_3090023 * Tor picks exit relays first, and then picks a guard * With bridges like snowflake, conjure, and meek (i.e. publicly known bridges, where the concern about leaking fingerprints in MyFamily doesn't even apply), the client is very restricted in which entry point it can select * we have one conjure bridge and effectively one meek bridge * even though we have more than one snowflake bridge, the tor source code currently ignores family restrictions for bridges * This is a proposal for relaxed restrictions that has more recent thinking on threat models * https://spec.torproject.org/proposals/354-relaxed-restrictions.html * argues for why families and subject restrictions should not apply to circuits with bridges == Actions == == Interesting links == * == Reading group == * We will discuss "" on * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-05-29 Last week: - added documentation for new snowflake timeout metric - reviewed Conjure staleness check (conjure!45) - wrote a draft call for a Conjure bridge operator (conjure#46) - worked on removing mutexes from Snowflake broker metrics (snowflake#40458) - tested and wrote feedback on unreliable transport mode (snowflake!315) This week: - support conjure work - finish testing and give feedback on unreliable transport mode for snowflake - follow up on snowflake rendezvous failures - reduce/remove use of mutexes for broker metrics (snowflake#40458) - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-05-29 Last week: - opined some more on a FEP design https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyreb... Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... Help with: meskio: 2024-05-29 Last week: - test email service on the staging server (rdsys#219) - review and coordinate grants Next week: - steps towards a rdsys in containers (rdsys#219) - investigate why we don't distribute webtunnel bridges over https some days (rdsys#262) Shelikhoo: 2024-05-29 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... ) testing environment setup/research - Snowfalke Staging Server Experiment - Support the Testing of domain fronting sites ( https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/l... ) (cont.) - [Merge Request] Add Domain Fronting Testing Support to logcollector ( https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/l... ) - Merge request reviews Next Week/TODO: - Merge request reviews (Away until June 10) onyinyang: 2025-05-29 Last week(s): - Attempted to get conjure DNS registrar working - encountering errors for both conjure and gotapdance cli with DNS registrar https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conju... - hoping for an update: https://github.com/refraction-networking/conjure/issues/293 - Completed staleness check for conjure bufferedconn https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conju... - phantombox improvement Next week: - Continue improvements for phantombox testing environment - Test DNS/Decoy registrar in phantombox Switch back to some of these: As time allows: - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/... - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096): - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-04-10 Last weeks: - fixing bugs in covert-dtls, only mimic DTLS 1.2 - Running proxy with covert-dtls - MR covert-dtls: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... Next weeks: - Write instructions on how to configure covert-dtls with snowflake client (are we going to run a user test?) - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...). - Condensing thesis into paper Help with: - Test stability of covert-dtls in snowflake Facilitator Queue: onyinyang meskio shelikhoo 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue
participants (1)
-
Shelikhoo