[tor-project] Anti-censorship team monthly report: November 2019

Philipp Winter phw at torproject.org
Mon Dec 9 20:56:21 UTC 2019


Hi everyone,

Here's what the anti-censorship team has been up to in November:

Snowflake
=========

* Moved to using the gorilla/websocket library instead of an outdated
  custom library for connections between the proxies and the bridge:
  <https://bugs.torproject.org/31028>

* Expanded the coverage of Snowflake unit tests:
  <https://bugs.torproject.org/30867>
  <https://bugs.torproject.org/29259>

* Updated the way proxies interact with the broker and began to collect
  and report metrics about how many proxies we have of each type (e.g.,
  web extensions, badges, standalone instances):
  <https://bugs.torproject.org/29207>
  <https://bugs.torproject.org/31157>

* Started more rigorously measuring Snowflake's network health:
  <https://bugs.torproject.org/32545>

* Fixed a race condition in the Snowflake broker that was causing
  crashes:
  <https://bugs.torproject.org/32576>

* Updated webextension and Snowflake badge deployments with new
  translations.

GetTor
======

* Started working on a GetTor survivial guide:
  <https://dip.torproject.org/torproject/anti-censorship/gettor-project/gettor/wikis/home>

* Worked on using the GitHub REST API for uploading Tor Browser binaries:
  <https://bugs.torproject.org/32480>

BridgeDB
========

* We significantly improved bridgestrap, our REST service that takes as
  input a bridge line, tests the given bridge, and then returns the test
  result:
  <https://bugs.torproject.org/31874>

  The idea is that BridgeDB uses bridgestrap to learn if the bridges it
  knows about actually work.  Broken bridges are not handed out to
  users, which will improve user experience.

Outreach
========

* Several Tor developers attended the OTF Summit in Taipei.  We had
  numerous helpful conversations about circumvention, obfs4, and
  censorship analysis.

  - Roger had a session on Tor, with an emphasis on how Tor Browser can
    circumvent censorship.

  - Philipp talked to a few people who may be able to distribute private
    obfs4 bridges to users who need them.

  - Philipp and Arturo had a chat about how BridgeDB and OONI should
    work together in the future: BridgeDB will provide OONI with bridges
    it wants measured, and OONI returns test results, which BridgeDB
    should take into account when handing out bridges.  For example, if
    a bridge is blocked in Turkey, BridgeDB should no longer hand it out
    to users in Turkey.

Bridges
=======

* Added a new default bridge at Georgetown University to Tor Browser:
  <https://bugs.torproject.org/32606>

* We're working on getting another default bridge at the University of
  Minnesota added to Tor Browser:
  <https://bugs.torproject.org/32547>

* We made our obfs4 docker image more usable.  The image now uses a
  docker volume to persist tor's data directory, which makes it possible
  to keep your bridge identity when upgrading to a new docker image.  We
  also added a new script, get-bridge-line, which conveniently gives you
  your bridge's bridge line.  Take a look at our new installation
  instructions to learn more:
  <https://community.torproject.org/relay/setup/bridge/docker/>
  <https://bugs.torproject.org/31834>

  Thanks to thymbahutymba for providing us with plenty of helpful
  feedback!

* We sent two private obfs4 bridges to somebody who further distributed
  them to people in China.  According to some initial feedback, the
  bridges work well for the recipients.

Miscellaneous
=============

* Overhauled the DNS recommendations for exit relay operators:
  <https://community.torproject.org/relay/setup/exit/#dns-on-exit-relays>

* We tried to understand the Internet shutdown in Iran and look for
  circumvention opportunities.  In fact, the incident was not a total
  shutdown.  Some data centers in Iran still had connectivity, so it was
  possible to use VPS systems in these data centers as proxies.

  Besides, The DNS resolvers of many ISPs in Iran still allowed requests
  for domains outside of Iran.  That is, people could still resolve,
  say, foo.com and get its correct IP address.  As a result, DNS
  tunneling was possible.  We should invest in a DNS-based pluggable
  transport.  Even if it may not have been very useful in this
  particular situation (throughput would have been excruciatingly low),
  it will certainly come in handy again in the future.

  Take a look at OONI's blog post on the shutdown:
  <https://ooni.org/post/2019-iran-internet-blackout/>

* More grant writing and planning towards a "transition to practice"
  research grant.


More information about the tor-project mailing list