[tor-project] Anti-censorship team monthly report: August 2019
phw at torproject.org
Wed Sep 4 18:58:07 UTC 2019
Here's what happened in circumvention land last month:
* Released version 0.8.0. This release incorporates patches from the
BridgeDB now exports usage metrics. We're still working on getting
these metrics published over Tor Metrics.
Fixed broken bridge distribution for vanilla IPv6 bridges.
Use stem instead of leekspin for integration tests. This doesn't
affect users but simplifies the code base.
Add an anti-bot mechanism.
* Fixed <https://bugs.torproject.org/17626>. BridgeDB gets confused
when users reply to a "get help" email. The issue is that BridgeDB
interprets commands anywhere in the email body, even if it's in quoted
text. To fix this issue, we are ignoring commands whose email body
line starts with a '>' character, which is typically used for email
* Made BridgeDB sync its assignments.log file to our metrics
infrastructure again. This file contains the mapping from a bridge's
fingerprint to its assigned distribution pool. Once we are archiving
these files again, bridge operators can check in what pool their
* Added a dark mode to the Snowflake proxy:
* More work went towards Snowflake's metrics. We updated the /metrics
handler and the associated specification.
* Implemented a fix for the "proxy ID reuse" vulnerability:
<https://bugs.torproject.org/31460> Thanks to serna for discovering
* Made some progress towards Snowflake's sequencing layer:
* Handled a vulnerability in Go's net/http module by re-compiling and
re-deploying affected binaries:
* Fixed a bug that caused Firefox-based Snowflakes to not do their work:
* Roger did a Defcon talk on the Tor censorship arms race to several
thousand people, including a call-for-testers for obfs4proxy and
Snowflake, and then spent the rest of the weekend answering Tor
questions. We are now counting approximately 400 Snowflakes!
* We've started reaching out to contacts like professors to try to
regrow the set of "default" bridges in Tor Browser, which are the
bridges that users get when they don't specify their own bridge.
* We started our "set up obfs4 bridges" bridge campaign:
So far, we are counting 39 new bridges. Thanks to everybody who
* Started interaction with IETF MASQUE working group by proposing the
idea of turning it into a pluggable transport:
* Updated outdated Tor Browser copies on GitHub and GitLab and improved
automation to keep them updated in the future.
* We went to the FOCI workshop, and among other things talked to the
person working on using a GAN to modify timing for meek traffic. He's
thinking about grad school, so we tried to connect him to all the
usual profs so he can do this more in grad school.
* Made some progress towards a better obfs4 by improving the way it
obfuscates its flow signature: <https://bugs.torproject.org/30716>.
This is experimental work-in-progress.
* David published Turbo Tunnel, which provides a sequencing and
reliability layer for pluggable transports:
* Improved and extended our obfs4 bridge setup guides:
More information about the tor-project