[tor-project] Anti-censorship team monthly report: August 2019

Philipp Winter phw at torproject.org
Wed Sep 4 18:58:07 UTC 2019

Hi everyone,

Here's what happened in circumvention land last month:


* Released version 0.8.0.  This release incorporates patches from the
  following tickets:
  - <https://bugs.torproject.org/9316>
    BridgeDB now exports usage metrics.  We're still working on getting
    these metrics published over Tor Metrics.
  - <https://bugs.torproject.org/26542>
    Fixed broken bridge distribution for vanilla IPv6 bridges.
  - <https://bugs.torproject.org/22755>
    Use stem instead of leekspin for integration tests.  This doesn't
    affect users but simplifies the code base.
  - <https://bugs.torproject.org/31252>
    Add an anti-bot mechanism.

* Fixed <https://bugs.torproject.org/17626>.  BridgeDB gets confused
  when users reply to a "get help" email.  The issue is that BridgeDB
  interprets commands anywhere in the email body, even if it's in quoted
  text.  To fix this issue, we are ignoring commands whose email body
  line starts with a '>' character, which is typically used for email

* Made BridgeDB sync its assignments.log file to our metrics
  infrastructure again.  This file contains the mapping from a bridge's
  fingerprint to its assigned distribution pool.  Once we are archiving
  these files again, bridge operators can check in what pool their
  bridge is.


* Added a dark mode to the Snowflake proxy:

* More work went towards Snowflake's metrics.  We updated the /metrics
  handler and the associated specification.
  - <https://bugs.torproject.org/31376>
  - <https://bugs.torproject.org/31493>

* Implemented a fix for the "proxy ID reuse" vulnerability:
  <https://bugs.torproject.org/31460>  Thanks to serna for discovering
  this issue!

* Made some progress towards Snowflake's sequencing layer:

* Handled a vulnerability in Go's net/http module by re-compiling and
  re-deploying affected binaries:

* Fixed a bug that caused Firefox-based Snowflakes to not do their work:


* Roger did a Defcon talk on the Tor censorship arms race to several
  thousand people, including a call-for-testers for obfs4proxy and
  Snowflake, and then spent the rest of the weekend answering Tor
  questions.  We are now counting approximately 400 Snowflakes!

* We've started reaching out to contacts like professors to try to
  regrow the set of "default" bridges in Tor Browser, which are the
  bridges that users get when they don't specify their own bridge.

* We started our "set up obfs4 bridges" bridge campaign:
  So far, we are counting 39 new bridges.  Thanks to everybody who

* Started interaction with IETF MASQUE working group by proposing the
  idea of turning it into a pluggable transport:


* Updated outdated Tor Browser copies on GitHub and GitLab and improved
  automation to keep them updated in the future.

Pluggable transports

* We went to the FOCI workshop, and among other things talked to the
  person working on using a GAN to modify timing for meek traffic. He's
  thinking about grad school, so we tried to connect him to all the
  usual profs so he can do this more in grad school.

* Made some progress towards a better obfs4 by improving the way it
  obfuscates its flow signature: <https://bugs.torproject.org/30716>.
  This is experimental work-in-progress.

* David published Turbo Tunnel, which provides a sequencing and
  reliability layer for pluggable transports:


* Improved and extended our obfs4 bridge setup guides:

More information about the tor-project mailing list