[tor-project] Anti-censorship team meeting notes, 2022-02-03

meskio meskio at torproject.org
Thu Feb 3 17:13:56 UTC 2022

Hey everyone!

Here are our meeting logs:


And our meeting pad:

Anti-censorship work meeting pad

Next meeting: Thursday February 3rd 16:00 UTC

Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress)

== Goal of this meeting ==

Weekly checkin about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at Tor.

== Links to Useful documents ==

    Our anti-censorship roadmap:

    Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards

    The anti-censorship team's wiki page:


    Past meeting notes can be found at:


    Tickets that need reviews:  from sponsors we are working on:

    All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None

    Sponsor 30





    Sponsor 28

    must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10

    possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name%5b%5d=Sponsor%2028&milestone_title=None

== Announcements ==

== Discussion ==

    snowflake bridge is now switched back from staging to production


    load balancing is effective - the bridge is now using all its CPU resources effectively, and is no longer bottlenecked on tor

    as a consequence, the bridge is providing about twice as much bandwidth as before (now 20 MB/s, from 10 MB/s)

    however, it is now at the limit of its CPU capability, and will not be able to go faster than it does now

    for the 6 days the staging server was in use, it was going even faster, up to 30 MB/s.

    there's no obvious low-hanging fruit in the snowflake-server CPU profile


    profiling extor-static-cookie could be worthwhile

== Actions ==

== Interesting links ==

== Reading group ==

    We will discuss "Weaponizing Middleboxes for TCP Reflected Amplification" on 2022-02-17


    Questions to ask and goals to have:

    What aspects of the paper are questionable?

    Are there immediate actions we can take based on this work?

    Are there long-term actions we can take based on this work?

    Is there future work that we want to call out, in hopes that others will pick it up?

== Updates ==

    This week:
        - What you worked on this week.
    Next week:
        - What you are planning to work on next week.
    Help with:

         - Something you need help with.

anadahz: 2022-01-27

    Last weeek:

    - Increase timeout check cycles for default-bridge-felix-1 and default-bridge-felix-2 as they have been generating too many alerts: https://gitlab.torproject.org/tpo/anti-censorship/monit-configuration/-/merge_requests/1

cecylia (cohosh): last updated 2022-02-03
Last week:
    - deployed new version of snowflake webextension + badge
    - fixed issue with file limits at probetest (snowflake#40096)
    - Updated documentation on schleuder mailing list admin (tpa/wiki-replica!22)
    - filed issue about mailing list public key change (tpa/team#40609)
    - reviews
    - responded to ooni questions about snowflake tests (snowflake#40097)
        - https://github.com/ooni/probe/issues/2004
    - lots of meetings
This week:
    - more reviews
    - try out recent shadow bug fixes
    - work with ooni on tor related tests
    - s28 evaluation prep
    - look at what's necessary for tapdance/conjure
    - write up more documentation
Needs help with:

dcf: 2022-02-03

    Last week:

    - profiled snowflake-server on the staging bridge https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40086#note_2773087

    - found a solution to prevent onion key rotation on the load-balanced bridge: a preexisting directory at a destination path https://forum.torproject.net/t/tor-relays-how-to-reduce-tor-cpu-load-on-a-single-bridge/1483/22

    - opened an issue for an assertion failure that happens when onion key rotation is prevented https://gitlab.torproject.org/tpo/core/tor/-/issues/40554

    - monitored the switchover from the staging snowflake bridge to production, and debugged resulting issues https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40095#note_2773704

    - wrote scripts to graph multi-instance bandwidth and clients https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40095#note_2774428

    - discovered a couple of minor bugs in snowflake-server https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40098 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40099

    Next week:

    - update snowflake bridge installation and survival guides

    - open an issue for metrics graphs correctly showing graphs for fingerprints with multiple instances

    - start a discussion on tor-dev about alternatives for ExtORPort authentication (remove the need for extor-static-cookie)

    - start a discussion on tor-dev about supported ways to disable onion key authentication

    Help with:

agix: 2021-01-13

    Last week:

    - Busy with work on Censored Planet

    Next week:

    - Continue work on gettor-twitter

    Help with:


arlolra: 2022-01-20

    Last week:

    - [added 2022-01-20 by dcf] ALPN support for pion DTLS https://github.com/pion/dtls/pull/415

    Next week:

    - Figure out where in pion/webrtc ALPN should be configured and used

    - Maybe add Chacha20Poly1305 to pion/dtls



    Help with:


maxb: 2021-09-23

    Last week:

    - Worked on https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40054 re: utls for broker negotiation

    - Had conversation with someone about upstream utls http round tripper https://github.com/refraction-networking/utls/pull/74

    - Too busy with work :/

    Next week:

    - _Really_ want to get a PR for utls round tripper

meskio: 2022-02-03

    Last week:

    - test deployment for the new rdsys/bridgedb setup (rdsys#12)

    - read the rdsys token from a file (bridgedb!33)

    - fixes on country block mechanism for rdsys and bridgedb (rdsys!26)

    - review bridgedb web redesign in lektor (bridgedb!31)

    - feedback on the debian package for obfs4proxy (obfs4#33736)

    - API rethinking for circumvention settings (bridgedb#40043 TorBrowser#40781)

    Next week:

    - make easier to test bridgedb ater rdsys change (bridgedb#40034)

Shelikhoo: 2022-02-03
   Last Week:
       - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake(snowflake!64)
       - [Merge Request Done] Privacy preserving stats in Snowflake standalone proxy(snowflake#40079, snowflake!72)
       - [Merge Request Review Done] Configure what distributor does distribute each resource type

      - [Discussion] Implement metrics to measure snowflake churn(snowflake#34075)

      - [Discussion] Proposal: Support for Dynamic IP obfs4 bridges with unattended proxy information update(aka "Subscription")

      - [Discussion] Proposal: Push Notification Based Signaling Channel

      - [Discussion] Proposal: Centralized Probe Result Collector(anti-censorship/team#54)

      - [Discussion] HTTPT & Websocket(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/httpt/-/issues/7#note_2773546)

      - [Investigate] Is there a better moat/snowflake SNI than cdn.sstatic.net? (snowflake#40068)

      - [Investigate] Multi-instance Load Balanced Tor - Snowflake Deployment

      - [Investigate] China "Anti-Fraud" Webpage Redirection Censorship(censorship-analysis#40026)

      - [Investigate] uTLS for broker negotiation

   Next Week:
       - [Discussion] Implement metrics to measure snowflake churn (snowflake#34075)
       - [Discussion] Proposal: Push Notification Based Signaling Channel
       - [Merge Request] Add verbosity switch to suppress diagnostic output(snowflake#40079, snowflake!74)
       - [Discussion] Proposal: Centralized Probe Result Collector(anti-censorship/team#54)
       - [Investigate] uTLS for broker negotiation

HackerNCoder: 2021-12-16
This week:
        Setup web mirror on tor.encryptionin.space
        Get (new VPs with) new IP and setup new web mirror on new domain

hanneloresx: 2021-3-4

    Last week: 

    - Submitted MR for bridgestrap issue #14

    Next week:

    - Finish bridgestrap #14

    - Find new issue to work on

    Help with:


meskio | https://meskio.net/
 My contact info: https://meskio.net/crypto.txt
Nos vamos a Croatan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20220203/0168920c/attachment.sig>

More information about the tor-project mailing list