[tor-project] Anti-censorship team meeting notes, 2023-05-18
onyinyang
onyinyang at torproject.org
Thu May 18 18:16:56 UTC 2023
Hey everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-05-18-15.58.html
And our meeting pad:
Anti-censorship work meeting pad
--------------------------------
------------------------------------------------------------------------------------
THIS IS A
PUBLIC PAD
------------------------------------------------------------------------------------
Anti-censorship
--------------------------------
Next meeting: Thursday, May 25 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the
Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap:
* Roadmap:
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
* The anti-censorship team's wiki page:
*
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
* Past meeting notes can be found at:
* https://lists.torproject.org/pipermail/tor-project/
* Tickets that need reviews: from sponsors, we are working on:
* All needs review tickets:
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None
* Sponsor 96 <-- meskio, shell, onyinyang, cohosh
* https://gitlab.torproject.org/groups/tpo/-/milestones/24
* Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel
working on it
* https://pad.riseup.net/p/sponsor139-meeting-pad
== Announcements ==
== Discussion ==
* Reported blocking of Snowflake in China since 2023-05-12
*
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40038
* https://github.com/net4people/bbs/issues/249
*
https://forum.torproject.net/t/snowflake-bridge-does-not-work-in-china-since-days-ago/7635
* May have something to do with double rendezvous caused by
having 2 bridge lines
* "two or more TLS connections with the same SNI within a
short time to a Fastly IP address"
* got similar reports from two users
* for one user the blocking threshold was 2
(https://github.com/net4people/bbs/issues/249#issuecomment-1547034480),
for the other the threshold was 3
(https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40038#note_2903068)
* Seems to have stopped since 2023-05-15
* List of mitigations at
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40038#note_2902981
* first step, if it happens again, is to specify just 1
bridge in Connection Assist for China
* use snowflake-02 as it is currently more lightly loaded
* Web browsers also make 2 or more near-simultaneous
connections, maybe they were getting overblocked and that's why it stopped?
*
https://kb.mozillazine.org/Network.http.max-connections-per-server
* Setting MaxConnsPerHost=1 in snowflake-client still does a
double rendezvous, but to 2 *different* Fastly IP addresses rather than
the some one twice.
* https://gitlab.torproject.org/tpo/core/tor/-/issues/40578 was
for two bridges already, so would not directly fix this case
* "we could set numentryguards 1 for snowflake users i
guess, but i think we want two"
* Update on Analysis of speed deficiency of Snowflake in China,
2023 Q1
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40251#note_2883879
* after a lot of research the proposed solution is to enable
datagram transport on webrtc to deal with the packet loss situation
* that will convert webrtc into an unreliable channel, and
snowflake will add reliablity with kcp
* (Proposal under discussion, discuss on irc meeting next week)
* Research about designing an armored bridge line sharing URL format
*
https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126
* Regarding bridge churn for Lox
(https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/wikis/Lox-Roadmap?version_id=fbc9ee4f76b1d3cba83a79b4ea1d776c16e0b941#metrics-1)
* past research and source code on relay (not bridge) churn:
* https://metrics.torproject.org/networkchurn.html
* https://nymity.ch/sybilhunting/churn-values/
* https://www.cs.kau.se/philwint/spoiled_onions/
* https://nymity.ch/papers/pdf/winter2014a.pdf#page=22
== Actions ==
*
== Interesting links ==
* Unofficial(?) Snowflake extension for Safari in Apple App Store?
* https://apps.apple.com/us/app/torproject-snowflake/id1597501940
* Previously noted at
https://lists.torproject.org/pipermail/anti-censorship-team/2022-February/000222.html
== Reading group ==
* We will discuss "Lox: Protecting the Social Graph in Bridge
Distribution" on 2023 May 18
* https://cypherpunks.ca/~iang/pubs/lox-popets23.pdf
* Questions to ask and goals to have:
* What aspects of the paper are questionable?
* Are there immediate actions we can take based on this work?
* Are there long-term actions we can take based on this work?
* Is there future work that we want to call out in hopes
that others will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): last updated 2023-05-18
Last week:
- away
- foci stuff
- reviewed some Lox MRs
- wrote up a Lox roadmap from meeting
-
https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/wikis/Lox-Roadmap
This week:
- open issue about archiving snowflake prometheus metrics
- lox-wasm tor browser builds
Needs help with:
dcf: 2023-05-18
Last week:
- did analysis of blocking of the snowflake broker front domain
in China
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40038
- commented on shelikhoo's proposal for a new snowflake
client–proxy protocol based on unreliable data channels
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40251#note_2904085
Next week:
- upgrade tor on snowflake-01
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40270
- open issue to have snowflake-client log whenever KCPInErrors
is nonzero
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886018
- parent:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40267
- open issue to disable /debug endpoint on snowflake broker
Help with:
meskio: 2023-05-18
Last week:
- catching up after vacation
- review rdsys metrics for flickering bridges (rdsys!122)
Next week:
- finish webtunnel rdsys support
Shelikhoo: 2023-05-18
Last Week:
- [Merge Request Awaiting] Add SOCKS5 forward proxy support to
snowflake (snowflake!64)
- [Research] HTTPT Planning
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/httpt/-/issues/1
- Research about designing an armored bridge line sharing URL
format (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126)
- Snowflake Performance Analysis (Ongoing,
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40251#note_2904085)
- Trying to fix vantage point(Ongoing)
- logcollector alert
system(https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/logcollector/-/issues/4)
Next Week/TODO:
- [Research] WebTunnel planning (Continue)
- Try to find a place to host another vantage point
- logcollector alert system
- webtunnel document for proxy operator
- Snowflake Performance Analysis
onyinyang: 2023-05-11
Last week:
- Finished up the Lox library changes to replace gone bridges
with new bridges
- Added tests and changes to Lox distributor to support this
- Refactored lox-distributor for readability
This week:
- Adding tests for both Lox library and Lox distributor
- Refactoring rdsys metrics changes to prevent risk of testing
in deployment
-
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/122
- Looking into a more reasonable way of storing Lox library
data structures:
- https://gitlab.torproject.org/onyinyang/lox/-/issues/2
- https://gitlab.torproject.org/onyinyang/lox/-/issues/3
(long term things were discussed at the meeting!):
https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep
- brainstorming grouping strategies for Lox buckets (of
bridges) and gathering context on how types of bridges are
distributed/use in practice.
Question: What makes a bridge useable for a given user, and
how can we encode that to best ensure we're getting the most appropriate
resources to people?
1. Are there some obvious grouping strategies that we
can already consider?
e.g., by pt, by bandwidth (lower bandwidth bridges
sacrificed to open-invitation buckets?), by locale (to be matched with a
requesting user's geoip or something?)
2. Does it make sense to group 3 bridges/bucket, so
trusted users have access to 3 bridges (and untrusted users have access
to 1)? More? Less?
Needs Help with:
- figuring out whether or not the metrics I added to rdsys
actually collect what we want them to. I can run prometheus locally, but
am unsure how to match this with a realistic onbasca test that can
actually show whether the metrics are useful/correct. Is there a known
way to do such tests other than deploy and find out? Update: Not yet!
but we are going to work on staging for this soon
Itchy Onion: 2023-05-11
Last week:
- Continue investigating offline bridges (team#112)
- Discovered bridgestrap#37 (cache gives wrong status of bridge
sometimes)
- Start working on rdsys#56 (persistent storage for certain
bridge arributes)
This week:
- Continue working on rdsys#56
(https://gitlab.torproject.org/itchyonion/rdsys/-/tree/use-embedded-db?ref_type=heads)
hackerncoder: 2023-04-20
last week:
- (py-)ooni-exporter torsf (snowflake)
- (py-)ooni-exporter web_connectivity
Next week:
- work on "bridgetester"?
- how does Iran block bridges?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x156A6435430C2036.asc
Type: application/pgp-keys
Size: 6206 bytes
Desc: OpenPGP public key
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20230518/5b8b459a/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20230518/5b8b459a/attachment.sig>
More information about the tor-project
mailing list