[tor-project] Anti-censorship team meeting notes, 2022-02-10

Mailing Lists tor-project
1

Hey everyone!

Here are our meeting logs:

http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-02-10-15.59.html

And our meeting pad:

Anti-censorship work meeting pad

···

--------------------------------

Next meeting: Thursday February 10th 16:00 UTC

Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress)

== Goal of this meeting ==

Weekly checkin about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at Tor.

== Links to Useful documents ==

    Our anti-censorship roadmap:

    Roadmap: Development · Boards · Anti-censorship · GitLab

    The anti-censorship team's wiki page:

    Home · Wiki · The Tor Project / Anti-censorship / Team · GitLab

    Past meeting notes can be found at:

    The tor-project Archives

    Tickets that need reviews: from sponsors we are working on:

    All needs review tickets: Merge requests · Anti-censorship · GitLab

    Sponsor 30

    Sponsor 30 - Objective 2.1 · The Tor Project · GitLab

    Sponsor 30 - Objective 2.2 · The Tor Project · GitLab

    Sponsor 30 - Objective 2.3 · The Tor Project · GitLab

    Sponsor 30 - Objective 2.4 · The Tor Project · GitLab

    Sponsor 28

    must-do tickets: Sponsor 28: Reliable Anonymous Communication Evading Censors and Repressors (RACECAR) · The Tor Project · GitLab

    possible tickets: Issues · The Tor Project · GitLab

== Announcements ==

== Discussion ==

    Add SOCKS5 forward proxy support: Draft: Add SOCKS5 forward proxy support (!64) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab

    a complex non-essential function, do we want it in?

    previous discussion on the topic: #tor-meeting: anti-censorship meeting

    current implementation has DNS leaks in osx/ios

    shell is going to implement the work around the DNS leaks, and we'll evaluate if is mergeable or too complex.

    What failures count as emergencies for the anti-censorship team?

    Decide what service failures count as an emergency for anti-censorship team (#48) · Issues · The Tor Project / Anti-censorship / Team · GitLab

    Emergencies · Wiki · The Tor Project / Anti-censorship / Team · GitLab

    will close after a few days if there is nothing to add

== Actions ==

== Interesting links ==

    OONI reports of Tor blocking in certain ISPs since 2021-12-01 - #129 by zinoid - Russia - NTC

    report of meek probabilistically not working in Russia since 2022-02-06

    > Statistical analysis with respect to meek-azure is not unique, apparently, some VPN services are blocked in a similar way. The difference is in the number of packets.

    > Blocking meek-azure (fixed address and SNI) requires fewer than 20 TCP segments with data (including TLSv1.3 handshake), client traffic is not counted. Blocking is probabilistic.

    > By changing the address (in the hosts file) or the front domain, exclude this analysis. Change the server traffic (within the analysis window), bypass it. For example, add to the line with meek-azure: utls=helloios_auto

    Lessons from the January 2022 Internet shutdown in Kazakhstan for censorship circumvention https://github.com/net4people/bbs/issues/102

== Reading group ==

    We will discuss "Weaponizing Middleboxes for TCP Reflected Amplification" on 2022-02-17

    The Internet censorship bibliography

    Questions to ask and goals to have:

    What aspects of the paper are questionable?

    Are there immediate actions we can take based on this work?

    Are there long-term actions we can take based on this work?

    Is there future work that we want to call out, in hopes that others will pick it up?

== Updates ==

Name:
    This week:
        - What you worked on this week.
    Next week:
        - What you are planning to work on next week.
    Help with:

         - Something you need help with.

anadahz: 2022-01-27

    Last week:

    - Increase timeout check cycles for default-bridge-felix-1 and default-bridge-felix-2 as they have been generating too many alerts: Increase number of cycles for felix bridges (!1) · Merge requests · The Tor Project / Anti-censorship / monit-configuration · GitLab

cecylia (cohosh): last updated 2022-02-10
Last week:
    - remove oneshot mode from snowflake server (snowflake#40098)
    - lots of documentation for handing off s28 work
    - bumped version of snowflake library to v2.1.0
    - responded again to ooni's snowflake test questions
    - wrote patch to fix unitialized field of SnowflakeListener (snowflake#40099)
    - finished prepping our s28 snowflake evaluation for this month
    - wrote up a wiki page documenting what counts as an emergency (team#48)
This week:
    - reviews if needed
    - shadow testing
    - around for questions
Needs help with:

dcf: 2022-02-10

    Last week:

    - updated snowflake bridge installation and survival guides for the load-balanced setup Snowflake Bridge Installation Guide · Wiki · The Tor Project / Anti-censorship / Team · GitLab Snowflake Bridge Survival Guide · Wiki · The Tor Project / Anti-censorship / Team · GitLab

    - opened an issue for metrics graphs with load-balanced relays Graphs for multiple relays that have the same fingerprint (#40022) · Issues · The Tor Project / Network Health / Metrics / Onionoo · GitLab

    - started a thread on tor-dev about alternatives for ExtORPort authentication and disabling onion key rotation [tor-dev] Two features that would help load-balanced bridges

    - snowflake CDN bookkeeping Snowflake costs · Wiki · The Tor Project / Anti-censorship / Team · GitLab

    Next week:

    Help with:

agix: 2021-02-10

    Last week:

    - Continued work on gettor-twitter

    Next week:

    - Hopefully finish the task

    Help with:

    -

arlolra: 2022-01-20

    Last week:

    - [added 2022-01-20 by dcf] ALPN support for pion DTLS https://github.com/pion/dtls/pull/415

    Next week:

    - Figure out where in pion/webrtc ALPN should be configured and used

    - Maybe add Chacha20Poly1305 to pion/dtls

    https://github.com/pion/dtls#planned-features

    Make Snowflake's DTLS fingerprint more similar to popular WebRTC implementations (#40014) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab

    Help with:

    -

maxb: 2021-09-23

    Last week:

    - Worked on uTLS for broker negotiation (#40054) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab re: utls for broker negotiation

    - Had conversation with someone about upstream utls http round tripper https://github.com/refraction-networking/utls/pull/74

    - Too busy with work :confused:

    Next week:

    - _Really_ want to get a PR for utls round tripper

meskio: 2022-02-10

    Last week:

    - bridgedb reconnection issues with rdsys

    - fixes on bridge port scan (bridge-port-scan#6)

    - digging into bridge authority IPv6 issues

    - obfs4 debian package support (obfs4#33736)

    - telegram bot bridges rotation

    - test deployment for the new rdsys/bridgedb setup is live!!! (rdsys#12)

    - review snowflakes suppression of verbosity in logs (snowflake!74)

    Next week:

    - make easier to test bridgedb ater rdsys change (bridgedb#40034)

    - bridgestrap is not displaying the results (bridgestrap#31)

    - bridgedb reconnection issues with rdsys

Shelikhoo: 2022-02-10
   Last Week:
       - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake(snowflake!64)
       - [Merge Request Done] Add verbosity switch to suppress diagnostic output(snowflake#40079, snowflake!74)

      - [Discussion] Implement metrics to measure snowflake churn(snowflake#34075)

      - [Discussion] Proposal: Support for Dynamic IP obfs4 bridges with unattended proxy information update(aka "Subscription")

      - [Discussion] Proposal: Push Notification Based Signaling Channel

      - [Discussion] Proposal: Centralized Probe Result Collector(anti-censorship/team#54)

      - [Discussion] HTTPT & Websocket(O1.3: Implement bridges with pluggable transport HTTPT support. (#7) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / HTTPT · GitLab)

      - [Investigate] Is there a better moat/snowflake SNI than cdn.sstatic.net? (snowflake#40068)

      - [Investigate] Multi-instance Load Balanced Tor - Snowflake Deployment

      - [Investigate] China "Anti-Fraud" Webpage Redirection Censorship(censorship-analysis#40026)

      - [Investigate] uTLS for broker negotiation

   Next Week:
       - [Discussion] Implement metrics to measure snowflake churn (snowflake#34075)
       - [Discussion] Proposal: Push Notification Based Signaling Channel
       - [Coding] uTLS for broker negotiation
       - [Coding] Proposal: Centralized Probe Result Collector(anti-censorship/team#54)

HackerNCoder: 2021-12-16
This week:
    Last/done:
        Setup web mirror on tor.encryptionin.space
    Next:
        Get (new VPs with) new IP and setup new web mirror on new domain

hanneloresx: 2021-3-4

    Last week:

    - Submitted MR for bridgestrap issue #14

    Next week:

    - Finish bridgestrap #14

    - Find new issue to work on

    Help with:

    -

--
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.

1 Like