[tor-project] Anti-censorship team meeting notes, 2022-10-27

--------------------------------

Next meeting: Thursday Nov 3 16:00 UTC

Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)

== Goal of this meeting ==

Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.

== Links to Useful documents ==

  * Our anti-censorship roadmap:
    * Roadmap: Development · Boards · Anti-censorship · GitLab
  * The anti-censorship team's wiki page:
    * Home · Wiki · The Tor Project / Anti-censorship / Team · GitLab
  * Past meeting notes can be found at:
    * The tor-project Archives
  * Tickets that need reviews: from sponsors we are working on:
    * All needs review tickets:
      * Merge requests · Anti-censorship · GitLab
    * Sponsor 28
      * must-do tickets: Sponsor 28: Reliable Anonymous Communication Evading Censors and Repressors (RACECAR) · The Tor Project · GitLab
      * possible tickets: Issues · The Tor Project · GitLab
    * Sponsor 96
      * Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibet · The Tor Project · GitLab

== Announcements ==

  * Tor Browser 11.5.5/11.5.6 restore a working meek bridge and enable uTLS for Snowflake.

== Discussion ==

  * Blocking by TLS fingerprint in Iran
    * There is plenty of evidence now that there is blocking based on TLS fingerprint in Iran
    * It likely affects snowflake-client's connections to the broker and may be responsible for the sudden loss of traffic on 2022-10-04
      * Sudden reduction in snowflake-01 bridge bandwidth, 2022-10-04 17:15 (#40207) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
    * Likely to affect mainly Orbot, and not Tor Browser for desktop or Tor Browser for Android
    * Orbot has updated using uTLS and is now circumventing the block

  * Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4 src shell
    * Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4 (#40036) · Issues · The Tor Project / Anti-censorship / censorship-analysis · GitLab
    * Iran's regime seems to have fully blocked WireGuard · Issue #140 · net4people/bbs · GitHub
    * shell is investigating it

  * builtin bridges and their usage
    * future of builtin bridges (#102) · Issues · The Tor Project / Anti-censorship / Team · GitLab
    * builtin bridges tend to work better than distributed ones
    * we want for now to keep using builtin bridges for the situations where they are useful
    * we need to improve the situation to where we feel comfortable to recomend settings bridges on those cases
      * investigating what is the churn rate of bridges
      * subscription model
      * quality of settings bridges

  * we are hitting the size limit for args in bridgelines
    * Snowflake bridge parameters are too long (535 bytes) in 11.5.5 (#40665) · Issues · The Tor Project / Applications / tor-browser-build · GitLab
    * PT spec 2.0 was meant to solve this
      * GitHub - Pluggable-Transports/Pluggable-Transports-spec: This is a repository to track issues and suggestions to the Pluggable Transports spec
      * Add support for Pluggable Transports 2.0 (#21816) · Issues · The Tor Project / Core / Tor · GitLab
      * Pluggable Transports: Improve method of transferring parameters to client-side transports (#10671) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / pluggable transports · GitLab
    * do we want to propose any changes to arti to have a future with longer args?
      * does arti want to keep the PT IPC model (i.e., will the future even use SOCKS the way it is used now)?
        * arti is implementing the SOCKS model for now
    * the bulk of snowflake bridge lines is the ice=stun:... list. each entry of the list has a "stun:" scheme and a port number. we could abbreviate the list by making the scheme and port number implicit if not specified.
    * meskio will create an issue to discuss proposals into the pt-spec to solve the issue

  * snowflake-02 bridge is now usable through the whole pipeline: just use `fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA` in the bridge line. Do we want to encourage people to test this configuration?
    * Deploy Secondary Bridge's definition on Snowflake Broker (#40212) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
    * it's okay to start testing it
    * we'll add this bridge into TB alpha
    * we have some concerns on the load on unrestricted proxies and the broker by tor connecting to both bridges at once if we configure both

== Actions ==

== Interesting links ==

== Reading group ==

  * We will discuss "" on
    *
    * Questions to ask and goals to have:
      * What aspects of the paper are questionable?
      * Are there immediate actions we can take based on this work?
      * Are there long-term actions we can take based on this work?
      * Is there future work that we want to call out in hopes that others will pick it up?

== Updates ==

Name:
    This week:
        - What you worked on this week.
    Next week:
        - What you are planning to work on next week.
    Help with:
       - Something you need help with.

cecylia (cohosh): last updated 2022-10-27
  Last week:
    - wrote a guide for integrating PTs into tor browser
      - Tor Browser Integration Guide for New Pluggable Transports · Wiki · The Tor Project / Anti-censorship / Team · GitLab
    - talked with brave about snowflake web extension
    - more work on conjure client
      - reached out about station reliability issues
    - responded to questions about prometheus metrics for the standalone proxy
  This week:
    - wrap up snowflake translation work (blocked)
    - followups to proxy fixes (blocked)
    - continue Conjure work
    - wrap up manifest v3 candidate
  Needs help with:

dcf: 2022-10-27
  Last week:
    - explained two different Client Hellos in the connections of certain uTLS fingerprints Cherry-pick meek uTLS support (!1) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / obfs4 · GitLab
    - debugged a problem with snowflake-client failure with certain uTLS fingerprints and opened an issue utls RoundTripper does not work when it is supposed to use HTTP/1 (#40224) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
    - opined on merging the current draft of STATUS TYPE=version in the PT spec Add STATUS VERSION message for PT protcol (!63) · Merge requests · The Tor Project / Core / Tor Specifications · GitLab
    - diagnosed the problem with snowflake bridge line length in Tor Browser 11.5.5 and helped with the emergency fix in 11.5.6 Snowflake bridge parameters are too long (535 bytes) in 11.5.5 (#40665) · Issues · The Tor Project / Applications / tor-browser-build · GitLab Bug 40665: Shorten snowflake bridge line. (!558) · Merge requests · The Tor Project / Applications / tor-browser-build · GitLab
    - with Linus, distributed snowflake-01's outbound traffic over multiple IP addresses, in an attempt to mitigate DDoS false detections Spread snowflake-01 bridges' tor traffic over several IP addresses (#40223) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
    - tested using the snowflake-02 bridge Deploy Secondary Bridge's definition on Snowflake Broker (#40212) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
  Next week:
    - disable non-WireGuard SSH access to snowflake-02 Set up a second snowflake bridge site (#40122) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
    - migrate goptlib to gitlab migrate away from git.torproject.org (#86) · Issues · The Tor Project / Anti-censorship / Team · GitLab
    - try Conjure PT development version [tor-dev] Introducing a Conjure PT for Tor
    - break up snowflake-server performance improvements into separate merge requests Draft: Server performance improvements (!100) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
    - document recent performance optimizations in Snowflake bridge installation guide
  Help with:

meskio: 2022-10-27
   Last week:
       - deprecate dymcru builtin bridges (team#98)
       - checkout our experiment using obfs4 bridges in china and hong kong (team#99)
       - help outreachy applicants and review their merge requests
       - investigate why gettor had stopped replying emails (rdsys#129)
       - telegram gettor stopped working after the release (onionsproutsbot#45)
       - write sponsor 96 report
       - research why uTLS HelloFirefox_auto doesn't work agains azure (obfs4#40008)
   Next week:
       - gettor bugs (rdsys#133 rdsys#129)

Shelikhoo: 2022-10-27
   Last Week:
    - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64)
    - [Discussion & Deployment] Rollout of Distributed Snowflake Support
    - [Coding & Deployment] Proposal: Centralized Probe Result Collector (anti-censorship/team#54)
    - [Research] HTTPT Planning Add HTTPT as a pluggable transport to Tor Browser (#1) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / HTTPT · GitLab
    - [Research] Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4: Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4 (#40036) · Issues · The Tor Project / Anti-censorship / censorship-analysis · GitLab
    
    - Generate Charts for presention: Prepare for s28 PI and ECP presentations: Oct 31 and Nov 1-2 2022 (#92) · Issues · The Tor Project / Anti-censorship / Team · GitLab (Continue)
    - Rollout distributed snowflake (include definition of secondary bridge on broker) Snowflake Broker Deployment 22-10-25 (#40225) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
   Next Week:
    - [Research] WebTunnel Planning (Continue)
    - [Research] Fix vantage point summary upload in China
    - Release New version of Snowflake WebExt
     - [Research] Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4: Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4 (#40036) · Issues · The Tor Project / Anti-censorship / censorship-analysis · GitLab (Continue)

Itchy Onion: 2022-10-27
    Last week:
        - Made some breakthrough. RACE Snowflake started to fail in 2.2.0 because the test load is increased by 5-fold and there is a 30 seconds timeout. So it takes snowflake too long to finish. So far I've observed high variance of flight time from snowflake proxy to server and the worst case it takes ~45 seconds to send.
        - Confirmed the issue was because of snowflake proxies running out in RACE
    This week:
        - Increase the number of snowflake proxies spawned in RACE and ran it against the CI test. I was able to pass every time (6 times in total). But since Tuesday I've been having trouble starting a new deployment with Rib. I've been in talk with TwoSix but so far nothing has helped.
        - Built and pushed snowflake plugin binary with the fix to 2.3.2:prod

--
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.