Hey everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-10-27-15.59.html
And our meeting pad:
Anti-censorship work meeting pad
···
--------------------------------
Next meeting: Thursday Nov 3 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap:
* Roadmap: Development · Boards · Anti-censorship · GitLab
* The anti-censorship team's wiki page:
* Home · Wiki · The Tor Project / Anti-censorship / Team · GitLab
* Past meeting notes can be found at:
* The tor-project Archives
* Tickets that need reviews: from sponsors we are working on:
* All needs review tickets:
* Merge requests · Anti-censorship · GitLab
* Sponsor 28
* must-do tickets: Sponsor 28: Reliable Anonymous Communication Evading Censors and Repressors (RACECAR) · The Tor Project · GitLab
* possible tickets: Issues · The Tor Project · GitLab
* Sponsor 96
* Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibet · The Tor Project · GitLab
== Announcements ==
* Tor Browser 11.5.5/11.5.6 restore a working meek bridge and enable uTLS for Snowflake.
== Discussion ==
* Blocking by TLS fingerprint in Iran
* There is plenty of evidence now that there is blocking based on TLS fingerprint in Iran
* It likely affects snowflake-client's connections to the broker and may be responsible for the sudden loss of traffic on 2022-10-04
* Sudden reduction in snowflake-01 bridge bandwidth, 2022-10-04 17:15 (#40207) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
* Likely to affect mainly Orbot, and not Tor Browser for desktop or Tor Browser for Android
* Orbot has updated using uTLS and is now circumventing the block
* Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4 src shell
* Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4 (#40036) · Issues · The Tor Project / Anti-censorship / censorship-analysis · GitLab
* Iran's regime seems to have fully blocked WireGuard · Issue #140 · net4people/bbs · GitHub
* shell is investigating it
* builtin bridges and their usage
* future of builtin bridges (#102) · Issues · The Tor Project / Anti-censorship / Team · GitLab
* builtin bridges tend to work better than distributed ones
* we want for now to keep using builtin bridges for the situations where they are useful
* we need to improve the situation to where we feel comfortable to recomend settings bridges on those cases
* investigating what is the churn rate of bridges
* subscription model
* quality of settings bridges
* we are hitting the size limit for args in bridgelines
* Snowflake bridge parameters are too long (535 bytes) in 11.5.5 (#40665) · Issues · The Tor Project / Applications / tor-browser-build · GitLab
* PT spec 2.0 was meant to solve this
* GitHub - Pluggable-Transports/Pluggable-Transports-spec: This is a repository to track issues and suggestions to the Pluggable Transports spec
* Add support for Pluggable Transports 2.0 (#21816) · Issues · The Tor Project / Core / Tor · GitLab
* Pluggable Transports: Improve method of transferring parameters to client-side transports (#10671) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / pluggable transports · GitLab
* do we want to propose any changes to arti to have a future with longer args?
* does arti want to keep the PT IPC model (i.e., will the future even use SOCKS the way it is used now)?
* arti is implementing the SOCKS model for now
* the bulk of snowflake bridge lines is the ice=stun:... list. each entry of the list has a "stun:" scheme and a port number. we could abbreviate the list by making the scheme and port number implicit if not specified.
* meskio will create an issue to discuss proposals into the pt-spec to solve the issue
* snowflake-02 bridge is now usable through the whole pipeline: just use `fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA` in the bridge line. Do we want to encourage people to test this configuration?
* Deploy Secondary Bridge's definition on Snowflake Broker (#40212) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
* it's okay to start testing it
* we'll add this bridge into TB alpha
* we have some concerns on the load on unrestricted proxies and the broker by tor connecting to both bridges at once if we configure both
== Actions ==
== Interesting links ==
== Reading group ==
* We will discuss "" on
*
* Questions to ask and goals to have:
* What aspects of the paper are questionable?
* Are there immediate actions we can take based on this work?
* Are there long-term actions we can take based on this work?
* Is there future work that we want to call out in hopes that others will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): last updated 2022-10-27
Last week:
- wrote a guide for integrating PTs into tor browser
- Tor Browser Integration Guide for New Pluggable Transports · Wiki · The Tor Project / Anti-censorship / Team · GitLab
- talked with brave about snowflake web extension
- more work on conjure client
- reached out about station reliability issues
- responded to questions about prometheus metrics for the standalone proxy
This week:
- wrap up snowflake translation work (blocked)
- followups to proxy fixes (blocked)
- continue Conjure work
- wrap up manifest v3 candidate
Needs help with:
dcf: 2022-10-27
Last week:
- explained two different Client Hellos in the connections of certain uTLS fingerprints Cherry-pick meek uTLS support (!1) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / obfs4 · GitLab
- debugged a problem with snowflake-client failure with certain uTLS fingerprints and opened an issue utls RoundTripper does not work when it is supposed to use HTTP/1 (#40224) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
- opined on merging the current draft of STATUS TYPE=version in the PT spec Add STATUS VERSION message for PT protcol (!63) · Merge requests · The Tor Project / Core / Tor Specifications · GitLab
- diagnosed the problem with snowflake bridge line length in Tor Browser 11.5.5 and helped with the emergency fix in 11.5.6 Snowflake bridge parameters are too long (535 bytes) in 11.5.5 (#40665) · Issues · The Tor Project / Applications / tor-browser-build · GitLab Bug 40665: Shorten snowflake bridge line. (!558) · Merge requests · The Tor Project / Applications / tor-browser-build · GitLab
- with Linus, distributed snowflake-01's outbound traffic over multiple IP addresses, in an attempt to mitigate DDoS false detections Spread snowflake-01 bridges' tor traffic over several IP addresses (#40223) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
- tested using the snowflake-02 bridge Deploy Secondary Bridge's definition on Snowflake Broker (#40212) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
Next week:
- disable non-WireGuard SSH access to snowflake-02 Set up a second snowflake bridge site (#40122) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
- migrate goptlib to gitlab migrate away from git.torproject.org (#86) · Issues · The Tor Project / Anti-censorship / Team · GitLab
- try Conjure PT development version [tor-dev] Introducing a Conjure PT for Tor
- break up snowflake-server performance improvements into separate merge requests Draft: Server performance improvements (!100) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
- document recent performance optimizations in Snowflake bridge installation guide
Help with:
meskio: 2022-10-27
Last week:
- deprecate dymcru builtin bridges (team#98)
- checkout our experiment using obfs4 bridges in china and hong kong (team#99)
- help outreachy applicants and review their merge requests
- investigate why gettor had stopped replying emails (rdsys#129)
- telegram gettor stopped working after the release (onionsproutsbot#45)
- write sponsor 96 report
- research why uTLS HelloFirefox_auto doesn't work agains azure (obfs4#40008)
Next week:
- gettor bugs (rdsys#133 rdsys#129)
Shelikhoo: 2022-10-27
Last Week:
- [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64)
- [Discussion & Deployment] Rollout of Distributed Snowflake Support
- [Coding & Deployment] Proposal: Centralized Probe Result Collector (anti-censorship/team#54)
- [Research] HTTPT Planning Add HTTPT as a pluggable transport to Tor Browser (#1) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / HTTPT · GitLab
- [Research] Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4: Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4 (#40036) · Issues · The Tor Project / Anti-censorship / censorship-analysis · GitLab
- Generate Charts for presention: Prepare for s28 PI and ECP presentations: Oct 31 and Nov 1-2 2022 (#92) · Issues · The Tor Project / Anti-censorship / Team · GitLab (Continue)
- Rollout distributed snowflake (include definition of secondary bridge on broker) Snowflake Broker Deployment 22-10-25 (#40225) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
Next Week:
- [Research] WebTunnel Planning (Continue)
- [Research] Fix vantage point summary upload in China
- Release New version of Snowflake WebExt
- [Research] Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4: Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4 (#40036) · Issues · The Tor Project / Anti-censorship / censorship-analysis · GitLab (Continue)
Itchy Onion: 2022-10-27
Last week:
- Made some breakthrough. RACE Snowflake started to fail in 2.2.0 because the test load is increased by 5-fold and there is a 30 seconds timeout. So it takes snowflake too long to finish. So far I've observed high variance of flight time from snowflake proxy to server and the worst case it takes ~45 seconds to send.
- Confirmed the issue was because of snowflake proxies running out in RACE
This week:
- Increase the number of snowflake proxies spawned in RACE and ran it against the CI test. I was able to pass every time (6 times in total). But since Tuesday I've been having trouble starting a new deployment with Rib. I've been in talk with TwoSix but so far nothing has helped.
- Built and pushed snowflake plugin binary with the fix to 2.3.2:prod
--
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.