[tor-project] Anti-censorship team meeting notes, 2023-03-16

--------------------------------
------------------------------------------------------------------------------------
THIS IS A PUBLIC PAD
------------------------------------------------------------------------------------

Anti-censorship
--------------------------------

Next meeting: Thursday, March 23 16:00 UTC

Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)

== Goal of this meeting ==

Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.

== Links to Useful documents ==

 \* Our anti\-censorship roadmap:
     \* Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
 \* The anti\-censorship team's wiki page:
     \* https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
 \* Past meeting notes can be found at:
     \* https://lists.torproject.org/pipermail/tor-project/
 \* Tickets that need reviews:  from sponsors, we are working on:
     \* All needs review tickets:
         \* https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None
     \* Sponsor 96
         \* https://gitlab.torproject.org/groups/tpo/-/milestones/24
     \* Sponsor 139 <\-\- hackerncoder, irl, joydeep, meskio, emmapeel working on it
         \* https://pad.riseup.net/p/sponsor139-meeting-pad

== Announcements ==
Sponsor 28 ended

== Discussion ==

 \* Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40251 <\- please read the updated comment before meeting, it is huge
 \* snowflake\-server buffer reuse bug postmortem
     \* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40260
     \* The harm to users was minor, but incidents like this are a good opportunity to reflect on our process, to make similar things less likely in the future\.
     \* The bug \(\#40199\) might have been caught, but was not, at multiple points:
         \* Code understanding and review by the initial committer
         \* Code review on the merge request
         \* Automated tests / CI
         \* End user reports or logs
         \* Logs or instrumentation at the bridge
     \* Which of these processes, if any, should we change, to decrease the chance of mistakes?
     \* The good news: undoing the faulty commit has actually greatly increased performance: it is likely the memory corruption was causing frequenct retransmission at the KCP layer and/or frequently terminating Tor streams due to failed integrity checks\. It is possible that the negative effects only started to show with a higher number of users\.
         \* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886925
     \* Brainstorming during the meeting:
         \* Initial merge request should have included a test to prove the assumption that buffers were not reused\. The reviewer might have requested that such a test be added\.
         \* Any such anomalies, if detected at the client, should be logged in such a way that they show up in the tor log\.
             \* dcf's private branch that logs KCP's internal error counters: https://gitlab.torproject.org/dcf/snowflake/-/commit/9f43843b59b9753686be836f2c55f209ba29c1e9 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886018
             \* The fix this week made the "KCPInErrors" counter go to zero: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886032
             \* We should log whenever KCPInErrors is non\-zero, at least\.
         \* We are missing integration testing as part of CI\. We have unit testing, but nothing where all the pieces are working together as in production\.
             \* shelikhoo's setup for distributed snowflake server testing https://github.com/xiaokangwang/snowflake-mu-docker/blob/master/docker-compose.yaml
         \* Should we have another more verbose level of log \(debug/trace\) so that it takes less effort to debug things in general? \(no need to modify code then rebuilt like hazae41 did it https://hackerone.com/reports/1880610)
 \* Docker Registry is removing obfs4, snowflake image: https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/89#note_2886686
     \* https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/121

== Actions ==

 \* move the ampcache snowflake fallback forward

== Interesting links ==

 \* https://network.lantern.io/
     \* https://addons.mozilla.org/en-US/firefox/addon/lantern-network/

== Reading group ==

 \* We will discuss "" on
     \* Questions to ask and goals to have:
         \* What aspects of the paper are questionable?
         \* Are there immediate actions we can take based on this work?
         \* Are there long\-term actions we can take based on this work?
         \* Is there future work that we want to call out in hopes that others will pick it up?

== Updates ==

Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.

cecylia (cohosh): last updated 2023-03-02
Last week:
- Lox tor browser integration work in progress
- Trial Lox integration (#116) · Issues · The Tor Project / Anti-censorship / Team · GitLab
- Finished getting the wasm client integrated as a Tor Browser module
This week:
- continue Lox tor browser integration
- find a better way to generate and call wasm client in tor-browser-build
- make team repos for Lox pieces
- expand client-side support for more Lox features
- continue work on conjure client-side recovery
Needs help with:

dcf: 2023-03-16
Last week:
- helped debug snowflake-server buffer reuse bug, deployed the fix, and wrote an advisory Weird KCP packets received by the client (#40260) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab Revert "Take ownership of buffer in QueuePacketConn QueueIncoming/WriteTo" (!140) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab Deploy snowflake-server for QueuePacketConn buffer reuse fix (#40260) (#40262) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab Security advisory: cross-user TLS traffic mixing in snowflake-server until 2023-03-13
- posted hints on updating OONI's list of STUN servers cli: release 3.18.0 · Issue #2417 · ooni/probe · GitHub
Next week:
- migrate goptlib to gitlab migrate away from git.torproject.org (#86) · Issues · The Tor Project / Anti-censorship / Team · GitLab (for real)
Help with:

meskio: 2023-03-16
Last week:
- rdsys fixes to use onbasca (rdsys#153)
Now onbasca ratio is being used by rdsys
- Test if bridges without ORPort reachable are included in the bridge descriptor (rdsys#154)
They don't!
- deploy rdsys with support to TB pt_config.json (rdsys#146)
- remove UAE from circumvention settings (team#106)
- add authentication to rdsys resource registration (rdsys#156)
- deal with the dockerhub closing of our account (team#112)
Next week:
- rdsys webtunnel support (rdsys#142)

Shelikhoo: 2023-03-16
Last Week:
- [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64)
- [Research] HTTPT Planning Add HTTPT as a pluggable transport to Tor Browser (#1) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / HTTPT · GitLab
- Upstreaming Remove HelloVerify countermeasure (Upstreaming Remove HelloVerify countermeasure (#40249) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab)
- Fix return nil error on unrecognized request http upgrade failure (Fix return nil error on unrecognized request http upgrade failure (!5) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / WebTunnel · GitLab)
- consider propagating 2FA everywhere, maybe, at the April Tor Meeting (consider propagating 2FA everywhere, maybe at the April Tor Meeting (#41083) · Issues · The Tor Project / TPA / TPA team · GitLab)
- Resynchronization with Upsteamed Remove HelloVerify countermeasure (Resynchronization with Upsteamed Remove HelloVerify countermeasure (#40258) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab)
- Comment on OnionShare Rebrand
- Comment on S96 User Research Risk Assessment
- Comment on Analysis of speed deficiency of Snowflake in China, 2023 Q1(Analysis of speed deficiency of Snowflake in China, 2023 Q1 (#40251) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab)
- Comment on enable Gitlab Container Registry( enable Gitlab Container Registry (#89) · Issues · The Tor Project / TPA / Gitlab · GitLab)
- Add utls-imitate, utls-nosni doc to README (Add utls-imitate, utls-nosni doc to README: fix style (!139) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab)
- Review Assign an accepted bandwidth ratio to TBLinks(Assign an accepted bandwidth ratio to TBLinks (!78) · Merge requests · The Tor Project / Anti-censorship / rdsys · GitLab)
- Review Proxy: add an option to bind to a specific address (Proxy: add an option to bind to a specific address (!136) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab)
Next Week:
- [Research] WebTunnel planning (Continue)
- Try to find a place to host another vantage point
- Resynchronization with Upsteamed Remove HelloVerify countermeasure (Resynchronization with Upsteamed Remove HelloVerify countermeasure (#40258) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab)
- consider propagating 2FA everywhere, maybe, at the April Tor Meeting (consider propagating 2FA everywhere, maybe at the April Tor Meeting (#41083) · Issues · The Tor Project / TPA / TPA team · GitLab)
- logcollector alter system
- webtunnel document for proxy opertaor

onyinyang: 2023-03-16
Last week:
- Working on distributor backend for Lox server (integration with rdsys)

           \- Continuing work on Lox server integration with rdsys
         \- Reconfigure Lox Bridgeline to fit with Tor's bridge info
         \- Figure out the proper multithreading in Rust to add bridges to Lox's bridgedb

 This week:
     \- Finish up Lox server integration with rdsys
         \- Add more helpful comments/error handling and graceful shutdown
             \- Improve client side handling of BridgeLines?
             \- Discuss next steps with cohosh

Itchy Onion: 2023-03-16
Last week:
- Closed issue #40252 (NAT probetest for standalone proxy)
- Working on #40231 (Client sometimes send offer with no ICE candidates).

 This week:
     \- MR and Closed \#40252 \(NAT probetest for standalone proxy\)
     \- Almost done with \#40231 \-\- just need to add some test cases
     \- Worked on \#40265 \(mac user reporting standalone proxy complaning about broker cert\)

hackerncoder: 2023-03-09
last week:
Next week:
- getting ooni-exporter to work with torsf (snowflake)
- ooni-exporter web_connectivity
- work on "bridgetester"?
- how does Iran block bridges

cece: 2022-12-22
This week:
- working on creating a dummy WhatsApp bot
Next week:
- My bot is not yet working as expected s? still trying to figure that out
Help with:
- resources