George:
Hi,
will there be a recording? Unfortunately I won't be able to attend.
Unfortunately not flux.
We will catch you next time.
Pad notes will be posted after the meeting.
Here they come.
On March 5, a group of 40-50 operators joined the Tor Relay Operator meetup.
Thank you all for joining the event!
Our next online meetup will happen on *April 2nd, 2100 UTC* according to the pad. However, I think we made a mistake here with daylight savings time given that we wanted to have the meeting at the same time for the folks not having shifted back then in March 5. I'll check back with Gus for that.
Georg
## Meetup notes March 5
* Should we record this session? Some people don't have audio / can't make it:
Conclusion is no, do not record. We want people to be free to say things and not worry that they will show up in a youtube video later.
* Tor EOL removal (0.3.5):
The old Tor long-term-support (0.3.5.x) is no longer maintained by the network team, since Feb 1 2022. We collected all the relay descriptors that had a usable contactinfo, and contacted them. We also did it for bridge operators (another reason it's important to have usable contact info). If you are a new relay operator, check if you're running one of these old versions!
* Torservers update:
RIP frënn vun der ënn (https://enn.lu) (https://twitter.com/FrennVunDerEnn/status/1496129197064007692) Mainly they decided it was too much work, and they didn't have capacity to do it with high quality, so they decided to close.
If you have a lot of capacity, and can run a bunch of bridges, please get in touch with Gus and Tor! We'd been using enn.lu's bridges to give private bridges to people in China.
* Censorship situation in Russia:
Since Dec 2021, the censorship department in Russia started to block parts of the Tor network. It's not uniform -- in some places Tor works fine, in some places the website is reachable, in others it doesn't. Not just the public relays, but also they were blocking the default obfs4 bridges and some other obfs4 Tor bridges.
We have three different distribution methods of Tor bridges.
- Moat: install Tor Browser on your desktop/phone, click "get some bridges" inside Tor Browser, and bridgedb automatically populates your bridge configuration. 60000 requests per day from users to get a bridge by Moat. Up from 10k/day earlier.
- Request by email: mail us at bridges @ torproject.org and we'll answer some.
- Go to our website, bridges.torproject.org, and solve a captcha and get one.
All three of these mechanisms are under attack in Russia. That is, all three of them are problematic. But, there is a lag between when a new bridge appears and when Russia starts blocking it. That lag is often a week or more these days.
We have a Telegram bot, which returns some bridges. The anti-censorship team is testing these bridges from a vantage point in Russia, and if they're blocked we rotate the bridge to a new address. We have 25k people connected over the Telegram bot bridges.
The Snowflake pluggable transport (see: Snowflake surge below) also got blocked in December, using a DPI rule. We changed the Snowflake code, and the DPI rule no longer works to block it. At the moment Snowflake is working in Russia. Note that the metrics of Snowflake users are currently inaccurate, because we've been working on scaling the Snowflake bridge, and we haven't kept up with keeping the metrics accurate. (Gitlab ticket: Graphs for multiple relays that have the same fingerprint (#40022) · Issues · The Tor Project / Network Health / Metrics / Onionoo · GitLab)
Is rt.com and sputnik blocked from Europe? Does that mean it's blocked from many Tor exits? Or was that just a proposed law or threat? (L_2022065EN.01000101.xml)
- Mostly seems to be blocked by their DDoS mitigation
- in France it's blocked by DNS if you use your ISP's, otherwise it's fine (well, DDoS mitigation)
- Not blocked with Deutsche Telekom AG on Germany, but I'm not using their recursive DNS. Checked their DNS get correct answer for rt.com but forged NXDOMAIN for www.rt.com.
- How come rt.com doesn't have an onion address by now? 
Tool from a person in the meeting, for running many bridges in a scalable way: https://github.com/gergelykalman/torspray
I should also mention this tool: https://tor-relay.co/ and irl's automated dynamic bridge project, and FreedomBox project
We should put together a single unified page which points to all of the Tor community's contributions here, so we have them more organized.
* Snowflake surge
Some folks want to help run a bridge but it's complicated, or they worry that it will draw attention to them. Many of these people are happily running Snowflake proxies.
Snowflake, is a web-browser (FireFox, Chrome) Tor-Bridge Extension, Snowflake uses WebRTC to act as a Bridge/Guard relay, and it runs when your browser is online/open, as a browser extension, similar to an AdBlocker extension. Also, SnowFlake is currently working in Russia. Setting up a SnowFlake bridge is legally safe (being a bridge,non-exit) as long as default Tor is legal in your country, and can be installed and running in 1 minute, just install the browser extension. (https://snowflake.torproject.org/)
Snowflake metrics: Sources – Tor Metrics
A week ago we used to have 17000 people running Snowflake proxies. Today we have 25000 people running Snowflake proxies.
German NGO Digitalcourage e.V. published two short primers on Tor and Snowflake in English, German, Russian an Ukrainian this week:
- How to get Tor Browser and use a bridge: Internetzensur umgehen (DE, EN, RU, UK) | Digitalcourage
- How to install Snowflake as a browser addon: https://digitalcourage.de/blog/2022/tor-for-peace
There are two ways to offer a Snowflake proxy:
- Run the browser extension. Easy and simple.
- Install a standalone headless Snowflake: Tor Project | Standalone Snowflake proxy -- more complex, needs commandline knowledge, doesn't currently have good packaging or a good way to get updates, but scales better.
You should run whichever one you find more fun.
Snowflake browser extension uses a lot of CPU and memory?
We need to an experiment where we just have one tab open, nothing else going on, and see how heavyweight the Snowflake extension is. Gman will open a gitlab ticket for somebody to investigate.
net/snowflake-proxy is now in OpenBSD ports/packages
Meskio did a talk this week on Snowflake status: https://www.youtube.com/watch?v=89swMfgh-1M
Check out this old ticket on "gamifying" snowflake: Better gamify the UX for snowflake extension (#4) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake WebExtension · GitLab If you are a UX person, please jump in and help!
Is there a deb of Snowflake, so people can run headless snowflakes? Here is the ticket for making the deb package, and it is apparently now in sid: Make a deb of snowflake (proxy and client) and get into Debian (#19409) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
* IP reputation
A hoster of a Nos Oignons servers had all their range marked as "anonymous/hosting" by (amongst other) MaxMind, meaning that they're blocked in a lot of places. Solutions/ideas on how to improve the situation? Nos Oignons running an AS is out of scope for now unfortunately. Nos Oignons tried to run IPV6-only exist, but it didn't work very well™.
Could exit some traffic over IPv6, which will be less likely to be blocked, but that depends on the destination websites having IPv6 too.
It's possible that we broke the ipv4-vs-ipv6 setup in core-Tor, please open an issue on the bugtracker.
* Q&A session
Exit relay operator running an old bsd and their own resolver, but the dns timeouts are really short, and getting many dns timeouts, how to fix?
- My advice would be to simply install Ubuntu 20.04 LTS and run Tor according to TorProject instructions, and use default ISP DNS or a Freedom-respecting DNS like https://dns.watch/. (sort of not addressing the question)
- If using FreeBSD pkg and security/tor is old you might be using quarterly updates and not latest; edit /etc/pkg/FreeBSD.conf
change this line from quarterly=>latest:
url: "pkg+http://pkg.FreeBSD.org/$\{ABI\}/latest"
- for resolver issue on FreeBSD try using unbound instead of usual local resolver. Fingerprint of relay would be useful to start.
- if the latest version of Tor is not available in the FreeBSD pkg repositories as a binary, it might be available as a port.
With Russia blocking most western media outlets and Facebook etc. I was expecting an uptick in traffic but I saw nothing... Is Tor not well enough known maybe?
Sanctions against Russia, EU council regulation 2022/350 (L_2022065EN.01000101.xml)
- Article 2f: It shall be prohibited for operators to broadcast or to enable, facilitate or otherwise contribute to broadcast ... certain media
- Article 12: It shall be prohibited to participate, knowingly and intentionally, in activities the object or effect of which is to circumvent prohibitions
Is there a better way to share Tor Bridges? Currently (if am not mistaken) you could request multiple times Tor Bridges, which makes it easy for ISPs (etc.) to blacklist them. Perhaps at least the obvious things (IP + Session Cookies) or some 'Account Creation' and verification, anonymously stored only to monitor the requests per account.
- Would you share a magnet link for Tor Browser torrents?
- We Could publish PGP-signed messages with Tor Browser and Tor Bridges, torrents, on popular torrent sites, with TorProject signed PGP messages to validate the TorBrowser and Bridges are authorized by TorProject.
···
On 3/5/22 13:40, flux via tor-relays wrote:
g
Best,
flux
On 3/4/22 18:16, gus wrote:
Hello everyone,
This Saturday, March 5th @ 2000 UTC, we have a Tor Relay Operator
Meetup!
We'll share some updates about Tor Network Health, Tor Bridges and the
ongoing situation in Russia/Ukraine (Snowflake surge, bridges blocked,
BBC and DW onionsites). Everyone is free to bring up additional questions
or topics at the meeting itself.
Date & Time: March 5, 2022 - 2000 UTC
Where: BigBlueButton room - Tor Relay Operator Meetup
No need for a registration or anything else, just use the room-link
above.
Please share with your friends, social media and other mailing lists!
cheers,
Gus
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page