[tor-relays] Tor Relay Operator Meetup (Saturday, March 5th @ 2000 UTC)

Hello everyone,

This Saturday, March 5th @ 2000 UTC, we have a Tor Relay Operator
Meetup!

We'll share some updates about Tor Network Health, Tor Bridges and the
ongoing situation in Russia/Ukraine (Snowflake surge, bridges blocked,
BBC and DW onionsites). Everyone is free to bring up additional questions
or topics at the meeting itself.

Date & Time: March 5, 2022 - 2000 UTC
Where: BigBlueButton room - Tor Relay Operator Meetup

No need for a registration or anything else, just use the room-link
above.

Please share with your friends, social media and other mailing lists!

cheers,
Gus

···

--
The Tor Project
Community Team Lead

3 Likes

Hi,

will there be a recording? Unfortunately I won't be able to attend.

Best,

flux

···

On 3/4/22 18:16, gus wrote:

Hello everyone,

This Saturday, March 5th @ 2000 UTC, we have a Tor Relay Operator
Meetup!

We'll share some updates about Tor Network Health, Tor Bridges and the
ongoing situation in Russia/Ukraine (Snowflake surge, bridges blocked,
BBC and DW onionsites). Everyone is free to bring up additional questions
or topics at the meeting itself.

Date & Time: March 5, 2022 - 2000 UTC
Where: BigBlueButton room - Tor Relay Operator Meetup

No need for a registration or anything else, just use the room-link
above.

Please share with your friends, social media and other mailing lists!

cheers,
Gus

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Hi,

will there be a recording? Unfortunately I won't be able to attend.

Unfortunately not flux.

We will catch you next time.

Pad notes will be posted after the meeting.

g

···

On 3/5/22 13:40, flux via tor-relays wrote:

Best,

flux

On 3/4/22 18:16, gus wrote:

Hello everyone,

This Saturday, March 5th @ 2000 UTC, we have a Tor Relay Operator
Meetup!

We'll share some updates about Tor Network Health, Tor Bridges and the
ongoing situation in Russia/Ukraine (Snowflake surge, bridges blocked,
BBC and DW onionsites). Everyone is free to bring up additional questions
or topics at the meeting itself.

Date & Time: March 5, 2022 - 2000 UTC
Where: BigBlueButton room - Tor Relay Operator Meetup

No need for a registration or anything else, just use the room-link
above.

Please share with your friends, social media and other mailing lists!

cheers,
Gus

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

1 Like

George:

Hi,

will there be a recording? Unfortunately I won't be able to attend.

Unfortunately not flux.

We will catch you next time.

Pad notes will be posted after the meeting.

Here they come.

On March 5, a group of 40-50 operators joined the Tor Relay Operator meetup.

Thank you all for joining the event!

Our next online meetup will happen on *April 2nd, 2100 UTC* according to the pad. However, I think we made a mistake here with daylight savings time given that we wanted to have the meeting at the same time for the folks not having shifted back then in March 5. I'll check back with Gus for that.

Georg

## Meetup notes March 5

* Should we record this session? Some people don't have audio / can't make it:

Conclusion is no, do not record. We want people to be free to say things and not worry that they will show up in a youtube video later.

* Tor EOL removal (0.3.5):

The old Tor long-term-support (0.3.5.x) is no longer maintained by the network team, since Feb 1 2022. We collected all the relay descriptors that had a usable contactinfo, and contacted them. We also did it for bridge operators (another reason it's important to have usable contact info). If you are a new relay operator, check if you're running one of these old versions!

* Torservers update:

RIP frënn vun der ënn (https://enn.lu) (https://twitter.com/FrennVunDerEnn/status/1496129197064007692) Mainly they decided it was too much work, and they didn't have capacity to do it with high quality, so they decided to close.

If you have a lot of capacity, and can run a bunch of bridges, please get in touch with Gus and Tor! We'd been using enn.lu's bridges to give private bridges to people in China.

* Censorship situation in Russia:

Since Dec 2021, the censorship department in Russia started to block parts of the Tor network. It's not uniform -- in some places Tor works fine, in some places the website is reachable, in others it doesn't. Not just the public relays, but also they were blocking the default obfs4 bridges and some other obfs4 Tor bridges.

We have three different distribution methods of Tor bridges.

  - Moat: install Tor Browser on your desktop/phone, click "get some bridges" inside Tor Browser, and bridgedb automatically populates your bridge configuration. 60000 requests per day from users to get a bridge by Moat. Up from 10k/day earlier.

  - Request by email: mail us at bridges @ torproject.org and we'll answer some.

  - Go to our website, bridges.torproject.org, and solve a captcha and get one.

All three of these mechanisms are under attack in Russia. That is, all three of them are problematic. But, there is a lag between when a new bridge appears and when Russia starts blocking it. That lag is often a week or more these days.

We have a Telegram bot, which returns some bridges. The anti-censorship team is testing these bridges from a vantage point in Russia, and if they're blocked we rotate the bridge to a new address. We have 25k people connected over the Telegram bot bridges.

The Snowflake pluggable transport (see: Snowflake surge below) also got blocked in December, using a DPI rule. We changed the Snowflake code, and the DPI rule no longer works to block it. At the moment Snowflake is working in Russia. Note that the metrics of Snowflake users are currently inaccurate, because we've been working on scaling the Snowflake bridge, and we haven't kept up with keeping the metrics accurate. (Gitlab ticket: Graphs for multiple relays that have the same fingerprint (#40022) · Issues · The Tor Project / Network Health / Metrics / Onionoo · GitLab)

Is rt.com and sputnik blocked from Europe? Does that mean it's blocked from many Tor exits? Or was that just a proposed law or threat? (L_2022065EN.01000101.xml)

  - Mostly seems to be blocked by their DDoS mitigation

  - in France it's blocked by DNS if you use your ISP's, otherwise it's fine (well, DDoS mitigation)

  - Not blocked with Deutsche Telekom AG on Germany, but I'm not using their recursive DNS. Checked their DNS get correct answer for rt.com but forged NXDOMAIN for www.rt.com.

  - How come rt.com doesn't have an onion address by now? :slight_smile:

Tool from a person in the meeting, for running many bridges in a scalable way: GitHub - gergelykalman/torspray: A console utility to bring up new Tor nodes easily

I should also mention this tool: https://tor-relay.co/ and irl's automated dynamic bridge project, and FreedomBox project

We should put together a single unified page which points to all of the Tor community's contributions here, so we have them more organized.

* Snowflake surge

Some folks want to help run a bridge but it's complicated, or they worry that it will draw attention to them. Many of these people are happily running Snowflake proxies.

Snowflake, is a web-browser (FireFox, Chrome) Tor-Bridge Extension, Snowflake uses WebRTC to act as a Bridge/Guard relay, and it runs when your browser is online/open, as a browser extension, similar to an AdBlocker extension. Also, SnowFlake is currently working in Russia. Setting up a SnowFlake bridge is legally safe (being a bridge,non-exit) as long as default Tor is legal in your country, and can be installed and running in 1 minute, just install the browser extension. (https://snowflake.torproject.org/)

Snowflake metrics: Sources – Tor Metrics

A week ago we used to have 17000 people running Snowflake proxies. Today we have 25000 people running Snowflake proxies.

German NGO Digitalcourage e.V. published two short primers on Tor and Snowflake in English, German, Russian an Ukrainian this week:
   - How to get Tor Browser and use a bridge: Internetzensur umgehen (deutsch, English, на русском, на українській) | Digitalcourage
   - How to install Snowflake as a browser addon: So können Sie Menschen helfen, Internetzensur zu umgehen (deutsch, English, на русском, на українській) | Digitalcourage

There are two ways to offer a Snowflake proxy:

   - Run the browser extension. Easy and simple.

   - Install a standalone headless Snowflake: Tor Project | Standalone Snowflake proxy -- more complex, needs commandline knowledge, doesn't currently have good packaging or a good way to get updates, but scales better.

You should run whichever one you find more fun. :slight_smile:

Snowflake browser extension uses a lot of CPU and memory?
We need to an experiment where we just have one tab open, nothing else going on, and see how heavyweight the Snowflake extension is. Gman will open a gitlab ticket for somebody to investigate.

net/snowflake-proxy is now in OpenBSD ports/packages

Meskio did a talk this week on Snowflake status: Angrynerds 099 - Sneeuwvlokje - YouTube

Check out this old ticket on "gamifying" snowflake: Better gamify the UX for snowflake extension (#4) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake WebExtension · GitLab If you are a UX person, please jump in and help!

Is there a deb of Snowflake, so people can run headless snowflakes? Here is the ticket for making the deb package, and it is apparently now in sid: Make a deb of snowflake (proxy and client) and get into Debian (#19409) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab

* IP reputation

A hoster of a Nos Oignons servers had all their range marked as "anonymous/hosting" by (amongst other) MaxMind, meaning that they're blocked in a lot of places. Solutions/ideas on how to improve the situation? Nos Oignons running an AS is out of scope for now unfortunately. Nos Oignons tried to run IPV6-only exist, but it didn't work very well™.

Could exit some traffic over IPv6, which will be less likely to be blocked, but that depends on the destination websites having IPv6 too.

It's possible that we broke the ipv4-vs-ipv6 setup in core-Tor, please open an issue on the bugtracker.

* Q&A session

Exit relay operator running an old bsd and their own resolver, but the dns timeouts are really short, and getting many dns timeouts, how to fix?

  - My advice would be to simply install Ubuntu 20.04 LTS and run Tor according to TorProject instructions, and use default ISP DNS or a Freedom-respecting DNS like https://dns.watch/. (sort of not addressing the question)

  - If using FreeBSD pkg and security/tor is old you might be using quarterly updates and not latest; edit /etc/pkg/FreeBSD.conf
change this line from quarterly=>latest:

    url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest"

  - for resolver issue on FreeBSD try using unbound instead of usual local resolver. Fingerprint of relay would be useful to start.

  - if the latest version of Tor is not available in the FreeBSD pkg repositories as a binary, it might be available as a port.

With Russia blocking most western media outlets and Facebook etc. I was expecting an uptick in traffic but I saw nothing... Is Tor not well enough known maybe?

Sanctions against Russia, EU council regulation 2022/350 (L_2022065EN.01000101.xml)

  - Article 2f: It shall be prohibited for operators to broadcast or to enable, facilitate or otherwise contribute to broadcast ... certain media

  - Article 12: It shall be prohibited to participate, knowingly and intentionally, in activities the object or effect of which is to circumvent prohibitions

Is there a better way to share Tor Bridges? Currently (if am not mistaken) you could request multiple times Tor Bridges, which makes it easy for ISPs (etc.) to blacklist them. Perhaps at least the obvious things (IP + Session Cookies) or some 'Account Creation' and verification, anonymously stored only to monitor the requests per account.

  - Would you share a magnet link for Tor Browser torrents?

  - We Could publish PGP-signed messages with Tor Browser and Tor Bridges, torrents, on popular torrent sites, with TorProject signed PGP messages to validate the TorBrowser and Bridges are authorized by TorProject.

···

On 3/5/22 13:40, flux via tor-relays wrote:

g

Best,

flux

On 3/4/22 18:16, gus wrote:

Hello everyone,

This Saturday, March 5th @ 2000 UTC, we have a Tor Relay Operator
Meetup!

We'll share some updates about Tor Network Health, Tor Bridges and the
ongoing situation in Russia/Ukraine (Snowflake surge, bridges blocked,
BBC and DW onionsites). Everyone is free to bring up additional questions
or topics at the meeting itself.

Date & Time: March 5, 2022 - 2000 UTC
Where: BigBlueButton room - Tor Relay Operator Meetup

No need for a registration or anything else, just use the room-link
above.

Please share with your friends, social media and other mailing lists!

cheers,
Gus

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

1 Like

Hi,

Georg Koppen:

## Meetup notes March 5

Thank you for sending the meetup notes Georg.

With Russia blocking most western media outlets and Facebook etc. I was expecting an uptick in traffic but I saw nothing... Is Tor not well enough known maybe?

Sanctions against Russia, EU council regulation 2022/350 (L_2022065EN.01000101.xml)

- Article 2f: It shall be prohibited for operators to broadcast or to enable, facilitate or otherwise contribute to broadcast ... certain media

- Article 12: It shall be prohibited to participate, knowingly and intentionally, in activities the object or effect of which is to circumvent prohibitions

How such a blocking order could be potentially implemented?

Are VPNs also block these websites to EU citizens?

-Vasilis

···

--
PGP Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162
PGP Public Key: https://keys.openpgp.org/vks/v1/by-fingerprint/8FD5CF5F39FC03EBB38274705FBF70B1D1260162
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

Just wanting to put this out there, I was wondering whether during the current situation in Russia is it best to run a Bridge or a Relay?

I want to make sure that Tor can be easily accessed anywhere in the world, as such they are both good choices.

My bandwidth is 1Gbps and I have the hardware necessary for either.

···

On Mon, 14 Mar 2022 at 16:37, Vasilis <andz@torproject.org> wrote:

Hi,

Georg Koppen:

Meetup notes March 5

Thank you for sending the meetup notes Georg.

With Russia blocking most western media outlets and Facebook etc. I was
expecting an uptick in traffic but I saw nothing… Is Tor not well enough known
maybe?

Sanctions against Russia, EU council regulation 2022/350
(https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32022R0350)

  • Article 2f: It shall be prohibited for operators to broadcast or to enable,
    facilitate or otherwise contribute to broadcast … certain media

  • Article 12: It shall be prohibited to participate, knowingly and
    intentionally, in activities the object or effect of which is to circumvent
    prohibitions

How such a blocking order could be potentially implemented?

Are VPNs also block these websites to EU citizens?

-Vasilis

PGP Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162
PGP Public Key:
https://keys.openpgp.org/vks/v1/by-fingerprint/8FD5CF5F39FC03EBB38274705FBF70B1D1260162


tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

So, after a week the affected bridges can be stopped ?

···

On 3/14/22 09:19, Georg Koppen wrote:

But, there is a lag between when a new bridge appears and when Russia starts blocking it. That lag is often a week or more these days.

--
Toralf

> Pad notes will be posted after the meeting.

Here they come.

Thanx a lot!

* Censorship situation in Russia:

Since Dec 2021, the censorship department in Russia started to block
parts of the Tor network. It's not uniform -- in some places Tor works
fine, in some places the website is reachable, in others it doesn't.

My ISP mirrors the Tor website and Tor Browser can be downloaded from there:

We have a Telegram bot, which returns some bridges. The anti-censorship
team is testing these bridges from a vantage point in Russia, and if
they're blocked we rotate the bridge to a new address. We have 25k
people connected over the Telegram bot bridges.

Maybe the link can be spread in the bot with the bridges.

···

On Monday, March 14, 2022 9:19:41 AM CET Georg Koppen wrote:

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

I almost put the netcologne mirror into a blog post I co-wrote
<Internetzensur umgehen (deutsch, English, на русском, на українській) | Digitalcourage> – but then I noticed
that the download links do not work. For example,
https://mirror.netcologne.de/dist/torbrowser/11.0.7/tor-browser-linux64-11.0.7_en-US.tar.xz
→ Error 404

Cheers,
Christian

···

On Mon, Mar 14, 2022 at 08:37:42PM +0100, lists@for-privacy.net wrote:

My ISP mirrors the Tor website and Tor Browser can be downloaded from there:
Tor Project | Anonymity Online
Tor Project | Anonymity Online

> We have a Telegram bot, which returns some bridges. The anti-censorship
> team is testing these bridges from a vantage point in Russia, and if
> they're blocked we rotate the bridge to a new address. We have 25k
> people connected over the Telegram bot bridges.
Maybe the link can be spread in the bot with the bridges.

Shame on me, I didn't test the downloads. Only the Android binaries can be
downloaded. I will write to the admins and ask them to offer the files for
download.

···

On Monday, March 14, 2022 8:46:23 PM CET Christian Pietsch wrote:

I almost put the netcologne mirror into a blog post I co-wrote
<Internetzensur umgehen (deutsch, English, на русском, на українській) | Digitalcourage> – but then I noticed
that the download links do not work. For example,
https://mirror.netcologne.de/dist/torbrowser/11.0.7/tor-browser-linux64-11.0
.7_en-US.tar.xz → Error 404

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

Maybe someone has hints for NetCologne mirror admin here:
https://lists.torproject.org/pipermail/tor-mirrors/2022-March/001246.html

···

On Tuesday, March 15, 2022 12:02:45 AM CET lists@for-privacy.net wrote:

Shame on me, I didn't test the downloads. Only the Android binaries can be
downloaded. I will write to the admins and ask them to offer the files for
download.

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

1 Like

The nice admin from NetCologne fixed the links. There is now the subdomain:

Download archive is also available directly:
https://torproject.netcologne.de/dist/

···

On Monday, March 14, 2022 8:46:23 PM CEST Christian Pietsch wrote:

I almost put the netcologne mirror into a blog post I co-wrote
<Internetzensur umgehen (DE, EN, RU, UK) | Digitalcourage> – but then I noticed
that the download links do not work.

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

1 Like

Thanks, Marco and Frank!

We have added this mirror to our multilingual instructions now.
At least in Germany, downloads are much faster from NetCologne.

Cheers,
Christian

···

On Sat, Apr 02, 2022 at 06:17:19PM +0200, lists@for-privacy.net wrote:

On Monday, March 14, 2022 8:46:23 PM CEST Christian Pietsch wrote:
> I almost put the netcologne mirror into a blog post I co-wrote
> <Internetzensur umgehen (DE, EN, RU, UK) | Digitalcourage> – but then I noticed
> that the download links do not work.

The nice admin from NetCologne fixed the links. There is now the subdomain:
https://torproject.netcologne.de/

Download archive is also available directly:
Index of /dist/