tor-project October 2023

tor-project@lists.torproject.org

14 participants
19 discussions

Anti-censorship team meeting notes, 2023-10-12
by Shelikhoo 12 Oct '23

12 Oct '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-10-12-15.59.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, Oct 19 16:00 UTC Facilitator: onyinyang Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 <-- meskio, shell, onyinyang, cohosh * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 150 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * A poll to set a date for a 'Future of PTs' voice conversation * https://www.systemli.org/poll/#/poll/YRRF8K19Bq/evaluation?encryptionKey=e1… * Times in UTC == Discussion == * (Network Health) 'Running' flag for counting bridges and network size https://gitlab.torproject.org/tpo/network-health/team/-/issues/318 * metrics are going to start using bridgestrap instead of the running flag to know if bridge is working * we need bridgestrap to publish results every hour * https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/39 (Oct 12) * Armored Bridge line Spec https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126#note_29… * the spec is ready to review * we'll discuss it next week * snowflake broker restart(deployment) needed, and deletion of ip-count-mask key https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * shelikhoo will tag a snowflake version and deploy it == Actions == == Interesting links == * == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2023-10-12 Last week: - followed up on performing Snowflake tests in OONI without Tor - https://github.com/ooni/probe/issues/1686#issuecomment-1753563763 - started some larger-scale shadow experiments - various MR reviews This week: - deploy lox distributor (waiting on TPA) - follow up on conjure reliability issues - visualize and write up some snowflake shadow simulation results Needs help with: dcf: 2023-10-12 Last week: - continued to document changes in snowflake bridge usage after the fastly domain front issue - snowflake-02 mysteriously and suddenly returned to former bandwidth levels (not yet former user levels) on 2023-10-04. https://lists.torproject.org/pipermail/anti-censorship-team/2023-October/00… https://lists.torproject.org/pipermail/anti-censorship-team/attachments/202… - investigated and reported a pluggable transports user counting bug that exists since tor 0.4.8.4. https://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/4… https://gitlab.torproject.org/tpo/core/tor/-/issues/40871 - did client-side experiments to compare the availability of proxies for snowflake-01 and snowflake-02 https://lists.torproject.org/pipermail/anti-censorship-team/2023-October/00… - opened an issue to update documentation (bridge line args versus command line options) in snowflake client README https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - opened an issue to restart the broker after disabling proxy churn metrics https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - revise encapsulation.ReadData redesign to return an error in the case of a short buffer https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker Before EOY 2023: - move snowflake-02 to new VM Help with: meskio: 2023-10-12 Last week: - review sponsor 30 audit issues to be ready to publish - review webtunnel bridgeline args fixes (webtunnel!19) - mostly AFK Next week: - test the whatsapp bot (rdsys#147) Shelikhoo: 2023-10-12 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (continue) - Write Tor Spec for Armored URL(continue) https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126#note_29… - Refine argument error processing in WebTunnel server https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt… - Renovate is Using Unexpected Golang Version During Dependency Update https://gitlab.torproject.org/tpo/tpa/renovate-cron/-/issues/9 Next Week/TODO: - Write Tor Spec for Armored URL (continue) - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (continue): proceed to rebase - Merge request reviews onyinyang: 2023-10-12 Last week(s): - Made MRs to upstream zkp libs: - fixed bug(? hopefully this can be reviewed) in the zkp crate - made MRs to both dalek-cryptography and zkcrypto and will maintain lox-zkp This week: - Continue with metrics - Add functionality for a MAX_DAILY_BRIDGES (the number of bridges that can be distributed each day) - Start work on telegram distributor bot for Lox (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?

1 0

Online Tor's Hackweek from Nov 6th to Nov 10th 2023
by rhatto 11 Oct '23

11 Oct '23

Hi! The Tor Project and Tor community is going to be gathering online from November 6th to November 9th this year for a 4 days hackweek. ## About This is a call for projects for whoever wants to participate, put together a team and hack through one working week with us. In the context of this hackweek, a project is anything related to Tor documentation that you can work with other people in 4 days. It could be improving the documentation for a project, a tutorial or could also be a cartoon, a screencast or anything that do not necessary requires coding skills. You will work on this project during 4 days with other people in your team. This is an opportunity to discuss how documentation is working or not in your projects, as well as thinking, proposing, researching and testing solutions. Documentation is very important for any free software project as it is the way for people to start understanding the work we are doing, the way they can use our tools and start contributing with it. In the next All-Hands following the Hackweek we are going to have a demo in a Big Blue Button's room where your team will present the work you did through the hackweek. ## Timeline This will be the timeline for the hackweek this year: * Until Monday, November 6th: * Send hackweek project proposals to this issue queue: https://gitlab.torproject.org/tpo/community/hackweek/-/issues (please use the "Proposal" issue template for the ticket Description). * Before hackweek begins, start looking for other people to join your team. * In order to join a proposal you liked, subscribe yourself to it's ticket. * Wednesday, November 1st - 16:00 UTC: All-Hands session prior to the Hackweek were people/teams will present their project proposals for other people to join their team if they want to. * Monday, November 6th: Hackweek begins. People start working on whatever they want related to documentation. By this time, you should have a few members of your team already identified. Hack hack hack hack... in whatever way you organize yourself. We will have the room #tor in irc.oftc.net to discuss general hackweek things. * Thursday, November 9th: Hackweek ends. * Wednesday, November 15th - 16:00 UTC: Each team presents the work they did in the All-Hands session happening after the Hackweek. ## Projects The updated list of projects will be available at https://gitlab.torproject.org/tpo/community/hackweek/-/issues. Each project can have one pad (you can use https://pad.riseup.net) and also use it's ticket to add all information that people need to add themselves to that project. ## References For best practices on documentation, we recommend the following material: * Diátaxis, "The Grand Unified Theory of Documentation": https://diataxis.fr/ * How to pick up a project with an audit: https://bluesock.org/~willkg/blog/dev/auditing_projects.html cheers, -- Silvio Rhatto pronouns he/him

2 1

ebanam's status report for September 2023
by ebanam 10 Oct '23

10 Oct '23

Hello everyone! Most of my work last month was focussed around helping users troubleshoot and connect to Tor in regions where Tor is heavily censored. In particular, helping users when we got reports of issues connecting with Snowflake[0][1]. Some of my work was concentrated around post-release support work for Tor Browser releases (we had 3 stable and 3 alpha releases). In particular, we got a few user reports of expired subkey warnings with Tor Browser GPG verification[2] and numerous reports of the latest version of Tor Browser getting flagged as malware on Windows[3]. With the upcoming major stable release (Tor Browser 13.0), I did some alpha testing and provided some feedback to our browser and UX teams. Following is a thorough breakdown of tickets our user support team handled in September: Timeframe: 01 - 30 September 2023 # Frontdesk (email support channel) * 719(↓) RT tickets created * 643(↓) RT tickets resolved Most frequent tickets by numbers: 1. 256(↓) RT tickets: private bridge requests from Chinese speaking users. 2. 236(↓) RT tickets: circumventing censorship in Russian speaking countries. 3. 47 RT tickets: Tor Browser detected as malware on Windows. 4. 6(↑) RT tickets: circumventing censorship with Tor in Farsi. 5. 5 RT tickets: gpg verification on Tor Browser warns about expired subkey. # Telegram, WhatsApp and Signal Support channel * 522(↓) tickets resolved Breakdown: * 493(↓) tickets on Telegram * 22(-) tickets on WhatsApp * 7(↓) tickets on Signal The most frequent tickets on cdr.link have been about: 1. 277(↓) tickets: circumventing censorship in Russian speaking countries. 2. 40 tickets: Tor Browser detected as malware on Windows 3. 25(↑) tickets: circumventing censorship with Tor in Farsi. 4. 23(↑) tickets: private bridge requests from Chinese speaking users. 5. 4 tickets: gpg verification on Tor Browser warns about expired subkey. # Highlights from the Tor Forum 1. Problems with Snowflake since 2023-09-20: “broker failure Unexpected error, no answer.”[0] 2. Arti 1.1.8 is released: Onion service infrastructure[4] 3. A closer look at online privacy: new Tor tutorials[5] Thanks! e. Note: (↑), (↓) and (-) are indicative if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively. [0]: https://forum.torproject.org/t/problems-with-snowflake-since-2023-09-20-bro… [1]: https://forum.torproject.org/t/temporary-fix-for-moat-and-connection-assist… [2]: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [3]: https://forum.torproject.org/t/torbrowser-12-5-6-no-longer-flagged-by-windo… [4]: https://forum.torproject.org/t/arti-1-1-8-is-released-onion-service-infrast… [5]: https://forum.torproject.org/t/a-closer-look-at-online-privacy-new-tor-tuto…

1 0

Tor Browser meeting moved to Tuesday (2023-10-10)
by richard 09 Oct '23

09 Oct '23

Hey everyone, Monday is a holiday so we'll be moving our weekly meeting to Tuesday this week at 1500 UTC in #tor-meeting on OFTC IRC. best, -richard

1 0

cohosh's monthly status report, September 2023
by Cecylia Bocovich 06 Oct '23

06 Oct '23

Hi! This is my status report for contract work done in September 2023. # Reputation-based bridge distribution - Worked on deploying the lox distributor for testing purposes - https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/167 - Discussed rdsys resource API - https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/15… - Dependency updates # Conjure - Wrote some next steps for Conjure work - https://gitlab.torproject.org/tpo/operations/proposals/-/issues/51 # Snowflake - Helped recover from problem with cdn.sstatic.net front domain - Investigated alternative domain fronts - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Looked into OONI and Orbot handling of bridge linse - https://github.com/guardianproject/orbot/issues/983 - https://github.com/ooni/probe-cli/pull/1337 - Implemented a feature in snowflake to randomly select from a pool of front domains - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Discussed a weird increase in snowflake client polls - https://lists.torproject.org/pipermail/anti-censorship-team/2023-September/… - Due to bridge outage: https://lists.torproject.org/pipermail/anti-censorship-team/2023-September/… - Followed up on reports of snowflake fingerprinting in Russia - Due to out-of-date OONI probe clients - https://github.com/ooni/probe/issues/2533 - Dependency updates

1 0

Nina’s Monthly Status Report: September 2023
by Nina 05 Oct '23

05 Oct '23

Hi! Below is my Setember’23 report! In September, I resolved 615 tickets: On Telegram (@TorProjectSupportBot) - 367 On RT (frontdesk@tpo) - 236 On WhatsApp (+447421000612) - 9 and on Signal (+17787431312) - 3. During that month I - 1. Helped Russian-speaking users to bypass censorship: shared bridges and assisted with using them and troubleshooting; 2. Collected user feedback; 3. Helped to solve Tor Browser issues like: - antivirussoftware blocking Tor Browser[1] - bug"Pluggable Transport process terminated with status code 0"[2], which is fixed in 0.4.8.x, but Tor Browser stable still use 0.4.7.x Tor version. The new attempts of the Russian government to block popular VPN protocols resulted in many users trying to use little-t-tor to proxytheir connection and circumvent censorship, so I helped themtoconfigure it. In September we also answeredmany tickets related to the domain frontingissue [3]. I also helped the Tor Localization team reviewing some Russian terms andtranslations for the Tor Browser and the Tor Project website. [1] https://forum.torproject.org/t/torbrowser-12-5-6-no-longer-flagged-by-windo… [2] https://gitlab.torproject.org/tpo/core/tor/-/issues/33669 [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42120

1 0

Rhatto's Monthly Status Report, September 2023
by rhatto 02 Oct '23

02 Oct '23

Hi all :) This is my monthly status report for September 2023 with the main relevant activities I have done during the period. ## 0. Research ### Certificates The work for bringing TLS certificates for Onion Services was focused in the ACME for Onions proposal (https://acmeforonions.org). There were a series of relevant updates both on IETF ACME and on the CA/B Forum's Validation working groups: * https://lists.cabforum.org/pipermail/validation/2023-September/001927.html * https://magicalcodewit.ch/cabf-2023-09-07-slides/ * https://mailarchive.ietf.org/arch/msg/acme/LMYC_Ou41E_9RuaVSYPr7SIhCCc/ * https://github.com/AS207960/acme-onion/issues/2 I focused in: * Helping to figure ways that CAA and .onion descriptors could be handled by ACME client and servers. I'm still compiling the list of options for an ACME server to parse and validate an Onion Service descriptor. * Doing a documentation update about CAA checking: https://tpo.pages.torproject.net/onion-services/onionplan/appendixes/acme/#… https://gitlab.torproject.org/tpo/onion-services/onionplan/-/commit/0234173… ## Tor Browser Quality Assurance for Onion Services (TBB .onion QA) I have completed the first three quarters of Tor Browser QA testing (since 2023.Q1). ### Testbed * Since this QA process started, it's methodology and tooling was bootstrapped and improved. * Some basic tests were defined to happen at every Tor Browser release (when applicable). * Additional, specific tests were also defined to check for specific and potential issues. * The "Faulty Onions" project was prototyped, and is intended to provide test Onion Services with different errors to check how Tor Browser and other applications handles them. More details to be expected soon. * A few alternatives for test automation were researched, to consider whether some of the regular tests can be automated. * Public documentation remains yet to be done. ### Versions tested Eleven Tor Browsers versions were formally tested: * 12.5.1 * 12.5.2 * 12.5.3 * 12.5.4 * 12.5.5 * 12.5.6 * 13.0a1 * 13.0a2 * 13.0a3 * 13.0a4 * 13.0a5 ## 1. Development ### Onionprobe * Onionprobe 1.1.2 was released: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/blob/main/Cha… ## 2. Support ### Documentation Hackweek As a preparation for the upcoming [Hackweek][], I have submitted four project proposals: * Onion MkDocs tryout: https://gitlab.torproject.org/tpo/community/hackweek/-/issues/13 * Onion TeX Slim enhancements: https://gitlab.torproject.org/tpo/community/hackweek/-/issues/14 * Onion Reveal coding and documenting: https://gitlab.torproject.org/tpo/community/hackweek/-/issues/15 * Etherpad management: https://gitlab.torproject.org/tpo/community/hackweek/-/issues/16 I'm planning to work in just one of these projects, depending in which one is more popular or gets more attention. I'm also looking for people that wants to form a team, or even adopt one of these proposals. Please leave a comment, subscribe yourself or add your user name into the ticket description if you're interested :) [Hackeek][]: https://lists.torproject.org/pipermail/tor-project/2023-August/003675.html ### Maintenance * I also did the ongoing sponsored work with deployment, maintenance and monitoring of Onion Services. ## 3. Organization Time spent (from the total available for Tor-related work): | Category | Percentage |---------------|------------ | Research | 57 | Development | 1 | Support | 9 | Organization | 33 |---------------|------------ | Total | 100 -- Silvio Rhatto pronouns he/him

1 0

minutes from the sysadmin meeting
by Antoine Beaupré 02 Oct '23

02 Oct '23

Ahoy! Well it's just been way too long since we've done this, but we've done it! Here's our short sysadmin minutes from today's meeting. # Roll call: who's there and emergencies onionoo-backend running out of disk space ([tpo/tpa/team#41343][]) [tpo/tpa/team#41343]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/41343 # Dashboard cleanup Normal per-user check-in: * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… General dashboards: * https://gitlab.torproject.org/tpo/tpa/team/-/boards/117 * https://gitlab.torproject.org/groups/tpo/web/-/boards * https://gitlab.torproject.org/groups/tpo/tpa/-/boards Nextcloud roadmap / spreadsheet. Overall, it seems we are as you would expect when returning from a rather chaotic vacation. Backlog is large, but things seem to be under control. We added SVN back on the roadmap after one too many tickets asking for setup. # Metrics of the month * hosts in Puppet: 89, LDAP: 89, Prometheus exporters: 166 * number of Apache servers monitored: 37, hits per second: 626 * number of self-hosted nameservers: 6, mail servers: 10 * pending upgrades: 1, reboots: 0 * average load: 0.69, memory available: 3.58 TiB/4.98 TiB, running processes: 424 * disk free/total: 53.19 TiB/126.72 TiB * bytes sent: 403.47 MB/s, received: 269.04 MB/s * planned bullseye upgrades completion date: 2024-08-02 * [GitLab tickets][]: 196 tickets including... * open: 0 * icebox: 163 * needs information: 5 * backlog: 13 * next: 9 * doing: 4 * needs review: 2 * (closed: 3301) [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards Upgrade prediction graph lives at: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bookworm/ Now also available as the main Grafana dashboard. Head to <https://grafana.torproject.org/>, change the time period to 30 days, and wait a while for results to render. # Number of the month: 42 34 machines were upgraded from bullseye to bookworm in the two first days of last week! We calculated this was an average of 20 minutes per host to upgrade. The trick, of course, is that things often break *after* the upgrade, and that "fixing" time is not counted here. That said, last estimate for this was one hour per machine, and we're doing a whole fleet upgrade every 2-3 years, which means about ten hours of work saved per year. But the number of the month is, of course, 42, as we now have an equal number of bookworm and bullseye machine, after the upgrade. And that number is, naturally, [42][]. See also https://xkcd.com/1205/ which, interestingly, we fall out of scope of. [42]: https://en.wikipedia.org/wiki/42 -- Antoine Beaupré torproject.org system administration

1 0

PieroV's Monthly Status Report, September 2023
by Pier Angelo Vendrame 02 Oct '23

02 Oct '23

Hi everyone! Here is my status report for September 2023. This month, I continued working on the refactoring of the Tor integration in Tor Browser and finally merged the merge requested with the biggest changes [0]. During the month, I also fixed some bugs it caused and improved the compatibility with the external Tor daemons. Then, I worked on some audits for the 102 to 115 transition. In particular, I reviewed our profiles [1]. Some other tasks included swapping a few branding assets, such as the About dialog wordmark and the Windows installer icons. I also fixed the reproducibility bug with generated headers on Windows [2] and upstreamed the patch to Firefox. During September, we had two emergency releases. I helped with the stable channel: I prepared and built both 12.5.4 and 12.5.6. For 13.0a4, I only rebased it on top of Firefox 115.2.1. Finally, I worked on enabling system-wide installs for Mullvad Browser. However, it's a work in progress as it requires some non-trivial changes to the updater. Best, Pier [0] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41496 [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41995

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project October 2023