tor-project March 2023

tor-project@lists.torproject.org

14 participants
17 discussions

Moving community/policies from git.tpo to gitlab.tpo
by gus 03 Apr '23

03 Apr '23

Hello Tor, Community Council and everyone, I created this ticket[1] to move "Community/Policies" from gitolite (git.torproject.org) to our GitLab instance (gitlab.torproject.org/tpo/community/policies.git). This means that the Tor Code of Conduct and other Community policies will have a new home[2]. Please let me know if something will break before we do this migration. Or if someone has other suggestions, we're open to discussion and proposals. cheers, Gus [1] https://gitlab.torproject.org/tpo/community/team/-/issues/66 [2] I imported the 'policies' repository. I'm planning to fix the group write permission and change the repo visibility to public: https://gitlab.torproject.org/tpo/community/policies

1 1

Anti-censorship team meeting notes, 2023-03-30
by meskio 31 Mar '23

31 Mar '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-03-23-15.58.log… And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, April 6 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == * merge requests in the snowflake webextension might stay months without review * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * should we add it to triage bot? who should be in the pool of reviewers? * yes, meskio will configure triagebot to auto asign reviews to: cohosh, shelikhoo and meskio * Update on Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * after a lot of research the proposed solution is to enable datagram transport on webrtc to deal with the packet loss situation * that will convert webrtc into an unreliable channel, and snowflake will add reliablity with kcp == Actions == == Interesting links == * == Reading group == * We will discuss "" on * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-03-30 Last week: - enabled wasm target for rust in tor-browser-build - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… - helped debug blocking of Snowflake in TM - https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… - discussed the problem of deciding whether a bridge is blocked or not - took a look at memory issues for the Snowflake proxy - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… This week: - Lox tor browser integration - fix conjure issues found by code audit Needs help with: dcf: 2023-03-30 Last week: - found a bug in snowflake-webext that causes it not to report client_ip since June 2022 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…, and made a merge request to fix it https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… (for real) - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: - review of snowflake-server ListenAndServe error check fix https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… meskio: 2023-03-30 Last week: - deploy bridgestrap with webtunnel support - modify bridgedb to distribute webtunnel bridges on the https distributor - keep up with the renovate bot and it's merge requests in rdsys - add an alert for >20% rejecte bridges by bandwidth ratio - raise the bandwidth ratio threashold to 0.9 (was 0.75) - display the 'blocked in' locations in the bridge status page (rdsys!95) Next week: - AFK time Shelikhoo: 2023-03-30 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - logcollector alert system - Update on Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next Week: - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - container image for webtunnel - consider propagating 2FA everywhere, maybe, at the April Tor Meeting (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138) - logcollector altert system - webtunnel document for proxy opertaor onyinyang: 2023-03-30 Last week: - Finished up the handling of changed resources in the Lox library - Added some wiki documentation to Lox overview repo: https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/wikis/… - Tried testing changed/gone resources in rdsys (mostly familiarizing myself with rdsys code) - Considered how to sync Lox bridgetable for each rdsys update of new bridges This week: - Figure out how to test changed/gone resources and ensure the rdsys backend api is behaving as expected for handling updates from rdsys - Start implementing a function in lox distributor/lox library to handle syncing of Lox bridgetable Needs help with: - Expected behaviour of rdsys on update of bridges: e.g., where all changes to bridge descriptors are recorded (i.e., networkstatus-bridges, bridge-descriptors, cached-extrainfo files), which of these trigger updates from rdsys,and how _should_ the distributor be responding (if it's working as expected) Itchy Onion: 2023-03-22 Last week: - Closed #40252 (NAT probetest for standalone proxy) - Closed #40265 (mac user reporting standalone proxy complaning about broker cert) - Worked on #40231 (Client sometimes send offer with no ICE candidates) This week: - Tested and created a potential broker security issue (#40266) - Stil working on #40231 -- validate SDP contains candidate at the "/client" and "/answer" endpoints broke almsot all of the unit tests hackerncoder: 2023-03-09 last week: Next week: - getting ooni-exporter to work with torsf (snowflake) - ooni-exporter web_connectivity - work on "bridgetester"? - how does Iran block bridges cece: 2022-12-22 This week: - working on creating a dummy WhatsApp bot Next week: - My bot is not yet working as expected s? still trying to figure that out Help with: - resources -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

2 1

OONI Monthly Report: February 2023
by Maria Xynou 29 Mar '23

29 Mar '23

Hello, This email shares OONI's monthly report for February 2023. *# OONI Monthly Report: February 2023* Throughout February 2023, the OONI team worked on the following sprints: * Sprint 84 (1st-12th February 2023) * Sprint 85 (13th-28th February 2023) Our work can be tracked through the various OONI GitHub repositories: https://github.com/ooni Highlights are shared in this report below. *## Published research report on internet censorship in Russia* On 24th February 2023 (1 year since the start of the war in Ukraine), we co-published a new research report, in collaboration with Roskomsvoboda, which documents how Internet censorship in Russia changed over the last year based on OONI data analysis. Read our report in: * English: https://ooni.org/post/2023-russia-a-year-after-the-conflict/ * Russian: https://ooni.org/ru/post/2023-russia-a-year-after-the-conflict/ You can also read Roskomsvoboda's publication about the report here: https://roskomsvoboda.org/post/rks-ooni-odin-god/ Overall, OONI data analysis shows the blocking of 494 domains in Russia. Many more websites are also blocked, beyond those tested. The blocked domains fall under 28 categories, suggesting pervasive levels of internet censorship in Russia. New blocks that emerged in Russia over the last year include: * Blocking of Russian & international human rights websites (e.g. Human Rights Watch & Amnesty International) * Blocking of investigative journalism & news media sites * Blocking of Instagram, SoundCloud and Patreon Access to the Tor Project's website was temporarily unblocked in Russia between 15th to 28th July 2022. Several discontinued sites have been unblocked over the last year (possibly as part of a "blocklist cleanup"). We confirmed the blocking of 48 domains (including a Let's Encrypt domain) based on OONI data, which do not appear to be included in Russia's official blocking registry. OONI data also suggests that access to a major CDN was blocked in the past year. *## Published research report on internet censorship in Azerbaijan* On 28th February 2023, we co-published a new research report on internet censorship in Azerbaijan, in collaboration with our partner, Azerbaijan Internet Watch. As part of this research, we analyzed OONI data collected from Azerbaijan over the last year. The report was published by: * OONI: https://ooni.org/post/2023-azerbaijan-internet-censorship/ * Azerbaijan Internet Watch: https://www.az-netwatch.org/news/ooni-measurements-show-ongoing-internet-ce… As part of our analysis of OONI measurements collected from Azerbaijan between January 2022 to February 2023, we found: ** Blocking of news media websites. *Azerbaijan continues to block access to several independent news media websites. OONI data also suggests that some ISPs in Azerbaijan may have started blocking access to the Guardian on 25th December 2022. ** Azerbaijan and Russia block each other’s news media. *In early June 2022, Azerbaijan started blocking access to Russia’s state-run RIA Novosti media website. Since (at least) 7th June 2022, Russian ISPs have been blocking access to Azerbaijani news media websites (haqqin.az, minval.az, oxu.az, ru.oxu.az, ru.baku.ws). These blocks remain ongoing. ** Temporary blocking of TikTok amid border clashes with Armenia. *During the September 2022 border clashes, both Azerbaijan and Armenia blocked access to TikTok. While the TikTok block was lifted in Armenia by 21st September 2022 (only lasting about a week), the TikTok block remained in place in Azerbaijan until November 2022 (lasting about 2 months). ** Blocking of circumvention tool sites.* Azerbaijan continues to block access to numerous circumvention tool websites, potentially limiting the ability to circumvent internet censorship in Azerbaijan. However, most OONI measurements suggest that tested circumvention tools (Tor and Psiphon) appear to be reachable. ** Variance of censorship across networks. *While most ISPs in Azerbaijan appear to adopt similar censorship techniques (as we continued to observe connection timeouts in most anomalous measurements across ASNs), different ISPs block access to different websites over time. *## Published report on social media blocks in Ethiopia* On 15th February 2023, we published a report on the blocking of social media platforms in Ethiopia. OONI data from Ethiopia showed the ongoing blocking of: * Facebook and Telegram (since 9th February 2023) * YouTube (since 10th February 2023) Read the report here: https://ooni.org/post/2023-ethiopia-blocks-social-media/ *## Published report on DW and Wikipedia blocking in Pakistan* On 15th February 2023, we published a report on the blocking of Wikipedia and Deutsche Welle (DW) in Pakistan. OONI data from Pakistan showed: * Access to Wikipedia restricted between 1st-6th February 2023 (48-hour degradation, followed by block) * Ongoing blocking of Deutsche Welle (DW) since (at least) 16th January 2023 Read the report here: https://ooni.org/post/2023-pakistan-blocks-wikipedia-and-dw/ *## Published report on Twitter throttling in Turkey* On 15th February 2023, we published a report on the throttling and DNS blocking of Twitter in Turkey in the aftermath of a deadly earthquake. On 8th February 2023, OONI data from Turkey showed that access to Twitter was throttled on at least 4 networks, and blocked by means of DNS interference on other networks. Read the report here: https://ooni.org/post/2023-turkey-throttling-blocking-twitter/ *## OONI reports for the ISOC Pulse project on Internet shutdowns* As a data partner for ISOC’s Pulse Shutdown project ( https://pulse.internetsociety.org/shutdowns), we have been working on creating “OONI reports” (with relevant OONI data, interpretation, and charts) for all of the “service blocking” entries listed on the Pulse shutdown timeline (ranging from March 2018 to February 2023) over the last year. In February 2023, we completed this work, having written the “Data and analysis” section for all “service blocking” entries of the ISOC Pulse Shutdown timeline (where relevant OONI data exists). As part of this work, we found that OONI data is available for almost all blocking events reported worldwide over the last 5 years (at least based on those listed on the ISOC Pulse shutdown timeline). In total, we wrote 49 OONI reports for the ISOC Pulse shutdown timeline. These reports will be included in the “Data and analysis” section of “service blocking” entries. *## OONI Probe Mobile* In February 2023, we continued to improve upon the OONI Probe mobile app. Specifically, we: * Prepared the next OONI Probe Mobile release (3.8.0) for internal testing; * Fixed a bug ensuring that the network name is displayed along with the ASN (https://github.com/ooni/probe/issues/2371); * Worked towards addressing a bug affecting automated testing on OONI Probe iOS (https://github.com/ooni/probe/issues/2259); * Worked towards enabling the transfer of the OONI Probe Android app to a SD card (https://github.com/ooni/probe/issues/2019); * Worked towards ensuring that the OONI Probe iOS app does not crash when OONI backend services are down (https://github.com/ooni/probe/issues/2201). *## OONI Run* OONI Run (https://run.ooni.io/) can be translated via the Transifex ( https://explore.transifex.com/otf/ooni-run/) platform. In February 2023, thanks to the Localization Lab community, OONI Run was translated into 6 languages: Chinese, German, Thai, Russian, Spanish, and Turkish. *## OONI Probe CLI* In February 2023, we released OONI Probe CLI 3.17.0: https://github.com/ooni/probe-cli/releases/tag/v3.17.0 Notably, OONI Probe CLI 3.17.0 includes an updated version (v0.5.20) of the Web Connectivity experiment, a TLS middlebox experiment, backend proxy support for Tor Snowflake, OONI Run improvements, and many other improvements (https://github.com/ooni/probe-cli/releases/tag/v3.17.0). This new release will be the first one to support providing richer input to experiments. We now support dynamically instructing the probes to enable experimental Web Connectivity functionality through the OONI backend. As part of this release cycle, we investigated two issues related to running tor on Android devices. The first issue ( https://gitlab.torproject.org/tpo/core/tor/-/issues/40747, https://github.com/ooni/probe/issues/2405) deals with the OONI Probe Android app receiving a SIGABRT signal because tor closes a file descriptor twice, thus triggering Android’s fdsan ( https://android.googlesource.com/platform/bionic/+/master/docs/fdsan.md). We patched the problem as part of the OONI Probe CLI 3.17.0 release. The second issue deals with a mysterious SIGABRT crash that we are still investigating. While testing OONI Probe CLI 3.17.0, we also noticed and investigated excessive CPU usage in the Web Connectivity test helper ( https://github.com/ooni/probe/issues/2413). We modified the codebase to add support for profiling, started fixing the most obvious issues, and increased the number of test helper hosts to spread the load among them. As part of testing, we also triaged the following data quality issues: https://github.com/ooni/probe/issues/2410 https://github.com/ooni/probe/issues/2411 https://github.com/ooni/probe/issues/1925#issuecomment-1429373491 https://github.com/ooni/probe/issues/2412 https://github.com/ooni/probe/issues/2420 https://github.com/ooni/probe/issues/2421 We fixed some of these data quality issues, as documented below: https://github.com/ooni/probe-cli/pull/1110 https://github.com/ooni/probe-cli/pull/1111 https://github.com/ooni/probe/issues/2293 Where feasible, we backported to the OONI Probe CLI 3.17.0 branch. After M-Lab deprecated their locatev1 API, we also migrated the DASH experiment to use the locatev2 API and included this patch into the 3.17.0 branch (https://github.com/ooni/probe/issues/2398). We also started working on exposing the OONI engine API, which is part of the probe-cli repository, as a dynamic library ( https://github.com/ooni/probe/issues/2414). *## Expanding OONI’s testing model to support richer testing input* The OONI Probe CLI 3.17.0 release ( https://github.com/ooni/probe-cli/releases/tag/v3.17.0) starts adding support for richer testing input ( https://github.com/ooni/ooni.org/issues/1291). We also continued to improve such support in the main development branch of OONI Probe CLI and OONI API. Specifically, we modified the API to directly return test helper information inside the check-in API response ( https://github.com/ooni/probe/issues/2392). We also started working on a design document regarding the richer testing input functionality and we began working on the related PoC ( https://github.com/ooni/probe-cli/pull/1075). *## Creating a throttling measurement methodology* As part of our plans to create a methodology for measuring throttling ( https://github.com/ooni/ooni.org/issues/1296), we started sketching out a possible integration testing strategy. At the end of this reporting period, we wrote a diff for probe-cli ( https://gist.github.com/bassosimone/3ce52a37fc7394f7cce82391685c5477) which works as follows: * We hijack the core networking code to use a GVisor-based ( https://gvisor.dev/) TCP/IP stack in userspace; * We connect this stack, representing the OONI Probe client with other GVisor stacks representing servers; * We add latency and throttling on those virtual channels when the network traffic meets specified conditions (e.g., depending on the SNI used during the TLS handshake). Writing good integration tests for this upcoming functionality is crucial to ensure that we do not break the Web Connectivity experiment while applying the necessary changes to add support for collecting network performance metrics (as planned: https://github.com/ooni/ooni.org/issues/1297). *## OONI Explorer* We continued to work with a designer on the new OONI Explorer domain and network centric pages (https://github.com/ooni/explorer/pull/830). We updated the copy for the user feedback reporting system and we worked on end-to-end tests. We made improvements to the third-party data integration, notably adding support for the caching of proxied Cloudflare requests and other UI changes (https://github.com/ooni/explorer/pull/831). We also released a new MAT filter that allows showing data for different time intervals: hourly, daily, weekly and monthly. *## OONI backend* Through February 2023, we continued to work on a series of backend improvements. Specifically, we: * Implemented datacenter filtering in rotation ( https://github.com/ooni/pipeline/pull/408); * Scaled up our infrastructure to 4 test helpers ( https://github.com/ooni/api/pull/320) and correlated the test runtime with the deployment of the new test helpers to measure their effectiveness; * Added more networks to the Web Connectivity v0.5 feature flag ( https://github.com/ooni/api/pull/318); * Fixed a bug affecting authentication in the Test Lists Editor ( https://github.com/ooni/test-lists-ui/issues/71); * Fixed the pipeline CI permissions ( https://github.com/ooni/pipeline/pull/409); * Extracted more values from measurements including software and test version, engine details, CPU architecture and test run time ( https://github.com/ooni/pipeline/pull/411, https://github.com/ooni/pipeline/pull/410); * Implemented an initial database backup tool. *## Automating censorship detection and characterization based on OONI measurements* We made stable progress on the OONI data analysis tool ( https://github.com/ooni/data). Specifically, we: * Made several improvements to the tooling that can be used for creating plots that allow us to assess how well the analysis performs ( https://github.com/ooni/data/pull/25); * Added support for mapping several “unknown_failures” that are a result of software bugs, ensuring that the data is more clean and can be better analyzed ( https://github.com/ooni/data/pull/25/commits/dc6517e0148be6c571a9e0768b50b5… ): * Started exploring the possibility of performing the analysis directly inside of the database engine (as opposed to doing in python code). This resulted in a 10x performance increase, allowing us to analyze one day's worth of OONI data in just over 5 minutes (compared to 2 hours of the python implementation). We also ingested new blocking fingerprints ( https://github.com/ooni/pipeline/pull/407) into the fastpath data processing pipeline, thereby automatically detecting and confirming more cases of website blocking around the world. To evaluate how effectively OONI Probe measures and detects cases of internet censorship, we compared measurements from Indonesia (that show blocking) with Indonesia’s (“DNS-Trust”) blocking registry ( https://github.com/alsyundawy/dnstrust-apjii). We found that OONI measurements that show DNS-based censorship are consistent with Indonesia’s blocklist. *## Creating a Social Media Censorship Alert System* We continued to make progress on the initial event detector developed for the new Social Media Censorship Alert System ( https://github.com/ooni/backend/issues/629). Specifically, we ran experiments using Pandas, added more tests, and generated PNG/SVGs as part of the testing. *## Creating a new OONI Outreach Kit* Throughout February 2023, we coordinated with Ura Design ( https://ura.design/), who worked on designing the new OONI Outreach Kit materials. We are aiming to publish the Outreach Kit in March 2023. *## Coordination of translation of OONI documents* Throughout February 2023, we coordinated with translators with regards to the translation of several OONI documents into 5 languages: Arabic, Farsi, Russia, Swahili, and Spanish. We are aiming to publish the translated documents in March 2023. *## Test list updates* We coordinated with our partner, TEDIC (https://ooni.org/partners/tedic/), who provided extensive updates for the test list of Paraguay: https://github.com/citizenlab/test-lists/pull/1224 The test list for Cambodia was also updated extensively by API Cambodia (iMAP partner): https://github.com/citizenlab/test-lists/pull/1214 We reviewed and merged many other test list pull requests contributed by community members: https://github.com/citizenlab/test-lists/pulls?q=is%3Apr+is%3Aclosed *## Rapid response### Wikipedia blocking in Pakistan* Access to Wikipedia was temporarily restricted in Pakistan between 1st to 6th February 2023. We rapidly responded by sharing relevant OONI data collected from Pakistan (and encouraging further testing) on Twitter: https://twitter.com/OpenObservatory/status/1620845976645963778 and https://twitter.com/OpenObservatory/status/1621449233852252160 We subsequently published a report: https://ooni.org/post/2023-pakistan-blocks-wikipedia-and-dw/ *### Social media blocks in Iraq* On 6th February 2023, community members in Iraq reported to the #KeepItOn mailing list that access to social media platforms (WhatsApp, Facebook, Twitter, Instagram) would be banned during the country’s final exams, starting on 5th February 2023 and ending on 13th February 2023 (from 4 am to 12 pm local time). The decision was made by the PMO based on the ministry of education recommendation. We shared relevant OONI data with the #KeepItOn campaign on these blocks. *### Twitter throttling in Turkey* On 8th February 2023, in the aftermath of the earthquakes, Turkey throttled access to Twitter. Real-time OONI data collected from Turkey showed the block: https://explorer.ooni.org/chart/mat?probe_cc=TR&test_name=web_connectivity&… We rapidly responded by analyzing relevant OONI data collected from Turkey and sharing our analysis through a Twitter thread: https://twitter.com/OpenObservatory/status/1623398643595182083 OONI data showed that access to Twitter was throttled on at least 4 networks, and blocked by means of DNS on other networks. We subsequently published a report: https://ooni.org/post/2023-turkey-throttling-blocking-twitter/ *### Social media blocks in Ethiopia* On 9th February 2023, amid church split tensions and calls for anti-government protests, access to social media platforms was reportedly blocked in Ethiopia. We rapidly responded by sharing relevant OONI data collected from Ethiopia (and encouraging further testing) on Twitter: https://twitter.com/OpenObservatory/status/1624045402679873540 and https://twitter.com/OpenObservatory/status/1624761465453379584 We subsequently published a report: https://ooni.org/post/2023-ethiopia-blocks-social-media/ *## Community use of OONI data### Paper on internet censorship in Russia* Censored Planet (in collaboration with other researchers) published a paper (“Network Responses to Russia’s Invasion of Ukraine in 2022: A Cautionary Tale for Internet Freedom”) which analyzes OONI data (along with Censored Planet data) to examine internet censorship in Russia following the February 2022 invasion of Ukraine. Their paper (which was accepted to appear in USENIX Security 2023) is available here: https://censoredplanet.org/assets/russia-ukraine-invasion.pdf *### Paper on censorship data analysis* Censored Planet and Jigsaw published a paper (“Advancing the Art of Censorship Data Analysis”) which discusses the challenges involved in analyzing censorship measurement data. This paper shares examples from OONI data and other public censorship datasets (such as Censored Planet). Their paper (which was published by FOCI) is available here: https://www.petsymposium.org/foci/2023/foci-2023-0003.pdf *### Data Journalism guide for measuring internet shutdowns* Journalist Sabrina Faramarzi published an article (“Kill switch: reporting on and during internet shutdowns”) which aims to serve as a guide for data journalists interested in measuring internet shutdowns. This article features an interview with OONI’s Maria, where she discusses why journalists should use OONI data to investigate internet censorship around the world. The article is available here: https://datajournalism.com/read/longreads/internet-shutdowns-data-reporting *## Community activities### OONI workshop for civil society in Azerbaijan* On 1st February 2023, OONI’s Elizaveta facilitated an OONI workshop for civil society groups in Azerbaijan. This workshop was hosted in collaboration with our partner, Azerbaijan Internet Watch ( https://ooni.org/partners/azerbaijan-internet-watch/). The goal of the workshop was to introduce civil society groups in Azerbaijan to OONI tools to help boost OONI measurement coverage in Azerbaijan. *### FOSDEM 2023* On 4th and 5th February 2023, OONI’s Federico attended FOSDEM ( https://fosdem.org/2023/) in Brussels. *### OONI workshop for human rights defenders in Nigeria* On 16th February 2023, OONI’s Elizaveta facilitated an OONI workshop for human rights defenders in Nigeria. This workshop was hosted in collaboration with our partner, Paradigm Initiative ( https://ooni.org/partners/paradigm-initiative/). The goal of the workshop was to introduce participants to OONI tools and data, encouraging censorship measurement leading up to and during Nigeria’s 2023 elections (which may trigger new censorship events). *### OONI Run demo for the Localization Lab community* On 22nd February 2023, OONI’s Elizaveta provided an OONI Run ( https://run.ooni.io/) demo for the Localization Lab community to encourage the translation of the platform. *### Live OONI session for the OPTIMA community in Senegal* On 23rd February 2023, OONI’s Elizaveta briefly presented OONI and addressed questions as part of Internews’ live OPTIMA session for community members in Senegal. *### OONI Community Meeting* On 28th February 2023, we hosted the monthly OONI Community Meeting on our Slack channel (https://slack.ooni.org/), during which we discussed the following topics: 1. Updates from the OONI team. 2. Upcoming conferences and opportunities for censorship measurement sessions. 3. Community feedback on early beta testing of OONI tools. *## Measurement coverage* In February 2023, 57,841,940 OONI Probe measurements were collected from 2,844 AS networks in 164 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on “monthly coverage worldwide”): https://explorer.ooni.org/ ~ OONI team.

1 0

OONI Monthly Report: January 2023
by Maria Xynou 29 Mar '23

29 Mar '23

Hello, This email shares OONI's monthly report for January 2023. *# OONI Monthly Report: January 2023* Throughout January 2023, the OONI team worked on the following sprints: * Sprint 82 (2nd-15th January 2023) * Sprint 83 (16th-29th January 2023) Our work can be tracked through the various OONI GitHub repositories: https://github.com/ooni Highlights are shared in this report below. *## OONI Probe Mobile* We added support to OONI Probe Mobile for the re-testing of URLs that presented anomalies (https://github.com/ooni/probe-android/pull/554). This new feature enables OONI Probe users to more easily re-test URLs that present signs of blocking, thereby contributing more measurements that potentially contain evidence of internet censorship. We also made improvements to RTL support for both OONI Probe Mobile and Desktop (https://github.com/ooni/probe/issues/2346), we removed the RiseupVPN test option from the app settings ( https://github.com/ooni/probe/issues/2204), we improved upon how tests are run on iOS (https://github.com/ooni/probe/issues/2175), and we continued working towards rewriting OONI Probe Mobile in Flutter ( https://github.com/ooni/probe/issues/2359). *## OONI Run* We worked towards ensuring that OONI Run links continue performing tests on iOS, even when the device is locked ( https://github.com/ooni/probe/issues/2361). Notably, we collaborated with the Localization Lab ( https://www.localizationlab.org/) on creating a new localization project for OONI Run on Transifex (https://explore.transifex.com/otf/ooni-run/) and we uploaded the relevant strings for translation. This enabled the localization community to start translating the OONI Run platform ( https://run.ooni.io/), making it more accessible to communities worldwide. *## Published OONI Run screencast* To enable communities to use OONI Run (https://run.ooni.io/) to coordinate website censorship testing, we created a screencast which shows how to use the platform. In creating this screencast, we wrote a script (which appears as subtitles, which can be translated) and we created a screen recording illustrating how to use OONI Run. We published the OONI Run screencast on our YouTube channel: https://www.youtube.com/watch?v=OGRN7ve6cIA *## OONI Probe CLI* We carried out development and quality assurance work to prepare the OONI Probe CLI 3.17.x release. To this end, we released OONI Probe ClI v3.17.0-alpha (https://github.com/ooni/probe-cli/releases/tag/v3.17.0-alpha) and OONI Probe CLI v3.17.0-alpha.1 ( https://github.com/ooni/probe-cli/releases/tag/v3.17.0-alpha.1). As part of this work, we merged a fix that prevents the Web Connectivity v0.5 experiment from fetching data from the localhost ( https://github.com/ooni/probe-cli/pull/1027). We also added support for performing A/B testing between Web Connectivity v0.4 (the current stable release) and v0.5 (the new Web Connectivity version). Once OONI Probe CLI 3.17.0 is released, we will start using this mechanism to enable the Web Connectivity v0.5 experiment for some users and compare the measurement results it collects with the ones collected by the previous version. This release also refactors the build system to verify we are building with the expected compiler flags through unit tests. As part of this work, we rewrote how we compile tor for Android to add support for patching and hardening flags. *## Expanding OONI’s testing model to support richer testing input* Supporting a richer testing input model requires exposing the full check-in API response to experiments. Such a response, in fact, potentially includes configuration flags and other ancillary information that, along with the input URL, provides richer input. To move this objective forward, we fixed ooniprobe’s backend client to observe the full check-in response, rather than just extracting the URLs ( https://github.com/ooni/probe-cli/pull/1037). We then started using richer input when instantiating experiments by implementing code to A/B test Web Connectivity implementations. This feature inspects the check-in API response to extract feature flags ( https://github.com/ooni/probe-cli/pull/1039). We also extended the check-in API itself to provide a feature flag that selects the Web Connectivity v0.5 experiment for some users. *## OONI Probe Web* We worked towards finalizing the development of our new browser-based censorship measurement tool: OONI Probe Web (https://probe-web.ooni.org/). In working towards the first beta release, we added support for detecting the browser being used by the user and displaying a warning text if their browser configuration could lead to false positives ( https://github.com/ooni/probe-web/pull/5/files). *## OONI Explorer* Through January 2023, we worked on the following new OONI Explorer ( https://explorer.ooni.org/) features: * Improving the domain-centric pages ( https://github.com/ooni/explorer/pull/830); * Improving the UI of the network-centric pages ( https://github.com/ooni/explorer/issues/744, https://github.com/ooni/explorer/pull/830); * Finalizing the user feedback reporting mechanism ( https://github.com/ooni/explorer/issues/811); * Integrating third-party data (IODA, Cloudflare Radar, Google traffic data) for the monitoring of internet outages ( https://github.com/ooni/explorer/pull/831). As part of this work, we worked closely with a designer who carried out UX research with our community, helping to improve the design and usability of the above new features and pages. *## OONI backend* Through January 2023, we continued to work on a series of backend improvements. Specifically, we: * Added a feature flag for the Web Connectivity v0.5 experiment ( https://github.com/ooni/api/pull/315); * Added support for returning the test helper addresses as part of the check-in API (https://github.com/ooni/api/pull/316); * Merged the initial VPN observation table and extraction into the fastpath pipeline (https://github.com/ooni/pipeline/pull/399); * Removed the Tor and Psiphon configurations from the check-in API ( https://github.com/ooni/api/pull/317); * Wrote an internal design document for the check-in API authentication; * Wrote an internal design document for our database backup strategy. *## Automating censorship detection and characterization based on OONI measurements* We made progress on the characterization of website censorship through our OONI data analysis tool (https://github.com/ooni/data/pull/23). Specifically, we: * Improved the DNS analysis; * Made some tweaks to the TCP and NXDOMAIN scoring; * Improved the TLS analysis to make use of HTTP measurements; * Improved the code quality. Moreover, we started implementing a set of data visualizations to be displayed from the OONI data web interface by integrating the vega generated charts into react. This lays the foundation for eventually integrating these charts into OONI Explorer ( https://github.com/ooni/data/pull/25). *## Creating a Social Media Censorship Alert System* We continued to make progress on the initial event detector developed for the new Social Media Censorship Alert System ( https://github.com/ooni/backend/issues/629). As part of this, we monitored our internal dashboard, ran experiments using the Pandas library, and created a CSV dump on S3 for reproducible testing. Based on the experiments, we made performance improvements and we implemented various changes to improve how cases of potential censorship are detected. *## Test list updates* We continued to work towards improving the test lists. Specifically, we updated the test lists for Tajikistan ( https://github.com/citizenlab/test-lists/pull/1211), Nigeria ( https://github.com/citizenlab/test-lists/pull/1208), and Russia ( https://github.com/citizenlab/test-lists/pull/1206, https://github.com/citizenlab/test-lists/pull/1207). *## OONI reports for the ISOC Pulse project on Internet shutdowns* As a data partner for the ISOC Pulse project on Internet shutdowns, we contributed OONI data (along with relevant charts and information) for the “service blocking” events listed on the ISOC Pulse shutdowns timeline: https://pulse.internetsociety.org/shutdowns Specifically, we created OONI reports (including OONI data, charts, and relevant interpretation of the findings) for many of the “service blocking” entries listed in the ISOC Pulse shutdown timeline. These reports will be added under the “Data and Analysis” section of relevant ISOC Pulse shutdown entries. Throughout January 2023, we wrote OONI reports for the “service blocking” entries (where relevant OONI data exists) from 2018, 2019, 2021, and 2022 on the ISOC Pulse shutdown timeline. *## OONI data analysis* Throughout January 2023, we provided OONI data analysis support to community members, and we carried out various data analysis tasks in support of our own research. This includes a year-long analysis of OONI data collected from Russia (https://github.com/ooni/ooni.org/issues/1331), as well as analysis of OONI data collected from Venezuela ( https://github.com/ooni/ooni.org/issues/1310). *## Creating a new OONI Outreach Kit* In January 2023, we finalized all of the materials for the new OONI Outreach Kit. Specifically, we created and finalized the content for the following: * 3 versions of an (1-page) OONI Probe Fact Sheet * Long version (2-pages) of an OONI Probe Fact Sheet * OONI Probe Fact Sheet for Elections * Document with OONI Probe testing instructions * 2 versions of an (1-page) OONI Explorer Fact Sheet * OONI Explorer Fact Sheet for Researchers * OONI Explorer Fact Sheet for Human Rights Advocates * OONI Explorer Fact Sheet for Journalists * Internet Censorship Fact Sheet * Fact Sheet on How Websites are Blocked * 2 versions of OONI Brochures * OONI Resources document Upon finalizing the Outreach Kit content, we contracted Ura Design ( https://ura.design/) for the design of the materials. *## Coordination of translation of OONI documents* To enable more communities around the world to learn about OONI, we aim to have the following OONI documents translated: * OONI Frequently Asked Questions (FAQ): https://ooni.org/support/faq * OONI Glossary: https://ooni.org/support/glossary * Potential risks associated with censorship measurement: https://ooni.org/about/risks/ To this end, we contracted translators for the translation of the above documents into the following 5 languages: Arabic, Farsi, Russia, Swahili, and Spanish. We prioritized these 5 languages because they are spoken in many countries that experience high levels of internet censorship. We worked with translators who were already active in the OONI community and therefore more familiar with OONI’s terminologies, tools, and goals. In preparation for these translations, we wrote relevant translation guidelines, which we shared with each of the translators. We subsequently coordinated with the translators. *## Updated the OONI FAQ* On our website, we have an OONI Frequently Asked Questions (FAQ) section which aims to address the questions that we are frequently asked by the community (https://ooni.org/support/faq/). In January 2023, we updated the OONI FAQ page to reflect changes in our tools and provide up-to-date information and links ( https://github.com/ooni/ooni.org/pull/1334) – particularly in preparation for the translation of this content. *## Community use of OONI data### Research report on VPN blocking in Uganda* Christopher Kalema (OPTIMA research fellow) published a research report investigating VPN blocking in Uganda and its impact on the country’s preparations for the 2021 general elections. This study made use of OONI data to investigate VPN blocking in Uganda. The research report is available here: https://internews.org/wp-content/uploads/2022/08/VPN-Blocking-During-the-20… *### Pakistan started blocking Deutsche Welle (DW)* On 16th January 2023, OONI data shows that Pakistan started blocking access to Deutsche Welle (DW): https://explorer.ooni.org/chart/mat?probe_cc=PK&test_name=web_connectivity&… This was reported by Oliver Linow (Internet Freedom Specialist at DW), who shared OONI data on the blocking of DW: https://twitter.com/OliverLinow/status/1619282417629675522 *## Community activities* *### SFLC.in panel for the launch of a new report on website blocks in India* On 12th January 2023, OONI’s Maria participated as a panelist on SFLC.in’s panel “Error 404 Website Cannot Be Found”, which launched their new research report on website blocking in India ( https://sflc.in/finding-404-report-website-blocking-india/). Information about the event can be found here: https://sflc.in/error-404-website-cannot-be-found The panel discussion was live-streamed here: https://www.youtube.com/watch?v=aB5hlX6dSoI *### OTF Summit* Between 24th-26th January 2023, OONI’s Arturo traveled to Texas to participate in the OTF Summit. As part of his participation, Arturo co-facilitated a session (in collaboration with Netalitica’s Igor Valentovitch) on investigating information controls through the use of OONI tools and the Citizen Lab’s test lists. *### Roskomsvoboda’s Privacy Day 2023 event* On 27th January 2023, OONI’s Maria participated as a speaker in Roskomsvoboda’s Privacy Day 2023 event (https://2023.privacyday.net/), as part of which she discussed how people in Russia can participate in OONI censorship measurement. The event was live-streamed here: https://www.youtube.com/watch?v=zUPYMW_tsUo *### OONI Community Meeting* On 31st January 2023, we hosted the monthly OONI Community Meeting on our Slack channel (https://slack.ooni.org/), during which we discussed the following topics: 1. Updates from the OONI team. 2. Updating the OONI Probe test for RiseupVPN. 3. OONI workshops and participation in events in the Global South in 2023. *## Measurement coverage* In January 2023, 60,858,923 OONI Probe measurements were collected from 2,899 AS networks in 168 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on “monthly coverage worldwide”): https://explorer.ooni.org/ ~ OONI team.

1 0

PSA: GitLab email notifications outage
by Antoine Beaupré 23 Mar '23

23 Mar '23

Hi, Today, starting from at least 07:04:22 UTC, mail notifications sent from GitLab have been either delayed or dropped (unclear, probably the latter). This means that if you rely on GitLab notifications to order your work, you will very likely need to login to GitLab and look at your issues. A good way to catch up is look at the latest notifications in your "To Do" list in: https://gitlab.torproject.org/dashboard/todos I am aware that many of you have a humongus and completely useless to do list of death. I am sorry. As of a 20:50UTC, email delivery has resumed and should be back to normal until further notice. ### Technical details Busy people or people less interested in technical details can skip the remainder of this email. It's unclear what happened. We're tracking the issue in this ticket: https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/139 It looks like the regression was caused by the GitLab 15.9.3 to 15.10.0 upgrade because that upgrade completed at 06:35:53, half an hour before the first email got lost. It's also unclear if GitLab queued up those emails and is sending them now, but I suspect it just dropped them. I couldn't find the right log file in the thousands (literally) of log files GitLab keeps, so it's really hard to tell. *Why* this regression happened is simply beyond me. Me and kez poured the best of both of our brains to figure out why, suddenly, GitLab decided to not only use STARTTLS to connect to the local SMTP server (which it was specifically told not to do) but *also* validate the certificate (which it was *also* told not to do). We currently use a bespoke CA for local SMTP servers and, naturally, that certificate doesn't verify. And obviously setting the correct CA in GitLab's settings doesn't work either, because why would anything work at this point. (Besides, it's unclear how anyone should issue a valid certificate for `localhost` in the first place... ANYWAY.) I filed this issue upstream: https://gitlab.com/gitlab-org/gitlab/-/issues/399241 I am unsure how this issue is going to go, or how long this fix is going to last, it's all quite obscure. (This is why, by the way, we rarely try to patch GitLab. The code base is byzantine at best, they ship their own Rails, Ruby, PostgreSQL, Prometheus, Grafana (which is itself a special clusterfuck of deps), Chef (!), and I won't bore with with the rest of the list: it's a total mess, and it takes hours just to get your bearings to get anything done at all. In this specific case, we completely gave up in patching what should be a simple Rails app.) So anyway. Fixed I guess? A. -- Antoine Beaupré torproject.org system administration

1 0

Anti-censorship team meeting notes, 2023-03-23
by Itchy Onion 23 Mar '23

23 Mar '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-03-23-15.58.log… And our meeting pad: Anti-censorship work meeting pad ------------------------------------------------------------------------------------ - THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, March 23 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == - Our anti-censorship roadmap: - Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards - The anti-censorship team's wiki page: - https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home - Past meeting notes can be found at: - https://lists.torproject.org/pipermail/tor-project/ - Tickets that need reviews: from sponsors, we are working on: - All needs review tickets: - https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… - Sponsor 96 - https://gitlab.torproject.org/groups/tpo/-/milestones/24 - Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it - https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == - renovate bot to update dependencies on our projects - https://gitlab.torproject.org/tpo/tpa/renovate-cron - there have been complaints that some dependencies of snowflake are outdated - https://github.com/tladesignz/IPtProxy/issues/45 - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/122 - (x/net and x/crypto dependencies were incidentally updated in a recent pion update: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…, but not to the currently most recent version) - currently being used in rdsys, could enable for other projects by request == Actions == - update the x/net and x/crypt libraries in snowflake and obfs4 - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/122 == Interesting links == - https://github.com/guardianproject/orbot/releases/tag/17.0.0-BETA-2-tor.0.4… - https://github.com/guardianproject/orbot/commit/c3f6ee18f17770a5904ad19c3cd… - 2023-03-15 Orbot for Android v17 BETA 2 released with snowflake-02 bridge - snowflake-02 metrics: https://metrics.torproject.org/rs.html#details/91DA221A149007D0FD9E5515F578… (multiply by 12) == Reading group == - We will discuss "" on - Questions to ask and goals to have: - What aspects of the paper are questionable? - Are there immediate actions we can take based on this work? - Are there long-term actions we can take based on this work? - Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - - Something you need help with. cecylia (cohosh): last updated 2023-03-23 Last week(s): - Lox tor browser integration work in progress - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/116 - created a fork of wasm-bindgen that generates javascript bindings for the lox client that are compatible with internal browser modules - looked into enabling wasm target for rust in tbb - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… - Lox distributor work - debugged some async problems with the rdsys-backend-api library - helped set up new meek bridge for users in TM This week: - continue Lox tor browser integration - catch up on snowflake-webext issues and MRs Needs help with: dcf: 2023-03-23 - Last week: - - wrote up ideas about partially reliable and/or unordered WebRTC data channels in snowflake https://lists.torproject.org/pipermail/anti-censorship-team/2023-March/0002… - - wrote notes on RFC 8828 which gives guidance on handling private IP address ICE candidates https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - - wrote notes on STUN fingerprinting and STUN over DTLS (RFC 7350) https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - - sketched a plan for providing bridge capacity for Turkmenistan https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… - - wrote a merge request to fix a minor PT initialization bug in snowflake-server https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - - made the necessary changes to make nf_conntrack changes persistent on the snowflake bridges, and restarted them both https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - - contributed thoughts about how to share a pool of snowflake proxies with other circumvention projects - Next week: - - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… (for real) - - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Help with: meskio: 2023-03-23 Last week: - - explore how to add webtunnel to rdsys (rdsys#142) - - add webtunnel support to bridgestrap (bridgestrap!15) - - experiment with renovate bot in rdsys to update dependencies - - apply to docker DSOS program (team#121) - - rebase pt version spec (torspec!63) Next week: - - rdsys webtunnel support (rdsys#142) Shelikhoo: 2023-03-16 Last Week: - - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - - Upstreaming Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - - Fix return nil error on unrecognized request http upgrade failure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) - - consider propagating 2FA everywhere, maybe, at the April Tor Meeting (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138) - - Resynchronization with Upsteamed Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - - Comment on OnionShare Rebrand - - Comment on S96 User Research Risk Assessment - - Comment on Analysis of speed deficiency of Snowflake in China, 2023 Q1(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/s… - - Comment on enable Gitlab Container Registry( https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/89#note_2886693) - - Add utls-imitate, utls-nosni doc to README (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - - Review Assign an accepted bandwidth ratio to TBLinks(https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_req… - - Review Proxy: add an option to bind to a specific address (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Next Week: - - [Research] WebTunnel planning (Continue) - - Try to find a place to host another vantage point - - Resynchronization with Upsteamed Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - - consider propagating 2FA everywhere, maybe, at the April Tor Meeting (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138) - - logcollector alter system - - webtunnel document for proxy opertaor - onyinyang: 2023-03-23 Last week: - Finished up most of the minimally working example of Lox server integration with rdsys - - Identified and helped to debug async issues with rdsys-backend-api stream - - Added more helpful comments/error handling and graceful shutdown - https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-distributor/-/mer… - This week: - Finish up the handling of changed resources in the Lox library - - Improve client side handling of BridgeLines? - - Discuss next steps with cohosh Itchy Onion: 2023-03-22 Last week: - - Closed #40252 (NAT probetest for standalone proxy) - - Closed #40265 (mac user reporting standalone proxy complaning about broker cert) - - Worked on #40231 (Client sometimes send offer with no ICE candidates) - This week: - Tested and created a potential broker security issue (#40266) - - Stil working on #40231 -- validate SDP contains candidate at the "/client" and "/answer" endpoints broke almsot all of the unit tests - - hackerncoder: 2023-03-09 last week: Next week: - getting ooni-exporter to work with torsf (snowflake) - ooni-exporter web_connectivity - work on "bridgetester"? - how does Iran block bridges cece: 2022-12-22 This week: - working on creating a dummy WhatsApp bot Next week: - My bot is not yet working as expected s? still trying to figure that out Help with: - - resources

1 0

Anti-censorship team meeting notes, 2023-03-16
by Shelikhoo 16 Mar '23

16 Mar '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-03-16-15.57.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- ------------------------------------------------------------------------------------ THIS IS A PUBLIC PAD ------------------------------------------------------------------------------------ Anti-censorship -------------------------------- Next meeting: Thursday, March 23 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == Sponsor 28 ended == Discussion == * Analysis of speed deficiency of Snowflake in China, 2023 Q1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… <- please read the updated comment before meeting, it is huge * snowflake-server buffer reuse bug postmortem * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * The harm to users was minor, but incidents like this are a good opportunity to reflect on our process, to make similar things less likely in the future. * The bug (#40199) might have been caught, but was not, at multiple points: * Code understanding and review by the initial committer * Code review on the merge request * Automated tests / CI * End user reports or logs * Logs or instrumentation at the bridge * Which of these processes, if any, should we change, to decrease the chance of mistakes? * The good news: undoing the faulty commit has actually greatly increased performance: it is likely the memory corruption was causing frequenct retransmission at the KCP layer and/or frequently terminating Tor streams due to failed integrity checks. It is possible that the negative effects only started to show with a higher number of users. * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Brainstorming during the meeting: * Initial merge request should have included a test to prove the assumption that buffers were not reused. The reviewer might have requested that such a test be added. * Any such anomalies, if detected at the client, should be logged in such a way that they show up in the tor log. * dcf's private branch that logs KCP's internal error counters: https://gitlab.torproject.org/dcf/snowflake/-/commit/9f43843b59b9753686be83… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * The fix this week made the "KCPInErrors" counter go to zero: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * We should log whenever KCPInErrors is non-zero, at least. * We are missing integration testing as part of CI. We have unit testing, but nothing where all the pieces are working together as in production. * shelikhoo's setup for distributed snowflake server testing https://github.com/xiaokangwang/snowflake-mu-docker/blob/master/docker-comp… * Should we have another more verbose level of log (debug/trace) so that it takes less effort to debug things in general? (no need to modify code then rebuilt like hazae41 did it https://hackerone.com/reports/1880610) * Docker Registry is removing obfs4, snowflake image: https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/89#note_2886686 * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/121 == Actions == * move the ampcache snowflake fallback forward == Interesting links == * https://network.lantern.io/ * https://addons.mozilla.org/en-US/firefox/addon/lantern-network/ == Reading group == * We will discuss "" on * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-03-02 Last week: - Lox tor browser integration work in progress - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/116 - Finished getting the wasm client integrated as a Tor Browser module This week: - continue Lox tor browser integration - find a better way to generate and call wasm client in tor-browser-build - make team repos for Lox pieces - expand client-side support for more Lox features - continue work on conjure client-side recovery Needs help with: dcf: 2023-03-16 Last week: - helped debug snowflake-server buffer reuse bug, deployed the fix, and wrote an advisory https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… https://forum.torproject.net/t/security-advisory-cross-user-tls-traffic-mix… - posted hints on updating OONI's list of STUN servers https://github.com/ooni/probe/issues/2417#issuecomment-1468478811 Next week: - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… (for real) Help with: meskio: 2023-03-16 Last week: - rdsys fixes to use onbasca (rdsys#153) Now onbasca ratio is being used by rdsys - Test if bridges without ORPort reachable are included in the bridge descriptor (rdsys#154) They don't! - deploy rdsys with support to TB pt_config.json (rdsys#146) - remove UAE from circumvention settings (team#106) - add authentication to rdsys resource registration (rdsys#156) - deal with the dockerhub closing of our account (team#112) Next week: - rdsys webtunnel support (rdsys#142) Shelikhoo: 2023-03-16 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - Upstreaming Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Fix return nil error on unrecognized request http upgrade failure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) - consider propagating 2FA everywhere, maybe, at the April Tor Meeting (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138) - Resynchronization with Upsteamed Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Comment on OnionShare Rebrand - Comment on S96 User Research Risk Assessment - Comment on Analysis of speed deficiency of Snowflake in China, 2023 Q1(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/s… - Comment on enable Gitlab Container Registry( https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/89#note_2886693) - Add utls-imitate, utls-nosni doc to README (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Review Assign an accepted bandwidth ratio to TBLinks(https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_req… - Review Proxy: add an option to bind to a specific address (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Next Week: - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - Resynchronization with Upsteamed Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - consider propagating 2FA everywhere, maybe, at the April Tor Meeting (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138) - logcollector alter system - webtunnel document for proxy opertaor onyinyang: 2023-03-16 Last week: - Working on distributor backend for Lox server (integration with rdsys) https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-distributor/-/iss… - Continuing work on Lox server integration with rdsys - Reconfigure Lox Bridgeline to fit with Tor's bridge info - Figure out the proper multithreading in Rust to add bridges to Lox's bridgedb This week: - Finish up Lox server integration with rdsys - Add more helpful comments/error handling and graceful shutdown - Improve client side handling of BridgeLines? - Discuss next steps with cohosh Itchy Onion: 2023-03-16 Last week: - Closed issue #40252 (NAT probetest for standalone proxy) - Working on #40231 (Client sometimes send offer with no ICE candidates). This week: - MR and Closed #40252 (NAT probetest for standalone proxy) - Almost done with #40231 -- just need to add some test cases - Worked on #40265 (mac user reporting standalone proxy complaning about broker cert) hackerncoder: 2023-03-09 last week: Next week: - getting ooni-exporter to work with torsf (snowflake) - ooni-exporter web_connectivity - work on "bridgetester"? - how does Iran block bridges cece: 2022-12-22 This week: - working on creating a dummy WhatsApp bot Next week: - My bot is not yet working as expected s? still trying to figure that out Help with: - resources

1 0

Tails report for February 2023
by intrigeri 14 Mar '23

14 Mar '23

Hi, Tails report for February 2023 <https://tails.boum.org/news/report_2023_02/> Highlights * @bokonon <https://gitlab.tails.boum.org/bokonon>joined our team, as our Fundraising Lead. bokonon will help us develop and grow our fundraising initiatives, to support the work we do to accomplish ourmission <https://tails.boum.org/contribute/mission/>. * We prepared usability tests planned in Ecuador in March. Releases Wereleased Tails 5.10 on February 16 <https://tails.boum.org/news/version_5.10/index.en.html>. As part of our focus on polishing user experience, Tails now asks for confirmation when starting without unlocking the Persistent Storage. Because we humans sometimes forget stuff. It's OK :) Tails 5.10 fixed a few problems introduced in Tails 5.8 in December, and some more: * Fixed another case of Persistent Storage not activating. (#19432 <https://gitlab.tails.boum.org/tails/tails/-/issues/19432>) * Avoid opening the Persistent Storage settings each time after login. (#19410 <https://gitlab.tails.boum.org/tails/tails/-/issues/19410>) * Solve a possible privilege escalation through a symlink attack. Metrics Tails has been started more than 652 918 times this month. This makes 23 318 boots a day on average.

1 0

minutes from the sysadmin meeting
by Antoine Beaupré 13 Mar '23

13 Mar '23

Hi! Here's your monthly dose of quality sysadmin updates. # Roll call: who's there and emergencies anarcat, gaba, kez, lavamind # Q1 prioritisation Discuss the priorities for the remaining month, consider Q2. Donate page, Ganeti "dal" cluster and the Discourse self-hosting are the priorities. Completing the bullseye upgrades and converting the installers to bookworm would be nice, alongside pushing some proposals ahead (email, gitolite, etc). # Dashboard review We reviewed the dashboards like in our usual per-user check-in: * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… General dashboards: * https://gitlab.torproject.org/tpo/tpa/team/-/boards/117 * https://gitlab.torproject.org/groups/tpo/web/-/boards * https://gitlab.torproject.org/groups/tpo/tpa/-/boards # Early vacation planning We went over people's planned holidays and things look okay, not too much overlap. Don't forget to ask for your holidays in advance as per the handbook. # Metrics of the month * hosts in Puppet: 97, LDAP: 98, Prometheus exporters: 167 * number of Apache servers monitored: 32, hits per second: 658 * number of self-hosted nameservers: 6, mail servers: 9 * pending upgrades: 0, reboots: 0 * average load: 0.58, memory available: 5.92 TiB/7.04 TiB, running processes: 783 * disk free/total: 34.43 TiB/92.96 TiB * bytes sent: 354.56 MB/s, received: 211.38 MB/s * planned bullseye upgrades completion date: 2022-12-29 (!) * [GitLab tickets][]: 177 tickets including... * open: 1 * icebox: 141 * backlog: 22 * next: 4 * doing: 7 * needs information: 2 * (closed: 3070) [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards Upgrade prediction graph lives at: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bullseye/ Obviously, the planned date is incorrect. We are lagging behind on the hard core of ~10 machines that are trickier to upgrade. -- Antoine Beaupré torproject.org system administration

1 0

Anti-censorship team meeting notes, 2023-03-09
by meskio 09 Mar '23

09 Mar '23

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-03-09-15.58.html And our meeting pad: Anti-censorship -------------------------------- Next meeting: Thursday, March 16 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 28 * must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 * possible-do tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24 * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel working on it * https://pad.riseup.net/p/sponsor139-meeting-pad == Announcements == == Discussion == * No news yet about the inclusion of snowflake-02 in Orbot, after asking at S96 meeting. * the are asking meskio by email privately, but he didn't answer being in vacation, will do today * What is the procedure for creating a new repository under https://gitlab.torproject.org/tpo/anti-censorship ? Do I need to ask someone to create a repository or can I just do it? * dcf wants to move other repositories there: * https://gitlab.torproject.org/dcf/extor-static-cookie * https://gitweb.torproject.org/pluggable-transports/goptlib.git * It should be possible to just create new repos. * dcf will try it, and report back if there's trouble. * Resynchronization with Upsteamed Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) * Syncing with upstream will require dropping one version of golang from CI, are we okay with that? * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… "The only problem I'm having with this is that it no longer builds with go1.15 due to the x/crypto dependency update. Is it possible to keep the old version or perhaps rebase these changes off of the versions of pion/dtls and pion/webrtc that we currently have pinned rather than the master branches?" * go1.15 is the version in current Debian stable (bullseye), go1.19 is available in backports. go1.19 will be the version in the next stable (bookworm) coming in a few months. == Actions == * move the ampcache snowflake fallback forward == Interesting links == * == Reading group == This paper is about detecting Tor-in-obfs4 when you only have a traffic sample; e.g., you only get to look at every 100th packet that passes through a router that handles both obfs4 and non-obfs4 flows. Traffic sampling means you cannot use features like "look at the first n packets of a flow" or "compare the timing of two consecutive packets". Instead, you can only look at aggregate statistical features and have to be memory-efficient. The system collects 12 statistics (Table III in the appendix) and stores them in a data structure called a nest count Bloom filter (NCBF), which essentially is just a composition of 12 counting Bloom filters (https://en.wikipedia.org/wiki/Counting_Bloom_filter). The statistics are things like "number of non-empty upstream packets" (C₂) and "number of downstream packets with payload length between 62 and 465" (C₁₁). From these 12 statistics, they derive 14 features (mostly ratios of statistics) and feed them to a random forest classifier. For evaluation they use a 15-minute sample of backbone traffic provided by a third party, MAWI (https://mawi.wide.ad.jp/mawi/ditl/ditl2019-G/201904090000.html) and insert their own self-collected obfs4 traffic into it. They say the detection has few false negatives (finds almost all obfs4 bridges), but too many false positives to be usable directly for blocking decisions; they mention the need for "secondary testing" of suspected bridges. * We will discuss "Detecting Tor Bridge from Sampled Traffic in Backbone Networks" on March 9 * https://www.ndss-symposium.org/wp-content/uploads/madweb2021_23011_paper.pdf * https://www.youtube.com/watch?v=kL7YCRer3To&list=PLfUWWM-POgQvGOVAk1HjP3uFK… * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2023-03-02 Last week: - Lox tor browser integration work in progress - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/116 - Finished getting the wasm client integrated as a Tor Browser module This week: - continue Lox tor browser integration - find a better way to generate and call wasm client in tor-browser-build - make team repos for Lox pieces - expand client-side support for more Lox features - continue work on conjure client-side recovery Needs help with: dcf: 2023-03-09 Last week: - drafted snowflake-01 bridge update for February 2023 https://opencollective.com/censorship-circumvention/projects/snowflake-dail… - attended 2023-03-04 relay operators meetup and answered questions about snowflake https://lists.torproject.org/pipermail/tor-relays/2023-March/021080.html - documented further sporadic blocking of cdn.sstatic.net in some networks in Iran https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/115#note_28… - made a graph of users in Russia since Tor Browser 12.0.3 and the Hello Verify mitigation; curiously it increased users in snowflake-02 but not snowflake-01 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - noticed that conntrack changes did not persist after a reboot on the snowflake bridges, and started an experiment to measure the effect https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… (for real) Help with: meskio: 2023-03-09 Last week: - catch up (or fail to) after vacation - deploy and break bridgedb (bridgedb#40064) - test bridges without ORPort public (rdsys#154) - review nil pointer fix in webtunnel (webtunnel!5) - coordinate the update of pion libraries and snowflake in debian, including the HelloVerify patch Next week: - rdsys fixes to use onbasca (rdsys#153) Shelikhoo: 2023-03-09 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - WebTunnel @ TorBrowser mobile(https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/m… - Upstreaming Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Fix return nil error on unrecognized request http upgrade failure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) - Research on dynamic bridge DOL in china(https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measur… - meta: fill the "donate" link on addons.mozilla.org (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - consider propagating 2FA everywhere, maybe at the April Tor Meeting (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138) - Review Proxy: add an option to bind to a specific address (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) - Resynchronization with Upsteamed Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Next Week: - [Research] WebTunnel planning (Continue) - Try to find a place to host another vantage point - Fix return nil error on unrecognized request http upgrade failure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webt…) - Resynchronization with Upsteamed Remove HelloVerify countermeasure (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) onyinyang: 2023-03-09 Last week: - Working on distributor backend for Lox server (integration with rdsys) - enabling Lox server to communicate with rdsys through rdsys-backend-api This week: - Continuing work on Lox server integration with rdsys - Reconfigure Lox Bridgeline to fit with Tor's bridge info - Figure out the proper multithreading in Rust to add bridges to Lox's bridgedb - (later) Consider a reasonable approach for bridge groupings for Lox buckets Itchy Onion: 2023-03-08 Last week: - Finished most of issue #40252 (Standalone proxy outbound address) (!136) - Worked on issue #40252 (NAT probetest for standalone proxy) - Started looking at #40231 (Client sometimes send offer with no ICE candidates) This week: - Add warning message if the user provided IP address is not used by proxy to establish WebRTC connection (issue #40252 !136). In my testing, sometimes the IP obtained from Pion's selectedCandidatePair is not accurate. I chatted with Pion dev and think there might a bug in Pion. But from my testing it only happens on the first peerconnecion so not a huge problem for us. - Closed issue #40252 (NAT probetest for standalone proxy) - Working on #40231 (Client sometimes send offer with no ICE candidates). My current understanding is that this shouldn't happen. There was a similar issue but is fixed and merged: https://github.com/pion/webrtc/issues/1143. Doing more research on it. hackerncoder: 2023-03-09 last week: Next week: - getting ooni-exporter to work with torsf (snowflake) - ooni-exporter web_connectivity - work on "bridgetester"? - how does iran block bridges cece: 2022-12-22 This week: - working on creating a dummy WhatsApp bot Next week: - My bot is not yet working as expected s? still trying to figure that out Help with: - resources -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project March 2023