Hey everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-10-27-15.59.html
And our meeting pad:
Anti-censorship work meeting pad --------------------------------
Next meeting: Thursday Nov 3 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?sc... * Sponsor 28 * must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 * possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%... * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24
== Announcements ==
* Tor Browser 11.5.5/11.5.6 restore a working meek bridge and enable uTLS for Snowflake.
== Discussion ==
* Blocking by TLS fingerprint in Iran * There is plenty of evidence now that there is blocking based on TLS fingerprint in Iran * It likely affects snowflake-client's connections to the broker and may be responsible for the sudden loss of traffic on 2022-10-04 * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... * Likely to affect mainly Orbot, and not Tor Browser for desktop or Tor Browser for Android * Orbot has updated using uTLS and is now circumventing the block
* Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4 src shell * https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... * https://github.com/net4people/bbs/issues/140 * shell is investigating it
* builtin bridges and their usage * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/102 * builtin bridges tend to work better than distributed ones * we want for now to keep using builtin bridges for the situations where they are useful * we need to improve the situation to where we feel comfortable to recomend settings bridges on those cases * investigating what is the churn rate of bridges * subscription model * quality of settings bridges
* we are hitting the size limit for args in bridgelines * https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40... * PT spec 2.0 was meant to solve this * https://github.com/Pluggable-Transports/Pluggable-Transports-spec * https://gitlab.torproject.org/tpo/core/tor/-/issues/21816 * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/... * do we want to propose any changes to arti to have a future with longer args? * does arti want to keep the PT IPC model (i.e., will the future even use SOCKS the way it is used now)? * arti is implementing the SOCKS model for now * the bulk of snowflake bridge lines is the ice=stun:... list. each entry of the list has a "stun:" scheme and a port number. we could abbreviate the list by making the scheme and port number implicit if not specified. * meskio will create an issue to discuss proposals into the pt-spec to solve the issue
* snowflake-02 bridge is now usable through the whole pipeline: just use `fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA` in the bridge line. Do we want to encourage people to test this configuration? * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... * it's okay to start testing it * we'll add this bridge into TB alpha * we have some concerns on the load on unrestricted proxies and the broker by tor connecting to both bridges at once if we configure both
== Actions ==
== Interesting links ==
== Reading group ==
* We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up?
== Updates ==
Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with.
cecylia (cohosh): last updated 2022-10-27 Last week: - wrote a guide for integrating PTs into tor browser - https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Tor-Browser-I... - talked with brave about snowflake web extension - more work on conjure client - reached out about station reliability issues - responded to questions about prometheus metrics for the standalone proxy This week: - wrap up snowflake translation work (blocked) - followups to proxy fixes (blocked) - continue Conjure work - wrap up manifest v3 candidate Needs help with:
dcf: 2022-10-27 Last week: - explained two different Client Hellos in the connections of certain uTLS fingerprints https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs4... - debugged a problem with snowflake-client failure with certain uTLS fingerprints and opened an issue https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - opined on merging the current draft of STATUS TYPE=version in the PT spec https://gitlab.torproject.org/tpo/core/torspec/-/merge_requests/63#note_2847... - diagnosed the problem with snowflake bridge line length in Tor Browser 11.5.5 and helped with the emergency fix in 11.5.6 https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40... https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_req... - with Linus, distributed snowflake-01's outbound traffic over multiple IP addresses, in an attempt to mitigate DDoS false detections https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - tested using the snowflake-02 bridge https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... Next week: - disable non-WireGuard SSH access to snowflake-02 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_2823... - try Conjure PT development version https://forum.torproject.net/t/tor-dev-introducing-a-conjure-pt-for-tor/4429 - break up snowflake-server performance improvements into separate merge requests https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - document recent performance optimizations in Snowflake bridge installation guide Help with:
meskio: 2022-10-27 Last week: - deprecate dymcru builtin bridges (team#98) - checkout our experiment using obfs4 bridges in china and hong kong (team#99) - help outreachy applicants and review their merge requests - investigate why gettor had stopped replying emails (rdsys#129) - telegram gettor stopped working after the release (onionsproutsbot#45) - write sponsor 96 report - research why uTLS HelloFirefox_auto doesn't work agains azure (obfs4#40008) Next week: - gettor bugs (rdsys#133 rdsys#129)
Shelikhoo: 2022-10-27 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Discussion & Deployment] Rollout of Distributed Snowflake Support - [Coding & Deployment] Proposal: Centralized Probe Result Collector (anti-censorship/team#54) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/httpt... - [Research] Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu...
- Generate Charts for presention: https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/92#note_2836... (Continue) - Rollout distributed snowflake (include definition of secondary bridge on broker) https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... Next Week: - [Research] WebTunnel Planning (Continue) - [Research] Fix vantage point summary upload in China - Release New version of Snowflake WebExt - [Research] Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... (Continue)
Itchy Onion: 2022-10-27 Last week: - Made some breakthrough. RACE Snowflake started to fail in 2.2.0 because the test load is increased by 5-fold and there is a 30 seconds timeout. So it takes snowflake too long to finish. So far I've observed high variance of flight time from snowflake proxy to server and the worst case it takes ~45 seconds to send. - Confirmed the issue was because of snowflake proxies running out in RACE This week: - Increase the number of snowflake proxies spawned in RACE and ran it against the CI test. I was able to pass every time (6 times in total). But since Tuesday I've been having trouble starting a new deployment with Rib. I've been in talk with TwoSix but so far nothing has helped. - Built and pushed snowflake plugin binary with the fix to 2.3.2:prod