[tor-project] Anti-censorship team meeting notes, 2022-01-27
meskio
meskio at torproject.org
Thu Jan 27 16:42:59 UTC 2022
Hey everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-01-27-15.59.html
And our meeting pad:
Anti-censorship work meeting pad
--------------------------------
Next meeting: Thursday January 27th 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly checkin about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at Tor.
== Links to Useful documents ==
Our anti-censorship roadmap:
Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
The anti-censorship team's wiki page:
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
Past meeting notes can be found at:
https://lists.torproject.org/pipermail/tor-project/
Tickets that need reviews: from sponsors we are working on:
All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None
Sponsor 30
https://gitlab.torproject.org/groups/tpo/-/milestones/4
https://gitlab.torproject.org/groups/tpo/-/milestones/7
https://gitlab.torproject.org/groups/tpo/-/milestones/5
https://gitlab.torproject.org/groups/tpo/-/milestones/6
Sponsor 28
must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10
possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name%5b%5d=Sponsor%2028&milestone_title=None
== Announcements ==
== Discussion ==
no news about obfs4 security fixes, needs to be looked into
Tor Browser will update first: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40416
status of snowflake load balancing upgrade
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40095#note_2772325
currently staging bridge is handling almost all the traffic
plan to do the upgrade on the production bridge today or tomorrow
then switch the DNS back next week
our metrics are low, the current hypothesis is that the counts are coming from only one of the instances
plan to prevent onion key rotation by making the key files read-only
will try profiling on the staging bridge to help reduce CPU usage of snowflake-server https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40086
test deployment of rdsys + bridgedb
next week, will be available to @torproject.org email addresses
aim for production in February
Hetzner networking issue, shall we add it to the timeline
Find more details of the incident and if it has affected any parts of the Tor network
bridgedb and many bridges are in hetzner
== Actions ==
== Interesting links ==
== Reading group ==
We will discuss "Meteor: Cryptographically Secure Steganography for Realistic Distributions" on 2022-02-03
https://dl.acm.org/doi/10.1145/3460120.3484550
https://eprint.iacr.org/2021/686
https://meteorfrom.space/
Questions to ask and goals to have:
What aspects of the paper are questionable?
Are there immediate actions we can take based on this work?
Are there long-term actions we can take based on this work?
Is there future work that we want to call out, in hopes that others will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
anadahz: 2022-01-27
Last weeek:
- Increase timeout check cycles for default-bridge-felix-1 and default-bridge-felix-2 as they have been generating too many alerts: https://gitlab.torproject.org/tpo/anti-censorship/monit-configuration/-/merge_requests/1
cecylia (cohosh): last updated 2022-01-27
Last week:
- filed shadow bug: https://github.com/shadow/shadow/issues/1869
- lots of reviews
- roadmapping and documentation writing
- sponsor reports
- reached out to default bridge operators about down or unreliable bridges
- helped with deployment of bridge-port-scan fixes
This week:
- more reviews
- finish documenting and cleaning up shadow simulation scripts
- use these snowflake + shadow scripts to do more performance testing
- start looking at what is needed for a tapdance/conjure PT
- write up more documentation
Needs help with:
dcf: 2022-01-27
Last week:
- set up load balanced staging bridge for snowflake, monitored its switchover from the production bridge https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40095 https://forum.torproject.net/t/tor-relays-how-to-reduce-tor-cpu-load-on-a-single-bridge/1483/16
Next week:
- test the read-only file idea for preventing onion key rotation https://forum.torproject.net/t/tor-relays-how-to-reduce-tor-cpu-load-on-a-single-bridge/1483/16
- upgrade the snowflake production bridge for load balancing https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40095
- switch snowflake DNS records back to the production bridge https://gitlab.torproject.org/tpo/tpa/team/-/issues/40602
- before switching over, enable profiling on the staging bridge for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40086
Help with:
agix: 2021-01-13
Last week:
- Busy with work on Censored Planet
Next week:
- Continue work on gettor-twitter
Help with:
-
arlolra: 2022-01-20
Last week:
- [added 2022-01-20 by dcf] ALPN support for pion DTLS https://github.com/pion/dtls/pull/415
Next week:
- Figure out where in pion/webrtc ALPN should be configured and used
- Maybe add Chacha20Poly1305 to pion/dtls
https://github.com/pion/dtls#planned-features
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40014#note_2764731
Help with:
-
maxb: 2021-09-23
Last week:
- Worked on https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40054 re: utls for broker negotiation
- Had conversation with someone about upstream utls http round tripper https://github.com/refraction-networking/utls/pull/74
- Too busy with work :/
Next week:
- _Really_ want to get a PR for utls round tripper
meskio: 2022-01-27
Last week:
- select the type of bridges distributed by each distributor (rdsys#63)
- add a third pool to the telegram bot (team#53)
- rdsys/bridgedb setup coordination with tpa (tpa/team#40581)
- update gettor links (gettor#85)
- implement country block mechanism for rdsys and bridgedb (bridgedb#40036)
Next week:
- test deployment for the new rdsys/bridgedb setup (rdsys#12)
- make easier to test bridgedb ater rdsys change (bridgedb#40034)
- check whats up with obfs4 security fixes
Shelikhoo: 2022-01-27
Last Week:
- [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake(snowflake!64)
- [Merge Request Awaiting] Privacy preserving stats in Snowflake standalone proxy(snowflake#40079, snowflake!72)
- [Merge Request Done] Add Google backend support for gettor updater(rdsys!19)
- [Merge Request Done] Add callbacks in the client for key events during snowflake connections(snowflake#40076)
- [Discussion] Implement metrics to measure snowflake churn(snowflake#34075)
- [Discussion] Proposal: Support for Dynamic IP obfs4 bridges with unattended proxy information update(aka "Subscription")
- [Discussion] Proposal: Push Notification Based Signaling Channel
- [Discussion] Proposal: Centralized Probe Result Collector(anti-censorship/team#54)
- [Investigate] Is there a better moat/snowflake SNI than cdn.sstatic.net? (snowflake#40068)
- [Investigate] Multi-instance Load Balanced Tor - Snowflake Deployment
- [Investigate] China "Anti-Fraud" Webpage Redirection Censorship(censorship-analysis#40026)
Next Week:
- [Discussion] Designing the Container Layout for rdsys
- [Discussion] Implement metrics to measure snowflake churn (snowflake#34075)
- [Discussion] Proposal: Push Notification Based Signaling Channel
- [Merge Request] Privacy preserving stats in Snowflake standalone proxy(snowflake#40079, snowflake!72)
- [Merge Request Review] Configure what distributor does distribute each resource type
- [Discussion] Proposal: Centralized Probe Result Collector(anti-censorship/team#54)
- [Investigate] uTLS for broker negotiation
HackerNCoder: 2021-12-16
This week:
Last/done:
Setup web mirror on tor.encryptionin.space
Next:
Get (new VPs with) new IP and setup new web mirror on new domain
hanneloresx: 2021-3-4
Last week:
- Submitted MR for bridgestrap issue #14
Next week:
- Finish bridgestrap #14
- Find new issue to work on
Help with:
-
--
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20220127/ed320dde/attachment.sig>
More information about the tor-project
mailing list