[tor-project] Anti-censorship team meeting notes, 2022-10-27

meskio meskio at torproject.org
Thu Oct 27 17:18:31 UTC 2022 

Hey everyone!

Here are our meeting logs:

http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-10-27-15.59.html

And our meeting pad:

Anti-censorship work meeting pad
--------------------------------

Next meeting: Thursday Nov 3 16:00 UTC

Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)

== Goal of this meeting ==

Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.

== Links to Useful documents ==

	* Our anti-censorship roadmap:
		* Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
	* The anti-censorship team's wiki page:
		* https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
	* Past meeting notes can be found at:
		* https://lists.torproject.org/pipermail/tor-project/
	* Tickets that need reviews:  from sponsors we are working on:
		* All needs review tickets:
			* https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None
		* Sponsor 28
			* must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10
			* possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name%5b%5d=Sponsor%2028&milestone_title=None
		* Sponsor 96
			* https://gitlab.torproject.org/groups/tpo/-/milestones/24

== Announcements ==

	* Tor Browser 11.5.5/11.5.6 restore a working meek bridge and enable uTLS for Snowflake.

== Discussion ==

	* Blocking by TLS fingerprint in Iran
		* There is plenty of evidence now that there is blocking based on TLS fingerprint in Iran
		* It likely affects snowflake-client's connections to the broker and may be responsible for the sudden loss of traffic on 2022-10-04
			* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40207#note_2844116
		* Likely to affect mainly Orbot, and not Tor Browser for desktop or Tor Browser for Android
		* Orbot has updated using uTLS and is now circumventing the block

	* Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4 src shell 
		* https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40036
		* https://github.com/net4people/bbs/issues/140
		* shell is investigating it

	* builtin bridges and their usage
		* https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/102
		* builtin bridges tend to work better than distributed ones
		* we want for now to keep using builtin bridges for the situations where they are useful
		* we need to improve the situation to where we feel comfortable to recomend settings bridges on those cases
			* investigating what is the churn rate of bridges
			* subscription model
			* quality of settings bridges

	* we are hitting the size limit for args in bridgelines
		* https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40665
		* PT spec 2.0 was meant to solve this
			* https://github.com/Pluggable-Transports/Pluggable-Transports-spec
			* https://gitlab.torproject.org/tpo/core/tor/-/issues/21816
			* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/10671
		* do we want to propose any changes to arti to have a future with longer args?
			* does arti want to keep the PT IPC model (i.e., will the future even use SOCKS the way it is used now)?
				* arti is implementing the SOCKS model for now
		* the bulk of snowflake bridge lines is the ice=stun:... list. each entry of the list has a "stun:" scheme and a port number. we could abbreviate the list by making the scheme and port number implicit if not specified.
		* meskio will create an issue to discuss proposals into the pt-spec to solve the issue

	* snowflake-02 bridge is now usable through the whole pipeline: just use `fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA` in the bridge line. Do we want to encourage people to test this configuration?
		* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40212#note_2848300
		* it's okay to start testing it
		* we'll add this bridge into TB alpha
		* we have some concerns on the load on unrestricted proxies and the broker by tor connecting to both bridges at once if we configure both

== Actions ==


== Interesting links ==


== Reading group ==

	* We will discuss "" on
		* 
		* Questions to ask and goals to have:
			* What aspects of the paper are questionable?
			* Are there immediate actions we can take based on this work?
			* Are there long-term actions we can take based on this work?
			* Is there future work that we want to call out in hopes that others will pick it up?

== Updates ==

Name:
    This week:
        - What you worked on this week.
    Next week:
        - What you are planning to work on next week.
    Help with:
	     - Something you need help with.

cecylia (cohosh): last updated 2022-10-27
	Last week:
		- wrote a guide for integrating PTs into tor browser
			- https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Tor-Browser-Integration-Guide-for-New-Pluggable-Transports
		- talked with brave about snowflake web extension
		- more work on conjure client
			- reached out about station reliability issues
		- responded to questions about prometheus metrics for the standalone proxy
	This week:
		- wrap up snowflake translation work (blocked)
		- followups to proxy fixes (blocked)
		- continue Conjure work
		- wrap up manifest v3 candidate
	Needs help with:

dcf: 2022-10-27
	Last week:
		- explained two different Client Hellos in the connections of certain uTLS fingerprints https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs4/-/merge_requests/1#note_2846326
		- debugged a problem with snowflake-client failure with certain uTLS fingerprints and opened an issue https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40224
		- opined on merging the current draft of STATUS TYPE=version in the PT spec https://gitlab.torproject.org/tpo/core/torspec/-/merge_requests/63#note_2847489
		- diagnosed the problem with snowflake bridge line length in Tor Browser 11.5.5 and helped with the emergency fix in 11.5.6 https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40665 https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_requests/558
		- with Linus, distributed snowflake-01's outbound traffic over multiple IP addresses, in an attempt to mitigate DDoS false detections https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40223
		- tested using the snowflake-02 bridge https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40212#note_2848300
	Next week:
		- disable non-WireGuard SSH access to snowflake-02 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40122
		- migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_2823122
		- try Conjure PT development version https://forum.torproject.net/t/tor-dev-introducing-a-conjure-pt-for-tor/4429
		- break up snowflake-server performance improvements into separate merge requests https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/100
		- document recent performance optimizations in Snowflake bridge installation guide
	Help with:

meskio: 2022-10-27
   Last week:
       - deprecate dymcru builtin bridges (team#98)
       - checkout our experiment using obfs4 bridges in china and hong kong (team#99)
       - help outreachy applicants and review their merge requests
       - investigate why gettor had stopped replying emails (rdsys#129)
       - telegram gettor stopped working after the release (onionsproutsbot#45)
       - write sponsor 96 report
       - research why uTLS HelloFirefox_auto doesn't work agains azure (obfs4#40008)
   Next week:
       - gettor bugs (rdsys#133 rdsys#129)

Shelikhoo: 2022-10-27
   Last Week:
		- [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64)
		- [Discussion & Deployment] Rollout of Distributed Snowflake Support
		- [Coding & Deployment] Proposal: Centralized Probe Result Collector (anti-censorship/team#54)
		- [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/httpt/-/issues/1
    - [Research] Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40036
    
		- Generate Charts for presention: https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/92#note_2836476 (Continue)
		- Rollout distributed snowflake (include definition of secondary bridge on broker) https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40225
   Next Week:
		- [Research] WebTunnel Planning (Continue)
		- [Research] Fix vantage point summary upload in China
		- Release New version of Snowflake WebExt
     - [Research] Censorship analysis for UDP traffic between Iran and rest of Internet: 2022 Q4: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40036 (Continue)

Itchy Onion: 2022-10-27
    Last week:
        - Made some breakthrough. RACE Snowflake started to fail in 2.2.0 because the test load is increased by 5-fold and there is a 30 seconds timeout. So it takes snowflake too long to finish. So far I've observed high variance of flight time from snowflake proxy to server and the worst case it takes ~45 seconds to send.
        - Confirmed the issue was because of snowflake proxies running out in RACE
    This week:
        - Increase the number of snowflake proxies spawned in RACE and ran it against the CI test. I was able to pass every time (6 times in total). But since Tuesday I've been having trouble starting a new deployment with Rib. I've been in talk with TwoSix but so far nothing has helped.
        - Built and pushed snowflake plugin binary with the fix to 2.3.2:prod







-- 
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20221027/be705dc6/attachment.sig>

More information about the tor-project mailing list