[tor-project] Anti-censorship team meeting notes, 2023-04-06
Shelikhoo
shelikhoo at torproject.org
Thu Apr 6 16:31:59 UTC 2023
Hey everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-04-06-15.59.html
And our meeting pad:
Anti-censorship work meeting pad
--------------------------------
------------------------------------------------------------------------------------
THIS IS A
PUBLIC PAD
------------------------------------------------------------------------------------
Anti-censorship
--------------------------------
Next meeting: Thursday, April 13 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the
Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap:
* Roadmap:
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
* The anti-censorship team's wiki page:
*
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
* Past meeting notes can be found at:
* https://lists.torproject.org/pipermail/tor-project/
* Tickets that need reviews: from sponsors, we are working on:
* All needs review tickets:
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None
* Sponsor 96
* https://gitlab.torproject.org/groups/tpo/-/milestones/24
* Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel
working on it
* https://pad.riseup.net/p/sponsor139-meeting-pad
== Announcements ==
== Discussion ==
* Update on Analysis of speed deficiency of Snowflake in China,
2023 Q1
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40251#note_2883879
* after a lot of research the proposed solution is to enable
datagram transport on webrtc to deal with the packet loss situation
* that will convert webrtc into an unreliable channel, and
snowflake will add reliablity with kcp
* (NO update from shell @ Apr 6)
== Actions ==
== Interesting links ==
*
https://opencollective.com/censorship-circumvention/projects/snowflake-daily-operations/updates/2023-march-update
== Reading group ==
* We will discuss "Lox: Protecting the Social Graph in Bridge
Distribution" on 2023 May 18
* https://cypherpunks.ca/~iang/pubs/lox-popets23.pdf
* Questions to ask and goals to have:
* What aspects of the paper are questionable?
* Are there immediate actions we can take based on this work?
* Are there long-term actions we can take based on this work?
* Is there future work that we want to call out in hopes
that others will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): last updated 2023-03-30
Last week:
- enabled wasm target for rust in tor-browser-build
-
https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40818
- helped debug blocking of Snowflake in TM
-
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40024
- discussed the problem of deciding whether a bridge is blocked or not
- took a look at memory issues for the Snowflake proxy
-
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40243
This week:
- Lox tor browser integration
- fix conjure issues found by code audit
Needs help with:
dcf: 2023-04-06
Last week:
- wrote notes on WebRTC unreliable data channels
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/109#note_2891898
- made graphs of DTLS packet losses in China
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40251#note_2891975
- snowflake CDN bookkeeping
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-costs/diff?version_id=2459be65d9c3b8e10bc94f9169c69116f723330b
- revised snowflake-server listen error check fix and merged it
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/143#note_2892643
- documented more cdn.sstatic.net anomalies in Iran in March
2023
https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/115#note_2892825
- wrote the March 2023 update for the snowflake-01 Open
Collective
https://opencollective.com/censorship-circumvention/projects/snowflake-daily-operations/updates/2023-march-update
- wrote a sync.Pool performance optimization for snowflake
QueuePacketConn and started bridge-side CPU and RAM measurements in
advance of a test deployment
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/145
- made a graph of snowflake users from Russia since the DTLS
fingerprint fix (Hello Verify Request) in Tor Browser 12.0.3 (still
awaiting an Orbot release)
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40030#note_2893870
Next week:
- migrate goptlib to gitlab
https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_2823122
(for real)
- open issue to have snowflake-client log whenever KCPInErrors
is nonzero
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886018
- parent:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40267
- open issue to disable /debug endpoint on snowflake broker
Help with:
meskio: 2023-04-06
Last week:
- AFK time
Next week:
- webtunnel integration in rdsys
Shelikhoo: 2023-04-06
Last Week:
- [Merge Request Awaiting] Add SOCKS5 forward proxy support to
snowflake (snowflake!64)
- [Research] HTTPT Planning
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/httpt/-/issues/1
- Comment on S96 User Research Risk Assessment
- Comment on various grant proposal
- Write grant report
- Fix Telegram Bridge Distributor responding with a blank
message https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/158
- Work on TPA-RFC-53: consider propagating 2FA everywhere,
maybe at the April Tor Meeting
- X~X time was mostly spent on urgent task
Next Week:
- [Research] WebTunnel planning (Continue)
- Try to find a place to host another vantage point
- container image for webtunnel
- consider propagating 2FA everywhere, maybe, at the April Tor
Meeting
(https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138)
- logcollector altert system
- webtunnel document for proxy opertator
onyinyang: 2023-04-06
Last week:
- Did a deep dive into rdsys to understand how it is handling
`new`, `changed`, `gone` resources some results/discussion here:
https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/issues/7
- updated Lox library, rdsys-backend-api and lox distributor to
handle new and changed resources in a way that is more aligned with
rdsys' behaviour
- added some preliminary documentation:
https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/wikis/home
This week:
- work on handling `gone resources` in a more appropriate way
for Lox as outlined here:
https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/issues/7#note_2894231
-If time: Start implementing a function in lox distributor/lox
library to handle syncing of Lox bridgetable
Needs help with:
(medium term)
Question 1: re: `gone` resources: under what circumstances
should a `gone` bridge be replaced?
- If a bridge is `gone` due to bandwidth issues or
descriptors not being published, should they be replaced with working
bridges in a Lox bucket ?
Question 2: How easily can a censor manipulate the
bridgepool/bridges to create a `gone` resource?
- Does replacing bridges, especially at the untrusted
user level, create an enumeration risk?
My thought is that `gone` bridges should be replaced if
they are determined to be unusable into the future (not just temporarily
down) and the bucket risks becoming "unreachable" and requiring users to
move to a new bucket. Maybe this should only be true for trusted users
though?
(long term)
- brainstorming grouping strategies for Lox buckets (of
bridges) and gathering context on how types of bridges are
distributed/use in practice.
Question: What makes a bridge useable for a given user and
how can we encode that to best ensure we're getting the most appropriate
resources to people?
1. Are there some obvious grouping strategies that we
can already consider?
e.g., by pt, by bandwidth (lower bandwidth bridges
sacrified to open-invitation buckets?), by locale (to be matched with a
requesting user's geoip or something?)
2. Does it make sense to group 3 bridges/bucket so
trusted users have access to 3 bridges (and untrusted users have access
to 1)? More? Less?
Itchy Onion: 2023-03-22
Last week:
- Closed #40252 (NAT probetest for standalone proxy)
- Closed #40265 (mac user reporting standalone proxy complaning
about broker cert)
- Worked on #40231 (Client sometimes send offer with no ICE
candidates)
This week:
- Tested and created a potential broker security issue (#40266)
- Stil working on #40231 -- validate SDP contains candidate at
the "/client" and "/answer" endpoints broke almsost all of the unit tests
hackerncoder: 2023-03-09
last week:
Next week:
- getting ooni-exporter to work with torsf (snowflake)
- ooni-exporter web_connectivity
- work on "bridgetester"?
- how does Iran block bridges
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20230406/44061de2/attachment.sig>
More information about the tor-project
mailing list