[tor-project] Anti-censorship team meeting notes, 2023-03-16
Shelikhoo
shelikhoo at torproject.org
Thu Mar 16 19:59:33 UTC 2023
Hey everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-03-16-15.57.html
And our meeting pad:
Anti-censorship work meeting pad
--------------------------------
------------------------------------------------------------------------------------
THIS IS A
PUBLIC PAD
------------------------------------------------------------------------------------
Anti-censorship
--------------------------------
Next meeting: Thursday, March 23 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the
Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap:
* Roadmap:
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
* The anti-censorship team's wiki page:
*
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
* Past meeting notes can be found at:
* https://lists.torproject.org/pipermail/tor-project/
* Tickets that need reviews: from sponsors, we are working on:
* All needs review tickets:
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None
* Sponsor 96
* https://gitlab.torproject.org/groups/tpo/-/milestones/24
* Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel
working on it
* https://pad.riseup.net/p/sponsor139-meeting-pad
== Announcements ==
Sponsor 28 ended
== Discussion ==
* Analysis of speed deficiency of Snowflake in China, 2023 Q1
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40251
<- please read the updated comment before meeting, it is huge
* snowflake-server buffer reuse bug postmortem
*
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40260
* The harm to users was minor, but incidents like this are a
good opportunity to reflect on our process, to make similar things less
likely in the future.
* The bug (#40199) might have been caught, but was not, at
multiple points:
* Code understanding and review by the initial committer
* Code review on the merge request
* Automated tests / CI
* End user reports or logs
* Logs or instrumentation at the bridge
* Which of these processes, if any, should we change, to
decrease the chance of mistakes?
* The good news: undoing the faulty commit has actually greatly
increased performance: it is likely the memory corruption was causing
frequenct retransmission at the KCP layer and/or frequently terminating
Tor streams due to failed integrity checks. It is possible that the
negative effects only started to show with a higher number of users.
*
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886925
* Brainstorming during the meeting:
* Initial merge request should have included a test to
prove the assumption that buffers were not reused. The reviewer might
have requested that such a test be added.
* Any such anomalies, if detected at the client, should be
logged in such a way that they show up in the tor log.
* dcf's private branch that logs KCP's internal error
counters:
https://gitlab.torproject.org/dcf/snowflake/-/commit/9f43843b59b9753686be836f2c55f209ba29c1e9
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886018
* The fix this week made the "KCPInErrors" counter go
to zero:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886032
* We should log whenever KCPInErrors is non-zero, at least.
* We are missing integration testing as part of CI. We have
unit testing, but nothing where all the pieces are working together as
in production.
* shelikhoo's setup for distributed snowflake server
testing
https://github.com/xiaokangwang/snowflake-mu-docker/blob/master/docker-compose.yaml
* Should we have another more verbose level of log
(debug/trace) so that it takes less effort to debug things in general?
(no need to modify code then rebuilt like hazae41 did it
https://hackerone.com/reports/1880610)
* Docker Registry is removing obfs4, snowflake image:
https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/89#note_2886686
*
https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/121
== Actions ==
* move the ampcache snowflake fallback forward
== Interesting links ==
* https://network.lantern.io/
* https://addons.mozilla.org/en-US/firefox/addon/lantern-network/
== Reading group ==
* We will discuss "" on
* Questions to ask and goals to have:
* What aspects of the paper are questionable?
* Are there immediate actions we can take based on this work?
* Are there long-term actions we can take based on this work?
* Is there future work that we want to call out in hopes
that others will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): last updated 2023-03-02
Last week:
- Lox tor browser integration work in progress
-
https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/116
- Finished getting the wasm client integrated as a Tor Browser
module
This week:
- continue Lox tor browser integration
- find a better way to generate and call wasm client in
tor-browser-build
- make team repos for Lox pieces
- expand client-side support for more Lox features
- continue work on conjure client-side recovery
Needs help with:
dcf: 2023-03-16
Last week:
- helped debug snowflake-server buffer reuse bug, deployed the
fix, and wrote an advisory
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40260
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/140
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262
https://forum.torproject.net/t/security-advisory-cross-user-tls-traffic-mixing-in-snowflake-server-until-2023-03-13/6915
- posted hints on updating OONI's list of STUN servers
https://github.com/ooni/probe/issues/2417#issuecomment-1468478811
Next week:
- migrate goptlib to gitlab
https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_2823122
(for real)
Help with:
meskio: 2023-03-16
Last week:
- rdsys fixes to use onbasca (rdsys#153)
Now onbasca ratio is being used by rdsys
- Test if bridges without ORPort reachable are included in the
bridge descriptor (rdsys#154)
They don't!
- deploy rdsys with support to TB pt_config.json (rdsys#146)
- remove UAE from circumvention settings (team#106)
- add authentication to rdsys resource registration (rdsys#156)
- deal with the dockerhub closing of our account (team#112)
Next week:
- rdsys webtunnel support (rdsys#142)
Shelikhoo: 2023-03-16
Last Week:
- [Merge Request Awaiting] Add SOCKS5 forward proxy support to
snowflake (snowflake!64)
- [Research] HTTPT Planning
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/httpt/-/issues/1
- Upstreaming Remove HelloVerify countermeasure
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40249)
- Fix return nil error on unrecognized request http upgrade
failure
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/merge_requests/5)
- consider propagating 2FA everywhere, maybe, at the April Tor
Meeting
(https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138)
- Resynchronization with Upsteamed Remove HelloVerify
countermeasure
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40258#note_2883726)
- Comment on OnionShare Rebrand
- Comment on S96 User Research Risk Assessment
- Comment on Analysis of speed deficiency of Snowflake in
China, 2023
Q1(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40251)
- Comment on enable Gitlab Container Registry(
https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/89#note_2886693)
- Add utls-imitate, utls-nosni doc to README
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/139)
- Review Assign an accepted bandwidth ratio to
TBLinks(https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/78#note_2885745)
- Review Proxy: add an option to bind to a specific address
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/136#note_2885721)
Next Week:
- [Research] WebTunnel planning (Continue)
- Try to find a place to host another vantage point
- Resynchronization with Upsteamed Remove HelloVerify
countermeasure
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40258#note_2883726)
- consider propagating 2FA everywhere, maybe, at the April Tor
Meeting
(https://gitlab.torproject.org/tpo/tpa/team/-/issues/41083#note_2884138)
- logcollector alter system
- webtunnel document for proxy opertaor
onyinyang: 2023-03-16
Last week:
- Working on distributor backend for Lox server (integration
with rdsys)
https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-distributor/-/issues/1
- Continuing work on Lox server integration with rdsys
- Reconfigure Lox Bridgeline to fit with Tor's bridge info
- Figure out the proper multithreading in Rust to add
bridges to Lox's bridgedb
This week:
- Finish up Lox server integration with rdsys
- Add more helpful comments/error handling and graceful
shutdown
- Improve client side handling of BridgeLines?
- Discuss next steps with cohosh
Itchy Onion: 2023-03-16
Last week:
- Closed issue #40252 (NAT probetest for standalone proxy)
- Working on #40231 (Client sometimes send offer with no ICE
candidates).
This week:
- MR and Closed #40252 (NAT probetest for standalone proxy)
- Almost done with #40231 -- just need to add some test cases
- Worked on #40265 (mac user reporting standalone proxy
complaning about broker cert)
hackerncoder: 2023-03-09
last week:
Next week:
- getting ooni-exporter to work with torsf (snowflake)
- ooni-exporter web_connectivity
- work on "bridgetester"?
- how does Iran block bridges
cece: 2022-12-22
This week:
- working on creating a dummy WhatsApp bot
Next week:
- My bot is not yet working as expected s? still trying to
figure that out
Help with:
- resources
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20230316/f7a52907/attachment.sig>
More information about the tor-project
mailing list