[tor-project] Anti-censorship team meeting notes, 2023-05-18

onyinyang onyinyang at torproject.org
Thu May 18 18:16:56 UTC 2023


Hey everyone!

Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-05-18-15.58.html

And our meeting pad:

Anti-censorship work meeting pad
--------------------------------
------------------------------------------------------------------------------------
                                                         THIS IS A 
PUBLIC PAD
------------------------------------------------------------------------------------


Anti-censorship
--------------------------------

Next meeting: Thursday, May 25 16:00 UTC

Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)

== Goal of this meeting ==

Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the 
Tor Project and Tor community.

== Links to Useful documents ==

     * Our anti-censorship roadmap:
         * Roadmap: 
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
     * The anti-censorship team's wiki page:
         * 
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
     * Past meeting notes can be found at:
         * https://lists.torproject.org/pipermail/tor-project/
     * Tickets that need reviews: from sponsors, we are working on:
         * All needs review tickets:
             * 
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None
         * Sponsor 96 <-- meskio, shell, onyinyang, cohosh
             * https://gitlab.torproject.org/groups/tpo/-/milestones/24
         * Sponsor 139 <-- hackerncoder, irl, joydeep, meskio, emmapeel 
working on it
             * https://pad.riseup.net/p/sponsor139-meeting-pad

== Announcements ==


== Discussion ==

     * Reported blocking of Snowflake in China since 2023-05-12
         * 
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40038
         * https://github.com/net4people/bbs/issues/249
         * 
https://forum.torproject.net/t/snowflake-bridge-does-not-work-in-china-since-days-ago/7635
         * May have something to do with double rendezvous caused by 
having 2 bridge lines
             * "two or more TLS connections with the same SNI within a 
short time to a Fastly IP address"
             * got similar reports from two users
                 * for one user the blocking threshold was 2 
(https://github.com/net4people/bbs/issues/249#issuecomment-1547034480), 
for the other the threshold was 3 
(https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40038#note_2903068)
         * Seems to have stopped since 2023-05-15
         * List of mitigations at 
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40038#note_2902981
             * first step, if it happens again, is to specify just 1 
bridge in Connection Assist for China
                 * use snowflake-02 as it is currently more lightly loaded
         * Web browsers also make 2 or more near-simultaneous 
connections, maybe they were getting overblocked and that's why it stopped?
             * 
https://kb.mozillazine.org/Network.http.max-connections-per-server
         * Setting MaxConnsPerHost=1 in snowflake-client still does a 
double rendezvous, but to 2 *different* Fastly IP addresses rather than 
the some one twice.
         * https://gitlab.torproject.org/tpo/core/tor/-/issues/40578 was 
for two bridges already, so would not directly fix this case
             * "we could set numentryguards 1 for snowflake users i 
guess, but i think we want two"
     * Update on Analysis of speed deficiency of Snowflake in China, 
2023 Q1 
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40251#note_2883879
         * after a lot of research the proposed solution is to enable 
datagram transport on webrtc to deal with the packet loss situation
         * that will convert webrtc into an unreliable channel, and 
snowflake will add reliablity with kcp
         * (Proposal under discussion, discuss on irc meeting next week)
     * Research about designing an armored bridge line sharing URL format
         * 
https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126
     * Regarding bridge churn for Lox 
(https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/wikis/Lox-Roadmap?version_id=fbc9ee4f76b1d3cba83a79b4ea1d776c16e0b941#metrics-1)
         * past research and source code on relay (not bridge) churn:
         * https://metrics.torproject.org/networkchurn.html
         * https://nymity.ch/sybilhunting/churn-values/
         * https://www.cs.kau.se/philwint/spoiled_onions/
         * https://nymity.ch/papers/pdf/winter2014a.pdf#page=22

== Actions ==
     *

== Interesting links ==

     * Unofficial(?) Snowflake extension for Safari in Apple App Store?
         * https://apps.apple.com/us/app/torproject-snowflake/id1597501940
         * Previously noted at 
https://lists.torproject.org/pipermail/anti-censorship-team/2022-February/000222.html

== Reading group ==

     * We will discuss "Lox: Protecting the Social Graph in Bridge 
Distribution" on 2023 May 18
         * https://cypherpunks.ca/~iang/pubs/lox-popets23.pdf
         * Questions to ask and goals to have:
             * What aspects of the paper are questionable?
             * Are there immediate actions we can take based on this work?
             * Are there long-term actions we can take based on this work?
             * Is there future work that we want to call out in hopes 
that others will pick it up?


== Updates ==

Name:
     This week:
         - What you worked on this week.
     Next week:
         - What you are planning to work on next week.
     Help with:
          - Something you need help with.

cecylia (cohosh): last updated 2023-05-18
Last week:
     - away
     - foci stuff
     - reviewed some Lox MRs
     - wrote up a Lox roadmap from meeting
         - 
https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/wikis/Lox-Roadmap
This week:
     - open issue about archiving snowflake prometheus metrics
     - lox-wasm tor browser builds
Needs help with:

dcf: 2023-05-18
     Last week:
         - did analysis of blocking of the snowflake broker front domain 
in China 
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40038
         - commented on shelikhoo's proposal for a new snowflake 
client–proxy protocol based on unreliable data channels 
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40251#note_2904085
     Next week:
         - upgrade tor on snowflake-01 
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40270
         - open issue to have snowflake-client log whenever KCPInErrors 
is nonzero 
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886018
             - parent: 
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40267
         - open issue to disable /debug endpoint on snowflake broker
     Help with:

meskio: 2023-05-18
    Last week:
         - catching up after vacation
         - review rdsys metrics for flickering bridges (rdsys!122)
    Next week:
         - finish webtunnel rdsys support

Shelikhoo: 2023-05-18
    Last Week:
         - [Merge Request Awaiting] Add SOCKS5 forward proxy support to 
snowflake (snowflake!64)
         - [Research] HTTPT Planning 
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/httpt/-/issues/1
         - Research about designing an armored bridge line sharing URL 
format (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126)
         - Snowflake Performance Analysis (Ongoing, 
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40251#note_2904085)
         - Trying to fix vantage point(Ongoing)
         - logcollector alert 
system(https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/logcollector/-/issues/4)
    Next Week/TODO:
         - [Research] WebTunnel planning (Continue)
         - Try to find a place to host another vantage point
         - logcollector alert system
         - webtunnel document for proxy operator
         - Snowflake Performance Analysis

onyinyang: 2023-05-11
     Last week:
          - Finished up the Lox library changes to replace gone bridges 
with new bridges
              - Added tests and changes to Lox distributor to support this
          - Refactored lox-distributor for readability
      This week:
          - Adding tests for both Lox library and Lox distributor
          - Refactoring rdsys metrics changes to prevent risk of testing 
in deployment
              - 
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/122
          - Looking into a more reasonable way of storing Lox library 
data structures:
              - https://gitlab.torproject.org/onyinyang/lox/-/issues/2
              - https://gitlab.torproject.org/onyinyang/lox/-/issues/3
     (long term things were discussed at the meeting!):
          https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep
             - brainstorming grouping strategies for Lox buckets (of 
bridges) and gathering context on how types of bridges are 
distributed/use in practice.
             Question: What makes a bridge useable for a given user, and 
how can we encode that to best ensure we're getting the most appropriate 
resources to people?
                 1. Are there some obvious grouping strategies that we 
can already consider?
                  e.g., by pt, by bandwidth (lower bandwidth bridges 
sacrificed to open-invitation buckets?), by locale (to be matched with a 
requesting user's geoip or something?)
                 2. Does it make sense to group 3 bridges/bucket, so 
trusted users have access to 3 bridges (and untrusted users have access 
to 1)? More? Less?
     Needs Help with:
             - figuring out whether or not the metrics I added to rdsys 
actually collect what we want them to. I can run prometheus locally, but 
am unsure how to match this with a realistic onbasca test that can 
actually show whether the metrics are useful/correct. Is there a known 
way to do such tests other than deploy and find out? Update: Not yet! 
but we are going to work on staging for this soon

Itchy Onion: 2023-05-11
     Last week:
         - Continue investigating offline bridges (team#112)
         - Discovered bridgestrap#37 (cache gives wrong status of bridge 
sometimes)
         - Start working on rdsys#56 (persistent storage for certain 
bridge arributes)
     This week:
      - Continue working on rdsys#56 
(https://gitlab.torproject.org/itchyonion/rdsys/-/tree/use-embedded-db?ref_type=heads)

hackerncoder: 2023-04-20
     last week:
         - (py-)ooni-exporter torsf (snowflake)
         - (py-)ooni-exporter web_connectivity
     Next week:
        - work on "bridgetester"?
        - how does Iran block bridges?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x156A6435430C2036.asc
Type: application/pgp-keys
Size: 6206 bytes
Desc: OpenPGP public key
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20230518/5b8b459a/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20230518/5b8b459a/attachment.sig>


More information about the tor-project mailing list