[tor-project] Anti-censorship team meeting notes, 2024-01-11
Shelikhoo
shelikhoo at torproject.org
Thu Jan 11 16:45:39 UTC 2024
Hey everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-01-11-15.57.html
And our meeting pad: cohosh
Anti-censorship work meeting pad
--------------------------------
Anti-censorship
--------------------------------
Next meeting: Thursday, January 18 16:00 UTC
Facilitator:
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
This week's Facilitator: shelikhoo
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the
Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap:
*
Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
* The anti-censorship team's wiki page:
*
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
* Past meeting notes can be found at:
* https://lists.torproject.org/pipermail/tor-project/
* Tickets that need reviews: from sponsors, we are working on:
* All needs review tickets:
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None
* Sponsor 96 <-- meskio, shell, onyinyang, cohosh
* https://gitlab.torproject.org/groups/tpo/-/milestones/24
* Sponsor 150 <-- meskio working on it
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_name%5B%5D=Sponsor%20150
== Announcements ==
* Since December 2023, getting TLS certificates for subdomains of
torproject.net (e.g. snowflake-broker.torproject.net) requires asking
the sysadmin team to create a CAA record in DNS to authorize a specific
account.
* https://gitlab.torproject.org/tpo/tpa/team/-/issues/41462
*
https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/tls?version_id=41c7dd0c1eb7ea41a7c92b1876a38549749d70bd#certificate-authority-authorization-caa
== Discussion ==
* DTLS anti-fingerprinting library similar to uTLS
* Useful for snowflake:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40014
* Sean DuBois (from pion) has been interested in this and may
have ideas on what this library could look like
== Actions ==
== Interesting links ==
*
https://opencollective.com/censorship-circumvention/projects/snowflake-daily-operations/updates/2023-december-update
== Reading group ==
* We will discuss "" on
*
* Questions to ask and goals to have:
* What aspects of the paper are questionable?
* Are there immediate actions we can take based on this work?
* Are there long-term actions we can take based on this work?
* Is there future work that we want to call out in hopes
that others will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): 2024-01-11
Past weeks:
- Lox + Tor Browser integration
-
https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/116
- worked on Lox distributor bug fixes and testing
- spun up a few temporary Lox bridges for testing
- integration testing of Snowflake with Shadow
-
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40288
- proxy command-line option to specify probe server URL
-
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/232
- SetNet fix for probetest
-
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/233
- probetest command-line option to specify STUN URL
-
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/237
- opened shadow issue to deal with missing setsockopt support
for snowflake
- https://github.com/shadow/shadow/issues/3278
- unit testing feedback on SQS rendezvous MR
-
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/214
This week:
- Lox + Tor Browser integration
- figure out what we need to get the snowflake server running
in shadow again
- rebase and try out manifest v3 patch
- Conjure bridge maintenance
Needs help with:
dcf: 2024-01-11
Last week:
- upgraded snowflake bridges to 0.4.8.10
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40311
- figured out a CAA issue to prevented renewing TLS
certificates for torproject.net domains (e.g. snowflake.torproject.net,
snowflake-broker.torproject.net)
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40319#note_2981368
- opened an issue to let the snowflake bridge and broker use a
newer type of ACME challenge
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40320
- documented WireGuard setup for the snowflake-01 bridge
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Guides/Snowflake-Bridge-Survival-Guide/diff?version_id=f45748d4c2e9cb8f616d108ec95e39851a89d1dc
- azure CDN bookkeeping
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-costs/diff?version_id=7d54da7db926c7c7745d0cd53c9cdb27007816f5
Next week:
- review draft MR for unreliable data channels
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/219
- open issue to have snowflake-client log whenever KCPInErrors
is nonzero
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886018
- parent:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40267
- open issue to disable /debug endpoint on snowflake broker
Before EOY 2023:
- move snowflake-02 to new VM
Help with:
meskio: 2023-12-21
Last week:
- grant writing
Next week:
Shelikhoo: 2024-01-11
Last Week:
- Work on snowflake performance improvement (WIP):
https://gitlab.torproject.org/shelikhoo/snowflake/-/tree/dev-udp-performance-rebased-exp?ref_type=heads
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/219
- HTTPS distributors in rdsys:
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/191
- Merge request reviews
Next Week/TODO:
onyinyang: 2023-01-11
Last week(s):
- Finished Telegram bot dev
- Continue to support Lox wasm stubs as needed
- Holiday!
This week:
- Bug fixing and other things that come up as lox integration
is rolled out
- document API for lox client/server requests
- Other Lox bug fixes/improvements
- attempt hyper upgrade again
(long term things were discussed at the meeting!):
https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep
- brainstorming grouping strategies for Lox
buckets (of bridges) and gathering context on how types of bridges are
distributed/use in practice
Question: What makes a bridge usable for a
given user, and how can we encode that to best ensure we're getting the
most appropriate resources to people?
1. Are there some obvious grouping
strategies that we can already consider?
e.g., by PT, by bandwidth (lower
bandwidth bridges sacrificed to open-invitation buckets?), by locale (to
be matched with a requesting user's geoip or something?)
2. Does it make sense to group 3
bridges/bucket, so trusted users have access to 3 bridges (and untrusted
users have access to 1)? More? Less?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20240111/2011c62f/attachment.sig>
More information about the tor-project
mailing list