[tor-project] Anti-censorship team meeting notes, 2024-05-02
meskio
meskio at torproject.org
Thu May 2 16:57:48 UTC 2024
Hey everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-05-02-16.15.html
And our meeting pad:
Anti-censorship
--------------------------------
Next meeting: Thursday, May 9 16:00 UTC
Facilitator: shelikhoo
^^^(See Facilitator Queue at tail)
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
This week's Facilitator: meskio
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap:
* Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
* The anti-censorship team's wiki page:
* https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
* Past meeting notes can be found at:
* https://lists.torproject.org/pipermail/tor-project/
* Tickets that need reviews: from sponsors, we are working on:
* All needs review tickets:
* https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None
* Sponsor 96 <-- meskio, shell, onyinyang, cohosh
* https://gitlab.torproject.org/groups/tpo/-/milestones/24
* Sponsor 150 <-- meskio working on it
* https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_name%5B%5D=Sponsor%20150
== Announcements ==
== Discussion ==
* Snowfalke API has insufficent support for passing additional settings in constructor
* trying to avoid making breaking changes to the API
* one option is to use builders: https://docs.rs/http/0.2.9/http/request/struct.Builder.html
* another is to use WithXXXX methods: https://pkg.go.dev/google.golang.org/grpc#WithAuthority
* shelikhoo will create an issue to start the discussion on a possible version 3 API for snowflake
* Snowflake broker Debian version EOL
* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40349
* we'll do a fresh install in a new VM
* dcf1 will provision a VM for it
* shelikhoo will do the setup
* ed25519 keys in bridgelines
* https://gitlab.torproject.org/tpo/core/torspec/-/issues/257
* there is a conversation on how to integrate ed25519 keys into bridgelines
== Actions ==
== Interesting links ==
* https://github.com/ooni/utls-light by arturo, an alternative approach to modifying TLS fingerprints that requires less invasive crypto/tls library changes. It works by parsing the serialized native crypto/tls handshake messages before they are sent, and re-serializing them according to a desired schema.
== Reading group ==
* We will discuss "" on
*
* Questions to ask and goals to have:
* What aspects of the paper are questionable?
* Are there immediate actions we can take based on this work?
* Are there long-term actions we can take based on this work?
* Is there future work that we want to call out in hopes that others will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): 2024-05-02
Last week:
- opened an issue in core tor about MyFamily for bridges
- https://gitlab.torproject.org/tpo/core/tor/-/issues/40935
- snowflake webextension work
This week:
- make changes to Lox encrypted bridge table
- https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/147
- follow up on reported SQS errors
- update wasm-bindgen fork to fix some bugs and hopefully upstream changes
- create a Lox test environment and instructions for the browser team
- https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42503
Needs help with:
dcf: 2024-05-02
Last week:
Next week:
- open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886018
- parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40267
- open issue to disable /debug endpoint on snowflake broker
- move snowflake-02 to new VM
Help with:
meskio: 2023-05-02
Last week:
- implement email distributor in rdsys (rdsys#186)
Next week:
- test email distributor in rdsys (rdsys#186)
- improve privacy on rdsys metrics reusing snowflake techniques (snowflake#40354)
Shelikhoo: 2024-05-02
Last Week:
- [Merge Request WIP] Add Container Image Mirroring from Tor Gitlab to Docker Hub(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/280)
- [Dev] Snowflake Performance Improvement
- Fix ipv6 connectivity with restricted address support https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/merge_requests/22
- Merge request reviews
Next Week/TODO:
- Revise Snowflake Performance Improvement MR(cont.)
- Merge request reviews
onyinyang: 2023-05-02
Last week(s):
- Responding to pre-existing MR reviews and other notifications/questions in gitlab
This week:
- attempt hyper upgrade and tokio upgrade
Probably next week and beyond:
- preparing for upcoming panel (maybe)
- implement some preliminary user feedback mechanism to identify bridge blocking based on Vecna's work
- improve metrics collection/think about how to show Lox is working/valuable
- sketch out Lox blog post/usage notes for forum
(long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep
- brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice
Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people?
1. Are there some obvious grouping strategies that we can already consider?
e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?)
2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?
theodorsm: 2023-04-25
Last weeks:
- Extended Pion dtls library to support hooking of client hellos, server hellos and certificate request (PR: https://github.com/pion/dtls/pull/631). Fingerprint generation of firefox and chrome + mimicking using the client hello hook have been moved to its own repo: https://github.com/theodorsm/covertDTLS
- Analyzed the snowflake captures done in "Snowflake Anonymous Network Traffic Identification" paper: no handshakes found, so not relevant for me
- Verified the consistency of the fingerprint generation
Next weeks:
- Add hook to pion/webrtc so it can be used in snowflake.
- Test and validate mimicked client hello with snowflake.
- Add randomized fingerprint
Help with:
Facilitator Queue:
shelikhoo onyinyang meskio
1. First available staff in the Facilitator Queue will be the facilitator for the meeting
2. After facilitating the meeting, the facilitator will be moved to the tail of the queue
--
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20240502/5d85e12f/attachment.sig>
More information about the tor-project
mailing list