1 Hey everyone! 1 2 Here are our meeting logs:3 http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-02-13-16.00.html
4 5 And our meeting pad: 6 7 Anti-censorship work meeting pad 8 -------------------------------- 9 Anti-censorship 10 -------------------------------- 11 12 Next meeting: Thursday,Feb 27 16:00 UTC 13 Facilitator: shelikhoo 14 ^^^(See Facilitator Queue at tail) 15 16 Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC 17 (channel is logged while meetings are in progress) 18 19 This week's Facilitator: onyinyang 20 21 == Goal of this meeting == 22 23 Weekly check-in about the status of anti-censorship work at Tor.24 Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.
25 26 27 == Links to Useful documents == 28 * Our anti-censorship roadmap:29 * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
30 * The anti-censorship team's wiki page:31 * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
32 * Past meeting notes can be found at: 33 * https://lists.torproject.org/pipermail/tor-project/ 34 * Tickets that need reviews: from projects, we are working on: 35 * All needs review tickets:36 * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None
37 * Project 158 <-- meskio working on it38 * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_name%5B%5D=Project%20158
39 40 41 == Announcements == 42 43 * No meeting February 20th. There is FOCI at the same time 44 * https://foci.community/45 * snowflake-graphs proxy CSV files (client-match.csv, proxy-country.csv, proxy-nat-type.csv, proxy-type.csv) are available again. (Working around a bad descriptor that had prevented updates since 2024-08.) 46 * https://gitlab.torproject.org/dcf/snowflake-graphs/-/commit/089e0af01aa63831b47111dff904ecafe4229ce2
47 48 == Discussion == 49 50 * moderation of mailing lists to prevent spam51 * https://lists.torproject.org/mailman3/hyperkitty/list/anti-censorship-t...@lists.torproject.org/thread/QV3C2RQC6XZO4XBRVOYSSBYTD4YXIE4U/ 52 * we agree to moderate new subscribers and remove the moderation flag on first post if is not spam
53 * Whether to switch to debian fork of golang for CI54 * https://gitlab.torproject.org/tpo/tpa/team/-/issues/42014#note_3159983 55 * The problem is sporadic CI failures due to container rate limits. 56 * The rate limit problem has been fixed, for the anti-censorship team at least, by maintaining our own mirror of container images: 57 https://gitlab.torproject.org/tpo/anti-censorship/duplicatedcontainerimages/ 58 * tpo/tpa/team#42014 is a request to have the admin team take on the responsibility of mirroring those container images. 59 * The admin team prefers that we use their existing Debian images that contain golang, rather than take on a new set of container mirrors. 60 * shelikhoo has a distaste for Debian-based images, stemming from past experience with excessive patching and slow updates. shelikhoo prefers either to build our own golang from source (possibly on a Debian-based image), or else use a binary release of golang. 61 * Debian patches to golang: https://sources.debian.org/patches/golang-1.19/1.19.13-1~bpo11%2B1/ 62 * So the trilemma is: 1. extra maintenance for the anti-censorship team (duplicatedcontainerimages), 2. extra maintenance for the admin team, or 3. using the admin team–maintained images which shelikhoo does not want to use. 63 * The resolution is #1: keep using our own mirror at our own maintenance expense. 64 * TPA provides golang containers based on oldstable, stable, testing and sid versions of golang 65 * golang version in debian might be different than the official one
66 * we'll keep using our mirrors of containers 67 * Would we like to support WASM version of proxy?68 * https://gitlab.torproject.org/WofWca/snowflake/-/compare/main...wasm?from_project_id=43 69 * we could replace the javascript logic of the webextension with the WASM version of the standalone proxy. Removing the need to duplicate functionallity in two languages 70 * When compiled to WASM, Pion acts as a wrapper around the browser's own WebRTC API (i.e. Pion doesn't craft its own DTLS records etc.). So it may be possible to keep browser protocol fingerprints the way they are already. 71 * https://github.com/pion/webrtc/blob/v4.0.9/examples/README.md#webassembly "Pion WebRTC can be used when compiled to WebAssembly, also known as WASM. In this case the library will act as a wrapper around the JavaScript WebRTC API."
72 73 for Feb 27:74 * Should we user test snowflake with covert-dtls? It is difficult to force Snowflake client to become the DTLS client: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/448#note_3158883 75 * "After some debugging, reading the pion webrtc source code, and referencing RFC 5763 (DTLS-SRTP framework) I realized why hook was never triggered. The Snowflake client will almost always become the server in the DTLS handshake as sends the SDP Offer every time. According to the RFC, only the offer can decide who becomes the client or server."
76 77 == Actions == 78 79 == Interesting links == 8081 * https://opencollective.com/censorship-circumvention/projects/snowflake-daily-operations/updates/2025-january-update 82 * https://opencollective.com/censorship-circumvention/projects/snowflake-daily-operations/transactions?kind=EXPENSE
83 * €3,917.57 snowflake-01 bandwidth expenses in 2024 84 85 == Reading group == 8687 * We will discuss "Identifying VPN Servers through Graph-Represented Behaviors" on February 27
88 * https://dl.acm.org/doi/10.1145/3589334.3645552 89 * https://dl.acm.org/doi/pdf/10.1145/3589334.3645552 90 * https://github.com/chenxuStep/VPNChecker 91 * Questions to ask and goals to have: 92 * What aspects of the paper are questionable?93 * Are there immediate actions we can take based on this work? 94 * Are there long-term actions we can take based on this work? 95 * Is there future work that we want to call out in hopes that others will pick it up?
96 97 == Updates == 98 Name: 99 This week: 100 - What you worked on this week. 101 Next week: 102 - What you are planning to work on next week. 103 Help with: 104 - Something you need help with. 105 106 cecylia (cohosh): 2025-02-13 107 Last week: 108 - supported conjure work 109 - reviewed snowflake!315 110 - helped debug and and give feedback on snowflake website111 - updated our jasmine tests for snowflake-webext CI (snowflake-webext#112)
112 - responded to emails on SQS rendezvous 113 - commented on onionperf + python3.13 issue (onionperf#40051) 114 - finally closed out the meek bridge handover issue (team#133) 115 - updated team#142 with recent proxy count graphs and closed it 116 - other random reviews and todos 117 This week: 118 - support conjure work 119 - debug SQS rendezvous 400 errors 120 - take a look at potential snowflake orbot bug121 - https://github.com/guardianproject/orbot-android/issues/1183
122 - maybe do some lox work 123 124 dcf: 2025-02-13 125 Last week:126 - snowflake azure CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-costs/diff?version_id=b3e84c5ae64837042cb63698913234b3432156f8 127 - decommissioned the snowflake-broker.azureedge.net CDN profile https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40434#note_3158173 128 - decommissioned the old snowflake broker VPS instance https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40412 129 - verified documentation fix for snowflake-broker journalctl command https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40428#note_3158950
130 Next week:131 - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886018 132 - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40267
133 - open issue to disable /debug endpoint on snowflake broker 134 Help with: 135 136 meskio: 2024-02-13 137 Last week: 138 - long discussions around rdsys in containers (rdsys#219)139 - debug why webtunnel in lyrebird is not accepting https proxy (lyrebird#40024) 140 - fix moat so it will distribute webtunnel bridges in russia (rdsys#256) 141 - bring backward compatibility on the moat captcha API (rdsys!480)
142 Next week: 143 - steps towards a rdsys in containers (rdsys#219) 144 145 Shelikhoo: 2024-02-13 146 Last Week:147 - [Refine] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/315 ) improvements 148 - [Invesgate]Add support for using a proxy to connect to the PTs(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/40024#note_3159324)
149 - Merge request reviews 150 Next Week/TODO: 151 - Merge request reviews152 - [Refine] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/315 ) improvements 153 - [Deploy] Remove domain snowflake-broker.bamsoftware.com from snowflake broker's ACME tool 154 - [Fix] Add support for using a proxy to connect to the PTs(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/40024#note_3159324)
155 156 onyinyang: 2025-02-13 157 Last week(s): 158 - continued work on ampcache registration method for conjure 159 - WIP MR: https://github.com/cohosh/conjure/pull/1 160 Next week: 161 - finish up ampcache registration method (sqs on hold for now)162 - Begin work on either obfs4 transport or decoy registration option
163 - FOCI 164 - add TTL cache to lox MR for duplicate responses:165 https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305
166 As time allows:167 - Continue work on implementing issuer efficiency for check-blockage and trust-promotion protocols
168 - Work on outstanding milestone issues: 169 - key rotation automation 170 171 Later:172 pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096):
173 - add pref to handle timing for pubkey checks in Tor browser 174 - add trusted invitation logic to tor browser integration:175 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 176 - improve metrics collection/think about how to show Lox is working/valuable
177 - sketch out Lox blog post/usage notes for forum 178 179 (long term things were discussed at the meeting!):180 - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice 181 Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 182 1. Are there some obvious grouping strategies that we can already consider? 183 e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 184 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?
185 186 theodorsm: 2025-02-13 187 Last weeks:188 - Debugging Tor Build with covert-dtls: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/448#note_3158883
189 Next weeks:190 - Update covert-dtls to handle new DTLS extensions in recent browsers 191 - Write instructions on how to configure covert-dtls with snowflake client 192 - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/448).
193 - Condensing thesis into paper (on hold) 194 Help with: 195 - Test stability of covert-dtls in snowflake 196 197 198 199 Facilitator Queue: 200 onyinyang shelikhoo meskio201 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 202 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue
~ ~ ~ ~
-- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036
OpenPGP_0x156A6435430C2036.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-project mailing list -- tor-project@lists.torproject.org To unsubscribe send an email to tor-project-le...@lists.torproject.org
