Here are our meeting logs:
And our meeting pad:
Next meeting: Thursday, Oct 12 16:00 UTC
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
This week's Facilitator: meskio
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap:
* Roadmap: Development · Boards · Anti-censorship · GitLab
* The anti-censorship team's wiki page:
* Home · Wiki · The Tor Project / Anti-censorship / Team · GitLab
* Past meeting notes can be found at:
* The tor-project Archives
* Tickets that need reviews: from sponsors, we are working on:
* All needs review tickets:
* Merge requests · Anti-censorship · GitLab
* Sponsor 96 <-- meskio, shell, onyinyang, cohosh
* Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibet · The Tor Project · GitLab
* Sponsor 150 <-- meskio working on it
* Issues · Anti-censorship · GitLab
== Announcements ==
== Discussion ==
- Update on snowflake domain fronting issues:
- Release Orbot for Android 17.1 RC 1 (tor 0.4.7.14) · guardianproject/orbot · GitHub
- "Fix snowflake Fastly and Moat Activity front" Fix snowflake Fastly and Moat Activity front · guardianproject/orbot@594c49e · GitHub
- at this point, this release is apparently only available by sideloading an APK [guardian-dev] Problems with Snowflake rendezvous front domain since 2023-09-20
- problem with cdn.sstatic.net affected more than just snowflake, also moat, conjure (no deployment change required)
- fixed in new tor browser update, but some users relying on snowflake/moat bridges will be unable to update
- foursquare.com seems to not work in Iran? Do we need to update this for Moat so that users can access circumvention settings?
- [guardian-dev] Problems with Snowflake rendezvous front domain since 2023-09-20 "I am getting reports though that the new front domain chosen may not be reachable in Iran"
- OONI Measurement Aggregation Toolkit (MAT)
- [anti-censorship-team] Trying to understand multi-bridge dynamics post after Fastly/Cloudflare domain front change "On snowflake-01, not all countries were equally affected. Russia and China had bigger relative decreases than Iran did."
- relying on a the same new front may be detrimental to improve connection issues for some users, perhaps a pool of randomly selected domains would improve the situation:
Randomly select front domain from comma-separated list (!182) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
- we are thinking about caching the most recently working front domain, so that the selection is only random the first time, and it doesn't hurt so much if a broken/blocked domain gets in the list
- we have asked OONI about github.githubassets.com, they said it was throttled in Iran 1.5 years ago
- currently, if the circumvention API ("smart connect"?) returns a snowflake bridge, Orbot uses its own built-in snowflake settings rather than the ones returned by the API Use the snowflake bridge lines returned by the circumvention map API when using the "Ask Tor" feature · Issue #983 · guardianproject/orbot · GitHub
- short term: what, if anything, to do about Moat?
- switch to githubassets for next release
- test in alpha first?
- cdn.sstatic.net no longer resolving to a mix of fastly and cloudflare in ooni tests, just cloudflare now
- snowflake-02 not getting as much use as before - why?
- [anti-censorship-team] Trying to understand multi-bridge dynamics post after Fastly/Cloudflare domain front change
- until yesterday, 2023-10-04 ~12:00, it suddenly popped up
- about 4 hours after a reboot of snowflake-01, related? snowflake-01: Reboot needed (#40292) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
- future of PTs, plugins vs. different processes over the network
- HTTP based PT protocol (#130) · Issues · The Tor Project / Anti-censorship / Team · GitLab
- (Network Health) 'Running' flag for counting bridges and network size 'Running' flag for counting bridges and network size (#318) · Issues · The Tor Project / Network Health / Team · GitLab
== Actions ==
== Interesting links ==
== Reading group ==
* We will discuss "" on
* Questions to ask and goals to have:
* What aspects of the paper are questionable?
* Are there immediate actions we can take based on this work?
* Are there long-term actions we can take based on this work?
* Is there future work that we want to call out in hopes that others will pick it up?
== Updates ==
- What you worked on this week.
- What you are planning to work on next week.
- Something you need help with.
cecylia (cohosh): 2023-10-05
- opened PR to update domain front for OONI snowflake tests
- fix: update Snowflake domain front by cohosh · Pull Request #1337 · ooni/probe-cli · GitHub
- met with ooni to discuss tor ooni tests
- more work on deploying the lox distributor
- updated MR to randomly select front domain from a list
- Randomly select front domain from comma-separated list (!182) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
- looked into blocking of foursquare.com and alternative fronts
- deploy lox distributor
- follow up on conjure reliability issues
- visualize and write up some snowflake shadow simulation results
Needs help with:
- posted a note in the forum about the fastly domain front issue Problems with Snowflake since 2023-09-20: "broker failure Unexpected error, no answer."
- wrote an email speculating about possible reasons why snowflake-01 and snowflake-02 were unequally affected: [anti-censorship-team] Trying to understand multi-bridge dynamics post after Fastly/Cloudflare domain front change
- revise encapsulation.ReadData redesign to return an error in the case of a short buffer Have encapsulation.ReadData read into a provided buffer (!154) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
- open issue to have snowflake-client log whenever KCPInErrors is nonzero Deploy snowflake-server for QueuePacketConn buffer reuse fix (#40260) (#40262) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
- parent: Improve bug discovery process (#40267) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
- open issue to disable /debug endpoint on snowflake broker
Before EOY 2023:
- move snowflake-02 to new VM
- fix lyrebird dependencies (lyrebird!14)
- add authentication token to onbasca-rdsys communication (rdsys#174)
- release and deploy a new version of rdsys
- test the whatsapp bot (rdsys#147)
- [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) (stalled)
- Write Tor Spec for Armored URL (continue)
- Merge request reviews
- Finally write a script to automatically merge bot MR: https://gist.githubusercontent.com/xiaokangwang/eecf2c7c9a6bc57a8bf5fe3b7a2d6d82/raw/88d64208be5391705d316cdf47e55e8c004076f3/run.sh
- Write Tor Spec for Armored URL (continue)
- Merge request reviews
- Finished changes to rdsys API at the /resources endpoint to meet the needs of Lox
- Finished up required changes to lox-distributor
- Still need to merge the updated dependencies and make MR to upstream ZK lib:
- fixed bug (? hopefully this can be reviewed) in the zkp crate
- will make MRs to both dalek-cryptography and zkcrypto and maintain a new fork
- Finish up with the dependencies issue
- Continue with metrics
- Time permitting, start work on telegram distributor bot for Lox
(long term things were discussed at the meeting!):
- brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice
Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people?
1. Are there some obvious grouping strategies that we can already consider?
e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?)
2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?