[tor-project] Anti-censorship team meeting notes, 2025-02-13

1 Hey everyone!
1
2 Here are our meeting logs:
3 #tor-meeting: tor anti-censorship meeting
4
5 And our meeting pad:
6
7 Anti-censorship work meeting pad
8 --------------------------------
9 Anti-censorship
10 --------------------------------
11
12 Next meeting: Thursday,Feb 27 16:00 UTC
13 Facilitator: shelikhoo
14 ^^^(See Facilitator Queue at tail)
15
16 Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
17 (channel is logged while meetings are in progress)
18
19 This week's Facilitator: onyinyang
20
21 == Goal of this meeting ==
22
23 Weekly check-in about the status of anti-censorship work at Tor.
24 Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community.
25
26
27 == Links to Useful documents ==
28 * Our anti-censorship roadmap:
29 * Roadmap:Development · Boards · Anti-censorship · GitLab
30 * The anti-censorship team's wiki page:
31 * Home · Wiki · The Tor Project / Anti-censorship / Team · GitLab
32 * Past meeting notes can be found at:
33 * The tor-project Archives
34 * Tickets that need reviews: from projects, we are working on:
35 * All needs review tickets:
36 * Merge requests · Anti-censorship · GitLab
37 * Project 158 <-- meskio working on it
38 * Issues · Anti-censorship · GitLab
39
40
41 == Announcements ==
42
43 * No meeting February 20th. There is FOCI at the same time
44 * https://foci.community/
45 * snowflake-graphs proxy CSV files (client-match.csv, proxy-country.csv, proxy-nat-type.csv, proxy-type.csv) are available again. (Working around a bad descriptor that had prevented updates since 2024-08.)
46 * Update proxy CSV files to 2025-02-09. (089e0af0) · Commits · David Fifield / snowflake-graphs · GitLab
47
48 == Discussion ==
49
50 * moderation of mailing lists to prevent spam
51 * moderation in the list - anti-censorship-team - lists.torproject.org
52 * we agree to moderate new subscribers and remove the moderation flag on first post if is not spam
53 * Whether to switch to debian fork of golang for CI
54 * Enable Container Registory Mirror for Gitlab Runner (#42014) · Issues · The Tor Project / TPA / TPA team · GitLab
55 * The problem is sporadic CI failures due to container rate limits.
56 * The rate limit problem has been fixed, for the anti-censorship team at least, by maintaining our own mirror of container images:
57 The Tor Project / Anti-censorship / duplicatedContainerImages · GitLab
58 * tpo/tpa/team#42014 is a request to have the admin team take on the responsibility of mirroring those container images.
59 * The admin team prefers that we use their existing Debian images that contain golang, rather than take on a new set of container mirrors.
60 * shelikhoo has a distaste for Debian-based images, stemming from past experience with excessive patching and slow updates. shelikhoo prefers either to build our own golang from source (possibly on a Debian-based image), or else use a binary release of golang.
61 * Debian patches to golang: Package: golang-1.19 | Debian Sources
62 * So the trilemma is: 1. extra maintenance for the anti-censorship team (duplicatedcontainerimages), 2. extra maintenance for the admin team, or 3. using the admin team–maintained images which shelikhoo does not want to use.
63 * The resolution is #1: keep using our own mirror at our own maintenance expense.
64 * TPA provides golang containers based on oldstable, stable, testing and sid versions of golang
65 * golang version in debian might be different than the official one
66 * we'll keep using our mirrors of containers
67 * Would we like to support WASM version of proxy?
68 * https://gitlab.torproject.org/WofWca/snowflake/-/compare/main...wasm?from_project_id=43
69 * we could replace the javascript logic of the webextension with the WASM version of the standalone proxy. Removing the need to duplicate functionallity in two languages
70 * When compiled to WASM, Pion acts as a wrapper around the browser's own WebRTC API (i.e. Pion doesn't craft its own DTLS records etc.). So it may be possible to keep browser protocol fingerprints the way they are already.
71 * webrtc/examples/README.md at v4.0.9 · pion/webrtc · GitHub "Pion WebRTC can be used when compiled to WebAssembly, also known as WASM. In this case the library will act as a wrapper around the JavaScript WebRTC API."
72
73 for Feb 27:
74 * Should we user test snowflake with covert-dtls? It is difficult to force Snowflake client to become the DTLS client: Add covert-dtls to proxy and client (!448) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
75 * "After some debugging, reading the pion webrtc source code, and referencing RFC 5763 (DTLS-SRTP framework) I realized why hook was never triggered. The Snowflake client will almost always become the server in the DTLS handshake as sends the SDP Offer every time. According to the RFC, only the offer can decide who becomes the client or server."
76
77 == Actions ==
78
79 == Interesting links ==
80
81 * 2025 January update (link corrected) - Open Collective
82 * Snowflake Daily Operations - Open Collective
83 * €3,917.57 snowflake-01 bandwidth expenses in 2024
84
85 == Reading group ==
86
87 * We will discuss "Identifying VPN Servers through Graph-Represented Behaviors" on February 27
88 * https://dl.acm.org/doi/10.1145/3589334.3645552
89 * https://dl.acm.org/doi/pdf/10.1145/3589334.3645552
90 * GitHub - chenxuStep/VPNChecker
91 * Questions to ask and goals to have:
92 * What aspects of the paper are questionable?
93 * Are there immediate actions we can take based on this work?
94 * Are there long-term actions we can take based on this work?
95 * Is there future work that we want to call out in hopes that others will pick it up?
96
97 == Updates ==
98 Name:
99 This week:
100 - What you worked on this week.
101 Next week:
102 - What you are planning to work on next week.
103 Help with:
104 - Something you need help with.
105
106 cecylia (cohosh): 2025-02-13
107 Last week:
108 - supported conjure work
109 - reviewed snowflake!315
110 - helped debug and and give feedback on snowflake website
111 - updated our jasmine tests for snowflake-webext CI (snowflake-webext#112)
112 - responded to emails on SQS rendezvous
113 - commented on onionperf + python3.13 issue (onionperf#40051)
114 - finally closed out the meek bridge handover issue (team#133)
115 - updated team#142 with recent proxy count graphs and closed it
116 - other random reviews and todos
117 This week:
118 - support conjure work
119 - debug SQS rendezvous 400 errors
120 - take a look at potential snowflake orbot bug
121 - [BUG] 20% CPU overhead in kindness mode · Issue #1183 · guardianproject/orbot-android · GitHub
122 - maybe do some lox work
123
124 dcf: 2025-02-13
125 Last week:
126 - snowflake azure CDN bookkeeping Changes · Snowflake costs · Wiki · The Tor Project / Anti-censorship / Team · GitLab
127 - decommissioned the snowflake-broker.azureedge.net CDN profile Decommission snowflake-broker.azureedge.net CDN profile (#40434) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
128 - decommissioned the old snowflake broker VPS instance Decommission Debian 10 broker (#40412) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
129 - verified documentation fix for snowflake-broker journalctl command Snowflake broker survival guide journalctl command for logs doesn't work (#40428) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
130 Next week:
131 - open issue to have snowflake-client log whenever KCPInErrors is nonzero Deploy snowflake-server for QueuePacketConn buffer reuse fix (#40260) (#40262) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
132 - parent: Improve bug discovery process (#40267) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
133 - open issue to disable /debug endpoint on snowflake broker
134 Help with:
135
136 meskio: 2024-02-13
137 Last week:
138 - long discussions around rdsys in containers (rdsys#219)
139 - debug why webtunnel in lyrebird is not accepting https proxy (lyrebird#40024)
140 - fix moat so it will distribute webtunnel bridges in russia (rdsys#256)
141 - bring backward compatibility on the moat captcha API (rdsys!480)
142 Next week:
143 - steps towards a rdsys in containers (rdsys#219)
144
145 Shelikhoo: 2024-02-13
146 Last Week:
147 - [Refine] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( Draft: Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (!315) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab ) improvements
148 - [Invesgate]Add support for using a proxy to connect to the PTs(Add support for using a proxy to connect to the PTs (#40024) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / lyrebird · GitLab)
149 - Merge request reviews
150 Next Week/TODO:
151 - Merge request reviews
152 - [Refine] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( Draft: Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (!315) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab ) improvements
153 - [Deploy] Remove domain snowflake-broker.bamsoftware.com from snowflake broker's ACME tool
154 - [Fix] Add support for using a proxy to connect to the PTs(Add support for using a proxy to connect to the PTs (#40024) · Issues · The Tor Project / Anti-censorship / Pluggable Transports / lyrebird · GitLab)
155
156 onyinyang: 2025-02-13
157 Last week(s):
158 - continued work on ampcache registration method for conjure
159 - WIP MR: https://github.com/cohosh/conjure/pull/1
160 Next week:
161 - finish up ampcache registration method (sqs on hold for now)
162 - Begin work on either obfs4 transport or decoy registration option
163 - FOCI
164 - add TTL cache to lox MR for duplicate responses:
165 Enable repeat responses to successful Lox requests (!305) · Merge requests · The Tor Project / Anti-censorship / lox · GitLab
166 As time allows:
167 - Continue work on implementing issuer efficiency for check-blockage and trust-promotion protocols
168 - Work on outstanding milestone issues:
169 - key rotation automation
170
171 Later:
172 pending decision on abandoning lox wasm in favour of some kind of FFI? Consider dropping Lox's WASM (#43096) · Issues · The Tor Project / Applications / Tor Browser · GitLab):
173 - add pref to handle timing for pubkey checks in Tor browser
174 - add trusted invitation logic to tor browser integration:
175 Lox module doesn't include trusted invitation redemption (#42974) · Issues · The Tor Project / Applications / Tor Browser · GitLab
176 - improve metrics collection/think about how to show Lox is working/valuable
177 - sketch out Lox blog post/usage notes for forum
178
179 (long term things were discussed at the meeting!):
180 - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice
181 Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people?
182 1. Are there some obvious grouping strategies that we can already consider?
183 e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?)
184 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less?
185
186 theodorsm: 2025-02-13
187 Last weeks:
188 - Debugging Tor Build with covert-dtls: Add covert-dtls to proxy and client (!448) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab
189 Next weeks:
190 - Update covert-dtls to handle new DTLS extensions in recent browsers
191 - Write instructions on how to configure covert-dtls with snowflake client
192 - Fix merge conflicts in MR (Add covert-dtls to proxy and client (!448) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake · GitLab).
193 - Condensing thesis into paper (on hold)
194 Help with:
195 - Test stability of covert-dtls in snowflake
196
197
198
199 Facilitator Queue:
200 onyinyang shelikhoo meskio
201 1. First available staff in the Facilitator Queue will be the facilitator for the meeting
202 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue