[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-project] Anti-censorship team meeting notes, 2026-01-22
Hey everyone!
Here are our meeting logs:
https://meetbot.debian.net/tor-meeting/2026/tor-meeting.2026-01-22-16.04.html
And our meeting pad:
Anti-censorship
--------------------------------
Next meeting: Thursday, January 22 16:00 UTC
Facilitator: onyinyang
^^^(See Facilitator Queue at tail)
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
This week's Facilitator: meskio
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the
Tor Project and Tor community.
== Links to Useful documents ==
Our anti-censorship roadmap:
Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
The anti-censorship team's wiki page:
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
Past meeting notes can be found at:
https://lists.torproject.org/pipermail/tor-project/
Tickets that need reviews: from projects, we are working on:
All needs review tickets:
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None
Project 158 <-- meskio working on it
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_name%5B%5D=Project%20158
== Announcements ==
Snowflake proxy fairness proposal:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40507
== Discussion ==
Maybe support pinning tls1.3 when using uTLS random fingerprint?
https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/171
Got a report that in at least one environment, TLS 1.2 is
completely blocked, only TLS 1.3 works. uTLS has a 40% probability of
using TLS 1.3 with its random fingerprint, so the connection fails at
least 60% of the time.
Where is it that TLS 1.2 is blocked and TLS 1.3 works? Russia, IIRC.
Enforce this in tls.Config MinVersion/MaxVersion? Perhaps uTLS
should honor those?
Even if it were supported by uTLS, if we add an option to control
this "TLS >= 1.3 only", it puts more pressure on the already maxed out
bridge line capacity.
(I.e., there are two questions, implementation of the capability to
restrict the TLS version in random fingerprints, and adding user
interface controls or a default policy to make use of that feature.)
cohosh suggests finding a working static fingerprint (randomized is
our default configured fingerprint but a user can change the bridge line
with a static one), and estimating the difficulty of adding a TLS
version number restriction to see if it's worth pursuing.
Snowflake library major version bump
breaking changes
e.g. in the messages package
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/7afd18e57fbb874a53a9452e9b84ac3f9e1b1e3a/common/messages/proxy.go
want to make it look more like the client package in that directory
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/7afd18e57fbb874a53a9452e9b84ac3f9e1b1e3a/common/messages/client.go
return structs intead of multiple returns, remove the need for
"...WithRelayURL" duplicates of functions
might be possible to keep compatibility by adding new functions
alongside the old, and rewriting the old in terms of the new
== Actions ==
== Interesting links ==
== Reading group ==
We will discuss "Fingerprint-resistant DTLS for usage in Snowflake"
on Feb 5
https://www.petsymposium.org/foci/2025/foci-2025-0006.php
Questions to ask and goals to have:
What aspects of the paper are questionable?
Are there immediate actions we can take based on this work?
Are there long-term actions we can take based on this work?
Is there future work that we want to call out in hopes that others
will pick it up?
Next in the Reading Group Queue:
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): 2026-01-22
Last week:
- wrote up proposal for increasing fairness and responsiveness
in proxy distribution (snowflake#40507)
- let broker inform proxies how often to poll (snowflake#25598)
- reviews
Next week:
- research snowflake enumeration attacks (snowflake#40396)
- implement proxy fairness proposal
- follow up on snowflake rendezvous failures (snowflake#40447)
- revisit conjure integration with lyrebird
- take a look at potential snowflake orbot bug
- https://github.com/guardianproject/orbot-android/issues/1183
dcf: 2026-01-22
Last week:
- set up a champa server for Iran
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40068#note_3327542
Next week:
- comment on cohosh's snowflake fairness proposal
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40507
- open issue to have snowflake-client log whenever KCPInErrors is
nonzero
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886018
- parent:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40267
Help with:
meskio: 2026-01-15
Last week:
- monitor Iran network blackout (censorship-analysis#40068)
- write a proposal on how to handle censorship events
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/processes/censorship-events
- start using matrix
- merge obfs4-bridge docker CI so it generate images and publishes
them (docker-obfs4-bridge!20)
- clean up old issues
Next week:
- project reports
Shelikhoo: 2026-01-22
Last Week:
- [Testing] Unreliable+unordered WebRTC data channel transport
for Snowflake rev2 (cont.)(
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/315
) testing environment setup/research
- Write Report for 2025 Q4
- [Write up] Expore DNS tunneling options
(https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/173)
- [MR] Update utls version with cherry-picked chrome120 fix
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/656#note_3328970)
Next (working) Week/TODO:
- Merge request reviews
- [Deployment]Unreliable+unordered WebRTC data channel
transport for Snowflake rev2 (cont.)(
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/315
) Building custom Tor Browser with patch applied
- MR Review
- Design experment for internet shutdown
- Release new container release if necessary
onyinyang: 2026-01-15
Last week(s):
- Working on https distributor language selector
- fixing some errors in the translated pages
- does the translation work for bridges.torproject.org exist
somewhere already?
-Making it harder to inject a bridge to a specific client
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/257#note_3322645
- Added cronjob for gettor distributor
Next week:
- Continue Investigating rdsys#248 i.e., why dysfunctional
webtunnel bridges are being distributed
- Troubleshooting conjure not connecting in China
- waiting for more information from conjure authors/maintainers
Switch back to some of these:
As time allows:
- Lox still seems to be filling up the disk on the
rdsys-test server despite changes made to delete old entries, look into
what's going wrong
Blog post for conjure:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/46
- review Tor browser Lox integration
https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/1300
- add TTL cache to lox MR for duplicate responses:
https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305
- Work on outstanding milestone issues:
- key rotation automation
Later:
pending decision on abandoning lox wasm in favour of some kind of
FFI?
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096):
- add pref to handle timing for pubkey checks in Tor browser
- add trusted invitation logic to tor browser integration:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974
- improve metrics collection/think about how to show Lox is
working/valuable
- sketch out Lox blog post/usage notes for forum
(long term things were discussed at the meeting!):
- brainstorming grouping strategies for Lox buckets (of bridges)
and gathering context on how types of bridges are distributed/use in
practice
Question: What makes a bridge usable for a given user, and how can
we encode that to best ensure we're getting the most appropriate
resources to people?
1. Are there some obvious grouping strategies that we can already
consider?
e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to
open-invitation buckets?), by locale (to be matched with a requesting
user's geoip or something?)
2. Does it make sense to group 3 bridges/bucket, so trusted users
have access to 3 bridges (and untrusted users have access to 1)? More? Less?
theodorsm: 2026-01-22
Last weeks:
- MR:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/644
- Implementing DTLS 1.3 in pion
Next weeks:
- Implementing DTLS 1.3 in pion
Help with:
-
Facilitator Queue:
onyinyang shelikhoo meskio cohosh
1. First available staff in the Facilitator Queue will be the
facilitator for the meeting
2. After facilitating the meeting, the facilitator will be moved to the
tail of the queue
_______________________________________________
tor-project mailing list -- tor-project@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-project-leave@xxxxxxxxxxxxxxxxxxxx