Hey everyone!
Here are our meeting logs:
http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-06-26-16.00.html
And our meeting pad:
Anti-censorship work meeting pad
--------------------------------
Anti-censorship
--------------------------------
Next meeting: Thursday, July 11 16:00 UTC
Facilitator:shelikhoo
^^^(See Facilitator Queue at tail)
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
This week's Facilitator:onyinyang
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at
the Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap:
*
Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
* The anti-censorship team's wiki page:
*
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
* Past meeting notes can be found at:
* https://lists.torproject.org/pipermail/tor-project/
* Tickets that need reviews: from projects, we are working on:
* All needs review tickets:
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None
* Project 158 <-- meskio working on it
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_name%5B%5D=Project%20158
== Announcements ==
* Mid-year Tor AFK Jun 30-Jul 5, no meeting July 4
== Discussion ==
* Iran network situation (updates from last week)
* references
*
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40465
* https://github.com/net4people/bbs/issues/484
*
https://ntc.party/t/network-shutdown-in-iran-since-2025-06-18/17068
*
https://ioda.inetintel.cc.gatech.edu/country/IR?from=1750090308
* network is coming back so there is more information
available about how/why snowflake is overloaded
* broker or proxy pool is very overloaded
* restricted proxy pool is totally exhausted
* equal number of matched vs idle proxies
* number of clients has doubled since 2025-06-20
https://metrics.torproject.org/userstats-bridge-transport.html?start=2025-06-01&end=2025-06-26&transport=snowflake
* snowflake-01
https://metrics.torproject.org/rs.html#details/5481936581E23D2D178105D44DB6915AB06BFB7F
* snowflake-02
https://metrics.torproject.org/rs.html#details/91DA221A149007D0FD9E5515F5786C3DD07E4BB0
* community team is asking for more specific+actionable
information from the anti-censorship team: not just that we need
proxies, but how many proxies? how many users are there in Iran right
now? the information needs to be appealing to people outside the tor
community.
*
https://mastodon.social/@torproject/114745109066226826 outreach:
"We're still in need of more #snowflake extensions to help keep
Iranians connected during this critical time."
* our prometheus metrics are the best source of
real-time proxy usage, but they are not publicly available. could
share screenshots to show the number of matched clients.
* Has information on polls per country
* https://snowflake-broker.torproject.net/prometheus
* snowflake_rounded_client_poll_total has a "cc"
field
* snowflake-stats metrics in CollecTor
*
https://gitlab.torproject.org/tpo/community/relays/-/issues/116
"[Snowflake] We need more snowflake proxies"
* we now have access to a vantage point:
* investigate if snowflake is being blocked by fingerprint
or listing proxies
* there are reports that google might be reachable in Iran
* if so maybe ampcache works and things like champa are
useful for people to reach the rest of internet
* https://repo.or.cz/champa.git
* https://github.com/net4people/bbs/issues/485
* This did indeed work, to a very limited extent. Enough
to get connected to Telegram for 10 minutes.
* webtunnel bridges block in Russia
*
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40064
* the block seems to be SNI based
* the censor is likely to be listing and blocking bridges
== Actions ==
== Interesting links ==
*
https://github.com/pion/webrtc/wiki/Release-WebRTC@v4.0.0#dtls-provides-hooks-for-censorship-circumvention
== Reading group ==
* We will discuss "A Wall Behind A Wall: Emerging Regional
Censorship in China (Henan firewall)" on June 26
* https://gfw.report/publications/sp25/en/
* Questions to ask and goals to have:
* What aspects of the paper are questionable?
* Are there immediate actions we can take based on this work?
* Are there long-term actions we can take based on this work?
* Is there future work that we want to call out in hopes
that others will pick it up?
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): 2025-06-26
Last week:
- merged and deployed broker metrics rewrite (snowflake#40458)
- discussed broker metrics interpretation
-
https://gitlab.torproject.org/dcf/snowflake-graphs/-/merge_requests/1
- reached out to new conjure bridge operator with installation
instructions
- monitored snowflake overload situation
- opened issue to change proxy NAT reassignment
(snowflake-webext#118)
This week:
- follow up on snowflake rendezvous failures
- take a look at potential snowflake orbot bug
-
https://github.com/guardianproject/orbot-android/issues/1183
dcf: 2025-06-26
Last week:
- reviewed snowflake-graphs MR to add client-polls data
https://gitlab.torproject.org/dcf/snowflake-graphs/-/merge_requests/1
- refactoring in snowflake-graphs
- support during Iran network shutdown
Next week:
- re-reduce snowflake broker resource allocation
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40465#note_3211319
- open issue to have snowflake-client log whenever KCPInErrors
is nonzero
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886018
- parent:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40267
Help with:
meskio: 2024-06-26
Last week:
- merge the contaners of rdsys and bridgestrap, the staging
server is life...
- investigate the changes in webtunnel used in russia to
bypass censors (censorship-analisys#40064)
- test snowflake proxy patch for Iran (snowflake#40465)
- support grant writting
Next week:
- AFK
Shelikhoo: 2024-06-26
Last Week:
- [Testing] Unreliable+unordered WebRTC data channel
transport for Snowflake rev2 (cont.)(
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/315
) testing environment setup/research
- Snowfalke Staging Server Experiment
- [Deploy] Add Domain Fronting Testing Support to logcollector
- [Invesgate] Meek-CDN77 stop working in China
(https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/162)
- Merge request reviews
Next (working) Week/TODO:
- Merge request reviews
- Support the Testing of domain fronting sites (
https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/logcollector/-/issues/6
) (cont.)
onyinyang: 2025-06-26
Last week(s):
- Started looking into unresolved lox issues, signalling
channel library
- Pivoted to webtunnel distribution through telegram:
-https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/158#note_3210454
-https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/534
Next week:
Mid-year break
Finish up webtunnel work on rdsys
Switch back to some of these:
As time allows:
- review Tor browser Lox integration
https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/1300
- add TTL cache to lox MR for duplicate responses:
https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305
- Work on outstanding milestone issues:
- key rotation automation
Later:
pending decision on abandoning lox wasm in favour of some kind
of FFI?
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096):
- add pref to handle timing for pubkey checks in Tor browser
- add trusted invitation logic to tor browser integration:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974
- improve metrics collection/think about how to show Lox is
working/valuable
- sketch out Lox blog post/usage notes for forum
(long term things were discussed at the meeting!):
- brainstorming grouping strategies for Lox buckets (of
bridges) and gathering context on how types of bridges are
distributed/use in practice
Question: What makes a bridge usable for a given user, and
how can we encode that to best ensure we're getting the most
appropriate resources to people?
1. Are there some obvious grouping strategies that we
can already consider?
e.g., by PT, by bandwidth (lower bandwidth bridges
sacrificed to open-invitation buckets?), by locale (to be matched with
a requesting user's geoip or something?)
2. Does it make sense to group 3 bridges/bucket, so
trusted users have access to 3 bridges (and untrusted users have
access to 1)? More? Less?
theodorsm: 2025-06-12
Last weeks:
- Applying for funding from NLnet to implement DTLS 1.3 in
Pion. Got through the first round.
- Writing paper for FOCI: continuation of master thesis
about reducing distinguishability of DTLS in Snowflake by implementing
covert-dtls, further analysis of collected browser fingerprint and
stability test of covert-dtls in snowflake proxies. Draft:
https://theodorsm.net/FOCI25
- Key takeaways:
* covert-dtls is stable when mimicking DTLS 1.2
handshakes, while the randomization approach— though more resistant to
fingerprinting — tends to be less stable.
* Chrome webextensions are more unstable than
standalone proxies
* covert-dtls should be integrated in Snowflake
proxies as they produce the ClientHello messages during the DTLS
handshake.
* Chrome randomizes the order of extension list.
* Firefox uses DTLS 1.3 by default in WebRTC.
* A prompt adoption of DTLS 1.3 in both Snowflake and
our fingerprint-resistant library is needed to keep up with browsers
* The evolution of browsers’ fingerprints had no
noticeable effect on Snowflake’s number of daily users over the last
year.
* Even with a sharp drop in the amount of proxies, it
does not seem to affect the number of Snowflake users.
* Browser extensions make Snowflake resistant to
ClientHello fingerprinting.
* Standalone proxies can serve more Snowflake clients
per volunteer than webextensions.
* We need metrics on which types of proxies are
actually being matched and successfully used by clients.
Next weeks:
- Getting paper camera ready.
- Fix merge conflicts in MR
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/448).
Help with:
- Should we do user testing of covert-dtls?
Facilitator Queue:
meskio onyinyang shelikhoo
1. First available staff in the Facilitator Queue will be the
facilitator for the meeting
2. After facilitating the meeting, the facilitator will be moved to
the tail of the queue
_______________________________________________
tor-project mailing list -- tor-project@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-project-leave@xxxxxxxxxxxxxxxxxxxx