[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-project] Anti-censorship team meeting notes, 2025-11-27
Hey everyone!
Here are our meeting logs:
https://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-11-27-16.00.html
And our meeting pad:
Anti-censorship work meeting pad
--------------------------------
Anti-censorship
--------------------------------
Next meeting: Thursday, December 4 16:00 UTC
Facilitator:shelikhoo
^^^(See Facilitator Queue at tail)
Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC
(channel is logged while meetings are in progress)
This week's Facilitator:onyinyang
== Goal of this meeting ==
Weekly check-in about the status of anti-censorship work at Tor.
Coordinate collaboration between people/teams on anti-censorship at the
Tor Project and Tor community.
== Links to Useful documents ==
* Our anti-censorship roadmap:
*
Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards
* The anti-censorship team's wiki page:
*
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home
* Past meeting notes can be found at:
* https://lists.torproject.org/pipermail/tor-project/
* Tickets that need reviews: from projects, we are working on:
* All needs review tickets:
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?scope=all&utf8=%E2%9C%93&state=opened&assignee_id=None
* Project 158 <-- meskio working on it
*
https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_name%5B%5D=Project%20158
== Announcements ==
*
== Discussion ==
== Actions ==
* bring interesting papers to decide on our next reading group
== Interesting links ==
*
== Reading group ==
* We will discuss "CenPush: Blocking-Resistant Control Channel
Using Push
* Notifications" on January 8th, 2026
*
* Questions to ask and goals to have:
* What aspects of the paper are questionable?
* Are there immediate actions we can take based on this work?
* Are there long-term actions we can take based on this work?
* Is there future work that we want to call out in hopes
that others will pick it up?
* Next in the Reading Group Queue:
* Fingerprint-resistant DTLS for usage in Snowflake:
https://www.petsymposium.org/foci/2025/foci-2025-0006.php
== Updates ==
Name:
This week:
- What you worked on this week.
Next week:
- What you are planning to work on next week.
Help with:
- Something you need help with.
cecylia (cohosh): 2025-11-20
Last week:
- reviewed meek-lite url front pairs implementation
- started work on moving SQS to torproject AWS account
- more research on enumeration defences
Next week:
- deploy proxy churn metrics patch (snowflake#40494)
- research snowflake enumeration attacks (snowflake#40396)
- follow up on snowflake rendezvous failures (snowflake#40447)
- revisit conjure integration with lyrebird
- take a look at potential snowflake orbot bug
- https://github.com/guardianproject/orbot-android/issues/1183
dcf: 2025-10-30
Last week:
- made snowflake-graphs use SQLite as intermediate data
representation rather than CSV
https://gitlab.torproject.org/dcf/snowflake-graphs/-/merge_requests/3
- fixed a bug with snowflake-graphs undercounting coverage for
certain rarely occurring levels of factors
https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/3#note_3281215
- opened an issue for coverage=2.00 in snowflake-stats
descriptors during a time when 2 brokers were running simultaneously
https://gitlab.torproject.org/dcf/snowflake-graphs/-/issues/5
Next week:
- open issue to have snowflake-client log whenever KCPInErrors
is nonzero
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40262#note_2886018
- parent:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40267
Help with:
meskio: 2025-11-27
Last week:
- make prometheus monitor the builtin bridges (team#141)
- redesign meek multifront domain MR (lyrebird!142)
- granwriting
- a blogpost based on the SOTO presentation
- transfer brdg.es to TPI, for bridge URIs
Next week:
- investigate the status of builtin bridges (team#141)
Shelikhoo: 2025-11-27
Last Week:
- [Testing] Unreliable+unordered WebRTC data channel transport
for Snowflake rev2 (cont.)(
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/315
) testing environment setup/research
- Many dependencies update merge request review
- [Merge Request] Rename UTLSInsecureServerNameToVerify
option to cert-domain
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/merge_requests/149#note_3293090)
- [Merge Request Review] Count IP churn by proxy type
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/641)
Next (working) Week/TODO:
- Merge request reviews
- [Deployment]Unreliable+unordered WebRTC data channel
transport for Snowflake rev2 (cont.)(
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/315
) Building custom Tor Browser with patch applied
- Release Lyrebird v0.7.0
onyinyang: 2025-11-27
Last week(s):
- Investigating rdsys#248 i.e., why dysfunctional webtunnel
bridges are being distributed
- The ApplyDiff function was suspicious but after
investigation, it seems like this is not the issue. . .the search continues
- Troubleshooting conjure not connecting in China
- waiting for more information from conjure authors/maintainers
- Monitoring email profiler for rdsys #129
- Attempting to move to go-imap v2
- Making arrangements for talk/travel to Splintercon
Next week:
- Attending Ontario Cryptography Day
- Splintercon Prep
- Continue troubleshooting conjure not connecting in China
- Finish up debugging rdsys#129 and rdsys#248 hopefully (take 3? 4?)
- Continue monitoring rdsys#249
Switch back to some of these:
As time allows:
- Lox still seems to be filling up the disk on the
rdsys-test server despite changes made to delete old entries, look into
what's going wrong
Blog post for conjure:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/46
- review Tor browser Lox integration
https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/1300
- add TTL cache to lox MR for duplicate responses:
https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305
- Work on outstanding milestone issues:
- key rotation automation
Later:
pending decision on abandoning lox wasm in favour of some kind
of FFI?
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096):
- add pref to handle timing for pubkey checks in Tor browser
- add trusted invitation logic to tor browser integration:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974
- improve metrics collection/think about how to show Lox is
working/valuable
- sketch out Lox blog post/usage notes for forum
(long term things were discussed at the meeting!):
- brainstorming grouping strategies for Lox buckets (of
bridges) and gathering context on how types of bridges are
distributed/use in practice
Question: What makes a bridge usable for a given user, and
how can we encode that to best ensure we're getting the most appropriate
resources to people?
1. Are there some obvious grouping strategies that we
can already consider?
e.g., by PT, by bandwidth (lower bandwidth bridges
sacrificed to open-invitation buckets?), by locale (to be matched with a
requesting user's geoip or something?)
2. Does it make sense to group 3 bridges/bucket, so
trusted users have access to 3 bridges (and untrusted users have access
to 1)? More? Less?
theodorsm: 2025-06-12
Last weeks:
- Applying for funding from NLnet to implement DTLS 1.3 in
Pion. Got through the first round.
- Writing paper for FOCI: continuation of master thesis
about reducing distinguishability of DTLS in Snowflake by implementing
covert-dtls, further analysis of collected browser fingerprint and
stability test of covert-dtls in snowflake proxies. Draft:
https://theodorsm.net/FOCI25
- Key takeaways:
* covert-dtls is stable when mimicking DTLS 1.2
handshakes, while the randomization approach— though more resistant to
fingerprinting — tends to be less stable.
* Chrome webextensions are more unstable than
standalone proxies
* covert-dtls should be integrated in Snowflake proxies
as they produce the ClientHello messages during the DTLS handshake.
* Chrome randomizes the order of extension list.
* Firefox uses DTLS 1.3 by default in WebRTC.
* A prompt adoption of DTLS 1.3 in both Snowflake and
our fingerprint-resistant library is needed to keep up with browsers
* The evolution of browsers’ fingerprints had no
noticeable effect on Snowflake’s number of daily users over the last year.
* Even with a sharp drop in the amount of proxies, it
does not seem to affect the number of Snowflake users.
* Browser extensions make Snowflake resistant to
ClientHello fingerprinting.
* Standalone proxies can serve more Snowflake clients
per volunteer than webextensions.
* We need metrics on which types of proxies are
actually being matched and successfully used by clients.
Next weeks:
- Getting paper camera ready.
- Fix merge conflicts in MR
(https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/448).
Help with:
- Should we do user testing of covert-dtls?
Facilitator Queue:
onyinyang shelikhoo meskio
1. First available staff in the Facilitator Queue will be the
facilitator for the meeting
2. After facilitating the meeting, the facilitator will be moved to the
tail of the queue
--
---
onyinyang
GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036
_______________________________________________
tor-project mailing list -- tor-project@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-project-leave@xxxxxxxxxxxxxxxxxxxx