16:00:29 #startmeeting tor anti-censorship meeting 16:00:29 Meeting started Thu Sep 2 16:00:29 2021 UTC. The chair is cohosh. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:29 Useful Commands: #action #agreed #help #info #idea #link #topic. 16:00:38 welcome! 16:00:41 hello 16:00:51 here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep 16:01:06 hi o/ 16:01:33 please add items to the agenda :) 16:02:08 * ggus loading the pad 16:03:08 dcf1: you want to lead for the first discussion item? 16:03:24 I was just keeping an eye on the snowflake bridge 16:03:53 It's chugging along, but I wonder if there are some easy ways to reduce CPU use 16:04:16 There's also https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40064 about CPU use in proxies 16:04:28 yeah, profiling sounds like a good next step there in both cases 16:04:43 Nothing urgent, as we still have CPU capacity on the bridge, just something I was thinking about 16:05:10 I wasn't sure how to do a profiling run for the bridge. Do we stop and start it (interrupting ongoing connections) or try to simulate use on a non-production installation? 16:06:07 i would suggest first profiling using snowbox or another non-production deployment 16:06:13 the issue about CPU in proxies was someone with 1.3k connections, will be nice to make the proxy able to do that, but that sounds like a high load for a proxy anyway 16:07:00 meskio: yeah you raised a good point on that ticket that it probably occurred once we lifted the cap on client connections by default 16:07:40 for the bridge, if we can't find any obvious improvements on a toy deployment, then i think we can profile in production 16:07:57 ok, good point meskio, maybe the proxy is not such a priority 16:08:01 ok cohosh 16:09:53 anything else for this discussion? 16:09:56 no 16:10:10 cool, the next item is about reading group 16:10:34 I'm looking at the list of recently published papers and it's getting pretty daunting 16:10:45 might be nice to make a dent in it 16:10:57 FOCI short papers are out since last week 16:11:05 https://dl.acm.org/doi/proceedings/10.1145/3473604 16:11:06 now that meskio is back and the netteam hiring is cooling down a bit i'm totally in to restart these :D 16:12:22 anyone have a preference on what to start with? 16:13:58 * dcf1 browsing 16:15:38 I'm looking at maybe BlindTLS (FOCI) or Balboa (USENIX) 16:16:40 both really good picks XD 16:17:02 balboa is a longer paper so maybe we ease in with the shorter FOCI paper? 16:17:14 sounds good :) 16:17:16 ok 16:17:54 are we doing it next week? 16:18:09 call it 2 weeks, 16 September 16:18:37 cool! i might be afk that week but that's alright 16:19:20 i'll be around the week after 16:19:42 we can do it the week after, 23 Sept 16:20:44 ok, let's do that 16:20:47 heh 16:21:02 ggus: i think the next discussion item is yours? 16:21:25 yes 16:21:48 so, this week we're running the docshackathon to update tor user documentation (tb-manual, support, community portals) 16:22:24 i created a new entry for support portal regarding circumventing gfw https://gitlab.torproject.org/tpo/web/support/-/issues/210 16:22:51 if someone from ac team could review it, that would be nice 16:23:24 nice! 16:23:27 * cohosh looks 16:24:08 and the other thing regarding docshackathon is that i want to merge support.tpo/gettor into support.tpo/censorship. so in one section users can find AC docs. 16:24:24 what do you think? it's a small change 16:24:58 https://support.torproject.org/gettor/ 16:25:06 https://support.torproject.org/censorship/ 16:25:16 yeah that merge makes sense to me 16:25:18 I think is a good idea 16:25:40 okk! i will open a ticket and work on this. :) 16:25:44 there is also gettor.tpo that someday should go away, maybe in the rework of bridgedb UX 16:26:21 is funny that it says gettor via twitter is under maintenance, AFAIK is not working for years 16:26:32 but I'm planning to get it back to work 16:26:36 it will take some months 16:26:57 if it's planned, than it's okay to keep it. 16:27:19 yes: rdsys#40 16:28:17 okay, i will leave it there, so we can update in the future 16:28:38 +1 16:29:48 thanks ggus! web/support!45 looks good to me too 16:30:09 yay! :o) 16:32:20 yes, looks pretty good :) 16:32:35 anything else for today? 16:32:42 i see a TM update item on the discussion now 16:32:54 a short update about TM 16:33:13 yesterday i asked a contact to run OONI test, but looks like ooni backend is blocked 16:33:38 today i asked them to use Psiphon proxy, but it's also blocked 16:34:04 I was stunned at the breadth of domains blocked as measured by Censored Planet 16:34:06 i will try to put together some instructions how to add a private bridge in orbot and then connect to OONI. 16:34:12 yeah that's intense 16:34:18 https://github.com/net4people/bbs/issues/80#issuecomment-903036031 16:34:41 does using ooni + orbot provide accurate measurements? 16:35:02 i guess it's good that the backend connections go through orbot but the actual tests shouldn't right? 16:35:06 Tons of google.com domains, apple.com, microsoft.com, it's pretty hardcore 16:35:07 cohosh: they would use orbot just to send the measurements to ooni 16:36:42 oof, i wonder if any of our gettor endpoints still work there 16:37:11 archive.org maybe? don't see that on the list, and it is probably tested by Censored Planet 16:38:27 it's bidirectional, so we can check real quick 16:38:45 dig @95.85.120.6 +noedns +timeout=2 archive.org 16:38:50 ;; connection timed out; no servers could be reached 16:38:59 :/ 16:39:02 no dns injection on archive.org 16:39:08 ah ok 16:39:21 dig @95.85.120.6 +noedns +timeout=5 hangouts.google.com 16:39:27 ;; ANSWER SECTION: 16:39:27 hangouts.google.com. 300 IN A 127.0.0.1 16:39:31 that's an injected domain 16:40:19 no injection on HTTPS nor HTTP either, apparently 16:40:27 curl --connect-to ::telecom.tm: https://archive.org/ 16:40:27 curl: (60) SSL: no alternative certificate subject name matches target host name 'archive.org' 16:40:37 curl --connect-to ::telecom.tm: http://archive.org/ -D - 16:40:37 HTTP/1.1 301 Moved Permanently 16:41:00 That's surprising, I would expect archive.org to be blocked before some of the other domains on the lists 16:41:30 yeah 16:42:50 thanks for following up on this ggus 16:43:51 i thought that TM would be a quick and easy investigation :( 16:44:56 it's good to start putting it on the map in terms of documented measurement 16:45:22 yeah 16:47:06 I think Turkmenistan doesn't have a Freedom on the Net entry even https://freedomhouse.org/country/turkmenistan 16:47:37 https://freedomhouse.org/report/freedom-net/2020/pandemics-digital-shadow 16:47:49 there is a country list from somewhere on that page, but I can't find it right now 16:47:53 I was thinking on other approaches for gettor if the providers get blocked, we could attach to the emails a binary with tor+snowflake that downloads TBB... 16:47:59 https://freedomhouse.org/countries/freedom-world/scores 16:48:01 this one? 16:48:19 Freedom on the Net and Freedom in the World are two different reports, I think 16:48:51 https://freedomhouse.org/report/freedom-net 16:50:25 meskio: yeah, it's a good problem to think about going forward 16:52:40 okay, anythign else for today? 16:52:58 i'm good 16:53:02 we have our montly report: https://pad.riseup.net/p/l7d6oBd40EQa3u7cFxIk 16:53:11 combining july + august 16:53:23 please update it with what you've worked on when you have a chance :) 16:53:33 I'll try to do it tomorrow 16:53:40 meskio: thanks! 16:55:13 * cohosh waits a few mins 16:57:31 #endmeeting