15:59:07 #startmeeting tor anti-censorship meeting 15:59:07 Meeting started Thu Mar 24 15:59:07 2022 UTC. The chair is meskio. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:59:07 Useful Commands: #action #agreed #help #info #idea #link #topic. 15:59:11 hello everybody 15:59:14 here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep 15:59:25 feel free to add what you've been working on and put items on the agenda 16:00:12 the first item in the agenda is 'dnstt bridges' 16:00:23 I didn't remove it just in case we still want to talk about it 16:00:24 hi! 16:00:33 there are already issues created to work on it 16:01:00 hello 16:01:58 hello o/ 16:02:25 hello 16:02:33 Hi~ 16:02:56 dcf1: did you see the conversation last week about adding support to dnstt as PT for bridges? 16:03:18 yes, I skimmed the discussion 16:03:27 hi 16:03:44 :) 16:04:36 anyway, I guess we might not have anything to talk about it, we'll discuss in the related issue 16:04:41 should we move to the next topic? 16:04:54 "Prepare all pieces of the snowflake pipeline for a second snowflake bridge" 16:05:17 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/28651#note_2787394 16:05:30 I have made a design I think will work 16:05:47 Comments are welcomed 16:06:12 if we agree on this design, i will begin implement its broker 16:06:59 dcf1 have later agreed on having broker provide the websocket url(I suppose) 16:07:42 and the fused design here is client check the domain name of that websocket url to see if that have a correct suffix 16:07:51 if so, it will be accepted 16:08:30 this removed the need to synchronise allowed websocket address constantly 16:09:05 and made it possible to have only one pool of proxy, instead of have a pool for each accepted fingerprint 16:09:46 basically it shifts the trust from the broker to the DNS system 16:09:47 and does not decrease the security of client, since in either case it will have to accept a list of allowed websocket destination 16:10:13 if we only allow HTTPS connection 16:10:29 if we only allow HTTPS Websocket connection 16:10:37 then it would not rely on DNS that much 16:11:03 even if we have a allow list, then it still depend on DNS to point the domain to correct IP 16:11:24 so the steps to add a new bridge are: have someone agree to run the bridge, talk to TPA to set up a *.torproject.net subdomain to it, distribute the new bridge line with the new fingerprint? 16:11:59 Yes, and input that info at the broker 16:12:17 we can use an alternative TLD 16:12:25 if that is needed for security reason 16:12:53 that sounds reasonable to me 16:12:55 I have access to a host that will probably be the second snowflake bridge (the first one to have a different bridge fingerprint) 16:13:11 I have not set it up yet, but my plan is to get it ready for when you want to start pointing traffic to it. 16:13:40 dcf1: Yes, that will take a little while 16:13:49 (ln5's bridge is planned to have the same fingerprint we are using already, with domain name snowflake.torproject.net) 16:15:06 I think from Tor's design, it is not designed to have different instance of Tor with same fingerprint 16:15:38 so maybe the best way move forward is to accept that 16:15:58 and design things around this 16:16:51 Is there any suggested amendment to the design there 16:17:07 sounds like a good plan to me 16:17:26 i also don't think it closes any doors if later we want to do the more complex proxy matching idea 16:18:05 +1 16:19:22 anything more on this topic? it looks like we are all happy with shelikhoo design 16:19:53 thanks shelikhoo :D it will be exciting to get this going 16:20:16 no problem~ 16:20:30 (: 16:20:31 {Add SOCKS5 forward proxy support} is ready to be reviewed again, now with handwritten SOCKS5-DNS 16:20:59 so the next topic is SOCKS5 proxy support for snowflake client 16:21:29 I have added handwritten DNS to it to get around Go stdlib's mindset 16:21:49 and it can be evaluated again 16:22:16 nice 16:22:26 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/64 16:22:27 if we decide to have it, we will consider to upsteam changes to webrtc library 16:23:01 thanks shelikhoo, looks like i'm assigned to review it so i'll take a look 16:23:08 and I will rebase it against main 16:23:09 yes 16:23:12 (anyone else who is interested also feel free to jump in though) 16:24:23 okay maybe we can move on to the next topic. 16:24:25 archive state-of-censorship repo https://gitlab.torproject.org/tpo/anti-censorship/state-of-censorship 16:24:26 shelikhoo: 👍 16:25:05 cohosh: I have few things to review in my queue, so I'm happy to you review it, but if you are overloaded say so and I'll have a look 16:25:44 the state-of-censorship repo used to contain a json with information on what country blocks what 16:26:02 but now this information is part of moat API, and the json lives in the rdsys-admin repo 16:26:23 is not exactly the same json, the state-of-censorship one did contain information about websites being blocked 16:26:40 while the moat one is only about ways to connect to tor 16:26:56 I added a notice to the readme and archived the state-of-censorship repo 16:27:04 but I'm happy to revert it if people disagrees 16:28:10 sounds good :) 16:28:37 kind of related to that I have an announcement, the circumvention settings API is already deployed 16:28:51 I just deployed it today 16:29:03 nice! 16:29:23 great! 16:29:25 that is all in the agenda 16:29:34 do we want to pick a paper for our reading group? 16:30:22 itchyonion: I'm not sure we have described the reading group to you, but basically every couple of weeks we pick up a paper on a topic related to anti-censorship and discus it in our weekly meeting 16:30:36 any proposals for papers to read? 16:30:52 awesome 16:31:34 * meskio looks at https://censorbib.nymity.ch/ 16:31:35 i've been meaning to read balboa, personally: https://censorbib.nymity.ch/#Rosen2021a 16:31:59 I'm happy to do that one 16:32:16 +1 16:32:29 two weeks from now? April 7? 16:32:36 thta's a great idea 16:33:23 sounds good! 16:33:23 great, we have something to read the next couple of weeks 16:33:26 👍 16:33:36 anything else for today? 16:34:03 +1, EOF from Shell 16:34:08 nice, we have a fast meeting today :) 16:34:21 I'll wait for a minute and close the meeting if noone has anything else 16:35:20 #endmeeting