15:57:59 <meskio> #startmeeting tor anti-censorship meeting 15:57:59 <MeetBot> Meeting started Thu Oct 5 15:57:59 2023 UTC. The chair is meskio. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:57:59 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 15:58:04 <meskio> hello everyone!!! 15:58:12 <cohosh> hi 15:58:15 <meskio> here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep 15:58:18 <meskio> feel free to add what you've been working on and put items on the agenda 15:58:19 <onyinyang[m]> hihi 15:58:40 <shelikhoo> hi~hi~ 15:58:50 <ahf> o/ 15:58:51 <meskio> I'll give it few minutes so people can fill up what they've been working on 15:59:11 <GeKo> hi 16:00:15 <ggus> hello o/ 16:02:43 <meskio> if I understand correctly the first two discussion points are the same, as in what domain front we use in snowflake 16:02:53 <meskio> cohosh: do you want to introduce it? 16:03:26 <cohosh> sure, n8fr8 mentioned reports that foursquare.com is not working in iran and some ooni measurements back that up 16:04:03 <cohosh> it's probably a good idea to switch to something else or at least have some variety in the domains we choose 16:04:51 <cohosh> however, the other domain that we think will work, github.githubassets.com we just asked ooni about 16:05:05 <cohosh> and they said it was throttled by IP in Iran a year and a half ago 16:05:59 <meskio> now that snowflake will have suppor for multiple domains it might be good idea to keep those two anyway, but we need to find a better one for moat and legacy-snowflake 16:06:05 <cohosh> i guess throttling might not impact us that much since it's a pretty small channel we need anyway 16:06:22 <ggus> cohosh: meskio: the domain that you're investigating is only for the circumvention api or ? 16:06:43 <cohosh> ggus: we need fronts for both the api and for snowflake 16:06:45 <meskio> is both for circumvention settings/moat and snowflake 16:06:56 <cohosh> for example, orbot doesn't really use our api 16:06:59 <meskio> we've being using the same domain, maybe we should use two different ones 16:07:03 <cohosh> so they need something to work 16:07:21 <ggus> cohosh: i thought orbot 'smart connect' was using circumvention api 16:07:30 <cohosh> not for snowflake domains 16:07:38 <ggus> ahh, okay 16:07:48 <meskio> ggus: I think so, but I don't think is used by default, I'm confused by their UX 16:07:57 <cohosh> https://github.com/guardianproject/orbot/issues/983 16:08:13 <cohosh> *not for snowflake bridges 16:08:50 <cohosh> the tl;dr is that right now if the api returns a snowflake bridge they use their builtin snowflake bridge lines 16:09:57 <meskio> seeing that our main snowflake use is in iran, maybe we can test our full list from our vantage point, and trim down the ones that work 16:10:19 <ggus> so, we need new domains in azure and/or fastly that works in china/iran/russia/+othe regions? 16:10:33 <meskio> ggus: fastly, yes 16:10:59 <cohosh> i don't think foursquare.com is blocked in all ASes: https://explorer.ooni.org/chart/mat?test_name=web_connectivity&axis_x=measurement_start_day&since=2023-09-04&until=2023-10-04&time_grain=day&probe_cc=IR&axis_y=probe_asn&domain=foursquare.com 16:11:05 <cohosh> in iran 16:11:33 <meskio> mmmm 16:12:13 <meskio> we could also check what others are using, like great fire, do they use fastly? if so what domain? 16:12:20 <ggus> cohosh: fwiw, cdn.sstatic was also blocked temporarily in Iran, so i wonder if foursquare was a temp issue too... 16:12:37 <cohosh> yeah that's possible 16:12:58 <cohosh> so maybe the idea of using githubassets and foursquare is good for now 16:13:08 <cohosh> (for snowflake, moat we need to just pick one) 16:13:25 <shelikhoo> At least for snowflake we are think about remembering last working fronting domain, which will enable us to ship a bunch of fronting domains 16:13:49 <shelikhoo> so that we don't need to worry too much about the quality of domain put into that list 16:14:02 <shelikhoo> so long as one of them work, it will work 16:14:03 <trinity-1686a> pypi.org (python packet manager) is probably works in most place, though they don't seem to like the idea of domain fronting https://github.com/pypi/warehouse/issues/10399 16:14:20 <meskio> now that we'll have multiple domain names, would be nice to know how many people uses each from our broker... 16:14:33 <meskio> and from wich country, so we can see when something stops working 16:14:42 <shelikhoo> without usability issue like trying different fronting domain until one works 16:14:58 <cohosh> we did just talk to ooni about adding more of these potential front domains to their test lists 16:16:12 <cohosh> anyway, i think the short term question is what if anything to do about moat 16:16:35 <cohosh> since we have some pending snowflake features that shelikhoo mentioned 16:16:49 <cohosh> we can switch to githubassets for the next release 16:16:58 <cohosh> or stick with foursquare and hope the problem goes away 16:17:05 <cohosh> and meanwhile work on multi-front features 16:17:39 <meskio> if githubassets is just throttled and not blocked I think is a good idea to switch 16:17:48 <cohosh> okay, sounds good 16:18:03 <meskio> maybe we should look into it a bit 16:18:24 <cohosh> sure, that can happen after the meeting 16:18:33 <cohosh> we have some potential azure fronts to consider as well i think 16:19:02 <meskio> we can make the switch in TB alpha and ask some people in Iran to test 16:20:04 <cohosh> yeah that's a good idea 16:20:45 <meskio> I see we have decided to move to githubassets and check how it goes, who wants to do the changes in TB? 16:20:48 <ggus> or we can just give some bridge lines for people to test 16:21:02 <meskio> ggus: yep, we can also do that 16:21:12 <meskio> is that easier for the community team? 16:21:25 <meskio> I can produce a line for you 16:22:26 <ggus> meskio: we didn't have any report from iran... but in iran, people are mostly using Orbot and not tor browser 16:22:39 <meskio> ohh, true 16:23:07 <meskio> I'll make the line and pass it to you to test and see what we hear about 16:23:14 <ggus> sounds good! 16:23:16 <meskio> anything else on this topic? 16:23:31 <cohosh> oh that last thing is, it looks like cdn.sstatic.net no longer resolves to fastly domains for any of the recent ooni tests 16:23:40 <cohosh> so they must have just switched to cloudflare fully 16:23:59 <dcf1> The supposition that people in Iran mostly use Orbot is derived from the unequal usage of snowflake-01 and snowflake-02 bridges. But the recent strange dynamics of the two bridges have me questioning whether that was a valid inference to draw in the first place. 16:24:11 <dcf1> ggus: unless you have other sources of information saying that Orbot is more used. 16:26:19 <meskio> I've being hearing from people mentioning they use orbot in Iran and not TB, but I don't have any stadistics on it 16:26:49 <meskio> lets move to the next topic 16:26:56 <meskio> future of PTs 16:27:08 <meskio> I've being talking with ahf on our ideas of HTTP based PT protocols 16:27:22 <ggus> dcf1: idk how reliable is this source, but scroll down to Top Rankings: https://www.appbrain.com/app/orbot-tor-for-android/org.torproject.android 16:27:26 <ggus> https://www.appbrain.com/app/tor-browser/org.torproject.torbrowser 16:27:41 <shelikhoo> I personally don't think we should go with QUIC based transport 16:27:44 <dcf1> I think the discussion about MASQUE (re QUIC and TLS) in the issue is a little off the mark. 16:27:45 <meskio> and he was rising the question if we still need a network based PT protocol 16:27:52 <dcf1> Don't think "MASQUE" = "QUIC" 16:27:57 <ahf> o/ 16:27:58 <dcf1> Think "MASQUE" = "HTTP" 16:28:08 <meskio> as in if we want just to use a plugin/library based system only 16:28:13 <dcf1> The "Q" in MASQUE originally stands for QUIC, yes, but that is somewhat an anachronism 16:28:36 <dcf1> MASQUE is just about specifying extensions and new ways to do proxying over HTTP 16:28:36 <shelikhoo> QUIC is designed to solve the issue of traffic over US/EU internet 16:28:37 <ahf> yeah, i think there is a lot of things that have changed since we did anything towards the PT "ecosystem" itself. i think under sponsor 8 we changed some things and that was an extremely wasteful project in terms of how much we got out of compared to the amount of time we spend on it 16:28:50 <dcf1> In that sense you can consider good old HTTP CONNECT to fall under the same umbrella 16:29:02 <ahf> because a significant amount of time was spend trying to ask external folks about their new spec systems for PT 2.x and whatever - so in my mind spending time on that isn't particularly useful 16:29:20 <shelikhoo> and TCP based HTTP1.1 should work equally well without dealing with the complexity of QUIC 16:29:37 <ahf> today in tor, we have a big change since we did sponsor 8 in 2018 which is that we now have a lot of nice mobile folks wanting to integrate tor into their apps and they do it both because they want the anonymity features, but also they want the anti-censorship features 16:29:47 <dcf1> I think nickm is right: "HTTP CONNECT and MASQUE are not 100% orthogonal". The point is that if, in the future, you want to specify something like datagram proxying for PTs, and you're already using HTTP CONNECT for PTs, you don't have to invent something new: CONNECT-UDP and CONNECT-IP are already there from MASQUE. 16:30:01 <ahf> right now when someone wants to add "tor features" to their apps, they need to first integrate tor, which is a big task, then after they need to integrate the PT ecosystem 16:30:21 <ahf> this is also reflected in how "we" do releases: we all deliver our products to the TB team (inside tor) for them to put all our components together and release it 16:30:41 <shelikhoo> So I think it does not justify the cost of introducing a huge library for us to implement a PT spec, that is mostly just localhost traffic 16:30:58 <ahf> this have lead to folks like GP, providing some really nice engineering work into building systems such as iptproxy, which solves a ton of issues that are platform specific (such as iOS not doing processes at all and only allows us to do threads) 16:31:32 <ahf> and eta recently did something similar to iptproxy for onionmasq (our experimental vpn implementation that will be the first tor app to deliver udp from client and from exit to the users) 16:31:36 <shelikhoo> dcf1: yes, it is considered HTTP3, yet, it is still something we couldn't just write by hand ourselves 16:31:44 * eta was mentioned :o 16:32:02 <ahf> this leads me to think: wouldn't it be smarter to think of next generations of PT's as an API/ABI/rust trait/golang interface/whatever 16:32:17 <eta> https://gitlab.torproject.org/tpo/core/onionmasq/-/tree/main/crates/onionmasq-pt-wrapper?ref_type=heads this thing 16:32:26 <ahf> if we do things as plug-ins we can start releasing PT's together with the arti release process 16:32:27 <dcf1> ahf: the PT working group came to that conclusion years ago, I think. 16:32:40 <shelikhoo> I think we should go for simpler interface when it does what we wants to do 16:32:41 <ahf> and this build integration and such would become easier for folks wanting to embed our products 16:33:11 <ahf> since they would need to integrate arti and pick the anti-censorship plug-ins they want, initialize them with potentially interactive components (if something needs to prompt the user for something? an url? whatever here) 16:33:45 <shelikhoo> ahf: yes, we could have language depend PT interfaceS, however, it won't allow cross language calling 16:33:49 <ahf> dcf1: did they do anything about it? last time i looked there was an ABI defined from operator foundation that looked extremely like it was designed by someone who had no users that wanted to use it 16:34:15 <meskio> I totally agree that we should integrate PTs in arti and make them as libraries that are compiled together with it 16:34:21 <ahf> shelikhoo: cross language calls isn't the biggest issue if we have plug-ins since we can provide an executor binary for people who wants socks4/socks5/masque/http connect/whatever 16:34:43 <shelikhoo> and language like Go have a runtime that isn't nice when you load 2 C exported Go library in the same process 16:34:46 <dcf1> I think the picture is that the "IPC" interface that Tor uses is DOA for any use case but Tor: it's basically just a bespoke custom internal protocol, because it turns out not to work for most other people's use cases, as you have said 16:35:16 <meskio> I guess my question is if it makes sense to also have a PT protocol to have PTs as different processes or that is a waste of time 16:35:19 <ahf> shelikhoo: but that is also a solved issue today with what iptproxy have done with merging them all into one library :-) 16:35:51 <ahf> i am trying very hard not to say "let's do it all in rust" because i know a lot of components that are useful for PT's are not in rust today, but of course in the end for arti, these things would be linked statically through a rust interface 16:36:03 <dcf1> So the intention behind the "API" interface was to answer the needs of non-Tor developers. How successful it is at that, I don't know. I don't know whether any other groups use it or not. Even as we use it in Snowflake to facilitate use by iPtProxy, it's not quite as specified, I believe. 16:36:06 <ahf> (and static linking is important here - having DSO's is not enough) 16:36:36 <shelikhoo> ahf: yes, but the final use case is iOS, in which case one does need load more than one PT and in different language, and there are more than go PT 16:36:37 <dcf1> But there is certainly more demand out there for an API interface than what Tor does now. 16:36:38 <ahf> dcf1: that is the big question i don't know the answer to: does anybody other than tor use these things so how important is the stability of the interfaces here? 16:36:51 * trinity-1686a mumble something about defining a wasm ABI 16:37:06 <ahf> shelikhoo: but they solved that by wrapping all the go pt's in one "meta" pt 16:37:11 <shelikhoo> in iptlibrary's case, the pt is no longer pluggable, as custom logic is needed for each pt 16:37:18 <ahf> it's not like we see another PT arrive every week anymore :-) 16:37:46 <shelikhoo> ahf: yes, it would work by having a go pt aggregator 16:37:48 <ahf> right, i think the pluggable component of it is an illusion in that each one of them may have initialization settings that potentially even needs user interaction (in addition to static configuration) 16:37:55 <ahf> shelikhoo: that exists today 16:38:03 <dcf1> Well, that's the question: are pluggable transports meant to be pluggable across different projects (which was the original vision, I believe, but which pt-spec failed to achieve), or are they meant only to be pluggable within the Tor ecosystem (which is de facto the situation now) 16:38:30 <shelikhoo> trinity-1686a: yes! I like that idea but maybe not everyone... 16:38:51 <cohosh> LEAP for one has tried to use our PTs without Tor 16:38:56 <ahf> dcf1: tor's goal's with arti is that more applications should be able to embed tor into their products 16:39:05 <ahf> and with that, they want our anti-censorship story too 16:39:30 <meskio> I don't think we need here to solve how a pluging/library interface will look like, and it looks like something like that will exist whatever we wanted or not (iptproxy for example) 16:39:31 <dcf1> I think both of those possibilities ar reasonable goals, btw. PT 1.0 already doesn't work as a cross-project interface, so nothing is lost by giving that up imo. 16:39:34 <ahf> today embedding tor is a nightmare - only GP have been succesful with that, and it's a pain for them to do 16:39:46 <ahf> dcf1: right 16:39:54 <dcf1> I myself would not be sad to see the IPC TOR_PT_MANAGED_TRANSPORT_VERSION etc. go away. 16:40:16 <ahf> oh boy, me too 16:40:24 <shelikhoo> dcf1: in the end, Tor, Shadowsocks all have different PT protocol, and different developer just target different standard 16:40:42 <dcf1> And as meskio says, it would obviate the need to specify something like an HTTP proxy for things like the args length issue. 16:41:00 <ahf> but, one thing i like about the plug-in idea is that we potentially can continue to provide socks5/masque/whatever interface to people who needs that (like cohosh just mentioned, LEAP), but also i remember some of the old PT examples included how one could wrap your ssh port for client/server in obfs4 16:41:14 <ahf> that could still be possible with plug-ins if we just have some executor that provides the client/server side of the plug-ins 16:41:34 <meskio> (LEAP does use the operator foundation libraries, not pt-spec) 16:42:00 <dcf1> Yes, that's basically what one of operator foundation's prducts does (shapeshifter?). It links with a PT using the API and wraps it in the IPC interface. 16:42:15 <ahf> right 16:42:42 <shelikhoo> I think it wouldn't be hard for us to target a in process language dependent PT spec 16:42:48 <dcf1> https://github.com/OperatorFoundation/shapeshifter-dispatcher "Shapeshifter Dispatcher converts Pluggable Transports that implement the Go API from the Pluggable Transports 2.1 specification into proxies usable by applications." 16:43:08 <ahf> trinity-1686a: isn't ios and wasm a bad idea - we cannot bundle a JIT there and would have to potentially have a network extension link against webkit? 16:43:13 <shelikhoo> and let the pt-library target different SOCKS or HTTP1.1 IPC spec 16:43:49 <shelikhoo> ahf: we could bring an interpretor for WASM 16:44:00 <shelikhoo> it will be slow, but it is iOS 16:44:10 <ahf> shelikhoo: i don't think we can do that and it would horribly slow 16:44:11 <shelikhoo> so it is apple's fault 16:44:18 <ahf> yeah, let's focus on products here ;p 16:44:24 <meskio> we've being discussing in the past that we wanted to do a new version of the ptspec, and the question here is if we really need that or should we directly focus on making a rust API/ABI and link our PTs to it 16:44:40 <meskio> and forget about IPC for now 16:45:07 <shelikhoo> I think it is still a while before we get arti to support being a relay 16:45:30 <meskio> is also a while antil we can do any meaningful new IPC, as c-tor will not support it 16:45:48 <meskio> but we can start working on the client side 16:45:54 <ahf> shelikhoo: we have a grant for it, the client side does PT's today and the interface is fairly nice. with the executor model, backwards compatibility on the server side should be fairly easy to provide for C tor usage today (even without modifying C tor) 16:46:11 <ahf> arti should ideally be in TB at some point from next year 16:46:30 <dcf1> meskio: "forget about IPC for now" I think that is a productive direction to be headed in. 16:46:37 <ahf> ya <3 16:46:50 <shelikhoo> oh! nice! it is nice to see arti get adopted soon! 16:47:02 <shelikhoo> so it will get onion service support soon?! 16:47:16 <ahf> forget about IPC, think about the developer experience for arti integrators, and ignore external spec bureaucracy would be my 3 items that i hope people think of from this 16:47:22 <shelikhoo> yes, we should have an internal Go IPC PT spec 16:47:26 <meskio> shelikhoo: it got onion service support in the last release 16:47:42 <ahf> shelikhoo: yeah, connections to OS have been there for a while but OS services are arriving as we speak 16:47:46 <shelikhoo> meskio: oh! nice! I lost some tick in the past months... 16:47:48 <ahf> still not entirely tied up 16:47:54 <trinity-1686a> ahf: I think there are ways to "compile" wasm bins to C, so we could do a strange thing where we compile rust/go/whatever to wasm, and then for iOS only compile to C then to native code 16:48:22 <trinity-1686a> or find a non-jit runtime 16:48:26 <ahf> trinity-1686a: i see :o 16:48:32 <meskio> I hear some quorum on ditching the idea of a new IPC pt spec, are we all on that page? 16:48:35 <dcf1> trinity-1686a: the WASM idea is imo a promising one for actually achieving the "cross-project pluggability" goal. 16:48:40 <shelikhoo> yes, we should have an internal Go IPC PT spec, then let the library and arti exchange traffic in HTTP Connect PT 16:49:02 <dcf1> shelikhoo, that is basically the opposite of what meskio said :P 16:49:12 <ahf> shelikhoo: that is completely the opposite of what we just talked about i think 16:49:13 <meskio> I guess there is no quorum 16:49:22 <ahf> avoid thinking protocols, think library functions and interfaces is the goal 16:49:23 <shelikhoo> I am pretty interested in WASM pt as well! please let me know if there is any idea or progress! 16:49:51 <meskio> should we make a voice meeting to discuss this? it looks like it requires some more work 16:49:52 <trinity-1686a> and wasm could allow downloading new PTs as suggested by some api, without app update, which could be neat 16:49:57 <meskio> or we can keep discussing it next week 16:50:04 <meskio> there is 10min for the hour and two more topics 16:50:05 <shelikhoo> yes, but it would work for projects like iptlibrary now 16:50:39 <ahf> trinity-1686a: one concern i'd have with wasm is the run-time cost and its abstraction cost, particularly in the iOS setting where memory usage is a concern (and this one i think we can totally blame on apple) 16:50:41 <shelikhoo> and also solve the socks arg length issue now 16:50:48 <ahf> but it sounds like an interesting idea 16:51:18 <trinity-1686a> I don't know the story about memory usage in wasm. will add to my todolist 16:51:21 <shelikhoo> it wouldn't be too hard for C-Tor to support HTTP Connect PT Spec if anything goes wrong 16:51:21 <ahf> meskio: i think voice sounds good 16:51:23 <ahf> trinity-1686a: awesome! 16:51:39 <ahf> shelikhoo: we are not going to do more features in C tor unless there is a very, very, very good reason 16:51:51 <meskio> I'll try to coordinate a voice meeting, I'll be mostly AFK next week, but let's target in two weeks 16:51:57 <ahf> 👍 16:51:59 <shelikhoo> ahf: yes, it will be the worst case 16:52:22 <dcf1> trinity-1686a: I wonder if you have seen the Proteus paper from FOCI 2023. It has the same vision of "protocol downloadable as if it were configuration". https://www.petsymposium.org/foci/2023/foci-2023-0013.php 16:52:23 <shelikhoo> I will write my opinion as text in the issue as well 16:52:44 <meskio> there are two more topics in the agenda, can any of those be postponed for next week? 16:52:46 <trinity-1686a> dcf1: I hadn't. thx for the link 16:52:50 * meskio has to leave in tmin 16:52:51 <dcf1> They use a custom sandboxed runtime and a new programming language. There was one slide in the presentation like "Why not WASM/Lua/etc.?", but I don't remember what it said. 16:52:57 <meskio> s/tmin/5min/ 16:53:14 <dcf1> trinity-1686a: https://github.com/unblockable/proteus 16:53:54 <dcf1> proteus has the first Rust implementation of PT 1.0 afaik. 16:53:55 <shelikhoo> dcf1: I am going to go ahead and remove proxy churn if you think it is the right time 16:54:20 <dcf1> shelikhoo: yes, I am okay with that any time. 16:54:37 <shelikhoo> as i later know the funding proposal for related feature is stuck 16:54:50 <dcf1> If a plan emerges for long-term use or continuous records, I am okay with it coming back, I just think there should always be a plan. 16:54:51 <shelikhoo> okay then no discussion is necessary 16:55:07 <meskio> cool 16:55:10 <shelikhoo> let's remove it for now until we got a plan later 16:55:23 <meskio> last topic: (Network Health) 'Running' flag for counting bridges and network size 16:55:30 <meskio> GeKo: ??? 16:55:36 <meskio> can it wait a week? 16:55:40 <ggus> yup 16:55:43 <meskio> or should we solve it now fast? 16:55:47 <dcf1> that gives us a finite concrete artifact that was can publish alongside the churn analysis in the paper 16:56:31 <ggus> meskio: gk is afk now, but it's fine to discuss next week 16:56:40 <meskio> great, then we are done 16:56:49 <ggus> we just wanted to bring to topic to the attention 16:56:49 <meskio> just on time for me leaving :) 16:57:04 <ggus> as it's affecting operators, indicators, metrics.. 16:57:11 <meskio> ggus: sure, let's discuss it next week, anyway we've being talking in the issue 16:57:26 <meskio> I'll close the meeting now if there is nothing more 16:57:55 <meskio> #endmeeting