16:00:26 #startmeeting tor anti-censorship meeting 16:00:26 Meeting started Thu May 16 16:00:26 2024 UTC. The chair is onyinyang. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:26 Useful Commands: #action #agreed #help #info #idea #link #topic. 16:00:26 hello everyone! 16:00:26 here is our meeting pad: [https://pad.riseup.net/p/r.9574e996bb9c0266213d38b91b56c469](https://pad.riseup.net/p/r.9574e996bb9c0266213d38b91b56c469) 16:00:45 hi~ 16:00:47 Hi! 16:00:48 hello 16:03:07 o/ 16:03:59 maybe we don't have much to discuss today 16:04:10 I guess everybody is preparing for the tormeeting next week 16:04:14 I don't think so, just some interesting links it looks like 16:05:09 I was literally packing my backpack before the meeting... 16:05:13 dcf1, did you want to say anything about the links that I think you shared? 16:05:19 also hi vecna!! 16:05:20 mmm, other telegram channels handing bridges 16:05:42 hi! 16:06:21 jmwample mentioned he was working on a Rust-based pluggable transports library in a previous meeting; there is a version online now https://github.com/jmwample/ptrs 16:06:23 I wonder why will people set those up if we already run one "official" channel for that 16:06:34 these telegram channels are old 16:06:38 theodorsm can maybe comment on covertDTLS 16:07:01 ggus: ahh, true, now I remember, from before we had our own one 16:07:39 meskio: they feel it's a good way to cotrnibute with their community 16:07:53 Yes, covertDTLS is my WIP library for extending pion/dtls to hook the handshake and do mimicking/randomization 16:08:32 dcf1: this is exciting, we should look more into this ptrs, will be really useful to integrate into arti 16:08:49 CovertDTLS also contains a workflow that freshly generates handshakes/fingerprint from the nightly version of chrome and firefox on Ubuntu 16:09:25 theodorsm: wow, nice work, how far is this from being usable? 16:09:49 theodorsm: by my reading of https://github.com/pion/dtls/pull/631, it seems like pion/dtls didn't want to take on the burden of maintaining fingerprints, but they integrated a hook to permit fingerprint manipulation? 16:10:35 meskio: thanks! I have to expose the hook API in pion/webrtc for it to be usable for snowflake dcf1: yes, the hook API just got merged 16:11:11 The mimicking implementation is done in covertDTLS, using the hooks. 16:11:36 nice, I think the hook approach is a nice balance... 16:11:40 One note from experience: the greatest bang for the buck (most benefit with least maintenance effort) is the RandomizedALPN fingerprint. So a randomized fingerprint is a good priority, if it saves time in establishing mimicking fingerprints. 16:12:11 RandomizedALPN is all we've used in snowflake-client by default for more than a year now. https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_requests/540 16:12:39 dcf1: thanks, yes I want to implement som randomization. I guess it's really affective if censors are blacklisting and not whitelisting 16:13:07 a good rule of thumb is: to a first approximation, all censors are blacklisting 16:14:06 I have done some testing with snowflake, and I cannot find any fingerprint with my field-based fingerprinting tool. I am unsure about stability tho, as unsupported ciphers might be chosen 16:14:27 not to say that building infrastructure for acquiring and integrating real-world fingerprints isn't useful, it's just a higher ratio of effort/benefit. 16:16:41 practically another approach is to use a real browser to send the webrtc traffic and send the content to client 16:16:54 but this would be much harder to deploy for sure 16:19:24 thanks for sharing these links dcf1, this is really awesome work. 16:19:37 ggus, I see that you added a discussion point 16:19:44 onyinyang: what was the TechSoup panel? https://www.youtube.com/watch?v=w3QVkw7Beqc Looks like you presented on Snowflake? 16:19:45 - 0.4.7.x bridges removal (2024-05-16: 500 bridges running EOL): https://metrics.torproject.org/rs.html#search/type:bridge%20version:0.4.7%20 16:20:20 yesss 16:20:49 one sec 16:21:05 dcf1, yes. It was last week. Tor was asked to give a presentation about Snowflake for TechSoup's securing the future panel 16:21:29 so I talked about Snowflake and the other panelists were Freedom of the Press Foundation, Quiet and EFF 16:21:37 we're planning to ask serge dir auth to upgrade to 0.4.8.11 after the dev meeting. serge will reject ~500 bridges. wdyt? should we wait more or? 16:21:53 thank you dcf1 I was looking for the link to share that presentation :D 16:21:55 we (NH + community teams) already contacted all operators 16:22:15 (0.4.7.x relays were rejected some time ago) 16:22:29 ggus: looks like 408 bridges now, so maybe your contacting has helped some bridges to upgrade 16:22:51 whenever you tell me ggus... 16:23:18 meskio: can we poke irl to upgrade to 0.4.8? 16:23:21 is ~20% of the current bridges 16:23:31 meskio, I guess that counts as an interesting link ^-^;; heh 16:24:09 meskio: yeah, but bridge acquisition and retention is difficult. 16:24:16 ggus: I think irl is being AFK latelly, but we can poke acosta and see if something can be done there 16:24:50 I think is not the end of the world if we loose 20% of the bridges, those are old bridges and probably blocked in most places... 16:25:26 (Tor version number as a coarse measurement of bridge churn...) 16:25:51 I'll poke acosta about their bridges 16:26:39 acute? 16:26:44 ok! 16:26:52 yes, acute, my head 16:27:22 dcf1: I've being wondering about the bridge churn, one day will be nice to make some graphs using the metrics 16:27:47 or we could have network address churn 16:27:56 as the bridges are blocked by their address 16:27:59 not fingerprint 16:28:06 why people prefer to run public relays instead of bridges 16:28:28 shelikhoo: yes, but we don't have historical data of the addresses 16:28:33 we do of the fingerprints 16:28:39 yes... 16:31:16 I think that is all we have for this week 16:31:27 is there anything else anyone would like to mention before I end the meeting? 16:31:35 eof 16:31:58 I don't have anything else 16:32:19 Just as a reminder, there will be no meeting next week since several people are travelling for the Tor dev meeting. We will resume on the 30th 16:32:47 safe travels to everyone travelling :) 16:33:03 #endmeeting