#tor-meeting log

16:00:22 <onyinyang[mds]> #startmeeting tor anti-censorship meeting
16:00:22 <MeetBot> Meeting started Thu May  7 16:00:22 2026 UTC.  The chair is onyinyang[mds]. Information about MeetBot at https://wiki.debian.org/MeetBot.
16:00:22 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
16:00:22 <onyinyang[mds]> hello everyone!
16:00:22 <onyinyang[mds]> here is our meeting pad: https://pad.riseup.net/p/r.9574e996bb9c0266213d38b91b56c469
16:00:29 <cohosh> hi!
16:00:36 <meskio[mds]> hello
16:00:44 <Shelikhoo[mds]> hi~
16:01:03 <gaba[mds]> hi
16:01:12 <Lars[mds]> hi...I'm new...
16:01:32 <cohosh> hi Lars[mds], welcome!
16:01:56 <Shelikhoo[mds]> hi Lars!!! welcome!
16:01:56 <Lars[mds]> Thx, do you guys want a mini introduction of myself?
16:01:59 <onyinyang[mds]> hello! 👋
16:02:06 <onyinyang[mds]> sure!
16:03:53 <Lars[mds]> ok, short one: using to browser for years, got hooked by Tor Project recently (for some months), running a relay and a webtunnel bridge, european. Am afraid, censoring in the EU will be a big issue soon. wanna contribute in some way, not a developer
16:04:28 <meskio[mds]> thank you for running the bridge, this is agreat way to contribute
16:04:35 <cohosh> awesome! thank you for running relays!
16:07:18 <cohosh> this meeting is probably mostly development discussions but we also discuss censorship events and new tools/research
16:08:26 <onyinyang[mds]> And on that note, there's one discussion point today from @gaba
16:08:29 <onyinyang[mds]> Project 201: Status and plan for next week.
16:09:08 <gaba[mds]> I'm mostly looking for a place once a week to check on what work happened and bring any blocker if any.
16:09:15 <gaba[mds]> To see if we can do that in a text-meeting
16:09:23 <onyinyang[mds]> that makes sense
16:10:08 <gaba[mds]> any blocker or anything to bring about the work for this project?
16:10:24 <gaba[mds]> I see that some tickets were created
16:10:50 <cohosh> i started documenting our use of signalling channels in this wiki page: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Signaling-Channels/Documentation-of-Use
16:11:07 <meskio[mds]> I'm good, I'm actually reading dcf's fountain codes paper, cohosh you should keep an eye to it as we might want to include it in the design of the library as a builtin block
16:11:16 <cohosh> got some good feedback from the applications team on how they use Moat
16:11:35 <meskio[mds]> nice
16:11:41 <cohosh> meskio[mds]: yeah good idea
16:12:07 <Shelikhoo[mds]> I have yet to create ticket, I will do it next week
16:12:26 <gaba[mds]> ok
16:12:30 <Shelikhoo[mds]> No blocker from shell on "Activity 2.1: Research possible fingerprint diversification system implementations", I will continue work on estimate the work required for creating native rust based tls fingerprint imitation system by extending craftls. The work to sync with upstream, implement support for missing extensions and test/QA will be estimated with a plan on how to proceed if this path was chosen
16:13:04 <gaba[mds]> Thanks Shelikhoo
16:13:41 <onyinyang[mds]> I'm not currently blocked. I've been looking at the amper library which is an implementation of an AMP Cache signaling channel in Go and am using it as inspiration for rewriting it in rust
16:14:02 <onyinyang[mds]> https://github.com/unkaktus/amper/tree/main
16:14:13 <gaba[mds]> Sounds good
16:14:34 <gaba[mds]> That is it then about p201 :)
16:15:47 <onyinyang[mds]> ok great :)
16:16:13 <dcf1> onyinyang[mds]: that amper is by Ivan Martin, friend of the project, also known as twim@tpo
16:16:27 <dcf1> so you have that background if you need to get in touch with them
16:16:31 <onyinyang[mds]> nice :)
16:16:38 <onyinyang[mds]> thanks @dcf1!
16:17:14 <onyinyang[mds]> Other than that, there's just 1 interesting link for today:
16:17:14 <onyinyang[mds]> https://github.com/masterking32/MasterHttpRelayVPN
16:17:26 <onyinyang[mds]> I think maybe this was added by @Shelikhoo ?
16:17:38 <dcf1> This is using script.google.com as a tunnel
16:18:18 <Shelikhoo[mds]> not from me
16:18:20 <dcf1> As far as I can tell, MasterHttpRelayVPN is just a simple URL fetcher; i.e., you rn an app on script.google.com that accepts as input a URL to fetch, and responds with the contents of the page
16:18:24 <dcf1> CGIProxy style
16:18:24 <Lars[mds]> did someone tested it?
16:18:47 <dcf1> of course you could do something more sophisticated with the idea, meek or turbo tunnel style
16:19:14 <dcf1> It's one of the tools that has come up on the net4people iran shutdown thread, since it's one of the tools you can use through the unblocked google.com IP address
16:19:34 <dcf1> you can domain front script.google.com with other domains, as I understand it, or maybe that's not even necessary
16:20:01 <Shelikhoo[mds]> I think one issue we have about this kind of system is more or less related to the quota around this tunneling
16:20:10 <Shelikhoo[mds]> even if it could work for text messaging
16:20:31 <Shelikhoo[mds]> tor is unable to bootstrap over it due to the initial download required
16:20:58 <dcf1> yes there is some kind of daily or per-account limit with script.google.com, or something
16:20:59 <onyinyang[mds]> ah, sorry @Shelikhoo I was just guessing based on the colour of the text
16:21:25 <Shelikhoo[mds]> don't worry onyinyang, it is fine!
16:22:04 <Shelikhoo[mds]> It would be nice if tor allow us to download a file out of band
16:22:35 <Shelikhoo[mds]> and supply that file as the cache for all the info that need to be downloaded over OR protocol
16:23:11 <Shelikhoo[mds]> this should allow non-interactive protocol be used for initial download or at least allow a larger timeout
16:24:57 <Shelikhoo[mds]> over
16:27:41 <onyinyang[mds]> ok if there's nothing more to discuss on this topic, I think that's it for the meeting today
16:28:04 <Shelikhoo[mds]> thanks dcf1 , I see the limit is like "URL Fetch calls 	20,000 / day" at https://developers.google.com/apps-script/guides/services/quotas
16:28:05 <onyinyang[mds]> although, if folks are interested, we could talk about a potential future reading group?
16:28:11 <Shelikhoo[mds]> EOF for me as well
16:28:46 <M4i_un[mds]> May I ask you a quick question?
16:29:06 <M4i_un[mds]> It concerns UAT.
16:29:21 <onyinyang[mds]> @4i_un anyone in particular or are you asking everyone?
16:31:18 <M4i_un[mds]> I have one question I’d like to ask everyone.
16:32:33 <M4i_un[mds]> I wasn’t sure if this was the right topic for a meeting like this, but since today happens to be our meeting day and I’d like to discuss it with everyone as much as possible, I’d like to bring it up.
16:32:52 <dcf1> onyinyang[mds]: also there is champa. URL format: https://repo.or.cz/champa.git/tree/HEAD:/amp ; HTML encoding/decoding: https://repo.or.cz/champa.git/tree/HEAD:/armor
16:33:05 <dcf1> M4i_un[mds] what is your question?
16:33:32 <M4i_un[mds]> Thankfully, in my first review from @cohosh, I was asked to add an open source license to UAT. The specific examples provided were:... (full message at <https://matrix.debian.social/ircbridge/media/v1/media/download/Ab87HXEMw8G3__seSAuRlQFk3tdP1U6kafULo3m0vMrr6ZtgkXWI3d04WbeDOtC6Ol_8Uouse0qWZPJ7GIyfVIVCeeJ1YQLQAG1hdHJpeC5kZWJpYW4uc29jaWFsL0dydGdYQllYWGdxVFhtdEVXWmFQYUFXUw>)
16:35:45 <dcf1> M4i_un[mds]: how it works is you hold the copyright, because you are the author, and you license other people (including tor project) to use it. the license lets people do things they otherwise wouldn't be able to do, like make copies and derived works.
16:36:14 <dcf1> But the license is almost orthogonal to authorship. Your name will be on the software as the author regardless of what license you use.
16:36:39 <dcf1> WebTunnel and UAT can both use the MIT license even if they have different authors.
16:37:27 <cohosh> yes there are many projects that use the MIT license and they have have different copyright holders
16:37:50 <M4i_un[mds]> I see. By the way, I asked that question because I thought the meeting was about to end, but was that okay?
16:38:04 <dcf1> yes M4i_un[mds], you are in line
16:38:04 <cohosh> M4i_un[mds]: oh yeah, definitely :)
16:38:14 <cohosh> thanks for joining the meeting again today, it's good to see you here
16:38:21 <Shelikhoo[mds]> I think even if you are using an open source license, your attribution right is not affected.
16:38:28 <dcf1> M4i_un[mds]: you may also feel free to add your question to the meeting agenda in advance, so everyone sees it on the schedule
16:39:07 <M4i_un[mds]> Sorry, I just thought of that a moment ago, so...
16:39:34 <Shelikhoo[mds]> So you are still the author for the software for the purpose of copyright, you are just using open source license to allow others to use your work according to your license.
16:40:45 <Shelikhoo[mds]> And unlike some organizations, I am not aware of requirements to transfer copyright to Tor for Tor to accept your open source contributions, to be best of my knowledge.
16:42:51 <M4i_un[mds]> I see. I’ll take that into account and think it over a bit more!
16:44:44 <Shelikhoo[mds]> Yes! You can also ask around if there is a conflict of policy between your institution and your open source contributions.
16:45:14 <Shelikhoo[mds]> Some institutions have Intellectual Property Policy that may limits your options.
16:48:03 <M4i_un[mds]> Well, I suppose so. I’ll have a chance next week, so I think I’ll ask the people around me about that.
16:48:50 <M4i_un[mds]> Thank you for your advice.
16:50:08 <Shelikhoo[mds]> EOF for me
16:50:33 <onyinyang[mds]> Anyone want to raise any other topics?
16:51:53 <meskio[mds]> not from me
16:52:18 <Lars[mds]> same
16:52:28 <M4i_un[mds]> I'm EOF too. Thanks to everyone for your advice every week!
16:52:56 <cohosh> thank you!
16:53:02 <onyinyang[mds]> ok, thanks everyone!
16:53:04 <onyinyang[mds]> #endmeeting