#pluggable-transports log

13:59:37 <anadahz> #startmeeting
13:59:37 <MeetBot> Meeting started Tue May 31 13:59:37 2022 UTC.  The chair is anadahz. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:59:37 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:00:01 <gina_h[m]> 👋
14:00:01 <anadahz> Hello everyone and welcome to this month's PT meetup.
14:00:38 <anadahz> Please use this pad if you want to add any topics: https://pad.riseup.net/p/pt-meetup-keep
14:00:55 <xhdix[m]> 🙌
14:02:21 <rrbrrb1[m]> 🦊
14:06:45 <rrbrrb1[m]> Anything new?
14:08:16 <anadahz> On 4th of May 2022 Psiphon network had a ~1.5 million user increase from users in Myanmar.
14:09:42 <rrbrrb1[m]> Interesting. Do you know what net they are connecting from? Last I heard many were using sim cards for the Thai cell network to get around disturances
14:11:30 <onyinyang[m]> Did something change with Psiphon recently to attract so many users? Or is this in response to other methods of circumvention being unavailable?
14:12:11 <anadahz> This is the only post I found that mentions about it: https://ntc.party/t/myanmar-1-5-million-user-increase-on-psiphon/2386
14:12:42 <anadahz> Also someone from Psiphon asked the same in OONI channel.
14:13:20 <onyinyang[m]> Oh, so Psiphon doesn’t even know why? 😅😆
14:13:51 <anadahz> Currently Psiphon stats suggest around 5M users from Myanmar: https://psix.ca/d/nyi8gE6Zk/regional-overview?orgId=2&var-region=MM&from=1651414446734&to=1654006446734
14:17:03 <anadahz> Next topic: Iran is trying to copy all the data of the TLDs and use them when it cuts off the Internet.
14:18:18 <anadahz> (not sure who added this topic ^)
14:18:33 <xhdix[m]> I have received unsubstantiated reports of recent Internet outages in Iran claiming that only .ir domains were available and that .com domains that were hosted in Iran were not accessible.
14:18:33 <xhdix[m]> Copying TLD data is defined as a project in the government and it is not clear exactly when it will be implemented nationally.
14:18:33 <xhdix[m]> That's all I know right now.
14:19:07 <xhdix[m]> (it's related to DNS-based rendezvous for Snowflake )
14:19:18 <rrbrrb1[m]> I guess one goal would be to make blackouts less obvious on the inside.
14:21:42 <anadahz> xhdix[m]: By copying of TLD data you mean the DNS entries?
14:23:09 <rrbrrb1[m]> If it is only DNS entries, what would they get from that?
14:24:04 <xhdix[m]> I think their goal is to fake and cache all DNS requests. So that, for example, `iodine` does not work.
14:26:10 <anadahz> Usually every ISP/DNS server should have "all" the DNS records cached, but shouldn't stop anyone from using DNS circumvention tools.
14:26:32 <anadahz> like for example iodine (or dnstt)
14:27:55 <anadahz> It 'll be interesting to find out how many people are using DNS to circumvent censorship.
14:28:07 <xhdix[m]> <anadahz> "xhdix: By copying of TLD data..." <- What I heard was that they want to bypass the current way DNS works in the country and implement their own way.
14:28:57 <rrbrrb1[m]> For tunneling to work, the records have low ttl values. If you are restricted to the stored cached records, then it would be problematic. That would break some other things...
14:29:52 <rrbrrb1[m]> xhdix[m]: They would probably edit DNS tables and remove (or redirect) some items they dislike
14:31:10 <anadahz> I guess it would not be feasible with DoH and DoT capable DNS tunnels.
14:32:00 <xhdix[m]> unless: https://dnsprivacy.org/attachments/48529419/52756557.pdf
14:34:05 <xhdix[m]> DoH/DoT is easy to detect and block.
14:34:05 <xhdix[m]> Maybe ODoH is a better thing. However, the situation is very different when the Internet is shut down.
14:34:12 <anadahz> xhdix[m]: thx for sharing
14:34:49 <anadahz> DoT/DoH is indeed easy to block but when browsers make it the default DNS resolver, people will not be able to access the web.
14:37:04 <xhdix[m]> The government does not care. The government has even created a whitelist of what internal sites users can access when the Internet is down.
14:37:16 <rrbrrb1[m]> anadahz: Unless they are forced to use the locally approved DNS resolver in .ir
14:37:23 <anadahz> It seems that is the default in Chrome (since version 83).
14:39:16 <xhdix[m]> IIRC, both Firefox and Chrome have fallback resolver which is DNS over UDP. Am I right?
14:42:10 <anadahz> I just checked now Firefox in Fedora is not using DoH/DoT and Chromium uses a "secure DNS, with your current service provider". It mentions also: "Secure DNS may not be available all the time"
14:43:22 <anadahz> At least in Europe it has been a huge discussion as using DoH/DoT by default means that users will circumvent DNS blocking of websites.
14:44:06 <anadahz> Many countries in Europe block hundreds (if not thousand) of websites via means of DNS manipulation.
14:45:05 <Zyansheep[m]> anadahz: i'm assuming Turkey blocks a ton of sites, but what are the other countries that do DNS manipulation?
14:45:43 <anadahz> Zyansheep[m]: Almost all EU countries do block websites via DNS manipulation.
14:46:20 <Zyansheep[m]> huh, I guess they do... https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_in_Europe
14:46:32 <anadahz> Many do publish public blocklists as well.
14:48:06 <anadahz> Also now most of the EU should/(must?) be blocking rt.com and sputniknews.com
14:48:59 <anadahz> Next topic: Interesting idea for more efficient onion routing: https://arxiv.org/abs/1507.05724
14:49:22 <anadahz> Not sure who added but please feel free to add more details.
14:49:59 <Zyansheep[m]> Yeah, that was me. Its been on the back of my mind for quite awhile because it seems like a very good idea, but I've never seen an implementation
14:50:25 <anadahz> HORNET: High-speed Onion Routing at the Network Layer
14:50:25 <Zyansheep[m]> Basically its TOR, but without having nodes keep state on which connections are going through it
14:50:51 <Zyansheep[m]> so you can route and switch proxies really fast
14:52:42 <anadahz> Is there a proof of concept implementation or its only what's mentioned in the paper?
14:52:42 <Zyansheep[m]> it seems like its one of those research papers with a really good idea that just gets lost for some reason
14:52:54 <Zyansheep[m]> anadahz: afaik, I can't find any
14:55:53 <anadahz> I guess HORNET requires an overlay network and that maybe a challenge.
14:58:19 <rrbrrb1[m]> anadahz: Isn't Tor basically an overlay net?
14:59:33 <anadahz> rrbrrb1[m]: It is
14:59:40 <Zyansheep[m]> pretty much... any kinda of system of distributed computers could be categorized as an overlay network
14:59:53 <Zyansheep[m]> s/kinda/kind/
15:00:14 <anadahz> But building something like Tor will not be that easy, infrastructure wise.
15:00:20 <rrbrrb1[m]> Zyansheep[m]: So how would HORNET requiring an overlay net be an issue?
15:01:23 <rrbrrb1[m]> anadahz: Obviously, they put a lot of work into implementing it.
15:02:23 <Zyansheep[m]> rrbrrb1[m]: it would need to be integrated in some coordination software that people could download and bootstrap themselves onto an overlay network to be able to take advantage of HORNET.
15:02:26 <onyinyang[m]> I haven’t read the paper yet but from the title I would have thought this was targeted directly at Tor as an improvement rather than an alternative to Tor
15:03:32 <rrbrrb1[m]> onyinyang[m]: Or, something like lantern, psiphon, etc.
15:03:59 <Zyansheep[m]> onyinyang[m]: yeah, that would be one way. although they do mention something in section 7.3 Limitations, that TOR has some advantages over HORNET
15:04:16 <Zyansheep[m]> namely, resilience against replay attacks
15:04:39 <rrbrrb1[m]> Zyansheep[m]: 👍️
15:05:32 <Zyansheep[m]> "One specific onion routing system, Tor, has a number of security... (full message at https://matrix.org/_matrix/media/r0/download/matrix.org/aZmqqiuHqQlBhoYYWRzIKQxJ)
15:07:05 <pt-bridge[m]> [mattermost] <paul.vines> The AS-based onion routing also makes me a little wary: I wouldn't necessarily want my Tor relay choices determined by where I am and where my destination is (which I *think* is what's happening skimming over the paper)
15:07:28 <Zyansheep[m]> * "One specific onion routing system, Tor, has a number of security... (full message at https://matrix.org/_matrix/media/r0/download/matrix.org/hEkYnltOOzLDfwaySzvgLsOy)
15:10:57 <anadahz> It seems that we have reached the end time for this meetup. Thank you all for attending and see you next month!
15:11:03 <anadahz> #endmeeting