17:01:13 #startmeeting anti-censorship weekly checkin 2019-05-16 17:01:13 Meeting started Thu May 16 17:01:13 2019 UTC. The chair is phw. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:01:13 Useful Commands: #action #agreed #help #info #idea #link #topic. 17:01:27 our meeting pad is here: https://pad.riseup.net/p/tor-censorship-2019-keep 17:01:43 let's start with the announcement 17:01:47 * phw hands the mic to gaba 17:02:32 about Tor meeting 17:02:46 we need to decide how much time/space we will need for anti-censorship team 17:03:09 I'm thinking one morning for roadmapping. And then other sessions open to the rest of Tor 17:03:15 https://trac.torproject.org/projects/tor/wiki/org/meetings/2019Stockholm/DailyAgenda 17:03:34 fwiw, i don't need to have our roadmapping session "closed" 17:03:55 i'd like to join in unless it collides with network team things 17:03:57 yes, sorry for my bad wording 17:03:58 in fact, i would welcome other's opinion on what should be priorities 17:03:59 not really closing 17:04:19 I added it to the afternoon of the first day in the schedule (for 1 hour) but it can change. 17:04:36 not really closed* 17:04:40 ok, gotcha 17:04:45 we need to reserve time for a session on it 17:05:18 but yes, this sounds good to me. one morning for roadmapping and then another handful of sessions for more specific topics, such as gettor 17:05:26 ok 17:05:51 +1 17:05:56 sounds nice 17:06:11 (hello world) 17:06:14 We can move the roadmapping session around to an appropiate time in the first day and then you can participate in other's team roadmapping if you want. 17:06:56 oh, yes, i would like to participate in other roadmapping sessions 17:07:31 ok 17:07:42 i also wonder if we feel like we need to adjust the roadmap again, after the more specific sessions 17:08:13 because that's when we will learn about things we didn't consider before 17:08:16 it is my impression that often exciting ideas comes up during these meetings, after the roadmap sessions are over :-) 17:08:25 we could do one more hour at the end of day 3 to readjust things 17:08:40 yes, an optional hour at the end of day 3 sounds good 17:10:00 ok, anything else wrt stockholm? 17:10:07 (because doing your roadmap brainstorming before going to the other sessions will let you know what things to look for in the other sessions) 17:10:24 nothing else from me 17:11:17 * phw ponders roadmapping sessions with exponentially increasing frequency 17:11:54 ok, let's move on to the discussion section. last week we retired 19 default bridges that were all inactive 17:12:24 team cymru offered to set up more but some people voiced concern that we shouldn't have one entity run this many bridges for us 17:12:43 hm, i can setup one too, but they will be on the same /24 as two relays 17:12:59 i think default bridges want to have 100mbit and plan to actually use it 17:13:35 arma1: you mentioned that some of your university contacts me be able to help, right? 17:13:40 i always feel that we talk a lot about getting people to run relays, but not so often about bridges. do we give people t-shirts for running bridges and so on? 17:14:05 the nonprofits that run exits could easily spin up some default bridges, but in the past they were concerned that since relays and bridges can't declare their family, nobody who runs an exit should ever run a bridge and vice versa. i don't think it is that clear, but the concern keeps floating around. 17:14:18 ahf: nearly all bridges that people run will be useless 17:14:31 because bridgedb can't stand up to china, and nobody else needs it 17:14:35 (insert asterisks as needed) 17:15:00 but yes, a tshirt for running a default bridge seems like a solid idea 17:15:11 that doesn't make sense though? if we say all bridges should at least have 100 mbit/s it sounds like we have some capacity issue there and then also we don't want people to run bridges because they would be useless? 17:15:16 that doesn't add up in my mind 17:15:28 default bridges aren't useless 17:15:35 the other ones have a high chance of being 17:15:37 ah, right 17:16:23 phw: yes, i can mail some profs and ask if they're interested to help out 17:16:28 what is our..threat model for these things? 17:16:34 that is, what security goals do we want for them 17:16:48 do we need them run by people we know? for safety? or is that just for reliability that we might want that 17:17:22 no need to answer that right now, but, we should think it through sometime 17:17:57 most importantly, i want someone who's responsive -- which may rule out all professors 17:18:04 have we made any special decision regarding default bridges in the past? 17:18:12 true. they would pick a grad student. but grad students grad[uate]. 17:18:21 so we don't have this noisebridge problem again, where nobody actually runs the bridge 17:18:46 the noisebridge people were responsive for the first few years 17:18:51 what more can you ask for :) 17:19:04 hey, you gotta earn that t-shirt 17:19:13 :-) 17:19:25 cohosh: i think in the past, we mailed tor-assistants and got some volunteers from inside tor 17:20:08 phw: so, you are suggesting a tshirt that you only earn at the three-year mark 17:20:24 * kat5 got weirdly frozen. Reading backlog. 17:21:25 swapping out default bridges every couple years seems okay, right? 17:22:02 yes 17:22:09 i'll do a bit of brainstorming and add a list of criteria to our default bridge page: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/DefaultBridges 17:22:15 great 17:22:42 we may find some more volunteers in stockholm 17:23:27 next item on the discussion list is snowflake and ipv6 17:23:34 * phw hands the mic to whoever wants to take this 17:23:50 arma1: do you wanna take it? 17:24:22 sure 17:24:28 so, the decoy routing people 17:24:32 i talked to them at usenix security 17:24:41 and they're pondering setting up a whole net block to essentially be obfs4 bridges 17:24:44 or maybe to be snowflakes 17:24:55 it's a research idea, so it will take a while to materialize, 17:25:05 but this is our head start to think through whether our software would actually *work* in that situation, 17:25:12 and if not, make some tickets now 17:25:13 (i hope netblock means /8 here) 17:25:46 phw: it's complicated, but it could conceivably be a smaller block, but with actual users using the block too 17:25:53 think "comcast does this with all their unassigned ip space" 17:26:28 i have a snowflake proxy on an ipv6 (and ipv4) address and clients are able to use the ipv6 address to connect 17:26:35 the broker afaik is only ipv4 17:27:02 so the proxies would ahve to be able to communicate with the broker 17:27:19 ok. so if we get snowflakes on ipv6, they can volunteer as snowflakes, and tor browsers with ipv6 can reach them? sounds like we should get a v6 address for the broker? 17:27:33 i'm not sure i follow: isn't the idea of decoy routing is to secretly connect you to a destination that's masked by the decoy. why are they interested in running obfs4 or snowflakes? 17:27:34 so #29258 could probably be resolved if the broker gets v6 support? 17:27:49 phw: i think this is the dark decoys thing we were talking about a few meetings back 17:27:58 oh, ok 17:28:00 and in the emails with the tapdance group 17:28:24 ahf: i believe so 17:28:53 do..do tor browsers need to know which one they speak, to know which kind of ip to use to reach the broker? 17:28:54 neat :o i couldn't get v6 to work on my weird qubes test setup 17:29:09 arma1: it should be automatically taken care of with STUN 17:29:18 and ICE 17:29:40 i thought stun and ice were between the tor browser and the snowflake 17:29:44 the client gets candidates (that may be ipv4 and ipv6) and tries to connect to all of hem 17:30:27 arma1: right, through ICE (which uses STUN), the client gets a bunch of proxy candidates from the broker 17:30:35 and then tries to connect 17:30:49 this just works with what we have right now 17:30:50 oh. so that's the protocol between the browser and the broker 17:30:55 for both ipv4 and ipv6 17:31:44 kind of, ICE is like a series of steps you go through, and one of the steps is to use a signaling channel (the broker) to actually get the candidates, which are candidate ways to connect to the remote proxy 17:31:57 (some please jump in if i'm getting these details wrong :)) 17:32:08 i guess i'll add one more item to the list of things to consider then: is there a scalable way for us to periodically verify that ipv6-only tor browsers can still do snowflake? some sort of regression test 17:32:35 i guess "have a bunch of them as actual users" might count. but maybe we can do something more controlled too 17:33:24 arma1: yeah, we should have more integration like tests with the entire system. i've been hacking on snowbox off and on to get more of this 17:33:39 is there a ticket :) 17:33:40 but in general we don't have anything of this sort yet 17:33:51 #29259 17:33:58 great 17:34:01 somewhat related ^ 17:35:02 * arma1 places the mic carefully back on the table (unless there is something more concrete we should do with this glimpse into our future where we will wish we had done something more now) 17:35:32 thanks arma1 17:36:01 next discussion item is kat5's 'help with' section 17:36:07 Okay, 17:36:21 So we are rapidly approaching end-of-kat5. 17:36:30 :-( 17:36:33 :( 17:36:50 We have a handful of tickets IN REVIEW. We need to decide which of these we feel comfortable marking DONE for the final report. 17:37:19 We need to distribute tickets for review in this meeting. 17:37:20 I don't know if we should look at them now, or if someone wants to go away and make decisions or what. 17:37:46 Basically, I need to know next week what should be marked completed in the final report. 17:38:38 kat5: the list of these are the in_review tickets that are all under the Circumvention component in trac? 17:38:45 https://trac.torproject.org/projects/tor/query?status=needs_review&component=%5ECircumvention&col=id&col=summary&col=status&col=type&col=priority&col=milestone&col=component&order=priority 17:38:47 No, in the roadmap. 17:38:50 are those the ones you are looking at? 17:38:56 oic okay 17:38:58 https://storm.torproject.org/grain/MD4DhqFjAj7vyvfhFiF7vL/b/sandstorm/libreboard 17:39:31 yes, we need to update the roadmap in this meeting. 17:39:58 No, I've just been looking at the roadmap. 17:40:39 phw, cohosh: maybe it makes sense to update the roadmap now. 17:41:01 Take a look at the tickets filter by your name and see if the in progress and review are align to the things you are working on right now 17:41:08 kat5: i'm reasonably confident that 28655 wil be completed. i'll let you know otherwise. 17:41:32 cool 17:41:41 i'll coordinate with hiro and let you know about the gettor tickets 17:41:44 #26348 will be done 17:42:01 in fact, it's in merge_ready in trac now so I'll move it 17:42:04 sounds good 17:42:41 What about #29863 17:42:55 ah, i sent an email to accounting@ and haven't heard back 17:43:06 it relies on getting a machine to monitor 3rd party services 17:43:23 so the block on that is either 1) hear back about the budget or 2) make snowflake-broker a TPA machine 17:43:28 gaba: yes, let's do that next 17:43:33 not sure when either of these will happen 17:43:50 Okay, I'll plan to leave that as in progress unless I hear otherwise. 17:43:55 cool 17:44:00 Thanks everyone! 17:44:19 thanks kat5! 17:45:10 ahf added #5304 to the discussion section. would be great to do that as part of s19 too, if it's trivial 17:46:39 do we agree that it sounds "trivial"? to me it sounds like we need to propagate that value from the configs to the PT's and make the value available in gotptlib 17:46:53 but i'm not sure what lead to this ticket popping up over the week? 17:46:58 if it was some issue somebody ran into 17:47:07 it's a 4 digit ticket, so it's old 17:48:41 i don't know how much work that would entail from tor's side 17:49:05 nope, i just noticed it while reading the more recent ticket that links to it 17:49:14 very little unless there is something unforseen around the spec work 17:50:36 hm, no dcf here 17:50:41 gonna hear him too what he thinks of this bug 17:51:10 sounds like a useful thing to have but i don't feel strongly either way. let's discuss it again next week when dcf is around? 17:51:17 wfm 17:51:41 gaba: ok, the roadmap update. should we make sure that it's in sync with trac, or did you have anything else in mind when you said "update"? 17:52:33 yes, that all the things in the 'in progress' is stuff you are working on 17:52:42 the same with the 'in review' 17:53:22 my 'in progress' changes multiple times a day, but i try to keep it roughly in sync 17:53:43 hm i could do better at updating this 17:53:48 in progress related to the roadmap work you are doing 17:53:59 ah so just things we roadmapped in january? 17:54:05 then it's accurate 17:54:12 we do not have to update it every day but we can go through in the weekly meeting to be sure we are on track with the roadmap we agreed on 17:55:15 sounds good, thanks gaba 17:55:23 does anyone need reviews? 17:56:10 i have a PR for go-webrtc 17:56:12 i convinced cohosh to look at https://github.com/NullHypothesis/obfs4PortScan but would welcome another pair of eyes. it's ~200 lines of go code 17:57:42 I think dcf starting looking at the go-webrtc pull, but if not, I can take a look 17:58:01 dcf seems to have mentioned it in his pad report, yes 17:58:06 arlolra: it's very os-specific, so it probably needs some changes 17:58:09 the non-executable stack one, that is 17:58:50 i handled it with a linux.patch in tbb but we probably want to do something about it more generally 17:59:48 looks like that's it for this week 17:59:57 thanks everyone 17:59:59 #endmeeting