#tor-meeting log

15:58:23 <shelikhoo> #startmeeting tor anti-censorship meeting
15:58:23 <shelikhoo> here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep
15:58:23 <shelikhoo> feel free to add what you've been working on and put items on the agenda
15:58:23 <MeetBot> Meeting started Thu Aug 18 15:58:23 2022 UTC.  The chair is shelikhoo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:58:23 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:58:25 <shelikhoo> hi~
15:58:35 <meskio> hello
15:58:38 <dcf1> hi
15:59:15 <ggus> hi
15:59:18 <cohosh> hi!
15:59:31 <meskio> wow, so many people here :)
16:00:00 <gaba> hi :)
16:01:14 <shelikhoo> I have removed old topics, please add it back if you think they still need to be discussed
16:02:09 <itchyonion> hello
16:02:10 <meskio> +1
16:02:14 <arma2> hi! i am nearby but in another meeting. if there is anything for me i will catch up with it in a bit
16:03:17 <shelikhoo> okay, let's begin the first topic
16:03:18 <shelikhoo> Think a new name for HTTPT PT?
16:03:18 <shelikhoo> https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/httpt/-/issues/6
16:03:41 <shelikhoo> The implementation of HTTP PT is about to start
16:03:49 <shelikhoo> if we wants to rename, it is the time
16:04:14 <shelikhoo> do we want to rename it?
16:04:28 <meskio> I see the rationale about HTTPT being hard to pronounce, but obfs4 is neither easy, maybe not a good excuse anyway
16:04:49 <cohosh> https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Baby-Name-Book
16:04:56 <meskio> the good thing of keeping it HTTPT is that this is the name used by the paper that has proposed it
16:05:08 <shelikhoo> let's say webtunnel ?
16:05:27 <meskio> webtunnel is pretty explicit on what it does
16:06:09 <itchyonion> haha the baby name book
16:06:16 <shelikhoo> The way I name thing is try to make sure you can have some understanding of it based on its name
16:06:26 <meskio> there are good ones there, I like moshpit, but I don't think it fits here
16:06:32 <shelikhoo> but it is just my opinion
16:07:15 <itchyonion> i kinda agree with having the same name as the paper. Do we know how HTTPT is intended to be pronounced?
16:07:22 <arma2> dcf does still make fun of the obfs4 name, so not choosing another bizarre unpronouncable one could be a win :)
16:07:59 <cohosh> itchyonion: i think just listing the letters, but it is difficult due to the fact that "http" and "pt" are overlapping in the initialization
16:08:50 <itchyonion> yea makes sense
16:09:16 <cohosh> if choosing from the baby name book, i think cryptids make the most sense since the webpage is an illusion of sorts
16:09:25 <cohosh> but webtunnel also makes sense to me
16:10:38 <meskio> if it helps there is no package in debian with the name 'webtunnel'
16:11:02 <shelikhoo> they will name it golang-xxxxxxx-webtunnel
16:11:15 <shelikhoo> so I don't think this will be a huge issue
16:11:44 <meskio> cryptids are nice names ;)
16:11:58 <meskio> some of them are already taken by popular software, like dropbear
16:12:36 <shelikhoo> yes... so currently there is two candidate:  cryptids, webtunnel
16:12:58 <shelikhoo> any additional nominations?
16:13:19 <meskio> I think cohosh proposal is to use any of the cryptids section (I had to look into what cryptids means :)
16:13:28 <meskio> the section on the baby name book
16:13:38 <meskio> isn't it?
16:13:45 <itchyonion> there's an webtunnel app that seems to be pretty popular (1M+ downloads on Goole play), but maybe this isn't an issue since snowflake is also well-known company
16:14:05 <ggus> i was looking at this: https://en.wikipedia.org/wiki/List_of_cryptids
16:14:51 <meskio> ggus: any aracnid-like (that lives in a web...)
16:15:20 <meskio> ?
16:16:03 <ggus> https://en.wikipedia.org/wiki/Shelob
16:17:01 <gaba> we may ask people to setup bridges for httpt . anything that is transparent and not possible scary would be good
16:17:53 <ggus> if we were a vpn company: cryptotunnel.
16:18:22 <ggus> but between webtunnel and http, i'd prefer webtunnel.
16:20:12 <meskio> I'm happy with webtunnel
16:20:33 <cohosh> +1
16:20:50 <shelikhoo> any objections to webtunnel?
16:21:08 <itchyonion> how much do we care about ambiguity in google search results? The only downside I can think of is there seems to be some already existing tools with that name
16:23:24 <meskio> I hope searching for tor+webtunnel you'll get the right piece
16:24:04 <itchyonion> in that case +1 from me
16:24:12 <meskio> ggus: shelob was also pretty good, but I understand the rethoric of not picking up monsters
16:24:48 <shelikhoo> the same goes to snowflake, so I think it will not be a big deal
16:26:30 <shelikhoo> okay, I think we can agree on webtunnel. We should be able to rename it at a higher cost so long as it is not in tor browser yet
16:26:50 <shelikhoo> now let's move to the next topic
16:26:51 <shelikhoo> Update on the manifest V3 situation for Snowflake webextensions and possible solutions
16:26:51 <shelikhoo> https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/29
16:26:51 <shelikhoo> https://bugs.chromium.org/p/chromium/issues/detail?id=1207214
16:27:10 <cohosh> thanks, i have a brief summary to share on this
16:27:27 <shelikhoo> yes, please go ahead
16:27:37 <cohosh> the short of it is that it's looking unlikely that our snowflake webextension can continue to work on chrome or chrome/chromium based browsers in its current form
16:27:50 <cohosh> <summary>
16:27:50 <cohosh> google proposed manifest v3 a while ago, and has come up with a timeline for deprecating support for manifest v2
16:27:53 <cohosh> v2 extensions will no longer be supported on chrome/chromium starting january 2023
16:27:56 <cohosh> the difference between v2 and v3 extensions is extensive, and drastically limits the types of actions and apis that extensions have access to
16:27:59 <cohosh> this decrease in extension capabilities was done in the name of security and privacy, but as some have pointed out, is actually a privacy loss since it limits the performance of add blockers
16:28:03 <cohosh> the EFF has written a few articles about it. most recently:
16:28:05 <cohosh> https://www.eff.org/deeplinks/2021/12/googles-manifest-v3-still-hurts-privacy-security-innovation
16:28:08 <cohosh> the biggest issue for us is the move in v3 from allowing background pages, that have pretty much the same access as any javascript running in the browser, to what are called "service workers"
16:28:12 <cohosh> service workers have access to a very limited set of apis: https://developer.chrome.com/docs/extensions/reference/
16:28:15 <cohosh> note specifically that they do not have access to the webrtc api, which is what caused the issue that arlolra ran into when trying an initial update to v3 (snowflake-webext!21)
16:28:19 <cohosh> there is an open issue in the chromium bug tracker for this: https://bugs.chromium.org/p/chromium/issues/detail?id=1207214
16:28:22 <cohosh> and we've added to the discussion in both the web extension working group: https://github.com/w3c/webrtc-extensions/issues/77 and https://github.com/w3c/webextensions/issues/72
16:28:26 <cohosh> unfortunately there's been no interest from google in supporting this for chrome so it seems unlikely that we'll be able to run snowflake proxies from a webextension in chrome based browsers after January 2023
16:28:30 <cohosh> there are some other pain points of google's manifest v3 that affect snowflake in less fundamental ways
16:28:33 <cohosh> including that extension icons are no longer visible from the browser bar, but hidden behind a puzzle icon
16:28:36 <cohosh> the snowflake icon shows whether or not the proxy is currently in use and whether snowflake is been turned off due to errors
16:28:39 <cohosh> some good news is that mozilla has responded to the discussions i linked above and is preserving support for background pages in their v3 implementation: https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/ (thanks to arlolra for finding this)
16:28:43 <cohosh> there are a few differences to how things work before, but i'm optimistic that we'll be able to get the current snowflake extension working for firefox's manifest v3
16:28:46 <cohosh> although the timeline for that is not as urgent since firefox has not announced a deprecation timeline for v2 and it's likely to be supported for at least another year
16:28:49 <cohosh> </summary>
16:32:04 <shelikhoo> so if we take no action, then snowflake proxy will stop working on chrome and some of its forks from next year
16:32:12 <cohosh> yes
16:32:49 <shelikhoo> we could encourage the use of embedded page on chrome
16:33:00 <shelikhoo> like pin a page with snowflake
16:33:19 <cohosh> right, one of the ideas i brought up in the issue was a webextension that acts as a snowflake badge helper
16:33:35 <cohosh> i wrote up a quick proof of concept here: https://gitlab.torproject.org/cohosh/mv3-badgehelper
16:34:04 <cohosh> the idea is that it would open a snowflake badge in a new tab and automatically enable it when the extension is installed
16:34:14 <cohosh> and then make sure that tab is open when the browser is started
16:34:48 <meskio> we could 'pin' that tab so at least doesn't take much space
16:36:03 <meskio> I guess we could detect if v2 is not supported (or the mozilla webrtc extensions not present) and use this work around only in that case
16:36:18 <cohosh> meskio: ah yes, it looks like we can pin from the api, that's a good idea
16:37:38 <cohosh> there are some other usability features we could implement for this new extension flow, but i'm a bit concerned about how chrome now hides extension icons, so a user might not notice that a tab has been closed or the badge is off or of errors
16:39:08 <gaba> cohosh: do you think it would makes sense for Tor to write a blogpost about all this? to add to the discussion happening there
16:40:00 <cohosh> gaba: yeah, i was thinking of at least writing to tor-anticensorship-team and tor-dev for some help testing the usability of workarounds
16:40:13 <cohosh> i'm not sure if we should do a blog post now or when we have a clear path forward
16:40:14 <shelikhoo> cohosh: we could maybe send a message to the tab to see if the tab is closed? https://developer.chrome.com/docs/extensions/reference/tabs/#method-sendMessage
16:40:33 <shelikhoo> if it is closed, just open it again
16:40:59 <gaba> understood. better to wait in that case.
16:41:20 <cohosh> shelikhoo: hmm, we could do that, but i don't want it to be too invasive in case a user actually meant to close the tab
16:41:39 <meskio> the tab should include clear instructions on how to get rid of it (dissabling the extension)
16:41:48 <cohosh> i suppose we might be able to have a popup when that happens asking if the user wants to disable the proxy
16:42:29 <shelikhoo> yes, but we could detect this, and take action if necessary
16:43:14 <shelikhoo> it is just going to work less gracefully
16:44:49 <cohosh> yeah it discouraging that our extension is going to take a significant usability hit on the most popular browser
16:45:46 <cohosh> arma2: i'm not sure if advocacy will be useful here, but if you know anyone who has sway on the chromium teams, this issue is the main one we care about: https://bugs.chromium.org/p/chromium/issues/detail?id=1207214
16:45:56 <gaba> do we have a ticket in gitlab about it? maybe donuts have some thoughts about this
16:46:20 <cohosh> gaba: yes it's https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/29
16:46:24 <gaba> thanks
16:47:07 <gaba> can i paste your summary there cohosh?
16:47:49 <cohosh> yes of course! much of it is already sprinkled around there ofc
16:48:35 <cohosh> okay i think my next steps will be to email the anti-censorship and general tor dev mailing lists about this issue to see if some of the other groups with webextension experience have thoughts
16:49:01 <meskio> +1
16:49:06 <cohosh> and to keep working on this tab workaround to get it into a more usable shape, with the suggestions from shelikhoo and meskio
16:49:18 <cohosh> thank you for the discussion
16:50:04 <shelikhoo> yes, anything more on this topic?
16:50:29 <meskio> cohosh: thanks for pushing it forward
16:50:35 <meskio> nothing more from my side
16:51:02 <shelikhoo> I think we could also push the adoption of the standalone proxy
16:51:16 <shelikhoo> which we have way more control over
16:51:19 <shelikhoo> than browser
16:51:27 <shelikhoo> EOF
16:51:57 <cohosh> more proxies can help, but i don't think the proxy is enough on its own
16:52:19 <cohosh> the vast majority of unique snowflake ips are webextensions
16:52:50 <cohosh> but yeah it's possible that with more proxies and our firefox users and badges we'll pull through okay
16:53:05 <arma2> cohosh: re advocacy, i would pick 'brave' and 'we could say it on twitter' as my two top picks
16:53:33 <cohosh> arma2: okay i will respond to the thread meskio started with brave so they are aware of the extent of the issue
16:53:35 <shelikhoo> yes... do we have the information about the ratio of chrome and firefox users?
16:54:05 <arma2> cohosh: oh! i would pick 'google ideas or whatever they're called this year' as my third idea
16:54:14 <cohosh> we don't collect those metrics, we might be able to see installs but that's a bit imperfect
16:54:45 <shelikhoo> yes...
16:55:10 <shelikhoo> anything more we wants to discuss in this meeting?
16:55:19 <cohosh> i think i'm good for now
16:55:22 <ggus> Snowflake in Turkmenistan: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40024
16:55:40 <cohosh> arma2: i'll follow up with you and cc gus re: advocacy
16:55:40 <ggus> we're getting a bunch of users requests in front desk
16:55:49 <ggus> from TM and china
16:56:28 <ggus> for china private bridges are working great. but for TM
16:56:36 <ggus> we need to do something
16:56:41 <meskio> we should roll out soon the change to use azure in TM (with circumvention settings)
16:56:48 <meskio> but I'm not sure that will solve the problem
16:56:53 <cohosh> oof :(
16:57:10 <cohosh> are we sure it's an issue with the broker connection?
16:57:14 <cohosh> the tor logs should tell us that
16:57:19 <shelikhoo> I will finish the review of related PR as soon as possible
16:57:27 <ggus> a bunch == 70+ requests per day
16:57:51 <meskio> cohosh: no, we don't know what is happening there, we are trying to get a vantage point in TM
16:58:14 <cohosh> ggus: are any of the users able to share their tor logs?
16:58:30 <shelikhoo> (was reviewing https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/merge_requests/30 .... but it is draft now)
16:58:54 <ggus> cohosh: tor logs while trying snowflake?
16:59:05 <cohosh> yes, just from tor browser
16:59:26 <arma2> ah, this is because snowflake reports log lines to tor, and tor puts them in the log that tor browser can see?
16:59:29 <cohosh> we have snowflake feeding tor log messages about the connection status where the failure may be
16:59:34 <arma2> right
16:59:36 <ggus> yes, we have
17:00:16 <ggus> but, i'll need to ask nina13[m] to upload somewhere
17:00:19 <cohosh> those should be verbose enough to confirm whether the issue is with the domain front
17:00:46 <cohosh> if they aren't we should work on fixing that too
17:03:10 <shelikhoo> okay, I think that is the end of our meeting
17:03:11 <shelikhoo> #endmeeting