15:58:27 <shelikhoo> #startmeeting tor anti-censorship meeting
15:58:27 <shelikhoo> here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep
15:58:27 <shelikhoo> feel free to add what you've been working on and put items on the agenda
15:58:27 <MeetBot> Meeting started Thu Feb 16 15:58:27 2023 UTC.  The chair is shelikhoo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:58:27 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:58:49 <shelikhoo> hi~
15:58:56 <meskio> hello
15:59:01 <itchyonion> hello
15:59:03 <onyinyang[m]> hello o/
15:59:39 <shelikhoo> thanks for your hello when I was wondering whether I have calculated time zone correctly...
15:59:51 <itchyonion> (I thought it's my turn. I will chair next week's meeting)
16:00:55 <meskio> :)
16:00:57 <shelikhoo> yes, i will be in my vacation next week, so over take this one...
16:01:02 <shelikhoo> ^~^
16:03:34 <cece[m]> hi
16:03:35 <shelikhoo> let's start our discussion
16:03:38 <shelikhoo> What is the status of activating the snowflake-02 bridge in Orbot?
16:03:38 <shelikhoo> snowflake-01 is still pretty much saturated, and snowflake-02 relatively almost unused
16:04:07 <shelikhoo> I think this issue is most related to it is yet to be supported on some mobile port
16:04:26 <shelikhoo> and a lot of users need it is using it from mobile?
16:04:44 <dcf1> yes, apparently almost all users are on mobile
16:05:12 <meskio> orbot people does know about snowflake-02, I'm trying to remember what they said a couple of weeks ago when we told them it will be nice if they will activate it soon
16:05:25 <dcf1> snowflake-01 bandwidth (multiply by 12 for true values): https://metrics.torproject.org/rs.html#details/5481936581E23D2D178105D44DB6915AB06BFB7F
16:05:31 * meskio goes to look at the meeting notes
16:05:37 <dcf1> snowflake-02 bandwidth (multiply by 4 for true values): https://metrics.torproject.org/rs.html#details/91DA221A149007D0FD9E5515F5786C3DD07E4BB0
16:06:23 <meskio> hehe, no notes on that topic, I recall them mentioning that they were on it, that was January 17th, so one month ago
16:06:45 <meskio> I haven't check with them again to see if that has being moving or not
16:07:16 <dcf1> I just wanted to check, the idea was to relieve load on snowflake-01, but it is still currently neaer maximum load
16:07:17 <shelikhoo> snowflake-01 = 26.8×12 = 321.6
16:07:43 <shelikhoo> snowflake-02 = 6.52 × 4 = 26.08
16:08:07 <meskio> n8fr8he[m]: are you around by any chance? do you know what is the status of snowflake-02 bridge in orbot?
16:08:52 <shelikhoo> we can add this to S96 meeting agenda now and discuss it in 2 weeks if they are not around
16:09:05 <meskio> shelikhoo: +1, lets do that
16:09:11 * meskio goes to do it
16:09:22 <dcf1> (I'm not sure where your numbers of 26.8 and 6.52 come from shelikhoo, but that is about the right ratio)
16:10:04 <shelikhoo> dcf1: https://share.riseup.net/#uakb2bViYffz85QIWD8VvQ
16:10:09 <dcf1> Oh, I see: "Advertised Bandwidth"
16:11:49 <shelikhoo> anything more we wish to discuss on this topic?
16:11:58 <dcf1> no
16:12:08 <meskio> one thing
16:12:37 <meskio> the latest orbot release was Jan 13, so I guess if this change was ready for the next release is not live yet
16:12:45 <meskio> EOF
16:13:06 <shelikhoo> okay, the next topic is about reading group
16:13:10 <shelikhoo> Proposal for reading group:
16:13:10 <shelikhoo> https://www.ndss-symposium.org/wp-content/uploads/madweb2021_23011_paper.pdf
16:13:10 <shelikhoo> Detecting Tor Bridge from Sampled Traffic in Backbone Networks
16:13:10 <shelikhoo> "Current researches on Tor bridge detection have used a small amount of complete traffic, which makes their methods not very practical in the backbone network. In this paper, we proposed a method for the detection of obfs4 bridge in backbone networks. To solve current limitations, we sample traffic to reduce the amount of data and put forward the Nested Count Bloom Filter structure to process the sampled network traffic. Besides, we
16:13:10 <shelikhoo> extract features that can be used for bridge detection after traffic sampling. The experiment uses real backbone network traffic mixed with Tor traffic for verification."
16:13:58 <shelikhoo> any comments or objections on choosing this paper?
16:14:36 <meskio> sounds good
16:14:49 <meskio> it looks like another paper comming from a chinese university
16:15:14 <meskio> I'm curious about it now
16:15:43 <meskio> I will not be around in two weeks, but I'm fine if you do it without me
16:15:52 <dcf1> Yes, Cheng Guang is a big figure in encrypted traffic analysis research, and is the leader of the "Key Laboratory of Computer Network and Information Integration" at Southeast University
16:16:06 <shelikhoo> let's discuss it in 3 weeks time
16:16:18 <shelikhoo> there is nothing urgent about it
16:17:06 <cohosh> nice, it looks interesting
16:17:48 <onyinyang[m]> I agree, looking forward to reading it
16:17:52 <shelikhoo> anything more we would like to discuss on this item?
16:18:28 <shelikhoo> the next topic will be about this announcement:
16:18:28 <shelikhoo> Tor Browser 12.0.3 released with Hello Verify Request mitigation for Snowflake
16:18:28 <shelikhoo> https://blog.torproject.org/new-release-tor-browser-1203/
16:18:59 <meskio> nice work shelikhoo
16:19:05 <shelikhoo> yes, thanks!
16:19:16 <shelikhoo> we are in the process of upstreaming this change
16:19:45 <itchyonion> 👍
16:19:49 <shelikhoo> one last piece is get pion/webrtc to merge this https://github.com/pion/webrtc/pull/2407
16:20:14 <meskio> :)
16:20:49 <shelikhoo> anything more we would like to discuss on this topic?
16:21:27 <meskio> not from me
16:21:37 <cohosh> shelikhoo: any word on whether this got snowflake unblocked?
16:21:55 <cohosh> i think i missed that discussion
16:22:07 <dcf1> one tester on NTC reported success with a self-compiled version a month ago https://ntc.party/t/second-snowflake-bridge-available-for-testing/3445/12
16:22:15 <cohosh> that's great
16:22:33 <shelikhoo> from the vantage point's data, it will get snowflake working again in russia again https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/bridgestatus/-/blob/main/recentResult_russia
16:23:18 <shelikhoo> okay we can now move the action items
16:23:18 <shelikhoo> We should make a ticket for pion to cache its stun answers when possible, because right now it surprises us by asking way more stun questions than it actually needs to.
16:23:31 <shelikhoo> have we discussed about it before
16:23:53 <meskio> I think those are leftovers from previous meetings, but I'm not sure if they are done
16:24:12 <shelikhoo> Firstly, i don't think there is much to be cached for stun
16:24:48 <shelikhoo> a stun is required to get the mapped port on public facing IP address
16:24:59 <shelikhoo> and it is all we send
16:25:21 <cohosh> is this about DNS?
16:26:33 <shelikhoo> it makes senses if it is about DNS... but from the wording, I don't think so...
16:27:09 <dcf1> that reminds me, there was a post on the stunprotocol list a couple of days ago: "TLDR: stun.stunprotocol.org is going away. Being replaced with a new server and address."
16:27:13 <dcf1> https://groups.google.com/g/stunprotocol/c/upVwaG97ggY/m/3ddUBGA_FAAJ
16:27:13 <shelikhoo> that being said we always send dns question to recursive dns server, so there should be cache built in there
16:27:49 <cohosh> oh! i've been trying to contact the operator for a few weeks to follow up on funds and whether the traffic is down
16:28:01 <cohosh> i wonder why they haven't replied
16:29:23 <cohosh> this is the issue on removing it: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40241
16:29:37 <cohosh> i think we're still waiting on the debian package,  not sure where the circumvention settings are at
16:29:49 <meskio> circumvention settings are updated
16:29:57 <cohosh> meskio: awesosme, thanks!
16:30:01 <meskio> the package is pendient, I hope to do it next month
16:30:13 <meskio> but I don't think many people use the debian package
16:30:19 <shelikhoo> but anyway the orbot is still pending...
16:30:26 <cohosh> yeah in that case i don't think we're reliant on it
16:30:32 <shelikhoo> but can get them update everything in one go
16:30:46 <cohosh> worst case is that the client has another nonfunctional stun server
16:31:15 <cohosh> but if orbot is still using it and most of our snowflake traffic is from orbot then it must still be getting a lot of traffic
16:34:09 <shelikhoo> anything more to discuss on this topic?
16:34:29 <shelikhoo> I don't think we wants to open that ticket on webrtc since this request makes no sense to me
16:34:41 <shelikhoo> when it comes to caching stun answer...
16:34:55 <cohosh> agreed
16:35:21 <shelikhoo> but we do can ask orbot to update bridgeline
16:35:37 <shelikhoo> and it serves more than one purpose to us
16:35:48 <shelikhoo> over
16:36:02 <shelikhoo> the next action topic is
16:36:02 <shelikhoo> We might want to be able to spin up our own stun servers, on our own ip/port, for debugging. We should talk to TPA about that goal at some point (not urgent).
16:36:19 <shelikhoo> this might be something from last week as well
16:36:29 <shelikhoo> do we have a ticket about this? let me search it
16:36:55 <shelikhoo> no?
16:37:24 <meskio> I'm not sure we agreed on having our own stun servers
16:37:40 <meskio> I think there were some doubts on that being useful as they might be easy to block
16:37:55 <shelikhoo> we discussed about let proxy use it
16:38:04 <shelikhoo> but for proxy the google's one is as good
16:38:19 <dcf1> that was a separate discussion, I believe. That was with ln5, and that was about running STUN servers separately from TPA.
16:38:48 <dcf1> I am not sure whose is this action item, but I had the impression it was different from that earlier discussion.
16:39:16 <shelikhoo> we can either reject this proposal or open a ticket about this
16:39:34 <cohosh> i don't think there's anything for us to do on this now
16:39:39 <meskio> +1
16:39:55 <cohosh> from what i remember, we don't want to run infrastructure that gets a lot of use, but we might spin up something quickly for testing in TM
16:40:12 <cohosh> but we can use the existing TM ticket for that
16:40:40 <shelikhoo> yes... that being said I was yet to find a way to host a vantage point in TM
16:41:22 <shelikhoo> okay, anything more we wish to discuss on this item?
16:41:55 <shelikhoo> anything more we wish to discuss in this meeting?
16:42:18 <meskio> not from my side
16:43:12 <shelikhoo> okay~ no need to hold anyone any longer
16:43:12 <shelikhoo> #endmeeting