15:58:27 <shelikhoo> #startmeeting tor anti-censorship meeting 15:58:27 <shelikhoo> here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep 15:58:27 <shelikhoo> feel free to add what you've been working on and put items on the agenda 15:58:27 <MeetBot> Meeting started Thu Feb 16 15:58:27 2023 UTC. The chair is shelikhoo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:58:27 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 15:58:49 <shelikhoo> hi~ 15:58:56 <meskio> hello 15:59:01 <itchyonion> hello 15:59:03 <onyinyang[m]> hello o/ 15:59:39 <shelikhoo> thanks for your hello when I was wondering whether I have calculated time zone correctly... 15:59:51 <itchyonion> (I thought it's my turn. I will chair next week's meeting) 16:00:55 <meskio> :) 16:00:57 <shelikhoo> yes, i will be in my vacation next week, so over take this one... 16:01:02 <shelikhoo> ^~^ 16:03:34 <cece[m]> hi 16:03:35 <shelikhoo> let's start our discussion 16:03:38 <shelikhoo> What is the status of activating the snowflake-02 bridge in Orbot? 16:03:38 <shelikhoo> snowflake-01 is still pretty much saturated, and snowflake-02 relatively almost unused 16:04:07 <shelikhoo> I think this issue is most related to it is yet to be supported on some mobile port 16:04:26 <shelikhoo> and a lot of users need it is using it from mobile? 16:04:44 <dcf1> yes, apparently almost all users are on mobile 16:05:12 <meskio> orbot people does know about snowflake-02, I'm trying to remember what they said a couple of weeks ago when we told them it will be nice if they will activate it soon 16:05:25 <dcf1> snowflake-01 bandwidth (multiply by 12 for true values): https://metrics.torproject.org/rs.html#details/5481936581E23D2D178105D44DB6915AB06BFB7F 16:05:31 * meskio goes to look at the meeting notes 16:05:37 <dcf1> snowflake-02 bandwidth (multiply by 4 for true values): https://metrics.torproject.org/rs.html#details/91DA221A149007D0FD9E5515F5786C3DD07E4BB0 16:06:23 <meskio> hehe, no notes on that topic, I recall them mentioning that they were on it, that was January 17th, so one month ago 16:06:45 <meskio> I haven't check with them again to see if that has being moving or not 16:07:16 <dcf1> I just wanted to check, the idea was to relieve load on snowflake-01, but it is still currently neaer maximum load 16:07:17 <shelikhoo> snowflake-01 = 26.8×12 = 321.6 16:07:43 <shelikhoo> snowflake-02 = 6.52 × 4 = 26.08 16:08:07 <meskio> n8fr8he[m]: are you around by any chance? do you know what is the status of snowflake-02 bridge in orbot? 16:08:52 <shelikhoo> we can add this to S96 meeting agenda now and discuss it in 2 weeks if they are not around 16:09:05 <meskio> shelikhoo: +1, lets do that 16:09:11 * meskio goes to do it 16:09:22 <dcf1> (I'm not sure where your numbers of 26.8 and 6.52 come from shelikhoo, but that is about the right ratio) 16:10:04 <shelikhoo> dcf1: https://share.riseup.net/#uakb2bViYffz85QIWD8VvQ 16:10:09 <dcf1> Oh, I see: "Advertised Bandwidth" 16:11:49 <shelikhoo> anything more we wish to discuss on this topic? 16:11:58 <dcf1> no 16:12:08 <meskio> one thing 16:12:37 <meskio> the latest orbot release was Jan 13, so I guess if this change was ready for the next release is not live yet 16:12:45 <meskio> EOF 16:13:06 <shelikhoo> okay, the next topic is about reading group 16:13:10 <shelikhoo> Proposal for reading group: 16:13:10 <shelikhoo> https://www.ndss-symposium.org/wp-content/uploads/madweb2021_23011_paper.pdf 16:13:10 <shelikhoo> Detecting Tor Bridge from Sampled Traffic in Backbone Networks 16:13:10 <shelikhoo> "Current researches on Tor bridge detection have used a small amount of complete traffic, which makes their methods not very practical in the backbone network. In this paper, we proposed a method for the detection of obfs4 bridge in backbone networks. To solve current limitations, we sample traffic to reduce the amount of data and put forward the Nested Count Bloom Filter structure to process the sampled network traffic. Besides, we 16:13:10 <shelikhoo> extract features that can be used for bridge detection after traffic sampling. The experiment uses real backbone network traffic mixed with Tor traffic for verification." 16:13:58 <shelikhoo> any comments or objections on choosing this paper? 16:14:36 <meskio> sounds good 16:14:49 <meskio> it looks like another paper comming from a chinese university 16:15:14 <meskio> I'm curious about it now 16:15:43 <meskio> I will not be around in two weeks, but I'm fine if you do it without me 16:15:52 <dcf1> Yes, Cheng Guang is a big figure in encrypted traffic analysis research, and is the leader of the "Key Laboratory of Computer Network and Information Integration" at Southeast University 16:16:06 <shelikhoo> let's discuss it in 3 weeks time 16:16:18 <shelikhoo> there is nothing urgent about it 16:17:06 <cohosh> nice, it looks interesting 16:17:48 <onyinyang[m]> I agree, looking forward to reading it 16:17:52 <shelikhoo> anything more we would like to discuss on this item? 16:18:28 <shelikhoo> the next topic will be about this announcement: 16:18:28 <shelikhoo> Tor Browser 12.0.3 released with Hello Verify Request mitigation for Snowflake 16:18:28 <shelikhoo> https://blog.torproject.org/new-release-tor-browser-1203/ 16:18:59 <meskio> nice work shelikhoo 16:19:05 <shelikhoo> yes, thanks! 16:19:16 <shelikhoo> we are in the process of upstreaming this change 16:19:45 <itchyonion> 👍 16:19:49 <shelikhoo> one last piece is get pion/webrtc to merge this https://github.com/pion/webrtc/pull/2407 16:20:14 <meskio> :) 16:20:49 <shelikhoo> anything more we would like to discuss on this topic? 16:21:27 <meskio> not from me 16:21:37 <cohosh> shelikhoo: any word on whether this got snowflake unblocked? 16:21:55 <cohosh> i think i missed that discussion 16:22:07 <dcf1> one tester on NTC reported success with a self-compiled version a month ago https://ntc.party/t/second-snowflake-bridge-available-for-testing/3445/12 16:22:15 <cohosh> that's great 16:22:33 <shelikhoo> from the vantage point's data, it will get snowflake working again in russia again https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/bridgestatus/-/blob/main/recentResult_russia 16:23:18 <shelikhoo> okay we can now move the action items 16:23:18 <shelikhoo> We should make a ticket for pion to cache its stun answers when possible, because right now it surprises us by asking way more stun questions than it actually needs to. 16:23:31 <shelikhoo> have we discussed about it before 16:23:53 <meskio> I think those are leftovers from previous meetings, but I'm not sure if they are done 16:24:12 <shelikhoo> Firstly, i don't think there is much to be cached for stun 16:24:48 <shelikhoo> a stun is required to get the mapped port on public facing IP address 16:24:59 <shelikhoo> and it is all we send 16:25:21 <cohosh> is this about DNS? 16:26:33 <shelikhoo> it makes senses if it is about DNS... but from the wording, I don't think so... 16:27:09 <dcf1> that reminds me, there was a post on the stunprotocol list a couple of days ago: "TLDR: stun.stunprotocol.org is going away. Being replaced with a new server and address." 16:27:13 <dcf1> https://groups.google.com/g/stunprotocol/c/upVwaG97ggY/m/3ddUBGA_FAAJ 16:27:13 <shelikhoo> that being said we always send dns question to recursive dns server, so there should be cache built in there 16:27:49 <cohosh> oh! i've been trying to contact the operator for a few weeks to follow up on funds and whether the traffic is down 16:28:01 <cohosh> i wonder why they haven't replied 16:29:23 <cohosh> this is the issue on removing it: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40241 16:29:37 <cohosh> i think we're still waiting on the debian package, not sure where the circumvention settings are at 16:29:49 <meskio> circumvention settings are updated 16:29:57 <cohosh> meskio: awesosme, thanks! 16:30:01 <meskio> the package is pendient, I hope to do it next month 16:30:13 <meskio> but I don't think many people use the debian package 16:30:19 <shelikhoo> but anyway the orbot is still pending... 16:30:26 <cohosh> yeah in that case i don't think we're reliant on it 16:30:32 <shelikhoo> but can get them update everything in one go 16:30:46 <cohosh> worst case is that the client has another nonfunctional stun server 16:31:15 <cohosh> but if orbot is still using it and most of our snowflake traffic is from orbot then it must still be getting a lot of traffic 16:34:09 <shelikhoo> anything more to discuss on this topic? 16:34:29 <shelikhoo> I don't think we wants to open that ticket on webrtc since this request makes no sense to me 16:34:41 <shelikhoo> when it comes to caching stun answer... 16:34:55 <cohosh> agreed 16:35:21 <shelikhoo> but we do can ask orbot to update bridgeline 16:35:37 <shelikhoo> and it serves more than one purpose to us 16:35:48 <shelikhoo> over 16:36:02 <shelikhoo> the next action topic is 16:36:02 <shelikhoo> We might want to be able to spin up our own stun servers, on our own ip/port, for debugging. We should talk to TPA about that goal at some point (not urgent). 16:36:19 <shelikhoo> this might be something from last week as well 16:36:29 <shelikhoo> do we have a ticket about this? let me search it 16:36:55 <shelikhoo> no? 16:37:24 <meskio> I'm not sure we agreed on having our own stun servers 16:37:40 <meskio> I think there were some doubts on that being useful as they might be easy to block 16:37:55 <shelikhoo> we discussed about let proxy use it 16:38:04 <shelikhoo> but for proxy the google's one is as good 16:38:19 <dcf1> that was a separate discussion, I believe. That was with ln5, and that was about running STUN servers separately from TPA. 16:38:48 <dcf1> I am not sure whose is this action item, but I had the impression it was different from that earlier discussion. 16:39:16 <shelikhoo> we can either reject this proposal or open a ticket about this 16:39:34 <cohosh> i don't think there's anything for us to do on this now 16:39:39 <meskio> +1 16:39:55 <cohosh> from what i remember, we don't want to run infrastructure that gets a lot of use, but we might spin up something quickly for testing in TM 16:40:12 <cohosh> but we can use the existing TM ticket for that 16:40:40 <shelikhoo> yes... that being said I was yet to find a way to host a vantage point in TM 16:41:22 <shelikhoo> okay, anything more we wish to discuss on this item? 16:41:55 <shelikhoo> anything more we wish to discuss in this meeting? 16:42:18 <meskio> not from my side 16:43:12 <shelikhoo> okay~ no need to hold anyone any longer 16:43:12 <shelikhoo> #endmeeting