#tor-meeting log

15:58:18 <itchyonion> #startmeeting tor anti-censorship meeting
15:58:18 <MeetBot> Meeting started Thu Mar 23 15:58:18 2023 UTC.  The chair is itchyonion. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:58:18 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:58:18 <itchyonion> here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep
15:58:18 <itchyonion> feel free to add what you've been working on and put items on the agenda
15:58:26 <itchyonion> hello
15:58:45 <onyinyang[m]> hihi o/
15:58:56 <meskio> hell
15:59:07 * arma2 supplies a vowel for meskio
15:59:08 <shelikhoo> Hi~ (I won't update the pad this time)
15:59:41 <itchyonion> shelikhoo you should be on vacation :)
15:59:55 <meskio> yes, better with an o at the end :)
16:00:08 <shelikhoo> Yes... But I reached hotel before just before meeting beginning...
16:00:30 <shelikhoo> Joining opportunistically...
16:00:38 <itchyonion> hehe
16:00:49 <hackerncoder> hello o/
16:01:14 <itchyonion> Ok. Moving on to the first discussion point
16:01:21 <itchyonion> renovate bot to update dependencies on our projects
16:01:21 <itchyonion> https://gitlab.torproject.org/tpo/tpa/renovate-cron
16:01:40 <meskio> this is mine
16:02:03 <meskio> if you are subscribed to notifications from gitlab you might have noticed tons of merge requests in rdsys
16:02:14 <cohosh> (related to https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40194)
16:02:21 <meskio> I'm experimenting with micah to use renovate
16:02:40 <meskio> a bot that opens automatically merge requests for outdated libraries
16:02:53 <meskio> for now is only activated in rdsys
16:03:10 <meskio> it requires some tunning
16:03:16 <meskio> and I have only used for a day
16:03:27 <meskio> but this might be a useful tool for all our projects
16:03:58 <meskio> cohosh: yes, saw people complaining that some libraries in snowflake are outdated, this is part of the motivation
16:04:12 <meskio> -> https://github.com/tladesignz/IPtProxy/issues/45
16:04:30 <cohosh> i think this is a great idea, though i'd prefer more integration testing to go along with it
16:04:33 <shelikhoo> There is something know as dependencybot on GitHub that do similar things...
16:04:44 <cohosh> it happened once in the past that a bump to pion/webrtc broke some things in snowflake
16:05:16 <meskio> yes, this scares me a bit, we need better testing to go along, but at least to get notified that there new version of libraries might be useful
16:05:26 * cohosh nods
16:06:09 <meskio> unless that other people want to experiment with it I'll keep the bot pointed to rdsys for some weeks and report back then to see if we can extend it to other projects
16:06:24 <itchyonion> right now for rdsys, does it open a MR for every library if it's not the latest version?
16:06:35 <meskio> exactly, it does that
16:07:18 <meskio> some libraries are mayor upgrades, it does update the include but oviously doesn't know of the other changes that might be needed
16:07:33 <meskio> this can be disabled in the config, so only do minor updates
16:07:58 <itchyonion> makes sense
16:08:14 <meskio> there are bunch of knobs in the config that could be tuned, but is not amazingly clever, just do the basics
16:09:23 <meskio> BTW, the issue I'm linking from IPtProxy, we might want to update the x/net and x/crypt libraries in snowflake
16:10:18 <meskio> obfs4 is a bit trikier, but maybe is a good excuse to push forward the fork, I can do that
16:10:41 <itchyonion> ok adding to the action items
16:11:05 <cohosh> did this MR fix it? https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/137
16:11:52 <shelikhoo> Gitlab crashed?
16:12:11 <meskio> yes, not loading here, but maybe is already fixed
16:12:17 <arma2> TPA has been trying to get gitlab to resume sending emails, so, yeah it looks like it is not in a good state quite now
16:12:20 <cohosh> yes i think so
16:12:51 <itchyonion> it's loading for me
16:13:12 <shelikhoo> both library was updated in this MR
16:13:23 <arma2> (loaded for me too after several tries + waiting)
16:14:08 <meskio> that mr is using x/crypto 0.6 while there is already a 0.7 and x/net 0.7 while there is already a 0.8
16:14:40 <meskio> but is a already a bump on the version
16:15:13 <meskio> the versions we are using are from february, I guess there is no major security issues with them
16:15:49 <meskio> cool, I'll mention the fix on the snowflake side in their issue
16:16:37 <meskio> I don't have anything else on this topic
16:17:03 <itchyonion> Looks like that's the only discussion point. Before moving on to the next section, want to let people know I created https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40267 as a follow up to last week's meeting. While the discussion was really good last week, no action item came out of last week's meeting. We can continue the discussion in the issue.
16:17:22 <itchyonion> Ok. Moving on to interesting links:
16:17:31 <itchyonion> https://github.com/guardianproject/orbot/releases/tag/17.0.0-BETA-2-tor.0.4.7.11
16:17:31 <itchyonion> https://github.com/guardianproject/orbot/commit/c3f6ee18f17770a5904ad19c3cd24b9c8dcb3885#diff-6da94c8e7d86d1c396305c45d7ab2f787830efa8580d100aa10707c26011f288
16:17:32 <dcf1> I have in my todo list to make an issue to warn whenever KCPInErrors is nonzero
16:17:57 <itchyonion> 👍
16:18:20 <itchyonion> 2023-03-15 Orbot for Android v17 BETA 2 released with snowflake-02 bridge
16:18:20 <itchyonion> snowflake-02 metrics: https://metrics.torproject.org/rs.html#details/91DA221A149007D0FD9E5515F5786C3DD07E4BB0 (multiply by 12)
16:19:04 <shelikhoo> dcf1: I have updated analysis for snowflake, but let discuss it next week: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40251
16:19:51 <itchyonion> Anything we want to discuss about the content of the links?
16:20:15 <dcf1> Currently there are more users snowflake-02 from RU than from IR, which is the opposite of snowflake-01
16:20:32 <dcf1> I'm curious to know if that will switch now that Orbot is starting to know about snowflake-02
16:20:47 <dcf1> I'm not sure if this beta release of Orbot is widely available to users yet or not
16:20:57 <meskio> we'll see when they release it, not sure how hard is for iranian users to update android apps
16:21:02 <dcf1> snowflake-01: bridge-ips ir=32552,us=13296,ru=3480,cn=1104,de=448,??=336,mu=240,...
16:21:13 <dcf1> snowflake-02: bridge-ips ru=2664,ir=1408,us=736,cn=704,??=304,de=168,by=120,fr=104,...
16:21:31 <shelikhoo> Without auto update, user often don't bother to update their app
16:21:54 <meskio> isn't playstore autoupdating? but maybe playstore is blocked in Iran...
16:22:22 <dcf1> There was a quick increase in users back in November 2022 when Orbot started releasing 16.6.3-RC-1-tor.0.4.7.10 with uTLS in snowflake
16:22:35 <shelikhoo> Play store would work with Vpn like proxy if correctly configured
16:22:51 <dcf1> so I'm not worried, I think it'll get there
16:23:02 <meskio> :)
16:23:29 <dcf1> I'm just saying since it's a beta, I don't know if it's automatically available to all users
16:24:09 <meskio> I guess no
16:26:03 <arma2> for one anecdotal data point, i succesfully used vanilla tor in uae, both on an american hotel wifi (not surprising) and on the local mobile network (a bit more interesting of a data point). but tor's websites were blocked on both.
16:26:29 <arma2> i'm not sure quite how the censorship works (i think there is no national firewall etc). but i still have some connections there if we turn out to have questions in the future.
16:26:52 <meskio> cool, we should explore options for a vantage point there
16:27:05 <arma2> i did not get any bites on the 'hey what vps should i get' question
16:27:23 <arma2> i can definitely get you a vantage point on an uncensored network, but, that is not so useful
16:27:36 <meskio> a pity
16:27:41 <shelikhoo> One possibly is host a small device in someone's home...
16:28:03 <meskio> we could start shipping around raspis :)
16:28:31 <arma2> this was arturo's strategy with ooni in ethiopia long ago. so if you move forward with that idea, ask arturo for lessons-learned :)
16:28:48 <shelikhoo> Yes!
16:29:25 <arma2> (a simpler idea is to ask people to run ooni from their homes, and then make sure ooni does the tests we need. but also, many of these people are in less-censored homes.)
16:30:35 <shelikhoo> vantage point is often used to test private bridge that is not published
16:31:14 <shelikhoo> So we need the change how long works to achieve the same goal
16:31:29 <meskio> there was some ideas around in the past of giving ooni access to some private bridges to test as vantage points
16:31:58 <meskio> but it looks like breaking our distributor model
16:33:12 <meskio> we could explore more that idea, or at least see if ooni's snowflake tests are enough for use or how to improve them
16:33:45 <itchyonion> I noticed they took out "stun:stun.stunprotocol.org" in this beta release. I think that's the one we received an email from its maintainer because of too much traffic. Hopefully this solves the issue for that person.
16:34:41 <itchyonion> Anything more on this topic?
16:34:55 <meskio> EOF
16:35:02 <arma2> eof too
16:35:03 <itchyonion> Unless I missed something, that's the last item of the meeting
16:35:54 <itchyonion> #endmeeting