15:57:35 <meskio> #startmeeting tor anti-censorship meeting
15:57:35 <MeetBot> Meeting started Thu Nov 16 15:57:35 2023 UTC.  The chair is meskio. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:57:35 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:57:38 <meskio> hello everybody
15:57:43 <meskio> here is our meeting pad: https://pad.riseup.net/p/r.9574e996bb9c0266213d38b91b56c469
15:57:46 <ggus> hi :)
15:57:50 <meskio> notice that we have changed the pad, and this is the read-only version
15:57:52 <meskio> ask me in private to give you the link of the pad to be able to edit it if you don't have it
15:57:54 <meskio> I'll wait few minutes for everybody to add you've been working on and put items on the agenda
16:01:24 <meskio> half of ACT team is AFK, maybe there is not much for this week
16:01:39 <meskio> anyway, let's give it 5mins to see if people shows up
16:02:24 <dzwdz> guess i'll say hi too (i'm the dual stack bridge guy)
16:02:44 <meskio> dzwdz: hello, nice you came
16:02:55 <meskio> we can talk a bit about the work you've being doing
16:03:09 <shelikhoo> hi~
16:03:29 <meskio> dzwdz have made a patch for c-tor to publish two transport lines in the cached-extrainfo for bridges with IPv4 and IPv6
16:03:33 <meskio> one with each IP
16:03:42 <meskio> and we've being testing it and it works fine with rdsys
16:03:48 * meskio searches for the link
16:04:00 <dzwdz> https://gitlab.torproject.org/tpo/core/tor/-/issues/40885
16:04:11 <dzwdz> this issue has links to the patch and the bridge on atlas.tpo
16:04:20 <meskio> that one
16:05:06 <meskio> we'll need to wait for the network team to decide if that change makes sense, but to me looks nice
16:05:24 <meskio> and metrics will need changes to handle those bridges, as now it gets a bit confused about it
16:05:49 <dzwdz> there's some further work tbd - personally i'm not happy with the current quality of the patch
16:06:18 <meskio> :)
16:06:20 <dzwdz> and tor mushes up the stats for both addresses together, so you can't tell if only one of your addresses got blocked by a censor
16:06:46 <dzwdz> but that i think can be handled later
16:06:52 <meskio> another quirck is that rdsys does assing each bridge separately, so they might arrive to different distributors
16:07:02 <meskio> but something we can fix by the time this comes along
16:08:05 <shelikhoo> yeah, I think it would be nice if IPv6 only environment client can connect to Tor network
16:08:13 <shelikhoo> is that something already happening?
16:08:19 <dzwdz> oh that's unrelated
16:08:48 <shelikhoo> okay... sorry I was not very clear on the context..
16:08:51 <meskio> shelikhoo: yes, if we get enough bridges we could make it possible so in circumvention settings or whatever TB can automatically ask for IPv6 bridges...
16:08:53 <dzwdz> right now bridges with both an IPv4 and v6 address only publish their v4
16:09:07 <dzwdz> this patch makes it so they publish both their v4 and v6 address
16:09:28 <shelikhoo> yes...
16:09:49 <meskio> that will help to get more IPv6 bridges, that we currently have very few
16:10:40 <meskio> and I heard somewhere that some censors don't apply so much blocking to IPv6 traffic, but I guess that will change easily if we start using it
16:10:54 <trinity-1686a> are ipv6 bridges which share a /64 (or a /61) with a relay any useful?
16:11:29 <meskio> that is a good question
16:11:30 <meskio> maybe?
16:11:34 <shelikhoo> Yes, IPv6 might eventually catch on, although right now very few device are ipv6 only
16:12:07 <shelikhoo> I think it is more difficult for censors to block ipv6 ip because the address space is too big
16:12:23 <shelikhoo> and sparse data structure must be used in this case
16:12:38 <shelikhoo> while a bitmap would be sufficient for ipv4 block
16:13:06 <dzwdz> i'd assume censors are more likely to only focus on ipv4 right now, due to ipv6 having relatively little usage too
16:13:27 <dzwdz> that one list of bridge lines only has ipv4 bridges listed fwiw
16:15:16 <shelikhoo> yes... I think IPv6 is even available to many residential users in china
16:15:35 <meskio> some time ago we included an IPv6 builtin bridge in Tor Browser, thinking that it might help in some places, but I don't think we ever evaluated if is useful...
16:15:45 <shelikhoo> although its bgp path is not that great...
16:16:11 <shelikhoo> In that case, the ipv6 built-in bridge was blocked by ip in china
16:17:07 <dzwdz> trinity-1686a: maybe ooni could check that?
16:17:40 <meskio> dzwdz: is a bit complicated to test bridges with ooni, as we don't want censors to use that to get the list of bridges
16:17:46 <meskio> currently ooni only test builtin bridges
16:17:52 <dzwdz> you don't need to test a real bridge though
16:18:05 <meskio> true
16:18:21 <dzwdz> you'd have some ipv6 relay operator run something on another ip in their /64, and ooni would check connectivity with that
16:19:14 <dzwdz> i'll just point out that in this case you'd probably be running an ipv6-only bridge - that's already possible without my patch
16:19:50 <meskio> yes, AFAIK this is the existing case for the few IPv6 bridges we have
16:21:30 <meskio> anyway, we do need to experiment more with IPv6, and having more IPv6 bridges will help there
16:21:33 <meskio> thanks for the work
16:21:37 <dzwdz> ^^
16:22:27 <meskio> anything else to discuss today?
16:22:44 <shelikhoo> nothing from me, was still working on snowflake transport mode
16:23:23 <meskio> nice
16:24:06 <meskio> then I guess we have a short meeting today
16:24:08 <meskio> #endmeeting