17:00:18 <phw> #startmeeting anti-censorship weekly checkin 2019-06-27 17:00:18 <MeetBot> Meeting started Thu Jun 27 17:00:18 2019 UTC. The chair is phw. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:00:18 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 17:00:30 <phw> our pad is available here: https://pad.riseup.net/p/tor-censorship-2019-keep 17:00:48 * cohosh is here but partially distracted by another meeting 17:01:09 <phw> our only announcement is that right after this meeting, we will continue with our race meeting 17:01:18 <ahf> :-) 17:01:37 <phw> for those of you who don't know: race is a new project that will help us push forward our PT spec and obfs5 17:02:08 <phw> next up is our discussion section. the first item is bridgedb. 17:02:35 <gaba> i'm bringing this up mostly to have an update on what is going on and try to understand plan and priorities for it. 17:02:37 <phw> so, bridgedb was rather broken over the last few months and many valid requests for bridgedb resulted in an empty response 17:03:00 <phw> i spent a lot of time looking at logs and at the moment it looks like there is no problem... anymore? 17:03:10 <phw> https://trac.torproject.org/projects/tor/ticket/30441#comment:17 17:04:05 <ahf> people got a response from the site with no Bridge lines to use or they got some with unavailable bridges in? 17:04:06 <phw> it looks like all valid bridgedb requests currently result in 1-3 bridges 17:04:44 <phw> ahf: both, actually, but the problem is primarily the former 17:04:57 <ahf> ok 17:05:07 <phw> so, there are two problems, really: bridgedb giving you an empty response, and bridgedb giving you broken obfs4 bridges 17:05:18 <gaba> phw: should we ask peopl from front-desk to try it again and let us know? 17:05:20 <phw> we should have made progress on both problems 17:05:41 <phw> gaba: i think that's a good idea 17:05:58 <phw> if y'all wanna give it a try at some point, that would be helpful 17:06:15 <phw> try to request bridges over different channels and let me know if bridgedb doesn't give you bridges 17:06:48 <ahf> late last week i was using some bridges from bridgedb where i thought i couldn't reach them, but i got functioning ones to test #28930 and it turned out it was some network issue on my desktop 17:07:01 <ahf> no blanks and no non-functioning ones 17:07:33 <phw> anyway, even if bridgedb is working again, it's frustrating because i don't fully understand what caused the issues over the last months. 17:08:12 <phw> i also had to blacklist ~50 obfs4 bridges whose obfs4 port was unreachable 17:08:42 <cohosh> ouch >.< that's a lot 17:08:51 <gaba> :/ 17:09:14 <phw> i'll try to work with gman to have the bridgeauth reject them, so hopefully the operators see a scary warning in their logs and reach out 17:09:41 <gaba> do we need to work with community to find a way to get more people setting up bridges? 17:10:05 <phw> gaba: yes. i reached out to tor-relays@ the other day. one person responded to me directly, saying that the instructions were very useful. 17:10:13 <gaba> nice 17:10:20 <phw> the next step is to work on a broader outreach campaign 17:10:37 <ahf> nice 17:10:38 <phw> one remaining question is if we only want obfs4 bridges, or if we also want vanilla bridges 17:11:07 <phw> the problem is: if you set up an obfs4 bridge, it's *only* distributed as obfs4, and no longer as vanilla. that means that if we want a vanilla bridge, it must not run obfs4. 17:11:50 <gaba> maybe a blogpost about bridges again and links on how to set them up so we can share that and ask people at Tor to add slides about bridge creations when they give talks about Tor. 17:11:57 <ahf> hm, that sounds like something we should fix in core tor? 17:12:03 <phw> at the moment, i think we have slightly more vanilla bridges than obfs4 bridges 17:12:25 <phw> ahf: just to be clear, that's by design, and done by bridgedb 17:12:51 <ahf> ah, okay, so the bridge auth is aware that the bridge can do both obfs4 and vanilla? 17:13:01 <phw> imagine your bridge runs vanilla and obfs4, and you hand out the vanilla line to someone in china. the gfw will recognise vanilla tor and block your entire bridge, including the obfs4 port, which could have worked in china. 17:13:12 <phw> basically, vanilla tor is a liability to obfs4 ;) 17:13:15 <ahf> yeah 17:13:49 <phw> the bridge auth is aware, yes, but bridgedb is the one deciding what lines to hand out to users 17:14:02 <ahf> cool 17:14:17 <phw> gaba: yes, sounds good. 17:14:51 <phw> speaking of obfs4: i have a quick question for catalyst and ahf 17:15:03 <ahf> yep? 17:15:08 <phw> several bridge ops configured a private ip address for their obfs4 bridge 17:15:29 <phw> the PT spec explicitly allows this but says that some kind of redirection must be in place for this to work 17:16:18 <phw> this may be a tor issue. i don't think any private ip addresses should end up in a descriptor, right? 17:16:21 <ahf> yeah, common for relay operators too (to bind tor on port 80/443 without running as root i believe) 17:16:46 <ahf> no, if we don't have an option right now for specifying a "hidden IP" (not going in the descriptor) and the public IP then we should fix that 17:17:17 <phw> ok, i can create a ticket for that 17:17:36 <ahf> in torrc see the flags for ORPort: NoListen, NoAdvertise 17:18:17 <ahf> yes, please do, sounds like a good thing to fix (if it's a good thing that relay operators listen on the 1-1024 port range) 17:18:24 <phw> gotcha, thanks! 17:18:54 <phw> ok, i think that concludes are discussion about bridgedb and about setting up new obfs4 bridges. anything else? 17:19:39 <phw> the next item is the snowflake webextension that arlolra has been working on 17:19:58 <phw> as i understand it, there's now a usable prototype that's already in the mozilla addons store! 17:20:04 <cohosh> \o/ 17:20:11 <ahf> awesome \o/ 17:20:11 <antonela> \o/ 17:20:12 <phw> and arlolra also submitted it to the chrome store where it's pending review 17:20:17 <phw> that's a huge milestone :) 17:20:32 <phw> also thanks to antonela for all the ui feedback! 17:20:43 <antonela> happy to help! 17:21:22 <gaba> :) 17:21:42 <phw> at this point we could use more testers, so please add it to your browser and file tickets if something's wrong 17:21:43 <cohosh> arlolra: feel free to assign webextension tickets to yourself if you have plans to work on them 17:21:57 <cohosh> i sorta jumped in there on the toggle ebcause we were getting some pressure 17:22:04 <cohosh> but i want to avoid stepping on your toes with stuff 17:22:09 <phw> i wonder if we have a meta ticket that keeps track of all the webextension improvement tickets 17:22:20 <cohosh> there's a snowflake-webextension keyword 17:22:28 <phw> ah, thanks cohosh 17:22:41 <arlolra> cohosh: no, no, I broke it out into separate tasks so you can start helping 17:23:04 <arlolra> and, sadly, I don't think we can declare victory until #30998 is fixed 17:23:05 <cohosh> arlolra: cool ^_^ it was fun to get caught up to speed on webextension development again 17:23:24 <cohosh> ah yeah, do you know who owns/maintains the websocket code? 17:23:32 <arlolra> probably dcf 17:23:48 <gaba> we can close #30931, right? 17:24:08 <arlolra> gaba: sure 17:25:24 <phw> anything else to add wrt our discussion section? 17:25:52 * phw interprets *crickets* as "no" 17:26:21 <phw> there's a paper in the 'interesting links' section that we should skim: https://www.ndss-symposium.org/ndss-paper/enemy-at-the-gateways-censorship-resilient-proxy-distribution-using-game-theory/ 17:26:26 <phw> published at this year's ndss 17:26:54 <phw> ok, let's check out each other's 'heeds help with' section 17:27:29 <phw> like i said, it would be great if you could request bridges from bridgedb and let me know if you didn't get any 17:27:35 * cohosh has lots of code to review 17:28:12 <gaba> ok 17:28:15 <cohosh> i think #21315 will be fast 17:28:21 <phw> cohosh: i can review #21315 again 17:28:23 <cohosh> and phw reviewed a previous version 17:28:26 <cohosh> phw: ty! 17:28:34 <arlolra> cohosh: I can review #30934 17:28:40 <cohosh> arlolra: awesome, thanks! 17:28:47 <cohosh> the others can wait a bit 17:28:57 <cohosh> #28942 is the pion integration 17:29:14 <cohosh> i'm still waiting to hear back on some PRs from them though 17:29:23 <cohosh> so that can wait a bit 17:29:38 <cohosh> and so can the sequencing stuff 17:30:43 <phw> dcf had a look at one of these two, right? 17:31:33 <cohosh> yeah at the sequencing work 17:31:49 <cohosh> i can move forward with that since this round was implementing suggested fixes 17:32:14 <phw> great! 17:32:41 <gaba> is anybody reviewing #30998? 17:32:48 <gaba> #30998 17:32:50 <phw> then there's #30998 left. we need dcf for this, right? 17:33:53 <cohosh> probably yes 17:34:19 <phw> ok, i think we're good for today, then. any last words? 17:34:44 <arlolra> cohosh: I need a firefox account from you 17:35:07 <cohosh> ah i can make one after this meeting 17:35:26 <arlolra> thanks 17:35:55 <gaba> we are not having meetings for the next two weeks? 4july and then traveling to tor meeting? 17:36:36 <arlolra> fwiw, I think we have access to the default bridge 17:36:37 <arlolra> https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam/SnowflakeBridgeSurvivalGuide#Bridgesurvivalguide 17:36:50 <phw> oh, that's right gaba. next week is july 4, then we have tor-dev 17:36:59 <arlolra> but yes, having a dcf would be preferable 17:37:08 <phw> do you think that's too long? 17:37:52 <cohosh> arlolra: ah we can add the patch now and wait to upstream it you mean? 17:38:11 <phw> oh, also, this is our last meeting for this month and i'll compile our monthly report over the next few days 17:38:28 <phw> it would be great if everyone could add their highlights of the month to a pad 17:38:31 * phw creates a pad 17:39:03 <arlolra> cohosh: yes, if needs be 17:39:18 <phw> https://pad.riseup.net/p/h4FrASe8pVEaAfmUs_IG 17:40:23 <phw> anything else, gaba_ 17:40:26 <phw> ? 17:41:05 <gaba> nop 17:41:10 <phw> ok, thanks everyone! 17:41:13 <phw> #endmeeting