16:59:29 <phw> #startmeeting anti-censorship weekly checkin 2019-10-10 16:59:29 <MeetBot> Meeting started Thu Oct 10 16:59:29 2019 UTC. The chair is phw. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:59:29 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 16:59:33 <phw> hi everyone! 16:59:36 <cohosh> hi 16:59:43 <phw> here's our meeting pad: https://pad.riseup.net/p/tor-censorship-2019-keep 17:00:42 <phw> all the announcements are mine this time: 17:01:28 <phw> our "set up new bridges" campaign ended with october, see #30777 17:01:55 <phw> we got ~100 new bridges and picked 10 winners for a t-shirt 17:02:07 <phw> i added a few "lessons learned" to the ticket 17:02:26 <cohosh> nice \o/ 17:02:37 <phw> during the campaign, a volunteer reached out and set up 20 reliable and fast private bridges for us 17:03:21 <phw> we intend to hand over these bridges to NGOs, so they can distribute them among their users 17:04:09 <phw> apparently there's room for more, so i reached out to nathan, to see if this could help with orbot's lack of default bridges: https://github.com/guardianproject/orbot/issues/258 17:04:54 <phw> while it's a lot of capacity, it's all in the hands of a single person 17:05:51 <gaba> nice 17:05:56 <phw> let me know if you have other ideas on what to do with these bridges 17:06:30 <phw> finally, i filed #31990, so we can continue last week's discussion on website mirrors 17:06:34 <gaba> phw: ggus is involved in the distribution to NGOs, right? 17:06:57 <ggus> gaba: i'd like to distirbute to users asking in frontdesk 17:07:11 <ggus> i added that as a discussion topic 17:07:16 <phw> gaba: no, we're in direct contact with two ngos that arma2 had contacts in. 17:07:45 <phw> ggus: that's a good idea 17:08:55 <phw> for now, i have a csv file with 20 bridges. i plan to assign them for different purposes, e.g., 5 to ngo X, 5 to ngo Y, 5 for the frontdesk 17:09:36 <phw> ggus: i can send you an email with, say, five bridges and you can distribute them as you see fit. 17:09:45 <ggus> great! 17:10:10 <ggus> last month i did an experiment. i setup some private bridges and started to share with some users 17:10:31 <ggus> one of them asked about if they could share it with more people, or what was our policy here 17:12:12 <phw> i would encourage people to share it with people they trust 17:13:50 <ggus> ok, and if it gets blocked somewhere, do we ask our contact to change the ip address or what? 17:15:44 <phw> that's a possibility, yes. i don't really have a plan for this yet. i would suggest to get started with a handful of bridges and see what we can learn 17:15:52 <phw> and improve our process as we go 17:16:15 <dcf1> It won't get blocked though :) Not unless someone builds it into software they distribute. 17:16:32 <dcf1> IMO it's a remote risk, not worth worrying about too much. 17:16:56 <ggus> ok! 17:17:11 <phw> right, and even if a bridge ends up blocked in country X, it should still work in all other countries 17:17:59 <phw> ok, let's talk about your gettor item, ggus? 17:18:12 <cohosh> we probably don't want to change IP addresses too much if we're handing the bridge lines out to multiple people anyway, since the change will make it stop working for others 17:19:48 <ggus> so, now if an user search about torproject.org in google, and the website is blocked where they are, we could add something in the description like a gettor link so they could learn about this service. 17:20:10 <phw> hmm, it would be neat if there was an easier way to distribute private bridges. say, a secret "password" for moat that returns a set of private bridges instead of the default moat bridges. 17:20:59 <ggus> cohosh: i was thinking to send private bridge A to country A, private B to country B, so i could 'rotate' if it's blocked. 17:21:16 <gaba> phw: that could be a neat idea that can be talked with antonela and tor browser for s30 17:21:58 <gaba> for #31269 17:23:30 <phw> ggus: changing our search engine description for censored users sounds like a great idea 17:23:54 <phw> on google, it currently says "Defend yourself against tracking and surveillance. Circumvent censorship. | Anonymity Online." 17:24:15 <phw> duckduckgo says "RESIST FINGERPRINTING. Tor Browser aims to make all users look the same making it difficult for you to be fingerprinted based on your browser and device information." 17:25:12 <phw> another sentence would be useful. something along the lines of "unable to connect to our website? get tor browser by emailing gettor@tpo" 17:26:10 <cohosh> nice 17:26:12 <arma2> (ok i have emerged from my previous meeting and am catching up with backlog here) 17:26:25 <phw> ggus: how does this work? is there a text field in which we can have arbitrary descriptions? 17:27:13 <ggus> phw: in google, yes. but we need to sign up in their webmaster service thing 17:27:26 <ggus> in ddg dunno 17:27:35 * phw wonders how it would work in baidu 17:27:39 <phw> ...if it works 17:29:07 <phw> ggus: i like the idea, thanks for bringing it up. anything we can do to help move it forward? 17:29:39 <ggus> i'll email some people to get this google thing working, and then i'll ping you 17:29:47 <phw> thanks! 17:30:17 <dcf1> I think the Google text comes from this: <meta name="description" content="Defend yourself against tracking and surveillance. Circumvent censorship. | Anonymity Online"> 17:30:43 <ggus> dcf1: yes, but it's also possible to edit links and other things if you use their webmaster console 17:30:55 <dcf1> ggus: aha, I see, thanks. 17:31:28 <phw> it's odd that ddg picks a random div for their description 17:32:22 <phw> anything else to annouce or discuss? 17:32:43 <arma2> isa and i might be meeting with the ddg people in the coming weeks. we can ask a question if we have a concrete one 17:33:37 <phw> maybe "can we have a custom description in your search results, so we can point people to gettor if our website is unreachable to users?" 17:34:51 <phw> we should find out if we can pull this trick with baidu too. i'll file a ticket 17:34:58 <arma2> great 17:35:15 <arma2> in the distant past, google was famous for leaving sites out of its results, when it thought you wouldn't be able to reach the sites 17:35:36 <arma2> i guess that was china in particular. and now...does google even work from china. i don't know the status. 17:35:51 <phw> gosh, the first hit on baidu is http://t-browser.sourceforge.net, which is... a bridgedb clone? 17:36:49 <cohosh> o.O 17:36:57 <arma2> i love how it says "© The Tor Project" at the bottom 17:37:17 <arma2> fsdo love 17:37:56 <hiro> the mailto goes to us though 17:38:25 <phw> it looks like they took our web frontend and added their own thing to it 17:38:41 <hiro> also different keys http://t-browser.sourceforge.net/keys 17:39:14 <phw> http://t-browser.sourceforge.net/download.html seems to point to our github copies 17:39:58 <arma2> hiro: i never really understood what bridgedb's keys were actually used for 17:40:00 <phw> hiro: the keys are identical to me 17:40:25 <phw> arma2: i think bridgedb has the ability to sign its emails. 17:41:08 <arma2> #17548 17:41:20 <arma2> "another approach besides updating the key might be to figure out what the key is actually used for, notice that it hasn't been working for three+ years and nobody minded, and change the design to not need this key anymore." 17:42:17 <phw> i'll try to take a look soon 17:43:01 <hiro> phw ah I didn't check... maybe they copied locally 17:43:44 <phw> shall we take a look at our 'needs review' sections? 17:44:41 <dcf1> aye 17:45:31 <cohosh> dcf1: i think it's possible upgrading the webext could help with snowflake health, but likely isn't the only problem 17:45:40 <cohosh> in any case, thanks for taking a look at the packaging script 17:45:52 <cohosh> i just pushed another fix 17:45:57 <phw> cohosh: i can take a look at #31384 and #31253 17:46:11 <phw> unless arlo is an expert on localisation, in which case i would prefer him to review 17:46:14 <dcf1> yeah I wasn't sure if it was meant to solve a specific bug. 17:46:17 <cohosh> phw: thanks! 17:46:35 * Samdney is reading backlog.... 17:46:50 <cohosh> dcf1: arlo's reachability check hasn't been deployed yet which is a specific potential bug 17:46:57 <phw> hi Samdney 17:47:04 <cohosh> unfortunately it's hard to know exactly why lots of proxies are failing 17:47:39 <dcf1> cohosh: I thought the reachability check was what I was talking about -- I thought it was merged in the code but not yet deployed in the webextension. 17:47:50 <cohosh> dcf1: yes that's right 17:48:06 <cohosh> but i'm not sure to what extent that is the cause of the bad network health 17:48:07 <dcf1> Okay we're on the same page. 17:48:17 <cohosh> yup 17:48:30 <phw> dcf1: wrt #31890: i emailed sina the other day and copied tor-team@. not sure if you're on the list. unfortunately i haven't heard back yet 17:48:53 <dcf1> yeah I got that 17:49:16 <cohosh> dcf1: i'll take care of #31889 too while i'm in deployment mode 17:49:26 <phw> thanks cohosh 17:51:35 <phw> i think that's it 17:51:40 <cohosh> dcf1: thanks for taking a look at #29206, this change is quite big and probably takes a long time to review 17:52:12 * phw hands the 'review of the week' award to dcf1 17:53:16 <phw> any last comments? 17:53:21 * phw waits for 1 more minute 17:53:46 <antonela> thanks for your feedback on the installation email people! will reply soonish 17:54:02 <cohosh> cool :) 17:54:11 <arma2> phw: should we try to get another person who can do whatever it is we keep wanting sina to do? for redundancy 17:54:41 <phw> arma2: that would be useful. do you mean inside team cymru? or outside? 17:55:45 <arma2> i'm not sure. 17:55:46 <phw> i'll ask sina in my next reminder how he feels about the maintenance burden 17:56:04 <arma2> just, single points of failure are bad in general, and in this case this one seems to fail sometimes 17:56:41 <phw> yes, maybe there are more people inside team cymru who have access to this machine 17:58:22 <phw> ok, let's wrap it up for today 17:58:24 <phw> #endmeeting