15:58:50 <cohosh> #startmeeting tor anti-censorship meeting
15:58:50 <MeetBot> Meeting started Thu Oct  8 15:58:50 2020 UTC.  The chair is cohosh. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:58:50 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:58:53 <cohosh> hey!
15:58:57 <agix> hi
15:59:06 <gaba> hi
15:59:09 <cohosh> here's our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep
15:59:45 <phw> o/
15:59:56 <hanneloresx> hi
16:00:52 <cohosh> first up is an announcement on kyle, jordan, and prateek's snowflake report: https://arxiv.org/abs/2008.03254
16:01:35 <cohosh> i'm excited to look more into how we can apply these results to snowflake
16:02:09 <cohosh> are any of them here today?
16:03:09 <cohosh> seems like no
16:03:22 <cohosh> okay next up is a snowflake discussion item
16:03:39 <cohosh> i've been processing some snowflake measurements
16:04:02 <cohosh> and one of the biggest problems we're still facing is this NAT traversal issue that some clients have
16:04:19 <cohosh> we narrrowed down the cause to NAT behaviour in snowflake#33666
16:04:45 <cohosh> and have been implementing several solutions to try to match up these clients with proxies that have compatible NAT types
16:05:17 <cohosh> these solutions were largely ineffective because most of our proxies are browser based and we can't implement the NAT behaviour checks due to limitations on the networking requests we can make from browsers
16:05:25 <cohosh> (this is a browser security feature)
16:05:28 <phw> if i'm reading the stats right, 24% of client-to-proxy matches failed according to our latest metrics batch
16:05:50 <cohosh> phw: these are the broker stats?
16:06:10 <phw> i looked at the bottom record of https://snowflake-broker.bamsoftware.com/metrics
16:06:46 <cohosh> yup this is a different issue
16:06:54 <cohosh> that i made snowflake-webext#17 to address
16:07:00 <phw> oh, i see
16:07:11 <cohosh> there it looks like we need to up our proxy poll rate
16:07:38 <cohosh> for my personal proxy, i'm seeing "Number of users your Snowflake has helped circumvent censorship in the last 24 hours: 25"
16:07:41 <cohosh> which is pretty high
16:08:14 <dcf1> hmm yeah
16:08:23 <cohosh> the NAT issue is for proxies that were successfully handed out by the broker, but were incompatible with the client
16:08:58 * phw searches for "chrome snowflake extension" and finds https://chrome.google.com/webstore/detail/snowflake/cghmhcoebaiodpdicjacfllplandkfpa?hl=en-US
16:09:22 <cohosh> but for the client denied count issue, maybe we need to upt he poll rate to even more than what i did in the merge request for that issue
16:09:52 <cohosh> i guess there's no reason not to have them poll very frequently since the reason for slowing the poll in the first place was to help with #33666
16:11:05 <cohosh> but for the NAT issue specifically i filed snowflake#40013 as a possible next solution to try
16:12:00 <dcf1> The idea is to set up a simulated Snowflake client behind restricted NAT and have proxies test themselves by trying to connect to it?
16:12:09 <cohosh> yup
16:13:52 <phw> sounds like a reasonable next step to me
16:13:52 <dcf1> It's one more thing to maintain, but the idea is good
16:14:18 <cohosh> yeah, maintenance is my main concern
16:14:39 <phw> i wonder if we already have similar code that we could extend/reuse but cannot think of any
16:14:46 <cohosh> i don't think we should make proxies dependent on it the way they are dependent on the snowflake bridge probe test
16:15:14 <cohosh> phw: we have some work in progress code for snowflake#32938
16:15:41 <cohosh> so we can have proxies default to an unknown NAT type if the probe test fails
16:16:15 <phw> good idea
16:16:18 <cohosh> but yeah i'd like to at least try deploying it and seeing if it gets us anywhere and if it does, deciding how to make it as easily maintainable for us as possible
16:17:45 <dcf1> It's probably something to add to https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Guides/Snowflake-Broker-Installation-Guide https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Guides/Snowflake-Broker-Survival-Guide
16:17:55 <dcf1> Or maybe it's conceptually better grouped with the bridge
16:18:00 <phw> how much time do you think it would take to build an mvp of this probe service?
16:18:03 <cohosh> dcf1: good call!
16:18:38 <phw> i'll also add it to our monit configuration once it's live
16:18:44 <cohosh> phw: probably just a week. it involves the probe service itself, and some changes to the proxy-broker protocol
16:19:14 <cohosh> and we hav a good start from the throughput testing code
16:20:02 <cohosh> my thoughts were that it would be grouped with the broker since we have proxies running on the bridge
16:20:29 <cohosh> but i don't think it makes a huge difference either way
16:21:16 <phw> sounds like a good plan to me!
16:21:20 <cohosh> okay i'll move forward on implementing this then, thanks!
16:21:34 <cohosh> i will also have some measurements from our vps in china for next meeting
16:21:46 <cohosh> the tl;dr is that none of the stun servers appear to be blocked
16:21:54 <cohosh> but the throughput from china is not looking good
16:22:13 <cohosh> i'll have something more concrete soon
16:22:42 <dcf1> We have a fair number of users now, I wonder if there's a way to communicate with any of them about their experience https://metrics.torproject.org/rs.html#details/5481936581E23D2D178105D44DB6915AB06BFB7F
16:23:49 <phw> nice, that's a pretty steady increase since january
16:24:21 <cohosh> we might get another bump after the effects of snowflake#33157 are measured
16:24:40 <dcf1> Yeah I'm expecting the inbound/outbound graphs to converge after that
16:25:21 <dcf1> https://lists.torproject.org/pipermail/metrics-team/2020-March/001142.html
16:25:48 <phw> maybe a tor-talk@ thread that solicits feedback would reach a subset of snowflake users?
16:27:10 <cohosh> hmm yes maybe. we should coordinate with antonela on this to come up with some text
16:28:51 <cohosh> okay let's move on to actions
16:29:06 <cohosh> here is the pad for the september monthly report: https://pad.riseup.net/p/1lE-JDUjauoQL6lAGd5t
16:29:38 <cohosh> any more discussion items before we move on to our needs help with?
16:30:46 * cohosh takes that as a no
16:31:45 <cohosh> snowflake-webext!5 for me will be a very short review, mostly to approve bumping the poll rate. i think decreasing the interval by even more is a better idea
16:32:01 <dcf1> Decreasing even more is fine with me
16:32:08 <cohosh> dcf1 has snowflake-webext#15
16:32:52 <dcf1> I will update the file but I don't know how any of the translation stuff works
16:33:01 <dcf1> I approved snowflake-webext!5
16:33:07 <cohosh> dcf1: thanks!
16:33:43 <phw> it was reviewed before the review was even requested. that must be a review 0-day
16:34:00 <cohosh> dcf1: my understanding is that to update strings, we update static/_locales/en_US/messages.json
16:34:09 <cohosh> lol phw
16:34:50 <dcf1> cohosh: aha, and that gets imported automatically into the translations subrepo somehow?
16:34:59 <cohosh> yup!
16:35:13 <cohosh> if it doesn't then there's a bug in the backend of things
16:35:13 <dcf1> thanks, that is what I needed
16:35:17 <cohosh> okay great
16:36:17 <cohosh> it's a non-obvious workflow, we could probably improve that a bit
16:37:16 <dcf1> I think the messed-up state of the snowflake-webext mirror on gitlab is my fault
16:37:28 <dcf1> I was trying to do a merge request at some point without knowing what I was doing
16:37:50 <cohosh> ah okay
16:38:02 <cohosh> i know there's an open ticket for generally improving our mirrors on gitlab
16:38:36 <cohosh> https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/38
16:39:21 <cohosh> i will ping the gitlab team to see if they can reset the mirror before that is resolved though
16:42:22 <cohosh> any other questions/comments/discussion for today?
16:42:58 <phw> not for me
16:44:48 <cohosh> cool, thanks everyone!
16:44:53 <cohosh> #endmeeting