15:58:50 <cohosh> #startmeeting tor anti-censorship meeting 15:58:50 <MeetBot> Meeting started Thu Oct 8 15:58:50 2020 UTC. The chair is cohosh. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:58:50 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 15:58:53 <cohosh> hey! 15:58:57 <agix> hi 15:59:06 <gaba> hi 15:59:09 <cohosh> here's our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep 15:59:45 <phw> o/ 15:59:56 <hanneloresx> hi 16:00:52 <cohosh> first up is an announcement on kyle, jordan, and prateek's snowflake report: https://arxiv.org/abs/2008.03254 16:01:35 <cohosh> i'm excited to look more into how we can apply these results to snowflake 16:02:09 <cohosh> are any of them here today? 16:03:09 <cohosh> seems like no 16:03:22 <cohosh> okay next up is a snowflake discussion item 16:03:39 <cohosh> i've been processing some snowflake measurements 16:04:02 <cohosh> and one of the biggest problems we're still facing is this NAT traversal issue that some clients have 16:04:19 <cohosh> we narrrowed down the cause to NAT behaviour in snowflake#33666 16:04:45 <cohosh> and have been implementing several solutions to try to match up these clients with proxies that have compatible NAT types 16:05:17 <cohosh> these solutions were largely ineffective because most of our proxies are browser based and we can't implement the NAT behaviour checks due to limitations on the networking requests we can make from browsers 16:05:25 <cohosh> (this is a browser security feature) 16:05:28 <phw> if i'm reading the stats right, 24% of client-to-proxy matches failed according to our latest metrics batch 16:05:50 <cohosh> phw: these are the broker stats? 16:06:10 <phw> i looked at the bottom record of https://snowflake-broker.bamsoftware.com/metrics 16:06:46 <cohosh> yup this is a different issue 16:06:54 <cohosh> that i made snowflake-webext#17 to address 16:07:00 <phw> oh, i see 16:07:11 <cohosh> there it looks like we need to up our proxy poll rate 16:07:38 <cohosh> for my personal proxy, i'm seeing "Number of users your Snowflake has helped circumvent censorship in the last 24 hours: 25" 16:07:41 <cohosh> which is pretty high 16:08:14 <dcf1> hmm yeah 16:08:23 <cohosh> the NAT issue is for proxies that were successfully handed out by the broker, but were incompatible with the client 16:08:58 * phw searches for "chrome snowflake extension" and finds https://chrome.google.com/webstore/detail/snowflake/cghmhcoebaiodpdicjacfllplandkfpa?hl=en-US 16:09:22 <cohosh> but for the client denied count issue, maybe we need to upt he poll rate to even more than what i did in the merge request for that issue 16:09:52 <cohosh> i guess there's no reason not to have them poll very frequently since the reason for slowing the poll in the first place was to help with #33666 16:11:05 <cohosh> but for the NAT issue specifically i filed snowflake#40013 as a possible next solution to try 16:12:00 <dcf1> The idea is to set up a simulated Snowflake client behind restricted NAT and have proxies test themselves by trying to connect to it? 16:12:09 <cohosh> yup 16:13:52 <phw> sounds like a reasonable next step to me 16:13:52 <dcf1> It's one more thing to maintain, but the idea is good 16:14:18 <cohosh> yeah, maintenance is my main concern 16:14:39 <phw> i wonder if we already have similar code that we could extend/reuse but cannot think of any 16:14:46 <cohosh> i don't think we should make proxies dependent on it the way they are dependent on the snowflake bridge probe test 16:15:14 <cohosh> phw: we have some work in progress code for snowflake#32938 16:15:41 <cohosh> so we can have proxies default to an unknown NAT type if the probe test fails 16:16:15 <phw> good idea 16:16:18 <cohosh> but yeah i'd like to at least try deploying it and seeing if it gets us anywhere and if it does, deciding how to make it as easily maintainable for us as possible 16:17:45 <dcf1> It's probably something to add to https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Guides/Snowflake-Broker-Installation-Guide https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Guides/Snowflake-Broker-Survival-Guide 16:17:55 <dcf1> Or maybe it's conceptually better grouped with the bridge 16:18:00 <phw> how much time do you think it would take to build an mvp of this probe service? 16:18:03 <cohosh> dcf1: good call! 16:18:38 <phw> i'll also add it to our monit configuration once it's live 16:18:44 <cohosh> phw: probably just a week. it involves the probe service itself, and some changes to the proxy-broker protocol 16:19:14 <cohosh> and we hav a good start from the throughput testing code 16:20:02 <cohosh> my thoughts were that it would be grouped with the broker since we have proxies running on the bridge 16:20:29 <cohosh> but i don't think it makes a huge difference either way 16:21:16 <phw> sounds like a good plan to me! 16:21:20 <cohosh> okay i'll move forward on implementing this then, thanks! 16:21:34 <cohosh> i will also have some measurements from our vps in china for next meeting 16:21:46 <cohosh> the tl;dr is that none of the stun servers appear to be blocked 16:21:54 <cohosh> but the throughput from china is not looking good 16:22:13 <cohosh> i'll have something more concrete soon 16:22:42 <dcf1> We have a fair number of users now, I wonder if there's a way to communicate with any of them about their experience https://metrics.torproject.org/rs.html#details/5481936581E23D2D178105D44DB6915AB06BFB7F 16:23:49 <phw> nice, that's a pretty steady increase since january 16:24:21 <cohosh> we might get another bump after the effects of snowflake#33157 are measured 16:24:40 <dcf1> Yeah I'm expecting the inbound/outbound graphs to converge after that 16:25:21 <dcf1> https://lists.torproject.org/pipermail/metrics-team/2020-March/001142.html 16:25:48 <phw> maybe a tor-talk@ thread that solicits feedback would reach a subset of snowflake users? 16:27:10 <cohosh> hmm yes maybe. we should coordinate with antonela on this to come up with some text 16:28:51 <cohosh> okay let's move on to actions 16:29:06 <cohosh> here is the pad for the september monthly report: https://pad.riseup.net/p/1lE-JDUjauoQL6lAGd5t 16:29:38 <cohosh> any more discussion items before we move on to our needs help with? 16:30:46 * cohosh takes that as a no 16:31:45 <cohosh> snowflake-webext!5 for me will be a very short review, mostly to approve bumping the poll rate. i think decreasing the interval by even more is a better idea 16:32:01 <dcf1> Decreasing even more is fine with me 16:32:08 <cohosh> dcf1 has snowflake-webext#15 16:32:52 <dcf1> I will update the file but I don't know how any of the translation stuff works 16:33:01 <dcf1> I approved snowflake-webext!5 16:33:07 <cohosh> dcf1: thanks! 16:33:43 <phw> it was reviewed before the review was even requested. that must be a review 0-day 16:34:00 <cohosh> dcf1: my understanding is that to update strings, we update static/_locales/en_US/messages.json 16:34:09 <cohosh> lol phw 16:34:50 <dcf1> cohosh: aha, and that gets imported automatically into the translations subrepo somehow? 16:34:59 <cohosh> yup! 16:35:13 <cohosh> if it doesn't then there's a bug in the backend of things 16:35:13 <dcf1> thanks, that is what I needed 16:35:17 <cohosh> okay great 16:36:17 <cohosh> it's a non-obvious workflow, we could probably improve that a bit 16:37:16 <dcf1> I think the messed-up state of the snowflake-webext mirror on gitlab is my fault 16:37:28 <dcf1> I was trying to do a merge request at some point without knowing what I was doing 16:37:50 <cohosh> ah okay 16:38:02 <cohosh> i know there's an open ticket for generally improving our mirrors on gitlab 16:38:36 <cohosh> https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/38 16:39:21 <cohosh> i will ping the gitlab team to see if they can reset the mirror before that is resolved though 16:42:22 <cohosh> any other questions/comments/discussion for today? 16:42:58 <phw> not for me 16:44:48 <cohosh> cool, thanks everyone! 16:44:53 <cohosh> #endmeeting