15:58:37 <cohosh> #startmeeting tor anticensorship meeting 15:58:37 <MeetBot> Meeting started Thu Jan 7 15:58:37 2021 UTC. The chair is cohosh. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:58:37 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 15:58:43 <cohosh> happy new year 15:58:49 <phw> first meeting of 2021! 15:59:08 <agix> hey, happy new year! 15:59:20 <cohosh> :D 15:59:50 <cohosh> here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep 15:59:58 <cohosh> dcf1: i think you have the first announcement 16:00:34 <dcf1> The Counter-Power Lab, who contracted with me for the Turbo Tunnel work, is required to get a security audit of work they fund 16:01:10 <dcf1> This includes the parts that affect Snowflake I believe, and I've invited them to interact with the anti-censorship team and not me exclusively on the Snowflake parts 16:01:35 <dcf1> Current status is I sent them a summary of the work and links to all the source code, and they are coming up with a plan and scope of work. 16:01:58 <cohosh> oh nice 16:02:37 <dcf1> next discussion point is mine too 16:03:00 <dcf1> I found a link where a user was worried about their snowflake extension connecting to bamsoftware.com 16:03:23 <dcf1> I looked at it a little bit and thought that we had cahnged the doamin (in the extension) quite a long time ago 16:03:50 <dcf1> my question is, am I wrong about the domain being changed; and if not, how did this user get an extension that still connects to this old domain? 16:04:01 <cohosh> huh 16:04:34 <cohosh> you're right, it should have been changed 16:04:41 <dcf1> They link the right addons page, https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/ in the reddit post 16:05:02 <dcf1> Possibly they deliberately installed a very old version? Maybe there is something wrong with the packaging? 16:05:13 <phw> snowflake-broker.bamsoftware.com is a cname for snowflake-broker.freehaven.net. maybe that's the issue? 16:05:15 <cohosh> there is one edge case i've been worried about, which is that a long time ago we checked a box to make the extension available on android 16:05:38 <cohosh> we stopped checking the box because it wasn't at all useful 16:05:54 <dcf1> mhmm 16:06:04 <cohosh> but maybe there were some users who added the extension that way who still ahve a super old version? 16:06:26 <dcf1> checking just now: `unzip -p snowflake-0.5.2-fx.xpi | grep bamsoft` (no output). `unzip -p snowflake-0.5.2-fx.xpi | grep freehav` (Config.prototype.brokerUrl = 'snowflake-broker.freehaven.net';) 16:06:46 <dcf1> Or maybe a super old version is all that's available to install for android? 16:07:40 <cohosh> right, yeah 16:08:00 <cohosh> i hoped that failing to check the box would somehow make it not installable that way 16:08:14 <cohosh> or discontinue extensions that were installed 16:09:11 <cohosh> is malwarebytes a windows thing though? 16:09:15 <phw> malwarebytes may be looking at dns reqs without considering the semantics of a cname, in which case it always sees the bamsoftware domain 16:09:32 <dcf1> Okay is there something actionable we can do here? Open a ticket to at least see what the add-ons page offers on Android? 16:09:51 <cohosh> that makes sense 16:09:51 <dcf1> phw: that's a good thought. 16:10:05 <cohosh> that seems more likely 16:10:14 <dcf1> dig snowflake.freehaven.net 16:10:17 <dcf1> ;; ANSWER SECTION: 16:10:17 <dcf1> snowflake.freehaven.net. 3600 IN CNAME snowflake.bamsoftware.com. 16:10:17 <dcf1> snowflake.bamsoftware.com. 86400 IN A 37.218.242.151 16:10:49 <phw> i just tested with wireshark: i see bamsoftware.com in my dns responses when i turn snowflake on 16:11:30 <dcf1> great, sounds like the mystery is solved 16:11:42 <dcf1> now is it a good course of action to make *.freehaven.net plain A records? 16:11:51 <cohosh> yeah, or the torproject.net domains 16:12:01 <cohosh> and then make freehaven and CNAME for torproject.net 16:12:23 <dcf1> seems that *.torproject.net are already not CNAMES 16:12:44 <cohosh> aha okay so maybe just change the CNAME for freehaven 16:12:51 <dcf1> ok, I'll make a ticket to that effect 16:12:57 <cohosh> thanks dcf1 16:12:58 <dcf1> thanks for the laser debugging 16:14:06 <cohosh> okay the next discussion item is to pick a reading 16:14:28 <cohosh> are we interested in starting this up again? 16:14:59 <dcf1> On BBS I have a list of reading I'm behind on https://github.com/net4people/bbs/wiki/Reading-list 16:15:21 <phw> i'm neutral on this because i often failed to read the papers 16:17:04 <agix> i would prefer to keep it up, but I leave it up to you guys 16:17:05 <cohosh> i've really liked the chance to have discussions with people outside of tor 16:17:05 <phw> (i'm not going to pick a paper because it's a bit rude to suggest reading that i may not read myself) 16:17:32 <cohosh> the psiphon paper looks like it might be directly relevant to us 16:17:39 <cohosh> https://tics.site/proceedings/2019a/icn_2019_7_10_38005.pdf 16:18:32 <phw> i'd be up for reading that 16:18:44 <agix> +1 16:19:22 <cohosh> cool, so two weeks from now.. on january 21st? 16:19:32 <cohosh> it's also a shorter paper (5 pages) 16:19:34 <phw> sounds good! 16:19:43 <phw> yes, a light read to ease into 2021 16:20:46 <cohosh> okay and then one last action item to update the monthly report for december: https://pad.riseup.net/p/mh4PvdOzncZlcxwHGROn 16:22:04 <cohosh> let's look at our needs help with 16:22:32 <cohosh> phw: i can do bridgestrap!5 16:22:41 <phw> cohosh: thanks! 16:22:47 <dcf1> I'll do snowflake!25 16:22:54 <cohosh> thanks dcf1 16:23:36 <cohosh> anything else for today? 16:23:43 <phw> not from me 16:24:26 <agix> nope 16:24:39 <arma2> i also had a report from a family member whose AV was triggering on their snowflake firefox extension 16:24:53 <arma2> every time their snowflake connected to the broker, it popped up an "omg malware" window on their windows system 16:25:08 <cohosh> oof this is a good thing to get fixed 16:25:10 <dcf1> arma2: I'll assign the ticket I make to you, as you are probably the one who can change freehaven.net DNS records? 16:25:12 <arma2> sounds like it might be the same issue as the backlog 16:25:24 <arma2> yes, i can change dns records for freehaven 16:25:31 <dcf1> ok 16:25:36 <arma2> at least, i think. we'll see if i have the skillz. but if not me, nobody 16:26:06 <arma2> cohosh: yeah, they saw the defcon talk from years ago and were like "finally i will help roger with something" and now they run cupcake and snowflake 16:26:20 <arma2> i'm not sure if running cupcake is even wise at this point 16:26:30 <cohosh> we kicked out cupcake users 16:26:38 <arma2> but also, cupcake wasn't the extension causing the problem, so i left that one alone :) 16:26:41 <cohosh> just by checking what version they are running 16:26:45 <arma2> ok 16:27:11 <cohosh> if it gets updated it'll work again 16:28:00 <cohosh> alright i'll close the meeting for today 16:28:04 <cohosh> have a great week everyone! 16:28:08 <cohosh> #endmeeting