#tor-meeting log

16:00:28 <cohosh> #startmeeting tor anti-censorship meeting
16:00:28 <MeetBot> Meeting started Thu Jul  8 16:00:28 2021 UTC.  The chair is cohosh. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:28 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
16:00:35 <cohosh> welcome!
16:00:48 <cohosh> here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep
16:01:39 <cohosh> feel free to add items to the agenda and update with what you've been working on :)
16:02:33 <gaba> o/
16:03:08 <cohosh> the first announcement is very exciting, Snowflake has not been released in stable versions of Tor Browser!
16:03:12 <cohosh> *has now
16:03:29 <cohosh> that was a very confusing typo lol
16:04:09 <meskio> yeah \o/
16:04:13 <cohosh> we can already see what looks like a 2x jump in users: https://metrics.torproject.org/userstats-bridge-transport.html?start=2021-01-01&end=2021-07-10&transport=snowflake
16:05:16 <arlolra> nice
16:05:19 <cohosh> so far everything seems to be running smoothly
16:06:17 <meskio> nice
16:06:34 <meskio> does the release include android? do we know how smoothly is for people on mobile data?
16:06:46 <meskio> it used to be painful for the lack of standalone proxies
16:07:10 <cohosh> it does include android afaik, i've been using tb alpha on android for awhile and have it configured to use snowflake
16:07:22 <cohosh> i think orbot has also started ramping up their use of snowflake on android
16:08:32 <meskio> cool
16:10:09 <cohosh> it sounds like the one pain point has been issues with anti-malware software on windows
16:10:56 <meskio> at leap we used to have issues with antiviruses, is a pain to deal with it
16:11:22 <meskio> signing all the binaries should help https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18288
16:12:50 <cohosh> nice
16:13:28 <cohosh> i see we don't have a lot of discussion for today
16:13:48 <cohosh> the one action item is to update the monthly report for june: https://pad.riseup.net/p/dlSPsaKmgz_zoucqcp_N
16:14:29 <agix> hi
16:14:40 <meskio> done, I don't think I've done much more than gettor->rdsys work, everything else I did has landed in July
16:16:35 <cohosh> awesome, yeah that's a big ticket :) i'll do my pass after the meeting
16:16:45 <cohosh> anything else for today?
16:17:03 <arlolra> thanks for the review today
16:17:07 <arlolra> one question
16:17:32 <cohosh> yeah, thanks for working on it!
16:17:57 <meskio> arlolra: do you maintain the snowflake webextension?
16:17:57 <arlolra> it's a set of 4 patches, and all of the comments (apart from the using the variables one) pertain to the 4th patch
16:18:16 <arlolra> the one that actually splits out the http handlers into a separate process
16:18:21 <arlolra> do you think we could merge the first 3?
16:18:28 <arlolra> meskio: I've been helping with that, yes
16:19:03 <cohosh> meskio: we all maintain it, i think arlolra has done the most work on it :)
16:19:04 <meskio> we have extended the protocol so proxies notify the client load (snowflake#40048)
16:19:28 <meskio> AFAIK we don't need to modify the webextension for now, as it will only accept one client at a time, is that correct?
16:20:06 <cohosh> arlolra: ah that's a good question. I think it's a good idea to do that but I want to do one last pass over it before we merge, can you do a rebase and i'll get back to you asap on it?
16:20:25 <arlolra> sure
16:20:57 <arlolra> meskio: offhand, I'm not sure. we can file a task to verify and then eventually update to use the new protocol
16:21:09 <meskio> I did started the modification of the webextension, but left it in a draft and I'm happy to forget about it https://gitlab.torproject.org/meskio/snowflake-webext/-/commit/9cab39bb190221a30e91f6ea8dc047361377a74f
16:21:32 <cohosh> meskio: we don't want to increase the number of default clients for web proxies beyond one right now
16:21:40 <cohosh> but it's a good idea to use the new protocol version anyway
16:22:08 <meskio> it should be backward compatible anyway
16:22:43 <cohosh> yep
16:23:23 <cohosh> i can review this patch if you make an MR
16:23:59 <meskio> I'm not sure it works, I was looking around and found two different places where the client counter existed and the one I'm using I don't think is ever incremented
16:24:17 <meskio> anyway, allowing only a single client we could hardcode it to 0 and be done
16:24:18 <cohosh> meskio: this is reminding me that we should get you set up on the addon accounts so you can eventually do releases
16:24:44 <meskio> ok
16:24:49 <cohosh> meskio: i don't want to hardcode it since we've been trying to pave the way to seamlessly increase client counts if we want to
16:25:12 <meskio> fine, I'll give it another push to that patch and send it as a MR
16:26:31 <cohosh> thanks!
16:26:46 * cohosh searches for issue where we discussed this at one point
16:27:20 <meskio> snowflake#40048?
16:27:45 <meskio> I guess you mean an issue in the webextension
16:28:06 <cohosh> https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/25601
16:28:34 <meskio> thanks, I'll give it some reading
16:29:59 <cohosh> i have a short review for meskio or arlolra that adds something to the snowflake website: snowflake-webext!18
16:31:02 <meskio> I'm happy to take it, but if you want it arlolra go ahead
16:31:46 <cohosh> thanks!
16:33:06 <cohosh> anything else for today?
16:33:30 <meskio> I'm good
16:33:46 <anadahz> Do you know if any helpful resources exist to explain how Snowflake works?
16:33:58 <anadahz> (especially to newcomers)
16:35:25 <cohosh> anadahz: hey! we have a few links, most of which are also linked from the recent blog post: https://blog.torproject.org/snowflake-in-tor-browser-stable
16:36:17 <cohosh> our documentation is here: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home
16:36:24 <cohosh> but admittedly could use some work
16:36:44 <anadahz> cohosh: thx!
16:38:04 <maxbee> Oh I was just going to briefly mention from last week's (or the week before?) meeting re: utls that it seems like connections to the broker could theoretically benefit from it
16:38:06 <cohosh> feel free to ask questions in #tor-dev or #tor as well
16:38:51 <cohosh> maxbee: hey! yeah, thanks for following up on that!
16:39:10 <maxbee> I think it could probably depend on whether there's any data as to successes in connecting through that domain front
16:39:52 <maxbee> np - I dunno if it's particularly actionable, but just thought I'd throw it out there
16:40:13 <cohosh> yeah we use utls for the domain fronting connection in meek: https://gitweb.torproject.org/pluggable-transports/obfs4.git/tree/transports/meeklite/meek.go
16:41:41 <cohosh> as far as data, i'm guessing we'd mostly notice by looking at per-country usage metrics of snowflake
16:42:20 <cohosh> there's not an easy graphical interface for these metrics at the moment since this page lists the top 3 transports only by country: https://metrics.torproject.org/userstats-bridge-combined.html
16:44:06 <cohosh> we could manually search the extra info docs provided by collector for flakey: https://metrics.torproject.org/collector/recent/bridge-descriptors/extra-infos/
16:44:21 <maxbee> hmmmm yeah I think there's mostly only one country that would be doing tls fingerprinting and so a significant difference between snowflake performance there and in other countries as well as a significant difference between meek and snowflake in that country would be relevant
16:44:30 <cohosh> ah which country is that?
16:44:41 <maxbee> pretty sure CN
16:45:49 <maxbee> I would want to see if I could dig up some additional support for that conjecture, and there are definitely other folks who would know more than me on that, but that's been my assumption
16:46:17 <cohosh> the most recent extra-info for flakey: bridge-ips us=568,ru=440,by=296,cn=192,ir=184
16:47:11 <meskio> I guess us is because people read 'circunvention' as "extra security" and just activates it
16:47:25 <maxbee> :D
16:47:50 <cohosh> heh yeah
16:48:10 <maxbee> the other thing is that if I'm reading https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client/lib/rendezvous.go correctly, I thiiink it would be pretty easy to drop in utls there
16:48:44 <cohosh> nice! do we have an open issue for it already?
16:49:07 <meskio> there was one about fingerprintability of dtls, but I guess this is something else
16:49:23 <anadahz> BTW, have you seen Snowflake being blocked in any network?
16:50:26 <maxbee> I can open a broker utls negotiation issue. I'm definitely not wedded to the idea, but if folks want to think it over and give it a thumbs up/thumbs down I could probably take a shot at it
16:50:28 <cohosh> anadahz: sort of, originally we used Google's STUN servers and those wer blocked in China
16:51:01 <cohosh> we solved this by adding more and have an open ticket to look at GFW efforts to block snowflake
16:51:22 <cohosh> snowflake#32657
16:51:43 <cohosh> maxbee: thanks!
16:51:53 <cohosh> iiuc there's not really a downside to doing this right?
16:55:04 <maxbee> mmmm probably not, though I think utls doesn't currently support some of the newest tls1.3 features
16:55:40 <maxbee> I'd want to double check
16:56:20 <maxbee> also we'd need to pick some fingerprint or some combination of fingerprints, but I think just about anything is better than go's tls
16:56:20 <cohosh> oh i think meek-lite also uses a fork of utls if i'm recalling correctly
16:56:31 <cohosh> cool
16:58:05 <cohosh> okay i think i'll end the meeting here but we can continue discussion on #tor-dev after or on gitlab :)
16:58:11 <cohosh> thanks everyone for joining!
16:58:15 <maxbee> yay thank you!
16:58:24 <cohosh> #endmeeting