16:00:29 <cohosh> #startmeeting tor anti-censorship meeting 16:00:29 <MeetBot> Meeting started Thu Sep 2 16:00:29 2021 UTC. The chair is cohosh. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:29 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 16:00:38 <cohosh> welcome! 16:00:41 <meskio> hello 16:00:51 <cohosh> here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep 16:01:06 <ggus> hi o/ 16:01:33 <cohosh> please add items to the agenda :) 16:02:08 * ggus loading the pad 16:03:08 <cohosh> dcf1: you want to lead for the first discussion item? 16:03:24 <dcf1> I was just keeping an eye on the snowflake bridge 16:03:53 <dcf1> It's chugging along, but I wonder if there are some easy ways to reduce CPU use 16:04:16 <dcf1> There's also https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40064 about CPU use in proxies 16:04:28 <cohosh> yeah, profiling sounds like a good next step there in both cases 16:04:43 <dcf1> Nothing urgent, as we still have CPU capacity on the bridge, just something I was thinking about 16:05:10 <dcf1> I wasn't sure how to do a profiling run for the bridge. Do we stop and start it (interrupting ongoing connections) or try to simulate use on a non-production installation? 16:06:07 <cohosh> i would suggest first profiling using snowbox or another non-production deployment 16:06:13 <meskio> the issue about CPU in proxies was someone with 1.3k connections, will be nice to make the proxy able to do that, but that sounds like a high load for a proxy anyway 16:07:00 <cohosh> meskio: yeah you raised a good point on that ticket that it probably occurred once we lifted the cap on client connections by default 16:07:40 <cohosh> for the bridge, if we can't find any obvious improvements on a toy deployment, then i think we can profile in production 16:07:57 <dcf1> ok, good point meskio, maybe the proxy is not such a priority 16:08:01 <dcf1> ok cohosh 16:09:53 <cohosh> anything else for this discussion? 16:09:56 <dcf1> no 16:10:10 <cohosh> cool, the next item is about reading group 16:10:34 <dcf1> I'm looking at the list of recently published papers and it's getting pretty daunting 16:10:45 <dcf1> might be nice to make a dent in it 16:10:57 <dcf1> FOCI short papers are out since last week 16:11:05 <dcf1> https://dl.acm.org/doi/proceedings/10.1145/3473604 16:11:06 <cohosh> now that meskio is back and the netteam hiring is cooling down a bit i'm totally in to restart these :D 16:12:22 <cohosh> anyone have a preference on what to start with? 16:13:58 * dcf1 browsing 16:15:38 <dcf1> I'm looking at maybe BlindTLS (FOCI) or Balboa (USENIX) 16:16:40 <cohosh> both really good picks XD 16:17:02 <cohosh> balboa is a longer paper so maybe we ease in with the shorter FOCI paper? 16:17:14 <meskio> sounds good :) 16:17:16 <dcf1> ok 16:17:54 <meskio> are we doing it next week? 16:18:09 <dcf1> call it 2 weeks, 16 September 16:18:37 <cohosh> cool! i might be afk that week but that's alright 16:19:20 <cohosh> i'll be around the week after 16:19:42 <meskio> we can do it the week after, 23 Sept 16:20:44 <cohosh> ok, let's do that 16:20:47 <cohosh> heh 16:21:02 <cohosh> ggus: i think the next discussion item is yours? 16:21:25 <ggus> yes 16:21:48 <ggus> so, this week we're running the docshackathon to update tor user documentation (tb-manual, support, community portals) 16:22:24 <ggus> i created a new entry for support portal regarding circumventing gfw https://gitlab.torproject.org/tpo/web/support/-/issues/210 16:22:51 <ggus> if someone from ac team could review it, that would be nice 16:23:24 <cohosh> nice! 16:23:27 * cohosh looks 16:24:08 <ggus> and the other thing regarding docshackathon is that i want to merge support.tpo/gettor into support.tpo/censorship. so in one section users can find AC docs. 16:24:24 <ggus> what do you think? it's a small change 16:24:58 <ggus> https://support.torproject.org/gettor/ 16:25:06 <ggus> https://support.torproject.org/censorship/ 16:25:16 <cohosh> yeah that merge makes sense to me 16:25:18 <meskio> I think is a good idea 16:25:40 <ggus> okk! i will open a ticket and work on this. :) 16:25:44 <meskio> there is also gettor.tpo that someday should go away, maybe in the rework of bridgedb UX 16:26:21 <meskio> is funny that it says gettor via twitter is under maintenance, AFAIK is not working for years 16:26:32 <meskio> but I'm planning to get it back to work 16:26:36 <meskio> it will take some months 16:26:57 <ggus> if it's planned, than it's okay to keep it. 16:27:19 <meskio> yes: rdsys#40 16:28:17 <ggus> okay, i will leave it there, so we can update in the future 16:28:38 <meskio> +1 16:29:48 <cohosh> thanks ggus! web/support!45 looks good to me too 16:30:09 <ggus> yay! :o) 16:32:20 <meskio> yes, looks pretty good :) 16:32:35 <cohosh> anything else for today? 16:32:42 <cohosh> i see a TM update item on the discussion now 16:32:54 <ggus> a short update about TM 16:33:13 <ggus> yesterday i asked a contact to run OONI test, but looks like ooni backend is blocked 16:33:38 <ggus> today i asked them to use Psiphon proxy, but it's also blocked 16:34:04 <dcf1> I was stunned at the breadth of domains blocked as measured by Censored Planet 16:34:06 <ggus> i will try to put together some instructions how to add a private bridge in orbot and then connect to OONI. 16:34:12 <cohosh> yeah that's intense 16:34:18 <dcf1> https://github.com/net4people/bbs/issues/80#issuecomment-903036031 16:34:41 <cohosh> does using ooni + orbot provide accurate measurements? 16:35:02 <cohosh> i guess it's good that the backend connections go through orbot but the actual tests shouldn't right? 16:35:06 <dcf1> Tons of google.com domains, apple.com, microsoft.com, it's pretty hardcore 16:35:07 <ggus> cohosh: they would use orbot just to send the measurements to ooni 16:36:42 <cohosh> oof, i wonder if any of our gettor endpoints still work there 16:37:11 <dcf1> archive.org maybe? don't see that on the list, and it is probably tested by Censored Planet 16:38:27 <dcf1> it's bidirectional, so we can check real quick 16:38:45 <dcf1> dig @95.85.120.6 +noedns +timeout=2 archive.org 16:38:50 <dcf1> ;; connection timed out; no servers could be reached 16:38:59 <cohosh> :/ 16:39:02 <dcf1> no dns injection on archive.org 16:39:08 <cohosh> ah ok 16:39:21 <dcf1> dig @95.85.120.6 +noedns +timeout=5 hangouts.google.com 16:39:27 <dcf1> ;; ANSWER SECTION: 16:39:27 <dcf1> hangouts.google.com. 300 IN A 127.0.0.1 16:39:31 <dcf1> that's an injected domain 16:40:19 <dcf1> no injection on HTTPS nor HTTP either, apparently 16:40:27 <dcf1> curl --connect-to ::telecom.tm: https://archive.org/ 16:40:27 <dcf1> curl: (60) SSL: no alternative certificate subject name matches target host name 'archive.org' 16:40:37 <dcf1> curl --connect-to ::telecom.tm: http://archive.org/ -D - 16:40:37 <dcf1> HTTP/1.1 301 Moved Permanently 16:41:00 <dcf1> That's surprising, I would expect archive.org to be blocked before some of the other domains on the lists 16:41:30 <cohosh> yeah 16:42:50 <cohosh> thanks for following up on this ggus 16:43:51 <ggus> i thought that TM would be a quick and easy investigation :( 16:44:56 <dcf1> it's good to start putting it on the map in terms of documented measurement 16:45:22 <cohosh> yeah 16:47:06 <dcf1> I think Turkmenistan doesn't have a Freedom on the Net entry even https://freedomhouse.org/country/turkmenistan 16:47:37 <dcf1> https://freedomhouse.org/report/freedom-net/2020/pandemics-digital-shadow 16:47:49 <dcf1> there is a country list from somewhere on that page, but I can't find it right now 16:47:53 <meskio> I was thinking on other approaches for gettor if the providers get blocked, we could attach to the emails a binary with tor+snowflake that downloads TBB... 16:47:59 <ggus> https://freedomhouse.org/countries/freedom-world/scores 16:48:01 <ggus> this one? 16:48:19 <dcf1> Freedom on the Net and Freedom in the World are two different reports, I think 16:48:51 <dcf1> https://freedomhouse.org/report/freedom-net 16:50:25 <cohosh> meskio: yeah, it's a good problem to think about going forward 16:52:40 <cohosh> okay, anythign else for today? 16:52:58 <ggus> i'm good 16:53:02 <cohosh> we have our montly report: https://pad.riseup.net/p/l7d6oBd40EQa3u7cFxIk 16:53:11 <cohosh> combining july + august 16:53:23 <cohosh> please update it with what you've worked on when you have a chance :) 16:53:33 <meskio> I'll try to do it tomorrow 16:53:40 <cohosh> meskio: thanks! 16:55:13 * cohosh waits a few mins 16:57:31 <cohosh> #endmeeting