#tor-meeting log

16:00:29 <cohosh> #startmeeting tor anti-censorship meeting
16:00:29 <MeetBot> Meeting started Thu Sep  2 16:00:29 2021 UTC.  The chair is cohosh. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:29 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
16:00:38 <cohosh> welcome!
16:00:41 <meskio> hello
16:00:51 <cohosh> here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep
16:01:06 <ggus> hi o/
16:01:33 <cohosh> please add items to the agenda :)
16:02:08 * ggus loading the pad
16:03:08 <cohosh> dcf1: you want to lead for the first discussion item?
16:03:24 <dcf1> I was just keeping an eye on the snowflake bridge
16:03:53 <dcf1> It's chugging along, but I wonder if there are some easy ways to reduce CPU use
16:04:16 <dcf1> There's also https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40064 about CPU use in proxies
16:04:28 <cohosh> yeah, profiling sounds like a good next step there in both cases
16:04:43 <dcf1> Nothing urgent, as we still have CPU capacity on the bridge, just something I was thinking about
16:05:10 <dcf1> I wasn't sure how to do a profiling run for the bridge. Do we stop and start it (interrupting ongoing connections) or try to simulate use on a non-production installation?
16:06:07 <cohosh> i would suggest first profiling using snowbox or another non-production deployment
16:06:13 <meskio> the issue about CPU in proxies was someone with 1.3k connections, will be nice to make the proxy able to do that, but that sounds like a high load for a proxy anyway
16:07:00 <cohosh> meskio: yeah you raised a good point on that ticket that it probably occurred once we lifted the cap on client connections by default
16:07:40 <cohosh> for the bridge, if we can't find any obvious improvements on a toy deployment, then i think we can profile in production
16:07:57 <dcf1> ok, good point meskio, maybe the proxy is not such a priority
16:08:01 <dcf1> ok cohosh
16:09:53 <cohosh> anything else for this discussion?
16:09:56 <dcf1> no
16:10:10 <cohosh> cool, the next item is about reading group
16:10:34 <dcf1> I'm looking at the list of recently published papers and it's getting pretty daunting
16:10:45 <dcf1> might be nice to make a dent in it
16:10:57 <dcf1> FOCI short papers are out since last week
16:11:05 <dcf1> https://dl.acm.org/doi/proceedings/10.1145/3473604
16:11:06 <cohosh> now that meskio is back and the netteam hiring is cooling down a bit i'm totally in to restart these :D
16:12:22 <cohosh> anyone have a preference on what to start with?
16:13:58 * dcf1 browsing
16:15:38 <dcf1> I'm looking at maybe BlindTLS (FOCI) or Balboa (USENIX)
16:16:40 <cohosh> both really good picks XD
16:17:02 <cohosh> balboa is a longer paper so maybe we ease in with the shorter FOCI paper?
16:17:14 <meskio> sounds good :)
16:17:16 <dcf1> ok
16:17:54 <meskio> are we doing it next week?
16:18:09 <dcf1> call it 2 weeks, 16 September
16:18:37 <cohosh> cool! i might be afk that week but that's alright
16:19:20 <cohosh> i'll be around the week after
16:19:42 <meskio> we can do it the week after, 23 Sept
16:20:44 <cohosh> ok, let's do that
16:20:47 <cohosh> heh
16:21:02 <cohosh> ggus: i think the next discussion item is yours?
16:21:25 <ggus> yes
16:21:48 <ggus> so, this week we're running the docshackathon to update tor user documentation (tb-manual, support, community portals)
16:22:24 <ggus> i created a new entry for support portal regarding circumventing gfw https://gitlab.torproject.org/tpo/web/support/-/issues/210
16:22:51 <ggus> if someone from ac team could review it, that would be nice
16:23:24 <cohosh> nice!
16:23:27 * cohosh looks
16:24:08 <ggus> and the other thing regarding docshackathon is that i want to merge support.tpo/gettor into support.tpo/censorship. so in one section users can find AC docs.
16:24:24 <ggus> what do you think? it's a small change
16:24:58 <ggus> https://support.torproject.org/gettor/
16:25:06 <ggus> https://support.torproject.org/censorship/
16:25:16 <cohosh> yeah that merge makes sense to me
16:25:18 <meskio> I think is a good idea
16:25:40 <ggus> okk! i will open a ticket and work on this. :)
16:25:44 <meskio> there is also gettor.tpo that someday should go away, maybe in the rework of bridgedb UX
16:26:21 <meskio> is funny that it says gettor via twitter is under maintenance, AFAIK is not working for years
16:26:32 <meskio> but I'm planning to get it back to work
16:26:36 <meskio> it will take some months
16:26:57 <ggus> if it's planned, than it's okay to keep it.
16:27:19 <meskio> yes: rdsys#40
16:28:17 <ggus> okay, i will leave it there, so we can update in the future
16:28:38 <meskio> +1
16:29:48 <cohosh> thanks ggus! web/support!45 looks good to me too
16:30:09 <ggus> yay! :o)
16:32:20 <meskio> yes, looks pretty good :)
16:32:35 <cohosh> anything else for today?
16:32:42 <cohosh> i see a TM update item on the discussion now
16:32:54 <ggus> a short update about TM
16:33:13 <ggus> yesterday i asked a contact to run OONI test, but looks like ooni backend is blocked
16:33:38 <ggus> today i asked them to use Psiphon proxy, but it's also blocked
16:34:04 <dcf1> I was stunned at the breadth of domains blocked as measured by Censored Planet
16:34:06 <ggus> i will try to put together some instructions how to add a private bridge in orbot and then connect to OONI.
16:34:12 <cohosh> yeah that's intense
16:34:18 <dcf1> https://github.com/net4people/bbs/issues/80#issuecomment-903036031
16:34:41 <cohosh> does using ooni + orbot provide accurate measurements?
16:35:02 <cohosh> i guess it's good that the backend connections go through orbot but the actual tests shouldn't right?
16:35:06 <dcf1> Tons of google.com domains, apple.com, microsoft.com, it's pretty hardcore
16:35:07 <ggus> cohosh: they would use orbot just to send the measurements to ooni
16:36:42 <cohosh> oof, i wonder if any of our gettor endpoints still work there
16:37:11 <dcf1> archive.org maybe? don't see that on the list, and it is probably tested by Censored Planet
16:38:27 <dcf1> it's bidirectional, so we can check real quick
16:38:45 <dcf1> dig @95.85.120.6 +noedns +timeout=2 archive.org
16:38:50 <dcf1> ;; connection timed out; no servers could be reached
16:38:59 <cohosh> :/
16:39:02 <dcf1> no dns injection on archive.org
16:39:08 <cohosh> ah ok
16:39:21 <dcf1> dig @95.85.120.6 +noedns +timeout=5 hangouts.google.com
16:39:27 <dcf1> ;; ANSWER SECTION:
16:39:27 <dcf1> hangouts.google.com.    300     IN      A       127.0.0.1
16:39:31 <dcf1> that's an injected domain
16:40:19 <dcf1> no injection on HTTPS nor HTTP either, apparently
16:40:27 <dcf1> curl --connect-to ::telecom.tm: https://archive.org/
16:40:27 <dcf1> curl: (60) SSL: no alternative certificate subject name matches target host name 'archive.org'
16:40:37 <dcf1> curl --connect-to ::telecom.tm: http://archive.org/ -D -
16:40:37 <dcf1> HTTP/1.1 301 Moved Permanently
16:41:00 <dcf1> That's surprising, I would expect archive.org to be blocked before some of the other domains on the lists
16:41:30 <cohosh> yeah
16:42:50 <cohosh> thanks for following up on this ggus
16:43:51 <ggus> i thought that TM would be a quick and easy investigation :(
16:44:56 <dcf1> it's good to start putting it on the map in terms of documented measurement
16:45:22 <cohosh> yeah
16:47:06 <dcf1> I think Turkmenistan doesn't have a Freedom on the Net entry even https://freedomhouse.org/country/turkmenistan
16:47:37 <dcf1> https://freedomhouse.org/report/freedom-net/2020/pandemics-digital-shadow
16:47:49 <dcf1> there is a country list from somewhere on that page, but I can't find it right now
16:47:53 <meskio> I was thinking on other approaches for gettor if the providers get blocked, we could attach to the emails a binary with tor+snowflake that downloads TBB...
16:47:59 <ggus> https://freedomhouse.org/countries/freedom-world/scores
16:48:01 <ggus> this one?
16:48:19 <dcf1> Freedom on the Net and Freedom in the World are two different reports, I think
16:48:51 <dcf1> https://freedomhouse.org/report/freedom-net
16:50:25 <cohosh> meskio: yeah, it's a good problem to think about going forward
16:52:40 <cohosh> okay, anythign else for today?
16:52:58 <ggus> i'm good
16:53:02 <cohosh> we have our montly report: https://pad.riseup.net/p/l7d6oBd40EQa3u7cFxIk
16:53:11 <cohosh> combining july + august
16:53:23 <cohosh> please update it with what you've worked on when you have a chance :)
16:53:33 <meskio> I'll try to do it tomorrow
16:53:40 <cohosh> meskio: thanks!
16:55:13 * cohosh waits a few mins
16:57:31 <cohosh> #endmeeting