#tor-meeting log

18:59:49 <sysrqb> #startmeeting S101 Core Android Components 15 March 2022
18:59:49 <MeetBot> Meeting started Tue Mar 15 18:59:49 2022 UTC.  The chair is sysrqb. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:59:49 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:59:58 <sysrqb> hello cyberta !
19:00:03 <cyberta> :) hi
19:00:06 <sysrqb> indeed
19:00:12 <sysrqb> Pad: https://pad.riseup.net/p/sponsor101-android-components
19:01:27 <sysrqb> I didn't follow up with Guardian Project, so I don't know if _hc or anyone else is around
19:01:37 <PieroV> o/
19:01:38 <sysrqb> and ping: aguestuser PieroV
19:01:42 <sysrqb> ah, hello :)
19:02:07 <sysrqb> this may be a short meeting
19:02:18 <kwadronaut[m]> O/
19:02:20 <aguestuser> o/
19:02:27 <sysrqb> but I wanted to meet and make sure we're on the same page
19:03:08 <cyberta> hi Ankit
19:03:17 <cyberta> Ankit joined LEAP recently
19:03:26 <sysrqb> o/
19:03:29 <Ankit> Hello everyone
19:03:33 <cyberta> and will also help in the tor vpn project
19:03:34 <sysrqb> welcome
19:03:58 <cyberta> Ankit is an experienced Android dev as well
19:04:06 <sysrqb> excellent!
19:04:26 <Ankit> :)
19:04:29 <aguestuser> welcome Ankit! :)
19:04:45 <sysrqb> Ankit: this is the pad we use for taking meeting notes: https://pad.riseup.net/p/sponsor101-android-components
19:04:46 <PieroV> welcome :)
19:04:58 <sysrqb> in case you haven't seen it, we have some notes from last meeting there
19:05:32 <Ankit> yeah, looking through it, it was shared with me earlier.
19:05:36 <sysrqb> great
19:06:20 <sysrqb> to recap, last meeting we looked at Orbot's components, as documented by Guardian Project: https://docs.google.com/document/d/14mCr8c9pp5jGoGPQH-PB71YWTW6s-4dTjOKiQLgSrCs/edit
19:06:45 <sysrqb> and we discussed whether we think each component will be needed in a "tor vpn"
19:07:09 <sysrqb> and/or what feature/functionality will be needed instead of that existing component
19:07:38 <sysrqb> i believe last meeting we stopped at the last component - IPtProxy
19:07:54 <cyberta> aka pluggable transports
19:08:01 <sysrqb> yes
19:08:22 <sysrqb> currently, Guardian Project is developing it
19:08:40 <cyberta> tor-android and IPtProxy is also used in Bitmask/RiseupVPN
19:08:59 <sysrqb> the advantage of IPtProxy is that it combines the multiple Go lang pluggable transports into a single binary
19:09:41 <sysrqb> and, as a result, it reduces the total disk space needed becuase we don't include the same Go runtime in each binary for each PT
19:10:17 <cyberta> we also *need* to bundle all go libs into one big lib
19:10:30 <cyberta> to cross-compile them for mobile
19:10:45 <cyberta> using gomobile
19:10:59 <sysrqb> interesting. we were wondering if any other proejct was only using tor-android
19:11:11 <sysrqb> seems the answer is yes
19:11:24 <cyberta> yip
19:11:45 <sysrqb> did you implement your own wrapper and/or controller service, like OrbotService?
19:11:58 <sysrqb> or do you only needed the functionality exposed by TorService?
19:12:41 <cyberta> I  basically forked TorService and added an interface for IPtProxy, it became a part of TorService
19:12:49 <cyberta> but it is mostly the original TorService code
19:12:59 <cyberta> I needed only minor adaptions
19:13:12 <sysrqb> okay, that's good to know
19:13:13 <cyberta> And it is started/stopped by intents
19:14:55 <cyberta> we use our API service  to control the tor service,  but that are implementation details
19:15:57 <sysrqb> yeah. i need to look closer at OrbotService and see what is it providing - in addition to TorService
19:16:44 <cyberta> Ankit and I can do that until next week, too
19:17:36 <sysrqb> that would be very helpful, yes please
19:17:37 <sysrqb> thanks
19:19:05 <sysrqb> and for the Go libs, you said you need to bundle them together into one big library
19:19:20 <sysrqb> is that because of how the Go code is called/executed?
19:19:28 <cyberta> that is right, you cannot have multiple go runtimes
19:19:41 <sysrqb> okay, that makes sense
19:19:55 <cyberta> but it is not hard to bundle them
19:20:07 <cyberta> we do the same for Bitmask/RiseupVPN with different components
19:20:56 <cyberta> however for now I only forsee that we would use IptProxy as go dependency or?
19:21:31 <sysrqb> you use other Go libraries Bitmask/RiseupVPN?
19:21:44 <cyberta> yes
19:21:58 <cyberta> as long at IptProxy lib keeps being maintained it sounds like the way to go to me
19:22:13 <sysrqb> for now, in the Tor VPN, i believe we only need obfsproxy and snowflake, and we can investigate how we want them integrated
19:23:11 <sysrqb> Tor Browser doesn't use IPtProxy, but I'm not against using it
19:23:42 <sysrqb> but that is a discussion where we should include the anti-censorship team
19:24:04 <cyberta> ok
19:24:11 <sysrqb> currently we only compile the obfsproxy and snowflake binaries, and bundle them in the app
19:25:05 <cyberta> that is fine, too, it's more a question of convenience and governance
19:25:11 <cyberta> (to me :))
19:25:26 <sysrqb> i'm under the impress that Guardian Project would like Tor to take over responsility for IPtProxy, so that is a larger/different discussion, too
19:25:30 <sysrqb> *impression
19:27:25 <cyberta> shall I give an update wrt.  onionmasq prototyping?
19:27:51 <sysrqb> cyberta: ah, yes please - I'm just typing some notes
19:28:32 <cyberta> we don't have the JNI yet ready for arti, but we're working on it
19:28:49 <cyberta> so the integration of arti into any java service is not yet finished
19:29:30 <cyberta> however I see it as the next pending step
19:30:09 <cyberta> next to that I investigated how we can build tor circuits per app
19:30:52 <cyberta> based on ip package to Android UID mapping
19:31:47 <cyberta> it seems to be possible to filter packages per app and handle them separately
19:32:44 <Ankit> Android VPN APIs also have provision to either exclude certain apps or include certain apps.
19:33:00 <cyberta> right
19:33:17 <cyberta> ankit will work on UI parts to select apps in the toy vpn prototype
19:33:33 <Ankit> yep
19:33:48 <sysrqb> excellent
19:34:05 <sysrqb> that's good progress
19:34:53 <cyberta> I think that's it for now wrt. onionmasq
19:34:56 <kwadronaut[m]> Committee 2 was talking about that last week a well (circuits per App).
19:35:08 <cyberta> interesting
19:35:20 <cyberta> what was the outcome?
19:35:30 <cyberta> and hi kwadronaut[m] :)
19:35:43 <sysrqb> part of our discussion at our last meeting here is how (or what) replaces TorService when we integrate Arti instead of Tor
19:36:05 <kwadronaut[m]> No answers iirc, hard questions because we're limited in what we can do.
19:36:13 <sysrqb> to me, this sounds like the JNI is in-progress and we should begin learning more about what is needed
19:37:05 <sysrqb> like, do we try dropping Arti into TorService, and just adapt TorService so it talked with Arti
19:37:26 <sysrqb> or do we build a new wrapper around Arti and that JNI
19:37:27 <cyberta> I think for a first iteration that is reasonable
19:37:39 <cyberta> (the former)
19:37:55 <sysrqb> i don't expect immediate answers, I know this is a work-in-progress :)
19:38:11 <sysrqb> okay
19:39:11 <sysrqb> we should be flexible, and have a goal of creating a library that makes Tor integration easy for developers
19:39:20 <kwadronaut[m]> The learning part is a good plan though :)
19:39:37 <sysrqb> if maintaining TorService is the best option, then that's fine with me
19:39:49 <sysrqb> kwadronaut[m]: yep :)
19:40:32 <sysrqb> but i want to make sure everyone understands that we are not required to use TorService if it's not best for us
19:42:07 <sysrqb> i know there are other discussions that will happen soon around defining the "Arti Interface"
19:42:13 <cyberta> is it a question if we are required to keep the API backwards compatible to current TorService?
19:42:28 <cyberta> so that it can be a drop-in replacement?
19:42:30 <sysrqb> so our "best option" may change as those discussion develop
19:42:39 <cyberta> or are we flexible with it as well?
19:42:56 <sysrqb> cyberta: i would argue that we're flexible there
19:43:06 <sysrqb> i would like to make migrating easy
19:43:13 <cyberta> ok, good
19:43:18 <sysrqb> but that isn't a specific priority of this project
19:45:22 <sysrqb> any other reports/comments/questions?
19:45:34 <cyberta> not from my side
19:45:57 <kwadronaut[m]> Logistics: next meeting in 2 weeks?
19:46:13 <sysrqb> i'll work on scheduling a meeting with Guardian Project regarding Orbot's components
19:46:22 <sysrqb> kwadronaut[m]: yes, that's correct
19:47:02 <cyberta> always tuesdays 19 UTC now, right?
19:47:10 <sysrqb> yes
19:47:13 <cyberta> cool
19:47:27 <kwadronaut[m]> Meeting gp sooner than later is a good idea, thanks for taking that on
19:47:57 <sysrqb> yep. alright, if nothing else, then thanks for coming everyone and talk with you soon!
19:48:06 <cyberta> ciao
19:48:11 <kwadronaut[m]> cyberta: No DST changes? Aguestuser had that question earlier today
19:48:21 <PieroV> bye
19:48:27 <sysrqb> #endmeeting