15:57:35 <meskio> #startmeeting tor anti-censorship meeting 15:57:35 <MeetBot> Meeting started Thu Nov 16 15:57:35 2023 UTC. The chair is meskio. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:57:35 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 15:57:38 <meskio> hello everybody 15:57:43 <meskio> here is our meeting pad: https://pad.riseup.net/p/r.9574e996bb9c0266213d38b91b56c469 15:57:46 <ggus> hi :) 15:57:50 <meskio> notice that we have changed the pad, and this is the read-only version 15:57:52 <meskio> ask me in private to give you the link of the pad to be able to edit it if you don't have it 15:57:54 <meskio> I'll wait few minutes for everybody to add you've been working on and put items on the agenda 16:01:24 <meskio> half of ACT team is AFK, maybe there is not much for this week 16:01:39 <meskio> anyway, let's give it 5mins to see if people shows up 16:02:24 <dzwdz> guess i'll say hi too (i'm the dual stack bridge guy) 16:02:44 <meskio> dzwdz: hello, nice you came 16:02:55 <meskio> we can talk a bit about the work you've being doing 16:03:09 <shelikhoo> hi~ 16:03:29 <meskio> dzwdz have made a patch for c-tor to publish two transport lines in the cached-extrainfo for bridges with IPv4 and IPv6 16:03:33 <meskio> one with each IP 16:03:42 <meskio> and we've being testing it and it works fine with rdsys 16:03:48 * meskio searches for the link 16:04:00 <dzwdz> https://gitlab.torproject.org/tpo/core/tor/-/issues/40885 16:04:11 <dzwdz> this issue has links to the patch and the bridge on atlas.tpo 16:04:20 <meskio> that one 16:05:06 <meskio> we'll need to wait for the network team to decide if that change makes sense, but to me looks nice 16:05:24 <meskio> and metrics will need changes to handle those bridges, as now it gets a bit confused about it 16:05:49 <dzwdz> there's some further work tbd - personally i'm not happy with the current quality of the patch 16:06:18 <meskio> :) 16:06:20 <dzwdz> and tor mushes up the stats for both addresses together, so you can't tell if only one of your addresses got blocked by a censor 16:06:46 <dzwdz> but that i think can be handled later 16:06:52 <meskio> another quirck is that rdsys does assing each bridge separately, so they might arrive to different distributors 16:07:02 <meskio> but something we can fix by the time this comes along 16:08:05 <shelikhoo> yeah, I think it would be nice if IPv6 only environment client can connect to Tor network 16:08:13 <shelikhoo> is that something already happening? 16:08:19 <dzwdz> oh that's unrelated 16:08:48 <shelikhoo> okay... sorry I was not very clear on the context.. 16:08:51 <meskio> shelikhoo: yes, if we get enough bridges we could make it possible so in circumvention settings or whatever TB can automatically ask for IPv6 bridges... 16:08:53 <dzwdz> right now bridges with both an IPv4 and v6 address only publish their v4 16:09:07 <dzwdz> this patch makes it so they publish both their v4 and v6 address 16:09:28 <shelikhoo> yes... 16:09:49 <meskio> that will help to get more IPv6 bridges, that we currently have very few 16:10:40 <meskio> and I heard somewhere that some censors don't apply so much blocking to IPv6 traffic, but I guess that will change easily if we start using it 16:10:54 <trinity-1686a> are ipv6 bridges which share a /64 (or a /61) with a relay any useful? 16:11:29 <meskio> that is a good question 16:11:30 <meskio> maybe? 16:11:34 <shelikhoo> Yes, IPv6 might eventually catch on, although right now very few device are ipv6 only 16:12:07 <shelikhoo> I think it is more difficult for censors to block ipv6 ip because the address space is too big 16:12:23 <shelikhoo> and sparse data structure must be used in this case 16:12:38 <shelikhoo> while a bitmap would be sufficient for ipv4 block 16:13:06 <dzwdz> i'd assume censors are more likely to only focus on ipv4 right now, due to ipv6 having relatively little usage too 16:13:27 <dzwdz> that one list of bridge lines only has ipv4 bridges listed fwiw 16:15:16 <shelikhoo> yes... I think IPv6 is even available to many residential users in china 16:15:35 <meskio> some time ago we included an IPv6 builtin bridge in Tor Browser, thinking that it might help in some places, but I don't think we ever evaluated if is useful... 16:15:45 <shelikhoo> although its bgp path is not that great... 16:16:11 <shelikhoo> In that case, the ipv6 built-in bridge was blocked by ip in china 16:17:07 <dzwdz> trinity-1686a: maybe ooni could check that? 16:17:40 <meskio> dzwdz: is a bit complicated to test bridges with ooni, as we don't want censors to use that to get the list of bridges 16:17:46 <meskio> currently ooni only test builtin bridges 16:17:52 <dzwdz> you don't need to test a real bridge though 16:18:05 <meskio> true 16:18:21 <dzwdz> you'd have some ipv6 relay operator run something on another ip in their /64, and ooni would check connectivity with that 16:19:14 <dzwdz> i'll just point out that in this case you'd probably be running an ipv6-only bridge - that's already possible without my patch 16:19:50 <meskio> yes, AFAIK this is the existing case for the few IPv6 bridges we have 16:21:30 <meskio> anyway, we do need to experiment more with IPv6, and having more IPv6 bridges will help there 16:21:33 <meskio> thanks for the work 16:21:37 <dzwdz> ^^ 16:22:27 <meskio> anything else to discuss today? 16:22:44 <shelikhoo> nothing from me, was still working on snowflake transport mode 16:23:23 <meskio> nice 16:24:06 <meskio> then I guess we have a short meeting today 16:24:08 <meskio> #endmeeting