#tor-meeting log

16:00:45 <shelikhoo> #startmeeting tor anti-censorship meeting
16:00:45 <shelikhoo> here is our meeting pad: https://pad.riseup.net/p/r.9574e996bb9c0266213d38b91b56c469
16:00:45 <shelikhoo> editable link available on request
16:00:45 <MeetBot> Meeting started Thu Nov 21 16:00:45 2024 UTC.  The chair is shelikhoo. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:45 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
16:00:48 <shelikhoo> hi~hi~
16:01:00 <meskio> hello \o
16:01:23 <cohosh> hi
16:02:13 <onyinyang> hihi
16:02:15 <shelikhoo> please add discussion topic to the pad if any
16:03:06 <shelikhoo> I didn't see any new topic...
16:03:08 <meskio> I don't think I have anything for today
16:03:18 <meskio> and there might not be updates on the old topics, isn't it?
16:03:24 <shelikhoo> let's start with interesting links..
16:03:35 <shelikhoo> https://github.com/doxx/darkflare
16:03:35 <shelikhoo> TCP over CDN. using cloudflare to tunnel traffic, the client does HTTP requests.
16:03:49 <meskio> DrWhax shared it in our channel
16:03:50 <shelikhoo> I got a look into its code, it works in meek way
16:03:55 <shelikhoo> yes..
16:04:04 <shelikhoo> and next link is
16:04:12 <meskio> good that you actually look into it, I only scheem into the readme
16:04:13 <shelikhoo> https://www.youtube.com/watch?v=rZYfrj2iqYE&list=PLbRoZ5Rrl5ldQ2K_dpmPKHEyRgyf5JSxd&index=148
16:04:13 <shelikhoo> Snowflake conference presentation from Usenix Security 2024
16:04:52 <meskio> nice, the video si finally public
16:05:04 <shelikhoo> the link for snowflake conference presentation is now live, and it is highly recommended to watch it
16:05:10 <shelikhoo> it was awesome!!!
16:05:15 <meskio> I'll love to see dcf1 there :)
16:05:29 <shelikhoo> okay, anything we wish to discuss about these links?
16:06:24 <shelikhoo> okay, let move back to the discussion points
16:06:38 <shelikhoo> do we have any updates about snowflake censorship in russia, cohosh?
16:06:55 <shelikhoo> https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40407#note_3132285
16:07:28 <cohosh> yeah, i wrote a patch to directly test specific proxies by using manual copy-paste as a signaling channel
16:07:48 <cohosh> we used to have this for testing, i just added it back in
16:08:02 <cohosh> https://gitlab.torproject.org/cohosh/snowflake/-/commit/a4a574a4584332fc2825ff4ebe142c9702032fad
16:08:18 <cohosh> i'll probably post instructions on how to use it somewhere later today
16:08:59 <cohosh> i tried it out from the vantage point, and a few proxies i spun up showed the same blocking behaviour
16:09:08 <cohosh> which seems to suggest it's being blocked by protocol
16:09:29 <cohosh> i also tried the padding patch that dcf1 shared last week and it was still blocked
16:09:53 <shelikhoo> too bad...
16:10:01 <cohosh> i think i'll try and see if it's a data channel block next
16:10:08 <dcf1> I was wondering it it's something else conspicuous right after the initial handshake, like a Hello Retry Request maybe?
16:11:02 <cohosh> i didn't notice any difference in handshake messages between proxies that were blocked and ones that seemingly werent, from our pcaps
16:11:22 <cohosh> including hello retry requests
16:12:08 <cohosh> i'll check again
16:12:10 <dcf1> It's not possible there's something different about Application records, do you think?
16:12:43 <cohosh> that's also possible, i didn't look closely at application records
16:12:58 <cohosh> i only checked how many bytes were sent before the connection went stale
16:13:44 <dcf1> I guess theodorsm is not here. I wonder if it's possible to quickly implement a client with covertDTLS https://github.com/theodorsm/covert-dtls?
16:14:06 <dcf1> I saw that pion webrtc v4 was merged, which I believe was a prerequisite to doing that.
16:14:13 <cohosh> yeah if it's quick it's definitely worth trying
16:15:56 <shelikhoo> yes... it still need some additional efforts to find out root cause... thanks cohosh and dcf1's work!
16:16:09 <dcf1> theodorsm's notes say "Test Snowflake fork with covert-dtls", but I don't see a snowflake fork at https://github.com/theodorsm?tab=repositories.
16:16:55 <meskio> maybe this one? https://gitlab.torproject.org/theodorsm/snowflake
16:17:02 <shelikhoo> an update about snowflake broker transition is that, next monday there will be an dns switch to make new broker primary
16:17:08 <meskio> there is a covert-tls-test branch...
16:17:30 <cohosh> nice!
16:17:41 <shelikhoo> yes!
16:17:45 <shelikhoo> expired cdn77 alerts
16:17:45 <shelikhoo> https://lists.torproject.org/mailman3/hyperkitty/list/anti-censorship-alerts@lists.torprojec
16:17:50 <meskio> shelikhoo: nice, shout if you need any help there
16:18:00 <meskio> I added that one
16:18:12 <shelikhoo> https://lists.torproject.org/mailman3/hyperkitty/list/anti-censorship-alerts@lists.torproject.org/thread/6BAEW3ENYOPJI3XZWTR67TLSJWND3XFT/
16:18:18 <meskio> I see there is being alerts the last couple of days about the cert in cdn77 being about to expire
16:18:35 <meskio> cohosh: do you know anything about it? does it require any manual intervention?
16:18:47 <cohosh> oh, i didn't know about these alerts
16:19:10 <cohosh> cert expirty was an issue for fastly domains because of their domain fronting policy
16:19:26 <cohosh> i'm not aware of any trouble with cdn77, unless the domain does not renew it's cert at all
16:19:38 <meskio> I'm not sure where is this alert comming from
16:19:52 <meskio> but if is not a problem we should probably find a way to silence it
16:20:00 <cohosh> oh these are our domains, lol
16:20:17 <cohosh> i might need to look into this
16:20:25 <meskio> blackbox is one of the prometheus exporters that tests if a service is reachable, like a website
16:20:55 <meskio> https://gitlab.torproject.org/tpo/tpa/prometheus-alerts/-/blob/main/targets.d/blackbox_anticensorship.yaml?ref_type=heads
16:21:15 <meskio> It looks like it was me who added there
16:21:30 <cohosh> hehe
16:22:00 <cohosh> i'll look into it, i think everything is just a let's encrypt cert
16:22:09 <meskio> thanks
16:22:24 <shelikhoo> yes
16:22:35 <shelikhoo> anything more we would like to discuss in this meeting?
16:23:15 <meskio> nothing from me
16:23:18 <dcf1> I'll send an email to theodorsm and Cc anti-censorship-team@ to ask about the state of the covert-dtls-test branch
16:23:28 <cohosh> thanks dcf1
16:23:34 <shelikhoo> yes, thanks dcf1
16:23:36 <cohosh> nothing more from me
16:23:40 <onyinyang> me neither
16:23:46 <shelikhoo> #endmeeting