16:03:33 <shelikhoo> #startmeeting tor anti-censorship meeting 16:03:33 <shelikhoo> here is our meeting pad: https://pad.riseup.net/p/r.9574e996bb9c0266213d38b91b56c469 16:03:33 <shelikhoo> editable link available on request 16:03:33 <MeetBot> Meeting started Thu May 29 16:03:33 2025 UTC. The chair is shelikhoo. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:03:33 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 16:03:38 <shelikhoo> hi~ hi~ 16:04:08 <meskio> ups, I'm around, but with a bad connection, thank you for running it 16:04:12 <meskio> hello 16:04:52 <shelikhoo> okay, we all get bad connections in turn... 16:06:00 <meskio> in exchange I have a nice sea view from my van :) 16:06:26 <shelikhoo> oh nice!!! 16:06:45 <cohosh> :) 16:07:15 <shelikhoo> I didn't see any messages about discussion topics 16:07:30 <shelikhoo> please send something if there is anything we would like to discuss in this meeting 16:07:32 <cohosh> i just looked at last week's meeting and i have a comment about happy families 16:08:21 <shelikhoo> cohosh, please go ahead about family 16:08:29 <cohosh> happy families does not solve the fundamental bridges + exits issue 16:09:57 <meskio> ohh, I thought it did 16:10:05 <dcf1> because bridges are a special case that are not handled the same as normal circuit selectioN? 16:10:06 <cohosh> there are two things going on: one is that families currently ask operators to disclose the fingerprints on their other relays, that is solved by happy families 16:10:09 <cohosh> https://gitlab.torproject.org/tpo/core/tor/-/blob/36cd4a50fc9d861c6c35a0f6dcb22f29cb39a53e/src/feature/relay/relay_config.c?page=2#L1169-1173 16:10:27 <cohosh> dcf1: yes, the second problem is how circuit selection works 16:10:53 <cohosh> that's described here: https://gitlab.torproject.org/tpo/core/tor/-/issues/40935#note_3090023 16:11:03 <cohosh> Tor picks exit relays first, and then picks a guard 16:11:36 <cohosh> with bridges like snowflake, conjure, and meek (where the first restriction doesn't event apply), the client is very restricted in which entry point it can select 16:12:11 <cohosh> we have one conjure bridge and effectively one meek bridge 16:12:47 <cohosh> even though we have more than one snowflake bridge, the tor source code currently ignores family restrictions for bridges 16:13:17 <cohosh> also for each of these bridges, the original concern that happy families is set to solve doesn't apply because we don't care about a censor learning the bridge's IP address or fingerprint 16:13:36 <cohosh> it only really applies to obfs4 or webtunnel 16:13:48 <dcf1> what are you referring to with "the first restriction"? you mean the restriction that bridges are not permitted to list MyFamily? 16:14:11 <cohosh> sorry that should have been the first concern doesn't even apply 16:14:23 <cohosh> (being the leakage of bridge fingerprints to a censor) 16:14:29 <dcf1> got it, thanks 16:15:28 <cohosh> there are arguments that family and same subnet restrictions don't really matter when it comes to practical attacks on anonymity 16:16:22 <cohosh> and conflux is also complicated things, where even with 2 snowflake bridges, is it better to make circuits through both of them for conflux vs excluding one because of family or subnet restrictions? 16:17:05 * cohosh slows down typing to make fewer mistakes ^_^` 16:17:21 <meskio> I see, I did missunderstood how nodes are selected 16:19:27 <cohosh> me too, until i looked at the code 16:20:05 <cohosh> i saw that original log message and thought we could just remove that for snowflake/meek/conjure 16:20:21 <cohosh> but it is much more complicated than that 16:20:51 <cohosh> here is a proposal for relaxed restrictions: https://spec.torproject.org/proposals/354-relaxed-restrictions.html 16:21:32 <cohosh> that has some more recent thinking on threat models 16:22:35 <cohosh> i'm a bit torn. i feel like having separate operators for large and high impact bridges is best, but if that's all we can find then it's better than nothing 16:24:22 <dcf1> I don't quite understand. Would proposal #354 mitigate the problems with circuit selection and bridges? 16:24:50 <cohosh> no, it is an argument for why families and subject restrictions shouldn't apply to circuits with bridges 16:25:59 <dcf1> is that thinking assuming the secret kind of bridges? 16:26:57 <cohosh> no 16:27:04 <cohosh> my summary is: 16:27:32 <cohosh> there is a tradeoff between guard discovery attacks and end-to-end traffic correlation attacks 16:29:50 <cohosh> and then some arguments about how families and same subnet restrictions don't do a lot to preferent e2e traffic correlation 16:30:01 <cohosh> and how these attacks aren't as practical as guard discovery attacks 16:30:37 <cohosh> this argument applies to the case where there are only a small number of bridges configured 16:32:07 <cohosh> and then there is a proposal for some adjustments to path selection 16:34:14 <cohosh> the proposal as i understand it would be an improvement to circuit building with bridges, but doesn't fully implement the family and subnet restrictions as they are currently understood for non-bridge circuits 16:35:45 <meskio> I wonder if we have any path forward to be able to let exit operators to also run bridges (I mean in general and not for specific needs that we don't have another option like snowflake) 16:38:17 <cohosh> i think the fundamental difference with bridges that makes the most impact is that users typically only configure 1-3 bridges 16:38:35 <cohosh> where typical is using snowflake/conjure/meek or using only the obfs4/webtunnel bridges they get from bridgedb 16:38:54 <cohosh> whereas directly connecting tor users can pick from a larger set of guards 16:41:28 <cohosh> i think the path selection changes in prop 354 make sense 16:42:47 <cohosh> other things we could do to help diversity are 1) hand out more bridges (there are enumeration tradeoffs here), 2) try to run and configure more bridges for snowflake/meek/conjure, 3) modify tor to not make a connection to every single bridge we configure as we ramp up the number of bridges we're giving users 16:44:05 <meskio> many of our distributors hand different set of bridge each day, for things like webtunnel bridges we might not have enough bridges to hand out 3 some days, but we could aim for it 16:44:24 <meskio> but yes, enumeration is a problem 16:44:29 <cohosh> i don't have a good sense for how important or worth it that tradeoff is 16:45:01 <meskio> I have the feeling that is more important enumeration, but that might be because I'm in the anti-censorship bubble more than in the privacy one 16:45:37 <meskio> but anyway we get very much enumerated with our currently distribution methods... 16:45:57 <cohosh> yeah 16:46:29 <shelikhoo> yeah.. telling the difference between real user and someone pretend to be a user is quite hard 16:46:39 <cohosh> it's also a good point that people who self-declare families only protects against e2e attacks by operators honest enough to report that 16:46:55 <meskio> maybe this is a topic we should bring with the network team on the next tor-meeting, or whatever in person event 16:47:31 <cohosh> sure 16:47:44 <shelikhoo> yeah, I think it will be maybe 1 year away? 16:48:04 <meskio> yes, but doesn't look like there is any urgency to solve it before 16:48:54 <shelikhoo> yes, that's true 16:49:28 <shelikhoo> anything more we would like to discuss in this meeting? 16:49:32 <cohosh> yeah i mostly wanted to clear up some misunderstandings of how happy families impacts bridges 16:49:45 <meskio> thank you for the clarifications 16:50:07 <meskio> I don't have anything more for this meeting 16:50:52 <shelikhoo> #endmeeting