#tor-meeting log

16:00:04 <onyinyang> #startmeeting tor anti-censorship meeting
16:00:04 <MeetBot> Meeting started Thu Jan 29 16:00:04 2026 UTC.  The chair is onyinyang. Information about MeetBot at https://wiki.debian.org/MeetBot.
16:00:04 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
16:00:04 <onyinyang> hello everyone!
16:00:04 <onyinyang> here is our meeting pad: [https://pad.riseup.net/p/r.9574e996bb9c0266213d38b91b56c469](https://pad.riseup.net/p/r.9574e996bb9c0266213d38b91b56c469)
16:00:17 <theodorsm> hello ^^
16:00:22 <meskio[mds]> hello
16:00:23 <Shelikhoo[mds]> hi~hi~
16:01:35 <cohosh> hi
16:01:59 <onyinyang> I'll give everyone a couple of minutes to fill out the pad before starting :)
16:02:28 <onyinyang> If anyone needs a link to edit the pad, please let me know
16:05:27 <onyinyang> ok let's start
16:05:47 <onyinyang> I think there are only 2 new discussion points
16:05:55 <onyinyang> but is there any follow up from last week's items?
16:06:44 <meskio[mds]> I guess the silence means no...
16:06:59 <cohosh> i don't think so, thanks for the comments on the issues :)
16:07:03 <onyinyang> great :D
16:07:13 <onyinyang> ok, let's move on to this week's items then
16:07:16 <onyinyang> Proceed with merging DTLS imitation MR
16:07:21 <Shelikhoo[mds]> This first topic is from me. I think the dtls-imitation merge request is more or less ready for merge, with some minor code refactoring pending. Do we have any blockers on this merge request?
16:07:36 <meskio[mds]> \o/
16:07:43 <theodorsm> I am currently working on your review comments Shelikhoo
16:07:56 <theodorsm> Just testing locally before pushing to the MR
16:07:56 <Shelikhoo[mds]> yes, thanks theodorsm
16:08:32 <Shelikhoo[mds]> I think we can merge it without changing the default configuration first
16:10:04 <theodorsm> Then we could discuss configuration after the reading group next week
16:10:14 <Shelikhoo[mds]> yes
16:10:50 <Shelikhoo[mds]> I think randomizemimc does not trigger any dtls negotiations failure
16:11:23 <meskio[mds]> the plan was to merge it but don't enable it by default, isn't it?
16:11:28 <Shelikhoo[mds]> yes
16:12:25 <Shelikhoo[mds]> cohosh: I think we are considering to release a new version of snowflake
16:12:40 <cohosh> you mean new major version?
16:12:43 <Shelikhoo[mds]> do we wants to do this before or after the merge
16:12:48 <Shelikhoo[mds]> no
16:12:49 <cohosh> ah
16:13:00 <Shelikhoo[mds]> just a mid version bump
16:13:12 <cohosh> yeah there's also a bug fix in snowflake!659
16:13:12 <tor> Uhm, which one of [tpo/anti-censorship/pluggable-transports/snowflake, tpo/web/snowflake] did you mean?
16:13:19 <cohosh> so i'd like to get that in too
16:13:47 <cohosh> but yeah if it's not enabled by default we can get this one in too
16:13:59 <cohosh> i don't think we need to worry too much about tagging versions too frequently though
16:14:17 <Shelikhoo[mds]> yes, I think we can tag versions more frequently
16:14:50 <Shelikhoo[mds]> right now I think we are tagging too few versions for snowflake, in my opinion
16:15:22 <Shelikhoo[mds]> although this is partially as a resulting of its client side is now managed by lyrebird
16:15:51 <Shelikhoo[mds]> so dependency update usually do not require a new snowflake version
16:16:12 <Shelikhoo[mds]> if there is no blockers, that is EOF on this topic from me
16:16:46 <theodorsm> EOF
16:17:16 <onyinyang> ok, let's move on to the next topic
16:17:21 <onyinyang> snowflake proxies overloaded with the surge of Iranian users
16:17:29 <meskio[mds]> I added that one
16:17:47 <meskio[mds]> we have a surge of users coming from Iran's been reconnected to Internet
16:18:17 <meskio[mds]> actually that surge is more noticable in users marked as US than IR
16:18:26 <meskio[mds]> https://gitlab.torproject.org/tpo/network-health/analysis/-/issues/108
16:18:35 <meskio[mds]> but that is another issue
16:19:00 <meskio[mds]> anyway, the problem is that the snowflake proxies are overloaded
16:19:05 <meskio[mds]> and many clients are denied
16:19:19 <meskio[mds]> we are making a call over social networks and other circles for more proxies
16:19:38 <meskio[mds]> not sure we can do much here, but I wanted to raise it here so we are aware
16:19:43 <ggus> hi
16:19:50 <onyinyang> o/
16:19:54 <ggus> at the same time, we have never so many snowflake proxies
16:19:55 <Shelikhoo[mds]> hi gus!
16:19:55 <ggus> 200k
16:20:16 <meskio[mds]> BTW, this is the issue were this is been discused: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40068#note_3330856
16:20:32 <meskio[mds]> yes, 200k, but many inside Iran, so not sure if they are failing
16:20:43 <meskio[mds]> we should check if the bridges are reachable from inside iran
16:21:06 <ggus> from the vantage point, even `torproject.net` is reachable...
16:21:13 <meskio[mds]> wow
16:21:38 <dcf1> https://people.torproject.org/~dcf/metrics-country.html?start=2025-11-01&end=2026-01-30&country=ir
16:21:56 <Shelikhoo[mds]> I am not totally sure, but I suspect the golang's tls fingerprint might got blocked
16:23:00 <Shelikhoo[mds]> I need to run some experiment to verify that...
16:23:22 <meskio[mds]> we are not using that one, isn't it? we are using uTLS...
16:23:30 <Shelikhoo[mds]> right now from the packet capture, I see some rst after clienthello from golang client
16:23:31 <ggus> meskio[mds]: i can ask pavel to write more posts on social media
16:23:55 <meskio[mds]> ggus: I did check with him yesterday and he said he was planning to do more on that
16:23:56 <Shelikhoo[mds]> the proxy's connection to snowflake server might not use utls
16:24:03 <Shelikhoo[mds]> if I recall correctly
16:24:07 <ggus> i have been sharing stats on mastodon and it has good outreach - https://mastodon.social/@ggus/115978051478680236
16:24:23 <meskio[mds]> Shelikhoo: I see
16:24:34 <dcf1> love you so much community team
16:24:45 <meskio[mds]> <3
16:24:51 <onyinyang> <3
16:25:06 <cohosh> <3
16:25:07 <theodorsm> !! <#
16:25:26 <Shelikhoo[mds]> \o/ >~<
16:26:04 <cohosh> Shelikhoo[mds]: i wonder if the bridge reachability checks we implemented to a full TLS handshake
16:26:12 <meskio[mds]> BTW, the issue of misscounting IR users as US is weird because it only affects snowflake
16:26:24 <meskio[mds]> I wonder if somehow is our bridges having a different geoipdb
16:26:35 <cohosh> i would assume so, but sometimes those errors only show up after a Write() or Read() call
16:26:38 <meskio[mds]> I've seen this happening also with google services and other places, so problably not
16:26:51 <dcf1> how do you know it only affects snowflake users?
16:27:00 <meskio[mds]> and maybe is more about been mobile or whatever the affected IPs
16:27:22 <dcf1> haha the first "Sign in with Google" prompt I saw after the shutdown ended was localized in Farsi
16:27:26 <meskio[mds]> dcf1: https://gitlab.torproject.org/tpo/network-health/analysis/-/issues/108
16:27:35 <Shelikhoo[mds]> cohosh: I think sometimes tls's "func tls.Client" does not handshake until we read or write the first time
16:27:37 <meskio[mds]> see the graph goes up for snowflake, but not for other transports
16:27:49 <meskio[mds]> while in Iran obfs4 and webtunnel does also go up
16:28:06 <dcf1> oh I see. how interesting.
16:28:12 <Shelikhoo[mds]> unless we run a handshake() manually
16:28:14 <dcf1> nice natural experiment
16:28:28 <Shelikhoo[mds]> this makes sense as tls sometime supports 0rtt
16:29:14 <cohosh> Shelikhoo[mds]: ok thanks, i'll open an issue to rethink the reachability tests and confirm this
16:29:35 <Shelikhoo[mds]> cohosh: nice!
16:30:27 <Shelikhoo[mds]> https://cs.opensource.google/go/go/+/refs/tags/go1.25.6:src/crypto/tls/tls.go;l=60
16:30:34 <Shelikhoo[mds]> actually from the source code
16:30:47 <cohosh> meskio[mds]: you might be onto something with the difference between mobile and desktop users
16:30:58 <Shelikhoo[mds]> tls.Client don't actually call anything at all
16:31:29 <Shelikhoo[mds]> it is just a pure function constructor
16:35:14 <cohosh> Shelikhoo[mds]: ok i'll add a note to pluggable-transports/snowflake#40504 which is still open
16:35:19 <Shelikhoo[mds]> EOF from me on this topic
16:36:17 <onyinyang> ok that brings us to the end of the discussion points
16:36:58 <onyinyang> if there are no other comments, I will just remind everyone that next week we will have a reading group
16:37:01 <onyinyang> We will discuss "Fingerprint-resistant DTLS for usage in Snowflake" on Feb 5
16:37:01 <onyinyang> https://www.petsymposium.org/foci/2025/foci-2025-0006.php
16:38:06 <onyinyang> and that's it. Enjoy the extra 20 min and the rest of your Thursday :D
16:38:09 <onyinyang> #endmeeting