The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-03-22T14:20:28Zhttps://gitlab.torproject.org/tpo/applications/vpn/-/issues/140Convert the bridge bot into a wizard2024-03-22T14:20:28ZdonutsConvert the bridge bot into a wizardWe decided to convert the previous bridge bot designs from a chatbot into a simple wizard instead.
The Figma file can be found here: [Figma / Tor VPN for Android](https://www.figma.com/file/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?typ...We decided to convert the previous bridge bot designs from a chatbot into a simple wizard instead.
The Figma file can be found here: [Figma / Tor VPN for Android](https://www.figma.com/file/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?type=design&node-id=4515%3A4799&mode=design&t=y0K62dcCkhHHjU9x-1)
Please note it contains two versions:
- a basic, one-button version, which we're intending to build for the MVP.
- a more complex two-button version, which includes an extra button to look up location settings from the [circumvention.json](https://gitlab.torproject.org/tpo/anti-censorship/rdsys-admin/-/blob/main/conf/circumvention.json).
The second, two-button version may be ignored for this iteration of the app.
The middle-screen includes a standard MD3 linear progress indicator. Documentation for this component can be found here: https://m3.material.io/components/progress-indicators/overview
As it's effectively more of a spinner than a true progress indicator, please follow the animation guidelines for the indeterminate version demo'd here (which I've approximated in static-format in Figma): https://m3.material.io/components/progress-indicators/guidelinesVPN pre-alpha 06cybertacybertahttps://gitlab.torproject.org/tpo/community/team/-/issues/94Webtunnel soft release strategy2024-03-06T21:45:41ZGusWebtunnel soft release strategy## Phase 1 - Soft release
- [x] Present WebTunnel to the relay operators meetup and get some bridge operators running it (meetup June 2023: https://gitlab.torproject.org/tpo/community/relays/-/issues/70)
- [x] Help Bridge operators to d...## Phase 1 - Soft release
- [x] Present WebTunnel to the relay operators meetup and get some bridge operators running it (meetup June 2023: https://gitlab.torproject.org/tpo/community/relays/-/issues/70)
- [x] Help Bridge operators to deploy and debug their WebTunnel setup
- [x] Ask our user support team to give to some users in censored regions (https://gitlab.torproject.org/tpo/community/support/-/issues/40117)
- [x] Meet with AC-team to share feedback (during AC-Team weekly meeting in July)
## Phase 2 - Review documentation
- [x] Review operators feedback and move the bridge operators docs to the community portal - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/blob/main/README.md - https://gitlab.torproject.org/tpo/web/community/-/issues/320
## Phase 3 - Tor Browser stable
- [x] When WebTunnel move to Tor Browser Stable, write WebTunnel users docs (TB-Manual https://gitlab.torproject.org/tpo/web/manual/-/merge_requests/84, Support portal, Training materials)
- [x] Write and publish Call for testers (like Conjure call for testers, see https://gitlab.torproject.org/tpo/community/team/-/issues/88)
- [x] Call for new WebTunnel bridge operators - https://gitlab.torproject.org/tpo/community/relays/-/issues/69GusGushttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/56Increase the Lox Bridge Pool2024-02-28T11:06:12ZonyinyangIncrease the Lox Bridge PoolFor testing purposes, we spun up a few bridges to add to the Lox bridge pool. Before we release Lox for open testing, we should add some more. We decided it would make sense to increase the bridge pool to 10 bridges and do some internal ...For testing purposes, we spun up a few bridges to add to the Lox bridge pool. Before we release Lox for open testing, we should add some more. We decided it would make sense to increase the bridge pool to 10 bridges and do some internal testing with that number first before releasing to the wider communityLox Ready for Open Testing Callmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/3Improve Lox integration with rdsys2024-02-15T17:38:19ZonyinyangImprove Lox integration with rdsysThe current Lox distributor parses and handles resources from rdsys in a very naive way that does not match with the expected distributor behaviour. Currently, Lox will continue adding all new resources to the Lox database, assuming they...The current Lox distributor parses and handles resources from rdsys in a very naive way that does not match with the expected distributor behaviour. Currently, Lox will continue adding all new resources to the Lox database, assuming they are in fact `new`. In rdsys' implementation, all bridges in the database are `new resources` and are re-sent to distributors at regular intervals to ensure the bridge distributor's database is synced. Since Lox sorts bridges into buckets that are meant to persist until the bridges are blocked, syncing the Lox bridgetable with rdsys' `new resources` will require some care.
This consists of 2 major subtasks.
1. Syncing the Lox bridgetable with rdsys (being tracked in #8)
2. Sorting `new` resources into buckets in a reasonable way (a later issue)onyinyangonyinyanghttps://gitlab.torproject.org/tpo/web/community/-/issues/301Improve guide for running standalone Snowflake proxy2024-02-05T19:12:52ZrayaImprove guide for running standalone Snowflake proxyFollowing a discussion with @MarkC, we want to start collecting detailed feedback on the guide for running a standalone Snowflake proxy: https://community.torproject.org/relay/setup/snowflake/standalone/
Importantly, we want to make sur...Following a discussion with @MarkC, we want to start collecting detailed feedback on the guide for running a standalone Snowflake proxy: https://community.torproject.org/relay/setup/snowflake/standalone/
Importantly, we want to make sure that the guide is comprehensive enough for users who're not technical but curious to want to try and run a standalone proxy - lowering the barriers of entry.
cc: @nah @gusGusGushttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41508Export rdsys based HTTPS distributor as HTTPS service at rdsys-test-01 with a...2024-02-01T14:02:40ZshelikhooExport rdsys based HTTPS distributor as HTTPS service at rdsys-test-01 with an non-production domain nameI would like to request exporting service hosted at `http://127.0.0.1:7200` at rdsys-test-01 as a https website with an non-production domain name.
Ideally, it should sanitize and supply `X-Forwarded-For` to reflect client IP address.
...I would like to request exporting service hosted at `http://127.0.0.1:7200` at rdsys-test-01 as a https website with an non-production domain name.
Ideally, it should sanitize and supply `X-Forwarded-For` to reflect client IP address.
See also: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/191 as a part of S150.anarcatanarcathttps://gitlab.torproject.org/tpo/applications/vpn/-/issues/31Request bridge support2024-01-31T17:36:42Zmicahmicah@torproject.orgRequest bridge supportWhen a user cannot connect to Tor due to censorship and the built-in bridges don’t work, then they should be able to request a bridge as an alternative to the built-in bridges.When a user cannot connect to Tor due to censorship and the built-in bridges don’t work, then they should be able to request a bridge as an alternative to the built-in bridges.VPN pre-alpha 04cybertacybertahttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/45Document the Lox Distributor API for client requests and server responses2024-01-22T15:04:26ZonyinyangDocument the Lox Distributor API for client requests and server responsesonyinyangonyinyanghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41434rdsys-test-01: expose moat API2024-01-19T18:08:15Zmeskiomeskio@torproject.orgrdsys-test-01: expose moat APII have two issues to reach the moat API from outride rdsys-test-01:
bridges-test.torproject.org points to 116.202.120.184, while rdsys-test-01.torproject.org is 204.8.99.152. Can we configure bridges-test.torproject.org to be a CNAME of...I have two issues to reach the moat API from outride rdsys-test-01:
bridges-test.torproject.org points to 116.202.120.184, while rdsys-test-01.torproject.org is 204.8.99.152. Can we configure bridges-test.torproject.org to be a CNAME of rdsys-test-01.torproject.org?
In rdsys-test-01 I can reach the moat API:
```bash
rdsys@rdsys-test-01:~$ curl http://127.0.0.1:7500/moat/circumvention/defaults |jq
{
"settings": [
{
...
```
But from outside not:
```
❯ curl https://rdsys-test-01.torproject.org/moat/cicumvention/defaults
<a href="/cicumvention/defaults">Moved Permanently</a>.
```
Not sure who produces that response, but I don't think is the rdsys-moat service. In a fast look at the nginx config it looks right, but I guess I'm missing something there.https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/27Flakey bridge_replace test2024-01-18T03:48:16ZonyinyangFlakey bridge_replace testThe [`bridge_replace test`](https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/blob/main/crates/lox-library/src/tests.rs#L730) in the lox-library intermittently fails for an unknown reason. It's not clear if this is a bug introdu...The [`bridge_replace test`](https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/blob/main/crates/lox-library/src/tests.rs#L730) in the lox-library intermittently fails for an unknown reason. It's not clear if this is a bug introduced by the test itself or the underlying `bridge_replace` function. In any case, it should be fixed.https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/36Some bridgelines are not found in db after being added2024-01-17T17:15:58ZonyinyangSome bridgelines are not found in db after being addedThere seems to be a bug in the `lox-distributor` that occurs on the first sync with rdsys after a new Lox context is established. Several test bridge fingerprints are listed as `not found in Lox's Bridgetable. Save it as a new resource f...There seems to be a bug in the `lox-distributor` that occurs on the first sync with rdsys after a new Lox context is established. Several test bridge fingerprints are listed as `not found in Lox's Bridgetable. Save it as a new resource for now!' but this only happens for new databases and only on the first sync. It may not be a problem but should be looked into before Lox is ready for prod.onyinyangonyinyanghttps://gitlab.torproject.org/tpo/ux/team/-/issues/77Trustworthy mobile app distribution in target regions2024-01-10T18:41:27ZNathan FreitasTrustworthy mobile app distribution in target regionsWe must do better than "a link to an APK".
Need to consider all options
- include apps in f-droid.org main repo
- promote apps in guardian project f-droid repo
- start new "anti-censorship app store" repo
- create alternate branded app...We must do better than "a link to an APK".
Need to consider all options
- include apps in f-droid.org main repo
- promote apps in guardian project f-droid repo
- start new "anti-censorship app store" repo
- create alternate branded apps for distribution in region app storesNathan FreitasNathan Freitashttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/35Create a telegram distributor for open invitations with rate limiting through...2024-01-08T15:49:44ZonyinyangCreate a telegram distributor for open invitations with rate limiting through the age of accountsFrom the [Lox Roadmap](https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/wikis/Lox-Roadmap) we want a telegram bot that can be used to request Lox open invitations.From the [Lox Roadmap](https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/wikis/Lox-Roadmap) we want a telegram bot that can be used to request Lox open invitations.onyinyangonyinyanghttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40242Tor Browser has two default bridges that share a fingerprint, and Tor ignores...2023-12-18T10:31:29ZRoger DingledineTor Browser has two default bridges that share a fingerprint, and Tor ignores onedefault_bridge.obfs4.13 has an ipv4 address and identity fingerprint C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C, whereas default_bridge.obfs.14 has an ipv6 address and the same identity fingerprint C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C....default_bridge.obfs4.13 has an ipv4 address and identity fingerprint C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C, whereas default_bridge.obfs.14 has an ipv6 address and the same identity fingerprint C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C.
One might think that Tor will then try both of these addresses and if only one works, it will use that one. But that is not so, because of Tor bug tpo/core/tor#40193.
I'm not sure what the best fix is from the Tor Browser side. The easy pick would be "we should remove one of those bridge lines for now, because we're clearly not getting the redundancy we hoped for." Maybe there are better plans than that, depending on when/whether/how the network team plans to address the tor-side bug.richardrichardhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41297A staging server for rdsys2023-12-12T18:59:16Zmeskiomeskio@torproject.orgA staging server for rdsysWe want to set up a staging server of rdsys, that will be automatically deployed on each commit from the CI. We'll need a new VM for it. Many things will be similar to polyanthium, but we might not need separation of services by users (i...We want to set up a staging server of rdsys, that will be automatically deployed on each commit from the CI. We'll need a new VM for it. Many things will be similar to polyanthium, but we might not need separation of services by users (it might be easier to deploy if we have everything in one user).
We will not need much disk space, CPU or RAM, whatever are the defaults you use now a days will be enough for us.
What we need there:
* [ ] ~~an account that we can ssh automatically from the CI to setup everything.~~ let's postpone this
* [x] We'll also need everybody from anti-censorship to be able to sudo into that account.
* [x] an email account that can send and receive emails over imap and smtp. Maybe gettor-tst@torproject.org?
* [x] a web server with:
* [x] https://bridges-tst.torproject.org proxing to http://localhost:7200
* [x] https://bridges-tst.torproject.org/moat proxing to http://localhost:7500/moat
* [x] https://bridges-tst.torproject.org/status proxing to http://localhost:7100/status
* [x] prometheus exporters to be exposed, I don't think we'll connect them to the prometheus server, but will be useful to be able to reach them for tests:
* [x] backend bridges-tst.torproject.org:7100/metrics
* [x] telegram bridges-tst.torproject.org:7600/metrics
* [x] gettor-distributor bridges-tst.torproject.org:7700/metrics
* [x] gettor-updater bridges-tst.torproject.org:7800/metrics
I don't have a strong opinion for port numbers, the domain names and the email address, I'm just putting some proposals here but I'm happy to adapt to what you think makes sense.anarcatanarcat2023-09-17https://gitlab.torproject.org/tpo/community/hackweek/-/issues/20Improve Lox Documentation2023-11-30T16:16:40ZonyinyangImprove Lox Documentation# About the project
* Contact: @onyinyang
* Chat: #tor-anticensorship on `irc.oftc.net`
* Video room: to be defined.
# Participants
- @onyinyang
- anyone else that wants to join
# Summary
This is about enhancing the documentation...# About the project
* Contact: @onyinyang
* Chat: #tor-anticensorship on `irc.oftc.net`
* Video room: to be defined.
# Participants
- @onyinyang
- anyone else that wants to join
# Summary
This is about enhancing the documentation for [Lox](https://gitlab.torproject.org/tpo/anti-censorship/lox). Lox will be deployed in alpha early next year. We currently have a Wiki as well as a Lox workspace with some incomplete documentation. Now that development towards the alpha is nearing completion, it would be a good time to make sure that documentation is more comprehensive and up to date.
## Project A - Update workspace repository descriptions, build instructions, etc.
* [x] Ensure that each repository in the Lox workspace has an up to date README with comprehensive build/deployment instructions and other information that a user/developer might need
* [x] Ensure that each Lox crate is prepared for publication on `crates.io`
## Project B - Update Lox wiki to provide a better overview of Lox as well as each of the interacting systems and how they work together
* [ ] Ensure that the Lox wiki has a comprehensive overview of Lox as well as the related systems it interacts with
* [ ] Include documentation for users based on [browser UI](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42036#note_2960089)
# Skills
What are the skills needed for the project:
* Knowledge of Lox
# LinksHackweek 2023onyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/33Implement reasonable handling for bridge blocking2023-11-29T16:30:32ZonyinyangImplement reasonable handling for bridge blockingCurrently the Lox distributor does not handle blocked bridges at all. This is due to two main issues. The first is that we do not yet have a well-established method for determining that a bridge is indeed blocked. The second is that when...Currently the Lox distributor does not handle blocked bridges at all. This is due to two main issues. The first is that we do not yet have a well-established method for determining that a bridge is indeed blocked. The second is that when bridges are blocked, they are blocked in some locations and not others and we have not yet come to consensus on how this should be handled by Lox.
For our alpha deployment however, we should have some kind of alpha solution.
For now, we will assume some `target` country and search for whether or not that country appears in the `blocked_in` list that Lox will receive for each resource from rdsys. If the `target` country is in the list, the bridge will be marked as blocked.onyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/37Publish Lox crates on crates.io2023-11-23T18:05:31ZonyinyangPublish Lox crates on crates.ioPrior to Lox being deployed, we should publish each of the Lox crates on [`crates.io`](https://crates.io/). The crate name and the `crates.io` name should match to avoid confusion/inconvenience.
There are instructions for publishing to ...Prior to Lox being deployed, we should publish each of the Lox crates on [`crates.io`](https://crates.io/). The crate name and the `crates.io` name should match to avoid confusion/inconvenience.
There are instructions for publishing to `crates.io` [here](https://doc.rust-lang.org/cargo/reference/publishing.html)
Once the crates are created, we should update our pipeline to automatically push updates to the documentation as appropriate.onyinyangonyinyanghttps://gitlab.torproject.org/tpo/applications/vpn/-/issues/35Get bridges from alternative locations2023-11-22T17:43:16Zmicahmicah@torproject.orgGet bridges from alternative locationsIf a user is wanting to connect via bridges, but not with built-in bridges (#30) or the request a bridge method (#31), and they want to manually configure a bridge (#32), there should be some UX that provides them with some suggestions a...If a user is wanting to connect via bridges, but not with built-in bridges (#30) or the request a bridge method (#31), and they want to manually configure a bridge (#32), there should be some UX that provides them with some suggestions about alternative locations where they can get bridges (eg. telegram bot, emailing `bridges@`).VPN pre-alpha 04https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/38Update Lox Distributor Config file to request Lox type2023-11-09T03:49:09ZonyinyangUpdate Lox Distributor Config file to request Lox typeThis should work in tandem with an update to `rdsys` that partitions bridges in to a `lox` type. This will only require an update to the test config file in the lox-distributor repo but this issue is mostly a reminder to update once a `l...This should work in tandem with an update to `rdsys` that partitions bridges in to a `lox` type. This will only require an update to the test config file in the lox-distributor repo but this issue is mostly a reminder to update once a `lox` type exists.onyinyangonyinyang