The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-11-08T18:21:09Zhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40225Snowflake Broker Deployment 22-10-252022-11-08T18:21:09ZshelikhooSnowflake Broker Deployment 22-10-25We are going to deploy a new version of snowflake broker configuration to snowflake broker.
The broker binary isn't updated, and remain [v2.3.1](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/tags/v2.3...We are going to deploy a new version of snowflake broker configuration to snowflake broker.
The broker binary isn't updated, and remain [v2.3.1](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/tags/v2.3.1).
This will rollout the change we did in [Snowflake Broker Deployment 22-10-03](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40193) plus [include](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40212) [secondary bridge](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40122) definition, and [Remove GOMAXPROCS=1](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40205).
## Deployment Script
```
sv stop snowflake-broker
cp /etc/service/snowflake-broker/run ./snowflake-broker-run-22-10-25-backup-$(date +%N)
cp /home/snowflake-broker/bridge_lists.json ./bridge_lists_json-22-10-25-backup-$(date +%N)
install --owner root ./snowflake-broker-run-22-10-25-candidcate /etc/service/snowflake-broker/run
install --owner root ./bridge_lists_json-22-10-25-candidcate /home/snowflake-broker/bridge_lists.json
sv start snowflake-broker
```
## New Run File
(the difference is at --allowed-relay-pattern)
(-ip-count-mask's value is not real value used on the production system)
```
#!/bin/sh -e
setcap 'cap_net_bind_service=+ep' /usr/local/bin/broker
exec chpst -u snowflake-broker -o 32768 /usr/local/bin/broker --metrics-log /home/snowflake-broker/metrics.log --acme-hostnames snowflake-broker.bamsoftware.com,snowflake-broker.freehaven.net,snowflake-broker.torproject.net --acme-email dcf@torproject.org --acme-cert-cache /home/snowflake-broker/acme-cert-cache --bridge-list-path /home/snowflake-broker/bridge_lists.json --default-relay-pattern ^snowflake.torproject.net$ --allowed-relay-pattern snowflake.torproject.net$ -ip-count-log /home/snowflake-broker/metrics-ip-salted.jsonl -ip-count-interval 1h -ip-count-mask ****** 2>&1
```
## Old Run File
```
#!/bin/sh -e
setcap 'cap_net_bind_service=+ep' /usr/local/bin/broker
export GOMAXPROCS=1
exec chpst -u snowflake-broker -o 32768 /usr/local/bin/broker --metrics-log /home/snowflake-broker/metrics.log --acme-hostnames snowflake-broker.bamsoftware.com,snowflake-broker.freehaven.net,snowflake-broker.torproject.net --acme-email dcf@torproject.org --acme-cert-cache /home/snowflake-broker/acme-cert-cache --bridge-list-path /home/snowflake-broker/bridge_lists.json --default-relay-pattern ^snowflake.torproject.net$ --allowed-relay-pattern ^snowflake.torproject.net$ -ip-count-log /home/snowflake-broker/metrics-ip-salted.jsonl -ip-count-interval 1h -ip-count-mask ****** 2>&1
```
## New bridge_lists.json
```
{"displayName":"default", "webSocketAddress":"wss://snowflake.torproject.net/", "fingerprint":"2B280B23E1107BB62ABFC40DDCC8824814F80A72"}
{"displayName":"Bridge02", "webSocketAddress":"wss://02.snowflake.torproject.net/", "fingerprint":"8838024498816A039FCBBAB14E6F40A0843051FA"}
```
## Old bridge_lists.json
```
{"displayName":"default", "webSocketAddress":"wss://snowflake.torproject.net/", "fingerprint":"2B280B23E1107BB62ABFC40DDCC8824814F80A72"}
```
## Side effect to be watched
The network capacity of the snowflake may be decreased(again).Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetshelikhooshelikhoohttps://gitlab.torproject.org/tpo/web/team/-/issues/44Archive and redirect gettor.torproject.org landing page to support portal2024-01-11T13:54:11ZGusArchive and redirect gettor.torproject.org landing page to support portalAlthough GetTor service is very important and useful for users where torproject.org website is blocked, I don't get what's the point of having GetTor landing page since all the instructions are available on Support portal and on Tor Brow...Although GetTor service is very important and useful for users where torproject.org website is blocked, I don't get what's the point of having GetTor landing page since all the instructions are available on Support portal and on Tor Browser Manual, which is bundled in TB.
So, here is my proposal to archive and redirect gettor.torproject.org:
- Improve gettor entry on https://support.torproject.org/censorship
- Archive the repository: https://gitlab.torproject.org/tpo/web/gettor-web
- Redirect gettor.torproject.org to support.torproject.org/censorship
- Remove gettor-web from weblateSponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetemmapeelemmapeelhttps://gitlab.torproject.org/tpo/community/relays/-/issues/49Inform the community that we're rejecting old snowflake proxies2022-10-06T20:22:00ZGusInform the community that we're rejecting old snowflake proxiesThis week ac-team started to reject outdated snowflake proxies.
ref: https://forum.torproject.net/t/please-update-your-snowflake-proxy-to-help-us-rollout-distributed-snowflake-server-support/4098This week ac-team started to reject outdated snowflake proxies.
ref: https://forum.torproject.net/t/please-update-your-snowflake-proxy-to-help-us-rollout-distributed-snowflake-server-support/4098Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & TibetGusGushttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/97Setup Webtunnel at njalla VPS2023-01-08T22:57:25ZshelikhooSetup Webtunnel at njalla VPSWe are considering to try out WebTunnel pluggable transport by setting it up at njalla VPS.
This issue will be used to track this effort.
## Steps to setup the bridge
- [x] Setup ACME for obtaining certificate
- [x] Setup nginx for TL...We are considering to try out WebTunnel pluggable transport by setting it up at njalla VPS.
This issue will be used to track this effort.
## Steps to setup the bridge
- [x] Setup ACME for obtaining certificate
- [x] Setup nginx for TLS termination and forwarding traffic to webtunnel
- [x] Setup tor and webtunnel
- [x] Test the setup
IRC log(Some content are removed as it come from internal channel):
```
[12:42:42 pm] <+meskio> shelikhoo: how do you feel about this? setting up a webtunnel bridge in our iran VPS and build a TB with webtunnel support
[12:43:02 pm] <+meskio> I worry it might be too much work, but might be handy to advance webtunnel and test it in the real world
[12:44:22 pm] <+meskio> I wonder if is not that simple, as we might actually need to modify the code of TB to understand what to do with webtunnel bridge urls
[1:32:10 pm] <+shelikhoo> meskio: we could try whether it will work first?
[1:32:51 pm] <+shelikhoo> I think it is a huge effort to get tor browser support a new transport NOW I think
[1:33:01 pm] <+shelikhoo> so we better test it?
[1:33:07 pm] <+shelikhoo> first
[1:36:06 pm] <+shelikhoo> Let's say we setup that bridge and write a instruction about testing it
[1:36:17 pm] <+shelikhoo> and see what is the response
[1:36:26 pm] <+shelikhoo> while we are getting TB to support it
[1:47:05 pm] <+meskio> shelikhoo: that sounds like a good idea
[1:48:14 pm] <+shelikhoo> we can setup one and test it first
[2:47:45 pm] <+shelikhoo> meskio: webtunnel need a domain with dns point to it. so do we wants to setup it Iran and forward the tor traffic with a tunnel, or setup it in outside and forward the web traffic?
[2:52:23 pm] <+meskio> true, might be easier the second option?
[3:49:38 pm] <+shelikhoo> meskio: I will try to setup it now
[3:56:22 pm] <+meskio> great, good luck
[3:56:23 pm] <+shelikhoo> meskio: can I copy and paste our conversation here about setting up this webtunnel bridge at a public ticket?
[3:57:13 pm] <+meskio> sure
```Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetshelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40061Refresh captchas2022-10-14T06:28:29Zmeskiomeskio@torproject.orgRefresh captchasIt looks like there is a spike of usage, let's refresh the captchas.It looks like there is a spike of usage, let's refresh the captchas.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/122Builtin bridges route is returning an empty JSON object2022-10-03T09:42:07Zmig5Builtin bridges route is returning an empty JSON objectHi @meskio ,
(Sorry in advance if this is the wrong place to report the issue)
The OnionShare team just noticed that https://bridges.torproject.org/moat/circumvention/builtin is returning `{}` . It used to return a list of built-in bri...Hi @meskio ,
(Sorry in advance if this is the wrong place to report the issue)
The OnionShare team just noticed that https://bridges.torproject.org/moat/circumvention/builtin is returning `{}` . It used to return a list of built-in bridges, and we updated our app to use this for supplying OnionShare the default bridges (we used to copy them from the Tor Browser source code).
Was this a deliberate change? If so, is there something else we should be doing to fetch built-in bridges now?
I note that it's still in the [doc](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/moat.md#circumventionbuiltin) so thought it might be unexpected.
Thanks!Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/95Investigate Distributed Snowflake Rollout Issue on proxy2023-10-25T15:24:07ZshelikhooInvestigate Distributed Snowflake Rollout Issue on proxyCurrently, we are encountering a slow rollout in distributed snowflake. We should investigate why.Currently, we are encountering a slow rollout in distributed snowflake. We should investigate why.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetshelikhooshelikhoohttps://gitlab.torproject.org/tpo/community/support/-/issues/40091Improve welcome message on Telegram - @TorProjectSupportBot2022-10-26T20:30:15ZGusImprove welcome message on Telegram - @TorProjectSupportBotAt the moment when a user start chatting with us on telegram (@TorProjectSupportBot), they receive this message
"Hi! This is the Tor Project Support Channel. If you need bridges, send /bridges to our bot @GetBridgesBot. If you need help...At the moment when a user start chatting with us on telegram (@TorProjectSupportBot), they receive this message
"Hi! This is the Tor Project Support Channel. If you need bridges, send /bridges to our bot @GetBridgesBot. If you need help from a support person, ask a question in chat. Привет! Это поддержка проекта Tor. Если вам нужны мосты - отправьте /bridges нашему боту @GetBridgesBot. Если вам нужна помочь сотрудника поддержки – задайте вопрос в чате."
And the support agents are getting some "/bridges", which is not helpful.
We should improve this description so users can provide more valuable information to the help desk.
(cc: @nina @championquizzer)Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & TibetGusGushttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/issues/10how to get webtunnel into production2024-03-12T22:28:30Zmeskiomeskio@torproject.orghow to get webtunnel into productionWhat are the steps to get webtunnel into a production PT?
* [x] Configure rdsys to distribute webtunnel bridges
* [x] Announce a testing version into the anti-censorship-team and tor-dev mailing lists
* [x] Include it into TorBrowser al...What are the steps to get webtunnel into a production PT?
* [x] Configure rdsys to distribute webtunnel bridges
* [x] Announce a testing version into the anti-censorship-team and tor-dev mailing lists
* [x] Include it into TorBrowser alpha
* [x] Write a blog post about our new PT
* [x] Run a webtunnel bridge campaing (#2)
* [x] Include it into TorBrowser stableSponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetshelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/issues/3O1.3: Implement bridges with pluggable transport HTTPT support.2022-10-04T17:27:22ZGabagaba@torproject.orgO1.3: Implement bridges with pluggable transport HTTPT support.HTTPT is a promising new pluggable transport designed to hide traffic behind HTTPS servers. HTTPT has specific benefits for the case of making Tor more accessible to users in China; specifically that it is immune to replay attacks, which...HTTPT is a promising new pluggable transport designed to hide traffic behind HTTPS servers. HTTPT has specific benefits for the case of making Tor more accessible to users in China; specifically that it is immune to replay attacks, which protects it against China’s active probing; it uses existing web servers, so that it’s harder for censors to discover; it requires minimal overhead; and it relies on TLS, a popular protocol, making it much more difficult for censors to block outright. In this Activity we will make Tor Browser and HTTPT work together before pushing for more users in the target region and launching it in Tor Browser.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetshelikhooshelikhoo2022-09-30https://gitlab.torproject.org/tpo/community/support/-/issues/40086Circumvention map feedback2022-08-10T18:08:05ZGusCircumvention map feedbackTor Browser stable (11.5) is using the 'circumvention map' on Connection Assist feature. Let's collect user feedback about countries where users couldn't connect automatically, so we can adjust the circumvention settings.Tor Browser stable (11.5) is using the 'circumvention map' on Connection Assist feature. Let's collect user feedback about countries where users couldn't connect automatically, so we can adjust the circumvention settings.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & TibetGusGushttps://gitlab.torproject.org/tpo/web/tpo/-/issues/316Remove "Select Tor Network Settings' and 'Use a bridge'" text2022-07-26T18:24:41ZGusRemove "Select Tor Network Settings' and 'Use a bridge'" textOn TB 11.5, we don't have "Tor Network Settings" anymore. I asked @duncan and we will remove it for now.On TB 11.5, we don't have "Tor Network Settings" anymore. I asked @duncan and we will remove it for now.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & TibetGusGushttps://gitlab.torproject.org/tpo/web/support/-/issues/304Add all our telegram bots2022-06-29T15:50:15ZGusAdd all our telegram botsAccording to the Telegram verification page, we can verify our telegram bots by adding "a link to the Telegram channel from the official website of the organization may also be taken into account. The bot will offer to submit additional ...According to the Telegram verification page, we can verify our telegram bots by adding "a link to the Telegram channel from the official website of the organization may also be taken into account. The bot will offer to submit additional data and comments after checking the social media links."
Right now we have these three bots:
- [x] gettor_bot - gettor bot
- [x] torprojectsupportbot - get in touch with the Tor support team
- [x] getbridgesbot - get a bridge from bridgedbSponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & TibetGusGushttps://gitlab.torproject.org/tpo/ux/design/-/issues/42Develop graphics and copy for Telegram Bots promotions2022-08-26T14:33:00ZnicobDevelop graphics and copy for Telegram Bots promotionsThis ticket will serve to track next steps in branding and promoting Tor's three telegram bots for our users: Gettor, Get Bridges, Tor Project Support. cc @meskio @isabela @duncan
- [x] Get verified on telegram (@gus)
- [x] Develop thr...This ticket will serve to track next steps in branding and promoting Tor's three telegram bots for our users: Gettor, Get Bridges, Tor Project Support. cc @meskio @isabela @duncan
- [x] Get verified on telegram (@gus)
- [x] Develop three different avatars (@nicob)
- [x] Develop social graphics (@nicob)
- [x] Add to support portal (@gus)
- [ ] Post to social (@smith)
- [ ] Include in next newsletter (@smith)Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibethttps://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/logcollector-admin/-/issues/5Migrating Controling git repo to Tor Gitlab Instance2022-10-07T12:20:56ZshelikhooMigrating Controling git repo to Tor Gitlab InstanceAs planned earlier, we will move the BridgeLine, and BridgeStatus repo from Github to Tor's Gitlab.
- [x] Use Tor Gitlab git repo link at probetelemetry-01
- [x] Notify @irl to prepare for the change
- [x] Receive ready signal from @irl
...As planned earlier, we will move the BridgeLine, and BridgeStatus repo from Github to Tor's Gitlab.
- [x] Use Tor Gitlab git repo link at probetelemetry-01
- [x] Notify @irl to prepare for the change
- [x] Receive ready signal from @irl
- [x] Move production vantage points to accept command + submit reports to TPO Log CollectorSponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetshelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/78deploy onionsproutsbot2022-06-10T12:40:05Zmeskiomeskio@torproject.orgdeploy onionsproutsbotSponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/community/l10n/-/issues/40068Localize the new strings for the Tor Browser User Manual 11.5 (offline version)2022-10-26T20:22:26ZGusLocalize the new strings for the Tor Browser User Manual 11.5 (offline version)As Tor Browser 11.5 will include an offline version of the Tor Browser User Manual, we will need to localize the new strings before the 11.5 release.
I believe the most important languages for this release is where there is some Tor blo...As Tor Browser 11.5 will include an offline version of the Tor Browser User Manual, we will need to localize the new strings before the 11.5 release.
I believe the most important languages for this release is where there is some Tor block happening, like Russia, China and Iran.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetemmapeelemmapeelhttps://gitlab.torproject.org/tpo/web/manual/-/issues/119Update the manual for Tor Browser 11.5 release2022-07-15T18:25:15ZGusUpdate the manual for Tor Browser 11.5 releaseNew features:
- connect:assist - it will be available this week on TB Alpha - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues?scope=all&state=opened&search=torconnect
- Connection test
- HTTPS-Only Mode (about:prefer...New features:
- connect:assist - it will be available this week on TB Alpha - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues?scope=all&state=opened&search=torconnect
- Connection test
- HTTPS-Only Mode (about:preferences#privacy)
- New bridges configuration page
- Bridges emoji identification and QRcodeSponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetchampionquizzerchampionquizzer@torproject.orgchampionquizzerchampionquizzer@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40887Implement amends to torconnect and Connection Settings following 11.5a92022-05-17T13:29:06ZdonutsImplement amends to torconnect and Connection Settings following 11.5a9This is the parent ticket for any amends to torconnect or Connection Settigns that didn't make it in time for 11.5a9, with the intention that they can be fixed for the next Alpha instead.This is the parent ticket for any amends to torconnect or Connection Settigns that didn't make it in time for 11.5a9, with the intention that they can be fixed for the next Alpha instead.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & TibetPier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/105deploy rdsys gettor into production2022-10-03T17:56:39Zmeskiomeskio@torproject.orgdeploy rdsys gettor into productionWe might need first to setup a test environment to test it thoroughly.
When we are ready to do the deployment we should configure everything on polyanthum and then ask TPA to do the needed changes on the email setup (IMAP server).We might need first to setup a test environment to test it thoroughly.
When we are ready to do the deployment we should configure everything on polyanthum and then ask TPA to do the needed changes on the email setup (IMAP server).Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.org