Anti-censorship issueshttps://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues2020-06-27T13:43:46Zhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/29286Maintain obfs4 proxy2020-06-27T13:43:46ZCecylia BocovichMaintain obfs4 proxyThis depends first on ticket legacy/trac#29279 and seeing what is possibly going wrong with obfs4 now.This depends first on ticket legacy/trac#29279 and seeing what is possibly going wrong with obfs4 now.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/2760Proof of concept transport plugin: superencryption2020-06-27T13:44:09ZRoger DingledineProof of concept transport plugin: superencryptionNick started work on a socks proxy that will add its own layer of encryption on top of the Tor transport. The goal is to separate the task of making Tor unrecognizable on the wire from the task of achieving Tor's desired authentication a...Nick started work on a socks proxy that will add its own layer of encryption on top of the Tor transport. The goal is to separate the task of making Tor unrecognizable on the wire from the task of achieving Tor's desired authentication and confidentiality requirements.
I think asn picked it up from there, and it's now called obfsproxy.
One of its goals is to act as a proof of concept for our modular transport proposal (legacy/trac#2758), but I also want to actually ship it with the Tor bundles for users in blocking countries, so they have a chance against the next DPI-using adversary.
What's the current status? Is it ready to get its own Trac component and its own Tor git repository?Deliverable-May2011George KadianakisGeorge Kadianakishttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-mobile/-/issues/6Showing users stat about how many clients' they served in the past 24 hours2020-07-20T15:34:02ZHashikDShowing users stat about how many clients' they served in the past 24 hoursTitle. Just like on the Snowflake web-extension.Title. Just like on the Snowflake web-extension.HashikDHashikDhttps://gitlab.torproject.org/tpo/anti-censorship/emma/-/issues/6Maybe try more than once if a connection timed out?2021-02-07T21:57:09ZPhilipp Winterphw@torproject.orgMaybe try more than once if a connection timed out?I tried to make sense of recent emma runs in Uganda (see tpo/community/outreach#40007) and noticed that it's difficult to tell if a connection failed because of reliability issues or because of censorship. Emma currently tries once to [e...I tried to make sense of recent emma runs in Uganda (see tpo/community/outreach#40007) and noticed that it's difficult to tell if a connection failed because of reliability issues or because of censorship. Emma currently tries once to [establish a TCP connection](https://gitlab.torproject.org/tpo/anti-censorship/emma/-/blob/2ed24be87ec7b6988ebc3c3723e53a2f7f17f89d/tests.go#L36) to a target and if that fails, it labels the target as unreachable. It's up to the operating system to determine the number of TCP retransmissions. Let's teach emma to try more than once to establish a TCP connection to a target. This will increase the test time a little bit but I think the improved clarity is worth the additional wait time.https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/1609Add code that will give out bridges in a localized way2020-06-27T13:43:36ZAndrew LewmanAdd code that will give out bridges in a localized wayAdd code that will give out bridges in a localized way (gettext). For that, put all messages in need for translation in one fileAdd code that will give out bridges in a localized way (gettext). For that, put all messages in need for translation in one filehttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-mobile/-/issues/7Showing users when there is as WebSocket connection failure.2021-06-17T14:14:12ZHashikDShowing users when there is as WebSocket connection failure.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/7Add a short FAQ to snowflake.tp.o2021-06-17T14:13:21ZArlo BreaultAdd a short FAQ to snowflake.tp.oThis should include explanations for the missing feature error messages. See comment:13:ticket:31391This should include explanations for the missing feature error messages. See comment:13:ticket:31391https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/18999go-webrtc: fixes for 3862021-07-09T18:26:25ZDavid Fifielddcf@torproject.orggo-webrtc: fixes for 386In preparing a Gitian build of Snowflake for linux-386, I ran into architecture problems that are fixed by the attached patch.
The first just adds a webrtc-linux-386.pc, like already existed for linux-amd64 and darwin-amd64.
The second...In preparing a Gitian build of Snowflake for linux-386, I ran into architecture problems that are fixed by the attached patch.
The first just adds a webrtc-linux-386.pc, like already existed for linux-amd64 and darwin-amd64.
The second reduces the size of some static Cgo array bounds, to avoid this error:
```
configuration.go:228[/tmp/go-build928087590/github.com/keroserene/go-webrtc/_obj/configuration.cgo1.go:238]: type [1073741824]*_Ctype_char larger than address space
```https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/1610Turn mail requests into ’subscriptions’2020-06-27T13:43:36ZAndrew LewmanTurn mail requests into ’subscriptions’Turn mail requests into ’subscriptions’: People mail ’subscribe bridges’ to us, we put them in a database and send them bridges periodically. To not send mails to users that long have forgotten about their subscription, make them re-subs...Turn mail requests into ’subscriptions’: People mail ’subscribe bridges’ to us, we put them in a database and send them bridges periodically. To not send mails to users that long have forgotten about their subscription, make them re-subscribe periodically by putting a ”Reply to this mail or you won’t get any more bridges” text somewhere in a mail we send them with fresh bridgesIsis LovecruftIsis Lovecrufthttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/6149"Censorship-timeline" for Tor2020-06-27T13:43:43ZPhilipp Winterphw@torproject.org"Censorship-timeline" for TorIt was shortly discussed on #tor-dev that some sort of "censorship-timeline" for Tor would be helpful. In particular, this should provide:
* Detailed technical analyses of the censorship mechanisms in place (DPI fingerprints and manufa...It was shortly discussed on #tor-dev that some sort of "censorship-timeline" for Tor would be helpful. In particular, this should provide:
* Detailed technical analyses of the censorship mechanisms in place (DPI fingerprints and manufacturers, traceroutes, ...)
* Code and data to reproduce all experiments
* Tor patches and standalone tools to evade the censorship devices
After all, this timeline should serve as a comprehensive archive for all people interested in how Tor is getting blocked. It should make it easy to answer questions such as _"What happened to Tor in country X back in Y?"_.
There are also some open questions:
* How should the data be structured? In form of a timeline? Or country based? Something else?
* What data should be published and when? Full disclosure too early in the process helps the censors.
* How should it be presented? In a wiki page or a standalone web site?https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek/-/issues/11393Make an HTTP requestor Chrome extension for meek-client2020-06-27T13:44:21ZDavid Fifielddcf@torproject.orgMake an HTTP requestor Chrome extension for meek-clientLike in legacy/trac#11183, make an extension for Chrome/Chromium that makes HTTP requests on behalf of another program.Like in legacy/trac#11183, make an extension for Chrome/Chromium that makes HTTP requests on behalf of another program.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/2860Research TCP connection patterns produced by web browsing2021-06-17T14:17:38ZRobert RansomResearch TCP connection patterns produced by web browsingWe suspect that Tor connections (and other TCP-based encrypted tunnel connections) can easily be distinguished from connections produced by a web browser by an attacker who has only logs of TCP SYN, FIN, and RST packets and the times at ...We suspect that Tor connections (and other TCP-based encrypted tunnel connections) can easily be distinguished from connections produced by a web browser by an attacker who has only logs of TCP SYN, FIN, and RST packets and the times at which they were sent. We should research this further.
The first step is to collect example recordings of the SYN, FIN, and RST packets produced by:
* a normal Tor client,
* a Tor client configured to use one bridge,
* a Tor client configured to use ten bridges,
* Firefox loading a simple (one HTML page without CSS or JS) web page over HTTPS,
* Chromium loading the same simple web page,
* Firefox viewing a JS-intensive web page (over HTTPS if possible), and
* Chromium viewing the same JS-intensive web page.
A simple visualization tool for the recordings will also be needed.Brandon WileyBrandon Wileyhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-mobile/-/issues/8A Readme file for the project.2020-07-08T16:50:12ZHashikDA Readme file for the project.Add a readme file to the project to help future contributors.Add a readme file to the project to help future contributors.HashikDHashikDhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/8Update the logos of Firefox and Chrome in https://snowflake.torproject.org/2021-01-14T16:02:36ZcypherpunksUpdate the logos of Firefox and Chrome in https://snowflake.torproject.org/https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/1611Increase the "unreserved" share of bridges2020-06-27T13:43:36ZAndrew LewmanIncrease the "unreserved" share of bridgesIncrease the "unreserved" share of bridgesIncrease the "unreserved" share of bridgesChristian FrommeChristian Frommehttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-mobile/-/issues/9Requirement of App settings UI.2020-06-30T16:04:55ZHashikDRequirement of App settings UI.Is a settings activity or UI necessary? example of settings like the number of clients the user is willing to serve, start the service on start-up, etc.Is a settings activity or UI necessary? example of settings like the number of clients the user is willing to serve, start the service on start-up, etc.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/9snowflake-webextension "Could not connect to the bridge."2022-07-09T04:32:31Zcypherpunkssnowflake-webextension "Could not connect to the bridge."My snowflake webextension has been working well up to this point but recently started having the error "Could not connect to the bridge." for the past few days. I'm not sure if this is something on my end or something with Snowflake.My snowflake webextension has been working well up to this point but recently started having the error "Could not connect to the bridge." for the past few days. I'm not sure if this is something on my end or something with Snowflake.https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/1612Group reserved bridges into buckets for people2020-06-27T13:43:36ZAndrew LewmanGroup reserved bridges into buckets for peopleGroup reserved bridges into buckets for people, write those buckets to files on request. (So that those files can be used by Roger or $foo to give to trusted people)Group reserved bridges into buckets for people, write those buckets to files on request. (So that those files can be used by Roger or $foo to give to trusted people)Christian FrommeChristian Frommehttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/6246UAE uses DPI to block Tor2020-06-27T13:43:43ZRuna SandvikUAE uses DPI to block TorThe Emirates Telecommunications Corporation, also known as Etisalat, started blocking Tor using DPI on June 25 2012. It seems they are doing something similar to Ethiopia (legacy/trac#6045) and Kazakhstan (legacy/trac#6140), but we shoul...The Emirates Telecommunications Corporation, also known as Etisalat, started blocking Tor using DPI on June 25 2012. It seems they are doing something similar to Ethiopia (legacy/trac#6045) and Kazakhstan (legacy/trac#6140), but we should figure out how these cases are different.
We know that:
* The three bridges in https://blog.torproject.org/blog/update-censorship-ethiopia are working. These are bridges with a patch that removes 0x0039 from SERVER_CIPHER_LIST.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek/-/issues/11413meek README should say what meek is.2020-06-27T13:44:21ZNick Mathewsonmeek README should say what meek is.By convention, a project's README file should tell you what it is, what it does, and how to get started with it. Meek's only mentions that it's public domain.By convention, a project's README file should tell you what it is, what it does, and how to get started with it. Meek's only mentions that it's public domain.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.org