Anti-censorship issueshttps://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues2024-03-18T17:30:14Zhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/91Start disabled2024-03-18T17:30:14ZcypherpunksStart disabledRegardless of any other settings, I would suggest Snowflake never begin operating automatically upon installation, instead requiring the first use on any given device to be initiated manually.
I briefly had Snowflake installed on a pers...Regardless of any other settings, I would suggest Snowflake never begin operating automatically upon installation, instead requiring the first use on any given device to be initiated manually.
I briefly had Snowflake installed on a personal device, where it was disabled while I looked into the possibility of using a DNS sinkhole to prevent the use of my connection for undesirable purposes. I had preemptively turned services.sync.addons.ignoreUserEnabledChanges on so that, once I was comfortable, enabling Snowflake on my personal device I would not inadvertently enable it on my work computer. I unexpectedly needed to have the work machine reset and did not disable this flag, so Snowflake was installed and enabled when I synchronised my settings. I responded quickly and uninstalled the extension entirely, but it appears to have been active for long enough to have routed a connection to the website of a violent extremist group that was identified and flagged by our IT systems. This incident has caused me to seriously reconsider the risk using Snowflake creates, not just to myself but also by inadvertently enabling uses like the connection in question despite my efforts to prevent doing so, and as a result I am highly unlikely to reinstall it.
That this situation involved a mistake on my part does not justify it as a possibility. It cannot be expected that no user will ever make such a mistake - even advanced users cannot be expected to never forget things - and if such a simple and potentially-unavoidable mistake can cause automatic operation to put the user at risk like this then safeguards should be put in place both to protect them and to avoid deterring them entirely.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/issues/34IPv6 support2024-03-17T18:44:21ZJacobo NájeraIPv6 supportHello,
I'm testing IPv6 on Webtunnel bridges.
What is the proper way to enable it in Webtunnel server settings? Once the IPv6 address was enabled on the network interface and DNS. The idea is that it has IPv4 and IPv6 support
Thanks,...Hello,
I'm testing IPv6 on Webtunnel bridges.
What is the proper way to enable it in Webtunnel server settings? Once the IPv6 address was enabled on the network interface and DNS. The idea is that it has IPv4 and IPv6 support
Thanks, Jacobohttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40348Snowflake addon not found in firefox store2024-03-16T17:04:01ZSven GottwaldSnowflake addon not found in firefox storeI followed the link on [Browser Snowflake proxy](https://community.torproject.org/relay/setup/snowflake/browser/) that leads to https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/. The page says:
> **Oops! We can’t find...I followed the link on [Browser Snowflake proxy](https://community.torproject.org/relay/setup/snowflake/browser/) that leads to https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/. The page says:
> **Oops! We can’t find that page**
>
> If you’ve followed a link from another site for an extension or theme, that item is no longer available. This could be because:
> - The developer removed it. Developers commonly do this because they no longer support the extension or theme, or have replaced it.
> - Mozilla removed it. This can happen when issues are found during the review of the extension or theme, or the extension or theme has been abusing the terms and conditions for addons.mozilla.org. The developer has the opportunity to resolve the issues and make the add-on available again.
>
> Try visiting the page later, as the theme or extension may become available again. Alternatively, you may be able to find what you’re looking for in one of the available extensions or themes, or by asking for help on our community forums.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/issues/32Missing web-standard headers2024-03-14T19:37:03ZHaz Æ 41Missing web-standard headersHey,
Currently the WebSocket negotiation is not web-standard because some headers are missing. This can compromise the fact that bridges are WebTunnel bridges and not regular WebSocket servers actually used on the web. For example someo...Hey,
Currently the WebSocket negotiation is not web-standard because some headers are missing. This can compromise the fact that bridges are WebTunnel bridges and not regular WebSocket servers actually used on the web. For example someone could send a HTTPS request to a bridge and immediately know that it's a "fake" WebSocket server based on the headers. Additionally, clients should also send some web-standards headers, just in case the plain request is seen by some MITM proxy like CloudFlare.
Client should send
- `User-Agent` with a spoofed user-agent like Chrome on Windows 11
- `Origin` with a spoofed origin (probably the same as `Host` but with `https://`)
- `Cache-Control` with value `no-cache`
- `Pragma` with value `no-cache`
- `Accept-Language` with a spoofed value like `en-US,en`
- `Sec-WebSocket-Key` with a base64-encoded random 16-bytes string
e.g. `base64_padded(random(16))` => `a7ECc1UoTpaIpPbs0Mq8eA==`
- `Sec-WebSocket-Version` with value `13` (the latest WebSocket standard)
Server should respond
- `Sec-Websocket-Accept` with the base64-encoded SHA-1 of the concatenation of the value of `Sec-WebSocket-Key` with `258EAFA5-E914-47DA-95CA-C5AB0DC85B11` both took as utf8/ascii
e.g. `base64_padded(sha1(concat(utf8_to_bytes(get("Sec-WebSocket-Key")), utf8_to_bytes("258EAFA5-E914-47DA-95CA-C5AB0DC85B11"))))` => `+ovyba4oZqzDi2gR26ncKXa9SCk=`
- `Date` with the date of the response as `<day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT`
I can work on this and make a pull request if needed.https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/196HTTPS distributor is missing a language selector menu2024-03-12T17:17:05Zmeskiomeskio@torproject.orgHTTPS distributor is missing a language selector menuhttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/60Ensure that lox_library::bridge_table::BRIDGE_BYTES is large enough2024-03-13T17:17:32ZCecylia BocovichEnsure that lox_library::bridge_table::BRIDGE_BYTES is large enoughThe constant [`BRIDGE_BYTES`](https://gitlab.torproject.org/tpo/anti-censorship/lox/-/blob/bbfdd08ca1c9c77bae061fb4c2e7ef50eed76bc2/crates/lox-library/src/bridge_table.rs#L28) is current set to 250. While tor bridge lines are currently (...The constant [`BRIDGE_BYTES`](https://gitlab.torproject.org/tpo/anti-censorship/lox/-/blob/bbfdd08ca1c9c77bae061fb4c2e7ef50eed76bc2/crates/lox-library/src/bridge_table.rs#L28) is current set to 250. While tor bridge lines are currently (in c-tor) capped at 510 bytes, the Lox bridge line format does not match the tor bridge line format, so bridges that are well below the c-tor limit are causing panics in the lox distributor's [`parse_into_bridgelines`](https://gitlab.torproject.org/tpo/anti-censorship/lox/-/blob/bbfdd08ca1c9c77bae061fb4c2e7ef50eed76bc2/crates/lox-distributor/src/resource_parser.rs#L18) function.
This is an opportunity to reconsider the Lox bridge line format and whether it can be improved, since the current format requires extra work for the client to turn it into a usable torrc bridge line string.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40345migrate docker image to this repo2024-03-23T19:38:24Zmeskiomeskio@torproject.orgmigrate docker image to this repoWe used to develop the docker image in a separated repo: https://gitlab.torproject.org/tpo/anti-censorship/docker-snowflake-proxy/
But now we have a CI building the docker image in this repo: !246
Let's deprecate the original docker re...We used to develop the docker image in a separated repo: https://gitlab.torproject.org/tpo/anti-censorship/docker-snowflake-proxy/
But now we have a CI building the docker image in this repo: !246
Let's deprecate the original docker repo and move everything here. Things that might be missing:
* [ ] move docker-compose.yml to this repo or somewhere
* [ ] update the community documentation to use our repo
* [ ] integrate publishing the docker image in the release process
* [ ] are we cross building in the CI?
* [ ] how are we going to push to dockerhub the image?
* [ ] archive docker-snowflake-proxy reposhelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40344Snowflake works unreliably in China, 2024 Q12024-03-05T12:21:14ZshelikhooSnowflake works unreliably in China, 2024 Q1We have been receiving conflicting report about connectivity interruptions in China.
There was one report from user that highlighted this issue: https://github.com/net4people/bbs/issues/325. We was able to observe similar interruption o...We have been receiving conflicting report about connectivity interruptions in China.
There was one report from user that highlighted this issue: https://github.com/net4people/bbs/issues/325. We was able to observe similar interruption on our vantage point: https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/bridgestatus/-/blob/dc663e36d7dc81467a63f59c5d435b9f93e9e3ab/recentResult_cnnext#L89 .
The exact way connection get interrupted differ from report to report. The report from github user shows the connection can be established, but was interrupted soon. The report from vantage point show dtls connection handshake was unsuccessful, or the remote server was unreachable.
As of now, the censorship we are observing is decreasing, as some report's subsequent report show successful connection after waiting sufficiently long.https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/137A new home for bridges.tpo/info2024-03-04T17:40:00Zmeskiomeskio@torproject.orgA new home for bridges.tpo/infohttps://bridges.torproject.org/info lists all the bridge distribution mechanisms. AFAIK the only place this is being linked from is the *Bridge distribution mechanism* on the bridge page in metrics.tpo. We might have a better place for t...https://bridges.torproject.org/info lists all the bridge distribution mechanisms. AFAIK the only place this is being linked from is the *Bridge distribution mechanism* on the bridge page in metrics.tpo. We might have a better place for this page than BridgeDB (soon to be rdsys).meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/gettor-project/OnionSproutsBot/-/issues/60Some languages are not appearing in the 'Change Language' menu2024-03-04T16:49:34Zmeskiomeskio@torproject.orgSome languages are not appearing in the 'Change Language' menuThe following translations are installed but don't appear in the menu: ar, be, bg, ca, hr, cs, is, it, ja, pt_BR, roThe following translations are installed but don't appear in the menu: ar, be, bg, ca, hr, cs, is, it, ja, pt_BR, romeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40343Make the client automatic try and report to user what snowflake options combi...2024-03-04T10:16:38Zsnowflake_user_40314Make the client automatic try and report to user what snowflake options combination workI think current we have too many snowflake options combination(e.g. front domains, STUN servers, URLs of brokers at various CDN, and others).\
Thus, I think perhaps we should provide a way let user input the potential options as front do...I think current we have too many snowflake options combination(e.g. front domains, STUN servers, URLs of brokers at various CDN, and others).\
Thus, I think perhaps we should provide a way let user input the potential options as front domains list, STUN servers list, URLs of brokers list, and others; then automatic try report to user what options combination(or bridge line) work.https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/135Fastly blocked domain fronting2024-03-15T17:12:53ZGusFastly blocked domain frontingIt seems Fastly has started to block domain fronting today (2024-03-01):
```
Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [0cc7e46ae66a20cf2bce81a1fb4bc83c2b27d310f7177487dfb9665316892903] in use...It seems Fastly has started to block domain fronting today (2024-03-01):
```
Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [0cc7e46ae66a20cf2bce81a1fb4bc83c2b27d310f7177487dfb9665316892903] in use with this connection.
```
@ValdikSS reported this issue 3 days ago on Net4people BBS: https://github.com/net4people/bbs/issues/309#issuecomment-1968514057
This issue is affecting:
- Moat, Connection Assist, and Snowflake.
For Snowflake, meek-azure broker seems to be working fine:
```
Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.azureedge.net/ fronts=ajax.aspnetcdn.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA https://snowflake-broker.azureedge.net/ fronts=ajax.aspnetcdn.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
```Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40340Add a mechanism to retest the client NAT type2024-03-04T08:42:02ZCecylia BocovichAdd a mechanism to retest the client NAT typeWhile we do periodically retest the NAT type of proxies, a client's NAT type is only checked once on startup. The result is that if, after the initial check, a client's network conditions change, they may have difficulty connecting to pr...While we do periodically retest the NAT type of proxies, a client's NAT type is only checked once on startup. The result is that if, after the initial check, a client's network conditions change, they may have difficulty connecting to proxies in their pool. Since client usage of snowflake is much more time-sensitive than proxies, the trigger for a retest could be a threshold of a certain number of failed Datachannel attempts.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40337AWS warning about public IAM credentials for SQS rendezvous2024-03-08T12:58:24ZCecylia BocovichAWS warning about public IAM credentials for SQS rendezvousI got the following email from AWS:
```
We have become aware that the AWS Access Key AKIA5AIF4WJJXS7YHEG3 , belonging to IAM User SQS-client ,
along with the corresponding Secret Key is publicly available online at
https://github.com/n...I got the following email from AWS:
```
We have become aware that the AWS Access Key AKIA5AIF4WJJXS7YHEG3 , belonging to IAM User SQS-client ,
along with the corresponding Secret Key is publicly available online at
https://github.com/net4people/bbs/issues/335#issue-2157478835 .
Your security is important to us and this exposure of your account’s IAM credentials poses a security
risk to your AWS account, could lead to excessive charges from unauthorized activity, and violates
the AWS Customer Agreement or other agreement with us governing your use of our Services.
```
They probably have some automated tools to search for secret keys in Github repositories.
I have replied to the open support ticket to confirm that the sharing of credentials was intentional. Hopefully they will allow us to continue to use them.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/58Better Invitation Encoding2024-03-01T11:43:41ZonyinyangBetter Invitation EncodingThe Lox invitation endpoint currently returns a string of bytes formatted like:
```
{"invite":92,149,13,240,159,9,236,1,141,15,246,61,49,4,53,142,229,56,160,137,155,86,127,166,223,8,80,114,117,17,210,3,2,0,0,0,5,36,19,41,86,145,241,114...The Lox invitation endpoint currently returns a string of bytes formatted like:
```
{"invite":92,149,13,240,159,9,236,1,141,15,246,61,49,4,53,142,229,56,160,137,155,86,127,166,223,8,80,114,117,17,210,3,2,0,0,0,5,36,19,41,86,145,241,114,93,58,10,118,162,141,183,53,200,168,179,108,34,222,21,15,252,195,121,92,185,187,78,126,17,67,153,113,32,87,109,232,90,104,27,162,141,83,26,121,195,47,249,109,50,104,220,136,183,111,7,8,93,53,3,12}
```
This is probably not ideal for a user to paste into the browser, though maybe it is fine?
We should check with the ux team to see if they have suggestions for a better user experience and consider changing this (and the interface) to accept a more user-friendly invite.Lox Ready for Open Testing Callonyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40336Should we default enable SQS rendezvous of Snowflake in built-in bridge?2024-02-28T17:55:43Zsnowflake_user_40314Should we default enable SQS rendezvous of Snowflake in built-in bridge?The current default rendezvous(domain fronting) is [expect to stop work](https://lists.torproject.org/pipermail/anti-censorship-team/2023-October/000328.html).
Current 13.0.10 do not enable SQS rendezvous by default.The current default rendezvous(domain fronting) is [expect to stop work](https://lists.torproject.org/pipermail/anti-censorship-team/2023-October/000328.html).
Current 13.0.10 do not enable SQS rendezvous by default.https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/57Create a detailed workflow for investigating and responding to blocked Lox br...2024-02-26T17:32:10ZonyinyangCreate a detailed workflow for investigating and responding to blocked Lox bridgesThough automating the detection of blocked bridges has been a [long term goal](https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40035), discussed [here](https://gitlab.torproject.org/tpo/anti-censorship/rdsy...Though automating the detection of blocked bridges has been a [long term goal](https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40035), discussed [here](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/112) as well, we should have a detailed workflow for how we will handle getting reports of blocked bridges, how often we will manually update bridge statuses for Lox bridges and who will be responsible for these updates during our test deployment.Lox Ready for Open Testing Callonyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/890.7.3 rejected from mozilla2024-03-28T04:37:33Zmeskiomeskio@torproject.org0.7.3 rejected from mozillaWe got this email:
> Due to issues discovered during the review process, one or more versions of your add-on Snowflake will be disabled on addons.mozilla.org in 14 day(s). Please
> see the reviewer’s comments below for more information.
...We got this email:
> Due to issues discovered during the review process, one or more versions of your add-on Snowflake will be disabled on addons.mozilla.org in 14 day(s). Please
> see the reviewer’s comments below for more information.
>
> ********
> Details:
> - Reproducing the submitted release version based on the provided source code package and instructions failed.
>
> You can access the console output at https://paste.mozilla.org/kOCS6sFe
> Environment used for building: Node 20.10.0, npm 10.2.3 on Ubuntu 22.04 LTS x64 (10GB RAM, 6 CPUs)
>
> Please test your build in a clean environment to make sure it is reproducible. If necessary, update the source code package and/or the instructions to
> reproduce.
> Please read through the instructions at https://extensionworkshop.com/documentation/publish/source-code-submission/ .
>
> Version(s) affected:
> 0.7.3
> ********
>
> Please address the issues raised in the reviewer's notes and inquire about any unclear items. Afterwards, please upload a new version of your add-on at
> https://addons.mozilla.org/en-US/developers/addon/torproject-snowflake/versions.
>
> To respond, please reply to this email or visit https://addons.mozilla.org/en-US/developers/addon/torproject-snowflake/versions. If we do not hear from you
> within 14 day(s) of this notification, these versions will be removed from addons.mozilla.org. Current users of these versions will be unaffected.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40328snowflake deb runs as root, and it should do something safer than that2024-02-27T11:24:09ZRoger Dingledinesnowflake deb runs as root, and it should do something safer than thatI installed the snowflake-proxy deb (version 2.5.1-1+b3) and used "systemctl start snowflake-proxy" to tell it to start.
Now I have a proxy process running as root! Wow, I did not expect this.
Should we make a separate user and run the...I installed the snowflake-proxy deb (version 2.5.1-1+b3) and used "systemctl start snowflake-proxy" to tell it to start.
Now I have a proxy process running as root! Wow, I did not expect this.
Should we make a separate user and run the snowflake proxy as that user? Or is it secretly dropping privileges and the root part is not accurate?https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/55Bridge replace flakey II2024-02-27T11:25:08ZonyinyangBridge replace flakey IIThe `bridge_replace` function is flakey again after adjusting the logic to remove spare buckets first and adding the `ReplaceSuccess::Removed` option.`The `bridge_replace` function is flakey again after adjusting the logic to remove spare buckets first and adding the `ReplaceSuccess::Removed` option.`Lox Ready for Open Testing Callonyinyangonyinyang