Anti-censorship issueshttps://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues2024-03-13T17:17:32Zhttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/60Ensure that lox_library::bridge_table::BRIDGE_BYTES is large enough2024-03-13T17:17:32ZCecylia BocovichEnsure that lox_library::bridge_table::BRIDGE_BYTES is large enoughThe constant [`BRIDGE_BYTES`](https://gitlab.torproject.org/tpo/anti-censorship/lox/-/blob/bbfdd08ca1c9c77bae061fb4c2e7ef50eed76bc2/crates/lox-library/src/bridge_table.rs#L28) is current set to 250. While tor bridge lines are currently (...The constant [`BRIDGE_BYTES`](https://gitlab.torproject.org/tpo/anti-censorship/lox/-/blob/bbfdd08ca1c9c77bae061fb4c2e7ef50eed76bc2/crates/lox-library/src/bridge_table.rs#L28) is current set to 250. While tor bridge lines are currently (in c-tor) capped at 510 bytes, the Lox bridge line format does not match the tor bridge line format, so bridges that are well below the c-tor limit are causing panics in the lox distributor's [`parse_into_bridgelines`](https://gitlab.torproject.org/tpo/anti-censorship/lox/-/blob/bbfdd08ca1c9c77bae061fb4c2e7ef50eed76bc2/crates/lox-distributor/src/resource_parser.rs#L18) function.
This is an opportunity to reconsider the Lox bridge line format and whether it can be improved, since the current format requires extra work for the client to turn it into a usable torrc bridge line string.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/59Have Lox protocol functions return more descriptive errors2024-03-28T22:55:22ZCecylia BocovichHave Lox protocol functions return more descriptive errorsAt the moment, when a client is preparing a request to the Lox authority for one of the protocol functions, the only return type is a `ProofError::VerificationError`, which could indicate any number of potential reasons for failure, incl...At the moment, when a client is preparing a request to the Lox authority for one of the protocol functions, the only return type is a `ProofError::VerificationError`, which could indicate any number of potential reasons for failure, including:
- temporary and relatively common failure of not meeting the time threshold for unlocking the use of the protocol (e.g., `level_up`).
- a failure indicating misuse of the library (e.g., if the Lox and reachability credentials do not match)
- data corruption issues such as missing or invalid fields of the Lox credential
We're making assumptions in Tor Browser that the verification error is caused by the first case. While it still makes sense to return a `ProofError` for some of the functions in `lox-library::proto`, the `request` functions in particular should return a different more variable error type.Lox Ready for Open Testing CallCecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40345migrate docker image to this repo2024-03-23T19:38:24Zmeskiomeskio@torproject.orgmigrate docker image to this repoWe used to develop the docker image in a separated repo: https://gitlab.torproject.org/tpo/anti-censorship/docker-snowflake-proxy/
But now we have a CI building the docker image in this repo: !246
Let's deprecate the original docker re...We used to develop the docker image in a separated repo: https://gitlab.torproject.org/tpo/anti-censorship/docker-snowflake-proxy/
But now we have a CI building the docker image in this repo: !246
Let's deprecate the original docker repo and move everything here. Things that might be missing:
* [ ] move docker-compose.yml to this repo or somewhere
* [ ] update the community documentation to use our repo
* [ ] integrate publishing the docker image in the release process
* [ ] are we cross building in the CI?
* [ ] how are we going to push to dockerhub the image?
* [ ] archive docker-snowflake-proxy reposhelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/195moat is not distributing bridges2024-03-12T11:32:55Zmeskiomeskio@torproject.orgmoat is not distributing bridgesToday moat is not distributing bridges:
```
❯ curl https://bridges.torproject.org/moat/circumvention/defaults |jq
{
"settings": [
{
"bridges": {
"type": "obfs4",
"source": "builtin",
"bridge_strings": ...Today moat is not distributing bridges:
```
❯ curl https://bridges.torproject.org/moat/circumvention/defaults |jq
{
"settings": [
{
"bridges": {
"type": "obfs4",
"source": "builtin",
"bridge_strings": [
...
]
}
},
{
"bridges": {
"type": "obfs4",
"source": "bridgedb"
}
},
{
"bridges": {
"type": "snowflake",
"source": "builtin",
"bridge_strings": [
"snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn",
"snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn"
]
}
}
]
}
```meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/docker-obfs4-bridge/-/issues/18armv7 has a deprecated version of tor2024-03-21T07:13:30Zmeskiomeskio@torproject.orgarmv7 has a deprecated version of torWe download tor from deb.tpo, which has the following archs: amd64, i386, arm64. But we build the docker image for all those architectures plus armv7 (armhf in debian names).
When we build the armv7 image as there is not tor package in ...We download tor from deb.tpo, which has the following archs: amd64, i386, arm64. But we build the docker image for all those architectures plus armv7 (armhf in debian names).
When we build the armv7 image as there is not tor package in deb.tpo the one from debian bookworm is being choosen, which is deprecated.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/docker-obfs4-bridge/-/issues/17operator report:"Docker relay stopped working after pull today"2024-03-06T13:11:14ZGusoperator report:"Docker relay stopped working after pull today"Hi, some operators on the forum reported that their bridge has stopped to work after a docker pull to upgrade to the latest version.
According to this user, it seems a permission issue:
https://forum.torproject.org/t/docker-relay-stoppe...Hi, some operators on the forum reported that their bridge has stopped to work after a docker pull to upgrade to the latest version.
According to this user, it seems a permission issue:
https://forum.torproject.org/t/docker-relay-stopped-working-after-pull-today/11599/3
(cc @meskio)meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/40014Intergrating WebTunnel into Lyrebird to reduce Distributed Binary Size2024-03-26T14:17:29ZshelikhooIntergrating WebTunnel into Lyrebird to reduce Distributed Binary SizeWe are considering integrating WebTunnel into WebTunnel in order to reduce the binary size of distributed binary.
This is a request from application team: the apk size is increasing and approaching the limit of Play Store. It might be b...We are considering integrating WebTunnel into WebTunnel in order to reduce the binary size of distributed binary.
This is a request from application team: the apk size is increasing and approaching the limit of Play Store. It might be beneficial for us to move webtunnel's entry point to Lyrebird to avoid shipping one more copy of the Go Runtime library.shelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40344Snowflake works unreliably in China, 2024 Q12024-03-05T12:21:14ZshelikhooSnowflake works unreliably in China, 2024 Q1We have been receiving conflicting report about connectivity interruptions in China.
There was one report from user that highlighted this issue: https://github.com/net4people/bbs/issues/325. We was able to observe similar interruption o...We have been receiving conflicting report about connectivity interruptions in China.
There was one report from user that highlighted this issue: https://github.com/net4people/bbs/issues/325. We was able to observe similar interruption on our vantage point: https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/bridgestatus/-/blob/dc663e36d7dc81467a63f59c5d435b9f93e9e3ab/recentResult_cnnext#L89 .
The exact way connection get interrupted differ from report to report. The report from github user shows the connection can be established, but was interrupted soon. The report from vantage point show dtls connection handshake was unsuccessful, or the remote server was unreachable.
As of now, the censorship we are observing is decreasing, as some report's subsequent report show successful connection after waiting sufficiently long.https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/137A new home for bridges.tpo/info2024-03-04T17:40:00Zmeskiomeskio@torproject.orgA new home for bridges.tpo/infohttps://bridges.torproject.org/info lists all the bridge distribution mechanisms. AFAIK the only place this is being linked from is the *Bridge distribution mechanism* on the bridge page in metrics.tpo. We might have a better place for t...https://bridges.torproject.org/info lists all the bridge distribution mechanisms. AFAIK the only place this is being linked from is the *Bridge distribution mechanism* on the bridge page in metrics.tpo. We might have a better place for this page than BridgeDB (soon to be rdsys).meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/gettor-project/OnionSproutsBot/-/issues/60Some languages are not appearing in the 'Change Language' menu2024-03-04T16:49:34Zmeskiomeskio@torproject.orgSome languages are not appearing in the 'Change Language' menuThe following translations are installed but don't appear in the menu: ar, be, bg, ca, hr, cs, is, it, ja, pt_BR, roThe following translations are installed but don't appear in the menu: ar, be, bg, ca, hr, cs, is, it, ja, pt_BR, romeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/194Unable to load Moat captchas in Tor Browser2024-03-04T13:34:53Zebanamebanam@torproject.orgUnable to load Moat captchas in Tor BrowserThe request is timing out after a few moments with the message "Solve the CAPTCHA to request a bridge" but no accompanying image.
![moat-captcha-2](/uploads/1f9dc45b8eecac9d2f32561187c286dd/moat-captcha-2.png){width=50%}The request is timing out after a few moments with the message "Solve the CAPTCHA to request a bridge" but no accompanying image.
![moat-captcha-2](/uploads/1f9dc45b8eecac9d2f32561187c286dd/moat-captcha-2.png){width=50%}https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/136renew Docker-Sponsored Open Source Program2024-03-26T10:35:25Zmeskiomeskio@torproject.orgrenew Docker-Sponsored Open Source ProgramThe billing tab of our docker organization says:
> Your Docker-Sponsored Open Source status will expire on Apr 15, 2024.
> To keep your Docker-Sponsored Open Source status, look for our email containing renewal information and follow t...The billing tab of our docker organization says:
> Your Docker-Sponsored Open Source status will expire on Apr 15, 2024.
> To keep your Docker-Sponsored Open Source status, look for our email containing renewal information and follow the link within to reapply.
I got the mentioned email. I was assuming it was a phishing email as the renew link points to *docker.my.site.com*, but I guess is legit (site.com is a salesforce domain and the DKIM of the email looks valid):
```
We would like to kindly remind you that your current subscription to
the Docker-Sponsored Open Source Program is set to expire in 45 days.
We highly value your participation in the program and would like to
invite you to renew your subscription.
[1]Click Here to Renew
By renewing, you'll continue to benefit from the program's offerings
if your project still meets the [2] qualification criteria. An annual
Docker Team subscription will be allocated to the following project
organization: Docker ID - thetorproject
Here are the benefits you'll continue to enjoy:
* Autobuilds
* Free team seats
* Rate-limit removal for all users pulling public images from your
project namespace
* Sponsored OSS badge on Docker Hub and being prioritized in search
results
* Usage reporting
Before you proceed with the renewal application, we kindly request
that you take a moment to complete a [3]brief survey. Your feedback
in the survey does not impact the review of your application; it will
only be used to inform improvements to the program so that we can
better serve the open-source community.
If you have any questions or encounter any technical issues during
the renewal process, please don't hesitate to contact
support@docker.com. Our team is here to assist you and ensure a
smooth renewal experience.
Thank you!
The Docker Team
```
Anyway, I guess we should follow the email instructions and renew the subscription. Depending on how much work is that we might want to consider more seriously to move to our gitlab container registry (#121)meskiomeskio@torproject.orgmeskiomeskio@torproject.org2024-03-28https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40343Make the client automatic try and report to user what snowflake options combi...2024-03-04T10:16:38Zsnowflake_user_40314Make the client automatic try and report to user what snowflake options combination workI think current we have too many snowflake options combination(e.g. front domains, STUN servers, URLs of brokers at various CDN, and others).\
Thus, I think perhaps we should provide a way let user input the potential options as front do...I think current we have too many snowflake options combination(e.g. front domains, STUN servers, URLs of brokers at various CDN, and others).\
Thus, I think perhaps we should provide a way let user input the potential options as front domains list, STUN servers list, URLs of brokers list, and others; then automatic try report to user what options combination(or bridge line) work.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40342Shadow integration tests occasionally panic2024-03-07T22:51:40ZCecylia BocovichShadow integration tests occasionally panicA recent job failed: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/jobs/491691
This is likely runner-dependent, since no changes were made to the Shadow tests since it last passed:
```
$ shadow --log...A recent job failed: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/jobs/491691
This is likely runner-dependent, since no changes were made to the Shadow tests since it last passed:
```
$ shadow --log-level=debug --model-unblocked-syscall-latency=true snowflake-minimal.yaml > shadow.log
** Starting Shadow v3.0.0-557-g193924aa 2023-08-25--13:24:51 with GLib v2.66.8
thread 'shadow-worker' panicked at 'called `Result::unwrap()` on an `Err` value: ENOSYS', main/utility/childpid_watcher.rs:269:37
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
thread 'shadow-worker' panicked at 'called `Result::unwrap()` on an `Err` value: PoisonError { .. }', main/utility/childpid_watcher.rs:268:43
thread 'shadow-worker' panicked at 'called `Result::unwrap()` on an `Err` value: PoisonError { .. }thread '', shadow-workermain/utility/childpid_watcher.rs' panicked at ':assertion failed: self.shim_shmem_lock.borrow().is_none()268', :main/host/host.rs43:
971:9
fatal runtime error: thread local panicked on drop
thread 'shadow-worker' panicked at 'called `Result::unwrap()` on an `Err` value: PoisonError { .. }', main/utility/childpid_watcher.rs:268:43
thread 'shadow-worker' panicked at 'assertion failed: self.shim_shmem_lock.borrow().is_none()', main/host/host.rs:971:9/bin/bash: line 210: 30403 Aborted (core dumped) shadow --log-level=debug --model-unblocked-syscall-latency=true snowflake-minimal.yaml > shadow.log
```https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/135Fastly blocked domain fronting2024-03-15T17:12:53ZGusFastly blocked domain frontingIt seems Fastly has started to block domain fronting today (2024-03-01):
```
Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [0cc7e46ae66a20cf2bce81a1fb4bc83c2b27d310f7177487dfb9665316892903] in use...It seems Fastly has started to block domain fronting today (2024-03-01):
```
Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [0cc7e46ae66a20cf2bce81a1fb4bc83c2b27d310f7177487dfb9665316892903] in use with this connection.
```
@ValdikSS reported this issue 3 days ago on Net4people BBS: https://github.com/net4people/bbs/issues/309#issuecomment-1968514057
This issue is affecting:
- Moat, Connection Assist, and Snowflake.
For Snowflake, meek-azure broker seems to be working fine:
```
Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.azureedge.net/ fronts=ajax.aspnetcdn.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA https://snowflake-broker.azureedge.net/ fronts=ajax.aspnetcdn.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
```Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40341Encode AWS credentials for SQS rendezvous2024-03-12T11:26:12ZCecylia BocovichEncode AWS credentials for SQS rendezvousAmazon's automatic scraping of Github has found our public credentials shared on https://github.com/net4people/bbs/issues/335 which leads to their support team requiring us to rotate them. We may be able to avoid this by encoding our cre...Amazon's automatic scraping of Github has found our public credentials shared on https://github.com/net4people/bbs/issues/335 which leads to their support team requiring us to rotate them. We may be able to avoid this by encoding our credentials (for example with base64) and having users pass in the encoded strings.
cc @mpuhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40340Add a mechanism to retest the client NAT type2024-03-04T08:42:02ZCecylia BocovichAdd a mechanism to retest the client NAT typeWhile we do periodically retest the NAT type of proxies, a client's NAT type is only checked once on startup. The result is that if, after the initial check, a client's network conditions change, they may have difficulty connecting to pr...While we do periodically retest the NAT type of proxies, a client's NAT type is only checked once on startup. The result is that if, after the initial check, a client's network conditions change, they may have difficulty connecting to proxies in their pool. Since client usage of snowflake is much more time-sensitive than proxies, the trigger for a retest could be a threshold of a certain number of failed Datachannel attempts.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40339Avoid SQS queue reuse errors2024-03-05T17:40:02ZCecylia BocovichAvoid SQS queue reuse errorsAs described in https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40323#note_3002284, the reuse of the `sqsClientID` can cause errors on subsequent rendezvous attempts.As described in https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40323#note_3002284, the reuse of the `sqsClientID` can cause errors on subsequent rendezvous attempts.mpumpuhttps://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/41issue when downloading from https://bridges.torproject.org/bridgestrap-collector2024-03-19T13:15:07ZHiroissue when downloading from https://bridges.torproject.org/bridgestrap-collectorI have noticed an issue when collector-02 is downloading from: https://bridges.torproject.org/bridgestrap-collector
This is the error I see in java.
```
2024-03-01 09:45:13,880 WARN o.t.m.c.b.BridgestrapStatsDownloader:70 Failed downl...I have noticed an issue when collector-02 is downloading from: https://bridges.torproject.org/bridgestrap-collector
This is the error I see in java.
```
2024-03-01 09:45:13,880 WARN o.t.m.c.b.BridgestrapStatsDownloader:70 Failed downloading https://bridges.torproject.org/bridgestrap-collector.
java.io.IOException: Premature EOF
at java.base/sun.net.www.http.ChunkedInputStream.readAheadBlocking(ChunkedInputStream.java:567)
at java.base/sun.net.www.http.ChunkedInputStream.readAhead(ChunkedInputStream.java:611)
at java.base/sun.net.www.http.ChunkedInputStream.read(ChunkedInputStream.java:705)
at java.base/java.io.FilterInputStream.read(FilterInputStream.java:132)
at java.base/sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(HttpURLConnection.java:3698)
at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:244)
at java.base/java.io.BufferedInputStream.read1(BufferedInputStream.java:284)
at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:343)
at org.torproject.metrics.collector.downloader.Downloader.downloadFromHttpServer(Downloader.java:55)
at org.torproject.metrics.collector.downloader.Downloader.downloadFromHttpServer(Downloader.java:26)
at org.torproject.metrics.collector.bridgestrap.BridgestrapStatsDownloader.startProcessing(BridgestrapStatsDownloader.java:68)
at org.torproject.metrics.collector.cron.CollecTorMain.run(CollecTorMain.java:55)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
```
I made some little measurements from bash and got this:
```
time_namelookup: 0.050899s
time_connect: 0.097606s
time_appconnect: 0.159109s
time_pretransfer: 0.159138s
time_redirect: 0.000000s
time_starttransfer: 0.209088s
----------
time_total: 5.969495s
```
Seems nothing is really amiss. Any idea what is happening? Is this a web server issue or should I talk to anti-censorship instead?meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40337AWS warning about public IAM credentials for SQS rendezvous2024-03-08T12:58:24ZCecylia BocovichAWS warning about public IAM credentials for SQS rendezvousI got the following email from AWS:
```
We have become aware that the AWS Access Key AKIA5AIF4WJJXS7YHEG3 , belonging to IAM User SQS-client ,
along with the corresponding Secret Key is publicly available online at
https://github.com/n...I got the following email from AWS:
```
We have become aware that the AWS Access Key AKIA5AIF4WJJXS7YHEG3 , belonging to IAM User SQS-client ,
along with the corresponding Secret Key is publicly available online at
https://github.com/net4people/bbs/issues/335#issue-2157478835 .
Your security is important to us and this exposure of your account’s IAM credentials poses a security
risk to your AWS account, could lead to excessive charges from unauthorized activity, and violates
the AWS Customer Agreement or other agreement with us governing your use of our Services.
```
They probably have some automated tools to search for secret keys in Github repositories.
I have replied to the open support ticket to confirm that the sharing of credentials was intentional. Hopefully they will allow us to continue to use them.Cecylia BocovichCecylia Bocovich