Anti-censorship issueshttps://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues2020-06-27T13:40:40Zhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/25123Snowflake not work2020-06-27T13:40:40ZcypherpunksSnowflake not workhttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/3797Clean BridgeDB logs from sensitive data2022-07-09T04:22:44ZChristian FrommeClean BridgeDB logs from sensitive dataIn an ideal world, we wouldn't keep sensitive user data in the BridgeDB logs. Maybe we can come up with an idea on how to keep the data of statistical value and still not keep anything sensitive.
For instance, GetTor logs hashed email a...In an ideal world, we wouldn't keep sensitive user data in the BridgeDB logs. Maybe we can come up with an idea on how to keep the data of statistical value and still not keep anything sensitive.
For instance, GetTor logs hashed email addresses of users. Maybe this is something we could do for BridgeDB, too.Christian FrommeChristian Frommehttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/25137Tor blocked in UAE2020-06-27T13:43:40ZTracTor blocked in UAEOn 1 Jan, I was unable to connect to a site I often use with Tor. It got 75% loaded and stopped. After 2 hours, I figured out the UAE had started blocking Tor, and switched to obfs4. This worked until today at midnight. So I switched to ...On 1 Jan, I was unable to connect to a site I often use with Tor. It got 75% loaded and stopped. After 2 hours, I figured out the UAE had started blocking Tor, and switched to obfs4. This worked until today at midnight. So I switched to meek, which worked. I connected to one yahoo mail account, finished, closed Tor before switching to my other yahoo mail account (I don't want yahoo to know they're both me). Tor only loaded 25%. It downloaded the network consensus, but could not load the network consensus. I closed Tor and tried meek-Amazon and meek-azure, but always, Tor could not load the network consensus. So I switched to Openvpn, and was able to use Tor in normal mode, without a bridge. (Of course, I had to reset my computer clock to match the VPN address). Does anyone know how the UAE is blocking Tor so that it cannot load the network status, and what I can do about it (in case they figure out how to block Openvpn).
**Trac**:
**Username**: mwolfeDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek/-/issues/13182Meek's TLS client hello should use system time2020-06-27T13:44:18ZcypherpunksMeek's TLS client hello should use system timeSince Meek's purpose is to hide and blend in like a typical Firefox user browsing Google.com, the time sent in the TLS client hello handshake should use the user's local or system time, not the common time as in general tor usage.
This ...Since Meek's purpose is to hide and blend in like a typical Firefox user browsing Google.com, the time sent in the TLS client hello handshake should use the user's local or system time, not the common time as in general tor usage.
This will lead to meek page requests look like typical Google.com visit, to ISP, or anyone between user and ISP, or between ISP and Google App.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/8416Programmatize PT bundle building2020-06-27T13:44:05ZDavid Fifielddcf@torproject.orgProgrammatize PT bundle buildingWe have good instructions for taking a TBB and turning it into a PT bundle:
https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/doc/bundle-gnulinux.txt
https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/doc/bundle-macosx.txt
ht...We have good instructions for taking a TBB and turning it into a PT bundle:
https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/doc/bundle-gnulinux.txt
https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/doc/bundle-macosx.txt
https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/doc/bundle-windows.txt
But the instructions are manual and tedious to follow. They should rather be shell scripts.
The scripts can assume all the necessary components are already in place in some well-known locations. The `torrc` fragments need to be broken out into separate files.
The PT transport bundle is wider than flash proxy, so the build scripts don't really belong in the flash proxy repository. But they can go there for now.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/25272Research2020-06-27T13:40:40ZTracResearch
**Trac**:
**Username**: justicefortheopressed
**Trac**:
**Username**: justicefortheopressedhttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/4026let us choose the bridge pool assignment for a set of bridges by fingerprint2020-06-27T13:43:32ZRoger Dingledinelet us choose the bridge pool assignment for a set of bridges by fingerprintWe should have a file or config option or something that lets us reallocate bridges to a specified assignment pool.
This idea came up after the recent blocking in Iran, where Sina wanted to start up a bunch of short-term bridges, and it...We should have a file or config option or something that lets us reallocate bridges to a specified assignment pool.
This idea came up after the recent blocking in Iran, where Sina wanted to start up a bunch of short-term bridges, and it occurred to me that we would want to make optimal use of them.Isis LovecruftIsis Lovecrufthttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/25966Report on Tor in the UAE (and question about Snowflake)2021-03-10T14:18:04ZTracReport on Tor in the UAE (and question about Snowflake)Early in '17, Tor stopped working. Turned out, they'd turned on blocking, but obfs4 worked. Then obfs4 stopped, and someone suggested I try Snowflake, which worked back then. But Snowflake stopped working one day, and I learned it was al...Early in '17, Tor stopped working. Turned out, they'd turned on blocking, but obfs4 worked. Then obfs4 stopped, and someone suggested I try Snowflake, which worked back then. But Snowflake stopped working one day, and I learned it was alpha, and not well supported, so I switched to meek. Now I can't get Snowflake to work at all (Tor doesn't even load), but obfs4 is working again, and seems to work much better than meek.
**Trac**:
**Username**: mwolfeDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek/-/issues/13189Set up an Azure backend2020-06-27T13:44:18ZDavid Fifielddcf@torproject.orgSet up an Azure backendI got a 12-month research pass for [[doc/meek#MicrosoftAzure]].I got a 12-month research pass for [[doc/meek#MicrosoftAzure]].David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/8644Pluggable transports bundles need an independent version number2020-06-27T13:44:05ZDavid Fifielddcf@torproject.orgPluggable transports bundles need an independent version numberThe PT build instructions say to increment the alpha number whenever you make a release using the same upstream plain TBB. This leads to the situation where our second batch of bundles (legacy/trac#8549) built from plain 2.4.11-alpha-1 w...The PT build instructions say to increment the alpha number whenever you make a release using the same upstream plain TBB. This leads to the situation where our second batch of bundles (legacy/trac#8549) built from plain 2.4.11-alpha-1 where called 2.4.11-alpha-2. In the meantime, another plain TBB was released, also called 2.4.11-alpha-2.
I propose we append another "Release" number in the same way that RPM packages do:
https://fedoraproject.org/wiki/Packaging:NamingGuidelines#Release_Tag
In this scheme, our first bundles built from 2.4.11-alpha-1 would be called 2.4.11-alpha-1-1, and the next bundles built from 2.4.11-alpha-1 would be 2.4.11-alpha-1-2.
I wonder if we should make it a little more clear that the "Release" number belongs to PT bundles using numbers like 2.4.11-alpha-1-pt1 and 2.4.11-alpha-1-pt2.George KadianakisGeorge Kadianakishttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/25344proxy-go needs to relax between polls2020-06-27T13:40:40ZDavid Fifielddcf@torproject.orgproxy-go needs to relax between pollsThe JavaScript proxy has `DEFAULT_BROKER_POLL_INTERVAL`, but there's nothing like that in proxy-go. The standalone broker is getting 2 to 5 /proxy requests per second from the 3 round-the-clock proxy-go instances.The JavaScript proxy has `DEFAULT_BROKER_POLL_INTERVAL`, but there's nothing like that in proxy-go. The standalone broker is getting 2 to 5 /proxy requests per second from the 3 round-the-clock proxy-go instances.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/8645Pluggable transports bundles warn of need to upgrade when no new version is y...2020-06-27T13:44:05ZDavid Fifielddcf@torproject.orgPluggable transports bundles warn of need to upgrade when no new version is yet availableSay there is a TBB and corresponding PT bundle both with version number X.Y.Z-alpha-1. https://check.torproject.org/RecommendedTBBVersions will say:
```
[
/* ... stable bundles ... */
"X.Y.Z-alpha-1-MacOS",
"X.Y.Z-alpha-1-Windows",
"X.Y....Say there is a TBB and corresponding PT bundle both with version number X.Y.Z-alpha-1. https://check.torproject.org/RecommendedTBBVersions will say:
```
[
/* ... stable bundles ... */
"X.Y.Z-alpha-1-MacOS",
"X.Y.Z-alpha-1-Windows",
"X.Y.Z-alpha-1-Linux"
]
```
When the X.Y.Z-alpha-2 TBB is released, the file changes to
```
[
/* ... stable bundles ... */
"X.Y.Z-alpha-2-MacOS",
"X.Y.Z-alpha-2-Windows",
"X.Y.Z-alpha-2-Linux"
]
```
If we haven't built new corresponding PT bundles yet, those will still have the old version number X.Y.Z-alpha-1, and users will get a blinking Tor button telling them to upgrade. However no upgrade exists for them yet.George KadianakisGeorge Kadianakishttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/25345Adapt broker to use ACME HTTP-01 challenge for automatic certificates2024-01-08T00:03:43ZDavid Fifielddcf@torproject.orgAdapt broker to use ACME HTTP-01 challenge for automatic certificatesSee tpo/anti-censorship/pluggable-transports/meek#24928 for the equivalent ticket for meek. The TLS-SNI-01 challenge that we were using doesn't work anymore. Because of this, the standalone broker has been broken since 2018-01-18 :/See tpo/anti-censorship/pluggable-transports/meek#24928 for the equivalent ticket for meek. The TLS-SNI-01 challenge that we were using doesn't work anymore. Because of this, the standalone broker has been broken since 2018-01-18 :/David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/4056bridgedb tracebacks2022-07-09T04:22:44ZRoger Dingledinebridgedb tracebacks```
Traceback (most recent call last):
File "/usr/lib/python2.6/runpy.py", line 122, in _run_module_as_main
"__main__", fname, loader, pkg_name)
File "/usr/lib/python2.6/runpy.py", line 34, in _run_code
exec code in run_globa...```
Traceback (most recent call last):
File "/usr/lib/python2.6/runpy.py", line 122, in _run_module_as_main
"__main__", fname, loader, pkg_name)
File "/usr/lib/python2.6/runpy.py", line 34, in _run_code
exec code in run_globals
File "/home/bridges/lib/python2.6/site-packages/TorBridgeDB.py", line 4, in <module>
bridgedb.Main.run()
File "/home/bridges/lib/python2.6/site-packages/bridgedb/Main.py", line 381, in run
startup(configuration)
File "/home/bridges/lib/python2.6/site-packages/bridgedb/Main.py", line 339, in startup
Server.addWebServer(cfg, ipDistributor, webSchedule)
File "/home/bridges/lib/python2.6/site-packages/bridgedb/Server.py", line 268, in addWebServer
useRecaptcha=cfg.RECAPTCHA_ENABLED,
AttributeError: Conf instance has no attribute 'RECAPTCHA_ENABLED'
```
running 054560d33d74e7 with no new lines added to my config file. The fix presumably is to check if the config line is present before trying to access it. (Once I added the config line I didn't get the traceback.)
```
Traceback (most recent call last):
File "/usr/lib/python2.6/dist-packages/twisted/internet/base.py", line 1165, in run
self.mainLoop()
File "/usr/lib/python2.6/dist-packages/twisted/internet/base.py", line 1174, in mainLoop
self.runUntilCurrent()
File "/usr/lib/python2.6/dist-packages/twisted/internet/base.py", line 796, in runUntilCurrent
call.func(*call.args, **call.kw)
File "/usr/lib/python2.6/dist-packages/twisted/internet/task.py", line 194, in __call__
d = defer.maybeDeferred(self.f, *self.a, **self.kw)
--- <exception caught here> ---
File "/usr/lib/python2.6/dist-packages/twisted/internet/defer.py", line 125, in maybeDeferred
result = f(*args, **kw)
File "/home/bridges/lib/python2.6/site-packages/bridgedb/Dist.py", line 299, in cleanDatabase
db.cleanWarnedBridges(time.time()-MAX_EMAIL_RATE)
exceptions.AttributeError: Database instance has no attribute 'cleanWarnedBridges'
```
Looks like we meant to say cleanWarnedEmails?Aaron GibsonAaron Gibsonhttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/26083Bridge detector. Fake?2021-07-09T18:29:19ZcypherpunksBridge detector. Fake?Some code for detection found. Is it real?Some code for detection found. Is it real?cypherpunkscypherpunkshttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek/-/issues/13306meek should use the user's country Google site2020-06-27T13:44:18ZTracmeek should use the user's country Google siteAccording to the documentation, meek-google uses google.com as the front-end site.
However, google.com would redirect the browser to a local site - e.g. google.co.uk, google.ae, google.com.sa etc.
**Trac**:
**Username**: john1deerAccording to the documentation, meek-google uses google.com as the front-end site.
However, google.com would redirect the browser to a local site - e.g. google.co.uk, google.ae, google.com.sa etc.
**Trac**:
**Username**: john1deerDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/25346Adapt snowflake-server to use ACME HTTP-01 challenge for automatic certificates2024-01-08T00:03:43ZDavid Fifielddcf@torproject.orgAdapt snowflake-server to use ACME HTTP-01 challenge for automatic certificatesAs with the broker (tpo/anti-censorship/pluggable-transports/snowflake#25345), we need to make the Snowflake server transport plugin use the HTTP-01 challenge.As with the broker (tpo/anti-censorship/pluggable-transports/snowflake#25345), we need to make the Snowflake server transport plugin use the HTTP-01 challenge.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/8676Research an HTTP pluggable transport that actually uses a browser and a web s...2021-11-08T19:54:05ZGeorge KadianakisResearch an HTTP pluggable transport that actually uses a browser and a web serverResearch like www.cs.utexas.edu/~shmat/shmat_oak13parrot.pdf makes it even more clear that it's worth exploring the possibility of actually using the software you are trying to emulate. That is, if you are trying to look like Skype, you ...Research like www.cs.utexas.edu/~shmat/shmat_oak13parrot.pdf makes it even more clear that it's worth exploring the possibility of actually using the software you are trying to emulate. That is, if you are trying to look like Skype, you better use the Skype binary. If you want to look like HTTP, you better use a browser on the client-side and a web server on the server-side.
We should look whether we can use stuff like Webkit to write a client-side transport, and a web server like nginx or apache to write its server-side.https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/4087bridgedb translation text for blocked bridges is wrong2022-07-09T04:22:45ZAaron Gibsonbridgedb translation text for blocked bridges is wrongthe wrong string is selected for bridges that 'might be blocked'the wrong string is selected for bridges that 'might be blocked'https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/26087Growth in bridge users in Iran circa 2018-05-012020-12-23T15:20:51ZcypherpunksGrowth in bridge users in Iran circa 2018-05-01https://metrics.torproject.org/userstats-bridge-country.html?graph=userstats-bridge-country&country=ir
Seems worth investigating as there as well recent reports of Tor not working in Iran, e.g.: https://blog.torproject.org/comment/27526...https://metrics.torproject.org/userstats-bridge-country.html?graph=userstats-bridge-country&country=ir
Seems worth investigating as there as well recent reports of Tor not working in Iran, e.g.: https://blog.torproject.org/comment/275268#comment-275268David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.org