Anti-censorship issueshttps://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues2024-02-27T11:04:51Zhttps://gitlab.torproject.org/tpo/anti-censorship/gettor-project/OnionSproutsBot/-/issues/56"The Tor Browser" -> "Tor Browser"2024-02-27T11:04:51ZRoger Dingledine"The Tor Browser" -> "Tor Browser"In working on https://gitlab.torproject.org/tpo/web/support/-/issues/341 I noticed that gettor has "the Tor Browser" in its strings too.
We should go through and get rid of the "the" when appropriate.
There is also a screenshot on the ...In working on https://gitlab.torproject.org/tpo/web/support/-/issues/341 I noticed that gettor has "the Tor Browser" in its strings too.
We should go through and get rid of the "the" when appropriate.
There is also a screenshot on the https://tb-manual.torproject.org/downloading/ page that could probably use an update once the new strings are in place.
We could also use this opportunity to update the rest of the strings as needed, but it is fine if not too. :) Thanks!https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40304Update the list of RFC 5780 compatible STUN servers2024-02-27T11:04:02ZCecylia BocovichUpdate the list of RFC 5780 compatible STUN serversWhen looking at some client logs, I noticed several of the following messages:
```
WARNING: 2023/11/02 18:40:42 Error: NAT discovery feature not supported by this server
```
It appears that several of our default STUN servers at the cli...When looking at some client logs, I noticed several of the following messages:
```
WARNING: 2023/11/02 18:40:42 Error: NAT discovery feature not supported by this server
```
It appears that several of our default STUN servers at the client no longer support this feature. This may partially explain the high number of unknown client NAT types that we see in the metrics.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40303Show number of currently open connections in hourly standalone proxy log output2023-12-13T19:18:04ZCecylia BocovichShow number of currently open connections in hourly standalone proxy log outputFrom @arma in #40302:
> as an operator I want to hear about how many connections are open right now. This number might be quite a bit higher than our current stats imply, if some small fraction of connections stay open for many epochs. O...From @arma in #40302:
> as an operator I want to hear about how many connections are open right now. This number might be quite a bit higher than our current stats imply, if some small fraction of connections stay open for many epochs. Or it might not be, I'm not sure.https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/178Deploy whatsapp2024-03-27T00:03:34Zmeskiomeskio@torproject.orgDeploy whatsappWe'll need a phone number for it and an actual smartphone on running all the time. And a user in rdsys-fronted-01 to deploy it.We'll need a phone number for it and an actual smartphone on running all the time. And a user in rdsys-fronted-01 to deploy it.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40300snowflake client is lazy for exact 24 hours2024-02-27T13:22:50Ztoralfsnowflake client is lazy for exact 24 hoursHappened for 2 clients within last few days with latest git-HEAD : The client is up and running and has network connections to _snowflake-01_, but it is doing nothing - and is working in a normal way without any intervention after 1 day....Happened for 2 clients within last few days with latest git-HEAD : The client is up and running and has network connections to _snowflake-01_, but it is doing nothing - and is working in a normal way without any intervention after 1 day. Here're the Grafana metrics:
![image](/uploads/5c2ce560adc435eda8433179e3410f02/image.png)https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/176run some experiments with CAPTCHAs2023-12-18T18:28:37Zmeskiomeskio@torproject.orgrun some experiments with CAPTCHAsAs we are planning to phase out CAPTCHAs (#173), can we run some experiments and see if they can be still effective?
We could either use the existing moat CAPTCHA API as we have some months until clients stop using it, or we could do it...As we are planning to phase out CAPTCHAs (#173), can we run some experiments and see if they can be still effective?
We could either use the existing moat CAPTCHA API as we have some months until clients stop using it, or we could do it in the HTTPS distributor as soon as we have migrated it to rdsys (#2).
There was a thread in the mailing list some years ago about this:
https://lists.torproject.org/pipermail/tor-dev/2021-July/014604.html
We should explore the space and see what better options for CAPTCHAs exist now a days.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40289prometheus metrics: inbound traffic is a magnitude higher than outbound ?2023-10-20T15:24:55Ztoralfprometheus metrics: inbound traffic is a magnitude higher than outbound ?Me wonders about these numbers :
```
~/devel/tor-relays $ hcloud server list --output columns=name | grep -v NAME | sort | while read i; do echo; echo $i; ssh -n $i 'curl -s localhost:9999/internal/metrics | grep "^tor.*traffic"'; done
...Me wonders about these numbers :
```
~/devel/tor-relays $ hcloud server list --output columns=name | grep -v NAME | sort | while read i; do echo; echo $i; ssh -n $i 'curl -s localhost:9999/internal/metrics | grep "^tor.*traffic"'; done
buddelflink
tor_snowflake_proxy_traffic_inbound_bytes_total 1.5137087637e+10
tor_snowflake_proxy_traffic_outbound_bytes_total 1.842859221e+09
drehrumbum
tor_snowflake_proxy_traffic_inbound_bytes_total 2.616226932e+10
tor_snowflake_proxy_traffic_outbound_bytes_total 2.428826961e+09
elster2
tor_snowflake_proxy_traffic_inbound_bytes_total 2.4824487988e+10
tor_snowflake_proxy_traffic_outbound_bytes_total 2.756696966e+09
hoppel2
tor_snowflake_proxy_traffic_inbound_bytes_total 1.8561349297e+10
tor_snowflake_proxy_traffic_outbound_bytes_total 1.831598894e+09
igel
tor_snowflake_proxy_traffic_inbound_bytes_total 2.203970161e+10
tor_snowflake_proxy_traffic_outbound_bytes_total 2.038998589e+09
moppi3
tor_snowflake_proxy_traffic_inbound_bytes_total 2.1562580774e+10
tor_snowflake_proxy_traffic_outbound_bytes_total 2.572686488e+09
nickeneck
tor_snowflake_proxy_traffic_inbound_bytes_total 1.7488402935e+10
tor_snowflake_proxy_traffic_outbound_bytes_total 1.840865957e+09
pittiplatsch
tor_snowflake_proxy_traffic_inbound_bytes_total 2.0007601682e+10
tor_snowflake_proxy_traffic_outbound_bytes_total 1.980735179e+09
putzi
tor_snowflake_proxy_traffic_inbound_bytes_total 2.2191193167e+10
tor_snowflake_proxy_traffic_outbound_bytes_total 2.005800589e+09
schwarzrock
tor_snowflake_proxy_traffic_inbound_bytes_total 2.2477079962e+10
tor_snowflake_proxy_traffic_outbound_bytes_total 2.340506538e+09
```https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/172bridges.torproject.org's alternative ways to get bridges doesn't mention tele...2024-03-04T15:32:55ZRoger Dingledinebridges.torproject.org's alternative ways to get bridges doesn't mention telegramOn https://bridges.torproject.org/options/ we have "I need an alternative way of getting bridges!" which mentions email, but it doesn't mention any of our newer mechanisms, like telegram, circumvention settings, etc.
We should either:
...On https://bridges.torproject.org/options/ we have "I need an alternative way of getting bridges!" which mentions email, but it doesn't mention any of our newer mechanisms, like telegram, circumvention settings, etc.
We should either:
* flesh out this page to properly list the various ways you can get bridges
or
* identify that there is a better page that already does this up to date list, and change the text here to simply point there.https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/28Set daily max bucket distribution and adjust other settings for production2024-02-15T16:52:09ZonyinyangSet daily max bucket distribution and adjust other settings for productionWe likely need to decide on an upper bound of buckets that can be distributed each day so that we don't run out of open invitation buckets. We currently have buckets being distributed to k users before a new bucket is used but if buckets...We likely need to decide on an upper bound of buckets that can be distributed each day so that we don't run out of open invitation buckets. We currently have buckets being distributed to k users before a new bucket is used but if buckets are continuously requested, we will eventually run out of buckets each day. These variables should be part of a configuration file for Lox.Lox Ready for Open Testing Callonyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40284Publish container in our gitlab registry2023-10-01T15:24:43Zmicahmicah@torproject.orgPublish container in our gitlab registryNow that Tor [has enabled container registry support in Gitlab](https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/89), it is possible to build and publish a container that is hosted in the container registry [here in the snowflake pr...Now that Tor [has enabled container registry support in Gitlab](https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/89), it is possible to build and publish a container that is hosted in the container registry [here in the snowflake project](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/container_registry).
It would be ideal if we could host our own container, and point people to use that. We don't have to stop using the 3rd party registry.
This should be done automatically in the CI.https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/170Set up a staging server2023-12-07T17:35:38Zmeskiomeskio@torproject.orgSet up a staging serverTo be able to experiment with things we want a staging server of rdsys.
* [x] get a new VM for it (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41297)
* [x] generate fake descriptors (#171)
* [ ] test accounts for gettor
* [ ] ...To be able to experiment with things we want a staging server of rdsys.
* [x] get a new VM for it (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41297)
* [x] generate fake descriptors (#171)
* [ ] test accounts for gettor
* [ ] github
* [ ] gitlab
* [ ] archive.org
* [ ] google drive
* [ ] test account for telegram bot
* [x] write an script to automatize the cleanup and deploy
* [x] document the setup in the wikimeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/130HTTP based PT protocol2023-10-09T16:19:25Zmeskiomeskio@torproject.orgHTTP based PT protocolSOCKS has many problems:
* We have to do hacks to do things like passing arguments, and they come with many problems ( #104)
* There are not many SOCKS server implementations and many PTs end up needing to implement their own ([goptlib]...SOCKS has many problems:
* We have to do hacks to do things like passing arguments, and they come with many problems ( #104)
* There are not many SOCKS server implementations and many PTs end up needing to implement their own ([goptlib](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib/-/blob/v1.4.0/socks.go) and [proteus](https://github.com/unblockable/proteus/tree/99751539b78782d4477411786e4df03b68213e5d/src/net/proto/socks) have done it)
We could use [HTTP CONNECT](https://www.rfc-editor.org/rfc/rfc9110#CONNECT) or [MASQUE](https://datatracker.ietf.org/wg/masque/about/) as a base that will give use the option of having headers to encode arguments and hopefully they are easy to implement based on standard HTTP/QUIC libraries.https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/24Implement Metrics Reporting for Lox2023-10-31T21:19:34ZonyinyangImplement Metrics Reporting for LoxFrom the [Lox Roadmap](https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/wikis/Lox-Roadmap) we want to include strategic reporting of metrics in our Lox deployment so that we are able to determine the effectiveness of Lox. The m...From the [Lox Roadmap](https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/wikis/Lox-Roadmap) we want to include strategic reporting of metrics in our Lox deployment so that we are able to determine the effectiveness of Lox. The minimum metrics to measure are the following:
- [x] Prometheus metrics for counts of how often each library function is called from distributor
- [ ] How many bridges are in each rank
- [ ] Blockages from deployed bridgestrap instance
- [x] Remaining capacity (or if/when we run out of bridges to hand out to open inv)
Discussion, development of these and additional metrics to include in the initial deployment will be tracked in this issue.onyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/20Figure out how to serve the encrypted bridge table to users2023-08-01T17:07:20ZCecylia BocovichFigure out how to serve the encrypted bridge table to usersLox credentials only contain an index into an encrypted table of bridge lines. Users must download the entire encrypted bridge table periodically in order to find and decrypt their bridges to preserve their anonymity and prevent the Lox ...Lox credentials only contain an index into an encrypted table of bridge lines. Users must download the entire encrypted bridge table periodically in order to find and decrypt their bridges to preserve their anonymity and prevent the Lox distributor from learning which users were assigned which bridges.
This can be a rather large download, and for obvious reasons must be done automatically and in a censorship-resistant way.https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/logcollector/-/issues/5Add Conjoure Pluggable Transport Support2023-08-01T17:05:38ZshelikhooAdd Conjoure Pluggable Transport SupportConjure is a new pluggable transport based on refraction routing.
This issue track the support for conjure in WebTunnel.
(See also: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/33)Conjure is a new pluggable transport based on refraction routing.
This issue track the support for conjure in WebTunnel.
(See also: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/33)shelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/18Change lox-library functionality to replenish open-invitation bucket pool fro...2023-08-01T17:07:14ZonyinyangChange lox-library functionality to replenish open-invitation bucket pool from hot-spare poolHot spares could replenish open-invitation buckets but currently are only reallocated to be migrated to after a blocking event.
Perhaps the current functionality is the desired functionality, but if we're more likely to have open-invitat...Hot spares could replenish open-invitation buckets but currently are only reallocated to be migrated to after a blocking event.
Perhaps the current functionality is the desired functionality, but if we're more likely to have open-invitation bridges blocked than user migrate to trusted buckets when their bridges become blocked, this might be something to consider.
At the very least it could satisfy a condition in the case that there are no remaining open-invitation buckets. We should probably also flag that scenario so we can do something to get more bridges into the pool (hopefully).https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/33Add Conjure to logcollector to test censorship resistance2024-02-14T17:00:13ZCecylia BocovichAdd Conjure to logcollector to test censorship resistanceWe're getting reports that conjure doesn't work in some places https://forum.torproject.net/t/call-for-testers-help-the-tor-project-to-test-conjure-on-tor-browser-alpha/7815/14
Let's run some tests from vantage points to figure out why ...We're getting reports that conjure doesn't work in some places https://forum.torproject.net/t/call-for-testers-help-the-tor-project-to-test-conjure-on-tor-browser-alpha/7815/14
Let's run some tests from vantage points to figure out why so we can prioritize improvements.https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/165Write an spec of the assignments.log file format2023-06-12T08:47:21Zmeskiomeskio@torproject.orgWrite an spec of the assignments.log file formathttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/13Set up domain-fronted API endpoints for Lox2024-02-27T19:04:16ZPhilipp Winterphw@torproject.orgSet up domain-fronted API endpoints for LoxSimilar to moat, we need to set up domain-fronted API endpoints so that Tor Browser can talk to Lox. This should be as simple as using our existing portal to configure new endpoints.Similar to moat, we need to set up domain-fronted API endpoints so that Tor Browser can talk to Lox. This should be as simple as using our existing portal to configure new endpoints.https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/12Go through a closed trial run of Lox2023-06-07T13:58:23ZPhilipp Winterphw@torproject.orgGo through a closed trial run of LoxBefore we unleash a prototype of Salmon and risk disappointing everybody, we should go through closed trial runs. Once we have an MVP, we should create accounts for people we know and encourage them to use the system and invite others. Q...Before we unleash a prototype of Salmon and risk disappointing everybody, we should go through closed trial runs. Once we have an MVP, we should create accounts for people we know and encourage them to use the system and invite others. Questions that we should answer:
* Do users have the right mental model of what's going on?
* What are the UX hurdles?2024-02-29