Anti-censorship issueshttps://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues2020-06-13T18:35:56Zhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/40000Gitlab Migration Milestone2020-06-13T18:35:56ZTracGitlab Migration MilestoneWe're creating this ticket as a part of the Trac-to-Gitlab migration, so that each project's numbering for new tickets will start with 40001.We're creating this ticket as a part of the Trac-to-Gitlab migration, so that each project's numbering for new tickets will start with 40001.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/34160Replace obs4 with a better pluggable transport2020-06-27T13:43:49ZcypherpunksReplace obs4 with a better pluggable transportThere have been papers attacking obfs4 and similar pluggable transports such as https://ieeexplore.ieee.org/document/8855280.
The obfs4 maintainer (Yawning) also has said that the protocol is outdated and unmaintained which is not a go...There have been papers attacking obfs4 and similar pluggable transports such as https://ieeexplore.ieee.org/document/8855280.
The obfs4 maintainer (Yawning) also has said that the protocol is outdated and unmaintained which is not a good thing for something that is the primary pluggable transport for the Tor Browser.
The Tor Project should initiate an effort to create a better, secure, more resistant and more up to date pluggable transport to replace obfs4.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/33895Mirror personal git repos used for Pluggable Transports2021-07-29T14:59:17ZMatthew FinkelMirror personal git repos used for Pluggable TransportsSome of the projects our software depends on is hosted in personal repos which are scattered across the web. We should probably mirror some of these on either git.tpo or gitlab.tpo (whichever makes more sense, but I'm leaning toward git....Some of the projects our software depends on is hosted in personal repos which are scattered across the web. We should probably mirror some of these on either git.tpo or gitlab.tpo (whichever makes more sense, but I'm leaning toward git.tpo right now) in case they disappear in the future.
I'm not sure how we should define the policy for when we self-host verses when we use the official repo. For example, the `gocompress` project for Tor Browser is cloned from a personal github repo. Is that worth mirroring?https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/32947Disguising Data With Inversible GAN2021-07-29T14:55:45ZTracDisguising Data With Inversible GANThere is a method to disguise data not by disguising them as HTTPS traffic which is unreadable, but simple HTTP as well as other protocols for diversity through AI. AI is mostly used on the censor's side as to distinguish tor traffic fro...There is a method to disguise data not by disguising them as HTTPS traffic which is unreadable, but simple HTTP as well as other protocols for diversity through AI. AI is mostly used on the censor's side as to distinguish tor traffic from normal traffic, on the other hand, a GAN is made just for that. A GAN fools not just the human eye, but rather an AI as well. This means if one could invert the generator to map the outputted image into the source image, they could "encrypt" the data into the "image", or rather something like a HTML file, and "decrypt" it with the inverse. Here is a prototype for the inversion https://github.com/Aphrodites1995/inversegan.
**Trac**:
**Username**: Aphrodites1995https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/32872New https-proxy implementation for shared hosting2021-07-29T14:59:19ZTracNew https-proxy implementation for shared hostingI was reading https protocol and noticed that by moving the request url(final destination) from "Request url" to something else it would allow us to use shared hostings as proxy servers. I had a little implementation of this and worked f...I was reading https protocol and noticed that by moving the request url(final destination) from "Request url" to something else it would allow us to use shared hostings as proxy servers. I had a little implementation of this and worked fine as a concept though I was missing detailed implementations. Please consider developing this protocol as it would help searching for relay network of tor project also helps people to create cheaper proxy servers and it would be harder to stop them as they have shared IP address. I live in such countries so please don't share my identity
**Trac**:
**Username**: SomeoneElsehttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/32056`panic: keyword "PROXY-ERROR %s\n" contains forbidden bytes` when using snowf...2020-06-27T13:43:49ZTrac`panic: keyword "PROXY-ERROR %s\n" contains forbidden bytes` when using snowflakeTBB log:
```
10/14/19, 10:22:02.757 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.815 [NOTICE] DisableNetwork is set. Tor will not...TBB log:
```
10/14/19, 10:22:02.757 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.815 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.816 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.816 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.816 [NOTICE] Opening Socks listener on 127.0.0.1:9150
10/14/19, 10:22:10.816 [NOTICE] Opened Socks listener on 127.0.0.1:9150
10/14/19, 10:22:10.948 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: panic: keyword "PROXY-ERROR %s\n" contains forbidden bytes
10/14/19, 10:22:10.949 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported:
10/14/19, 10:22:10.949 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: goroutine 1 [running]:
10/14/19, 10:22:10.949 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: git.torproject.org/pluggable-transports/goptlib%2egit.formatline(0x83e73d3, 0xf, 0xa0d7f4c, 0x1, 0x1, 0x1, 0x1)
10/14/19, 10:22:10.949 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/goptlib.git/pt.go:250 +0x267
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: git.torproject.org/pluggable-transports/goptlib%2egit.line(0x83e73d3, 0xf, 0xa0d7f4c, 0x1, 0x1)
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/goptlib.git/pt.go:266 +0x45
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: git.torproject.org/pluggable-transports/goptlib%2egit.doError(...)
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/goptlib.git/pt.go:271
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: git.torproject.org/pluggable-transports/goptlib%2egit.ProxyError(...)
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/goptlib.git/pt.go:302
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: main.main()
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/build/snowflake-49a899be452a/client/snowflake.go:158 +0xd81
10/14/19, 10:22:10.951 [WARN] Pluggable Transport process terminated with status code 512
```
TBB version:tor-browser-linux32-9.0a7_en-US.tar.xz
**Trac**:
**Username**: omlnnucihttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/31751About more powerful pluggable transport2021-07-29T14:57:40ZTracAbout more powerful pluggable transportI found a more powerful proxy protocol.
It's "shadowsocks".
https://github.com/shadowsocks
This protocol was created to avoid GFW.
If you can use shadowsocks for pluggable transport, I think we can use Tor more easily and faster in China...I found a more powerful proxy protocol.
It's "shadowsocks".
https://github.com/shadowsocks
This protocol was created to avoid GFW.
If you can use shadowsocks for pluggable transport, I think we can use Tor more easily and faster in China.
p.s. I'm Japanese so I understand English a little.
Since there is a possibility that there is a mistake in the translation, I will post the original.
日本語の原文
私はより強力なプロキシープロトコルを見つけました。
それは「shadowsocks」です。
https://github.com/shadowsocks
このプロトコルはGFWを回避するために作られました。
私はshadowsocksをpluggable transportとして利用できれば、中国でより簡単かつ高速にTorを利用できるようになると思います。
p.s. 私は日本人なので少ししか英語を理解出来ません。
翻訳に間違いがある可能性があるため、原文を載せておきます。
**Trac**:
**Username**: Anon8101919https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/30472Implement a mechanism for PT reachability testing2020-06-27T13:43:49ZPhilipp Winterphw@torproject.orgImplement a mechanism for PT reachability testingNon-vanilla bridges currently have no way to automatically test their reachability. Vanilla bridges [self-test the reachability of their ORPort](https://gitweb.torproject.org/torspec.git/tree/path-spec.txt#n193) by creating a circuit tha...Non-vanilla bridges currently have no way to automatically test their reachability. Vanilla bridges [self-test the reachability of their ORPort](https://gitweb.torproject.org/torspec.git/tree/path-spec.txt#n193) by creating a circuit that includes themselves, but we cannot do this for, say, obfs4. In practice, this is problematic because obfs4 operators won't know if their bridge is unreachable; for example due to NAT. In fact, BridgeDB is distributing obfs4 bridges that aren't actually reachable.
We need to build a mechanism that allows non-vanilla bridges to test their reachability. Ideally, something would create a circuit over the bridge while speaking its respective transport protocol but even a simple TCP or UDP-based reachability test would already go a long way.
Looking at the discussion [over in #30331](https://trac.torproject.org/projects/tor/ticket/30331#comment:2), tor seems to be the right component to trigger the reachability test. In its log files, it can then yell at the operator if the test failed. The question is: how should we design the mechanism that implements the reachability test?
One solution would be a simple HTTP API that takes as input an address, port, a transport type, and optional parameters, and then tells you if the given bridge is reachable, e.g.: the URL https://pt-reachable.torproject.org/obfs4/1.2.3.4/9002 may respond with something along the lines of `obfs4_reachable: true`. Ideally, if the reachability test fails, we should provide details, to help the operator figure out what went wrong.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/30442PT spec: should 255 bytes be sent in the RFC 1929 UNAME field?2021-07-29T15:00:10ZMark SmithPT spec: should 255 bytes be sent in the RFC 1929 UNAME field?Section 3.5 of the PT spec says:
If the encoded argument list is less than 255 bytes in
length, the "PLEN" field must be set to "1" and the "PASSWD"
field must contain a single NUL character.
When Kathy Brade and I implemented legacy...Section 3.5 of the PT spec says:
If the encoded argument list is less than 255 bytes in
length, the "PLEN" field must be set to "1" and the "PASSWD"
field must contain a single NUL character.
When Kathy Brade and I implemented legacy/trac#29627, we viewed the above as a spec bug and allowed up to 255 bytes to be sent in the RFC 1929 UNAME field. Was that the wrong thing to do? Or should the PT spec be changed to read "If the encoded argument list is less than or equal to 255 bytes in length..."?https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/30331obfs4_bridgeline.txt file should contain complete bridge line2022-03-15T14:35:31ZCecylia Bocovichobfs4_bridgeline.txt file should contain complete bridge lineWhen setting up an obfs4 bridge, the user has to perform extra steps to fill in the missing values to construct the full bridge line from `/var/lib/tor/pt_state/obfs4_bridgeline.txt`.
Specifically in:
`Bridge obfs4 <IP ADDRESS>:<PORT> <...When setting up an obfs4 bridge, the user has to perform extra steps to fill in the missing values to construct the full bridge line from `/var/lib/tor/pt_state/obfs4_bridgeline.txt`.
Specifically in:
`Bridge obfs4 <IP ADDRESS>:<PORT> <FINGERPRINT> cert=<CERTIFICATE> iat-mode=0`
only `cert` is populated automaticallyhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/30289Create a TapDance PT for Tor2021-07-29T15:01:26ZCecylia BocovichCreate a TapDance PT for TorAfter talking with some of the TapDance researchers and developers at a decoy routing meeting, there is some interest both on the TapDance and Tor side for creating a TapDance pluggable transport for Tor.After talking with some of the TapDance researchers and developers at a decoy routing meeting, there is some interest both on the TapDance and Tor side for creating a TapDance pluggable transport for Tor.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/30056Bridges doesn't work with ExcludeNodes2021-07-29T15:02:51ZTracBridges doesn't work with ExcludeNodesBridges doesn't work with ExcludeNodes. I used all bridges that aren't in countries mentioned in Exclude, but it also isn't working.
My torrc:
ExcludeNodes {RU},{BY},{US},{DE},{UA}
ExitNodes {SE},{NL},{FI}
bridge obfs4 94.242.249.2:3847...Bridges doesn't work with ExcludeNodes. I used all bridges that aren't in countries mentioned in Exclude, but it also isn't working.
My torrc:
ExcludeNodes {RU},{BY},{US},{DE},{UA}
ExitNodes {SE},{NL},{FI}
bridge obfs4 94.242.249.2:38479 039C0803213355DCC9961876B5650B0BE5691915 cert=8+QodvOgR4ufCz/82xjEE/wQIV0qBPgKIXIEQFohS0J+BNA+m8l+cZyh2TxZhDgZOHTiAw iat-mode=0
**Trac**:
**Username**: dECENTRALhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/29288Look into Salmon2020-09-03T18:56:29ZAlexander Færøyahf@torproject.orgLook into SalmonWe should look into the Salmon paper from PETS in 2016. It would allow us to build a different bridge distribution mechanism than what we have today with BridgeDB where reputation and social contacts gives you access to "better" bridges ...We should look into the Salmon paper from PETS in 2016. It would allow us to build a different bridge distribution mechanism than what we have today with BridgeDB where reputation and social contacts gives you access to "better" bridges and adds a penalty for when a bridge is censored.
The paper can be found here: https://www.freehaven.net/anonbib/cache/salmon-pets2016.pdf
The source code can be found here: https://github.com/SalmonProjecthttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/29287Have backup PT in pipeline2020-06-27T13:43:50ZCecylia BocovichHave backup PT in pipelineGet a new pluggable transport assessed and ready for deployment for if/when our current PTs become obsolete.
Possible candidates are:
- Marionette (legacy/trac#29272, legacy/trac#26920)
- HttpProxy (legacy/trac#29278)
- maybe a new one ...Get a new pluggable transport assessed and ready for deployment for if/when our current PTs become obsolete.
Possible candidates are:
- Marionette (legacy/trac#29272, legacy/trac#26920)
- HttpProxy (legacy/trac#29278)
- maybe a new one in Oakland 2019??https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/29285Improve the PT spec and how PTs interface with Tor2021-12-27T20:58:44ZCecylia BocovichImprove the PT spec and how PTs interface with TorWe want to make it easier for developers (and academics) to design and implement new pluggable transports and get them easily integrated with Tor so that we can have a well-functioning PT integration pipeline.
This is a large project th...We want to make it easier for developers (and academics) to design and implement new pluggable transports and get them easily integrated with Tor so that we can have a well-functioning PT integration pipeline.
This is a large project that will consist of several things:
- We need to assess pain points with the current PT spec and desired features from a variety of PT developers.
- We might want to take a look at the PTv2 specification to see where features differ from our v1 and also which features seem to be liked or used by PT developers.
- We should think about how bridge distribution should factor into the PT specification. For example, some transports such as meek and snowflake handle "bridge" information differently than transports whose bridges are distributed through BridgeDB. This results in a different interaction with Tor, and we might consider modifying the spec with the snowflake/broker model in mind (ticket legacy/trac#29296).
In general, we should improve our communication with the pluggable transports community to see what they need and figure out how to get more PTs integrated with Tor.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/29284Deploy Marionette as a PT2020-06-27T13:43:51ZCecylia BocovichDeploy Marionette as a PTActually get Marionette integrated with Tor. This depends on first assessing it (legacy/trac#29272)Actually get Marionette integrated with Tor. This depends on first assessing it (legacy/trac#29272)George KadianakisGeorge Kadianakishttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/29278Assess HTTP proxy2020-06-27T13:43:51ZCecylia BocovichAssess HTTP proxyLook at the status of HTTP proxy and see what it will take to integrate it with Tor.Look at the status of HTTP proxy and see what it will take to integrate it with Tor.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/29274Get developers using new PT alphas2020-06-27T13:43:51ZCecylia BocovichGet developers using new PT alphasWhen a new PT is available, get developers to use the alphas so that we can find surprises and bugs before we ship them to usersWhen a new PT is available, get developers to use the alphas so that we can find surprises and bugs before we ship them to usershttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/28940Add support for LOG to goptlib2021-12-27T20:54:13ZDavid Fifielddcf@torproject.orgAdd support for LOG to goptlibsee:
* legacy/trac#28179 (code changes)
* legacy/trac#28181 (pt-spec changes) _[doesn't seem to be committed yet?]_
ahf made a branch here:
https://github.com/ahf/goptlib/commits/features/loggingsee:
* legacy/trac#28179 (code changes)
* legacy/trac#28181 (pt-spec changes) _[doesn't seem to be committed yet?]_
ahf made a branch here:
https://github.com/ahf/goptlib/commits/features/loggingDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/28936Use Travis CI for goptlib.git repositories on Github2020-06-27T13:43:52ZAlexander Færøyahf@torproject.orgUse Travis CI for goptlib.git repositories on GithubMembers on the network team have been happy to use the Travis CI for `tor.git` in the past year or so.
Let's have the same for `goptlib.git` if some people are going to do development there and have their repositories located on Github.Members on the network team have been happy to use the Travis CI for `tor.git` in the past year or so.
Let's have the same for `goptlib.git` if some people are going to do development there and have their repositories located on Github.Tor: unspecifiedDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.org