Anti-censorship issueshttps://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues2021-03-11T17:48:30Zhttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/31281O2.4 - Boost security by increasing the number of bridges run by volunteers a...2021-03-11T17:48:30ZGabagaba@torproject.orgO2.4 - Boost security by increasing the number of bridges run by volunteers and collective entities through improvements to onboarding and better communications.* [x] A1 - Improve documentation on how to set up a bridge server and different pluggable transport bridge servers.
* [x] A2 - Create scripts and configuration code for setting up a bridge on cloud providers to make it easier for operato...* [x] A1 - Improve documentation on how to set up a bridge server and different pluggable transport bridge servers.
* [x] A2 - Create scripts and configuration code for setting up a bridge on cloud providers to make it easier for operators to launch a new bridge.
* [x] A3 - Promote workshops on how to set up a bridge at relay operator meetups.
* [x] A4 - Improve documentation of bridgeDB--the code behind selecting and distributing bridges.
* [x] A5 - Increase stability and resilience of bridge authority and bridgeDB by exploring and implementing decentralizations of those services.
[Milestone](https://gitlab.torproject.org/groups/tpo/-/milestones/6).Sponsor 30 - Objective 2.4https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/31280O2.3 - Develop new and/or improve existing bridge selection and distribution ...2020-11-20T16:28:19ZGabagaba@torproject.orgO2.3 - Develop new and/or improve existing bridge selection and distribution strategies.* A1 - Develop new and/or improve existing bridge selection and distribution strategies based on data collected about successful, effective methods per evaluation during O1.1.
* A2 - Develop methods to present bridges to users based on t...* A1 - Develop new and/or improve existing bridge selection and distribution strategies based on data collected about successful, effective methods per evaluation during O1.1.
* A2 - Develop methods to present bridges to users based on their location, potentially incorporating relevant censorship data published by OONI.
* A3 - Improve ability for bridgedb/authority to test bridges that only expose a pluggable transport.
* A4 - Update bridgeDB/gettor to give region-specific recommendations for PT and bridges.
[Milestone](https://gitlab.torproject.org/groups/tpo/-/milestones/5)Sponsor 30 - Objective 2.3Gabagaba@torproject.orgGabagaba@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/31274O2.1 - Create an evaluation framework and collect data to better monitor and ...2021-07-14T15:45:14ZGabagaba@torproject.orgO2.1 - Create an evaluation framework and collect data to better monitor and evaluate current bridge selection and distribution processes.[Milestone](https://gitlab.torproject.org/groups/tpo/-/milestones/4)
* A1 - Create an evaluation framework for bridge distribution and selection methods.
* [x] tpo/anti-censorship/pluggable-transports/trac#29277
* [x] #31422
* A2...[Milestone](https://gitlab.torproject.org/groups/tpo/-/milestones/4)
* A1 - Create an evaluation framework for bridge distribution and selection methods.
* [x] tpo/anti-censorship/pluggable-transports/trac#29277
* [x] #31422
* A2 - Evaluate distribution and selection methods for human rights defenders in target regions.
* [x] tpo/anti-censorship/censorship-analysis#34153
* A3 - Identify which bridge selection and distribution methods are most used in targeted regions.
* [x] #31871
* [ ] #32276Sponsor 30 - Objective 2.1Gabagaba@torproject.orgGabagaba@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/31268Objective O2: Ensure users in target countries have access to the best Tor b...2022-06-02T16:55:50ZGabagaba@torproject.orgObjective O2: Ensure users in target countries have access to the best Tor bridge options for circumventing censorship.Activities under this objective aim to improve aspects of bridge distribution and selection methods. We seek to automate bridge distribution for our users as much as possible, but some distribution mechanisms require minimal user intera...Activities under this objective aim to improve aspects of bridge distribution and selection methods. We seek to automate bridge distribution for our users as much as possible, but some distribution mechanisms require minimal user interaction, like solving CAPTCHAs. One example of an active distribution mechanism that is as automated as possible is “moat,” which is already integrated into Tor Browser. The fact that this distribution method is integrated into Tor Browser minimizes the number of hoops our users have to jump through. When possible, we hope to integrate distribution methods developed in this project into Tor Browser, minimizing the impact on the user. With special focus on human rights defenders in the Global South, we will increase access to Tor bridges and expand the network.
* [x] [O2.1 - Create an evaluation framework and collect data to better monitor and evaluate current bridge selection and distribution processes.](#31274)
* [ ] [O2.2 - Improve user experience and user interface of bridges.torproject.org.](https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40020)
* [x] [O2.3 - Develop new and/or improve existing bridge selection and distribution strategies.](#31280)
* [x] [O2.4 - Boost security by increasing the number of bridges run by volunteers and collective entities through improvements to onboarding and better communications.](#31281)
Parent ticket: https://gitlab.torproject.org/tpo/anti-censorship/trac/-/issues/31265https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/31252Equip BridgeDB with anti-bot mechanism2020-06-27T13:42:48ZPhilipp Winterphw@torproject.orgEquip BridgeDB with anti-bot mechanismBridgeDB sees many bot requests. The ones I've seen cycle over exit relays to fetch several bridge types (obfs2 (!), obfs3, obfs4, scramblesuit, and vanilla) from BridgeDB's HTTPS interface. Interestingly, they get most captchas right.
...BridgeDB sees many bot requests. The ones I've seen cycle over exit relays to fetch several bridge types (obfs2 (!), obfs3, obfs4, scramblesuit, and vanilla) from BridgeDB's HTTPS interface. Interestingly, they get most captchas right.
We don't know who's operating these bots or what they are doing with their bridges but we should make BridgeDB more resistant to these attacks. Let's add a mechanism that allows us to configure request headers that BridgeDB should ignore, e.g., requests whose user agent contains curl.
Ideally, instead of BridgeDB responding "bots aren't allowed to get bridges," we could serve an empty response, or a decoy bridge whose only purpose is to find out what the bot operators are doing with it.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/30946Port BridgeDB to Python 32020-06-27T13:42:48ZPhilipp Winterphw@torproject.orgPort BridgeDB to Python 3BridgeDB is written in Python 2.7, which will no longer be maintained past 2020. We should port BridgeDB to Python 3. This may involve quite some work given BridgeDB's large code base and the libraries it depends on.BridgeDB is written in Python 2.7, which will no longer be maintained past 2020. We should port BridgeDB to Python 3. This may involve quite some work given BridgeDB's large code base and the libraries it depends on.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/30941Need better instructions for requesting bridges via email2021-07-09T18:27:09ZPili GuerraNeed better instructions for requesting bridges via emailFor bridges obtained via email by emailing bridges@ it's not clear how/where to request bridges via email.
E.g the bridges.tpo website simply says to email bridges@ to get bridges
Emailing that address gives you a number of commands bu...For bridges obtained via email by emailing bridges@ it's not clear how/where to request bridges via email.
E.g the bridges.tpo website simply says to email bridges@ to get bridges
Emailing that address gives you a number of commands but doesn't specify where to send the commands (email subject, body...) I tried both and wasn't able to get it to work.
It also specifies that you can combine commands but it doesn't give any examples or indication of how to do so.
This was raised by a user and I also couldn't figure it out after trying for about 5 minutes :/Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/30833Update BrideDB's requirements.txt2020-06-27T13:42:49ZPhilipp Winterphw@torproject.orgUpdate BrideDB's requirements.txtBridgeDB's [requirements.txt](https://gitweb.torproject.org/bridgedb.git/tree/requirements.txt?id=2d86ae0c232a0390bbd891d42e9722a10589fd0e) is outdated and currently depends on packages that have security vulnerabilities. At the very lea...BridgeDB's [requirements.txt](https://gitweb.torproject.org/bridgedb.git/tree/requirements.txt?id=2d86ae0c232a0390bbd891d42e9722a10589fd0e) is outdated and currently depends on packages that have security vulnerabilities. At the very least, we should find out if we're affected by any of these vulnerabilities. Ideally, we should pin all dependencies to their latest versions and take care of any issues that we encounter in the process.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/30706Do some simple BridgeDB housekeeping2020-06-27T13:42:49ZPhilipp Winterphw@torproject.orgDo some simple BridgeDB housekeepingThe following branch does some simple BridgeDB housekeeping:
https://github.com/NullHypothesis/bridgedb/tree/misc
In particular, it does:
* Add missing CHANGELOG entries.
* Add Philipp's contact info to the support section.
* Replace an...The following branch does some simple BridgeDB housekeeping:
https://github.com/NullHypothesis/bridgedb/tree/misc
In particular, it does:
* Add missing CHANGELOG entries.
* Add Philipp's contact info to the support section.
* Replace an HTTP URL with an HTTPS URL.
* Fix a broken Trac URL.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/30441Stop BridgeDB from handing out offline bridges2020-06-27T13:42:49ZPhilipp Winterphw@torproject.orgStop BridgeDB from handing out offline bridgesBridgeDB currently hands out plenty of bridges (in all flavours) that are offline. We need to understand why this is the case, and stop it from doing that.
For example, I just got the obfs4 bridge `4C480695650EDB6BAB006DB9FD81F6173122E9...BridgeDB currently hands out plenty of bridges (in all flavours) that are offline. We need to understand why this is the case, and stop it from doing that.
For example, I just got the obfs4 bridge `4C480695650EDB6BAB006DB9FD81F6173122E973` over HTTPS. Nothing responds on its obfs4 port and [Metrics](https://metrics.torproject.org/rs.html#details/86EBB09CE8FF1B467CBC38A7658618775692AABC) says that it's currently offline -- or used to be, a few hours ago, to be precise. The bridge's IP address is part of Serge's most recent networkstatus-bridges file, but the bridge does not have the `Running` flag and should not have been given out. Also, the bridge's fingerprint isn't part of BridgeDB's latest assignments.log file. According to all of this, I should not have been given that bridge.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/30317Update howto on https://bridges.torproject.org/ to take mobile Tor Browser in...2021-07-01T17:47:15ZGeorg KoppenUpdate howto on https://bridges.torproject.org/ to take mobile Tor Browser into accountTor Browser on Android is a thing and will be even more so shortly when we'll release the first stable release. However, the instructions on https://bridges.torproject.org/howto are desktop-only. We need to adapt the text so that mobile ...Tor Browser on Android is a thing and will be even more so shortly when we'll release the first stable release. However, the instructions on https://bridges.torproject.org/howto are desktop-only. We need to adapt the text so that mobile Tor Browser users need to know as well how they should add bridges obtained to their Tor Browser.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/30157please update translations on bridgesdb2020-06-27T13:42:49Zemmapeelplease update translations on bridgesdbThe translations to BridgeDB have been reviewed and updated, but the ones we have live are a bit old. Please update with the new versions for all translations, including the ones we already have.
The translations are available at https:...The translations to BridgeDB have been reviewed and updated, but the ones we have live are a bit old. Please update with the new versions for all translations, including the ones we already have.
The translations are available at https://gitweb.torproject.org/translation.git/tree/?h=bridgedb_completed or git.torproject.org/translation.git branch: bridgedb_completedPhilipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/29686filenames conflict on case-insensitive filesystems2020-06-27T13:42:49ZTaylor Yufilenames conflict on case-insensitive filesystemsTrying to clone the bridgedb repository on macOS on a case-insensitive filesystem results in:
```
warning: the following paths have collided (e.g. case-sensitive paths
on a case-insensitive filesystem) and only one from the same
collidi...Trying to clone the bridgedb repository on macOS on a case-insensitive filesystem results in:
```
warning: the following paths have collided (e.g. case-sensitive paths
on a case-insensitive filesystem) and only one from the same
colliding group is in the working tree:
'bridgedb/Bridges.py'
'bridgedb/bridges.py'
'bridgedb/test/test_Bridges.py'
'bridgedb/test/test_bridges.py'
'doc/sphinx/source/bridgedb.Bridges.rst'
'doc/sphinx/source/bridgedb.bridges.rst'
```
We should rename stuff so the code is easier to work on in a case-insensitive filesystem.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/29597Cleanup bridgedb-admin git repository2020-06-27T13:42:50ZDavid Gouletdgoulet@torproject.orgCleanup bridgedb-admin git repositoryIt is full of either out of date scripts or thing that aren't used.
The branch will probably have many commits touching many things ;). Spring cleanup!It is full of either out of date scripts or thing that aren't used.
The branch will probably have many commits touching many things ;). Spring cleanup!David Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/29596Cleanup bridgedb crontab2020-06-27T13:42:50ZDavid Gouletdgoulet@torproject.orgCleanup bridgedb crontabOverall cleanup to what the server is actually running.Overall cleanup to what the server is actually running.David Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/29594Remove OpenSSL.rand.bytes from code2020-06-27T13:42:50ZDavid Gouletdgoulet@torproject.orgRemove OpenSSL.rand.bytes from codeIt is now deprecated in favor of `os.urandom()`:
```
OpenSSL.rand is deprecated - you should use os.urandom instead
```
This is needed if we want to upgrade the requirements.txt.It is now deprecated in favor of `os.urandom()`:
```
OpenSSL.rand is deprecated - you should use os.urandom instead
```
This is needed if we want to upgrade the requirements.txt.David Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/29484Update the requirements.txt and freeze them on release2020-06-27T13:42:50ZDavid Gouletdgoulet@torproject.orgUpdate the requirements.txt and freeze them on releaseThe `requirements.txt` file has package versions that are pinned and some are very old by now.
I've done a quick test and using all the latest works with a very minor fix in the code so far.
We should have a development one that uses t...The `requirements.txt` file has package versions that are pinned and some are very old by now.
I've done a quick test and using all the latest works with a very minor fix in the code so far.
We should have a development one that uses the latest packages (maybe?) and then use a minimal one that we use when we release (pip freeze).
This way, we keep up to date with everything and do not fall into the risk of having huge security holes because old dependencies for instance.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/29483Use systemd init script for BridgeDB2020-06-27T13:42:50ZDavid Gouletdgoulet@torproject.orgUse systemd init script for BridgeDBThe bridgedb process is executed in a cron at bootup. So if it crashes, we do not know about it because lack of monitoring but also it won't be restarted.
Lets move this out of the cron and into a systemd init script. The machine is Deb...The bridgedb process is executed in a cron at bootup. So if it crashes, we do not know about it because lack of monitoring but also it won't be restarted.
Lets move this out of the cron and into a systemd init script. The machine is Debian 9.7 so systemd is stable there and what should be used.David Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/29481Cleanup bridgedb.conf and bridgedb.crontab2020-06-27T13:42:50ZDavid Gouletdgoulet@torproject.orgCleanup bridgedb.conf and bridgedb.crontabThe production `bridgedb.conf` needs to be cleaned up due to several outdated config in there.The production `bridgedb.conf` needs to be cleaned up due to several outdated config in there.Matthew FinkelMatthew Finkelhttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/29480Expose bridge pool assignments again2020-06-27T13:42:50ZirlExpose bridge pool assignments againIn the past we archived bridge pool assignments in CollecTor, but we don't do that anymore. It would be nice to do it again. This could be combined with the implementation of legacy/trac#29448.In the past we archived bridge pool assignments in CollecTor, but we don't do that anymore. It would be nice to do it again. This could be combined with the implementation of legacy/trac#29448.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.org