Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2023-05-10T17:27:07Zhttps://gitlab.torproject.org/legacy/trac/-/issues/31874Automatically test the PTs of bridges2023-05-10T17:27:07ZPhilipp Winterphw@torproject.orgAutomatically test the PTs of bridgesWhen a new bridge is set up, our directory authority is testing its OR port and assigns it the `Running` flag if the OR port is reachable. Nothing however is testing a bridge's PT port(s). This resulted in several bridges having an unrea...When a new bridge is set up, our directory authority is testing its OR port and assigns it the `Running` flag if the OR port is reachable. Nothing however is testing a bridge's PT port(s). This resulted in several bridges having an unreachable obfs4 port, e.g., because the operator failed to whitelist the obfs4 port in their firewall. Let's fix this by testing a bridge's pluggable transport and alerting the operator if the PT is unreachable.
Obfs4proxy has client implementations for most of our currently-deployed PTs, so we could start by writing some glue code that takes as input a bridge line and makes obfs4proxy (and tor) connect to the given bridge.
Another question is where we should do the testing from. Our bridge authority and BridgeDB are the obvious candidates. Our bridge authority currently tests bridges' OR ports but we may not want it to also test PTs.
Finally, how should we let bridge operators know if their PTs are unreachable? We may want to send them an email (if they have contact information in their descriptor), and/or make their tor log a warning.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/31872Write up process for distribution of private bridges2021-07-09T14:25:16ZPhilipp Winterphw@torproject.orgWrite up process for distribution of private bridgesWe recently supplied an NGO with private bridges, which they intended to distribute among their users. This involved providing installation instructions (How do you download Tor Browser? How do you configure bridges?) and answering quest...We recently supplied an NGO with private bridges, which they intended to distribute among their users. This involved providing installation instructions (How do you download Tor Browser? How do you configure bridges?) and answering questions like:
* Does obfs4 work in my region?
* How reliable are these bridges?
* Who will be running these bridges?
Let's compile all this information into a single document, so once we repeat the process with another NGO, we can point them to this document.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/34148Create a monit configuration file and set up an instance2020-06-13T18:36:28ZPhilipp Winterphw@torproject.orgCreate a monit configuration file and set up an instanceGman999 and I have been talking about setting up a [monit](https://mmonit.com/monit/) instance to replace sysmon. Monit can help us monitor our anti-censorship infrastructure. It's a neat tool because it doesn't require software on the m...Gman999 and I have been talking about setting up a [monit](https://mmonit.com/monit/) instance to replace sysmon. Monit can help us monitor our anti-censorship infrastructure. It's a neat tool because it doesn't require software on the monitored targets, it's lightweight, has a simple configuration format, and can send alerts over email.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/34041Discord sent me an email listing my real ip as login location2020-06-13T18:36:28ZTracDiscord sent me an email listing my real ip as login locationI logged in to discord using tor and then got an email from discord saying someone had logged in to discord and giving my REAL IP address.
**Trac**:
**Username**: Camillia124I logged in to discord using tor and then got an email from discord saying someone had logged in to discord and giving my REAL IP address.
**Trac**:
**Username**: Camillia124https://gitlab.torproject.org/legacy/trac/-/issues/33706Tor does not work with meek-azure or snowflake bridges2020-06-13T18:36:27ZTracTor does not work with meek-azure or snowflake bridgesTor does not work with meek-azure or snowflake bridges.
Even after 5mins nothing.
It will not connect to tor with these 2 types of bridges.
TorBrowser 9.5a8
**Trac**:
**Username**: z1zTor does not work with meek-azure or snowflake bridges.
Even after 5mins nothing.
It will not connect to tor with these 2 types of bridges.
TorBrowser 9.5a8
**Trac**:
**Username**: z1zhttps://gitlab.torproject.org/legacy/trac/-/issues/33145Go through process of distributing private bridges2020-06-13T18:36:27ZPhilipp Winterphw@torproject.orgGo through process of distributing private bridgesOver at #31872, we created a process for distributing private bridges to NGOs:
https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam/NGOBridgeSupport
It's now time to go through this process with a non-trivial numbe...Over at #31872, we created a process for distributing private bridges to NGOs:
https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam/NGOBridgeSupport
It's now time to go through this process with a non-trivial number of censored users. Once we did, we need to document our experience and iteratively improve the process.https://gitlab.torproject.org/legacy/trac/-/issues/33088Offer obfs4 docker image for additional architectures2020-06-13T18:36:27ZPhilipp Winterphw@torproject.orgOffer obfs4 docker image for additional architecturesA bridge operator asked us to cross-compile our docker image for arm64. This sounds like an easy-ish fix that would make the lifes of our bridge operators easier. Let's figure out what it takes to support ARM and potentially other archit...A bridge operator asked us to cross-compile our docker image for arm64. This sounds like an easy-ish fix that would make the lifes of our bridge operators easier. Let's figure out what it takes to support ARM and potentially other architectures.https://gitlab.torproject.org/legacy/trac/-/issues/33047How can we optimise the anti-censorship suite for mobile?2020-06-13T18:36:26ZPhilipp Winterphw@torproject.orgHow can we optimise the anti-censorship suite for mobile?Mobile applications have significant space constraints, which makes it difficult to bundle Tor and its circumvention suite. For example, obfs4proxy 0.0.7 in Debian Buster currently has a binary size of 5.2 MB and snowflake-client in Tor...Mobile applications have significant space constraints, which makes it difficult to bundle Tor and its circumvention suite. For example, obfs4proxy 0.0.7 in Debian Buster currently has a binary size of 5.2 MB and snowflake-client in Tor Browser 9.5 has a binary size of 7.7 MB. This is largely due to both projects being implemented in golang, which only supports static linking.
What can we do to reduce our circumvention suite's disk footprint? The obvious answer would be to re-implement obfs4 and snowflake in a dynamically-linked language. What else can we do?https://gitlab.torproject.org/legacy/trac/-/issues/32781Investigate alternative method to share bridges and Tor Browser bundles based...2020-06-13T18:36:26ZHiroInvestigate alternative method to share bridges and Tor Browser bundles based on social network protocolsTor is currently using bridgedb to distribute bridges to censored users.
Bridgedb uses email distribution which is not very effective when facing a high efficient censor like the GFW.
Some papers [1] have suggested methods based on soci...Tor is currently using bridgedb to distribute bridges to censored users.
Bridgedb uses email distribution which is not very effective when facing a high efficient censor like the GFW.
Some papers [1] have suggested methods based on social networks. These work under the assumption that we can only limit the censor ability to block servers.
Similarly gettor is using various storage service to provide alternative links to download tor browser bundle when torproject.org website is blocked.
I suggest decentralization protocols like retroshare [2] could be an alternative solution to share bridges and tor browser bundles to trusted parties. Furthermore retroshare supports already a variety of services [3] that could be used to communicate with users that need help circumventing censorship.
[1] https://www.degruyter.com/downloadpdf/j/popets.2016.2016.issue-4/popets-2016-0026/popets-2016-0026.pdf
[2] https://retroshare.cc/
[3] https://retroshare.readthedocs.io/en/latest/#featureshttps://gitlab.torproject.org/legacy/trac/-/issues/32004Protect Against Blocking and Spying in Iran2020-06-13T18:36:25ZTracProtect Against Blocking and Spying in IranHi
I saw number of time tor blocked in iran even bridges like meek and obfv4 also the direct mode blocking too, even after using bridge they can spying users.
i test in OONIPROBE and saw blocking.
**Trac**:
**Username**: Anonymous75Hi
I saw number of time tor blocked in iran even bridges like meek and obfv4 also the direct mode blocking too, even after using bridge they can spying users.
i test in OONIPROBE and saw blocking.
**Trac**:
**Username**: Anonymous75https://gitlab.torproject.org/legacy/trac/-/issues/31870Do an informal usability study on the "get bridges" process2020-06-13T18:36:23ZPhilipp Winterphw@torproject.orgDo an informal usability study on the "get bridges" processSee [this mailing list post](https://lists.torproject.org/pipermail/ux/2019-May/000448.html) from May 2019. We would like to:
1. Give a user a device with a censored Tor Browser / Tor Browser Android
2. Ask the user to figure out how to...See [this mailing list post](https://lists.torproject.org/pipermail/ux/2019-May/000448.html) from May 2019. We would like to:
1. Give a user a device with a censored Tor Browser / Tor Browser Android
2. Ask the user to figure out how to connect to Tor
3. Observe what issues the user runs into
We may be able to do another iteration of this experiment at the OTF summit in Taipei.https://gitlab.torproject.org/legacy/trac/-/issues/31834Make obfs4 Docker image more usable2020-06-13T18:36:22ZPhilipp Winterphw@torproject.orgMake obfs4 Docker image more usableHere is some feedback we got from an operator (see [this blog post](https://www.securimancy.com/dockerizing-tor-bridge/) for the full story):
* ~~Make it easier to get the bridge's fingerprint and/or bridge line. At the moment, users ha...Here is some feedback we got from an operator (see [this blog post](https://www.securimancy.com/dockerizing-tor-bridge/) for the full story):
* ~~Make it easier to get the bridge's fingerprint and/or bridge line. At the moment, users have to spawn a shell in the container, which is tedious.~~
* ~~Maybe provide a docker-compose file.~~
* ~~Improve our [official setup instructions](https://community.torproject.org/relay/setup/bridge/docker/). [These instructions](https://dip.torproject.org/torproject/anti-censorship/docker-obfs4-bridge) were more helpful to an operator.~~
* ~~Add a note that operators can run `docker logs <container>` to check if it's up and running.~~
* ~~Mention concerns regarding permanence: Ideally, a container should run as long as possible.~~
* ~~Allow running a bridge on a port <1024 (as per mrphs's request in comment:2).~~Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/31523Recruit potential default bridges from set of long-running bridges2020-06-13T18:36:21ZPhilipp Winterphw@torproject.orgRecruit potential default bridges from set of long-running bridgesWe would like to set up more default bridges. One way to recruit more is to look for non-default bridges that have 1) high capacity, 2) have been around for a long time, and 3) have a stable uptime. Ideally, we should also know the perso...We would like to set up more default bridges. One way to recruit more is to look for non-default bridges that have 1) high capacity, 2) have been around for a long time, and 3) have a stable uptime. Ideally, we should also know the person who runs the bridge, as stated in our [list of criteria](https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/DefaultBridges#Addingnewdefaultbridges) for setting up a new default bridges.
Let's have a look at archived bridge data and extract a list of default bridge candidates.https://gitlab.torproject.org/legacy/trac/-/issues/31273O1.5 - Develop OONI Probe orchestration logic that is specific to circumventi...2020-06-13T18:36:20ZGabagaba@torproject.orgO1.5 - Develop OONI Probe orchestration logic that is specific to circumvention tool testing.Tracking OONI's work on this objective.
* A1 - Make it possible to instruct in near real-time probes to test a specific circumvention tool with a particular configuration.Tracking OONI's work on this objective.
* A1 - Make it possible to instruct in near real-time probes to test a specific circumvention tool with a particular configuration.https://gitlab.torproject.org/legacy/trac/-/issues/31272O1.4 - Make OONI Probe’s reporting logic more resilient to censorship.2020-06-13T18:36:20ZGabagaba@torproject.orgO1.4 - Make OONI Probe’s reporting logic more resilient to censorship.Tracking OONI's work on this objective.
* A1 - Add logic for detecting that some circumvention strategy should be used for speaking to OONI backends.
* A2 - Discover when OONI testing backend infrastructure is being blocked in a particu...Tracking OONI's work on this objective.
* A1 - Add logic for detecting that some circumvention strategy should be used for speaking to OONI backends.
* A2 - Discover when OONI testing backend infrastructure is being blocked in a particular country or network.
* A3 - Support submitting measurements using circumvention techniques (e.g., alternative host, using pluggable transports, Psiphon, etc.).https://gitlab.torproject.org/legacy/trac/-/issues/31271O1.3 - Improve censorship circumvention tool methodology to include metrics t...2020-06-13T18:36:20ZGabagaba@torproject.orgO1.3 - Improve censorship circumvention tool methodology to include metrics that are also related to the performance of the tool.Tracking work from OONI on this objective.
* A1 - Support running NDT over Tor/Psiphon/obfs4.Tracking work from OONI on this objective.
* A1 - Support running NDT over Tor/Psiphon/obfs4.https://gitlab.torproject.org/legacy/trac/-/issues/31270O1.2 - Analyze collected censorship circumvention tool test results and integ...2020-06-13T18:36:19ZGabagaba@torproject.orgO1.2 - Analyze collected censorship circumvention tool test results and integrate them into OONI Explorer and the OONI API.This ticket will be used to track OONI's work on this objective.
* A1 - Write data processing pipeline integration to analyze and extract relevant metrics from the circumvention tools tests.
* A2 - Present data from circumvention tool t...This ticket will be used to track OONI's work on this objective.
* A1 - Write data processing pipeline integration to analyze and extract relevant metrics from the circumvention tools tests.
* A2 - Present data from circumvention tool testing on OONI Explorer and the OONI API.https://gitlab.torproject.org/legacy/trac/-/issues/31267O1.1 - Add support in OONI Probe for testing circumvention tools.2020-06-13T18:36:19ZGabagaba@torproject.orgO1.1 - Add support in OONI Probe for testing circumvention tools.This ticket will be used to track OONI's work on this objective.
* A1 - Integrate Tor into Measurement Kit.
* A2 - Integrate TCP connect based bridge reachability testing into Measurement Kit.
* A3 - Integrate obfs4proxy based bridg...This ticket will be used to track OONI's work on this objective.
* A1 - Integrate Tor into Measurement Kit.
* A2 - Integrate TCP connect based bridge reachability testing into Measurement Kit.
* A3 - Integrate obfs4proxy based bridge testing into Measurement Kit.
* A4 - Integrate Psiphon testing into Measurement Kit.
* A5 - Add backend support for provisioning circumvention tool test configurations to probes.https://gitlab.torproject.org/legacy/trac/-/issues/31266Objective 1: Support censorship circumvention through the improvement of netw...2020-06-13T18:36:18ZGabagaba@torproject.orgObjective 1: Support censorship circumvention through the improvement of network measurement methodologies aimed at detecting the blocking of circumvention tools.All the activities related to objective 1.All the activities related to objective 1.https://gitlab.torproject.org/legacy/trac/-/issues/31265Sponsor 30 master ticket2020-06-13T18:36:18ZGabagaba@torproject.orgSponsor 30 master ticketThis is the master ticket for the whole Sponsor 30 - Anti-censorship technologies.
More info in https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor30This is the master ticket for the whole Sponsor 30 - Anti-censorship technologies.
More info in https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor30