rdsys issueshttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues2021-09-21T14:46:38Zhttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/38Parse network-status and bridge-descriptors documents from the bridge authority2021-09-21T14:46:38ZCecylia BocovichParse network-status and bridge-descriptors documents from the bridge authoritySee the [BridgeDB specification](https://gitweb.torproject.org/torspec.git/tree/bridgedb-spec.txt) for a full explanation of how these descriptors are used. Right now rdsys only parses the extrainfo documents, but the network-status docu...See the [BridgeDB specification](https://gitweb.torproject.org/torspec.git/tree/bridgedb-spec.txt) for a full explanation of how these descriptors are used. Right now rdsys only parses the extrainfo documents, but the network-status document is useful for checking the `running` flag, and either the network-status or bridge-descriptors document is necessary to get the bridge IP address and port for vanilla bridges.
- [x] Evaluate https://github.com/NullHypothesis/zoossh to use in rdsysDeploy RDSYS alongside BridgeDBCecylia BocovichCecylia Bocovich2021-08-30https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/137Proposal - to edit message of getbridges bot2023-01-31T15:41:25ZninaProposal - to edit message of getbridges botI want to offer to remove the phrase "Your bridges:" that @GetBridgesBot sends with the list of bridges (or split it into two different messages)
When the users copy the bridges from the message on the smartphone, they have to copy the...I want to offer to remove the phrase "Your bridges:" that @GetBridgesBot sends with the list of bridges (or split it into two different messages)
When the users copy the bridges from the message on the smartphone, they have to copy the whole message with the phrase "Your bridges:" and then remove this piece already in the TBA/Orbot/Onion Browser. So removing these words from the message would make the user experience bettermeskiomeskio@torproject.orgmeskiomeskio@torproject.org2023-01-11https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/184Make the HTTP distributor's website localizable2024-03-20T13:51:15Zmeskiomeskio@torproject.orgMake the HTTP distributor's website localizablerdsys already has [translation support](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/tree/main/pkg/locales?ref_type=heads). Should we pass the strings to the templates from rdsys? Or should we look into another option more *...rdsys already has [translation support](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/tree/main/pkg/locales?ref_type=heads). Should we pass the strings to the templates from rdsys? Or should we look into another option more *web-friendly*?shelikhooshelikhoo2024-03-08https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/2Re-implement an "MVP" of BridgeDB's HTTPS distributor2024-03-12T17:14:45ZPhilipp Winterphw@torproject.orgRe-implement an "MVP" of BridgeDB's HTTPS distributorLet's re-implement BridgeDB's HTTPS distributor in rdsys. Golang makes this reasonably straightforward thanks to its powerful standard library. Once we have a reliable MVP, we can think about more advances features like:
- [ ] Translatio...Let's re-implement BridgeDB's HTTPS distributor in rdsys. Golang makes this reasonably straightforward thanks to its powerful standard library. Once we have a reliable MVP, we can think about more advances features like:
- [ ] Translations (tpo/anti-censorship/rdsys#11)
- [ ] Designing the Web UIshelikhooshelikhoo2024-03-08https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/167Add lox distributor type with no allocated bridges2023-11-09T03:49:09ZCecylia BocovichAdd lox distributor type with no allocated bridgesLet's add a new distributor type called "lox" that doesn't take any bridges but has it's own authentication token and will accept bridges that specify `BridgeDistribution lox` in their torrc file.
We'll need to do the following things
-...Let's add a new distributor type called "lox" that doesn't take any bridges but has it's own authentication token and will accept bridges that specify `BridgeDistribution lox` in their torrc file.
We'll need to do the following things
- [x] Add a lox distributor to rdsys's config file
- [x] Create a service for the lox distributor so it is restarted if `rdsys-frontend-01` goes down
- [x] Add the lox distributor binary to /srv/rdsys.torproject.org/bin on `rdsys-frontend-01`
- [x] Add the lox distributor config file to /srv/rdsys.torproject.org/conf on `rdsys-frontend-01`
- [x] Generate and add an API token for the lox distributorCecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/161Resources with failing tests (bridgestrap/onbasca) should be explicitly marke...2023-06-16T18:10:10ZonyinyangResources with failing tests (bridgestrap/onbasca) should be explicitly marked as `gone`Resources that fail bridgestrap and/or onbasca tests are not distributed according to the [functionality here](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/pkg/core/backend_resources.go#L171) but as far as I can te...Resources that fail bridgestrap and/or onbasca tests are not distributed according to the [functionality here](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/pkg/core/backend_resources.go#L171) but as far as I can tell are not marked as `gone` explicitly anywhere. Instead resources are determined to be `gone` when they have been pruned [based on their expiration](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/internal/kraken.go#L62) but this is based on when a resource's bridge descriptors expire rather than when a resource is failing for other reasons. If resources are no longer distributed, they should be marked as `gone` to ease syncing with distributors. This functionality is particularly important for systems like Lox that maintain some internal bridge distribution state.onyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/160Include metrics to track flickering bridges/resources by onbasca ratio2023-05-29T23:19:43ZonyinyangInclude metrics to track flickering bridges/resources by onbasca ratioWhile rdsys [collects metrics for onbasca's bandwidth ratio](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/internal/kraken.go#L118) and provides insight on a resource's state (`untested`, `accepted`, `rejected`), it...While rdsys [collects metrics for onbasca's bandwidth ratio](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/internal/kraken.go#L118) and provides insight on a resource's state (`untested`, `accepted`, `rejected`), it would be useful to have more insight into whether and how often resources "flicker", meaning how often do `accepted` or `rejected` resources change back and forth?
The first step is to figure out if this happens. Then when we have collected some metrics about it and have determined if it does indeed happen, and how often, we can expand upon the information we collect about it.onyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/142rdsys Intergration with WebTunnel2023-06-06T11:01:25Zshelikhoordsys Intergration with WebTunnelNow that we have finished uploading the connection information to rdsys, it is rdsys's turn to interpret and distribute this data.
Conceptually, WebTunnel should work in a way similar to obfs4 when it comes to bridge distribution
Tasks...Now that we have finished uploading the connection information to rdsys, it is rdsys's turn to interpret and distribute this data.
Conceptually, WebTunnel should work in a way similar to obfs4 when it comes to bridge distribution
Tasks:
* [x] add bridgestrap support for webtunnel bridges
* [x] deploy webtunnel binary and supported bridgestrap in polyanthum
* [x] configure rdsys to assign webtunnel bridges to http distributor
* [x] modify bridgedb to add webtunnel selector in the http distributor
* [x] deploy new bridgedb
* [x] setup a test webtunnel bridge and check it gets distributedSponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/141Create a dummy whatsapp bot2023-01-09T18:00:11Zmeskiomeskio@torproject.orgCreate a dummy whatsapp botAs a first step to have a gettor whatsapp distributor (#139) let's create a dummy whatsapp bot that answers with "Hello" to anything we write to it.As a first step to have a gettor whatsapp distributor (#139) let's create a dummy whatsapp bot that answers with "Hello" to anything we write to it.Orji CeciliaOrji Ceciliahttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/140Decide on which social media platform to work on for the Outreachy project2022-12-08T09:35:20ZGabagaba@torproject.orgDecide on which social media platform to work on for the Outreachy projectOutreachy project for 2022/2023 is "TorBrowser is often used to access censored content, and because of that some countries or network operators block access to the downloads in torproject.org. A mechanism we have to avoid those blocks i...Outreachy project for 2022/2023 is "TorBrowser is often used to access censored content, and because of that some countries or network operators block access to the downloads in torproject.org. A mechanism we have to avoid those blocks is GetTor: https://gettor.torproject.org/
GetTor distributes TorBrowser (or links to download TorBrowser) over email and Telegram. We want to extend GetoTor to distribute TorBrowser on other IM and social media (like Twitter, iMessage, or WhatsApp)."
@cece welcome!!Orji CeciliaOrji Ceciliahttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/135consider not giving out the moat SR2 bridges on telegram2023-03-19T12:44:18ZRoger Dingledineconsider not giving out the moat SR2 bridges on telegramOur analysis conclusions from last week's work with @shelikhoo include:
* Around 45 of irl's dynamic bridges say "bridge-distribution-request moat" in their descriptor, and around 10 of them say "bridge-distribution-request none" in the...Our analysis conclusions from last week's work with @shelikhoo include:
* Around 45 of irl's dynamic bridges say "bridge-distribution-request moat" in their descriptor, and around 10 of them say "bridge-distribution-request none" in their descriptor.
* I hear that rdsys is giving out all 55ish of them via telegram+new. That is, the moat ones are given out via both moat and telegram+new, and the none ones are given out via telegram+new.
* The moat ones are getting blocked in China because they're enumerating moat. The none ones continue to work in China.
* All of the bridges are working fine in Turkey / Russia.
So if the above is right, that means some of the bridges we're giving out via telegram are already blocked because they had been given out via moat too.
So: giving out all 55 via telegram is optimal in every country but China, but giving out only the 10 via telegram is optimal for China.
Do we know whether the telegram+new channel is getting any use in China? If yes, we can make it work better by not including the moat ones in the pool of telegram+new responses.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetirlirlhttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/122Builtin bridges route is returning an empty JSON object2022-10-03T09:42:07Zmig5Builtin bridges route is returning an empty JSON objectHi @meskio ,
(Sorry in advance if this is the wrong place to report the issue)
The OnionShare team just noticed that https://bridges.torproject.org/moat/circumvention/builtin is returning `{}` . It used to return a list of built-in bri...Hi @meskio ,
(Sorry in advance if this is the wrong place to report the issue)
The OnionShare team just noticed that https://bridges.torproject.org/moat/circumvention/builtin is returning `{}` . It used to return a list of built-in bridges, and we updated our app to use this for supplying OnionShare the default bridges (we used to copy them from the Tor Browser source code).
Was this a deliberate change? If so, is there something else we should be doing to fetch built-in bridges now?
I note that it's still in the [doc](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/moat.md#circumventionbuiltin) so thought it might be unexpected.
Thanks!Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/105deploy rdsys gettor into production2022-10-03T17:56:39Zmeskiomeskio@torproject.orgdeploy rdsys gettor into productionWe might need first to setup a test environment to test it thoroughly.
When we are ready to do the deployment we should configure everything on polyanthum and then ask TPA to do the needed changes on the email setup (IMAP server).We might need first to setup a test environment to test it thoroughly.
When we are ready to do the deployment we should configure everything on polyanthum and then ask TPA to do the needed changes on the email setup (IMAP server).Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/83Circumvention map API should provide the list of countries that needs circumv...2022-02-10T19:57:48Zmeskiomeskio@torproject.orgCircumvention map API should provide the list of countries that needs circumventionLet's add an extra API endpoint that just provides the list of countries that have settings for: `/circumvention/countries`.Let's add an extra API endpoint that just provides the list of countries that have settings for: `/circumvention/countries`.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/61Moat deployment for testing2021-10-20T12:13:04Zmeskiomeskio@torproject.orgMoat deployment for testingLets deploy the moat version on development and check that everything works as expected.Lets deploy the moat version on development and check that everything works as expected.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/57Make a new distributor for BridgeDB2021-09-29T17:19:00ZGabagaba@torproject.orgMake a new distributor for BridgeDBAs we are going to be running rdsys with bridgedb as a first step, we need to have a distributor in rdsys to give bridges to bridgedb.
- [ ] bridgedb distributor in rdsys
- [ ] modify bridgedb to get files from rdsys instead of bridge a...As we are going to be running rdsys with bridgedb as a first step, we need to have a distributor in rdsys to give bridges to bridgedb.
- [ ] bridgedb distributor in rdsys
- [ ] modify bridgedb to get files from rdsys instead of bridge authoritiesDeploy RDSYS alongside BridgeDBmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/56Consider persistent storage of bridge information2024-03-26T18:34:48ZGabagaba@torproject.orgConsider persistent storage of bridge informationWe may want to switch to a persistent storage mechanism, such as a database, for bridges. This is done in BridgeDB to "remember" which distribution bucket a bridge belongs to so that bridges are not reshuffled and therefore more easily b...We may want to switch to a persistent storage mechanism, such as a database, for bridges. This is done in BridgeDB to "remember" which distribution bucket a bridge belongs to so that bridges are not reshuffled and therefore more easily blocked by censors.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/16Document rdsys's architecture and design2020-11-22T02:55:55ZPhilipp Winterphw@torproject.orgDocument rdsys's architecture and designLet's document rdsys's architecture and design. The documentation has the following purposes:
* Help prospective developers familiarise themselves with rdsys.
* Explain to bridge operators, users, and researchers how bridges are managed....Let's document rdsys's architecture and design. The documentation has the following purposes:
* Help prospective developers familiarise themselves with rdsys.
* Explain to bridge operators, users, and researchers how bridges are managed.
The documentation should go into README.md, a more extensive document in the doc/ directory, and a blog post. Here's a bit of documentation to get us started:
---
## Introduction
* BridgeDB needs an overhaul.
- Code base is complicated and convoluted; difficult to make big changes.
- Antiquated and rigid architecture.
* Been reimplementing the service in Golang.
### Goals
* Zero-latency architecture
* abstract, lightweight, resilient, and extensible design
## Code abstractions
How is the code organised?
* "Clean architecture"
- Code centers around domain logic.
* Rdsys distributes resources to users.
- Resource can be a bridge, proxy, Snowflake, or even Tor Browser links.
## System architecture
What components are there and how do they talk to each other?
<!-- insert architecture diagram -->
### Registration mechanism
* Rdsys supports resources that are not coupled to a tor process. These
resources (e.g. Snowflakes, HTTPT proxies, etc.) can register themselves.
### Microservices
* Backend plus several distributor processes.
* Distributors use an HTTP streaming API to learn about resource updates.
### Distributors
* Will build Salmon for rdsys.
### Feedback loop with OONI
* Hand out bridges to OONI for testing; incorporate results into rdsys. Salmon
actually relies on these results.
### Bridge testing with bridgestrap
* Upon learning about new resources, rdsys tests them via bridgestrap.Sponsor 30 - Objective 2.4Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/12Deploy rdsys alongside BridgeDB2022-02-28T16:52:51ZPhilipp Winterphw@torproject.orgDeploy rdsys alongside BridgeDBOnce we have an MVP, it's time to deploy rdsys on polyanthum, alongside BridgeDB. An MVP could (re)implement the HTTPS distributor (tpo/anti-censorship/rdsys#2) and/or Salmon (tpo/anti-censorship/rdsys#1). Here's how BridgeDB and rdsys c...Once we have an MVP, it's time to deploy rdsys on polyanthum, alongside BridgeDB. An MVP could (re)implement the HTTPS distributor (tpo/anti-censorship/rdsys#2) and/or Salmon (tpo/anti-censorship/rdsys#1). Here's how BridgeDB and rdsys could share bridge descriptors:
~~1. BridgeDB and rdsys could both pretend that the other one doesn't exist and simply use all descriptors. That's the simplest solution but it increases the odds of a bridge being blocked (because it's handed out by more than one distributor)~~
2. We could siphon off a fraction of our descriptors and reserve it for rdsys. That means that both rdsys and BridgeDB need code that decides who a given descriptor belongs to.
Milestone for this in http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/anti-censorship/rdsys/-/milestones/1Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/11Support internationalised text2023-07-31T14:57:31ZPhilipp Winterphw@torproject.orgSupport internationalised textLet's figure out how we can internationalise rdsys's user-facing strings.
- [x] localization code
- [x] hook it up with transifexLet's figure out how we can internationalise rdsys's user-facing strings.
- [x] localization code
- [x] hook it up with transifexSponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.org