Team issueshttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues2024-03-15T17:12:53Zhttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/135Fastly blocked domain fronting2024-03-15T17:12:53ZGusFastly blocked domain frontingIt seems Fastly has started to block domain fronting today (2024-03-01):
```
Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [0cc7e46ae66a20cf2bce81a1fb4bc83c2b27d310f7177487dfb9665316892903] in use...It seems Fastly has started to block domain fronting today (2024-03-01):
```
Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [0cc7e46ae66a20cf2bce81a1fb4bc83c2b27d310f7177487dfb9665316892903] in use with this connection.
```
@ValdikSS reported this issue 3 days ago on Net4people BBS: https://github.com/net4people/bbs/issues/309#issuecomment-1968514057
This issue is affecting:
- Moat, Connection Assist, and Snowflake.
For Snowflake, meek-azure broker seems to be working fine:
```
Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.azureedge.net/ fronts=ajax.aspnetcdn.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA https://snowflake-broker.azureedge.net/ fronts=ajax.aspnetcdn.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
```Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/80is moat distributing bridges marked as blocked in russia?2024-03-07T18:10:20Zmeskiomeskio@torproject.orgis moat distributing bridges marked as blocked in russia?Someone has reported that moat/bridgedb is distributing bridges marked as blocked in russia (e.g. https://metrics.torproject.org/rs.html#details/1807BF9A521468998385F179DDBF928D2482A62C).Someone has reported that moat/bridgedb is distributing bridges marked as blocked in russia (e.g. https://metrics.torproject.org/rs.html#details/1807BF9A521468998385F179DDBF928D2482A62C).Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/108what percentage of settings bridges are blocked in china?2024-03-05T18:14:47Zmeskiomeskio@torproject.orgwhat percentage of settings bridges are blocked in china?We want to know what percentage of bridges in the settings pool are blocked in china. We could test a subset of them manually from a vantage point.
But maybe we can work with logcollector to get this information constantly. We could tes...We want to know what percentage of bridges in the settings pool are blocked in china. We could test a subset of them manually from a vantage point.
But maybe we can work with logcollector to get this information constantly. We could test a different set of bridges on each run, we could even feed that information back into rdsys and don't distribute bridges being blocked after having test them.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/79Help operators to test their bridges in China2023-10-11T12:18:22ZGusHelp operators to test their bridges in ChinaI saw some engagement with the new metrics "blocklist" info. I think having that info displayed for other countries like China would be good for the bridge operator community, as many of them don't know that their bridges are blocked.
A...I saw some engagement with the new metrics "blocklist" info. I think having that info displayed for other countries like China would be good for the bridge operator community, as many of them don't know that their bridges are blocked.
As this would require some integration in rdsys/metrics/probetest and more work for the AC team, we could start small. @meskio and @shelikhoo suggested of writing a short howto to be published in the Support portal to help operators to test manually their bridge if it's blocked in China.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetshelikhooshelikhoo