17:00:18 <phw> #startmeeting anti-censorship weekly checkin 2019-06-27
17:00:18 <MeetBot> Meeting started Thu Jun 27 17:00:18 2019 UTC.  The chair is phw. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:18 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:00:30 <phw> our pad is available here: https://pad.riseup.net/p/tor-censorship-2019-keep
17:00:48 * cohosh is here but partially distracted by another meeting
17:01:09 <phw> our only announcement is that right after this meeting, we will continue with our race meeting
17:01:18 <ahf> :-)
17:01:37 <phw> for those of you who don't know: race is a new project that will help us push forward our PT spec and obfs5
17:02:08 <phw> next up is our discussion section.  the first item is bridgedb.
17:02:35 <gaba> i'm bringing this up mostly to have an update on what is going on and try to understand plan and priorities for it.
17:02:37 <phw> so, bridgedb was rather broken over the last few months and many valid requests for bridgedb resulted in an empty response
17:03:00 <phw> i spent a lot of time looking at logs and at the moment it looks like there is no problem... anymore?
17:03:10 <phw> https://trac.torproject.org/projects/tor/ticket/30441#comment:17
17:04:05 <ahf> people got a response from the site with no Bridge lines to use or they got some with unavailable bridges in?
17:04:06 <phw> it looks like all valid bridgedb requests currently result in 1-3 bridges
17:04:44 <phw> ahf: both, actually, but the problem is primarily the former
17:04:57 <ahf> ok
17:05:07 <phw> so, there are two problems, really: bridgedb giving you an empty response, and bridgedb giving you broken obfs4 bridges
17:05:18 <gaba> phw: should we ask peopl from front-desk to try it again and let us know?
17:05:20 <phw> we should have made progress on both problems
17:05:41 <phw> gaba: i think that's a good idea
17:05:58 <phw> if y'all wanna give it a try at some point, that would be helpful
17:06:15 <phw> try to request bridges over different channels and let me know if bridgedb doesn't give you bridges
17:06:48 <ahf> late last week i was using some bridges from bridgedb where i thought i couldn't reach them, but i got functioning ones to test #28930 and it turned out it was some network issue on my desktop
17:07:01 <ahf> no blanks and no non-functioning ones
17:07:33 <phw> anyway, even if bridgedb is working again, it's frustrating because i don't fully understand what caused the issues over the last months.
17:08:12 <phw> i also had to blacklist ~50 obfs4 bridges whose obfs4 port was unreachable
17:08:42 <cohosh> ouch >.< that's a lot
17:08:51 <gaba> :/
17:09:14 <phw> i'll try to work with gman to have the bridgeauth reject them, so hopefully the operators see a scary warning in their logs and reach out
17:09:41 <gaba> do we need to work with community to find a way to get more people setting up bridges?
17:10:05 <phw> gaba: yes.  i reached out to tor-relays@ the other day.  one person responded to me directly, saying that the instructions were very useful.
17:10:13 <gaba> nice
17:10:20 <phw> the next step is to work on a broader outreach campaign
17:10:37 <ahf> nice
17:10:38 <phw> one remaining question is if we only want obfs4 bridges, or if we also want vanilla bridges
17:11:07 <phw> the problem is: if you set up an obfs4 bridge, it's *only* distributed as obfs4, and no longer as vanilla.  that means that if we want a vanilla bridge, it must not run obfs4.
17:11:50 <gaba> maybe a blogpost about bridges again and links on how to set them up so we can share that and ask people at Tor to add slides about bridge creations when they give talks about Tor.
17:11:57 <ahf> hm, that sounds like something we should fix in core tor?
17:12:03 <phw> at the moment, i think we have slightly more vanilla bridges than obfs4 bridges
17:12:25 <phw> ahf: just to be clear, that's by design, and done by bridgedb
17:12:51 <ahf> ah, okay, so the bridge auth is aware that the bridge can do both obfs4 and vanilla?
17:13:01 <phw> imagine your bridge runs vanilla and obfs4, and you hand out the vanilla line to someone in china.  the gfw will recognise vanilla tor and block your entire bridge, including the obfs4 port, which could have worked in china.
17:13:12 <phw> basically, vanilla tor is a liability to obfs4 ;)
17:13:15 <ahf> yeah
17:13:49 <phw> the bridge auth is aware, yes, but bridgedb is the one deciding what lines to hand out to users
17:14:02 <ahf> cool
17:14:17 <phw> gaba: yes, sounds good.
17:14:51 <phw> speaking of obfs4: i have a quick question for catalyst and ahf
17:15:03 <ahf> yep?
17:15:08 <phw> several bridge ops configured a private ip address for their obfs4 bridge
17:15:29 <phw> the PT spec explicitly allows this but says that some kind of redirection must be in place for this to work
17:16:18 <phw> this may be a tor issue.  i don't think any private ip addresses should end up in a descriptor, right?
17:16:21 <ahf> yeah, common for relay operators too (to bind tor on port 80/443 without running as root i believe)
17:16:46 <ahf> no, if we don't have an option right now for specifying a "hidden IP" (not going in the descriptor) and the public IP then we should fix that
17:17:17 <phw> ok, i can create a ticket for that
17:17:36 <ahf> in torrc see the flags for ORPort: NoListen, NoAdvertise
17:18:17 <ahf> yes, please do, sounds like a good thing to fix (if it's a good thing that relay operators listen on the 1-1024 port range)
17:18:24 <phw> gotcha, thanks!
17:18:54 <phw> ok, i think that concludes are discussion about bridgedb and about setting up new obfs4 bridges.  anything else?
17:19:39 <phw> the next item is the snowflake webextension that arlolra has been working on
17:19:58 <phw> as i understand it, there's now a usable prototype that's already in the mozilla addons store!
17:20:04 <cohosh> \o/
17:20:11 <ahf> awesome \o/
17:20:11 <antonela> \o/
17:20:12 <phw> and arlolra also submitted it to the chrome store where it's pending review
17:20:17 <phw> that's a huge milestone :)
17:20:32 <phw> also thanks to antonela for all the ui feedback!
17:20:43 <antonela> happy to help!
17:21:22 <gaba> :)
17:21:42 <phw> at this point we could use more testers, so please add it to your browser and file tickets if something's wrong
17:21:43 <cohosh> arlolra: feel free to assign webextension tickets to yourself if you have plans to work on them
17:21:57 <cohosh> i sorta jumped in there on the toggle ebcause we were getting some pressure
17:22:04 <cohosh> but i want to avoid stepping on your toes with stuff
17:22:09 <phw> i wonder if we have a meta ticket that keeps track of all the webextension improvement tickets
17:22:20 <cohosh> there's a snowflake-webextension keyword
17:22:28 <phw> ah, thanks cohosh
17:22:41 <arlolra> cohosh: no, no, I broke it out into separate tasks so you can start helping
17:23:04 <arlolra> and, sadly, I don't think we can declare victory until #30998 is fixed
17:23:05 <cohosh> arlolra: cool ^_^ it was fun to get caught up to speed on webextension development again
17:23:24 <cohosh> ah yeah, do you know who owns/maintains the websocket code?
17:23:32 <arlolra> probably dcf
17:23:48 <gaba> we can close #30931, right?
17:24:08 <arlolra> gaba: sure
17:25:24 <phw> anything else to add wrt our discussion section?
17:25:52 * phw interprets *crickets* as "no"
17:26:21 <phw> there's a paper in the 'interesting links' section that we should skim: https://www.ndss-symposium.org/ndss-paper/enemy-at-the-gateways-censorship-resilient-proxy-distribution-using-game-theory/
17:26:26 <phw> published at this year's ndss
17:26:54 <phw> ok, let's check out each other's 'heeds help with' section
17:27:29 <phw> like i said, it would be great if you could request bridges from bridgedb and let me know if you didn't get any
17:27:35 * cohosh has lots of code to review
17:28:12 <gaba> ok
17:28:15 <cohosh> i think #21315 will be fast
17:28:21 <phw> cohosh: i can review #21315 again
17:28:23 <cohosh> and phw reviewed a previous version
17:28:26 <cohosh> phw: ty!
17:28:34 <arlolra> cohosh: I can review #30934
17:28:40 <cohosh> arlolra: awesome, thanks!
17:28:47 <cohosh> the others can wait a bit
17:28:57 <cohosh> #28942 is the pion integration
17:29:14 <cohosh> i'm still waiting to hear back on some PRs from them though
17:29:23 <cohosh> so that can wait a bit
17:29:38 <cohosh> and so can the sequencing stuff
17:30:43 <phw> dcf had a look at one of these two, right?
17:31:33 <cohosh> yeah at the sequencing work
17:31:49 <cohosh> i can move forward with that since this round was implementing suggested fixes
17:32:14 <phw> great!
17:32:41 <gaba> is anybody reviewing #30998?
17:32:48 <gaba> #30998
17:32:50 <phw> then there's #30998 left.  we need dcf for this, right?
17:33:53 <cohosh> probably yes
17:34:19 <phw> ok, i think we're good for today, then.  any last words?
17:34:44 <arlolra> cohosh: I need a firefox account from you
17:35:07 <cohosh> ah i can make one after this meeting
17:35:26 <arlolra> thanks
17:35:55 <gaba> we are not having meetings for the next two weeks? 4july and then traveling to tor meeting?
17:36:36 <arlolra> fwiw, I think we have access to the default bridge
17:36:37 <arlolra> https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam/SnowflakeBridgeSurvivalGuide#Bridgesurvivalguide
17:36:50 <phw> oh, that's right gaba.  next week is july 4, then we have tor-dev
17:36:59 <arlolra> but yes, having a dcf would be preferable
17:37:08 <phw> do you think that's too long?
17:37:52 <cohosh> arlolra: ah we can add the patch now and wait to upstream it you mean?
17:38:11 <phw> oh, also, this is our last meeting for this month and i'll compile our monthly report over the next few days
17:38:28 <phw> it would be great if everyone could add their highlights of the month to a pad
17:38:31 * phw creates a pad
17:39:03 <arlolra> cohosh: yes, if needs be
17:39:18 <phw> https://pad.riseup.net/p/h4FrASe8pVEaAfmUs_IG
17:40:23 <phw> anything else, gaba_
17:40:26 <phw> ?
17:41:05 <gaba> nop
17:41:10 <phw> ok, thanks everyone!
17:41:13 <phw> #endmeeting