15:58:37 <cohosh> #startmeeting tor anticensorship meeting
15:58:43 <cohosh> happy new year
15:58:49 <phw> first meeting of 2021!
15:59:08 <agix> hey, happy new year!
15:59:20 <cohosh> :D
15:59:50 <cohosh> here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep
15:59:58 <cohosh> dcf1: i think you have the first announcement
16:00:34 <dcf1> The Counter-Power Lab, who contracted with me for the Turbo Tunnel work, is required to get a security audit of work they fund
16:01:10 <dcf1> This includes the parts that affect Snowflake I believe, and I've invited them to interact with the anti-censorship team and not me exclusively on the Snowflake parts
16:01:35 <dcf1> Current status is I sent them a summary of the work and links to all the source code, and they are coming up with a plan and scope of work.
16:01:58 <cohosh> oh nice
16:02:37 <dcf1> next discussion point is mine too
16:03:00 <dcf1> I found a link where a user was worried about their snowflake extension connecting to bamsoftware.com
16:03:23 <dcf1> I looked at it a little bit and thought that we had cahnged the doamin (in the extension) quite a long time ago
16:03:50 <dcf1> my question is, am I wrong about the domain being changed; and if not, how did this user get an extension that still connects to this old domain?
16:04:01 <cohosh> huh
16:04:34 <cohosh> you're right, it should have been changed
16:04:41 <dcf1> They link the right addons page, https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/ in the reddit post
16:05:02 <dcf1> Possibly they deliberately installed a very old version? Maybe there is something wrong with the packaging?
16:05:13 <phw> snowflake-broker.bamsoftware.com is a cname for snowflake-broker.freehaven.net. maybe that's the issue?
16:05:15 <cohosh> there is one edge case i've been worried about, which is that a long time ago we checked a box to make the extension available on android
16:05:38 <cohosh> we stopped checking the box because it wasn't at all useful
16:05:54 <dcf1> mhmm
16:06:04 <cohosh> but maybe there were some users who added the extension that way who still ahve a super old version?
16:06:26 <dcf1> checking just now: `unzip -p snowflake-0.5.2-fx.xpi | grep bamsoft` (no output). `unzip -p snowflake-0.5.2-fx.xpi | grep freehav` (Config.prototype.brokerUrl = 'snowflake-broker.freehaven.net';)
16:06:46 <dcf1> Or maybe a super old version is all that's available to install for android?
16:07:40 <cohosh> right, yeah
16:08:00 <cohosh> i hoped that failing to check the box would somehow make it not installable that way
16:08:14 <cohosh> or discontinue extensions that were installed
16:09:11 <cohosh> is malwarebytes a windows thing though?
16:09:15 <phw> malwarebytes may be looking at dns reqs without considering the semantics of a cname, in which case it always sees the bamsoftware domain
16:09:32 <dcf1> Okay is there something actionable we can do here? Open a ticket to at least see what the add-ons page offers on Android?
16:09:51 <cohosh> that makes sense
16:09:51 <dcf1> phw: that's a good thought.
16:10:05 <cohosh> that seems more likely
16:10:14 <dcf1> dig snowflake.freehaven.net
16:10:17 <dcf1> ;; ANSWER SECTION:
16:10:17 <dcf1> snowflake.freehaven.net. 3600   IN      CNAME   snowflake.bamsoftware.com.
16:10:17 <dcf1> snowflake.bamsoftware.com. 86400 IN     A
16:10:49 <phw> i just tested with wireshark: i see bamsoftware.com in my dns responses when i turn snowflake on
16:11:30 <dcf1> great, sounds like the mystery is solved
16:11:42 <dcf1> now is it a good course of action to make *.freehaven.net plain A records?
16:11:51 <cohosh> yeah, or the torproject.net domains
16:12:01 <cohosh> and then make freehaven and CNAME for torproject.net
16:12:23 <dcf1> seems that *.torproject.net are already not CNAMES
16:12:44 <cohosh> aha okay so maybe just change the CNAME for freehaven
16:12:51 <dcf1> ok, I'll make a ticket to that effect
16:12:57 <cohosh> thanks dcf1
16:12:58 <dcf1> thanks for the laser debugging
16:14:06 <cohosh> okay the next discussion item is to pick a reading
16:14:28 <cohosh> are we interested in starting this up again?
16:14:59 <dcf1> On BBS I have a list of reading I'm behind on https://github.com/net4people/bbs/wiki/Reading-list
16:15:21 <phw> i'm neutral on this because i often failed to read the papers
16:17:04 <agix> i would prefer to keep it up, but I leave it up to you guys
16:17:05 <cohosh> i've really liked the chance to have discussions with people outside of tor
16:17:05 <phw> (i'm not going to pick a paper because it's a bit rude to suggest reading that i may not read myself)
16:17:32 <cohosh> the psiphon paper looks like it might be directly relevant to us
16:17:39 <cohosh> https://tics.site/proceedings/2019a/icn_2019_7_10_38005.pdf
16:18:32 <phw> i'd be up for reading that
16:18:44 <agix> +1
16:19:22 <cohosh> cool, so two weeks from now.. on january 21st?
16:19:32 <cohosh> it's also a shorter paper (5 pages)
16:19:34 <phw> sounds good!
16:19:43 <phw> yes, a light read to ease into 2021
16:20:46 <cohosh> okay and then one last action item to update the monthly report for december: https://pad.riseup.net/p/mh4PvdOzncZlcxwHGROn
16:22:04 <cohosh> let's look at our needs help with
16:22:32 <cohosh> phw: i can do bridgestrap!5
16:22:41 <phw> cohosh: thanks!
16:22:47 <dcf1> I'll do snowflake!25
16:22:54 <cohosh> thanks dcf1
16:23:36 <cohosh> anything else for today?
16:23:43 <phw> not from me
16:24:26 <agix> nope
16:24:39 <arma2> i also had a report from a family member whose AV was triggering on their snowflake firefox extension
16:24:53 <arma2> every time their snowflake connected to the broker, it popped up an "omg malware" window on their windows system
16:25:08 <cohosh> oof this is a good thing to get fixed
16:25:10 <dcf1> arma2: I'll assign the ticket I make to you, as you are probably the one who can change freehaven.net DNS records?
16:25:12 <arma2> sounds like it might be the same issue as the backlog
16:25:24 <arma2> yes, i can change dns records for freehaven
16:25:31 <dcf1> ok
16:25:36 <arma2> at least, i think. we'll see if i have the skillz. but if not me, nobody
16:26:06 <arma2> cohosh: yeah, they saw the defcon talk from years ago and were like "finally i will help roger with something" and now they run cupcake and snowflake
16:26:20 <arma2> i'm not sure if running cupcake is even wise at this point
16:26:30 <cohosh> we kicked out cupcake users
16:26:38 <arma2> but also, cupcake wasn't the extension causing the problem, so i left that one alone :)
16:26:41 <cohosh> just by checking what version they are running
16:26:45 <arma2> ok
16:27:11 <cohosh> if it gets updated it'll work again
16:28:00 <cohosh> alright i'll close the meeting for today
16:28:04 <cohosh> have a great week everyone!
16:28:08 <cohosh> #endmeeting