15:58:08 <cohosh> #startmeeting tor anti-censorship meeting
15:58:08 <MeetBot> Meeting started Thu Mar 11 15:58:08 2021 UTC.  The chair is cohosh. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:58:08 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:58:13 <cohosh> hey everyone
15:58:24 <cohosh> here is our meeting pad: https://pad.riseup.net/p/tor-anti-censorship-keep
15:58:39 <cohosh> there's not much on the agenda for today
15:59:08 <dcf1> someone has helpfully translated the public bug-reporting pad to Chinese https://pad.riseup.net/p/tor-anti-censorship-bugs-keep
15:59:41 <dcf1> hanneloresx: are you here? can you say if the translation is any good? I will put the English back, but if the Chinese is fine, might as well keep it as well
15:59:42 <cohosh> oh nice!
16:00:15 <hanneloresx> the translation is great
16:00:40 <dcf1> thanks for checking
16:01:11 <hanneloresx> no prob
16:01:59 <cohosh> anybody need help or reviews for anything?
16:02:21 <dcf1> cohosh: I have some of your issues in my inbox waiting for attention
16:02:27 <dcf1> notably snowflake!30
16:02:34 <cohosh> ah thanks!
16:02:50 <cohosh> yeah i'm interested in your thoughts on that issue since it is related to turbotunnel
16:03:32 <dcf1> about https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40002#note_2728512
16:03:52 <dcf1> were the bridge lines you sent obfs4 or vanilla? If vanilla, the problem may not be enumeration but active probing
16:04:00 <cohosh> we gave both
16:04:10 <cohosh> none of the vanilla bridges were blocked
16:04:21 <cohosh> only default and email distributed obfs4 bridges are blocked
16:04:27 <cohosh> and tor relays
16:04:40 <dcf1> hmm interesting
16:04:42 <cohosh> so we think it's specifically not dpi or active probing
16:04:46 <agix> hi
16:05:06 <cohosh> yeah, and actually only one email distributed bridge wasn't blocked and it was created at the end of february
16:05:13 <cohosh> agix: hi!
16:05:38 <cohosh> so i sent a few more bridge lines to check to see if we can pin down when the enumeration happened (if it did)
16:05:56 <cohosh> yeah this is really interesting
16:06:35 <cohosh> also the blocking itself looks unusal to me. do we know of more blocked that happens at the last ACK of the TCP handshake?
16:06:42 <cohosh> no RST or FIN packets
16:06:49 <dcf1> yeah that is familiar from something else
16:06:52 <cohosh> just everything disappears
16:06:54 <cohosh> ah ok
16:07:04 <dcf1> maybe the recent ESNI block in China was like that, server->client?
16:08:46 <cohosh> cool, maybe we can figure out what hardware/software the censors are using
16:08:49 <dcf1> er, I mean, if I understand correctly the situation in Belarus, the connection is blocked only after the server's SYN/ACK (which arrives at the client)
16:08:55 <cohosh> yup
16:09:46 <cohosh> with enumerating the bridges from the email bucket in bridgedb
16:10:02 <cohosh> it makes sense in some ways that that would be the distributor they go for
16:10:17 <cohosh> if they blocke bridges.torproject.org they might not think to enumerate those
16:10:50 <cohosh> and it's probably more difficult to write a script to enumerate moat bridges because of the CAPTCHA
16:11:38 <cohosh> all you need is a email address and a script that gets bridges like once a day and you're pretty much undetectable
16:11:45 <cohosh> *a gmail adress
16:13:48 <cohosh> anyway, i'm curious to see what happens
16:15:03 <cohosh> i wonder if we should put more effort into distributing private bridges in belarus
16:15:23 <cohosh> moat bridges still work and that's our most popular distributor
16:16:03 <cohosh> i'm also looking into the snowflake situation in china
16:16:21 <cohosh> it has become unusable and i'm not sure yet whether that's because of performance or if snowflake IPs are getting blocked
16:16:28 <cohosh> hopefully i'll have an udpate next week :)
16:17:06 <dcf1> yeah it's really hard to say
16:18:37 <cohosh> any other discussion for this week?
16:21:10 <cohosh> okay i'll end the meeting here
16:21:13 <cohosh> thanks everyone
16:21:17 <cohosh> #endmeeting