Anti-censorship team report: November 2020
Tor's anti-censorship team writes monthly reports to keep the world updated on its progress. This blog post summarizes the anti-censorship work we got done in November 2020. Let us know if you have any questions or feedback!
Snowflake
-
Worked on getting Snowflake working for Onion Browser for iOS.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/…
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/…
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/… -
Set up and debugged a remote probe test to determine NAT compatability of Snowflakes.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/… -
Modified the NAT type classifications of Snowflake clients to distribute proxies more evenly.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/… -
Created a patch that orders Snowflake's "snowflake-ips" metrics line by the number of requests.
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/…
Rdsys
-
Created a page that shows a bridge's test result. This allows operators to check if their pluggable transports work correctly. You can query your bridge status by visiting:
https://bridges.torproject.org/status?id=FINGERPRINT
Note that the status page currently only tells you the status of your bridge's obfs2, obfs3, obfs4, and scramblesuit.
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/10
Also, the service is still experimental and occasionally offline. -
Made it possible to look up a bridge's status by providing its hashed fingerprint.
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/28 -
Finished documentation on rdsys's design and architecture. You can take a look at it here:
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/master/d…
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/16 -
Researched libraries to do i18n for rdsys. The library go-i18n seems to check all of our boxes.
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/11 -
Filed an issue to get a Transifex resource to do i18n for rdsys.
https://gitlab.torproject.org/tpo/community/l10n/-/issues/40009 -
Made rdsys pool bridgestrap requests to make the interaction between both services more efficient.
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/24 -
Made rdsys's supported resources configurable. This is important because some bridge operators set up adventurous things like their own meek, and we don't want to distribute those.
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/29
Salmon
- Spent some time on our privacy-preserving Salmon modifications but haven't yet managed to come up with a clean implementation. More work is needed.
https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/21
Bridgestrap
-
Made bridgestrap export metrics that are now scraped by our Prometheus instance. The raw metrics are publicly accessible at:
https://bridges.torproject.org/bridgestrap-metrics
https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/4 -
Deployed bridgestrap on polyanthum, the host on which BridgeDB and rdsys run.
https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/5 -
Finally merged our SETCONF-based rework of how bridgestrap does its testing.
https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/3 -
Added a field to bridgestrap's test result that informs the requester when a bridge was last tested.
https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/6 -
Spent some time debugging why the number of functional bridges decreases as we test more bridges in parallel. More work is needed.
https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/7 -
Made bridgestrap's cache timeout configurable.
https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/8
Other
-
Cecylia presented the anti-censorship team's yearly progress as part of our State Of The Onion presentation:
https://www.youtube.com/watch?v=IyWyTypRGWQ -
Added a new obfs4 default bridge. Thanks to Louis-Philippe Véronneau for operating the bridge!
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/402… -
Brainstormed ways to stream bridge updates from Serge (our bridge authority) to polyanthum (the host where rdsys and bridgestrap are running).
https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/9 -
Updated monit configuration to make it monitor Snowflake's probetest service and bridgestrap.
-
Worked with Gus to ask a few folks to run emma in countries that we believe block some aspects of Tor.
-
Philipp is going to review submissions for the DNSPRIVACY 2021 workshop.
https://dnspriv21.hotcrp.com -
Sponsor 28 scrimmage and PI meeting.
Comments
Please note that the comment area below has been archived.
Hi, what is Sponsor 28 about…
Hi,
what is Sponsor 28 about? Can you provide more details please?
The project name is …
Sponsor 28 is a DARPA-funded project under the title "Reliable Anonymous Communication Evading Censors and Repressors". You can find more information here:
https://www.darpa.mil/program/resilient-anonymous-communication-for-eve…
https://racecar.cs.georgetown.edu/
https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor28
Sponsor 28 funds most of our Snowflake work.
Fantastic. Thank you very…
Fantastic. Thank you very much for the quick reply.
Were there utilitarian…
Were there utilitarian reasons why Tor Project chose that naming convention for sponsors?
I believe some sponsors…
I believe some sponsors occasionally choose to remain anonymous.
@ Phillip Winter: I think…
@ Phillip Winter:
I think you recognize how utterly absurd that sounds. Once again, as a loyal user and would-be donor (but Tor won't take my money--- why not?), I ask that Tor Project stop taking funds from DARPA and like minded USG agencies which are involved in killing people overseas and doing nasty things inside the USA.
I don't think it's absurd…
I don't think it's absurd. There is a lot of complexity and nuance to the topic of funding. I wouldn't mind having that discussion but it sounds like you've already made up your mind.
The sponsor number system…
The sponsor number system was developed for consistency across teams, specifically making it easier for accounting. We need to easily and accurately track spending, costs, and activities associated with each sponsor. We often have overlapping projects with the same sponsor and need all teams to be able to easily identify and differentiate each project. The numbers are not meant to anonymize sponsors.
With regard to Philipp's comment, it is not uncommon in the nonprofit world for private foundations to request not to be publicly associated with the projects they fund (in this hypothetical example, they would request not to be listed on https://torproject.org/about/sponsors). This can happen for many reasons, and it does not mean that they are anonymous. If their donation rises above $5,000, we are required by the IRS to report it, and you can find out more by looking at our published tax documentation (https://www.torproject.org/about/reports/).
As far as I know, there has never been an instance at the Tor Project where funding from public organizations / governments has been anonymous / pseudo anonymous.
@ Phillip Winter: Please…
@ Phillip Winter:
Please ensure that my post regarding problems with mail delivery Tor Project's P.O. Box appears in this blog. Your box appears to be defunct (sez USPS) and that is utterly unacceptable for an NGO in the middle of a funding drive.
Quite frustrating that Tor Project continues to take grants from DARPA--- hello? not our friends!---- but is rejecting my own attempts to put my money where my mouth is regarding moving from USG largess to a user-funded model.
TIA
We have confirmed that mail…
We have confirmed that mail forwarding is in fact active. Whatever issue there is appears to be internal to USPS.
TOR BEING BLOCKED ON ANDROID…
TOR BEING BLOCKED ON ANDROID VIA H20 ATT MVNO ISP NETWORKS? BRIDGES NOT WORKING...CLOSED.
Are you requesting your…
Are you requesting your bridges over the built-in "request bridges from bridges.torproject.org" feature? If so, that feature broke the other day but we already wrote a fix that will roll out shortly.
Why can I not set TOR as my…
Why can I not set TOR as my browser by default ? Firefox was set up as such before I joined Tor and it won't let me change that. This seems very abusive to me. I plan to slowly move totally away from Firefox and delete the program altogether. This should solve the problem, shouldn't it ?
https://support.torproject…
https://support.torproject.org/tbb/tbb-32/
Furthermore, some website administrators reject connections from the Tor network. You will likely find that you need to keep a normal browser for certain websites. Remember also that your OS and programs/apps besides Tor Browser will continue to make HTTP connections for other purposes using the configuration and libraries built into your OS which may ignore the tor proxy daemon as well as Tor Browser's strategies to resist fingerprinting. Sometimes, that's nothing to worry about.
https://support.torproject.org/tbb/tbb-30/
https://support.torproject.org/censorship/censorship-2/
https://support.torproject.org/tbb/tbb-43/
Tor on Android still full of…
Tor on Android still full of bugs and needless permissions, why can't we comment on the post about the latest Android Alpha version?
Some of the Android…
Some of the Android questions have already been answered here: https://blog.torproject.org/new-release-tor-browser-1004#comments
You allow my comment which…
You allow my comment which asks questions, but don't bother to respond with an answer despite answering to others? You really need to think of how these things make you look. If I was an agency operating in a hostile enviroment I would remove all Tor on Android installations for security reasons, the dev teams have never historically come to any harm for their failings, its always the end users who pay.
Tor is not free as in freedom, its free as in unmarketable, can you imagine if some VPN company was this shoddy?
Remove needless permissions
Give back about:config
Stop controlling people under the guise of uniformity, anti fingerprinting is less than useless if a real IP can be found due to bugs which are too burdenous for your dev team to look at (a "ticket" doesn't count)
If you truly care for anonymous users and the above is too much then PLEASE hand this branch back to GuardianProject. Orbot and Orfox was years beyond this and yet you've killed off Orfox to ensure the only remaining option is this mess.
Please stop rasing tickets and calling it a day, this isn't how things used to be.