Opened 2 months ago

Closed 2 months ago

Last modified 2 months ago

#26098 closed defect (fixed)

remove meek-amazon from the Tor Browser

Reported by: inf0 Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-bridges meek TorBrowserTeam201805
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description


Hash: SHA512

Please remove the meek-amazon bridge from the Tor Browser. Amazon is no longer supporting 'domain-fronting' and has effectively asked us to stop this CDN end-point.
Patch file is attached to this ticket.

Some more details here:
https://blog.torproject.org/domain-fronting-critical-open-web

  • --Sina

Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJa+dysAAoJEMeylP64yITypVQP/R3KYgX0Xvm2AjmoDb2ltQ5m
2iupbfV1PPmVBIOPbM9bCPAETo9F4ANol5PjUNPSQClfp+qicpCLbcLCVAXxwovA
Ul2Rfq92/Ib3ZFTyfJJh7jxxnE744VIQ5S/x/S3ra5DcmletG1aaFViHQs0+S2Qa
hsrcpGioktLV88kC2XwJYAAiTTZ3qvZgc44xV2kG4eGIVWUWBvXEqsvICqCbxxqa
c7CBX0bSDW+/nV78+een56FXIxcmEK4hTdpsL2KfVjbf0cRCnEkY1lyhBtzL+KqM
R73o+aG3Ab/gqFVHKHW0ie3cuo3frvbjF9DJf2OoBmmHo+r/HzoU5dnlFMdM/8PN
oOvkWT2bHpFjfB+ir/253Bbtg9CNdUIgGNwJ3/mrbATZ35W5bILe68IQtFHnObVn
V0ecXhnFJWhhtyawmbjc4cY2eDNfmeulNFJIPgDRrhmRrS/Guaqqj6RPWgLZ8Fd5
CaZf/DHShLlsJNhu/l3kMLgvVbUrbOZIGR3L1mgL3tTGAsIEG89EJH0Ge0KNDLvQ
2qcD5wH+/ZmzMzsPbHOw+IsjGlpIH49IZzrsJKMxEsw4JfYQTHh/Ws2Y6VCIvT+R
adOOSO+lyCgyUbXd7FS+hw+Yq3xUS4U9V2O4c/yinzI2vkS8paoXnPN0Qf5Brn/6
s/eBNqcBbYHSKuiKGfYU
=G0Bu


Child Tickets

Attachments (4)

0001-remove-meek-amazon-from-the-Tor-Browser.patch (1.7 KB) - added by inf0 2 months ago.
0001-remove-meek-amazon-from-the-Tor-Browser.patch.asc (2.6 KB) - added by inf0 2 months ago.
0001-removed-amazon-meek.patch (1.8 KB) - added by inf0 2 months ago.
Use this patch
0001-removed-amazon-meek.patch.asc (2.6 KB) - added by inf0 2 months ago.

Download all attachments as: .zip

Change History (14)

comment:1 Changed 2 months ago by inf0

Another try:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Please remove the meek-amazon bridge from the Tor Browser. Amazon is no longer supporting 'domain-fronting' and has effectively asked us to stop this CDN end-point.
Patch file is attached to this ticket.

Some more details here: 
https://blog.torproject.org/domain-fronting-critical-open-web

- --Sina
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJa+dysAAoJEMeylP64yITypVQP/R3KYgX0Xvm2AjmoDb2ltQ5m
2iupbfV1PPmVBIOPbM9bCPAETo9F4ANol5PjUNPSQClfp+qicpCLbcLCVAXxwovA
Ul2Rfq92/Ib3ZFTyfJJh7jxxnE744VIQ5S/x/S3ra5DcmletG1aaFViHQs0+S2Qa
hsrcpGioktLV88kC2XwJYAAiTTZ3qvZgc44xV2kG4eGIVWUWBvXEqsvICqCbxxqa
c7CBX0bSDW+/nV78+een56FXIxcmEK4hTdpsL2KfVjbf0cRCnEkY1lyhBtzL+KqM
R73o+aG3Ab/gqFVHKHW0ie3cuo3frvbjF9DJf2OoBmmHo+r/HzoU5dnlFMdM/8PN
oOvkWT2bHpFjfB+ir/253Bbtg9CNdUIgGNwJ3/mrbATZ35W5bILe68IQtFHnObVn
V0ecXhnFJWhhtyawmbjc4cY2eDNfmeulNFJIPgDRrhmRrS/Guaqqj6RPWgLZ8Fd5
CaZf/DHShLlsJNhu/l3kMLgvVbUrbOZIGR3L1mgL3tTGAsIEG89EJH0Ge0KNDLvQ
2qcD5wH+/ZmzMzsPbHOw+IsjGlpIH49IZzrsJKMxEsw4JfYQTHh/Ws2Y6VCIvT+R
adOOSO+lyCgyUbXd7FS+hw+Yq3xUS4U9V2O4c/yinzI2vkS8paoXnPN0Qf5Brn/6
s/eBNqcBbYHSKuiKGfYU
=G0Bu
-----END PGP SIGNATURE-----

comment:2 Changed 2 months ago by cypherpunks

Please remove Amazon from the Earth. God is no longer supporting Amazon and has effectively asked us to stop this evil end-point.

comment:3 Changed 2 months ago by gk

Status: newneeds_review

comment:4 Changed 2 months ago by gk

Keywords: TorBrowserTeam201805R added; TorBrowserTeam2018 removed

comment:5 Changed 2 months ago by cypherpunks

What a sad day. :'(

comment:6 Changed 2 months ago by cypherpunks

What a sad day. :'(

Try to look on the bright side. This patch saves thousand bucks per month.

comment:7 Changed 2 months ago by gk

Keywords: TorBrowserTeam201805 added; TorBrowserTeam201805R removed
Status: needs_reviewneeds_revision

Could you write a patch against the tor-browser-build repo? We switch away from Gitian to rbm with Tor Browser 7.5. You'll find the pref file in projects/tor-browser/Bundle-Data/PTConfigs. Thanks.

comment:8 Changed 2 months ago by cypherpunks

Needs a patch as well for Orbot I think (though I can be mistaken): https://gitweb.torproject.org/orbot.git (obfs4 will be the only remaining pluggable transport :'( hopefully snowflake will make its way there)

Changed 2 months ago by inf0

Use this patch

Changed 2 months ago by inf0

comment:9 Changed 2 months ago by inf0

0001-removed-amazon-meek.patch​ added, which is made against the tor-browser-build repo.
I'll make a patch for orbot shortly.

Also note that meek-azure is still alive!

comment:10 Changed 2 months ago by gk

Resolution: fixed
Status: needs_revisionclosed

Applied to master (commit 22af54508a1e98bec13ee9580aac7c1b907043e8) and maint-7.5 (commit efa9901ec57d0d78aa1f8034a922da4f792c0ee0). Those changes will be picked up by the next stable and alpha releases (but we won't do extra releases just to get this bug fixed).

Last edited 2 months ago by gk (previous) (diff)
Note: See TracTickets for help on using tickets.