wiki:org/meetings/2019Stockholm/Notes/S30

S30: Anti-censorship Project Planning

Coordinating the work on Anti-censorship

Facilitator(s): gaba

Audience: OONI, UX, Tor Browser, Anti-Censorship Teams

Duration: 30 min

Prep

Topics for discussion:

  • Revising, evaluating and acknowledging S30 roadmap
  • Identifying future blockers between teams

Notes

Sponsor 30 kickoff notes

Agenda:

  • go through what the proposal is
  • look at our timeline
  • who the stakeholders are
  • look at roadblocks and collaboration

This project is about bypassing censorship and community, we'll go through each team and talk about what the objectives are.

Starts in September and it's a 2 year project

OONI

  • the main area of work is to improve their circumvention tool tests
    • OONI currently has tests for Tor and bridge reachability testing for the desktop version
    • adding support for running Tor inside of a measurement kit for mobile and desktop
    • implementing a TCP connect based bridge reachability test for bridges that are shipped with Tor Browser and other assets
    • add obfs4 based bridge reachability testing
    • integrating the Psiphon test inside of the measurement kit
    • shipping all of this as a part of mobile and desktop app
  • related work: need to configure test vector and configurations to be dynamically updatable. Maybe you get provisioned special bridges or these change over time
  • the results will have to add the data pipeline logic necessary to analyze the results and populate the OONI explore pages with the results and findings
  • would also like to do performance testing to circumvention tools. Running NDT (Network Diagnositic Tool). Tells speed at application level and kernel-level metrics. This is the main test used in the mobile app to measure throughput and latency.
  • make reporting logic more resilient to censorship. Having different cirumvention strategies for uploading results
    • How much is reporting affected by blocking today? A: It's not significant, it's not measured but we haven't heard of any countries that perform pervasive censorship blocking the reporting infrastructure (e.g., Iran and China do not block it)

What are the internal stakeholders at Tor for OONI?

  • For the Tor integration aspect, they would need some help and support from the network team. They made several improvements to integrate Tor in mobile.
  • The anti-censorship team in terms of designing the experiments, taking a look at what they have in mind, helping OONI understand how to provision the testing vectors, what should be tested first w.r.t. the reachability of bridges and other Tor infrastructure. The analysis of the data should be as useful as it could be.
  • need some help from anti-censorship and metrics team to make sure tests aren't being used to enumerate bridges
    • the idea is to use default bridges to start and then later perhaps bridgedb bridges that aren't shipped with Tor Browser

Anti-censorship team

  • Four subojectives about bridgedb, user experience, and how well it does its job
  • create a framework for usage statistics for bridgedb
    • So far people could request bridges from 3 email providers, disabled yahoo recently because of a bug but we don't know how many people were using it beforehand which would have been useful to know
    • Want to learn how many people request bridges over email for what kind of transport

  • Improve user experiences of bridges.torproject.org
    • Lots of UX open tickets with bridgedb, intend to work with UX team
    • cecylia is attending the CLSI to test how well people can access circumvention infrastructure without any training
    • Have lots of issues with existing strategies e.g., email is hard to use
  • question about CATPCHAs
    • right now it's very difficult for people to handle
    • right now there is a probable bot that is able to solve the CAPTCHAs better than humans
  • Better communications and onboarding
    • running a campaign with steph to get more bridges
    • have about 1000 bridges now, over half run obfs4. bridgedb returns 1,2, or 3 bridges at the moment as a fucntion of how many bridges we have. want about 100 more new bridges
  • it would be cool with community trainings to have people identify issues with bridges.torproject.org

Improve Tor browser experience w/ human rights defenders

  • make it easier for a user to bypass censorship
  • what happens right now is the user starts Tor browser and it doesn't connect but they don't know why
  • it would be better for Tor browser to be a little smarter to not require users to configure bridges or figure out whether they need to do that.
  • maybe we could feed OONI data into Tor browser to help it decide based on locale whether you need to configure a bridge, what transport to use, or automatically select the bridge and transport for the user
  • there are tricky tradeoffs on exposing bridge configuration to network adversary, do we want to inform the user or do it automatically?
  • a big part of the project is to figure out what can we do safely and how can we do it?
  • we have to figure out how to keep this up to date with rapidly changing censorship conditions
  • we have to think about the Tails people because the Tor launcher is heavily used by Tails. We need something different for the mobile side.
  • have a dependency on the network team as well to tell Tor browser that network isn't working
  • where to draw the line of what is in Tor vs. what is in Tor browser?
  • what about shifting lots of users onto meek that didn't need to be there due to false positives on censorship detection?
  • Q: are you planning on only using OONI data? A: No, we can use lots of data.
  • There's data from Tor metrics on how people are currently connecting to Tor.
  • Nice to have a public table with countries and entries that show what works. It makes sense for metrics to have that table
  • Other projects like briar, Psiphon want exactly this table
  • In practice, it's going to be data-driven plus the result of conversations and debugging with people who are in these areas.
  • Ideally from OONI perspective, we'd like to include any circumvention tools. It could be useful to see for example if Psiphon is working somewhere where Tor is not so that we can learn from each other.
  • Lantern is interesting because they use obfs4 as a transport, also TunnelBear
  • It would be interesting to detect other tools installed on the machine and using it from Tor Browser

Logistics

The places where discussion will take place are trac and OONI's github.

There's a plan to have monthly meetings to check in and see what kind of collaboration needs to happen.

OONI will be pretty full capacity until end of October, so the first month. This is okay, since other groups are not blocked on OONI aside from the construction of the table. We could bootstrap the table with Tor metrics data.

Browser parts will start in December in the roadmap

Anti-censorship team roadmap could also be moved to October

The reporting for this sponsor is quarterly. The humans there like it when you tell them things more often than that. We could do a monthly update as a part of the monthly meetings

Last modified 6 weeks ago Last modified on Jul 13, 2019, 10:04:39 AM