December 2 2021 GM: Difference between revisions
Line 31: | Line 31: | ||
== Notes == | == Notes == | ||
' | === Community Updates === | ||
* Last October, the [https://www.pluggabletransports.info/ptim2021/ PTIM 2021] took place virtually. You can find a recap of the first two days [https://www.pluggabletransports.info/blog/ptim-recap-day1/ here] and [https://www.pluggabletransports.info/blog/ptim-recap-day2/ here]. | |||
* Some news from this month is that [https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40080# Snowflake is now available as a FreeBSD port] (both client and proxy components). | |||
*Siince last month is that the national firewall in China has started to effectively block random, "look-like-nothing" transports such as Shadowsocks, even when the proxy servers are hardened against known active probing attacks. It seems that full report is forthcoming from [https://github.com/net4people/bbs/issues/69#issuecomment-962666385 GFW Report]. | |||
* [https://github.com/Pluggable-Transports/Pluggable-Transports-spec/tree/main/releases/PTSpecV3.0 PT spec version 3.0] has been released. | |||
* Other news in the PT world: [https://blog.torproject.org/run-a-bridge-campaign/ Tor Bridge started a campaign] to increase the number of obfs4 bridges. | |||
* The [https://github.com/Horizontal-org/Tella-Android Tella Project] has some improvements like: | |||
** Support for PIN and password (vs only pattern in v1) | |||
** Support for organizing files into folders | |||
** New UI and UX (hopefully easier to use and more beautiful) | |||
** Better camouflaging | |||
=== Pluggable Transports === | |||
* NetCipher includes OrbotHelper: a utility class to support application integration with Orbot (Tor for Android). Check if its installed, automatically start it, etc. | |||
* For an android application who is using NetCipher as a third library party, what would be you recommendation about using or not Orbot/Tor as proxy. it's an android library based on Pluggable Transports | |||
* A student is starting to compare different privacy/anonymity tools as a beta tester of the FABRIC testbed. Fabric has P4 FPGAs built in, so you can re-do any part of the network stack in-line and have invasive access to everything. They are starting by re-doing a number of the Tor attacks in an IEEE survey from this month. When they looked at onion services, the tunneling of connections was better done than they had expected. Side-channels are almost impossible if you have more than 1 user. | |||
* During the PTIM 2021, they covered technical needs regarding internet access and other challenges for activists in Sub-Saharan Africa. One concern is the lack of data from reports such as Internet Freedom report from Freedom House. Other one is that the “nasty tech” is tested there first before being exported, like Cambridge Analystica (It is a cheap area to work in. It has lots of nasty local governments. Everyone tends to ignore it, or just assume that bad things happening in Africa are normal. Best place to try.) | |||
** One participant suggested to check [https://ooni.org/data OONI data], they have a number of PT network measurements from different countries. | |||
** Other participant suggested checking [https://metrics.torproject.org/userstats-bridge-combined.html Tor metrics], as they may give also an idea what PTs are working per country. | |||
** [https://gitlab.torproject.org/tpo/network-health/metrics/timeline The Tor metrics timeline] keeps track of significant events affecting Tor metrics, which in some cases can be attributed to censorship (or unblocking). | |||
** Israelis, US, German, French companies all sell their spyware in the region. And, maybe because of that, it does not get the press that others do. Thorough read [https://www.972mag.com/nso-surveillance-companies-israel-army/ here] about the blurred line between the military and private sector in Israel and how it allowed dangerous cyber weapons like spyware to flourish worldwide. | |||
'''Your PT is really based on Minecraft?''' | |||
* We use the quarry modding libraries. Inputs are stuffed into data fields in moves that we send through to the other side. Proxy extracts the field data. | |||
* It is playing minecraft. To date, it seems like the censors do not want to upset gamers. They tend to just back off. Minecraft also hits a sweet spot. No sex or violence, and yet people like it. We want to hook our thing to the RSF banned book library, too. | |||
'''There are any python package(updated) available to convert this system into a PT.''' | |||
* Ptadapter is an external program, written in Python, that converts other network programs so they conform to PT specifications. It can work with any other program, it does not have to be written in Python. | |||
** https://github.com/twisteroidambassador/ptadapter | |||
** https://ntc.party/t/ptadapter/275 | |||
* There is also pyptlib, which implements the client part of the PT spec. pyptlib is no longer used by any software that Tor ships, but in the past it was used for flash proxy and obfsproxy. | |||
** https://pypi.org/project/pyptlib/ | |||
** https://gitweb.torproject.org/pluggable-transports/pyptlib.git/ |
Revision as of 15:06, 2 December 2021
Glitter Meetups |
Glitter Meetup is the weekly town hall of the Internet Freedom community at the IFF Square on the IFF Mattermost, at 9am EST / 1pm UTC. Do you need an invite? Learn how to get one here.
Pluggable Transports Meetings
Pluggable Transports (PT) are being developed and used to circumvent Internet censorship. If you use any VPNs, the Tor network or other services to access blocked content in you network, chances are that you are using PTs in the background. This monthly meetup welcomes users, developers and PT enthusiasts to share their news/updates happening once per month.
Date: Thursday, December 2nd
Time: 9am EST / 2pm UTC
Who: Facilitated by Vasilis, this is their project https://magma.lavafeld.org/
Where: As a guest of the Glitter Meetup on IFF Mattermost Square Channel.
- Don't have an account to the IFF Mattermost? you can request one following the directions here.
Please note: The upcoming meeting could be in a different platform, maybe BigBlueButton or in the Mattermost but at a different time? We'll see after the first event
Notes: Please put notes here: https://pad.riseup.net/p/plugasadcaawer-keep
Notes
Community Updates
- Last October, the PTIM 2021 took place virtually. You can find a recap of the first two days here and here.
- Some news from this month is that Snowflake is now available as a FreeBSD port (both client and proxy components).
- Siince last month is that the national firewall in China has started to effectively block random, "look-like-nothing" transports such as Shadowsocks, even when the proxy servers are hardened against known active probing attacks. It seems that full report is forthcoming from GFW Report.
- PT spec version 3.0 has been released.
- Other news in the PT world: Tor Bridge started a campaign to increase the number of obfs4 bridges.
- The Tella Project has some improvements like:
- Support for PIN and password (vs only pattern in v1)
- Support for organizing files into folders
- New UI and UX (hopefully easier to use and more beautiful)
- Better camouflaging
Pluggable Transports
- NetCipher includes OrbotHelper: a utility class to support application integration with Orbot (Tor for Android). Check if its installed, automatically start it, etc.
- For an android application who is using NetCipher as a third library party, what would be you recommendation about using or not Orbot/Tor as proxy. it's an android library based on Pluggable Transports
- A student is starting to compare different privacy/anonymity tools as a beta tester of the FABRIC testbed. Fabric has P4 FPGAs built in, so you can re-do any part of the network stack in-line and have invasive access to everything. They are starting by re-doing a number of the Tor attacks in an IEEE survey from this month. When they looked at onion services, the tunneling of connections was better done than they had expected. Side-channels are almost impossible if you have more than 1 user.
- During the PTIM 2021, they covered technical needs regarding internet access and other challenges for activists in Sub-Saharan Africa. One concern is the lack of data from reports such as Internet Freedom report from Freedom House. Other one is that the “nasty tech” is tested there first before being exported, like Cambridge Analystica (It is a cheap area to work in. It has lots of nasty local governments. Everyone tends to ignore it, or just assume that bad things happening in Africa are normal. Best place to try.)
- One participant suggested to check OONI data, they have a number of PT network measurements from different countries.
- Other participant suggested checking Tor metrics, as they may give also an idea what PTs are working per country.
- The Tor metrics timeline keeps track of significant events affecting Tor metrics, which in some cases can be attributed to censorship (or unblocking).
- Israelis, US, German, French companies all sell their spyware in the region. And, maybe because of that, it does not get the press that others do. Thorough read here about the blurred line between the military and private sector in Israel and how it allowed dangerous cyber weapons like spyware to flourish worldwide.
Your PT is really based on Minecraft?
- We use the quarry modding libraries. Inputs are stuffed into data fields in moves that we send through to the other side. Proxy extracts the field data.
- It is playing minecraft. To date, it seems like the censors do not want to upset gamers. They tend to just back off. Minecraft also hits a sweet spot. No sex or violence, and yet people like it. We want to hook our thing to the RSF banned book library, too.
There are any python package(updated) available to convert this system into a PT.
- Ptadapter is an external program, written in Python, that converts other network programs so they conform to PT specifications. It can work with any other program, it does not have to be written in Python.
- There is also pyptlib, which implements the client part of the PT spec. pyptlib is no longer used by any software that Tor ships, but in the past it was used for flash proxy and obfsproxy.