October 30: Outline Managers Meetup: Difference between revisions

From TCU Wiki
Victoria (talk | contribs)
No edit summary
Line 9: Line 9:


* '''Date:''' October 30, 2024
* '''Date:''' October 30, 2024
* '''Time:''' 9:00am to 10:15 EST / 1:00pm to 2:15pm UTC.    [https://www.timeanddate.com/worldclock/fixedtime.html?msg=Outline+Community+Manager+Meetup&iso=20241030T09&p1=179&ah=1&am=15 What time is it in my city?]
* '''Who:''' Outline Team
* '''Who:''' Outline Team
* '''Where:''' A conferencing link will be sent via email once you register
== What is it? ==
If you are a current user of Outline Manager, join us to: 
* Learn about updates and new developments you should be aware of.
* Get your questions answered by the Jigsaw team, as well as learn tips and best-practices.
* Network with other users of Outline Manager
This is also a great place for folks new to Outline Manager to familiarize themselves with the tool.  This meetup is part of the Outline Community Hub.
'''New to this type of technology?'''
Outline makes it easy to set up your own virtual private network (VPN) and share it with your network for safer, more resilient access to the internet.
Outline SDK is a cross-platform library and set of tools for app developers to easily reuse Outline’s advanced networking strategies to protect apps and VPNs against network-level interference.
Jigsaw is a unit within Google that explores threats to open societies and builds scalable technology solutions that protect participation in the global internet.


== Notes ==
== Notes ==


* Training and Education: Information sharing on different regions      
* The Outline team is actively developing a centralized website for developers, consolidating documentation and resources in one place. For questions or feedback, they encourage users to join the Outline Mattermost channel on the TCU server, as Reddit is a public platform. An announce-only mailing list, managed by TCU, is also available for updates.
* Working on website for developers with all the material consolidated in one place.  
* To assist the team and community, Outline encourages users to perform their own measurements. This helps the Outline team and other users gain valuable insights.
* Encourage people to use our Mattermost channel on TCU server
* The team is also working on solutions for scalable and resilient service deployment, which they will share soon, along with updates on SDK changes. These updates will allow users to implement new strategies on the server and integrating intralogic. They would love to receive and incorporate more contributions for the SDK.  
* Reddit is open and public, so feel free to use mattermost for more private/sensitive questions.  
* '''Community Feedback and Enhancements''' Outline has acknowledged the community’s requests for SDK partnerships, training, and financial support. In response, they plan to expand resources on their website soon. They have also provided guidance on non-graphical UI setups. To support service providers looking for additional resources, Outline is developing a marketplace where organizations can offer servers to others, helping to offset costs.
* Mailinglist will be used ot send these type of announcements.
* Measure connectivity of outline. It is on reddit wiki, but encourage community members to do their own measurement. It will really help us and others using outline.  
* Making outline more resilient:
* Presentating about how to deploy services about scale and resilience, and we will share that. Will shre that.
* Working on other features!
* How to serve web sockets. With the outline SDK make some changes, so you can consume new strategies in outline server. WE can receive and incorporate more contributions for sdk strategies.
* Changes to Outline will allow us to integrate intralogic
* This is the context of access.
 
SDK partnerships, training and financial support: we will put more material on our site. so this can be a resource to be used to.
 
Community members can share what they are doing around Outline.
 
How to setup without graphical UI: there are ways to do this.
 
* If you are a provider, people adding SDK to their apps, want to fallback to proxies if needed, but may not have capacity or experitise, so they will look for other organizers that provide servers. So we are going to do make a marketplace where you can offer servers to others, amybe a way to cover your costs.  
* Asking the privacy and risks of outline: We use shadowsoxs, used by those in china. we have made several improvements. Our implementation is the most resilient one.
 
Only two ways it gets blocked: 1) censor instigates an allowlist. 2) traffic volume and analysis. This is not well understood yet. You could image ways to detect a VPN server. If million of folks are going to one server, you can assume its a VPN server. We need more research in that area. Mixing of proxies and tunnels, will help with this.
 
Outline is a low barrier to entry. If a censor finds out your server, they can figure out who is connecting to that server. Really just the IP addresses. There are ways to mitigate this. making sure your keys are safe. For people at risk, i recommend using Tor as it gives you anonymity. Outline is a not a privacy tool, its an access tool.
 
The best usecase: giving access to people. Enable them to access content. Its harder to detect than VPNs. If VPNs are criminalized, users are safer to use Outline. You can layers those things: Use tor browser while using an Outline server. The biggest issue is a server is compromised. Depends on the situation and the threat model. It can be helpful in hiding that you are using an a VPN
 
'''Strategies to Avoid Crating strong links between user:'''
 
* You can give different services to different people. You can maybe afford more servers.
* Servers are cheap and you can create them on demand. For example, you can just create a server for that trip! Or even a server for each person.
* Using a large service, there are many orgs in the community that are giving outline access.
 
'''Is there a guide on how to set up prefixes from the Outline Manager directly?'''
 
We don't have a way to set this up from outline manager yet. We weren't able to prioritize it. We havent been able to. We are small a team. Just on some background: because we are a small team, we have to prioritize things that only us can do. And leave it to community to solve challenges they can solve. Prefixes can be difficult, but providers can help in those cases. Making Outline more reisilient to blocking.
 
'''Can you link to how users can do prefixing?'''
 
It is the manager or providers responsiblity. https://www.reddit.com/r/outlinevpn/wiki/index/prefixing/
 
===== '''Resources shared:''' =====
 
* Advanced Deployments for Resilient and Scale: <nowiki>https://drive.google.com/file/d/1EBFMu7O8dpzwnyibGXTg8VgMBFaltIJW/view</nowiki>
* <nowiki>https://www.reddit.com/r/outlinevpn/wiki/index/</nowiki>
* [[Advanced Outline Deployments for Resilience and Scale|https://wiki.digitalrights.community/index.php?title=Advanced_Outline_Deployments_for_Resilience_and_Scale]]
 
===== '''Deployment of Manager:''' =====
The biggest concern: How do we have a distributed set of deployment, avoiding having a central place where all the managers are done. We don't want a central server because it can be a risk: Are there any schemes to have a more distributed management of outline servers. Few questions associate with this: Since manager is the client side, it is also increases risks if we are not confident of the person deploying the servers. They are in the place where their computer can be raided. This makes difficult to understand how to make servers safely. Curious are there any strategies to handle this deployment.
 
It is not expected that end-users will create the server. The providers are usually outside of the country that is repressive. This need for central management we hear you but something that multiple providers have created solutions for. What they did is they run multiple servers and create a central server that uses API. You can move keys around if needed. Outline manager doesn't give you decentralize management, it is possible to do that. One thing would be cool if someone could build a reusable key management. Outline team doesn't have a lot of bandwidth, so we can't build it.
 
'''Is there anything on the roadmap for a configuration server.''' We are not agreeing every user having a manager installation. Is there a way for manager client to be installed that may have a key of its own, which avoids having to sign in to digital ocean, etc. Some server is managing the request to create the server.
 
Mobile Manager. Ideally will have web based. Issue is server doesn't have a domain name when you create a server, so you can't have a domain based certificate, which in turn blocks the website from accessing the server. You need a domain name, because it complicates user experience, b/c they now have to go to a thirdparty. For more large providers do have domain names. We are working on an outline server based on the
 
Caddy server platform, which seems promising. We can run a manager web app on that server that will be able to talk to it.
 
'''Maybe to be really specific, is there any possibility of the Manager software functionality effectively operating like a web server. Rather than the client having a web server available.  A server that manages other servers, that may have much more realistic firewall.'''
 
'''We are using outline for our organization. we are about maybe 6-10 people, it has been working amazing. we are trying to see if we can set it up for civil society countries where VPN is restricted or during specific times they are being restricted. In venezula, alot of VPNs were being blocked, we were evaluation Outline as alternative, for some orgs that are trying to find cheap solutions for VPNs. Are there any application for more users? Is there a limit? Is there a ceiling? What is the best way to reach out to you, if we have follow up questions?'''
 
Outline we work with some providers that had 1,000 users. It takes a while to breakdown, you can increase the size of your server. Stick to one machine and grow it as you go, and use IP assignment features without having to destroy the machine.  


'''How does it work out during grey outs?'''
* '''Technical Improvements and Security'''Outline employs Shadowsocks, widely used in regions like China, with enhancements for resilience. Currently, Outline faces blocking through two main methods:


If they are blocking the network it becomes harder, you can't do much. There are situations in Iran where they disconnected local internet from the outside. so you only have the intranet available. What you can setup a multi-hop system. Youc an run a lcoal server that has access to the outside. Its complicated, but it can be done. You can still use it for some
# Allowlisting by censors.
# Traffic volume analysis, though this area requires further research. Mixing proxies and tunnels can help address these vulnerabilities. Although Outline has a low barrier to entry, users should protect their server IP addresses and keep keys secure. For high-risk users, Tor offers additional anonymity. Outline is an access tool rather than a privacy tool, designed to enable content access with lower detection risk than VPNs. Users can layer tools like Tor Browser with Outline for added security, although threat models vary.


On our side, we feel positive, working case study on how to use. We have 20 something mobile apps using outline. We use an external vendor> we want to build our own server
* '''Strategies to Limit User Linkages'''To minimize connections between users, providers can set up different Outline servers for individual users or even specific business trips. Servers are affordable and easy to create on-demand, making them suitable for short-term or individual use. Multiple entities now offer users access to Outline.
* '''Setup Resources and Prefixing''' Currently, the Outline Manager does not support prefix setups directly. As a small team, Outline prioritizes tasks they only they can do and relies on the community to address other challenges. Certain Outline providers can and are helping with prefix setups, however; They also shared the following resources:
** [https://www.reddit.com/r/outlinevpn/wiki/index/prefixing/ Prefixing Guide on Reddit]
** [[Advanced Outline Deployments for Resilience and Scale|Advanced Deployments for Resilience and Scale]]


We developed Noticias sin Filtro, we are using it as our primary proxy Outline. We have been very successful deploying an Android Ios. There is no cases of censorship, and our aim with this, is to read Venezuela news, without having to think about how to download, etc VPN. What i think is more useful si that its very easy to setup, even for people that don't' have as much technical knowledge. That has been really helpful.  
* '''Server Decentralization and Management'''Outline providers are often based outside repressive regions, who set up servers for end-users. While Outline Manager doesn’t offer decentralized management, some providers run multiple servers linked to a central server via API, allowing flexible key management. They hope that a community member will invest time in creating a reusable key management, given that the Outline Team does not have alot of bandwidth.  


@Ben We did look at the different ways individuals and organizations have used the Outline technology to scale. Those findings are here: https://okthanks.com/blog/2024/4/9/growing-with-the-people
* '''Future Roadmap and Mobile Management'''Some users have requested a configuration server to avoid requiring each user to install a manager client. Outline agrees that a mobile, web-based manager would be ideal. However, setting up domain-based certificates is challenging, as servers often lack domain names at setup.  The team is also developing an Outline server based on the Caddy server platform, which allows for a manager web app that can communicate with the server directly.


The Jigsaw team is great for developers. We worked with them from the beginning. Mobile apps SDK. Right now the information that can be found in the github has been very helpful and more than enough. to make it work with
* '''Recommendations for Growth, Resilience and Scability'''For scalability, they recommend expanding one machine incrementally and using IP assignment features without server resets. OkThanks did a report looking at different ways individuals and organizations have used the Outline technology to scale. https://okthanks.com/blog/2024/4/9/growing-with-the-people
* '''Outline in Network Restrictions and Greyouts''' In regards to how Outline works during greyouts, if they are blocking the network, there is not much you can do. In places where the outside Internet is blocked, but there is an internal intranet, you can setup a multi-hop system. You can run a server that has access to the outside. Its complicated, but it can be done.

Revision as of 14:51, 14 November 2024

This Meetup is part of the Outline Community Hub
  • Date: October 30, 2024
  • Who: Outline Team

Notes

  • The Outline team is actively developing a centralized website for developers, consolidating documentation and resources in one place. For questions or feedback, they encourage users to join the Outline Mattermost channel on the TCU server, as Reddit is a public platform. An announce-only mailing list, managed by TCU, is also available for updates.
  • To assist the team and community, Outline encourages users to perform their own measurements. This helps the Outline team and other users gain valuable insights.
  • The team is also working on solutions for scalable and resilient service deployment, which they will share soon, along with updates on SDK changes. These updates will allow users to implement new strategies on the server and integrating intralogic. They would love to receive and incorporate more contributions for the SDK.
  • Community Feedback and Enhancements Outline has acknowledged the community’s requests for SDK partnerships, training, and financial support. In response, they plan to expand resources on their website soon. They have also provided guidance on non-graphical UI setups. To support service providers looking for additional resources, Outline is developing a marketplace where organizations can offer servers to others, helping to offset costs.
  • Technical Improvements and SecurityOutline employs Shadowsocks, widely used in regions like China, with enhancements for resilience. Currently, Outline faces blocking through two main methods:
  1. Allowlisting by censors.
  2. Traffic volume analysis, though this area requires further research. Mixing proxies and tunnels can help address these vulnerabilities. Although Outline has a low barrier to entry, users should protect their server IP addresses and keep keys secure. For high-risk users, Tor offers additional anonymity. Outline is an access tool rather than a privacy tool, designed to enable content access with lower detection risk than VPNs. Users can layer tools like Tor Browser with Outline for added security, although threat models vary.
  • Strategies to Limit User LinkagesTo minimize connections between users, providers can set up different Outline servers for individual users or even specific business trips. Servers are affordable and easy to create on-demand, making them suitable for short-term or individual use. Multiple entities now offer users access to Outline.
  • Setup Resources and Prefixing Currently, the Outline Manager does not support prefix setups directly. As a small team, Outline prioritizes tasks they only they can do and relies on the community to address other challenges. Certain Outline providers can and are helping with prefix setups, however; They also shared the following resources:
  • Server Decentralization and ManagementOutline providers are often based outside repressive regions, who set up servers for end-users. While Outline Manager doesn’t offer decentralized management, some providers run multiple servers linked to a central server via API, allowing flexible key management. They hope that a community member will invest time in creating a reusable key management, given that the Outline Team does not have alot of bandwidth.
  • Future Roadmap and Mobile ManagementSome users have requested a configuration server to avoid requiring each user to install a manager client. Outline agrees that a mobile, web-based manager would be ideal. However, setting up domain-based certificates is challenging, as servers often lack domain names at setup. The team is also developing an Outline server based on the Caddy server platform, which allows for a manager web app that can communicate with the server directly.
  • Recommendations for Growth, Resilience and ScabilityFor scalability, they recommend expanding one machine incrementally and using IP assignment features without server resets. OkThanks did a report looking at different ways individuals and organizations have used the Outline technology to scale. https://okthanks.com/blog/2024/4/9/growing-with-the-people
  • Outline in Network Restrictions and Greyouts In regards to how Outline works during greyouts, if they are blocking the network, there is not much you can do. In places where the outside Internet is blocked, but there is an internal intranet, you can setup a multi-hop system. You can run a server that has access to the outside. Its complicated, but it can be done.