December 2 2021 GM

Glitter Meetups What are Glitter Meetups Notes from Past Glitter Meetups Virtual Events Calendar Join the IFF Mattermost

Glitter Meetup is the weekly town hall of the Internet Freedom community at the IFF Square on the IFF Mattermost, at 9am EST / 1pm UTC. Do you need an invite? Learn how to get one here.

Pluggable Transports Meetings

Pluggable Transports (PT) are being developed and used to circumvent Internet censorship. If you use any VPNs, the Tor network or other services to access blocked content in you network, chances are that you are using PTs in the background. This monthly meetup welcomes users, developers and PT enthusiasts to share their news/updates happening once per month.

Date: Thursday, December 2nd

Time: 9am EST / 2pm UTC

Who: Facilitated by Vasilis, this is their project https://magma.lavafeld.org/

Where: As a guest of the Glitter Meetup on IFF Mattermost Square Channel.

• Don't have an account to the IFF Mattermost? you can request one following the directions here.

Please note: The upcoming meeting could be in a different platform, maybe BigBlueButton or in the Mattermost but at a different time? We'll see after the first event

Notes: Please put notes here: https://pad.riseup.net/p/plugasadcaawer-keep

Notes

Community Updates

• Last October, the PTIM 2021 took place virtually. You can find a recap of the first two days here and here.
• Some news from this month is that Snowflake is now available as a FreeBSD port (both client and proxy components).
• Siince last month is that the national firewall in China has started to effectively block random, "look-like-nothing" transports such as Shadowsocks, even when the proxy servers are hardened against known active probing attacks. It seems that full report is forthcoming from GFW Report.
• PT spec version 3.0 has been released.
• Other news in the PT world: Tor Bridge started a campaign to increase the number of obfs4 bridges.
• The Tella Project has some improvements like:
  • Support for PIN and password (vs only pattern in v1)
  • Support for organizing files into folders
  • New UI and UX (hopefully easier to use and more beautiful)
  • Better camouflaging

Pluggable Transports

• NetCipher includes OrbotHelper: a utility class to support application integration with Orbot (Tor for Android). Check if its installed, automatically start it, etc.
• For an android application who is using NetCipher as a third library party, what would be you recommendation about using or not Orbot/Tor as proxy. it's an android library based on Pluggable Transports
• A student is starting to compare different privacy/anonymity tools as a beta tester of the FABRIC testbed. Fabric has P4 FPGAs built in, so you can re-do any part of the network stack in-line and have invasive access to everything. They are starting by re-doing a number of the Tor attacks in an IEEE survey from this month. When they looked at onion services, the tunneling of connections was better done than they had expected. Side-channels are almost impossible if you have more than 1 user.

Challenges for Activists in Sub-Saharan Africa

• During the PTIM 2021, they covered technical needs regarding internet access and other challenges for activists in Sub-Saharan Africa.
• One concern is the lack of data from reports such as Internet Freedom report from Freedom House.
  • One participant suggested to check OONI data, they have a number of PT network measurements from different countries.
  • Other participant suggested checking Tor metrics, as they may give also an idea what PTs are working per country.
  • The Tor metrics timeline keeps track of significant events affecting Tor metrics, which in some cases can be attributed to censorship (or unblocking).
• Other one is that the “nasty tech” is tested there first before being exported, like Cambridge Analystica (It is a cheap area to work in. It has lots of nasty local governments.
  • Israelis, US, German, French companies all sell their spyware in the region. And, maybe because of that, it does not get the press that others do. Thorough read here about the blurred line between the military and private sector in Israel and how it allowed dangerous cyber weapons like spyware to flourish worldwide.

Your PT is really based on Minecraft?

• We use the quarry modding libraries. Inputs are stuffed into data fields in moves that we send through to the other side. Proxy extracts the field data.
• It is playing minecraft. To date, it seems like the censors do not want to upset gamers. They tend to just back off. Minecraft also hits a sweet spot. No sex or violence, and yet people like it. We want to hook our thing to the RSF banned book library, too.

There are any python package(updated) available to convert this system into a PT.

• Ptadapter is an external program, written in Python, that converts other network programs so they conform to PT specifications. It can work with any other program, it does not have to be written in Python.
  • https://github.com/twisteroidambassador/ptadapter
  • https://ntc.party/t/ptadapter/275
• There is also pyptlib, which implements the client part of the PT spec. pyptlib is no longer used by any software that Tor ships, but in the past it was used for flash proxy and obfsproxy.
  • https://pypi.org/project/pyptlib/
  • https://gitweb.torproject.org/pluggable-transports/pyptlib.git/
• Here you can see an example of using pyptlib. Unfortunately pyptlib is not really maintained anymore, but it may help: https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/obfsproxy?h=obfsproxy-0.2.13