January 20 2022 GM
Glitter Meetup is the weekly town hall of the Internet Freedom community at the IFF Square on the IFF Mattermost, at 9am EST / 1pm UTC. Do you need an invite? Learn how to get one here.
Pluggable Transports Meetings
Pluggable Transports (PT) are being developed and used to circumvent Internet censorship. If you use any VPNs, the Tor network or other services to access blocked content in you network, chances are that you are using PTs in the background. This monthly meetup welcomes users, developers and PT enthusiasts to share their news/updates happening once per month.
Date: Thursday, January 20
Time: 9am EST / 2pm UTC
Who: Facilitated by Vasilis, this is their project https://magma.lavafeld.org/
Where: As a guest of the Glitter Meetup on IFF Mattermost Square Channel.
- Don't have an account to the IFF Mattermost? you can request one following the directions here.
Please note: The upcoming meeting could be in a different platform, maybe BigBlueButton or in the Mattermost but at a different time? We'll see after the first event
Notes: Please put notes here: https://pad.riseup.net/p/plugasadcaawer-keep
- Terrible news from Pakistan, the complainant intentionally dragged her into a religious discussion on Whatsapp so he could collect evidence & take “revenge” after she refused to be friendly with him. Under Pakistan’s draconian cybercrime & blasphemy laws she was sentenced to death.
Topic of Discussion: Pluggable Transports Monthly Meetup
- Russia has started blocking the Tor network. This post gives a good overview of the situation.
- People were able to circumvent censorship in Kazakhstan by using different network ports. This is an overview post that describes the situation.
How would you describe the current most urgent internet censorship issues in the EU? Where and how is internet censorship taking place?
- In the case of Russia, that was first discovered, I believe, by the Tor support helpdesk suddenly receiving lots of requests from Russia, then corroborating with OONI measurements.
- For Kazakhstan, the community was made aware of it by a post on ntc.party, though the phenomenon was quickly noticed elsewhere and reported on.
- In both cases, the forums became a focus of debugging and cooperation, which was important.
- Again, this coordination happened openly and that's why people were able to jump in and help.
- Sadly, pretty much every country in the EU deploys some kind of censorship, from blocking of gambling, by sharing websites, political, controversial and other categories of websites. Many times it is hard to find out what is being blocked. A number of countries are publishing blocklists but they do not include all websites. You may have a look at Spain that blocks/blocked many websites.
How activists from countries experiencing censorship/internet disruptions get in touch with the community to ask for support:
- Starting a post at NTC
- Tor community support and chat channels
- OONI chat channels
- Internews' OPTIMA project is also working to support the activist->anti-censorship feedback loop in partnership with OONI and others.
In which countries in the world are there legislations prohibiting the use of PTs?
- PTs specifically are rarely targeted, but a lot of countries have broader laws against any encrypting proxy (to cover VPNs, tor, psiphon, etc - with or without PTs), and some countries also have laws on the books outright banning encryption (hi Belarus!), which also theoretically would ban httpS traffic.
- GP Digital tracks crypto laws, Cyrilla is broader on more digital rights laws.
- There are some resources by VPN companies like Top 10 VPN and Comparitech which give some baselines, but I'd personally double check (given their incentive is to sell VPNs)
Can censorship authorities outmanoeuvre pluggable transports?
- Absolutely, and we see this not infrequently in China, Iran, Russia, etc. - but the anti-censorship community is incredibly responsive and usually gets back around and re-opens options
- Lots of attacks are simply enumerating PT bridges and blocking them at the IP level, this is why many bridgets and a diversity of bridges are super helpful
Is there a reason the Snowflake "concept" couldn't be executed with obfs4 to avoid this problem?
- It's because the proxies are browser-based, and browsers are restricted in what kinds of protocols they may use. You cannot just make an obfs4 TCP connection from a browser, for example. The browser proxies use WebRTC to the client and WebSocket to the bridge.
- uProxy did have a model where they obfuscated their network traffic (using e.g. FTE), but in order to make that possible they had a special two-part browser extension. Actually, come to think of it, browser extensions may be less constrained in their network connections, but I'm not sure to what degree.
- The other limitation is NAT traversal; that is something that is built into WebRTC and its UDP-based protocols, but not so easy to do with TCP-based protocols.
- TCP --->UDP--->TCP is possible. You basically need to encapsulate the TCP packet with header into the UDP payload.
- In fact snowflake (and in fact WebRTC itself) embeds a TCP-like reliable stream inside a UDP carrier. But the proxy--client link generally has to be UDP-based at the outside layer, for NAT purposes.