subject:"\[tor\-bugs\] #29430 \[Applications\/Tor Browser\]\: Use uTLS for meek TLS camouflage in Tor Browser"

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr,|  Actual Points:
  TorBrowserTeam201908   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-
Changes (by brade):

 * keywords:  meek, utls, ff68-esr, TorBrowserTeam201908R => meek, utls,
 ff68-esr, TorBrowserTeam201908


Comment:

 Replying to [comment:36 cypherpunks]:
 > `TorBrowserTeam201908R`->`TorBrowserTeam201908`
 Thanks. Fixed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr,|  Actual Points:
  TorBrowserTeam201908R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-

Comment (by cypherpunks):

 `TorBrowserTeam201908R`->`TorBrowserTeam201908`

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr,|  Actual Points:
  TorBrowserTeam201908R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-

Comment (by gk):

 Replying to [comment:32 dcf]:
 > Replying to [comment:23 mcs]:
 > > Replying to [comment:20 mcs]:
 > > > Since things are broken in an ESR68-based Tor Browser without this
 (or #29430), I added our ff68-esr and tbb-9.0-must-nightly keywords to
 this ticket.
 > >
 > > I think I meant to refer to #29347 in the above comment.
 > > Regardless, our approach for the ESR68-based Tor Browser is to switch
 to obfs4proxy's meek_lite.
 >
 > I'll go ahead and merge #29347 (port to WebExtension) then, since Tor
 Browser no longer depends on the the legacy add-on.

 Sounds good.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr,|  Actual Points:
  TorBrowserTeam201908R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-
Changes (by gk):

 * status:  needs_review => new
 * keywords:  meek, utls, ff68-esr, tbb-9.0-must-nightly,
 TorBrowserTeam201908R => meek, utls, ff68-esr, TorBrowserTeam201908R


Comment:

 Alright, we are done here. \o/ I merged the patch for Torbutton with
 commit 605decfd4ddc81eb37da17172f48f92fd7f7e451 into `master` and the one
 for `tor-browse-build` with commit
 0a7bef243d182fb3df3d9f6ebfd74ce632ad95d1 into `master`.

 Moving this ticket into a pure parent one for #31491.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-08-27 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr, tbb-9.0-must-  |  Actual Points:
  nightly, TorBrowserTeam201908R |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-
Changes (by mcs):

 * status:  needs_revision => needs_review
 * keywords:  meek, utls, ff68-esr, tbb-9.0-must-nightly,
 TorBrowserTeam201908 => meek, utls, ff68-esr, tbb-9.0-must-nightly,
 TorBrowserTeam201908R


Comment:

 Replying to [comment:31 gk]:
 > Alright, this looks mostly good to me. However, it seems selecting
 `meek` breaks the circuit display now:
 > {{{
 > nodeData[i].ip is undefined tor-circuit-display.js:298
 > ...

 Thanks for catching that bug. It turns out that we also need a small patch
 to Torbutton:
 
https://gitweb.torproject.org/user/brade/torbutton.git/commit/?h=bug29430-01&id=844693481ce92bb34536113a318211cbaedde4bd

 This will fix the immediate problem. In the long run, the control port
 response parser and circuit display code should be more robust and not
 completely fail when it sees a bridge type that it does not recognize.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-08-25 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr, tbb-9.0-must-  |  Actual Points:
  nightly, TorBrowserTeam201908  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-

Comment (by dcf):

 Replying to [comment:23 mcs]:
 > Replying to [comment:20 mcs]:
 > > Since things are broken in an ESR68-based Tor Browser without this (or
 #29430), I added our ff68-esr and tbb-9.0-must-nightly keywords to this
 ticket.
 >
 > I think I meant to refer to #29347 in the above comment.
 > Regardless, our approach for the ESR68-based Tor Browser is to switch to
 obfs4proxy's meek_lite.

 I'll go ahead and merge #29347 (port to WebExtension) then, since Tor
 Browser no longer depends on the the legacy add-on.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-08-25 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr, tbb-9.0-must-  |  Actual Points:
  nightly, TorBrowserTeam201908  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-
Changes (by gk):

 * keywords:  meek, utls, ff68-esr, tbb-9.0-must-nightly,
 TorBrowserTeam201908R => meek, utls, ff68-esr, tbb-9.0-must-nightly,
 TorBrowserTeam201908
 * status:  needs_review => needs_revision


Comment:

 Alright, this looks mostly good to me. However, it seems selecting `meek`
 breaks the circuit display now:
 {{{
 nodeData[i].ip is undefined tor-circuit-display.js:298
 updateCircuitDisplay chrome://torbutton/content/tor-circuit-
 display.js:298
 onLocationChange chrome://torbutton/content/tor-circuit-display.js:327
 callListeners chrome://browser/content/tabbrowser.js:841
 _callProgressListeners chrome://browser/content/tabbrowser.js:861
 _callProgressListeners chrome://browser/content/tabbrowser.js:5499
 onLocationChange chrome://browser/content/tabbrowser.js:5919
 _callProgressListeners
 resource://gre/modules/RemoteWebProgress.jsm:119
 onLocationChange resource://gre/modules/RemoteWebProgress.jsm:161
 receiveMessage resource://gre/modules/RemoteWebProgress.jsm:286
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-08-23 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr, tbb-9.0-must-  |  Actual Points:
  nightly, TorBrowserTeam201908R |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-

Comment (by boklm):

 Replying to [comment:29 mcs]:

 > Hopefully Kathy and I made the other changes correctly; the rbm template
 syntax is somewhat dark and murky to us. For example, do the following
 both have the same effect, or is the extra hyphen significant?
 > {{{
 > [% IF c("var/nightly") || c("var/alpha") -%]
 > [% IF c("var/nightly") || c("var/alpha") %]
 > }}}

 The extra hyphen is removing the trailing newline:
 http://www.template-
 toolkit.org/docs/manual/Syntax.html#section_Chomping_Whitespace

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-08-23 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr, tbb-9.0-must-  |  Actual Points:
  nightly, TorBrowserTeam201908R |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-
Changes (by mcs):

 * status:  needs_revision => needs_review
 * keywords:  meek, utls, ff68-esr, tbb-9.0-must-nightly,
 TorBrowserTeam201908 => meek, utls, ff68-esr, tbb-9.0-must-nightly,
 TorBrowserTeam201908R


Comment:

 Here is a second attempt:
 https://gitweb.torproject.org/user/brade/tor-browser-
 build.git/commit/?h=bug29430-02&id=f022ea694df867a6bd06c44cb50c78d674bea9ed

 Because the build_go_lib template includes patch support, it is sufficient
 to just add the .patch file to the goutls project.

 Hopefully Kathy and I made the other changes correctly; the rbm template
 syntax is somewhat dark and murky to us. For example, do the following
 both have the same effect, or is the extra hyphen significant?
 {{{
 [% IF c("var/nightly") || c("var/alpha") -%]
 [% IF c("var/nightly") || c("var/alpha") %]
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr, tbb-9.0-must-  |  Actual Points:
  nightly, TorBrowserTeam201908  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-
Changes (by gk):

 * keywords:  meek, utls, ff68-esr, tbb-9.0-must-nightly,
 TorBrowserTeam201908R => meek, utls, ff68-esr, tbb-9.0-must-nightly,
 TorBrowserTeam201908
 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:26 mcs]:
 > Here is a patch for review:
 > https://gitweb.torproject.org/user/brade/tor-browser-
 build.git/commit/?h=bug29430-01&id=03c164be46b4bd2779e9816d24209b3f40ad668e

 We should make sure the updated code works for alpha as well. I think the
 {{{
 [% IF c("var/nightly") -%]
 }}}
 blocks need to get amended so that alphas are using the same code path
 (there is a corresponding `var/alpha` available) as well.

 > It does not address comment:24.

 If you look at the `mingw-w64` project you get a sense of how you can
 handle it. The config file has something like:
 {{{
   - filename: libtool-sort.patch
   - filename: 27503.patch
 }}}
 and then the build script are picking those up on top of the actual source
 code used by using `patch`:
 {{{
 patch -p1 -d gcc-[% c("var/gcc_version") %] < $rootdir/libtool-sort.patch
 }}}
 and
 {{{
 patch -p1 -d /var/tmp/build/[% project %]-[% c("version") %] <
 $rootdir/27503.patch
 }}}
 I think a similar approach would work here until we have a proper tag.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr, tbb-9.0-must-  |  Actual Points:
  nightly, TorBrowserTeam201908R |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-

Comment (by mcs):

 Replying to [comment:26 mcs]:
 > Also, there is an additional loose end: the old meek and moat "http
 helper" browser profiles are not removed. I will file a new ticket to
 cover that task, since it is OK to wait until after our first ESR68-based
 alpha for that work.

 I created #31491 to track this issue.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr, tbb-9.0-must-  |  Actual Points:
  nightly, TorBrowserTeam201908R |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-
Changes (by mcs):

 * keywords:  meek, utls, ff68-esr, tbb-9.0-must-nightly,
 TorBrowserTeam201908 => meek, utls, ff68-esr, tbb-9.0-must-nightly,
 TorBrowserTeam201908R
 * status:  new => needs_review
 * cc: boklm (added)


Comment:

 Here is a patch for review:
 https://gitweb.torproject.org/user/brade/tor-browser-
 build.git/commit/?h=bug29430-01&id=03c164be46b4bd2779e9816d24209b3f40ad668e

 It does not address comment:24.
 Also, there is an additional loose end: the old meek and moat "http
 helper" browser profiles are not removed. I will file a new ticket to
 cover that task, since it is OK to wait until after our first ESR68-based
 alpha for that work.

 The above patch requires two Tor Launcher fixes: #31487 and #31488.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr, tbb-9.0-must-  |  Actual Points:
  nightly, TorBrowserTeam201908  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-

Comment (by mcs):

 Replying to [comment:24 yawning]:
 > Assuming you're building obfs4proxy with my utls fork, until 0.0.12
 happens, you may want to cherry-pick
 >
 https://gitlab.com/yawning/utls/commit/4da67951864128358459681399dd208c49d5d001
 >
 > ps: Having a spam-prevention regex that triggers off git commit hashes,
 is sufficiently obnoxious that I will stop replying with that sort of
 information.

 Yeah, that is really annoying. Thanks for making the extra effort in this
 case to tell us about the fix.

 Kathy and I don't know how to make the utls cherry pick happen within rbm
 /tor-browser-build. Maybe boklm can help.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-08-21 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr, tbb-9.0-must-  |  Actual Points:
  nightly, TorBrowserTeam201908  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-

Comment (by yawning):

 Assuming you're building obfs4proxy with my utls fork, until 0.0.12
 happens, you may want to cherry-pick
 https://gitlab.com/yawning/utls/commit/4da67951864128358459681399dd208c49d5d001

 ps: Having a spam-prevention regex that triggers off git commit hashes, is
 sufficiently obnoxious that I will stop replying with that sort of
 information.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-08-21 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr, tbb-9.0-must-  |  Actual Points:
  nightly, TorBrowserTeam201908  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-

Comment (by mcs):

 Replying to [comment:20 mcs]:
 > Since things are broken in an ESR68-based Tor Browser without this (or
 #29430), I added our ff68-esr and tbb-9.0-must-nightly keywords to this
 ticket.

 I think I meant to refer to #29347 in the above comment.
 Regardless, our approach for the ESR68-based Tor Browser is to switch to
 obfs4proxy's meek_lite.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-08-08 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr, tbb-9.0-must-  |  Actual Points:
  nightly, TorBrowserTeam201908  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-

Comment (by gk):

 Replying to [comment:20 mcs]:
 > Since things are broken in an ESR68-based Tor Browser without this (or
 #29430), I added our ff68-esr and tbb-9.0-must-nightly keywords to this
 ticket.

 mcs/brade: after the updater patch rebasing, if you could pick up this
 ticket that would be neat.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-08-02 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek, utls, ff68-esr, tbb-9.0-must-  |  Actual Points:
  nightly, TorBrowserTeam201908  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by mcs):

 * keywords:  meek, utls, TorBrowserTeam201907 => meek, utls, ff68-esr,
 tbb-9.0-must-nightly, TorBrowserTeam201908


Comment:

 Since things are broken in an ESR68-based Tor Browser without this (or
 #29430), I added our ff68-esr and tbb-9.0-must-nightly keywords to this
 ticket.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-05-09 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
-+--
 Reporter:  dcf  |  Owner:  tbb-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  meek utls, TorBrowserTeam201905  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by gk):

 * keywords:  meek utls => meek utls, TorBrowserTeam201905


Comment:

 Thanks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-05-09 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by yawning):

 Replying to [comment:15 gk]:
 > > I'll see how inspired I feel, and how much "free" time I actually end
 up having.  No promises.
 >
 > Yawning: now that #29627 is merged do you think we are good here to test
 the `meek_lite` plan or are there things missing from the obsf4proxy side?

 As long as you use 0.0.10 (and probably
 af3a8e1682a542b90a4118869befd7a853972d54 from my utls fork), it should be
 "fine".  The reason for the newer utls commit is to pull in an upstream
 fix that post-dates the obfs4proxy 0.0.10 release.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-05-09 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:10 yawning]:
 > > Given that 9.0a1 won't ship before end of March and assuming we want
 to have the work in this tickets ready for 9.0a1 earliest, then I think
 within the next 4 weeks would be neat.
 >
 > I'll see how inspired I feel, and how much "free" time I actually end up
 having.  No promises.

 Yawning: now that #29627 is merged do you think we are good here to test
 the `meek_lite` plan or are there things missing from the obsf4proxy side?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-03-06 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by dcf):

 Replying to [comment:12 dcf]:
 > And below are the fingerprints. The first one looks like Chrome, as
 expected. The second one (sent in response to HelloRetryRequest) seems to
 be very uncommon, but possibly I am misinterpreting the results. I've
 asked Sergey to look at it.

 Sergey says that the reason the second fingerprint appears uncommon, is
 that their collection framework currently only captures the first
 ClientHello on a connection. So they don't have stats for what a
 ClientHello should look like after HelloRetryRequest.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-03-06 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mcs):

 The Tor Launcher utls patch looks OK, except there is no need to use
 `this.mMeekUTLS` (we can just use a local variable there).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-03-05 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by dcf):

 * Attachment "tor-launcher-Make-uTLS-aware.helloretry.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-03-05 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by dcf):

 * Attachment "torbrowser-utls-helloretry.pcap.gz" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-03-05 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by dcf):

 Replying to [comment:7 dcf]:
 > Heads up, upstream utls fixed a distinguishability bug recently. A
 second ClientHello (which the client sends after the server sends a
 HelloRetryRequest) was not being camouflaged correctly. I confirmed that
 the bug existed with HelloChrome_70 against ajax.aspnetcdn.com, but I
 haven't personally tested yet that the fix actually fixes it. When I do,
 I'll update the branch.
 > https://github.com/refraction-networking/utls/pull/21

 Here's an updated branch with the aforementioned uTLS fix. It also
 requires a patch, attachment:tor-launcher-Make-uTLS-
 aware.helloretry.patch, that makes tor-launcher pass the `utls=` SOCKS arg
 (applies on top of comment:4:ticket:29627).

  * [https://gitweb.torproject.org/user/dcf/tor-browser-build.git/log/?h
 =meek-client-utls_2&id=b8a752802f177abf38f61c0b55c5325556986a3e new
 commits]
  * [https://gitweb.torproject.org/user/dcf/tor-browser-build.git/diff/?h
 =meek-client-
 
utls_2&id=b8a752802f177abf38f61c0b55c5325556986a3e&id2=616fbe2c19a9fce7a9d0adbc466b259c18c45fb8
 diff] since comment:1

 Here is a packet capture: attachment:torbrowser-utls-helloretry.pcap.gz.
 And below are the fingerprints. The first one looks like Chrome, as
 expected. The second one (sent in response to HelloRetryRequest) seems to
 be very uncommon, but possibly I am misinterpreting the results. I've
 asked Sergey to look at it.
  * [https://tlsfingerprint.io/id/bc4c7e42f4961cd7 bc4c7e42f4961cd7]
 
[https://web.archive.org/web/20190306042947/https://tlsfingerprint.io/id/bc4c7e42f4961cd7
 (archive)] rank 11
  * [https://tlsfingerprint.io/id/6f8a8a4b42dd552d 6f8a8a4b42dd552d]
 
[https://web.archive.org/web/20190306043034/https://tlsfingerprint.io/id/6f8a8a4b42dd552d
 (archive)] rank 13911
  * [https://tlsfingerprint.io/compare/bc4c7e42f4961cd7/6f8a8a4b42dd552d
 comparison]

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-03-01 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mcs):

 I filed #29627 for the Tor Launcher work necessary to use meek_lite.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-02-26 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by yawning):

 > Given that 9.0a1 won't ship before end of March and assuming we want to
 have the work in this tickets ready for 9.0a1 earliest, then I think
 within the next 4 weeks would be neat.

 I'll see how inspired I feel, and how much "free" time I actually end up
 having.  No promises.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-02-26 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Answering here the relevant part of comment:17:ticket:29347 is it seems to
 fit here better:
 {{{
 For my reference when should I have a new tag of utls and obfs4proxy by?
 There's a number of fixes I feel are required in the former, but my free
 time over the next few weeks will be even tighter than it usually is.
 }}}
 Given that 9.0a1 won't ship before end of March and assuming we want to
 have the work in this tickets ready for 9.0a1 earliest, then I think
 within the next 4 weeks would be neat. Alternatively, we could postpone
 the changes in this bug to 9.0a2 and have the nightly phase longer
 (assuming the necessary commits are on the respective `master` branches
 earlier but no tagged release is available by then).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-02-25 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by yawning):

 FWIW, I'm > 95% sure that there's another distinguisher.

 At some point I'll finish tracking it down/fixing it and update my fork (I
 rebased/cherry-picked for the HelloRetryRequerst fix already. though I
 have yet to tag a new version).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-02-25 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by dcf):

 Heads up, upstream utls fixed a distinguishability bug recently. A second
 ClientHello (which the client sends after the server sends a
 HelloRetryRequest) was not being camouflaged correctly. I confirmed that
 the bug existed with HelloChrome_70 against ajax.aspnetcdn.com, but I
 haven't personally tested yet that the fix actually fixes it. When I do,
 I'll update the branch.
 https://github.com/refraction-networking/utls/pull/21

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

2019-02-09 Thread Tor Bug Tracker & Wiki

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:5 yawning]:
 > Replying to [comment:4 mcs]:
 > > Kathy and I agree: if we are planning to switch to obfs4proxy's meek
 client implementation (which seems like a good option to us), we should
 change Tor Launcher to use SOCKS args with the meek PT that it spins up
 for Moat.
 > >
 > > Georg, is it worthwhile for us to do that work in Tor Launcher soon,
 or should we first resolve the "meek-client or obfs4proxy?" question?
 >
 > For what it's worth, I also think that changing Tor Launcher to do so is
 orthogonal from which meek implementation is being used, since the new
 code will work with both implementations (unless meek-client is doing
 something extremely surprising under the hood).

 Yep, that's what occurred to me as well. mcs/brade: aiming for the SOCKS
 args work to be ready for 9.0a1 seems like a good idea to me. Could you
 open a child ticket to this bug for that? We can then start shipping Tor
 Browser with uTLS support in the alphas shaking out bugs and have this
 ready for 9.0 later this year. However, we should have #28044 done first
 if possible.

 This is quite exciting as it gets rid of the additional browser profiles
 we ship, too, and brings us a step closer to a Tor Browser without
 extensions that need a signature requirement exception.

 So far I see no drawback of using `meek_lite`, so let's aim for that one.
 We can think a bit more about it, though, before we make a final decision
 in a couple of weeks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by yawning):

 * cc: yawning (added)


Comment:

 Replying to [comment:4 mcs]:
 > Kathy and I agree: if we are planning to switch to obfs4proxy's meek
 client implementation (which seems like a good option to us), we should
 change Tor Launcher to use SOCKS args with the meek PT that it spins up
 for Moat.
 >
 > Georg, is it worthwhile for us to do that work in Tor Launcher soon, or
 should we first resolve the "meek-client or obfs4proxy?" question?

 For what it's worth, I also think that changing Tor Launcher to do so is
 orthogonal from which meek implementation is being used, since the new
 code will work with both implementations (unless meek-client is doing
 something extremely surprising under the hood).

 I aim to keep the bridge lines between meek-client and meek_lite as
 compatible as possible.

 Currently the differences between the two implementations are as follows:

  * (config) meek_lite's `utls` option understands `HelloChrome_71`.

  * (config) meek_lite will use `HelloFirefox_Auto` if no `utls` option is
 specified.

  * (config) meek_lite has a (misnamed according to some) option
 `disableHPKP`.

 So, all meek-client bridge lines will work with meek_lite (though the TLS
 fingerprint may differ).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mcs):

 Replying to [comment:3 yawning]:
 > > either obfs4proxy would have to add them, or tor-launcher would have
 to start passing them as SOCKS args.
 >
 > From my perspective, the latter.

 Kathy and I agree: if we are planning to switch to obfs4proxy's meek
 client implementation (which seems like a good option to us), we should
 change Tor Launcher to use SOCKS args with the meek PT that it spins up
 for Moat.

 Georg, is it worthwhile for us to do that work in Tor Launcher soon, or
 should we first resolve the "meek-client or obfs4proxy?" question?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by yawning):

 > either obfs4proxy would have to add them, or tor-launcher would have to
 start passing them as SOCKS args.

 From my perspective, the latter.

 Replying to [comment:2 gk]:
 > meek-*lite* sounds like something is missing from `meek`. What is it and
 should we care about that?

 It is named that way, because support for using a "real" browser as a
 helper is missing, and I wanted that to be explicitly clear.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * cc: mcs, brade (added)


Comment:

 The option of having one binary less to build and ship seems to me a big
 pro of that meek_lite approach. meek-*lite* sounds like something is
 missing from `meek`. What is it and should we care about that?

 Adding mcs and brade for the `moat` considerations.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by dcf):

 * Attachment "meek-client-utls_2.pcap" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

Comment (by dcf):

Here is a sample branch that uses the same meek repo.
* [https://gitweb.torproject.org/user/dcf/tor-browser-build.git/log/?h
=meek-client-utls_2&id=616fbe2c19a9fce7a9d0adbc466b259c18c45fb8 meek-
client-utls_2 branch]
* [https://gitweb.torproject.org/user/dcf/tor-browser-build.git/diff/?h
=meek-client-

utls_2&id=616fbe2c19a9fce7a9d0adbc466b259c18c45fb8&id2=86ebdafc28a55042fea553ad7f23f796ea963b75
cumulative diff]

It's pretty straightforward; I think the noteworthy changes are:
* It only activates uTLS on alpha. I feel this is the kind of thing that
should be tested on alpha before going into stable.
* meek-client uses the mainline utls repo, not the fork that obfs4proxy
uses, so I moved the goutls project to goutls-yawning and re-added a
goutls project pointing to the original repo. I'm not sure what's best to
do here :/
* It requires a small tor-launcher patch: attachment:0001-Make-uTLS-
aware.patch, which I didn't upload to a branch anywhere.

There are a few additional changes that could happen, namely deleting the
meek-client-torbrowser executable and the meek-http-helper browser
profile.

It works; I'm using it to post this comment. I ran a [attachment:meek-
client-utls_2.pcap packet capture] of me using Moat and then starting to
bootstrap using meek-azure. There are 5 Client Hellos in the packet
capture, all with TLS fingerprint
[https://tlsfingerprint.io/id/71a81bafd58e1301 71a81bafd58e1301], which
uTLS calls `HelloIOS_11_1`. The first 4 are me struggling with the Moat
captcha (lol) and the 5th is starting the bootstrap itself.

I'm not marking this needs_review because I'm not necessarily proposing
this branch for merge, just using it as an example of what integration
could look like. I don't want to exclude the possibility of using
obfs4proxy. I think it's more like needs_discussion at this point.

--
Ticket URL:
Tor Bug Tracker & Wiki
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by dcf):

 * Attachment "0001-Make-uTLS-aware.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser