Hello Tor Browser Team!
I would like to share a little bit how we will be organizing the team
meetings day at Amsterdam Meeting. As you might have seem at the meeting
wiki:
https://trac.torproject.org/projects/tor/wiki/org/meetings/2017Amsterdam#We…
We are reserving a day just for the teams to meet:
Thu, 23 Mar: Teams meet to work on mapping and other issues; general
meeting invitees arrive; group dinner in the evening.
We created a 'calendar' system to better organize this day.
I bet most of you haven't use google calendar but at Twitter we did
and a cool feature was to be able to see everyone's calendar so you
could figure out a good time to schedule a meeting.
I created a 'calendar' for us here:
https://storm.torproject.org/shared/_xuQsyM7Lkssjv9gKLw2rePMn9JYhtUBx1nr5Wg…
You will see that some folks have already schedule meetings on it.
Please read the suggested guidelines on how to use it.
Some things to keep in mind as we organize Tor Browser Team meetings:
1. In the past we used this time to organize our roadmaps
2. You might want to invite Linda to join your roadmap discussion as
she will be working on some tasks with you (all ux work before building
UIs etc)
3. You should think if you want invite any person who is coming to Tor
Meeting and you think should be in an specific meeting (remember this
day is for teams and teams invites only) - maybe would be good to
include some mobile people and have a mobile roadmap meeting?
Let me know if you have any questions o/
Isabela
Here are some ideas I'd be willing to mentor if anyone thinks they're good/bad:
- Creating a Crash Reporter and accompanying backend
- Privacy-preserving metrics gathering (RAPPOR + opt-in) - this might
be too ambitious though...
- .onion, HTTP/2, Alt-Srv investigation - An idea of speeding up sites
by serving them over a .onion with HTTP2 using the Alt-Srv header,
probably with judicious use of server push
- Security Slider Enhancements (Putting more features in FF behind the
slider) - this one is probably not ambitious enough
-tom
---------- Forwarded message ----------
From: Damian Johnson <atagar(a)torproject.org>
Date: 29 January 2017 at 15:57
Subject: [tor-project] We need project ideas for GSoC 2017!
To: tor-project(a)lists.torproject.org
Hi all! This week I'm getting our ducks in a row to apply for Google
Summer of Code 2017...
https://summerofcode.withgoogle.com/
I just trimmed our volunteer page of projects that were done last year
and sadly that doesn't leave us with much. We need mentors and project
ideas!
Got anything you'd care to mentor this summer? If so please let me know!
Just send me a description like the ones on the following and I'd be
happy to add it to our site...
https://www.torproject.org/getinvolved/volunteer.html.en#Coding
Please note that all projects must have two mentors, one of which is
an established tor person. If you're not part of our internal community
that's fine, but please find a core developer to co-sponsor your
project and act as a secondary mentor.
Thanks! -Damian
_______________________________________________
tor-project mailing list
tor-project(a)lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
Sorry for messing threading up, I wasn't subbed to this list.
anonym wrote:
> > It is also worth noting that Yawning created a new launcher/updater
> > for Linux as part of his Sandboxed Tor Browser Project (it uses go,
> > Gtk+ 3, and libnotify).
> > https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Sandbox/Linux
>
> Interesting, but I wonder how much of this launcher that is about
> setting up the sandboxes -- my fear is that it simply is designed for
> something else than what we want. Any way, I haven't looked at it, I'm
> just speculating. :)
Well. Any decent sandboxing solution can't have firefox being the
process launching the tor daemon, because that requires granting
it things like network access, filesystem access to the tor data
directory, etc that it frankly has no business of ever accessing.
From a security standpoint, I think that tor-launcher needs to die,
and I wrote sandboxed-tor-browser accordingly. Since it's an Alpha,
and I had limited time, it doesn't do everything that tor-launcher
currently can, it currently supports:
* Configure a tor daemon.
* Pluggable transports (limited to that supported by obfs4proxy
because I don't have a good answer for sandboxing meek/snowflake,
and no one uses FTE).
* Bridges, both custom and built in.
* External network proxies (HTTPS/SOCKS4(a)/SOCKS5).
* Launch the tor daemon and monitor bootstrapping status.
* (what tor-browser-launcher does)
* (update check/fetch/apply)
* (lots of sandboxing stuff that only I care about)
Things it should have:
* i18n support (Dropped in favor of "get something done").
* Support the rest of the Pluggable Transports.
* Support user specified torrc directives (eg: ExcludeNodes related
tinfoil hattery).
* Support runtime reconfiguration. The torrc is never checkpointed to
disk, and is regenerated on each launch. I don't think firefox
should ever get to talk to the control port either (and
sandboxed-tor-browser enforces this), so this might be somewhat
tricky.
I don't think what I wrote is what people want here, because:
* It was written to only support Tor Browser.
* As you note, it has lots of stuff related to sandboxing, though in
an ideal world, everything should be sandboxed.
* I used Gtk because the sandboxing implementation I wrote assumes
Linux.
If I were to be the one working on a "tor-launcher" replacement, I'd
probably write an external launcher, using Qt or something...
Regards,
--
Yawning Angel
> Georg: Patrick Schleizer:
>> Hi,
>>
>> XPCOM / XUL based add-ons will be deprecated in Firefox. [1]
>>
>> I've searched trac, mailing list, irc logs... I know you are aware
>> of that, but haven't found your plan forward. Is there already
>> one?
>>
>> What are your plans regarding tor-launcher? Will tor-launcher be
>> ported over as Firefox WebExtension? Is that even possible?
>
> We investigated what we would need for porting the extensions over
> to Webextensions a while ago in
> https://trac.torproject.org/projects/tor/ticket/17248.
>
> The current plan has not changed: we still plan to port our
> extensions over to the Webextensions framework. It might need some
> upstream changes which we would provide with own patches but we'll
> see.
>
> Georg
I had some discussions with Mark and Linda at the Tor Summit about the
various non-browser use-cases for tor-launcher, especially as a means to
allow the user to enable bridges/transports via GUI.
There is currently no GUI for users to select bridges/transports for
non-XUL tor project applications. The move to WebExtensions does not
seem to improve the situation.
I was wondering if this is still something being considered, even in the
longer term?
The move away from XUL could be an opportunity to address this by
building a more generic solution that could be used by the increasing
number of tor-powered applications/environments, such as onionshare,
ricochet, tails, qubes, subgraph, etc., in addition to tor browser and
tor messenger.
For background there had been a previously aborted effort to write a
python-based tor-launcher clone:
https://www.whonix.org/blog/connection-bridge-wizard
Michael
--
Michael Carbone
Qubes OS | https://www.qubes-os.org
@QubesOS <https://www.twitter.com/QubesOS>
PGP fingerprint: D3D8 BEBF ECE8 91AC 46A7 30DE 63FC 4D26 84A7 33B4
Hi,
XPCOM / XUL based add-ons will be deprecated in Firefox. [1]
I've searched trac, mailing list, irc logs... I know you are aware of
that, but haven't found your plan forward. Is there already one?
What are your plans regarding tor-launcher? Will tor-launcher be ported
over as Firefox WebExtension? Is that even possible?
Or will tor-launcher become a standalone application that runs outside
of Firefox?
If it is the latter, we Whonix would be interested in that. Our use case
is "same as system Tor". I guess the Tails developers may be interested
in that also, hence cc'd their list also.
Best regards,
Patrick
[1]
https://blog.mozilla.org/addons/2015/08/21/the-future-of-developing-firefox…
Hi,
tor-browser-launcher users are reporting validation failures for Tor
Browser 6.5:
Tor Browser 6.5 was signed by a new subkey.
But apparently tor-browser-launcher hard-codes the old subkeys.
See #tor and GitHub:
https://github.com/micahflee/torbrowser-launcher/issues/260
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------