November 2018 - tor-project - lists.torproject.org

Tor network team meeting notes, 19 Nov 2018
by teor 21 Nov '18

21 Nov '18

Hi all! Logs here: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-11-19-17.58.html Pad contents below: = Network team meeting pad! = This week's team meeting is on Monday at 1800 UTC (1 hour later for daylight saving time) on #tor-meeting on OFTC. Welcome to our meeting! First meeting each month: Tuesday at 2300 UTC Other meetings each month: Mondays at 1800 UTC (1 hour later for daylight saving time) On #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == (Search the list archive for older notes.) 15 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002027.html 22 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002032.html 29 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002036.html 6 Nov: https://lists.torproject.org/pipermail/tor-project/2018-November/002047.html 12 Nov: https://lists.torproject.org/pipermail/tor-project/2018-November/002054.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * Let's look at proposed tickets! 0.3.5 (bugs only): https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… 0.4.0: https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases * PLEASE add comments to the questions at the end of https://pad.riseup.net/p/q0s3rQxVzSeZ * Remember to fill up actual point when you finish a task (as well as "fix" the estimate when starting the issue). * Add planned PTO to the calendar https://storm.torproject.org/shared/ISA5L5nH0Xu88iqSCx9ZjCXYSMKOBTdbUeWarbd… << Remember that priority is Sponsor 8 - roadmap is sort out by priority >> Activity O2.5 is the one we are missing and need to be done in 2 months. ------------------------------- ---- 19 November 2018 ------------------------------- == Announcements == Please don't bulk-delete all the old entries from this pad any more. Instead, delete the "planned" and "actual" for the previous week, but leave the "planned" for this week in place. Please check the dates before deleting. Check other's people call for help in their entries. Snowflake kickoff meeting on November 27th: overview and what needs to be done. TUESDAY november 27th at 23 UTC in #tor-meeting <<-- Come to the party! == Discussion == * sponsor 8 work • O2.5 (bootstrap reporting) is most important • - right now working on this: catalyst, ahf, dgoulet, teor. any of you need help with it? * Please see tickets with tag "035-rc-blocker?" -- are any of them really rc blockers? Are there any other true rc blockers? https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… * Is our process for "proposed" working? <-- we still didn't go through it yet teor says: things seem to get stuck in proposed. * We'd like some more feedback about sbws and relay bandwidth self-tests: Should we improve relay bandwidth self-tests? (#22453) Or should we rely on sbws to create the bandwidths it needs? What about test networks? Should we make bandwidths grow faster in sbws? Or is a ramp-up period of 2-5 weeks fast enough? (These are maximum ramp-up times: client traffic also makes bandwidths grow.) Details here: https://lists.torproject.org/pipermail/tor-dev/2018-November/013546.html Reviewer role responsabilities: https://pad.riseup.net/p/q0s3rQxVzSeZ - we are continuing next week with this discussion. == Recommended links == Powershell cheat sheet (for Windows/Appveyor builds): https://ramblingcookiemonster.github.io/images/Cheat-Sheets/powershell-basi… == Updates == NOTE NEW FORMAT! Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: • - Something you may need help with. PLEASE DO NOT BULK-DELETE THE OLD ENTRIES! Leave the "Planned" parts! Leave the parts for last week and this week! Nick: Week of 11/12 (planned): - Send comments about prop295 draft back to Tomer et al - Triage 0.3.5 must-do vs may-do stuff. - Continue revising publish/subscribe code pending comments from Taylor #28226. - Continue work on "dormant mode" logic for #28335. Hope to finish first draft, but might pend #28226 work. - Time permitting, add more tests for myfamily memory improvements (#27359) - Plan when to do next alpha/stable releases. - Write a schedule for upcoming releases - Backports to 0.3.4 etc Week of 11/12 (actual): - Marked 035-rc-blocker tickets that we need to have done asap - More revisions on "dormant mode" - Released an alpha - Tried to get backports done - Planned releases through January (see https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTor… ) - Worked on CI rotation; tried to get freebsd passing - interviews Week of 11/19 (planned): - Send comments about prop295 draft back to Tomer et al - Write tests for family compression branch #27359 - write tests for dormant branch #28335 - Inbox zero - interviews - book travel for brussels - Vacation Wed through Fri. • Want help with: Mike: week of 11/12 (planned) - GPG? Does anyone use it? can we agree to stop? Kidding. ;) - More WTF-PAD fixups, tests - Vanguards release? - Datagram paper diff for nick Week of 11/12 (actual) - Corrdinated WTF things and triage with asn - Ended up having to do a lot more errands and moving tasks than expected Week of 11/19 (planned) - Short week. - Vacation next monday and tuesday (will miss meeting). help with: Nick/asn: Can we decide on something I must-do this week? Like update the paper and do maybe one WTF-PAD crucial item that is a blocker? That way I don't get distracted and drop something until next weds. ahf: Week of 11/12 (planned): Sponsor 8: - Hook up transports.c with the code from #28179 and test that it all still works on all our platforms. Sponsor 19 - One interview this week with a candidate. - Continue looking into Snowflake. Misc: - Do the Mexico reimbursement that I keep postponing. Week of 11/12 (actually): Sponsor 8: - Got #28179 cleaned up, moved to first round of review with David, Windows code still lacks tests. Talked with Nick about event loop testing. - Fixed #28485. - Began to look at #27100. - Talked with Hans (TGP) about #28409 Sponsor 19 - Interviews with more candidates. Things seems to be going well. - Not much Snowflake stuff this week. Misc: - Review of #21377 - Booked trip for Brussels. Week of 11/19 (hopefully): Sponsor 8: - Work on #27100 while we move forward with reviews of #28179. - Add missing tests to #28179. - Figure out what we do with benchmarks for #28409. Sponsor 19: - A few more interviews left. - Prepare for Snowflake kick off meeting next week (the 27th!) Misc: - Test #28518 on FreeBSD. - Some reviews asn: [Might be offline for part of the meeting depending on dinner time.] Week of 11/12 (planned): - Sufficient review has happenened on the WTF-PAD branch. It's now time to start working on the TODO items and wrapping this up so that we move towards merge. Coordinate this with Mike. - Do reviews. - Continue helping with the anti-censorship team hires. Week of 11/12 (actual): - Coordinated with Mike on the TODO items of WTF-PAD: - Started coding unittests for WTF-PAD: Have written a bunch of them already and generated a few review points as well. - I was passed a code by Riastradh that tests probability distributions. I'm currently studying the code to see how to apply this to the WTF-PAD prob distributions. It's complicated tests and this is kinda of a rabbithole with unclear benefits, so I might pull out if this gets too intense. - Still need to revise my unittests that test histograms to make them more robust. - Help with anti-censorship team hires. - Did reviews. Week of 11/19 (actual): - Continue review and striking out items from the WTF-PAD TODO list. Hopefully we can have the branch in merge_ready soon. - Continue with the anti-censorship team interviews. - Do reviews. Help with: - All good. dgoulet: Week of 11/12 (planned): - Holiday on November 12th. - Review #28179 important s8 ticket then move on to #28180. - Help nickm with #28335 and childs. Week of 11/12 (actual): - Review on EOL policy (#28453) - Review nickm's #28335 and #28249 - HSv3 ticket work: merge, comment, patch and review: #28275, #28128, #27471, #28425, #27841. Week of 11/19 (planned): - Released torsocks 2.3.0 this morning (\o/) - Big s8 ahf's branch has arrived in my courtyard for review: #28179 - Continue work on #28335 with nickm. gaba: Week of 11/12 (actual): - weekly meetings (ooni, metrics, fundraising, las vegas) and 1:1s - metrics data architect position - participate in interviews for anti-censorship team developer - ooni roadmap - gettor Week of 11/19 (planned): - anti-censorship interviews - ooni roadmap - OOO thursday & friday AND taking off monday & tuesday (but will be there for network meeting and snowflake meeting) help with: - communicating anything about sponsor8-bootstrap help/needs and progress catalyst: week of 11/12 (2018-W46) (planned): - reviews - #27167 - 0.3.5 bugfixes as needed week of 11/19 (2018-W46) (actual): - travel planning for Brussels; got some clarification about pre-approvals - fixed some Doxygen breakage (#28435) - reviewed #27740 (Rust patch mismerge) - looked at Nick's ringbuf stuff - wrote some comments following up about ringbufs and alternatives - reviewed feedback from mcs on bootstrap reporting changes week of 11/19 (2018-W47) (planned): - following up with Nick about #28226 if needed - finishing up review of #28226 (pubsub) - #27167 - reviews - travel request for Brussels help with: haxxpop: help with: teor (offline): Week of 12 Nov (planned): - Continue to work on s8 bootstrap tickets - pick guards from a reasonably live consensus (#24661) - do path selection from a reasonably live consensus (#28319) - Fix the s8 chutney consensus failure bugs - Do a review of the sbws specs once a week - Maybe: Make the fallback script ignore addresses in the whitelist, so we can rebuild the fallback list Week of 12 Nov (actual): - shorter week due to Internet Freedom Hack over last weekend - sbws spec ticket review, fixed sbws rounding (#27689 and children), relay bandwidth tests review - too much sbws, I won't do any more sbws until next Monday - created "end of life tor" instructions (#28453) and cleaned up after 0.3.2 on trac - backport reviews for 0.2.9, 0.3.3, and 0.3.4 - emailed Travis about increased network failure rates in tor and sbws - they suggested some changes, which sbws has implemented - Fixed Appveyor CI OpenSSL build failures (#28399) - Revised Windows version code (#28096) - Talked to researchers about Prio and PrivCount in Tor - Booked network team hackfest travel, other admin - Reviewed metrics job applications Week of 19 Nov (planned): - Continue to work on s8 bootstrap tickets - pick guards from a reasonably live consensus (#24661) - do path selection from a reasonably live consensus (#28319) - Maybe: Fix the s8 chutney consensus failure bugs - Maybe: Make the fallback script ignore addresses in the whitelist, so we can rebuild the fallback list - Defer: Any more reviews on sbws - Defer: Most other tasks Week of 19 Nov (actual): - sbws and relay bandwidth testing feedback - Meeting about Mozilla's privacy-preserving user stats system "Prio" - Helped with sponsor 19 analysis of Orbot Onionoo load - Metrics job applications - Stuck on pick guards from a reasonably live consensus (#24661) Help with: - Please feel free to remind me that Sponsor 8 is the priority right now. I spent a lot of time on other tasks last week, some were high-priority, some weren't. juga: - Week 11/12 (planned): - Tor code - Relays should regularly do a larger bandwidth self-test (#22453) - bandwidth testing circuits should be allowed to use our guards (#19009) - In a private network some relays advertise zero bandwidth-observed (#24250) - sbws - Change integration tests from bash to POSIX shell (#28106) - revisions - Week 11/12 (actual): - "Relays should regularly do a larger bandwidth self-test" - "In a private network some relays advertise zero bandwidth-observed" - figure out network problems with sbws in production - figure out problems when transition from sbws-git to sbws-debian package - modify sbws to do not use local domain resolver - review ticket about the rounding algorithm in sbws - Week 11/19 (plan): - review more tickets about rounding - check that there are not TODOs related to the moment when we changed sbws to work as torflow - continue with "Serve bandwidth file used in the next vote" - continue with "In a private network some relays advertise zero bandwidth-observed"

1 0

Public beta testing of OONI Probe mobile apps
by Maria Xynou 19 Nov '18

19 Nov '18

Hello, Thanks to great feedback provided by the community, the OONI team has been working on revamping and improving upon the OONI Probe mobile apps. Today, we are excited to announce that we have released the public beta! To further improve upon the apps before the stable release, we invite you to become beta testers and to report any bugs/issues. # Becoming a beta tester On Android: * Sign up to the beta: https://play.google.com/apps/testing/org.openobservatory.ooniprobe * Update your OONI Probe mobile app (to get the public beta) from Google Play On iOS: * Tap on this link from your device and follow the instructions: https://testflight.apple.com/join/rh3Ig7fE # Reporting issues Once you have installed and played around with the public beta of the OONI Probe mobile apps, we encourage you to report any issues you encounter. You can file tickets on the following GitHub repositories: * OONI Probe (all platforms): https://github.com/ooni/probe/issues * OONI Probe for Android: https://github.com/ooni/probe-android/issues * OONI Probe for iOS: https://github.com/ooni/probe-ios/issues Please check if the problem you are encountering has already been reported. If you’re not a GitHub user, you can share your feedback with us by writing an email to contact(a)openobservatory.org. Your feedback and bug reporting is hugely appreciated, as it will help us launch better apps! Thanks a million, and happy testing! ~ The OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.torproject.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

Tor as critical infrastructure
by Roger Dingledine 19 Nov '18

19 Nov '18

Tor is critical infrastructure across several very different spectra: - The underlying Tor proxy is the component that many internet freedom projects, from Briar to Onion Browser, rely on for their security properties. - The Tor Project is the origin and center of the pluggable transports idea, where our modularity means that tools like Lantern and Tunnelbear can (and do) directly reuse our obfs4 system for their own censorship circumvention goals. - OONI is increasingly becoming recognized as a core building block in assessing and understanding Internet censorship around the world. - Our browser changes in Tor Browser are changing the landscape of browser security, for example with Firefox declaring fingerprinting resistance as one of their top next priorities, and with Firefox and Brave and others wanting to bake Tor in to their "actually private browser mode" plans. - Facebook, New York Times, Securedrop, and many others have adopted Tor onion services as a safer security layer ("like https but better") for their users to reach their websites and other services. Some years ago the US Congress asked DRL to do a study of their funded projects, and one of the findings was that Tor was central to half of their projects at the time: https://www.rand.org/pubs/research_reports/RR794.html (see pages 73-74) That is, those projects wouldn't be able to accomplish their goals without relying on Tor for security and privacy and censorship resistance. We've always known Tor was in the middle of many efforts to improve lives around the world, but we would be wise to write this up in a way that others can recognize. Here are some potential concrete next steps: * A blog post with the above details and others that we brainstorm, to pull together all the parts of Tor that are critical infrastructure for other projects. * A condensed version for our future website, so the topic doesn't get lost in an old blog post. * A brochure-sized version that we can print out and give out at booths and conferences, alongside the "run a relay" advocacy brochures. * An intermediate-size version that we can use in funding proposals to remind funders of our critical role in this space -- not just for the traditional "internet freedom" funders but also for foundations and major donors and others who need help understanding our world. (On this last point, I had a discussion with one of our DRL program managers about Tor-as-critical-infrastructure, and he reminded me that DRL's charter is to not fund infrastructure. But even that is fine: everybody wants to see the stuff they fund get transitioned to broader use, and even when we aren't asking them to fund "infrastructure" directly, we can show them our consistent track record: "when you fund Tor things, it always ends up benefiting a much larger ecosystem.") --Roger

2 2

October Communications Report
by Stephanie A. Whited 16 Nov '18

16 Nov '18

Hi Tor, In October, the comms teams helped launch our end of year fundraising campaign. We’ve been working with The Berkeley Group on a brand perception study we can use to help create a marketing strategy next year. And I worked with Isa and Antonela on mockups for the new TPO site coming soon. October comms in numbers and links: New blog posts https://blog.torproject.org/strength-numbers-double-your-donation-mozillas-… https://blog.torproject.org/reflections-tor-meeting-newbie Twitter avg at least 3 tweets/weekday New followers: 3,894 Top tweets: https://twitter.com/torproject/status/1049370119338713088 https://twitter.com/torproject/status/1049328916790480901 https://twitter.com/torproject/status/1050381224554975233 Mastodon at least 1 post/week New followers: 290 LinkedIn at least 1 post/week New followers: 71 Facebook 1 post/weekday New followers: 193 Instagram at least 1 post/month New followers: 72 Newsletter 1/month https://newsletter.torproject.org/archive/2018-10-31-newbie-reflections-moz… Notable press https://techcrunch.com/2018/10/24/mozilla-tor-project/ https://www.zdnet.com/article/advertisers-can-track-users-across-the-intern… https://motherboard.vice.com/en_us/article/zm9jd4/old-school-sniffing-attac… -steph -- Stephanie A. Whited Communications Director The Tor Project IRC: stephw PGP Key ID: 39A876AD <https://pgp.mit.edu/pks/lookup?op=get&search=0x6D6B72C339A876AD>

1 0

October 2018 report for the ux team
by Antonela Debiasi 16 Nov '18

16 Nov '18

Hello Tor, We started October in the beautiful Mexico City. We met a lot of tor users in Mexico, and we got a lot of insightful discussions. Thanks Community team! We continued working with Tor Browser security settings. We are trying hard to make clear for our users to understand the trade-offs of picking each level. It is a work in progress now and will reach the stable channel soon. Reading the ticket could be overwhelming, but you can have an overview of our iterations looking at the attachments: https://trac.torproject.org/projects/tor/attachment/ticket/25658 Towards our intention to have more open conversations and share the work we are doing, we released the first documentation for one of the big projects we handled this year. Next scheduled docs include .onion security padlock and onboarding in TB8. Thanks, Pili for uploading it and Hiro for your review! https://trac.torproject.org/projects/tor/wiki/org/teams/UxTeam/Misc/Circuit… We are trying to find the most useful way to report the usability research we are running around the global south. As I mentioned in the previews recaps, we were using the ticket #27010 to archive our sessions. In addition to that, we put together a framework for reporting our usability testing. It captures a lot of data that shows the feature's history through development and UX. We already started to use it to inform our recent research on the Tor Browser, and we will have our first reports coming out soon. https://storm.torproject.org/shared/KaJn4JRxGajVno961aLOfqJs-8AsfIvGn-4e_5h… Also last month, we surveyed our community to pick the next Tor Browser Icon (!). The results were informed, and the applications team is already working on its implementation. Thanks all for participate! You can see the new Tor Browser icon here: https://trac.torproject.org/projects/tor/ticket/25702#comment:8 OONI released a newly redesigned version of Probe. We did design reviews with Elio and the OONI team to achieve the best experience for probers and researchers when they measure networks with their phones. Great work ooniers! https://lists.torproject.org/pipermail/ux/2018-October/000430.html The End of Year campaign is running, and we provided support to the Fundraising team with marketing material to promote it. We have banners running in different locales at torproject.org, Tor Browser and Tor Browser for Android. http://donate.torproject.org/ On behalf of the Tor UX team, Antonela

1 0

community team update, October 2018
by Alison Macrina 16 Nov '18

16 Nov '18

October 2018 Community Team highlights Meeting notes ================================================================== https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam#Curre… Tor Meeting ================================================================= We held the Mexico City meeting and it was amazing! You can read the notes from that meeting here [1]. Several Tor people including Gus and Antonela gave talks "Coloquio Academico Mecanismos de Privacidad y Anonimato en Redes" at UNAM after the Tor Meeting. Later in October, Alison sent out a survey for the next Tor Meeting location and dates to all core contributors (and the winner is Athens, May 2019) Community portal, support portal, and user advocacy ================================================================== We mapped out our needs for community.torproject.org and began working on outreach material for that portal along with the UX team. Maggie took on more user advocate responsibilities and continued the monthly user issues update email. Anti-censorship ================================================================== In October, Kat began work writing and aggregating reports about Tor's anti-censorship efforts. Localization ================================================================== emmapeel localized donate.torproject.org, got Chinese added to support.torproject.org, and added screenshots in Transifex. Library Freedom Institute ================================================================== Alison began migrating LFI content to a wiki. The LFI cohort completed weeks 19-22 of their training. Library Freedom also started a website redesign, which we will debut soon! Tor talks and outreach ================================================================== Maggie and Cybelle held a "Demystifying Tor" workshop at MozFest Alison submitted the CFP for the UX and community teams to talk at IFF. She also worked on planning for the two teams to attend that conference together. Roger submitted a talk to FOSDEM, Steph requested a stand, and ahf made a wiki for Tor people attending [2]. Gus is working on creating volunteer projects for students at the University of Sao Paulo (USP). Gus gave a Tor talk to students of LabJor [3] and gave a security workshop in Sao Paolo. Gus also organized travel to Guatemala to give a Tor talk and organized a security workshop at BIENAL in Sao Paolo. Relay advocacy ================================================================== Colin is working with a VPN company on deploying some exit relays. He also updated the obfsproxy bridge deployment instructions and identified primary documentation [4] and sent a moderation email to tor-relays [5]. He worked on deploying VMs for fallback directory list rebuilding and updated the fallback list in preparation for rebuild. Finally, Colin contacted operators running EOL versions of Tor and encouraged them to upgrade. ================================================================== [1] https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/N… [2] https://trac.torproject.org/projects/tor/wiki/org/meetings/2019Brussels [3] http://www.labjor.unicamp.br/ [4] https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4… [5] https://lists.torproject.org/pipermail/tor-relays/2018-October/016524.html -- Alison Macrina Community Team Lead The Tor Project

1 0

My first day as ED
by isabela 16 Nov '18

16 Nov '18

Hello Tor! We are officially done with the transition process! This means that I am now (for realz) Tor’s ED :) Shari will be in a consultant position till the end of the year, and starting 2019 she will join our Board. If you haven’t seen yet, here is her blog post on it: https://blog.torproject.org/strength-numbers-onion-blooms I wanted to write this note to you so we can review a bit of what was done during this transition period and how that lines up with some of the points I had on my (short term) vision for Tor. Some might remember the IRC chat after my nomination, where I shared a few bullet points of areas I would like Tor to focus on in the short term. Most of these are not new and are things that Tor (TPO+TPI) have been talking about for a while and know we should be doing. Let’s start with the goals related to: 1 - A Mature Tor Project (organization/community) 1.1 - Stable income flows from a diverse funding base ^ We built a Fundraising team (Sarah, Fundraising Director; and Al, Grant Writer) and equipped Sue (CFO) with a Finance team (Bekeela, Grant Manager; and Millicent, Bookkeeper) to help us achieve this goal. This is what I am calling our ‘money machine.’ They will work together with our new PMs (Gaba and Pili) on proposals and also on other sources of income for Tor (major donors, family foundations, direct donations, etc.). This team is meeting weekly to sync on all of the different grants, proposals, and fundraising campaigns we are working on or plan to do in the upcoming months. We also maintain a calendar where we will try to have at least 1 initiative per month related to bringing in money. Back in September, we created a calendar that goes till January, and in early 2019 we will have another big meeting where we will plan for the first 6 months of 2019 (the remaining time of our current fiscal year). 1.2 - Diverse and robust organization that meets our needs ^ A lot that I will be talking about in this email reflects on this goal. 1.3 - Strong organizational culture, focused on employee and volunteer happiness and stability ^ Shari did a lot of this already, from employee benefits and salary adjustments, to workshops at dev meetings (unconscious bias and the culture clash one in Mexico, for instance). A lot has been done, and of course there is still a lot to do. That is why I kept this goal here. For now I will just bring up one thing that I believe is important and we need to do. Tor has a culture, but we should be able to articulate our culture and define it so others know what it means, so most importantly, we don’t lose it as we grow. I just want to drop this here as a seed for others to think about it as well. We will resume this conversation in 2019 for sure! 1.4 - Global brand recognition - Tor means strong privacy ^ The Berkeley Group [theberkeleygroup.org] is a student organization of UC Berkeley that provides services to nonprofits for free or at a low cost. We contracted with them to research Tor’s brand perception by different demographics in the US and to provide us with suggestions of convincing points to improve our brand image, along with suggestions of channels we could use in a marketing strategy to help with that. We will be sharing all of this once it’s done, but we will use this to build a marketing strategy for 2019. Marketing means, as part of communications, how we will pitch to donors, how we do outreach, our website content, and the list goes on. It’s a bit of everything, but we should digest what The Berkeley Group delivers to us and figure out how we apply that in real life. Like the goal says, Tor should mean strong privacy for people, and all this work is to achieve that perception of our brand. Now let’s move to the other set of goals I had for product: 2 - Full Access (product) 2.1 - Any person on the planet can access the Tor Network ^There are a few things related to this goal, for instance people need to be able to bypass censorship against Tor to access the network. Also, we need to have clients that work on any device and any OS so we can really provide a way for *anyone* to access the Tor network. Of course both things are mega hard, and that’s ok. The goal here is for us to think about the challenges to get there and figure out how to get started. This year, mobile has been on our minds :) not only with releasing a mobile browser, but also with optimizing little t tor for mobile apps. We are also creating an anti-censorship team and building projects that will require different teams to work together to fix problems related to the user experience under censorship. 2.2 - Any person on the planet can use the Tor Network to access any website or online services ^Same thing, we can think of many different types of work that would help us achieve this goal. The work being done by our Community and UX teams, where folks are going to different countries, meeting communities at-risk, learning their needs, teaching them about online security and collecting their feedback on our tools is fundamental for us to achieve the *can use* part. And this goes too for the *can access* part of the goal 2.1, above this one. Goal 2.2 also is about accessing websites and online services. The painful captchas are a challenge we need to address, because this is a big complaint users have related to using Tor. At least some things have improved with CloudFlare and their alt-svc for .onion addresses solution, which is good. There is more to do, and this is a hard one to address, but we can’t ignore it just because it is hard. We should at least put our minds on it and see what can be done, and little by little we can get there. 2.3 - Ensure Tor Network is diverse, healthy, stable and scalable ^None of the above can be done if this one is not happening. To achieve this goal we will need a combination of efforts, like help from our research community and metrics and OONI teams, which can provide us with valuable information that can help us make new design decisions, monitor our network and test new code. Of course our network team is very important for this goal :) But we will need to add support for areas where we are under capacity right now, like monitoring the health of the network to make sure there is no malicious behavior or attacks on it. Sorry for the long email. Since today is considered my first day as ED, I thought it would be nice to go back to these goals and share a bit of how we can be working together to achieve those, and how the new people can help us too. I want to recognize that I am probably missing other goals we should be thinking about for the next 3 years. I would like to hear other thoughts, and I would like to do an update on this list at the meeting in Greece. This is the beginning of a conversation, not the end. I hope to have a chance to host a ‘tea time’ on irc before the end of the year for us to chat. Please hold me on that! I am mega busy, but I would really like to try that out before 2019. Cheers, Isabela PS: tons of <3 for Shari, who has been extremely amazing and who I will forever be thankful for her support, guidance, and help.

1 0

OONI Monthly Report: October 2018
by Maria Xynou 16 Nov '18

16 Nov '18

Hello Tor world, In October 2018, the OONI team co-published a new research report, in collaboration with DefendDefenders, examining Uganda's social media tax through the analysis of network measurements. We wrote new OONI Probe nettest specifications, improved our heuristics for semi-automated blockpage and blockserver detection, completed a list of improvements to the monitoring of OONI services, and released a private internal beta of the revamped OONI Probe mobile pps. We also facilitated an OONI workshop at MozFest and participated at the OTF Summit. ## Report on Uganda's Social Media Tax In collaboration with our Ugandan partners, DefendDefenders, we co-published a new research report tited: "Uganda's Social Media Tax through the lens of network measurements". Our joint report is available here: https://ooni.io/post/uganda-social-media-tax/ As part of our latest study, we examine the blocking of social media & circumvention tools across ISPs in Uganda through the analysis of OONI network measurements. Over the last months, we have published the following 5 research reports (in collaboration with our partners): 1. The State of Internet Censorship in Venezuela: https://ooni.torproject.org/post/venezuela-internet-censorship/ 2. The State of Internet Censorship in Egypt: https://ooni.torproject.org/post/egypt-internet-censorship/ 3. South Sudan: Measuring internet censorship in the world's youngest nation: https://ooni.torproject.org/post/south-sudan-censorship/ 4. Mali: Social media disruptions amid 2018 presidential election? https://ooni.torproject.org/post/mali-disruptions-amid-2018-election/ 5. Uganda's Social Media Tax through the lens of network measurements: https://ooni.io/post/uganda-social-media-tax/ More research studies are available on our website: https://ooni.torproject.org/post/ ## Revamping OONI Probe mobile apps Both Android and iOS apps have been implemented based on improvements to Measurement Kit and the finalized design and copy. We released a private internal beta to further test and polish the apps. Relevant pull requests include: * https://github.com/ooni/probe-ios/pull/187 * https://github.com/ooni/probe-ios/pull/186 * https://github.com/ooni/probe-ios/pull/185 * https://github.com/ooni/probe-ios/pull/184 * https://github.com/ooni/probe-android/pull/159 We are now preparing for a public beta release of the apps. ## Research and write specifications for new OONI Probe nettests We wrote specifications for a series of techniques that we plan on using in next generation OONI Probe nettests. These techniques will allow us to collect more rich network measurement data, further reduce the number of false positives in measurements and confirm, with a higher level of confidence, incidents of internet censorship. Our new nettest specifications are available via the following pull request: https://github.com/ooni/spec/pull/118 ## Implementation of semi-automated blockpage and blockserver detection We have added SimHash support (https://en.wikipedia.org/wiki/SimHash) to enable the semi-automated blockpage and blockserver detection. When several unrelated URLs present a similar page, this usually means that the page is either a common web-server error page or a blockpage. Human intelligence is still required to distinguish anti-DDoS service provider captcha pages from generic "403 Forbidden" web-server errors and a "genuine" blockpage. We therefore added support for SimHash to use it as the first approximation of webpage similarity, to avoid pair-wise comparision of hundreds of millions of webpages stored in the OONI dataset. See: https://github.com/ooni/pipeline/pull/124 We also added support for the partial re-processing of data, to avoid processing the whole dataset when the list of known blockpages changes. See: https://github.com/ooni/pipeline/commit/a86e4fe42dec869b02618ba2c3e28281205… ## Improvements to the monitoring of OONI services To detect issues with our infrastructure earlier and to therefore minimise downtime and be more responsive to incidents, we have done several improvements to monitoring. We have completed all activities the aimed at improving the monitoring of OONI services, listed in the following issue: https://github.com/ooni/sysadmin/issues/226 ## Community activities ### Community meeting We held a community meeting on Slack (https://slack.openobservatory.org/) on Wednesday, 24th October 2018. As part of the meeting, the OONI team provided updates on what we worked on during the past month. We also addressed community questions pertaining to running OONI Probe on Linux and Raspberry Pis. ### OONI Probe workshop at MozFest OONI's Elio traveled to London to facilitate an OONI Probe workshop at Mozilla Festival (https://twitter.com/mozTechSpeakers/status/1056851429766414336) This provided a great opportunity to engage more community members with OONI's work. ### OTF Summit OONI's Maria traveled to Taiwan to participate at the OTF Summit (29th & 30th October) and the Open Internet Day (31st October 2018). This provided an opportunity to connect with community members, learn more about their projects, and brainstorm on potential avenues for collaboration. ## Userbase In October 2018, OONI Probe was run 391,014 times from 5,062 different vantage points in 214 countries around the world. This information can also be found through our stats: https://api.ooni.io/stats ~ The OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.torproject.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

Notes from November 15 2018 Vegas team meeting
by Karsten Loesing 16 Nov '18

16 Nov '18

Notes for November 15 2018 meeting: Alison: 1) still finishing LFI round 1, working on round 2 2) creating community portal content 3) working on SIDA report Mike: 1) Sponsor2 work; still ignoring most other things. Gaba: 1) Gettor coordination for next week. 2) OONI roadmap and deadlines for MOSS. 3) Slowly receiving CVs for metrics data architect position. 4) Interviews for anti-censorship position. 5) Organizing sponsors that teams are working on. Antonela: 1) working on TB security settings - http://trac.torproject.org/25658 2) working on TBA+Orbot settings and onboarding - https://bugs.torproject.org/28329 3) the first version of our series of docs is on the wiki. Thanks pili for pushing it live and hiro for the review! https://trac.torproject.org/projects/tor/wiki/org/teams/UxTeam/Misc/Circuit… 4) met with Ciberseguras to talk about further community outreach together. 5) sent my article for the UNAM colloquium. 6) working with the community team on our new outreach material. 7) met with Helen and Pili to define our User Testing Reporting Framework. 8) planning usability research for next month in Brazil. 9) met with Duncan, a designer from Scotland who is interested on helping the UX team. 10) synced with Alex (ahf) about snowflake. 11) reviewing OONI Explorer mockups with Elio. Georg: 1) busy with getting Tor Browser for Android alpha into shape 2) writing back to the snap mail sent by Iain today (not sure what we want to do with that in particular and with our Linux situation in general yet) Nick: 1) lots of features, lots of releases, lots of coding. 2) anticensorship dev interviews seem to be going well. Arturo: 1) Preparing for a public beta release of OONI Probe mobile 2) Published a report on Uganda with our partner defend defenders: https://ooni.torproject.org/post/uganda-social-media-tax/ 3) Getting input on OONI Explorer from UX team 4) Anticensorship dev interviews Sarah: 1) Firming up YE campaign blog/email/social media schedule (will be contacting several of you to see if you are willing to author a post) 2) Finalizing language for next round of TB banners for next release 3) Met with OTF and Sida POs over the weekend Steph: 1) announced Nighat joined the board. Published blog, sent releases, shared on social 2) writing EOY campaign post, outlining others 3) making graphics from Tor Stories quotes 4) writing feedback from The Berkeley Group’s midpoint presentation 5) coordinated an interview for Isa 6) gave edits to the blog comment policy Pili: 1) Carried on with data gathering for Sponsor 9 report 2) Sent out Visual Identity Survey - Started analysing results Shari: 1) finishing my farewell blog post; should be posted later today 2) so many loose ends with the transition, which is happening this afternoon! isabela: 1) finishing transition - getting all things flipped (financial stuff) 2) reviewing YE campaign blog posts and other copies 3) catching up on visual identity exercises 4) helping on sida report a bit 5) recreating our organogram 6) did interview to spanish tve - a bit lame tho :( they were really into metrics and dark web 7) met with Sida PM and with OTF team in DC 8) reviewing 990

1 0

October 2018 User Feedback Report
by Maggie 15 Nov '18

15 Nov '18

Hey, friends! Welcome to the October 2018 user feedback report. For more information on what users and community members were talking about this month, check out the Fall 2018 User Feedback pad [1]. TL;DR: Things seem to be going smoothly! - Users aren't talking as much this month about the user agent changes. - The most common questions are related to using Tor together with a VPN (should I use both? Is it bad to use both? How can I hide the fact that I'm using Tor?). - Regarding TBA, users are largely grateful that we're developing an official Android app, and feedback is generally very positive. Ratings on the Google Play Store are high (the app is currently rated 4.3 stars), even when users are experiencing some fairly frustrating quality-of-life issues. - In offline news, Cybelle and I ran a Demystifying Tor workshop at MozFest! There was great turnout, and lots of interest in running relays. --- Now, on to the feedback! Scroll further down to see a recap of some of the MozFest session questions, a summary of Reddit posts, some points from Google Play Store reviews, a list of the most common Stack Exchange tags from the month, and a collection of some notable issues and bugs mentioned by users in October. - One of the most common points of confusion is whether people should use a VPN together with Tor to mask the fact that they're using Tor. In conversations about this on Reddit, pluggable transports are rarely mentioned. Even though we already have some information about VPNs in the FAQ, it seems that this explanation is not extensive enough, and that the information is not visible enough. I suggest that we release a blog post or a few tweets to further address this misconception. - In general, it seems like users will go to Reddit before reading the FAQ or support.torproject.org. How can we change this flow to encourage users to check Tor resources before seeking outside advice? - People always have questions about whether doing a certain thing will allow them to be fingerprinted (i.e. relative window position, adding bookmarks, etc.). Can we add a list of things to the FAQ that might allow users to be fingerprinted? We might also consider implementing more pop-up warnings when users attempt to do something that might identify them, as we currently do when users resize the browser window. - Tor is still broken for screen readers. In addition, Gesturefy (an extension that can be used as an accessibility aid) doesn't work with Tor Browser any more. These two issues are limiting Tor's accessibility, and making it so that certain users can't use Tor at all. --- Questions from the MozFest Demystifying Tor session: - Is it ever safe to run any type of relay from my home? - How can I contribute to Tor? - What are some good ways to convince people to use Tor? --- Most common questions on Reddit (r/TOR): - How can I hide the fact that I'm using Tor; or, should I use a VPN together with Tor? - (it's worth noting that these discussions rarely mention pluggable transports as a solution.) - Tor can't connect. What do I do? - People on Reddit are generally very good about troubleshooting this one. --- TBA Reviews & Feedback on Google Play Store: - People are frustrated by the current issues with copy/paste and text selection. - TBA fails to download files, causing frustration for users. - Users are requesting that we bundle Orbot and TBA into the same app. --- Most common stack exchange tags: - tor-browser-bundle - 18 asked this month - configuration - 10 asked this month - tor-install - 7 asked this month - windows - 6 asked this month - anonymity - 5 asked this month - security - 5 asked this month - tails - 5 asked this month - help - 5 asked this month - connection - 5 asked this month --- Notable bugs, fixes, & issues: #27867 - Gesturefy doesn't work with Tor Browser - (OPEN - needs more info) [2] #27256 - Text cannot be selected, copied, or pasted as usual on TBA - (OPEN - needs more info) [3] #27701 - TBA fails to download files - (OPEN) [4] #27987 - TBA disables screenshots, with no option to enable them - (OPEN) [5] #27845 - Browser window size is 1000x998 on MacOS - differs from other OSs and allows MacOS users to be differentiated - (OPEN) [6] #27813 - Tor 0.3.4.8 is leaking memory - (CLOSED - fixed in Tor 0.3.4.9) [7] --- That's it for the month of October! For the sake of brevity I've left out some other feedback, so if you want to know more, please do check out the Fall 2018 User Feedback pad [1] or reach out to me via email (waywardwyrd at riseup dot net) or IRC (wayward). Thanks for reading! I'll see you all back here next month. - Maggie (wayward) pronouns: she/they | twitter: @meochaidha <https://www.twitter.com/meochaidha> pgp: 0626 9C68 D0CC 1A5B E41B 72F2 615E B878 975C 4CDC ------ Annotations: 1. https://storm.torproject.org/shared/-vEQadBBHb8ZOzrLMMaJNrDuFK5XxJAQXcta30-… 2. https://trac.torproject.org/projects/tor/ticket/27867 3. https://trac.torproject.org/projects/tor/ticket/27256 4. https://trac.torproject.org/projects/tor/ticket/27701 5. https://trac.torproject.org/projects/tor/ticket/27987 6. https://trac.torproject.org/projects/tor/ticket/27845 7. https://trac.torproject.org/projects/tor/ticket/27813

1 0