May 2018 - tor-project - lists.torproject.org

Notes from May 17 2018 Vegas team meeting
by Karsten Loesing 18 May '18

18 May '18

Notes for May 17 2018 meeting: Karsten: 1) Worked on various smaller improvements to our statistics-generating code as a (positive) side effect of specifying processes for Sponsor 13 deliverable 2. Mike: 1) Trying to finish up as much of the vanguards code as possible before Seattle. Alison: 1) Uganda prep! All trainings are coordinated. We have a super packed schedule, meeting with lots of people, doing usability tests, threat modeling, and Tor trainings. Bringing tons of tshirts and stickers. Super excited!! 2) LFI starts in about three weeks and we're all ready to go. You can check out the first few weeks of our course materials here: https://github.com/alisonLFP/libraryfreedominstitute 3) Did user experience coordinator interviews this week 4) Colin is officially the new relay advocate! He's beginning by reaching out to the torservers partners and big relay operators, and also created a new IRC channel for relays. 5) Gus also started this week as community liaison! 6) HOPE got back to us about our table! So now we have one Tor table and one Tor talk. 7) Mexico City meeting planning is going fine, but it would be great to have a couple more people helping. 8) reviewing apps for Mozilla Open Web Fellow/user advocate 9) Still looking for someone to take over admin of RT 10) Gonna test the new Tor training slides in Uganda, make some edits based on feedback, and then share them on the community team wiki Nick: 1) Released an alpha; planning to release a stable. 2) Not much is up right now; gearing up for Seattle network-team meeting 3) Planning to take a couple of days off next week to prep for Seattle. Georg: 1) Full steam ahead with preparing ESR 60 switch; first Linux nightly based on ESR 60 is planned for next week isabela: 1) Worked on organizing the workshops in Colombia in June (me, Antonela and Gus will be there) - we will do workshops with a very diverse set of communities in 3 different cities. 2) Sending reports to sponsors 3) Catching up with all website redesign work - support site is pending translations and torproject site needs some organizing for content creation 4) Interviewing User Research Coordinators; got job post for Localization Project Manager done (with Erin and Shari) should be up soon; working on Anti-Censorship Team Lead/PM job post 5) Following up with Brave on their implementation of support to Tor. Plan to reach out soon to Cliqz. Documentation for 3rd party integration that I was working on was put aside because I was doing training in SP but I plan on picking this up again next week. 6) Preparing for Seattle visit at the end of the month (network team meeting and me and shari syncs)

1 0

Notes from user feedback at training in São Paulo [mobile and desktop]
by isabela 16 May '18

16 May '18

hello Tor, I thought of sharing this with y'all since it touches different things. In São Paulo we did a Tor training, Gus explained how information about you and your computer can be collected online and used to identify you and learn your online behavior. Then he explained how Tor can help you to protect your online identity and we spend some time with people installing Tor on desktop (linux and mac mostly) and on mobile (Android and iOS). After everyone had installed I did a quick exercise with everyone where I asked them to write their impressions, could be complains of things that didn't work as expected or just feedback related to how they would like to the tools to behave or missing features. This is a compilation of that feedback :) you will notice that we are already working on fixing some of this stuff which is great, it shows we are on the right path. But some things were new and could even be a bug (which in this case I hope you help me confirm that and I will create a ticket). - surprised with the speed of the network, had used it before and gave up on it because of how slow it was, but now it seems faster - could not install it due to old OS version - plug-ins that are already installed as part of Tor Browser made the person confused (should Tor Browser come with plug-ins when it recommends to not install plug-ins) - Orfox + Orbot: settings for both are quite confusing and complicated to understand - on iOS app store - apps that are not recommended by Tor has Tor's logo while OnionBrowser doesn't - it wasn't easy to know that some sites (with javascript or http only) was not working because of security reasons (this lead the person to give up on Tor Browser - before this training - thinking it was bug not a feature) - Didn't understood what is the need of Orbot, besides using it to connect Orfox to Tor - It's not clear when you download Orfox that you need Orbot too - could not find the apk for Orbot and Orfox on the torproject.org website - Debian stable (backports) did not find the Tor Browser pt-br version for installing the package - information is all in English - need to be translated to Portuguese BR - could not find the circuit it was using on Android (neither on Orfox or Orbot) - could not find how to change the languages settings of Orbot - it's hard to verify that you are downloading the right build from torproject.org website (signature verification process) - OnionBrowser is crashing every time you go away from browser or lock your phone; the browser crashes and you need to restart it all over again and reestablish the Tor network connection - could not understand why the sites were not behaving as expected (didn't make the connection of it with TB security features that was blocking things to protect them) - on Debian the security slider configurations were not sticking - user would pick a configuration i.e. safest close the browser, re-open it and the browser was back on 'standard' - what does Tor recommends? Is not clear if we recommend standard or safest (higher security) when using Tor Browser. User would like to follow our recommendation since they aren't sure what to use - language settings on Orbot was not sticking (user had to pick it again after closing the app) cheers, isabela

1 0

April 2018 report for the metrics team
by Karsten Loesing 15 May '18

15 May '18

Hello Tor, hello world! Below you'll find the highlights of Tor metrics team work done in April 2018. On behalf of the Tor metrics team, Karsten Extended the draft document with graph specifications from 0.5 to 4 out of 6 categories on Tor Metrics. Released Onionoo protocol version 5.2 [1] which adds the "version_status" field to details documents and version 6.0 [2] which includes all exit addresses in "exit_addresses", regardless of whether they are used as onion-routing addresses or not. [1] https://lists.torproject.org/pipermail/tor-dev/2018-April/013054.html [2] https://lists.torproject.org/pipermail/tor-dev/2018-April/013079.html Released metrics-lib 2.3.0 [3] which adds support for reading web server logs contained in tar-archives and a backwards compatible related API change. [3] https://lists.torproject.org/pipermail/tor-dev/2018-April/013079.html Got most Tor Project websites to update Relay Search URLs [4, 5]. [4] https://bugs.torproject.org/25286 [5] https://bugs.torproject.org/25288 Held an in-person planning meeting Aberdeen to update the roadmap [6] and to prepare adding irl as (backup) operator for Tor Metrics services [7]. [6] https://lists.torproject.org/pipermail/metrics-team/2018-April/000775.html [7] https://bugs.torproject.org/25726

1 0

Tor Browser team meeting notes, 14 May 2018
by Georg Koppen 14 May '18

14 May '18

Hi! Our weekly Tor Browser meeting finished earlier today. The chat log can be found at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-05-14-17.59.log… our pad items are/were: Info: firefox 60.2 release date was changed from 2018-08-21 to 2018-09-05. [GeKo: yes, saw it, thanks] GeKo: Last Week: -signed Tor Browser bundles -begin of the of the month admin stuff -rebase review (#25543) (posted first part, let me know whether there are things unclear) -public holiday + taking a day off -thought about the state of the mingw builds (esr52 x86 and x86_64 compared to what we might get for both when switching to esr60) -made progress on https://bugzilla.mozilla.org/show_bug.cgi?id=1390583 but am still not there :( -set up an environment to catch potential proxy bypasses of Tor Browser for Mobile [tjr: Tell me about it?][GeKo: Just an old laptop as a WAP with wireshark running] This Week: -finish rebase review (#25543) -start the network audit (#22176) -help getting linux nightlies out based on ESR60 -update macOS toolchain for ESR60 -What is the plan for our mozilla-central rebasing that Tor Browser for Android needs (Arthur says: I have a script that does some of this already. I can try to get something deployed for the team to look at this week. I assume we also want auto-rebasing on mozilla-beta as well.) [Arthur will work on that this week] -tjr: Do you know what Mozilla's plans are regarding WebRTC over TCP? Do you know whom we could approach for finding out more? (For background see: https://trac.torproject.org/projects/tor/ticket/16221; https://bugzilla.mozilla.org/show_bug.cgi?id=1179345 seems to be pretty inactive and I wonder where we are on https://bugzilla.mozilla.org/show_bug.cgi?id=891551 etc.) [tjr]: I don't know anything. I can try to figure out though. Will ask Jim for intros tomorrow. I suspect it will take the form of "Here Georg, let me introduce you to <foo>" [GeKo: sounds good to me and thanks] arthuredelstein: Last week: - Patched tor-browser-build.git to get a prototype building with with ESR60 (https://trac.torproject.org/projects/tor/ticket/26073) (I can work on fixing torbutton and tor-launcher, but I need to - Worked on fixing https://bugzilla.mozilla.org/show_bug.cgi?id=1330467 (When "privacy.firstparty.isolate" is true, double-key permissions to origin + firstPartyDomain) Still fixing broken unit tests! [GeKo: We try to get help from Mozilla on the ticket] This week: - Revise patches following Georg's review of 25543 (ESR60 rebase) - Continue to revise https://trac.torproject.org/projects/tor/ticket/26073, especially getting torbutton and tor-launcher issues resolved - Set up an auto-rebase to mozilla-central. mcs and brade: Last week: - Did some updater testing for Tor Browser 7.5.4. - Reviewed our notes and filed tickets for ESR60 updater loose ends: - #26048 (potentially confusing "restart to update" message in ESR60). - #26049 (consider reducing the delay before the update prompt is displayed). - #26050 (achieve update "watershed" for ESR60-based Tor Browser). - Reviewed Matt's patch for #25750 (update Tor Launcher for ESR 60). - Responded to Antonela's proposal in #25694 (Activity 3.1: Improve the user experience of updating Tor Browser). - Participated in the UX/Tor Browser meeting. This week: - Review Matt's revised patch for #25750 (update Tor Launcher for ESR 60). - Revise the ESR60 patches that we worked on (see https://trac.torproject.org/projects/tor/ticket/25543#comment:23) - Reminder: Kathy and I will have limited availability from May 16 - May 30. igt0: Last Week: Worked updating tor button for ESR60 (I will create a bug ASAP) - Implemented a preferences loader and update code to use the root default branch - Switched the code from Task.spawn to async/await (FF did it https://bugzilla.mozilla.org/show_bug.cgi?id=1353542) This Week: Keep working in the update tor button for ESR60 sysrqb: Last week: Continued working on TorLauncher patches for ESR 60 Prepared Orfox release Watched some Google I/O talks related to Android Continued testing TBA branch This week: Pushing proposed TBA patches to Try so we know which tests each patch breaks (if any) Updating TorLauncher for Android proposal (I didn't do this last week) Read through Tor Browser UI/UX tickets pospeselr: Last week: Continued work on lock icon work (#23247) Synced with new outreachy intern cy63113, should be getting similar monthly updates to go through once more Met up with profs from graduate school, made sure to plug tor's summer of privacy for next year :p Recovering from getting sick again This week: Still sick, but will try to finish up lock icon work boklm: Last week: - published the new releases - finished bisecting the binutils issue (#16472) and found the commit causing the issue - made patch for #26057 (Make it easy to see in the logs which commit was used in nightly build) - afk on thursday and friday This week: - continue investigating the binutils issue - review #25832 (Enable pthread support for mingw-w64), #25894 and #25975 (get a rust compiler for Windows and macOS) - work on testsuite VMs setup tjr: MinGW: ESR60 Build Runs! x86: --disable-accessibility --enable-sandbox --enable-jemalloc Debug and -O1 -O2 has a compiler bug No graphics pref hacks needed _create_locale issue still present x64: --disable-accessibility --disable-sandbox --enable-jemalloc (may be buggy, investigating) Debug and -O2 No graphics pref hacks needed _create_locale issue still present Possible there are latent crashes, investigating Plan: Figure out d3dcompiler.dll issue Land x64 build patches and job in esr60-branch Investigate the jemalloc thing this week Investigate the TaskCluster crashes in the coming weeks Try to get JC hired for mingw-clang TC integration debug x64 sandbox sukhe: I am putting http://bugs.torproject.org/25483 on hold till we can get some good leads on how to fix this. Suggestions welcome of course in the meantime but I don't think I should spend more time on this since we don't have any ideas currently :) How can I be useful in some other place in the meantime? [GeKo: sukhe is working on getting tor-browser-build ESR 60 nightly compatible, a.k.a. #26073] Discussion: - Who is going to all hands? Georg

1 0

Network team meeting notes: 14 May 2018
by Nick Mathewson 14 May '18

14 May '18

Hi! Meeting log here: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-05-14-16.59.html Meeting notes below: ------------------------- = Network team meeting pad, 14 May 2018 = "If you would keep your secret from an enemy, tell it not to a friend." -- Benjamin Franklin "Comment prétendons-nous qu'un autre puisse garder notre secret, si nous ne pouvons le garder nous-mêmes" -- François de La Rochefoucauld Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) == Previous notes == 23 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001747.html 30 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001750.html 7 May: https://lists.torproject.org/pipermail/tor-project/2018-May/001760.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… == Announcements == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing 0.3.4.x work. * Important dates: * May 15, 2018 -- 0.3.4.x feature freeze! * May 30, 2018 -- hackfest! * Remember: don't spend more than a day working on anything that isn't on the 033 or 034 milestones. * See hackfest pad for .... - scheduling meetings with nickm and isa! - prep-work that isa and nick (and maybe you) should do before the meeting - the list of people, which is the only even quasi-sensitive thing == Discussion == == Updates == catalyst: last week (2018-W19): - CI rotation -- mostly uneventful. most of the Jenkins failures seemed to be transient network failures and self-resolved. - code reviews: #23383, #26008, #25993, #26040, #25549 - patch for #25756 (minor macOS regression from crypto_rand.c refactor) - some progress on #25061: wrote up some interim notes - some community process improvement stuff at #22079 this week (2018-W20): - #25061 - follow up on #26040 as needed - other 033 or 034 work as needed - code reviews - coverity rotation komlo: (offline) - Started digesting the multi threaded crypto design doc and writing a mvp implementation plan based on this and digging into code. Will send this out for review ideally next week. Samdney - Try to sync with komlo with my already done work/results for multi threaded crypto - Start with #26037 (DirAuths should check vote signatures before parsing) nickm: Last week: - Finished the 034 round of CPU-when-idle reduction: when DisableNetwork is set, and no once-per-second control events are enabled, disable the once-per-second callback. Now Controllers can use DisableNetwork to make Tor use less CPU. More work may follow depending on 0.3.5 roadmap decisions. - Lots and lots and lots of review, revision, and merging. - Began work on triaging-out 034 tickets. - Came up with an alternative solution to the #25552 situation (revision-counters) that doesn't require a replay cache. Implemented the necessary backend stuff. This week: - Try to finish up mrging features for 0.3.4. Freeze is Tuesday! - Try to release 0.3.4.1-alpha? - Triage all remaining 034 tickets - Focus on 034 bugfixes - Work (as feasible) on - OSS-Fuzz issues - Another round of test-determinism testing asn: Last week: - Spent time on #25552 (hsv3 rev counter logic) this week. Initially I reviewed David's replay cache branch. Then Nick came up with a superior idea of using OPE to encrypt timestamps. Nick implemented the crypto logic, I implemented the HS-side code. I'm currently stuck in fixing some complicated hs_service unittests that fail in spectacular ways because some parts of them are using timestamps from 1985, whereas others are using time(NULL). Fixing those tests require some complex refactoring of the test logic and I still haven't pinned this down. Our current plan with David here is to postpone this for 035 where we will have enough time to do this properly, since it's already super late in the 034 cycle and we would have to introduce this feature disabled by default. Doing this early on the 035 cycle means that we can immediately kill the current rev counter code and also get enough time to test the feature properly. - Reviewed #26006, #26005, #26007, #25870. - Wrote patch for #25761 and got it merged. - Coverity duty: Wrote patch for #26078 and got it merged. - Discussed prop#291 some more with Mike. Reviewed Mike's new vanguard spec: #25544. - Did initial review of haxxpop's v3 client auth code. - Discussed v3 client auth with haxxpop on [tor-dev]. Seems like we are currently mainly stuck on UX issues. Ideally I should spend a day thinking about this to understand what's going on and speak to a few people who use client auth, to design the right torrc/filesystem interface for v3 client auth. - Implemented some additional features to the vanguard simulator to reflect mike's latest prop#291 updates. - Discussed #26022 with Karsten. - Triaged some non-roadmap 034 tickets under my name that I dont have time for. This week: - More work on vanguards and 2-guard proposal to close any open roadmap items. - Work on client auth and #20700. Mike: - Updated the vanguard proposal; edited in response to asn's reviews. Probably wants a new prop # - Wrote tests for #25903, found an unreated issue while testing (#26072) - Reviewed #25994 - Did other misc research on WTF-PAD, QUIC. pastly (offline): last week: - suggested a new stem feature (timeout on building circuits) - reviewed the new feature when it was made (thanks!) - merged switch-to-http code in sbws next week: - take care of last few sbws http tickets - help juga with whatever she needs dgoulet: Last week: - Wrap up #25500 roadmap item with nickm. Basically, reviewing/testing child tickets. Bug found and fixed quickly: #26082. - Mostly did review of 034 tickets. Not much coding. - Talked with asn about #25552 (hs-v3 rev counter). This week: - My roadmap items are all closed for 034. I still have to go over #24986 (nickm did a first pass already). - Reminder: I'm AFK from Wed. to Mon. of next week so I'll wrap up everything for 034 freeze and triage my 034 post-freeze tickets. - I'm on CI rotation but I'll be absent for 3 days so maybe someone wants to switch? haxxpop: Last week: - Wrote code to republish the descriptor when the client auth detail changes on the service side (https://github.com/torproject/tor/pull/36/commits/e881af68e4c18be1873c70a7c…) Next week: - Write test for last week work - Refactor code according to asn's comments - Revise the hsv3 torspec (if possible) ahf Last week: Sponsor 8: - Got back to looking at disabling network when snoozing on Android with Orbot. (Bug #25497, related to #25499). - Managed to reproduce #18614 locally, early investigation work on the cause. - Continued to look into rl1987's changes in #17873. Think I'm convinced now. - Did a CPU profile run on Android for 0.3.4 to see if anything new had started showing up since the 0.3.3 results. Doesn't look like it. Misc: - Reviewed: #24732. - Community role. This week: Sponsor 8: - Finish fix for #18614. - Finish code for #25497 - Work on 0.3.4 bugs. Misc: - Bug triage role. isis: last week: - reviewed the next chunk of the crypto.c refactor again #24658 - reviewed the progress on the appveyor configs #25549 - reviewed mike's metrics patch for overhead and delivered circuit bandwidth events #25903 - reviewed rl1987's patch to make discovery of loopback addresses more efficient #17949 - reviewed catalyst's patches to make clients receiving a consensus from a dirauth whose clock is way off chill out a bit more #25756 - revised the sha2 rust work and got it merged #24659 - read up on the hsv3 revision counters and the OPE proposal - made some progress on wide extend cell fragmentation #25651 this week: - afk part of thursday and all of friday in order to move to my new apartment - more wide extend cell handling #25651 - revise wide create cell stuff (#25649) according to review? - checking in on TROVE-2018-005 patches again to see how they are going - building a little chutney network with the TROVE-2018-005 patches? maybe with bad relays? do we have a framework for doing this or do i just hack it up? [I'm not aware of a practical "be a bad relay" framework.-nm]

1 0

Services Team Report - April 2018
by silvia [hiro] 13 May '18

13 May '18

Hi all Since Rome the service team (a.k.a. Hiro) has been working on documenting the work and responsibilities carried on so far. This effort has been documented in the Tor wiki: https://trac.torproject.org/projects/tor/wiki/org/operations/services This is a work in progress and will be updated as things changes or other tasks/projects are added. == Tor Blog == A major security updated happened lately for drupal. A few architectural changes in drupal 8.5.0 required more work than expected. == Tor support portal == Tor Support Portal has been officially announced in Rome. It is a static site based on Lektor and you can currently access the stagin at https://support-staging.torproejct.org. You can also check Support Portal repository (https://gitweb.torproject.org/project/web/support.git/) At the moment there are different open issues for the support portal, localization of our content is the most important one. Documentation for the support portal live in the wiki: https://trac.torproject.org/projects/tor/wiki/org/operations/services/suppo… Part of the support portal is the search app. We are currently testing a solution based on Apache solr and pyramid. This is an ongoing effort and the final project will be documented in the services wiki. == Packaging Lektor for debian == We are in the process of packaging Lektor for debian so that all our portals that will be built with it can be easily done via Jenkins. Process and repositories for the lektor package will be shared in the services Wiki. Current debian bug is the following: https://trac.torproject.org/projects/tor/ticket/25491 Process is documented in the infrastructure wiki as well: https://trac.torproject.org/projects/tor/wiki/org/operations/services/lekto… == Tor survey == We have our own installation of limesurvey (https://survey.torproject.org) so you do not have to use external and not-privacy-friendly services to send questionnaires.

1 0

PETS stipends available (deadline June 4)
by Roger Dingledine 11 May '18

11 May '18

The stipend page for PETS is now up. The deadline is June 4: https://petsymposium.org/2018/stipends.php PETS is in Barcelona, the third week of July. Half-ish of the stipend money is for US students / students at US universities, and the other half of the stipend money is for anybody. PETS is the best conference in the world for anonymous communications research and Tor research in particular. So this is a great opportunity to meet the researchers and see the research. One of the most important uses for the stipends imo is to get the right activists and developers to PETS, to raise the open problems that matter most to real users around the world. Do you know something about the Great Firewall of China because you've lived behind it? Do you know about the security needs of journalists in Egypt because you've helped them try to stay safe? Do you understand why building privacy systems for real users is hard, because you built one and/or you tried to help actual people use it? Then you're exactly the sort of interesting not-just-another-academic person that I want to have more of at PETS. The papers have become more refined over the years as PETS grows up, but the real reason to be there is the ideas and the people. I'm taking a step back from the stipend allocation side of things this year, so I can put more energy into getting the right people to apply (and so I can feel less conflicted when they do apply). I hope to present the stipend allocation volunteers with hard choices because of how many great people apply. :) Your application will look best if you consider two angles: * First, what do you bring to PETS? What is special about your background, skillset, experiences, and perspectives that will make it a better (more diverse, more interesting, more successful) gathering because you are there? What are the things you can explain or clarify to researchers so they are more likely to focus on the problems that matter most? * Second, what can PETS do for you? That is, what amazing things are going to happen in your life, or in your work, because you went to PETS? Is there is a specific topic or area that you want to make progress on, and meeting people and getting ideas will help move that forward? PETS stipends are an investment in our community, both to make the annual gatherings more successful and also to make the individual people better prepared to carry on the fight. I'm happy to answer further questions or to provide advice on how to phrase things so your application stands out best. --Roger

1 0

April Communications Report
by Stephanie A. Whited 11 May '18

11 May '18

Hello! Here's some of what we were up to in April: Written or edited blog posts https://blog.torproject.org/announcing-tors-next-executive-director-isabela… https://blog.torproject.org/explore-tor-nyc-tor-journalists-april-12 https://blog.torproject.org/sunsetting-tor-messenger https://blog.torproject.org/meet-tor-summer-privacy-and-outreachy-interns https://blog.torproject.org/pune-india-dgplug-meetup-tor-journalists-and-ho… https://blog.torproject.org/call-talks-hotpets-2018 Mastodon mastodon.social/@torproject Started trying this out. Have been posting 1-2 times per week. Total followers April 18: 1.67k Total followers: May 1: 1.8k Twitter Post at least 3/times weekday on average tweets: 89 new followers: 4,098 top tweets: https://twitter.com/torproject/status/981877860318285825 https://twitter.com/torproject/status/988457472913498112 https://twitter.com/torproject/status/983784458615705600 Facebook 1post /weekday New followers: 109 LinkedIn at least 1 post/ week New followers: 52 Newsletter 1/month https://newsletter.torproject.org/archive/2018-04-26-our-next-executive-dir… Notable press http://www.lemonde.fr/pixels/article/2018/04/13/comment-facebook-piste-les-… https://www.version2.dk/artikel/dansk-tor-udvikler-saadan-vil-vi-goere-lett… https://www.techdirt.com/articles/20180419/16184539674/bad-decisions-google… o/ -comms -- Stephanie A. Whited Communications Director The Tor Project IRC: stephw PGP Key ID: 39A876AD <https://pgp.mit.edu/pks/lookup?op=get&search=0x6D6B72C339A876AD>

1 0

UX Team Report - April 2018
by Antonela Debiasi 11 May '18

11 May '18

Hello people! Applications Team - Tor Browser ========================================== During April we were running weekly UX sync sessions with the browser team on Wednesdays 1900 UTC in #tor-meeting. Engineers, Designers and Community members discussed ideas and made real-time iterations to think about each problem together. You are welcome to join the party! The Tor Browser Team is implementing padlock states for .onion services[1] and also our new Circuit Display[2]. Security Settings was a hot topic during April. So far, we discussed a couple of ideas [3][4][5][6][7]. Also, we were thinking about how to provide a good experience for our users right from the start. Once users connect to Tor and are ready for browsing, then they arrive in [about:tor]. [about:tor] is a great place to educate users about Tor’s features and settings. We designed a new UI version following our new styleguide including different components for onboarding new users and new features.[8] Since early this year we have a new brand team working on Tor Browser Android. We were working together on mobile and tablet size prototypes to match each feature enhancement we are offering on the desktop. The main aim here is to have consistent Tor browsing experience across devices. The new circuit display [9] and the indicators for .onion services security at the URL bar was thought for mobile too [10]. Elio and Antonela were working on a new icon to identify .onion services. It is still in progress, and we will have more info about it soon (!) [11] Community Team - Support Portal ========================================== Hiro have been working on our new Support portal. We are still managing translation efforts from Transifex. You can sneak peak it here http://support-staging.torproject.org/ Cool things ========================================== - Megan DeBlois from Internews + Access Now invited us to join a UX Workshop for Trainers in Costa Rica. Feedback, as they provided to us, is the feedback that converts critical points into actionable tasks. Gracias por la invitación y por el interés en el proyecto! - Alon Braier was picked as our main illustrator. He will help us to define a visual voice and tone for Tor Project’s brand. Explore his cool work here[12] and here[13]. - Ahf is working on LaTeX support for the Tor Project's styleguide. Thanks, Alex! - We have been at Cryptorave in SP, Brasil last weekend. Thanks for joining our sessions! <3 - We also did a user testing on May 8th in SP after a training session where people installed Tor Browser on desktop and mobile. - Alison and Antonela will be in Uganda next month. We will be running a workshop for security trainers and collecting user feedback for Tor Browser Desktop and Android. Details will be shared soon. Long life IRC! ========================================== On Tuesday's at 1600 UTC in #tor-meeting on OFTC we have the UX team weekly check. Team members give status updates and roadmap review. If you want to collaborate in some way, join us! Open positions ========================================== 💬 Localization Project Manager [coming soon] Do you care about privacy and a free internet, and want to help make sure international users has access to it? The Tor Project will be seeking for a part-time Localization Project Manager to manage the localization of Tor's websites and products, working closely with developers, UX team and our Community team. Stay tuned! We will be opening the applications soon. [1] https://trac.torproject.org/projects/tor/ticket/23247 [2] https://trac.torproject.org/projects/tor/attachment/ticket/24309/040418.png [3] https://trac.torproject.org/projects/tor/attachment/ticket/25658/25658.png [4] https://trac.torproject.org/projects/tor/attachment/ticket/25658/25658%20-%… [5] https://trac.torproject.org/projects/tor/attachment/ticket/25658/25658%20-%… [6] https://trac.torproject.org/projects/tor/attachment/ticket/25658/25658%20-%… [7] https://trac.torproject.org/projects/tor/attachment/ticket/25658/25658%20-%… [8] https://trac.torproject.org/projects/tor/ticket/25695, https://trac.torproject.org/projects/tor/attachment/ticket/25695/25695-abou… [9] https://trac.torproject.org/projects/tor/ticket/25764 [10] https://trac.torproject.org/projects/tor/ticket/25765 [11] https://trac.torproject.org/projects/tor/ticket/25763 [12] https://www.behance.net/alonbraier [13] https://dribbble.com/AlonBraier

1 0

Notes from May 10 2018 Vegas team meeting
by Karsten Loesing 11 May '18

11 May '18

Notes for May 10 2018 meeting: Alison: 1) LFP is planning to host the Glass Room Experience for North America in libraries 2) still working on the LFI curriculum 3) held a meeting planners meeting yesterday and worked out plans for visas and other Mexico City needs 4) planning for a feminist technology meetup after the Mexico City meeting with Juliana from Derechos Digitales [fyi if it will be after I wont be able to make it because I need to go back to nyc to vote :isa] 5) Uganda trip is coming up! 6) looking for a volunteer to take over RT duties [isn't this something the outreachy person was going to do? isa] 7) still finishing Tor training slides that will go on community.tpo 8) user research coordinator interviews next week 9) sounds like Cryptorave was a success!! any follow up plans? 10) lots of outreach stuff happening (see community team update for April) 11) getting Gus onboarded next week Arturo: 1) Met with Simone and hacked on some measurement-kit stuff related to probe orchestration and windows support (this was one of the main blockers to vanilla Tor development) 2) Had some infrastructure fires and in the progress of dealing with them 3) Kicked-off our series of OONI Community Interviews with the publication of an interview with Moses Karanja: https://ooni.torproject.org/post/ooni-community-interviews-moses-karanja/ (many more community interviews will follow in the next months) 4) CBC News wrote a story about OONI: http://www.cbc.ca/news/technology/ooni-tor-information-controls-measurement… 5) Updated the Ugandan test list: https://github.com/citizenlab/test-lists/pull/342 6) Established a new partnership with Nigeria's Paradigm Initiative: https://twitter.com/OpenObservatory/status/993395765665062912 7) Preparing for many sessions at RightsCon next week! Nick: 1) Busy with programming stuff on net team. All seems well. 2) Gearing up for Seattle meeting. 3) New keyboard: will be typing slowly. :/ Mike: 1) 0.3.4 development; Shari: 1) preparing for RightsCon (I'm doing a panel at the ED meeting on dealing with harassment at the organizational level) 2) discussing new grant opportunity from Ford & Sloan 3) met with Kelley Misata, as she was in Seattle 5) trying to get organized for passing things on to Isa 6) a few personnel things Steph: 1) Will be at RightsCon next week. We have a booth Thurs May 17 1pm-6pm. 2) Published post on domain fronting. Editing a couple others 3) The usuals: social, press and frontdesk on RT 4) Preparations for a Pittsburgh panel on free speech next month 5) Trying to help a foundation contact allow Tor users to their site. isabela: 1) we did a lot of sessions at cryptorave [my keynote, gus did a tor meetup that was packed, anto did a user testing w/ intrigeri that was very productive, anto and isa also did a women digital self defense session, I did a session about how to use ooni to monitor the internet during elections (brasil2018.net a personal project/campaign i am doing). Met with people in risk that needed urgent training. Gus organized a really great training after cryptorave where I did another user testing session. Many cryptorave sessions are online on youtube. 2) trying to catch up on stuff and keep working on reports with very little online moments I get here and there. 3) met with folks in Brasilia who worked at the Marco Civil, they are organizing a big campaign to create a law that protects cryptography in Brazil and are asking for me to come back in September for an event about it. (can't really confirm if this will be possible) 4) got invited to speak at a GNUHealth event about using Tor in health care systems to ensure privacy and security (this will be in November) 5) met with a couple of journalists, one about brasil2018.net and another about tor

1 0