tor-project September 2018

tor-project@lists.torproject.org

18 participants
24 discussions

OONI Monthly Report: August 2018
by Maria Xynou 10 Sep '18

10 Sep '18

Hello Tor world, In August 2018, the OONI team published two research reports examining internet censorship in Venezuela and South Sudan. We also supported Zimbabwean communities monitoring censorship events during the 2018 general elections, wrapped up our UX research, created a prototype Android app for OONI Probe, improved the monitoring of our services and started research for semi-automated blockpage detection. Many OONI team members participated in outreach activities, presenting OONI at the Italian Hacker Camp, Oxford University, FOCI, Geek-Picnic and at Chaos Constructions. ## Report on internet censorship in South Sudan In collaboration with our South Sudan partner, The Advocates for Human Rights and Democracy (TAHURID), we published a joint research report examining censorship events in South Sudan. Our report, "South Sudan: Measuring Internet Censorship in the World's Youngest Nation", is available here: https://ooni.torproject.org/post/south-sudan-censorship/ ## Report on internet censorship in Venezuela In collaboration with our Venezuelan partners, IPYS Venezuela and Venezuela Inteligente, we published a joint research report examining recent censorship events in Venezuela. Our report, "The State of Internet Censorship in Venezuela", is available here: https://ooni.torproject.org/post/venezuela-internet-censorship/ ## UX research We wrapped up our UX research in August. As part of our work on revamping the OONI Probe mobile apps, we interviewed a number of community members to collect their feedback. We also analyzed the information submitted via our survey (https://ooniuxteam.typeform.com/to/a1P0cn & https://storm.torproject.org/shared/VpAFK13fdAozTGTolFd2EsT1CkLY8-YlBLbRERy…). We are now in the process of determining the next steps (in terms of which new features to prioritize on) for the revamp of the OONI Probe mobile apps based on the analysis of information provided via surveys and interviews. ## New Android prototype app for OONI Probe We now have a new prototype Android app for OONI Probe! The Android app includes the Test Results details screen. The UI of all screens have roughly been implemented and will be further iterated, polished and improved upon based on designer feedback. The app can run tests and store them in the database using the old Measurement Kit (MK) API. The iOS app codebase has been changed to reflect many new improvements in the Android app, such as Gson-like classes and more custom objects, instead of using dictionaries and arrays. Furthermore, we have started the implementation of the new MK API and we're planning to complete it soon. ## Improvements to the monitoring of OONI services As our infrastructure and user base grows, improving the monitoring of our infrastructure is essential to serving our users more effectively. Significant progress on this front was done during August 2018. The following ticket lists all of the issues that we identified and tracks improvements to the monitoring of our infrastructure: https://github.com/ooni/sysadmin/issues/226 The changes carried out in August include changing all the webserver configurations of OONI machines and a number of manual tasks. ## Research on semi-automated blockpage and blockserver detection Currently the OONI pipeline relies on the manual markup of blockpages. In August we started doing some research on automating the process of identifying and marking blockpages. ## Provided feedback to the Tor network team on using tor in a library-like way on mobile We collaborated with the Tor network team on testing and providing feedback to the changes they made to make it easier to integrate tor into mobile platforms. As part of that we wrote a basic test suite to check if the Tor integration was working properly and reported the bugs we found. See: https://trac.torproject.org/projects/tor/ticket/26948 For more context on this, see the following master trac ticket: https://trac.torproject.org/projects/tor/ticket/25510 ## Updated test list We carried out some research (https://ooni.torproject.org/get-involved/contribute-test-lists/#test-list-r…) to (further) update the Eritrean test list: https://github.com/citizenlab/test-lists/pull/382 ## Community use of OONI data ### Report on blocking of election watchdog website in Zimbabwe We supported Zimbabwean communities on the investigation of censorship events during the 2018 general elections. Our Zimbabwean partners and friends - Digital Society of Zimbabwe, MISA Zimbabwe and Koliwe Majama - published a report on the blocking of zimelection.com by state-owned TelOne. Their report is available via the following links: http://www.dszim.org/2018/08/10/zimbabwean-election-website-blocked-followi… https://koliwemajama.co.zw/zimbabwean-election-website-blocked-following-20… https://www.apc.org/en/blog/zimbabwe-2018-general-elections-website-blocked ## Community activities ### OONI presentation at the Italian Hacker Camp OONI's Simone traveled to Padua to present OONI at the Italian Hacker Camp (IHC) on 3rd August 2018. Information about his talk, titled "An update on internet censorship", is available here: https://www.ihc.camp/event/italian-hacker-camp-2018-08-02-2018-08-05-1/trac… ### OONI lecture at the Annenberg-Oxford Media Policy Summer Institute OONI's Maria traveled to Oxford to present OONI at the Annenberg-Oxford Media Policy Summer Institute on 6th August 2018. As part of her lecture, she explained OONI's methodologies and how researchers, journalists, policy makers and advocates can use OONI data as part of their work. Information about the event is available here: http://pcmlp.socleg.ox.ac.uk/news/annenberg-oxford-media-policy-summer-inst… ### OONI keynote at FOCI OONI's Arturo and Simone traveled to Baltimore to present OONI at FOCI on 14th August 2018: https://slides.ooni.io/2018/foci/. Information about their keynote, titled "Growing the Open Observatory of Network Interference", is available here: https://www.usenix.org/conference/foci18/workshop-program Arturo previously presented OONI at FOCI back in 2012, when the project was in its infancy. As part of this presentation, Arturo and Simone provided an update on what OONI has accomplished over the last six years, what are some of the challenges and what OONI's building next! ### OONI presentations in Russia OONI's Leonid gave talks at two events in Russia: 1. Geek-Picnic (https://geek-picnic.me/saint-petersburg), on 18th August 2018. Slides: https://slides.ooni.io/2018/geekpicnic/ 2. Chaos Constructions (https://chaosconstructions.ru/), on 25th August 2018. Slides: https://slides.ooni.io/2018/cc/ As part of his talks, Leonid presented OONI and censorship findings. ## Userbase In August 2018, OONI Probe was run 241,772 times from 4,483 different vantage points in 210 countries around the world. This information can also be found through our stats: https://api.ooni.io/stats ~ The OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.torproject.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

Notes from September 6 2018 Vegas team meeting
by Karsten Loesing 09 Sep '18

09 Sep '18

Notes for September 6 2018 meeting: Nick: 1) I'm supposed to be doing the volunteer valuations again. I need to know how many donated hosts we have. 2) I need a group created for distributing SBWS code. See question on #26849. 3) 9 days left till 0.3.5 feature freeze. 0.3.5 will be an LTS release. 4) Some sponsor8 items will likely be left over and go into 0.3.6. If there are mobility-API requests, we need to know ASAP, as planned. 5) 0.3.4-stable is delayed while we chase various stability bugs; most only affect testing networks, but we want to be absolutely sure. 6) Georg: did you make that ticket to remember about OSS-Fuzz? (Georg: Yes, #27462) (Cool; thanks! -Nick) Sue: 1) Working on Audit - auditors are in next week. I am in Seattle next week. 2) New Hires start next week - both Bookkeeper and Grants Manager Georg: 1) Tor Browser 8 is out. \o/ It's been the most complicated release so far and as it stands we are doing not that bad. The plan is to collect issues, address the most pressing ones this week and next week and then get a 8.0.1 out (including the Tor News link). 2) Tor Browser for Mobile is live on Google Play \o/ We are in the process of doing the website update and offering the .apk on our own website. (Arturo: What is the plan regarding removing/dropping OrFox from the market? OrFox is labeled as "Orfox: Tor Browser for Android", while the other is "Tor Browser for Android (Alpha)". I can imagine this creating some confusion for users). (GeKo: We have #27399 so far, the details are tbd, though. Arturo: thanks.) Alison 1) Community team and meeting planners are doing lots of Mexico City things like organizing the agenda, wiki, safety info (earthquakes!), open days planning, and so on. The blog post about the open days should be going out today or tomorrow or soon! 2) Library Freedom Institute is still the bulk of what I'm working on. This week we're writing up some documentation about talking to legislators about privacy and doing FOIA/public records requests in libraries. I'm also writing up the remainder of the curriculum for the year and also finished a press release about our new funding. 3) I met with Maggie, our new Moz Fellow, to get her onboarded with user advocate tasks. She will attend the next applications team and UX team meetings to introduce herself and get feedback about working collaboratively with these teams. 4) Tracking down the remaining updates that need to happen for the TB8 manual. It looks like the changes just need to be pushed from alpha to main, and some of the languages do not have up to date screenshots? GeKo is this right? (GeKo: My gut feeling says, "yes", but I have not looked at the actual work that got done) Karsten: 1) Rebased and tested an ExoneraTor patch from 2 years ago that has the potential of reducing database size from 270 GB to under 80 GB and query response times to a few seconds regardless of query parameters. 2) Prepared the Onionoo 7.0 release which is going to come out next week. Arturo: 1) Catching up with backlog after 2 week vacation 2) Leonid gave two presentation in Russia about "Russia disconnecting itself from the internet": Chaos Constructions (https://chaosconstructions.ru/), on 25th August 2018. Slides: https://slides.ooni.io/2018/cc/ (note slides are in Russian) & Geek-Picnic (https://geek-picnic.me/saint-petersburg), on 18th August 2018 3) Made considerable progress on OONI Explorer measurement pages: https://github.com/ooni/explorer/pull/16 4) Made several improvements to the monitoring of OONI services and documented the next steps for that: https://github.com/ooni/sysadmin/issues/226 5) Updated the JO test list: https://github.com/citizenlab/test-lists/pull/388 & NG test list: https://github.com/citizenlab/test-lists/pull/387 6) Determining the next steps for the revamp of the OONI Probe mobile apps now that our usability study has wrapped up (we have completed the interviews and analyzed the information submitted via surveys) isabela: 1) Dealing with the 'no isa in mexico' situation 2) helping teams with the tb8 release and tba alpha \o/ so happy they are out this week 3) working on reports 4) syncs with DRL 5) working on onboarding and preparing for Seattle next week 6) need to get the job post for anti-censorship team out and review the situation about selecting sysadmin candidates Shari: 1) DRL rejected both of our proposals (modularization and Tor browser updates). Gonna try to get a new SOI done by September 14 for the browser. 2) Interviewing grant writers this week. Hope to find one soon! 3) Everyone's coming to town next week. (Okay, not everyone, but lots of people.) Going to talk about grants management and audit. Onboarding a couple of new people. 4) Working with The Berkeley Group. Going back and forth on their MOU. 5) Catching up on lots of things after being out of the office for nearly two weeks. (Norway is gorgeous. Highly recommended!) Sarah: 1) Grants - interviewing grant writers and researching new private foundation funding in addition to updating info in GrantHub. 2) Updating Tor's listing on GuideStar. 3) Working with state registration consultant. 4) Writing to some donors we haven't heard from in a while and who don't receive the newsletter to tell them about the new releases. Steph: 1) tb8: sent press release to several journos, going heavy on social. emma is helping getting some tweets translated 2) open days post coming shortly. thanks to antonela for translating! 3) newsletter going out later today 4) trying to figure out if bitpay is still our best option for accepting bitcoin. Roger: 0) snap conference? snap for tor? 1) Have been spending the past week on the proposal; will spend the next week on it too. With a little distraction going to Seattle next Monday-Tuesday. 2) fake tor browsers on amazon; we passed the links to atagar and to jon and they're hopefully dealing. Mike: 1) Development; development; development

2 2

Tor Browser team meeting notes, 4 Sep 2018
by Georg Koppen 04 Sep '18

04 Sep '18

Hi all! Our weekly Tor Browser meeting just finished. The IRC meeting log can be found at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-09-04-18.00.log… and the items on our pad are listed below: Tuesday September 4, 2018 Discussion: - which sessions do we want at the team meeting day? [GeKo: at least one meeting for the final roadmap and a UX/Tor Browser sync; we'll use two more slots with topics to be done] mcs and brade: Last week: - Code reviews. - #26048 (potentially confusing "restart to update" message in ESR60). - #26049 (consider reducing the delay before the update prompt is displayed). - #27214 (Update descriptions for onboarding). - #27301 (TB8.0a10 about:tor UI Bugs). - #27348 (Tor Browser 8 onboarding UI bugs). - #27403 (The onboarding bubble does not show up). - Helped hiro with debugging Moat in Tor Launcher. This week or soon: - Note: Kathy and Mark will be out of the office this Thursday and Friday (September 6 and 7). - Use staged MAR files to test Tor Browser 7.5.6 to 8.0 updates. - Complete month-end administrative tasks. - Follow up on remaining updater and onboarding issues for Tor Browser 8.x. - Review our notes from #22074 (undocumented bugs since FF52esr) and file additional tickets if necessary. - Do some testing for #26251 (Adapt macOS snowflake compilation to new toolchain). arthuredelstein: Last week: - Worked on #26520 and #27401 (security slider/noscript problems) - Worked on #27403 (The onboarding bubble does not show up in the release candidate) - Wrote patch for #26561 (onion images not displayed) - Wrote patch for #26670 (make canvas permission respect fpi) - Worked on alternative patch for #27097 (Add "Tor News" signup newsletter link) This week: - #27097 Newsletter banner - #27290 WebGL is broken in Tor Browser 8 - #27413 (Implement better communication between NoScript and Tor Browser) - uplifting FPI permissions patch (https://bugzilla.mozilla.org/show_bug.cgi?id=1330467) - more anti-fingerprinting work - pref cleanup: (#27268) - #25555 (Optimistic SOCKS) sisbell: Last Week: Split commits for Android RBM Build: #27441 #26696 #26697 #27440 #27439 #27443 Worked on #27438 - android artifacts downloading outside of RBM. Created rust program for downloading and verifying android artifacts This week: Work related to #27438 - import of gpg keys into keystore and command line interface for library- - push source code Reviews of commits igt0: Last Week: - Finish the about:tor (#27111) - Updating the mobile code to support the new padlock (#26690) - Tested TBA in different devices(mobile and table) This week: - Finish #26690 - Start the development of the circuit display for android(UI side) boklm: Last week: - helped build the new releases - made patches related to watershed update (#26570, #26411, #27182, #27183) - started looking at #27408 (Make it possible to find which tor-browser-build.git commit was used to build a nightly) - worked on #26149 (Add some ansible roles for tor browser testsuite setup), which is almost done This week: - help with getting the releases published - try to finally get the testsuite running on nightly builds (#26149) - start reviewing some of the android tor-browser-build patches - will be afk this Thursday, until Friday morning next week GeKo: Last week: -Tails summit -release preparations -finished network code audit; I think we are good but the rust part was painful; might be worth having a second opinion about it This week: -help with getting releases out -deal with release fallout -create a new gpg subkey -writing up my network review notes on the trac ticket and finally close it -begin-of-the-month admin stuff -sysrqb/igt0/sisbell: should we meet after this meeting to discuss tba stuff? (provide anto is around, too) [GeKo: we decided to create a pad for the possible topics to talk about and postpone the meeting after the first alpha is finally out] pospeselr: Last week: - #26381 investigations (about:tor page does not load on first start on Windows) - implemented an improved trace logger This week: - #26381 investigations Bob Owen got back to me in the filed bug on Firefox Bugzilla (#1485836) Confirms that the cause (though not the root cause) seems to be content processes spinning up before the sandboxing policies have been set up properly So the question is what's causing the content processes to launch sooner in the failing case? (about:tor?) sysrqb: Last week: Nearly released the first TBA alpha, after two attempts Investigated why the APK was built with debugging enabled Began investigating backporting the necessary patches for using Android SDK API version 26 This week: Finish backporting patches for API 26 Release first TBA alpha Georg

1 0

Notes from network-team meeting, 4 Sep 2018
by Nick Mathewson 04 Sep '18

04 Sep '18

Hi! Our meeting logs are at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-09-04-16.59.html Below are the contents of this meeting's pad. = Network team meeting pad! = Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. This week we're meeting on Tuesday 4 September, because Monday 3 September is a US holiday. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == 11 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001828.html 18 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001835.html 25 June: https://lists.torproject.org/pipermail/tor-project/2018-July/001863.html 2 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001866.html 9 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001884.html 16 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001888.html 23 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001926.html 30 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001928.html 6 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001936.html 13 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001947.html 20 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001954.html 27 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001963.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * Community guides, it's time to hand off to the next guide! * Let's look at proposed tickets! [but see discussion] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases ------------------------------- ---- 4 September 2018 ------------------------------- == Announcements == == Discussion == (teor: I put some CI questions here. But let's talk about CI at the Tor Meeting in a few weeks time.) teor: We have some very productive volunteers. How can we balance reviewing their code, and our other tasks? Here's what I think we can do: * run their code on CI before reviewing * ask them to open pull requests on GitHub, or push their branches ourselves * ask them to write unit tests * let them know that some reviews will be delayed until mid-September * ask them to review each others' code? == Updates == Nick: Last week: * Drafted a sidechannels-and-datagrams whitepaper; got fast feedback from Mike * Backend for memory reduction via more efficient family storage * Tracked down a memory leak in my NSS code. (This took way more time than you'd think.) * Made new rotations. * Reviewed and merged a bunch of stuff. * Released 0.3.4. This week: * Revise and expand sidechannels-and-datagrams whitepaper. * Further revisions to NSS code TBD * more memory hacking as needed * more review, possibly even on non-sponsored stuff, time permitting. * Start working on next stable releases. * More tests for TLS code? * Revise code based on reviews teor (offline): last week (+ Monday this week): - Worked on fixing failures in chutney due to 0.3.4 changes (#27146 and children) - Reviewed the fixes to the vanguards patch (#25573) - Bwauth work (#27107, #27341, #27398) - Emailed Travis CI to fix startup hangs and network failures (#27366) - Reviewed some UTF-8 patches (#27367) - Windows CI is broken (#27389) - Other fast fixes, reviews, and ticket triage - Helped purge old trac admin accounts this week: 0.3.4: - Get chuntney working in mixed 0.3.3/0.3.4 networks (#27146) - maybe we should run chutney in travis CI? (#20647) - our macOS time API seems to return weird results on i386 (#26987) - Create an updated list of fallback directory mirrors (#24786) 0.3.5: - bwauth work (#27135) dgoulet: Last week: - HS ticket triage and work on some. - Finalized for upstream merge #20700. nickm: This is rather large... if you want, you can defer this to me and asn for upstream merge? (no, I'm cool with it -nick) - Started working on #27359 using nickm's backend code. - Bad relays activity was high last week so spent some time there. This week: - Finalize #27359. - Hunt around for tickets needed to be completed pre-freeze. catalyst: last week (2018-W35): - proof of concept of deferring directory bootstrap status (#22266) this week (2018-W36): - community guide rotation - clean up #22266 work a little (mostly improving tests) - add connection tracking abstraction for bootstrap reporting (#22266) - make some progress on #25502 (PT progress in bootstrap reporting) ahf, i left a rough sketch of an incremental piece i plan to work on in a comment at https://trac.torproject.org/projects/tor/ticket/27100#comment:2 ahf: Last week: Sponsor 8: - Looked at Nick's NSS RSA and TLS code (#26819). Wrapped my head arouns the NSS API's. - Looked shortly at #27255 (mmap of cached consensus), gonna postpone that until my other S8 tasks are done (#25502). - Back to #25502 (PT bootstrap error handling) Misc: - Looked at Marionette status. - Got through my review queue from before vacation (#24104, #17873, and #24204) - Some discussion about DEFCON badges with Steph. This week: Sponsor 8: - Follow up on NSS-TLS reviews. - Focus on #25502. Misc: - Bug triage role. asn: Last week: - Wrote a draft of the "onion services open issues" blog post based on Mike's README_SECURITY document. Circulated it to David and Mike. We need some more thinking on the right way to publish it, so that it does not sound alarmist but still informs people of the open issues with onion services. - Review #26818. - Tested onionshare's onion v3 support. - Updated v3 wiki page to bring it more up to date. - Started debug on another HSv3 descriptor upload fail (the only one around atm): #27436 This week: - Think more of the way we should publish the "onion services open issues" blog post. Talk more with Steph, David and other people who might have feedback. - Do reviews. - Help with open v3 issues Mike: Last week: - Updated #25573 based on review, made a merge branch on master. - Reviewed #27241; have some questions there - Vanguards bug fixes + v0.2.2 release - Reviewed asn's onion services post; updated README_SECURITY - Reviewed and commented on Nick's side channels paper - Replied to teor's sbws tor-dev thread. - Failed at CI; really hate digging through jenkins. Kept putting it off until it was too late :/ This week: - WTF-PAD/Sponsor2 work

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project September 2018