tor-project September 2019

tor-project@lists.torproject.org

24 participants
39 discussions

August 2019 report for the UX team
by Antonela Debiasi 09 Sep '19

09 Sep '19

Hello Tor, A recap of August in UX land S9 - Tor Browser ================ Tor Browser 9 will see the light in late October, but we are working towards it hardly. During August we were working on having Tor Network Settings in a familiar place for users. That is how about:preferences#tor will host Network Settings. Great work, pospeselr! You can see how it looks here https://trac.torproject.org/projects/tor/ticket/31286 S9 - User Research ================== The first semester of this year, we visited India, Uganda, Kenya, Indonesia, Colombia, and Mexico. Narrira worked on to summarize and compile our user research activities: user needs findings, community threat modeling, and usability testing over TBA and TB Onboarding. Those user insights will inform our work on further product iterations. https://dip.torproject.org/torproject/ux/research/ During our dev meeting in Stockholm, we shared a printed survey about Tor Browser usage with us, the biggest fans of TB (and also the most biased). I shared a small recap of this data, and we are planning to extend this survey with the broad community. Do you hate captchas? We heard from you. https://lists.torproject.org/pipermail/ux/2019-August/000455.html S30 - Snowflake =============== The anti-censorship team is doing great work on bringing usable options for censored users to access the tor network and also for privileged users to help others. Snowflake is becoming something, and we assisted in designing the first user interface for it. Thanks arlolra, cohosh, dfc, and phw for this implementation! https://trac.torproject.org/projects/tor/ticket/23888 OONI Explorer ============= We are so close to release OONI Explorer. Some minor/major adjustments happened during August. Anxious? Check our beta and report issues if you find them: https://explorer.ooni.torproject.org/ https://github.com/ooni/explorer/issues/new Outreach ======== Antonela spoke at the MediaParty19 in Argentina about Tor Browser. A lot of journalists were interested in using Tor technologies for their daily work! https://mediaparty2019.sched.com/event/UESp/tor-browser-the-interface-for-f… Open Team ========= We have been experimenting with gitlab for hosting our roadmaps and to-do tasks. You can see our in-progress open kanban with tickets here: https://dip.torproject.org/groups/torproject/ux/-/boards Starting August, we were sharing our weekly meeting notes to the ux list. If you missed those, then you can see them here: https://lists.torproject.org/pipermail/ux/2019-August/000452.html https://lists.torproject.org/pipermail/ux/2019-August/000453.html https://lists.torproject.org/pipermail/ux/2019-August/000456.html https://lists.torproject.org/pipermail/ux/2019-August/000458.html Peace and love, A -- Antonela Debiasi UX Team Lead @antonela E2330A6D1EB5A0C8 https://torproject.org

1 0

Anti-censorship meeting notes, 5 Sep 2019
by Philipp Winter 05 Sep '19

05 Sep '19

Here are our meeting logs: <http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-09-05-17.00.log…> And here is our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday September 5th 17:00 UTC Weekly meetings, every Thursday at 17:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress). == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == * Our anti-censorship roadmap: https://dip.torproject.org/torproject/anti-censorship/roadmap/boards * Our roadmap consists of a subset of trac tickets. * The anti-censorship team's wiki page: https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam * GetTor's roadmap: https://dip.torproject.org/torproject/anti-censorship/gettor/boards * Tickets that need reviews: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… --------------------------- --- 5th September 2019 ---- --------------------------- == Announcements == * Bug Smash Fund campaign has been on: https://blog.torproject.org/tors-bug-smash-fund-help-tor-smash-all-bugs The idea is that this will be funding non-sponsor bugs. If you are working on ticket that is not sponsored please tag it with BugSmashFund keyword. == Discussion == * https://bugs.torproject.org/19332 (BridgeDB module for CollecTor) is not on the metrics plate anymore. what next? == Actions == * Update roadmap with what you are working on https://dip.torproject.org/torproject/anti-censorship/roadmap/boards == Interesting links == * == Updates == FORMAT! Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week (related to anti-censorship work). Help with: - Something you may need help with. hiro: (2019-09-02)(gettor days are Thursday - snippets https://dip.torproject.org/snippets) - Coded ansible recipes for gettor so that the service can be easily maintained by more people: https://dip.torproject.org/torproject/anti-censorship/gettor-project/gettor… - Fixing some issues about git history taking too much space quota on gitlab and github Next week - use archive.org as new distribution endpoint: upload files to archive.org - reach out to irl about sending gettor stats to metrics - review specs: are specs up-to-date? should we change something in the specs? - review docs: write documentation for web site and ansible playbooks. Help with: - waiting to be told that's fine to upload files to archive.org? Can we start? - review new website. New website should be reviewed. https://dip.torproject.org/torproject/anti-censorship/gettor-project/gettor… phw: This week (2019-09-05): * Handled our "set up new obfs4" bridges campaign * ~40 new bridges so far * Updated bridge setup guide several times and merged pull requests * More work on improving obfs4's flow obfuscation (#30716) * Met with Micah and Sam to discuss progress * Had a chat with Tobias about state of website fingerprinting attacks * Re-compiled and deployed snowflake broker and server (#31454, #31455) * Started working on exposing BridgeDB's metrics for Tor Metrics (#19332) * Filed a ticket to get rid of BridgeDB's chatspeak (#31528) * Started working on a script to extract stable, unallocated obfs4 bridges for manual distribution * Moved forward with our next default bridge at Karlstad University (#31164) * Revised default bridge requirements in our wiki * Interacted with potential new default bridge operators after Roger contacted professors about it * Wrote monthly anti-censorship team report * Wrote a BridgeDB patch to remove frontdesk(a)tp.o email (#28533) Next week: * Expose BridgeDB metrics for Tor Metrics (#19332) * Send a batch of private obfs4 bridges to NGO for manual distribution Help with: * Review https://trac.torproject.org/projects/tor/ticket/28533 Gaba: (updated September 5th) Last week (): * This week (planned): * ahf Last week: - Worked on #28930 This week: - Finished refactoring parts of #28930. Trying to figure out if we should begin the discussion on how PT's can report back on bootstrap info. - Continued to work on a tool to convert Trac tickets into Gitlab tickets. cecylia (cohosh): last updated 2019-09-05 Last week (holiday on Monday): - spent some time debugging snowflake broker issues (#31425) - debugged pion/webrtc problems (#28942) - looked at gettor status report from hiro - read phw's work on sharknado This week: - make a patch for the proxy---broker communication (#29207) - get fixes upstreamed to pion/webrtc (#28942) - snowflake dogfood - continue work on sequencing layer (#29206) - revisit snowflake reachability scripts, check status of tests, and enhance (#30368) - review of gettor metrics work (https://dip.torproject.org/torproject/anti-censorship/gettor-project/gettor…) - review #28533 Help with: - review of progress on sequencing layer (#29206) - the snowflake broker machine is acting up and i don't think it's related to the broker software (#31425) catalyst: week of 08/22 (planned): - reorienting after leave - mostly sponsor31 stuff week of 08/22 (actual): - mostly sponsor31 stuff week of 08/29 (planned): - mostly sponsor31 stuff (control protocol refactoring that will hopefully lead to better bootstrap reporting) arlolra: 2019-08-29 Last week: - merged #30310 - helped with some review Next week: - add a build step / documentation for code reuse in cupcake - make an attempt at #31391 Help with: - dcf: 2019-09-05 Last week: - with cohosh, worked on the pion-webrtc build of Tor Browser, got a working windows build for the first time (#28942) - Turbo Tunnel prototyping - Metrics Timeline maintenance Next week: - review Snowflake sequencing layer (#29206) - archive test pion builds from (#28942) - Turbo Tunnel prototyping Help with: - redeploy meek-azure bridge for Go net/http DoS vulnerability (#31455) - needs attention from inf0 at Team Cymru (dcf has sent email)

1 0

Communications Report: July & August
by Stephanie A. Whited 05 Sep '19

05 Sep '19

Hello Tor, We launched two major campaigns in the past 2 months: the Tor Bug Smash and the Run Tor Bridges campaigns. Thanks to everyone who has helped out. The bridge campaign is running through September -- you can share your support of bridges and encourage others to set them up with #RunTorBridges[1]. In July, we prepared materials for two big events in August: DEF CON and CCCamp. Our first booth at DEF CON was a success, and we'd like to thank seeess for creating an onion badge for us[2]. Roger had a talk in the main track on anti-censorship, and I took part in a privacy related panel in the Blockchain Village. Momentum with the cryptocurrency community is still building, and a podcast with multiple Tor people for a popular magazine is in the works. In August, I joined the Tor "money machine" at a training in DC, and we are working on new materials to use for fundraising based around what we learned. We've also begun prep for our EOY fundraising campaign starting soon. July and August in links and stats: == JULY == Blog posts https://blog.torproject.org/reflections-our-stockholm-all-hands Twitter New followers: 3,455 Top tweets https://twitter.com/torproject/status/1146128242979614720 https://twitter.com/torproject/status/1146442235032014848 https://twitter.com/torproject/status/1154100944394694656 LinkedIn https://linkedin.com/company/tor-project/ New followers: 114 Facebook https://facebook.com/torproject New followers: 547 Instagram https://instagram.com/torproject New followers: 361 Mastodon https://mastodon.social/@torproject New followers: 260 Newsletter https://newsletter.torproject.org/archive/2019-07-29-defending-the-open-int… Notable press https://www.wired.co.uk/article/best-privacy-browsers-and-chrome-alternativ… == AUGUST == Blog posts https://blog.torproject.org/run-tor-bridges-defend-open-internet https://blog.torproject.org/join-tors-docshackathon-next-week https://blog.torproject.org/tors-bug-smash-fund-help-tor-smash-all-bugs Twitter New followers: 3,159 Top tweets https://twitter.com/torproject/status/1166048980930879491 https://twitter.com/torproject/status/1156910864391262208 https://twitter.com/torproject/status/1161636416914362369 LinkedIn New followers: 146 Facebook New followers: 603 Instagram New followers: 739 Mastodon New followers: 670 Newsletter https://newsletter.torproject.org/archive/2019-08-30-docsHackathon-run-a-to… Notable press https://www.lifehacker.com.au/2019/08/the-best-privacy-and-security-focused… [1] https://twitter.com/hashtag/RunTorBridges?src=hashtag_click [2] https://twitter.com/see_ess/status/1155223668336861189 o/ -Steph -- Stephanie A. Whited Communications Director The Tor Project IRC: stephw PGP Fingerprint: E976 9771 7D46 2E63 9697 9F6D 6D6B 72C3 39A8 76AD <https://pgp.mit.edu/pks/lookup?op=get&search=0x6D6B72C339A876AD>

1 0

July and August 2019 report for the Tor Browser team
by Georg Koppen 05 Sep '19

05 Sep '19

Hello everyone! We'll do the monthly reporting this time a bit different in covering the last two months instead of just the last one. During this period we made three releases: Tor Browser 8.5.4[1], 9.0a4[2], and 9.0a5[3]. The first two were regular maintenance releases picking up latest security improvements in Firefox 60.8.0esr and adding a fundraising banner. 9.0a4 started to ship with aarch64 support for Android for the first time and due to a bug in our version codes[4] we needed to release 9.0a5 afterwards to get a roll out actually happening on Google Play. It turns out supporting aarch64 properly is much harder than thought with an "old" Firefox ESR 60 branch, as we were and are still working on follow-up crashes on that platform which are now unfortunately affecting our stable users as well[5][6]. Besides that the whole team was essentially busy preparing our first alpha release based on Firefox 68 ESR and we are happy to announce that we are about to get it finally out (boklm is publishing the release while I am writing this status report). It's been a huge effort comprising rebasing all of our patches, adapting our toolchains across all platforms to new Firefox requirements and porting our extensions over to make them compatible with the new ESR series. The full list of tickets closed by the Tor Browser team in July and August is accessible using the `TorBrowserTeam201907`[7] and `TorBrowserTeam201908`[8] keywords in our bug tracker. For September we'll stabilize all aspects of Tor Browser 9: Above all we have reproducibility issues still open on many platforms[9][10][11] and most of our toolchains still need slight adjustments.[12] In addition to that a number of important issues besides toolchain and reproducibility improvements have already piled up for Tor Browser 9 and we plan to tackle them in the coming weeks as well. We have the `tbb-9.0-must-alpha` keyword in our bug tracker for those.[13] Additionally, for anyone following along at home, we have issues related to Firefox 68 ESR tagged with the `ff68-esr` keyword for easier assessment of the overall transition situation.[14] Besides ESR transition work we hope to find time to work on the updater for Tor Browser nightly desktop builds.[15] Not having an updater for this channel is currently a major blocker from getting early adopters to test out our nightly builds and iterate quicker over new features and designs. All tickets on our radar for this month can be seen with the `TorBrowserTeam201909` keyword in our bug tracker.[16] Georg [1] https://blog.torproject.org/new-release-tor-browser-854 [2] https://blog.torproject.org/new-release-tor-browser-9.0a4 [3] https://blog.torproject.org/new-release-tor-browser-9.0a5 [4] https://bugs.torproject.org/31260 [5] https://bugs.torproject.org/31140 [6] https://bugs.torproject.org/31616 [7] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [8] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [9] https://bugs.torproject.org/31618 [10] https://bugs.torproject.org/31538 [11] https://bugs.torproject.org/31564 [12] https://bugs.torproject.org/30320 [13] https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb… [14] https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~ff6… [15] https://bugs.torproject.org/18867 [16] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…

1 0

Anti-censorship team monthly report: August 2019
by Philipp Winter 04 Sep '19

04 Sep '19

Hi everyone, Here's what happened in circumvention land last month: BridgeDB ======== * Released version 0.8.0. This release incorporates patches from the following tickets: - <https://bugs.torproject.org/9316> BridgeDB now exports usage metrics. We're still working on getting these metrics published over Tor Metrics. - <https://bugs.torproject.org/26542> Fixed broken bridge distribution for vanilla IPv6 bridges. - <https://bugs.torproject.org/22755> Use stem instead of leekspin for integration tests. This doesn't affect users but simplifies the code base. - <https://bugs.torproject.org/31252> Add an anti-bot mechanism. * Fixed <https://bugs.torproject.org/17626>. BridgeDB gets confused when users reply to a "get help" email. The issue is that BridgeDB interprets commands anywhere in the email body, even if it's in quoted text. To fix this issue, we are ignoring commands whose email body line starts with a '>' character, which is typically used for email quotes. * Made BridgeDB sync its assignments.log file to our metrics infrastructure again. This file contains the mapping from a bridge's fingerprint to its assigned distribution pool. Once we are archiving these files again, bridge operators can check in what pool their bridge is. Snowflake ========= * Added a dark mode to the Snowflake proxy: <https://bugs.torproject.org/31170> * More work went towards Snowflake's metrics. We updated the /metrics handler and the associated specification. - <https://bugs.torproject.org/31376> - <https://bugs.torproject.org/31493> * Implemented a fix for the "proxy ID reuse" vulnerability: <https://bugs.torproject.org/31460> Thanks to serna for discovering this issue! * Made some progress towards Snowflake's sequencing layer: <https://bugs.torproject.org/29206> * Handled a vulnerability in Go's net/http module by re-compiling and re-deploying affected binaries: <https://bugs.torproject.org/31454> <https://bugs.torproject.org/31455> <https://bugs.torproject.org/31456> * Fixed a bug that caused Firefox-based Snowflakes to not do their work: <https://bugs.torproject.org/31100> Outreach ======== * Roger did a Defcon talk on the Tor censorship arms race to several thousand people, including a call-for-testers for obfs4proxy and Snowflake, and then spent the rest of the weekend answering Tor questions. We are now counting approximately 400 Snowflakes! * We've started reaching out to contacts like professors to try to regrow the set of "default" bridges in Tor Browser, which are the bridges that users get when they don't specify their own bridge. * We started our "set up obfs4 bridges" bridge campaign: <https://blog.torproject.org/run-tor-bridges-defend-open-internet> So far, we are counting 39 new bridges. Thanks to everybody who contributed! * Started interaction with IETF MASQUE working group by proposing the idea of turning it into a pluggable transport: <https://mailarchive.ietf.org/arch/msg/masque/Cxh1phx6vFgn19jyANmt2YwLDqQ> GetTor ====== * Updated outdated Tor Browser copies on GitHub and GitLab and improved automation to keep them updated in the future. Pluggable transports ==================== * We went to the FOCI workshop, and among other things talked to the person working on using a GAN to modify timing for meek traffic. He's thinking about grad school, so we tried to connect him to all the usual profs so he can do this more in grad school. * Made some progress towards a better obfs4 by improving the way it obfuscates its flow signature: <https://bugs.torproject.org/30716>. This is experimental work-in-progress. * David published Turbo Tunnel, which provides a sequencing and reliability layer for pluggable transports: <https://github.com/net4people/bbs/issues/9> Miscellaneous ============= * Improved and extended our obfs4 bridge setup guides: <https://community.torproject.org/relay/setup/bridge/>

1 0

Notes from Vegas Team meeting August 29th
by Erin Wyatt 04 Sep '19

04 Sep '19

Notes from August 29 2019 Vegas Team meeting: MAIN DISCUSSION ITEMS: + (Gaba) Nextcloud next steps: Thoughts on this options? - Tor have its own NC instance, and to migrate to that one - Tor continues using the 'shared' NC one of riseup. - Riseup setup a NC instance only for Tor and maintain it - Riseup setup a NC instance only for Tor that is maintained by Tor sysadmin team Discussion highlight(s): Gaba and anarcat are both afk today; table discussion until they're back. + (Mike) Weighing whether to focus on Sponsor2 vs. ESR Discussion highlight(s): Mike was not present at the meeting, so folks were unsure whether this was about the final report (which became due September 1 and will be overdue December 30th if not submitted) or another question/issue related to the work w/ the sponsor. We will follow up with Mike for clarification. + (Pili) Re: migration to gitlab - should we migrate the Orbot ticket component in trac to a project in gitlab for tracking Orbot issues? - Since Guardian Project have?/will have? their own gitlab instance, it doesn't seem necessary but I would like us to discuss before making a decision (possibly with them also as a second step.) - Also, what about HTTPSEverywhere? Discussion highlight(s): • General agreement that it's not necessary/helpful to migrate the Orbot ticket component, we will communicate this with them by email; we will contact Guarding Project and EFF re: questions around httpseverywhere. + (Gus) Re: blog template that is killing geko's soul little by little - https://trac.torproject.org/projects/tor/ticket/31114; hiro is the person to talk to; following up with hiro, pili, anto by email. ---------------->8 INDIVIDUAL NOTES: Gaba: We are moving to nextcloud and shutting down storm.torproject.org. Notes from "nextcloud at Tor" meeting here: https://lists.torproject.org/pipermail/tor-project/2019-August/002446.html Options that will be taken to the sysadmin team by Linus: • Tor have its own NC instance, and to migrate to that one • Tor continues using the 'shared' NC one of riseup. • Riseup setup a NC instance only for Tor and mantain it • Riseup setup a NC instance only for Tor that is mantained by Tor sysadmin team 5. S31 on 'refactoring' is moving forward. This week we will have check-in meeting. 6. Gettor is back - Hiro is having Thursday to work on it. 7. IPv6 proposal done 8. Small gardening tasks on roadmaps. 9. Still slowly working on migration plan. Mike: 0. Medical leave (no I'm not gonna die soon and if you think I will, I might still find a way to cut you after I'm gone ;) 1. Finishing sponsor2 circuit padding framework documentation Steph 1 Promoting next week’s DocsHackathon 2 Launched campaign to run bridges. Will promote through September 3 Received a round of edits for a page demystifying the dark web. Need to also update onion services pages on the community portal 4 Preparing donor materials including a 1.5 page overview + other pages for a complete deck 5 Went to NYU to meet about office space, just waiting for an ID! Also finding out if we can have a table at CSAW in November. 6 August newsletter coming out this week 7 EOY campaign planning 8 Campaigning for companies to run relays next on deck 9 Met about lessons learned from def con to prepare for upcoming cons 10 Podcast coordination 11 Seeing about having a Tor comic book to offer as a gift for donors Nick 1 042 series will freeze on Sep 15. Make sure we know about must-fix issues. If they are not marked 042-must, please mark them and say why. 2 team trying to wrap up 042 stuff, fix bugs, etc 3 0.4.1.5 seems relatively stable so far? Sarah 1. EOY campaign calendar and talking with stakeholders 2. Planning Boston event 3. Getting ready to launch major donor webpage 4. Working on various edits to donate.tpo pages 5. afk Friday 8/30 Philipp 1 Started obfs4 bridge setup campaign with Steph's help 2 Interacted with prospective default bridge operators after Roger sent a bunch of emails 3 Caught up on website fingerprinting literature and thought about how it should inform our obfs5 design 4 Progress with both BridgeDB and snowflake Georg 1 Busy with ESR 68 migration; first alpha based on that is hopefully coming out next week 2 Went to CCCamp and our talk went well 3 Trying to get back to email conversations I've dropped during the last couple of weeks Gus 1. Back from CCCamp 2. Working on Docs Hackathon preps (Sept 2nd - 6th) - https://blog.torproject.org/join-tors-docshackathon-next-week 3. (almost) Finished last week RT frontdesk gap; still ~900 in the queue Pili 1. Browser Team roadmapping 2. OTF Proposal for Browser Team 3. Lots of meetings this week - DRL proposal, websites maintenance, tor browser tasks re-org, tor browser release meeting 4. Docs Hackathon 5. S27 August report 6. Trying to find some time to work on my slides for a talk on Onion service web APIs isabela 1. Reviewing all stuff necessary for auditors 2. Reviewing proposals which deadline is on the 1st 3. Met w/ Alison here in nyc 4. Other meetings - kick off OONI transition discussion/planning; Sync w/ Beth; website long term maintenance meeting; 5. Planning different trips/meetings in September; YE campaign; Reviewing 'there is no darkweb' webpage content 6. start drafting reorg letter and personas letter Erin 1. handbook handbook. we think version 1 is almost done! 2. working on some stuff for the audit 3. general HR stuff 4. reminder - Monday is a US federal holiday Antonela 1 moving ux team material and reporting to an open repository > https://dip.torproject.org/torproject/ux/research 2 the ux team now have a kanban with our roadmap > https://dip.torproject.org/groups/torproject/ux/-/boards 3 working with TB9.0 network settings (#31286) and synced with phw on s30 iteration 4 speaking at MediaParty in BA > https://sched.co/UESp 5 making the first feminist security conference in argentina > https://notpinkcon.org/# 6 cross-team meetings, websites maintenance, community drl soi, ux roadmapping, docshackaton Karsten 1. Discussed two funding proposals related to metrics work. 2. Made some progress on getting Snowflake and BridgeDB data archived by CollecTor.

1 0

Tor Browser team meeting notes, 3 September 2019
by Georg Koppen 04 Sep '19

04 Sep '19

Hello! We held our weekly Tor Browser sync yesterday in #tor-meeting as usual. The log can be found at: http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-09-03-17.29.l… The notes from the pad are: Discussion: [tjr] We currently have a team IRC highlight for 'tbb-team'. I recently joined #tor-bots and get regular highlights there for the owner changing to tbb-team. Is this a mild annoyance to anyone else? If so, I know renaming trac accounts is not possible, but maybe in gitlab we could have a different name for the account; or try to migrate our highlight? (Or maybe the answer is "Yes it's not ideal, but it's not worth changing.") GeKo: Last week: - release preparation for 8.5.5 and 9.0a6 - built release candidates for both series - signed the 8.5.5 bundles - reviewed loads of patches to get 9.0a6 into alpha shape (it seems we managed to do so!) - helped pili with time estimations for tickets and roadmapping for September - staring at Windows reproducibility issue (#31538) - helped with diagnosing Windows updater issue (#31567) (thanks to pospeselr for stepping up and diagnosing the issue) - provided patches to smaller issues (#30800, #27493 - filed already a number of issues against our ESR 68-based Tor Browser This week: - help with getting the releases out - continue to work on #31538 - macOS notarization? (GeKo will chat with mcs/brade after the meeting) - reviews - monthly reports (I'll combine July and August) mcs and brade: Last week: - #30126 (Make Tor Browser on macOS compatible with Apple's notarization). - Added a comment to the ticket that lists the remaining things that we need. - #29430 (Use uTLS for meek TLS camouflage in Tor Browser). - create Torbutton patch to avoid breaking circuit display. - #30429 (ESR 68 Rebase). - tested the updater on Windows. - created and helped with #31567 (NS_tsnprintf() does not handle %s correctly on Windows). - Discussed recent Mozilla updater security fix patches with gk. - Started to look at #31457 (disable per-installation profiles). This week/upcoming: - #31457 (disable per-installation profiles). - Work on other tbb-9.0-must-alpha tickets as time permits, e.g., #31491 (clean up the old meek http helper browser profiles). - More ESR68 updater testing. - We will be away from keyboard this Thursday and Friday (September 5th and 6th). - As we mentioned at the dev meeting, we have vacation planned for the week of September 23rd. tjr: - Some minor build uplifts to esr 68 - There is a path forward on the wasm for extensions thing: https://bugzilla.mozilla.org/show_bug.cgi?id=1576254 - Currently pretty far behind on things pospeselr: Last Week: - #31567 investigation (printf fun) - #31548 (verify mingw HEAD builds ff with working screen reader support) - #31286 work: - finished prototype UX, sent review build to antonela - started work to wire tor-launcher code into new about:preferences configuration This Week: - make a test Linux build with bridge UX for y'all to review (#31286) - labor day off - SF for browser privacy meet-up acat: Last week: - Fixed #31396 - Communication with noscript for security settings not working in nightlies - Reviewed latest #31010 changes. - Fixed some esr68 tbb-9.0-must-alpha bugs. - Investigated onboarding regressions (#28822). This week: - Fix onboarding regressions + address review comments (#28822). - #26345 - Disable tracking protection UI in FF67-esr - #31562 - The circuit display is not visible on error pages in Tor Browser based on ESR68 - #31575 - Firefox is phoning home during start-up in Tor Browser based on ESR 68 - #30662 - Make sure about:newtab is blank - #31601 - Don't let Mozilla recommend extensions again - Maybe others tbb-9.0-must-alpha boklm: Last week: - Reviewed mingw-w64-clang patches (#28716, #28238) - Made patch for #30384 (Use 64bit containers to build 32bit Windows Tor Browser) - Made small patches for #31606 (Update website update instructions in Tor Browser release process) - Helped with new releases build - Started looking at #31448 (gold and lld break linking 32bit Linux bundles we need to resort to bfd) - Looked a little at #31564 (Android bundles based on ESR 68 are not built reproducibly anymore) - Commented on #28942 (Evaluate pion WebRTC) and #28325 (Use go 1.11 module versioning support) - Reviewed #31264 (tar.gz output files contain non-reproducible timestamps) This week: - Finish publishing new releases - Investigate #31448 (gold and lld break linking 32bit Linux bundles we need to resort to bfd) - Review #30334 (build_go_lib for executables) - Other tbb-9.0-must-alpha toolchain tickets: #29013 - Review #31596 (Bump mingw-w64 version to pick up fix for #31567) pili: Last week: - OTF Browser Proposal - September Roadmap and estimations This week: - Final Orfox update!! sisbell: - #31568: Creating grade dependencies - determined cause of multiple artifact entries (proposed solution but needs to be implemented) - #30461: Update tor-android-service: redid config/build to use older version of project until we get latest updates merged into tor repo - #31293 - found that adding JVM settings overrides the no-daemon flag for gradle. This causes network interface failures in some build environments - #31564 - Reproducibility - tried various solutions, including upgrading, downgrading gradle plugin. All caused failures of Firefox build - Various Changes to Firefox build to get it building with full set of options This week: - For reproducibility - try downloading google source and see if we can patch it. - Fix for #31568 Georg

1 0

OONI Monthly Report: August 2019
by Maria Xynou 03 Sep '19

03 Sep '19

Hello, Below we share what the OONI team worked on in August 2019. ## Report on censorship events in Ethiopia We published a research report documenting new censorship events in Ethiopia, titled: "Resurgence of Internet Censorship in Ethiopia: Blocking of WhatsApp, Facebook, and African Arguments". The report is available here: https://ooni.io/post/resurgence-internet-censorship-ethiopia-2019/ This report is a follow-up to our previous study, which documented the blocking of WhatsApp and Telegram in Ethiopia in mid-June 2019: https://ooni.io/post/ethiopia-whatsapp-telegram/ ## Progress on OONI Probe desktop app We completed the integration of the new golang probe-engine into the OONI Probe CLI that powers the desktop app: https://github.com/ooni/probe-cli/pull/46 We also did some more research and testing on auto-update support: https://github.com/ooni/probe-desktop/pull/37. ## Progress on OONI Probe mobile apps We released the beta of OONI Probe Mobile v.2.2.0 (Android and iOS) for internal testing. The new version allows users to download JSON files from OONI Explorer, copy OONI Explorer URLs, and it includes support for the auto-deletion of measurement logs and JSON files that have already been uploaded. Android: https://github.com/ooni/probe-android/pull/249 https://github.com/ooni/probe-android/pull/250 https://github.com/ooni/probe-android/pull/251 https://github.com/ooni/probe-android/pull/253 https://github.com/ooni/probe-android/pull/254 iOS: https://github.com/ooni/probe-ios/pull/303 https://github.com/ooni/probe-ios/pull/304 https://github.com/ooni/probe-ios/pull/305 We also started doing a bit of research on integrating react-native which will allow us to maximize code-sharing between the OONI Probe desktop and mobile apps. ## New test development We implemented the OONI Probe Telegram test using the new golang engine, paving the way to making it easier to implement new tests in go: https://github.com/ooni/probe-engine/pull/41 ## Progress on revamping OONI Explorer In preparation for the launch of the revamped OONI Explorer, we continued to make a series of improvements to the beta (https://explorer-beta.ooni.io/) throughout August 2019. More specifically, we merged the following pull requests: https://github.com/ooni/explorer/pull/234 https://github.com/ooni/explorer/pull/239 https://github.com/ooni/explorer/pull/242 https://github.com/ooni/explorer/pull/244 https://github.com/ooni/explorer/pull/245 https://github.com/ooni/explorer/pull/247 https://github.com/ooni/explorer/pull/254 https://github.com/ooni/explorer/pull/262 https://github.com/ooni/explorer/pull/263 https://github.com/ooni/explorer/pull/265 https://github.com/ooni/explorer/pull/276 We also opened the following pull requests: https://github.com/ooni/explorer/pull/280 https://github.com/ooni/explorer/pull/279 https://github.com/ooni/explorer/pull/251 ## Pipeline work We fixed a major bug in the OONI data processing pipeline and ran the backfilling process: https://github.com/ooni/pipeline/issues/214 As part of our work on this, we also improved the quality of end-to-end tests in the pipeline: https://github.com/ooni/pipeline/pull/216 https://github.com/ooni/pipeline/pull/215 https://github.com/ooni/pipeline/pull/208 https://github.com/ooni/pipeline/pull/220 https://github.com/ooni/pipeline/pull/221 This allows us to have greater confidence in deploying changes to the data processing pipeline as we get ready to deploy the speed improvements and add support for ingesting metadata from new tests. We made progress in extracting metrics from the Telegram instant messaging test: https://github.com/ooni/pipeline/pull/177 As part of the fast-path branch, we made progress on reducing the time to process measurements and on the creation of events for the RSS feed: https://github.com/ooni/pipeline/pull/213 ## Infrastructure work We did some work on cleaning up old deprecated machines, making it easier to ensure that all our infrastructure is redeployable. See: https://github.com/ooni/sysadmin/pull/338 & https://github.com/ooni/sysadmin/pull/337 During the Chaos Communication Camp (where we met in person), we brainstormed on strategies to make our infrastructure more available. ## Community activities ### Chaos Communication Camp 2019 OONI's Arturo, Maria, and Federico traveled to Germany to attend the Chaos Communication Camp 2019 (CCCamp) between 21st-25th August 2019: https://events.ccc.de/camp/2019/wiki/Main_Page At CCCamp, we facilitated an OONI session: https://events.ccc.de/camp/2019/wiki/Session:OONI:_Measuring_internet_censo… We also held an OONI hackathon: https://events.ccc.de/camp/2019/wiki/Session:OONI_Hackathon During the hackathon, we engaged participants with OONI data analysis and we discussed the development of new OONI Probe tests. At CCCamp, we also hosted an OONI village (https://events.ccc.de/camp/2019/wiki/Village:OONI), where we distributed OONI t-shirts and stickers, collected community feedback on OONI tools and methodologies, and otherwise engaged participants with the OONI-verse. Our village was part of the About:freedom cluster (https://events.ccc.de/camp/2019/wiki/Village:About:freedom), consisting of multiple organizations defending digtial rights and promoting free software. ### OONI workshop in Venezuela Our partner, IPYS Venezuela, held an OONI workshop in Venezuela for local journalists (see: https://twitter.com/ipysvenezuela/status/1162365664008515585). As part of the workshop, they explained how to participate in censorship measurement research through the use of OONI Probe and OONI data. ### OONI data presented at the Latin America and Caribbean Internet Governance Forum Our partner, IPYS Venezuela, presented censorship findings from Venezuela based on OONI data at the Latin America and Caribbean Internet Governance Forum. Through the use of OONI Probe, IPYS Venezuela documented hundreds of censorship events in Venezuela throughout 2018. Further information is available via their report: https://ipysvenezuela.org/alerta/reporte-ipysve-la-escalada-de-la-censura-d… ### OONI outreach material for Bolivia Our partner, Internet Bolivia.org, published outreach material in Spanish to help promote the use of OONI Probe in Bolivia: https://drive.google.com/file/d/1IGQCxWDRrpgvNW02T67Aj4mo5emdgHl4/view ## Userbase In August 2019, OONI Probe was run 375,421 times from 5,272 different vantage points in 214 countries around the world. This information can also be found through our stats: https://api.ooni.io/stats ~ The OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.torproject.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

torproject.org content updates and next steps
by Pili Guerra 03 Sep '19

03 Sep '19

Hi everyone, There's been a lot of work over the past year (and before!) to migrate the website to lektor, to use a consistent styleguide[1], make it more modular[2] and structured it in a way that it is easier for people to find the underlying content for a page. With the potential move to gitlab, we can also make it easier for more people to submit change requests using the gitlab interface to update this content. We have been thinking about a good process for keeping our www.torproject.org website content up to date for a while. This is something that we can all own a small part of and we shouldn't have to rely on a single person for updates. We had a session about this in Stockholm[3] and we recently had another meeting to formalise the next steps to delegate ownership and updates for different sections of the websites. I believe we're now in a good position to start trying this process out for www.torproject.org and using it as a model for other future websites, e.g the upcoming developer portal. I have been reaching out to some of you individually to help us out with this and now I would like your input on which sections need updating and potential owners. The idea here is that different people can submit change requests to update content on the different website sections and the people in the webwml group, but mainly Community and UX team members, can review and merge these changes. We will also be updating the current webml group members to better reflect those people who are currently involved, so please reach out if you believe you are a member of this group and would like to remain involved. So, to wrap up :), please take a look at the following table[4] and feel free to update it or email me if there are any sections that need to be added and/or that you'd like to own in future. Thanks! Pili [1] https://styleguide.torproject.org/ [2] https://gitweb.torproject.org/project/web/lego [3] https://trac.torproject.org/projects/tor/wiki/org/meetings/2019Stockholm/No… [4] https://trac.torproject.org/projects/tor/wiki/org/meetings/2019Stockholm/No… — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project September 2019