- tor-project - lists.torproject.org

Shadow status (Sponsor 38)
by Jim Newsome 10 Feb '20

10 Feb '20

Hi everyone! For those I haven't met yet, I recently joined The Tor Project and will be working on the Shadow <https://shadow.github.io/> simulator for the Sponsor 38 <https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor38> project. On the Tor side I'll be part of the Network team <https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam>. I plan to aim for ~monthly status updates here. So far: * I started two weeks ago, and spent the first couple days having an orientation and kickoff with Rob Jansen (NRL) * I've been doing some work to improve development assurance and velocity <https://github.com/shadow/shadow/milestone/15> o Migrated the documentation from a GitHub wiki into the source repository itself, so that changes can go through the same review process and to help keep it in sync with code changes. [#705 <https://github.com/shadow/shadow/issues/705>] o Added a GitHub workflow to ensure Shadow builds and its tests pass in every pull request and commit to master [#707 <https://github.com/shadow/shadow/pull/707>] o Made progress on fixing compiler warnings so that we can enable -Werror (i.e. prevent new warnings from slipping in unnoticed) [#711 <https://github.com/shadow/shadow/issues/711>] Activities planned in the next ~month: * Continue making development assurance and velocity improvements. * Develop a plan for incrementally migrating Shadow to Rust. We'dlike to get to a state where new code is written in Rust rather than in C. * Start redesigning TCP emulation, with an eye towards modularizing and porting to Rust. * Start working on process-based separation. -Jim

1 0

Job opening: Executive Assistant
by Erin Wyatt 10 Feb '20

10 Feb '20

Hello, everyone! We have a new open position: https://www.torproject.org/about/jobs/executive-assistant/ The job posting is available at the link above, pasted below, and attached as a PDF. Please help us spread the word by sharing, forwarding, tweeting, whatever! :) Thank you all! Have a great week. Cheers, Erin ———————————>8 February 10, 2020 The Tor Project is looking for an Executive Assistant! The Executive Assistant is responsible for providing high-level administrative support to the Executive Director. This position will actively manage the ED’s schedule, handle internal and external executive-level communications, and coordinate special projects and events. This position is full-time and remote; someone in the Eastern time zone strongly preferred. You: · Technology-competent and/or willing and able to learn new tools. Our team coordinates via IRC (the grandparent of Slack), email, Signal messaging app, and bug trackers, etc. · Have an exceptional ability to see ten steps ahead, anticipating and heading off issues before they become problems. · Highly skilled at prioritizing ED’s tasks and effectively communicating changing priorities on a daily basis. · Problem solver! Plans, strategies, and schedules change: You react quickly, are resilient, and take the initiative to find the best alternatives when these changes arise. · Independent: self-directed and able to get the job done; ensure the ED is on track. · Proactive: you take initiative in improving processes; you’re always thinking ahead. Job Duties: · Manage ED’s schedule: schedule meetings, screen for conflicts, and ensure the ED is prepared for important meetings. · Arrange travel, prepare expense reports, and handle other administrative tasks. · Head up the planning and logistics of twice-yearly organization-wide meetings. · Serve as proxy for ED at certain weekly meetings, take notes, and keep track of ED’s action items. · Develop and sustain a high level of professionalism among staff and community members. · Assist the ED with administering the organization’s travel policy: follow up on travel approvals and expenses and help manage the budget. · Assist the ED with reports, presentations, and follow ups with/for major donors and sponsors. Required Skills & Qualifications: · Be personable with strong interpersonal and oral/written communication skills; ability or willingness to learn to use various communication tools and function in an asynchronous work environment. · Uphold a strict level of confidentiality. · Maintain a high level of attention to detail and accuracy. · Ability to manage multiple tasks, re-prioritize on a daily basis, and meet deadlines. · Be highly organized with exceptional planning skills. · Able to work both independently and in a collaborative environment. · Ability to track and monitor travel budget spending at the org level. · Willingness to try new methods, apps, and/or technology. · Take initiative in completing assignments, solving problems, and seeking solutions. · 3 to 5 years’ experience as Executive Assistant or similar roles. · An interest in free and open source software and/or internet freedom is a bonus but not required. To apply: Please email a PDF of your resume/CV, and a cover letter explaining how your qualifications and experience meet the requirements of this job description. Please include your salary requirements and why you want to work at Tor Project. Email should be sent to hr at torproject dot org with "Executive Assistant " in the subject line. No phone calls, please. Other notes: We offer a competitive benefits package, including a generous PTO policy; 14 paid holidays per year (including the week between Christmas and New Year's, when the office is closed); health, vision, dental, disability, and life insurance; flexible work schedule; and occasional travel opportunities. The Tor Project, Inc., is a 501(c)(3) organization headquartered in Seattle with paid staff and contractors of around 40 engineers and operational support people, plus many volunteers all over the world. Tor develops free and open source software for privacy and freedom online, protecting people from tracking, surveillance, and censorship. The Tor Project's mission is to advance human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, support their unrestricted availability and use, and further their scientific and popular understanding. We are committed to creating and maintaining a diverse and safe environment, and we are committed to our Social Contract, Membership Values, and our Code of Conduct. The Tor Project, Inc., is an equal opportunity, affirmative action employer. We strongly encourage everyone to apply to this position without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, or age.

1 0

Network health meeting notes, 10 Feb 2020
by Gaba 10 Feb '20

10 Feb '20

Hi! We just had the weekly network health team meeting. You can read the logs at: ttp://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-02-10-19.01.html The content of the pad (https://pad.riseup.net/p/tor-networkhealth-2020.1-keep) for this meeting was: ------------------------------- ---- 10 February 2020 ------------------------------- Roadmap is done for Q1: https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… Announcement GSoC project: https://community.torproject.org/gsoc/ • Metrics queries for GoodBadIsps page. https://dip.torproject.org/torproject/web/community/issues/72#note_483 Statuses: Geko: AFK Gaba (Feb 10): Last week: * help with sbws's proposal for funding This week: * help with sbws's proposal for funding Gus: This week: * Reviewing community team roadmap and network health team * Submitting EFF Legal FAQ comments to GeKo this week RotationMatrix: This week: * Adding metrics queries to GoodBadIsps page. -- Project Manager: Network, Anti-Censorship and Metrics teams gaba at torproject.org she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

January 2020 report for the UX team
by Antonela Debiasi 10 Feb '20

10 Feb '20

Hello Tor, Onion Services ============== We are on the last bit of making the Tor Browser user experience with onionsites smoother and more intuitive. We've been iterating over the client errors for onionsites and also reaching consistency with the onion identity presence in the URL bar. We were discussing them here: https://trac.torproject.org/projects/tor/ticket/19251 https://trac.torproject.org/projects/tor/ticket/32645 Also, we've been working on deploying memorable names for onionsites. This proof-of-concept will allow end-users to type a readable address at the URL bar like [antonela.tor.onion], and Tor Browser will serve the associated onion service. Users will be able to inspect and copy the original 56-character domain name too. https://trac.torproject.org/projects/tor/ticket/28005 User Research - S9 ================== During December, community members from Colombia and Kenya ran user research over the Tor Browser download process. During January, we worked on reporting their findings. Nah is uploading our reports here: https://dip.torproject.org/torproject/ux/research/tree/master/reports/2019/… S30 === OONI has been working on making Tor vanilla test available to run in all the OONI Probe apps. We've worked on its user interface and reviewing the implementation across platforms. https://github.com/orgs/ooni/projects/3 L10n ==== Emmapeel and the invaluable collaboration of the volunteers made the Tor Browser manual available in lithuanian. Pažiūrėk čia: https://tb-manual.torproject.org/lt She also has been working on documenting the l10n workflow for translators in https://community.torproject.org/localization/ Outreach ======== The Tor Project will host the Tor village during the last days of the Internet Freedom Festival. We are collaborating with the Community Team on setting up the agenda and also managing the invites. If you are interested in joining us in Valencia, stay tuned! Open Team ========= We roadmapped the work for the UX team in 2020. You can sneak peek what we will be hacking on here https://nc.torproject.net/s/CqiqS7NRrfPkmLx If you missed those, January weekly meetings notes are here: https://lists.torproject.org/pipermail/ux/2020-January/000483.html https://lists.torproject.org/pipermail/ux/2020-January/000484.html https://lists.torproject.org/pipermail/ux/2020-January/000485.html https://lists.torproject.org/pipermail/ux/2020-January/000486.html Love and peace, A -- Antonela Debiasi UX Team Lead @antonela E2330A6D1EB5A0C8 https://torproject.org

1 0

Network Team Meeting Notes, 5 February 2020
by Alexander Færøy 10 Feb '20

10 Feb '20

Hello, Here is a short summary of the network team meeting from Wednesday the 5th of February 2020. 1) We started out with roadmap. People were asked to prioritize 0.4.3 tickets. 2) We looked at the 0.4.3 status page. 3) Discussion on next steps for C style work. It was decided that we have a meeting on Wed 12th of February at 23 UTC to discuss this further. 4) Nobody had anything else to discuss. --- end of summary --- You can read the network team meeting log at: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-02-05-22.59.html Below are the contents of our meeting pad: Nick: Week of Jan 27 (planned): - Review all incoming 043 patches on my queue * - Read and answer Mike's big congestion document * - Release 0.4.2 and 0.4.1. (Is a final 0.4.0 called for?) * - More PETS discussion, and artifact review. * - Triage 0.4.3 and assign tickets with ahf. * - Take care of whatever 0.4.3 tickets are assigned to me. - Sketch out Walking Onions work plan. - Answer and discuss pending stuff about C style project. - Time permitting: - Review pending patches for 044 - Make more dirauth options optional (32139) - Stem tracing? (30901) Week of Jan 27 (actual): - Releases for 0.4.2.x and 0.4.1.x - Worked on Clusterfuzz timeout issues (33118) - Worked on a bunch of 043-must/should items; get several of them into needs-review. Lots of analysis here. - Read and suggested edits to Mike's big congestion document. - Follow up on comments about C style - Review and merge patches. - Started working on patches to deprecated options (31180) - Triaged 043 tickets with ahf. - Started a bug-retrospective analysis with teor - Wrapped up paper-related PETS2020 stuff; only artifacts left! - Investigated logs related to directory authority DoS; proposed a compression-based solution. - Opened tickets for two TROVE issues; one low and one medium severity. - Reviewed proposal 312. Week of 2 Feb (planned): - Finish bug retrospective. - Solve as many 043-must/should issues as I can. - Review and merge. - Keep an eye on blog comments about recent stable releases. - Plan for an alpha early next week. - More work on paper with Ian and Chelsea (revisions due 15 Feb) - Review Teor's proposal 313 once it's out - Integrate revisions to prop295 before I forget completely catalyst: week of 01/27 (2020-W05) (planned): - reviews - retrospective 01/29 week of 01/27 (2020-W05) (actual): - retrospective 01/29 - reviewed some more gsod work (#32928, #32929) - debugged some more about why LeakSanitizer seemed to not be working (#33087) week of 02/03 (2020-W06) (planned): - reviews - getting feedback on .github repo stuff (#32335) - feedback cycle stuff week of 02/03 (2020-W06) (actual): - more review of gsod work (#32928, #32929), with nickm's help ahf: Week of 27/1 2020 (planned): - Ticket triage with Nick. - Continue on sponsored work. - Try to read and understand Mike Perry's epic pad. - Read and follow up on Teor's IPv6 propsal(s). - Prepare slides for FOSDEM and travel to FOSDEM (will thus be AFK from IRC on most of Thursday and all of Friday). - Hope to catch up with Juga while in Brussels and hear what they are up to. - Hope to spend some time with ln5 and hack on his key hw/vault idea. - If there is anybody we should meet and talk with at FOSDEM, now is a good time to say so. Week of 27/1 2020 (actually): - Ticket triage. - Tried to wrap my head around Mike's email and Tim's proposals. - Did slides for FOSDEM, went to FOSDEM, spoke at FOSDEM. Went OK. - Met with Juga and Gaba to look at SBWS grant. - Hanged out with Juga who gave me an introduction to the sbws internals and how the tool works. - Spoke with Linus and Peter Stuge about the vault idea. Week of 3/2 2020 (planned): - Work on one of the TROVE's. - Tried to wrap my head around the HS randevouz blog post. - EOM tasks from January. - Some follow ups related to peer review and FOSDEM. asn: Week of 20/01 (actual): - Almost recovered physically. - Took over #32709 from David (Thanks David!) and discussed it with Nick (Thanks Nick!) - Started working on remaining #32709 items. - Various S27 planning moves. Week of 27/01 (planned): - Finalize #32709 so that I can use it for testing OBv3. - Get back to doing reviews etc. Mike: Last week (planned): - Have gaba+isa review role descriptions - Metrics kickoff meeting - Work on explicit congestion notification meta-proposal - File perf-related roadmap tickets - Triage + prioritize circpad, vanguards bugs Last week (actual): - Had gaba+isa review role descriptions; worked on 2020 plan - Metrics kickoff meeting - Worked on explicit congestion notification meta-proposal This week (planned): - Mozilla all hands - Congestion control tor-dev post Maybe dropping due to Mozilla: - File perf-related roadmap tickets - Write mails to researchers re circpad docs + simulator - Triage + prioritize circpad, vanguards bugs dgoulet: Week of Jan 20th (actual): - Reviews and merges and meetings. - Worked on #33018/#33029. - The email world was strong that week. - Logistics for NetDev'14 conference in March. Rob and I were accepted for a talk there. Week of Jan 27th (planned): - Continue into the #33018 and #33029 madness world. - Hopefully make progress on ticket assigned to me on the roadmap. Gaba: Week of January something... (actual) - Roadmap life - Run behind Trac - Sustain OSS and Fosdem - sbws roadmap Week of February 6th (planned) - s55 - reduce scalabiltiy project to fit new requirements - survive a pile of mails - run behind trac again teor: (online first meeting of the month, offline at the usual meeting time) Week of 27 January (planned): Take Time for: - Backports (if needed) - Draft sponsor 55 (relay IPv6) roadmap - Create tickets (once proposals have been reviewed) - Revise Proposal 311: Relay IPv6 Reachability: (please review!) (#24404) https://lists.torproject.org/pipermail/tor-dev/2020-January/014132.html - Draft Proposal 312: Automatic Relay IPv6 Addresses (#33073) - Draft Proposal 313: Relay IPv6 Statistics ? - Update Proposal 306: Client Auto IPv6 Connections ? (#33043) - based on proposals 311 and 312 Roadmap: - (Transitioning between unfunded work / 0.4.3 fixes, and Sponsor 55) Other: - Code Reviews Week of 27 January (actual): Take Time for: - Revise Proposal 311: Relay IPv6 Reachability (#24404) - Draft and Revise Proposal 312: Automatic Relay IPv6 Addresses (#33073) - Backports before releases Roadmap: - #33091 minor change related to Sponsor 55 O1.2 Other: - Added info to #31009 - Use public relay addresses for PTs - Related to Relay Auto IPv6 Address: proposal 312 and ticket #5940 (Sponsor 55) - Added info to #33018 - Dir auths using an unsustainable 400+ mbit/s - Related to Relay Auto IPv6 Address: proposal 312 and ticket #5940 (Sponsor 55) - Added info to #31180 - Remove deprecated options in 0.4.3 - Not actually related to Sponsor 55, but nickm thought that it was - Ticket triage, backport deciding, quick code reviews - Help with minor CI changes (#32455, #33075) - Help with LeakSanitizer bugs (#33087, #31594) Week of 3 February (planned): Take Time for: - Revise Proposal 311: Relay IPv6 Reachability (#24404) - Revise Proposal 312: Automatic Relay IPv6 Addresses (#33073) - Draft Proposal 313: Relay IPv6 Statistics (ticket?) - sbws roadmap review - sbws funding proposal review - Merge proposals 311 and 312, and send out final drafts to tor-dev Roadmap: - Make tickets for roadmap, based on proposals 311 and 312 Other: - Ticket triage, backport deciding, quick code reviews Week of 3 February (actual): Take Time for: - Revise Proposal 311: Relay IPv6 Reachability (#24404) - Revise Proposal 312: Automatic Relay IPv6 Addresses (#33073) - Merge proposals 311 and 312 - Start Drafting Proposal 313: Relay IPv6 Statistics (#33159) - sbws roadmap review - responding to emails and IRC Roadmap: - responding to questions on sponsor 55 tickets - update other tickets based on Sponsor 55 analysis and proposals Other: - Ticket triage, backport deciding, quick code reviews - Opened #33156 for a DoS subsystem IPv6 bug - GSoC potential IPv6 project: update project info based on latest proposals - Security issue analysis Need help with: - Please review Proposal 312: Automatic Relay IPv6 Addresses: (for Sponsor 55) https://lists.torproject.org/pipermail/tor-dev/2020-January/014136.html -- Alexander Færøy

1 0

[release] Onionoo 8.0 will be released on February 20, 2020
by Karsten Loesing 09 Feb '20

09 Feb '20

Hi! We're going to release Onionoo protocol version 7.0 in 11 days from now on February 20, 2020. This protocol version will include a few backward-incompatible changes, all related to graphs: - Include graph history objects even if the time periods they cover are already contained in other graph history objects with shorter time periods and higher data resolutions, - remove "3_days" and "1_week" bandwidth graphs, - change "1_month" bandwidth graph to a data resolution of 24 hours, - add back "1_month" clients graph, and - remove "1_week" uptime and weights graphs. You can find more details on the Onionoo protocol page: https://metrics.torproject.org/onionoo.html If you're using any of these graphs in your Onionoo client and have questions or concerns about this change, please let us know! We might be able to help. And if you need more time to update to the new protocol version, please let us know, too. We typically give a four weeks heads-up for backward-incompatible changes but somehow failed to do so this time. If we don't hear from anyone, we're making the change on/around February 20. On behalf of the Tor metrics team, Karsten

1 0

Notes from Vegas Meeting FEBRUARY 6 2020
by Erin Wyatt 07 Feb '20

07 Feb '20

VEGAS TEAM MEETING NOTES FEBRUARY 6 2019: + NEW BUSINESS Nickm: - Everybody please keep an eye at the unapproved blog comments at https://blog.torproject.org/admin/content/comment/approval . (No discussion needed) GeKo: - Did we actually make progress on deciding what license/copyright line we want to use for code that we write during our job? Resolution: Not yet. It’s in ewyatt’s queue, she’ll follow up. ewyatt: - Nickm question re: feedback process - change review period through January 31? Resolution: Sure, seems fine. ewyatt will send notice by email. anarcat: - Postponed the Storm migration one week (but not more!) migrate your stuff *now* if you haven't done so already, see also https://trac.torproject.org/projects/tor/ticket/32390 - Old data on nc.riseup.net (the old nextcloud instance) should have been destroyed on tuesday, but might still be around if you haven't moved everything yet https://trac.torproject.org/projects/tor/ticket/32391; let me know if you want to hear about the RFC process we are working on gaba: - HELP. We will need gitlab service admins! please please please check with your teams to see who can help with it. That would mean people that could: • have a shell account in the server where gitlab is running • able to start/stop service • able to upgrade the service • troubleshoot any problems with the service • get support from the sysadmin team <-- they will not be alone :) + GENERAL NOTES Georg: 1. Learning a lot at Mozilla's All Hands meeting 2. Network health roadmapping 3. Getting up to speed with bad relay work 4. Getting up to speed with sbws 5. Did we actually make progress on deciding what license/copyright line we want to use for code that we write during our job? Antonela: 1. Met Simply Secure with Gaba in Berlin to kick off the OTF Metrics project. Nina Vizz is going to work on this project. 2. Met Fiona to update her about our work with onions 3. Following up on some conversations around Berlin Allhands 4. Reviewing deliverables of 2019 S9 user research and planning 2020 Q1Q2 roadmapping 5. Writing ux team january report 6. Regular work in S27, following up with Tunde around S30 research, working in S30 OONI related tasks 7. Thinking about onion services, working on DRL community proposal 8. I'll be offline from Feb 13th to Feb 19th Steph 1. Wrote an email to sponsors about Tor's media presence in 2019. Also published as a blog post 2. Inquiries: Interviewed with Tech Round. Talked to a student writing a story about the "dark web." 3. Working with Learning Lab. Answered questions for the writer who is working with us and had a follow up call to help outline the new page they're helping us write. 4. Coordinated Isa's Team Time. 5. Helping out with prep for the upcoming SF events. anarcat 1. adopted sysadmin roadmap in the last TPA meeting, will be migrated to trac tomorrow but for now see https://help.torproject.org/tsa/roadmap/2020/ 2. agreed to use an "RFC" process to decentralize and "asynchronise" decision making in the team, will be formulated formally tomorrow, let me know if you're interested to hear more 3. fixed hardware problems with new ganeti node and finished moving two VMs (including the scary check.tpo) off of an old server, which will be decomissioned after a delay, on tuesday 4. contacted various teams to followup on buster upgrades, need feedback from translation (https://trac.torproject.org/projects/tor/ticket/33110) and metrics about scheduling and planning (https://trac.torproject.org/projects/tor/ticket/33111) - progress followup here https://help.torproject.org/tsa/howto/upgrades/buster/#Per_host_progress 5. postponed the Storm migration one week (but not more!) migrate your stuff *now* if you haven't done so already, see also https://trac.torproject.org/projects/tor/ticket/32390 6. old data on nc.riseup.net (the old nextcloud instance) should have been destroyed on tuesday, but might still be around if you haven't moved everything yet https://trac.torproject.org/projects/tor/ticket/32391 Gaba 1. still roadmapping process for some teams - it will be faster next time 2. trying to figure out how to shutdown svn 3. saying bye bye to storm (for people that asked me about what we are using instead of wekan: we have been migrating to project boards in gitlab. please AMA) 4. requesting old data to get rid from nc.riseup.net 5. fosdem and sustain OSS last week - following up a few things from there 6. grant writing: DRL scalability and NLNET sbws 7. met with simply secure and antonela to kick off their work on the metrics data portal (they will be around irc ux channel and metrics team weekly meetings) 8. HELP. We will need gitlab service admins! please please please check with your teams to see who can help with it. That would mean people that could: • have a shell account in the server where gitlab is running • able to start/stop service • able to upgrade the service • troubleshoot any problems with the service • get support from the sysadmin team <-- they will not be alone :) 9. today listening to Luciana Mocchi https://es.wikipedia.org/wiki/Luciana_Mocchi isabela: 1. Working on follow ups w/ foundations we met in January 2. Organizing SF in March, we will have a week full of meetings and events 3. Working on job descriptions with Erin 4. Did Tea Time at #tor-internal 5. Finalized MDF reports 6. Organizing onionize the web and there is no dark web strategies (together w/ stakeholders) 7. Updating Membership Program proposal sarah: 1. Planning for San Fran and NYC events. 2. Helping with funding proposals/reports. 3. Working with Jon to take over his fundraising tasks. 4. Attended meetup with CiviCRM users. gus: 1. Drafting our Call for Proposals to Tor Village in IFF 2. Organised Tor meetup in FOSDEM, and joining today in Tor Meetup Berlin - https://blog.torproject.org/tor-meetup-berlin-feb2020 3. We published Tor Browser for Android manual - https://tb-manual.torproject.org/mobile-tor/ 4. Outreachy: wrote Cleopatra's feedback. Outreachy internship ends in March. 5. Roadmapping Community Team work. 6. Sponsor9 sync meeting with Antonela and Pili. 7. Working on Legal FAQ 2020 edition. Nick: 1. Home internet is down today; using neighbors' wifi (with permission). I am expecting an ISPtech to show up some time during this meeting or slightly before. If they do, I'll be offline. 2. Everybody please keep an eye at the unapproved blog comments at https://blog.torproject.org/admin/content/comment/approval . (No discussion needed) 3. 0.4.1 and 0.4.2 stable releases came out last week; new 0.4.3 alpha likely next week. 4. Sponsor 55 seems to be going well; teor is off to a good start writing proposals. 5. My schedule for this week and next is about 30% meeting time. Not where it really ought to be :/ Alex: 1. Went to FOSDEM with some Tor folks: - Talked with Gaba and Juga about sbws and juga gave me an intro to all of it. - Spoke about Tor in the decentralized internet and privacy devroom. Room seemed full. [pili: it was the fullest I saw it! :) ] 2. Different smaller meetings with network team folks about ongoing work. 3. Ramping up my sbws understanding to help out there. 4. Working on 0.4.3 stuff right now. Pili: 1. At FOSDEM last weekend • - gaba and I gave a State of the Onion talk in the Internet track. 2. Finished GSoC application form, our list of projects is here: https://community.torproject.org/gsoc • - let me know if you see anything that needs changing/updating 3. Face to face meetings with Gus and Antonela in Brussels to organise roadmaps and S9 work 4. Will start working on DRL proposal with Al soon 5. Attended a really good usability testing workshop in Brussels, have started documenting and creating templates in gitlab for proposing usability tests: https://dip.torproject.org/torproject/ux/research/blob/master/.gitlab/issue… 6. Working on December and January Browser team monthly report 7. Lots of meetings this week... Philipp: 1. Lots of interaction with bridge operators • - Got in touch with all operators from our bridge campaign from last year • - About to send tshirts to our default bridge ops 2. Business as usual with Sponsor 30 and 28; still grant writing for NSF TTP grant 3. More work on docker obfs4 image. Also trying to create an official "torproject" docker organisation, to host our images Erin: 1. Office move done 2. Personnel stuff; Working on job descriptions, plan to get out ASAP 3. Working on catching up with all the things 4. Re: feedback process - change review period through January 31? (nickm question) Karsten: 1. Made more graphs for future scalability and performance experiments (#33076) and the torflow/sbws transition (#33077). Matt: 1. Mozilla All-Hands Last Week 2. Tor Browser releases next week 3. Beginning Tor Browser migration from ESR train to Release train 4. Beginning Android Tor Browser migration

1 0

Three Tor security goals for the network layer
by Roger Dingledine 07 Feb '20

07 Feb '20

Hi folks, I'm meeting with a group of systems professors this week to discuss security at the network layer -- for example, how can backbone routers help make the internet a safer place. I expect many of the professors will talk about routing security, or scalability, or other "systems"-y things -- maybe even including how we need accountability and tracking in order to stop DDoS attacks. I've written up the pitch for three angles that I think are important and might otherwise be absent from the agenda: (1) securing communications metadata (2) preventing browser (application level) tracking (3) resisting blocking (censorship) I've posted the document at https://freehaven.net/~arma/isat2020.pdf and I'm attaching the files here too for posterity. It's two pages -- one page for explaining the problems, one page for "how can we do better?" Feel free to reuse the text for your purposes, like grant proposals, or explaining Tor to people, or whatever else it's useful for. --Roger

4 3

Tor Browser Team: December and January report
by Pili Guerra 07 Feb '20

07 Feb '20

Hi everyone, A very belated happy new year to everyone from the Tor Browser team along with our December 2019 and January 2020 report. We kicked off December with the 9.0.2[1] and 9.5a3[2] releases. These releases are still suffering from build reproducibility issues[3] and we continued our work on fixing these during the month. We also continued working on our automatic nightly builds[4] infrastructure, scripts and keys to enable us to easily provide these in future. Other than that this was a relatively quiet month with much of the team taking a well deserved break and charging their batteries ready for the new year. The full list of tickets closed by the Tor Browser team in December is accessible using the TorBrowserTeam201912[5] keyword in our bug tracker. During January we've been mostly working on our Sponsor 27[6] deliverables to improve the user experience when accessing v3 Onion Services using Tor Browser. This work includes adding capabilities to access onion services which require a client to provide an authorization key[7] as well as informing users about errors[8][9] when accessing an onion service, updating the url bar with indicators that explain and educate users about the characteristics of the onion service[10] they are visiting and making it easier for users to remember v3 onion service names[11]. We have also started exploring the behaviour to redirect to the onion service version of a website when this is advertised using the Alt-Svc[12] and Onion-Location[13] headers. We have also continued working on providing more granular security setings[14], scoped at the website level and have decided on an approach to implement this in Tor Browser. Our work to provide automatic nightly updates is still ongoing and we hope to have some developments in this area very soon. We had three releases in January: 9.0.3[15], 9.0.4[16] and 9.5a4[17] In January we also completed the Tor Browser Team lead role transition with Matt now fully onboarded into this role. We thank Georg for his leadership during the past few years and wish him the best of luck with his new role! The full list of tickets closed by the Tor Browser team in January is accessible using the TorBrowserTeam202001[18] keyword in our bug tracker. All tickets on our radar for February can be seen with the `TorBrowserTeam202002` keyword in our bug tracker.[19] Thanks for reading! Pili [1] https://blog.torproject.org/new-release-tor-browser-902 <https://blog.torproject.org/new-release-tor-browser-902> [2] https://blog.torproject.org/new-release-tor-browser-95a3 <https://blog.torproject.org/new-release-tor-browser-95a3> [3] https://trac.torproject.org/projects/tor/ticket/32053 <https://trac.torproject.org/projects/tor/ticket/32053> [4] https://trac.torproject.org/projects/tor/ticket/18867 <https://trac.torproject.org/projects/tor/ticket/18867> [5] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… <https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB…> [6] https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor27 <https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor27> [7] https://trac.torproject.org/projects/tor/ticket/30000 <https://trac.torproject.org/projects/tor/ticket/30000> [8] https://trac.torproject.org/projects/tor/ticket/30022 <https://trac.torproject.org/projects/tor/ticket/30022> [9] https://trac.torproject.org/projects/tor/ticket/30025 <https://trac.torproject.org/projects/tor/ticket/30025> [10] https://trac.torproject.org/projects/tor/ticket/32645 <https://trac.torproject.org/projects/tor/ticket/32645> [11] https://trac.torproject.org/projects/tor/ticket/30029 <https://trac.torproject.org/projects/tor/ticket/30029> [12] https://trac.torproject.org/projects/tor/ticket/30024 <https://trac.torproject.org/projects/tor/ticket/30024> [13] https://trac.torproject.org/projects/tor/ticket/21952 <https://trac.torproject.org/projects/tor/ticket/21952> [14] https://trac.torproject.org/projects/tor/ticket/30570 <https://trac.torproject.org/projects/tor/ticket/30570> [15] https://blog.torproject.org/new-release-tor-browser-903 <https://blog.torproject.org/new-release-tor-browser-903> [16] https://blog.torproject.org/new-release-tor-browser-904 <https://blog.torproject.org/new-release-tor-browser-904> [17] https://blog.torproject.org/new-release-tor-browser-95a4 <https://blog.torproject.org/new-release-tor-browser-95a4> [18] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… <https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB…> [19] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… <https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…> — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

1 0

Anti-censorship meeting notes, 6 Feb 2020
by Philipp Winter 06 Feb '20

06 Feb '20

Here's our meeting summary: <http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-02-06-17.59.html> And here's our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday February 6th 18:00 UTC Weekly meetings, every Thursday at 18:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress). == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == * Our anti-censorship roadmap: https://dip.torproject.org/torproject/anti-censorship/roadmap/boards * Our roadmap consists of a subset of trac tickets. For 2020 Q1, the trac keyword is anti-censorship-roadmap-2020Q1 * The anti-censorship team's wiki page: https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam * Past meeting's notes can be found at: https://lists.torproject.org/pipermail/tor-project/ * GetTor's roadmap: https://dip.torproject.org/groups/torproject/anti-censorship/gettor-project… * Tickets that need reviews: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… * Projects from sponsors we are working on: * https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor30 * https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor28 ------------------------- --- February 6th 2020 --- ------------------------- == Announcements == * == Discussion == * Brainstorm if we want a GetTor rate limit (#33123), and if so, how we should implement it? * The Tor Browser team mentioned wanting to discuss Tor Browser with Snowflake * Team retrospective (add what went well and what can be improved and +1 on other items you agree with) (over what time period?) * What went well? * We have increasingly clear responsibilities about who takes care of what. * For many projects we now have more than one maintainer, which minimises single points of failure. * Code review has been timely and of high quality. * Our survival guides are very helpful and reduce anxiety. * Interaction with volunteers have been going well. Our team is growing! * What can be improved? * We need to get better at presenting our work to users. * Let's do more blog post about software releases, and maybe "ask us anything" types of posts. * We also need posts like "the state of circumvention in China" * We're a bit ouf of the loop on what other organisations are working on related to anti-censorship. * We need to stay updated on recent studies, third party tools, and concerns that users have. == Actions == * Karsten is wondering what OONI data from the "Tor Test" should go on Metrics: * https://trac.torproject.org/projects/tor/ticket/32126#comment:4 == Interesting links == * https://magma.lavafeld.org * "An open-licensed, collaborative repository that provides the first publicly available research framework for people working to measure information controls and online censorship activities. In it, users can find the resources they need to perform their research more effectively and efficiently." * https://tools.ietf.org/html/draft-chow-httpbis-proxy-discovery-00 * https://tools.ietf.org/html/draft-nottngham-web-proxy-desc-01 == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week (related to anti-censorship work). Help with: - Something you may need help with. Hiro: (last updated before 2020-01-09) Started restoring Twitter Responder. When retrieving tweets I need to check for new tweets only otherwise Gettor will end up responding to old back log and already answered messages. <-- is this #27330 ? Next Week: - Work on gettor specs <-- Is this #3781? - More with review of strings and website content and translation phw: This week (2020-02-06): * Reviewed #33002 * Again, more work on porting BridgeDB to Python 3. * Filed #33122 for GetTor; realised that the problem actually was #33123. * Investigated how BridgeDB's new CAPTCHAs affect both users and bots (#24607). * Approved blog comments. * Compiled team report for January. * A bit more grant writing (fixed references and added my bio). * Addressed feedback for #31872 and closed ticket. Filed #33145 as follow-up ticket. * Offered t-shirts to our default bridge operators. * Asked around who runs noisebridge's default bridge for the umpteenth time. * Fixed a synchronisation issue in bridgestrap and wrote unit tests for it. * Merged #31427 and released BridgeDB 0.9.3. * Suggested a fix for #30941. * Summarised the current state of private distribution in #28526. * Learned more about building docker images for multiple architectures, paving the way for a Raspberry Pi image (#33088, #32860). * Booked flight to Austria to give talk at securityforum.at. Talk title is "Better online security and privacy with the Tor network" * Tried to get ahold of the docker "torproject" organisation which will allow us to publish official docker images (#33162). * Someone registered it five years ago and didn't do anything with the account :/ Next week: * Hopefully finish Python 3 port * Write a summary of our current BridgeDB distribution mechanisms and brainstorm new ones Help with: * #30941 * #32860 Gaba: (out at Tor meetup) Last week (Feb 3rd): * fosdem and sustain oss * sponsor 30 report * imported tickets into roadmap and added info to team wiki page: https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam This week (planned): * prioritize roadmap into gitlab cecylia (cohosh): last updated 2019-02-06 Last week: - deployed localization fix for gettor (#33002) - reviewed #33038, #31872, #31427, #19026 - implemented a fix for GetTor's rate limiter (#33123) - updated snowflake webextension with new translations - review of websocket conn overhall (#33144) - grant revisions - got caught up on turbotunnel and responded with some feedback - added some improvements to Snowbox This week: - UI mock up for snowflake throughput check (#32938) - started some recurring throughput tests for snowflake (#32545) - Aggregate and write up a report of snowflake throughput changes - send grant to some external reviewers - maybe pick up gettor email body localization ticket (#28233) - write some tests for #33123 - reviews of #30716 and #32860 Needs help with: - review of #31971 (from tor browser team, in progress) arlolra: 2020-02-06 Last week: - started on #19026 - read up on turbo tunnel Next week: - continue with #19026 Help with: - dcf: 2020-02-06 Last week: - turbo tunnel in Snowflake - https://lists.torproject.org/pipermail/anti-censorship-team/2020-February/0… - https://lists.torproject.org/pipermail/anti-censorship-team/2020-February/0… - https://lists.torproject.org/pipermail/anti-censorship-team/2020-February/0… - wrote up results of Azure data breach notification - https://lists.torproject.org/pipermail/anti-censorship-team/2020-February/0… - Snowflake refactoring and code quality improvements (#33144, thanks cohosh for review) - archived snowflake-webextension-0.2.1 Next week: - open ticket to deploy the turbotunnel Snowflake bridge - work on a Tor Browser package with turbotunnel Snowflake client - do Let's Encrypt upgrade for Snowflake bridge (#32964) Help with: cjb: 2019-02-06 Last week: - put up a v2 patch for #31011, still needs review - found out more about snowflake+android Next week: - thinking about offering help with snowflake+android, not sure whether we have a strong preference between using golang or JS for the proxy code Help with: - review of #31011 agix:2020-02-06 Last week: -Bumped into a few problems while trying to setup bridgedb Next week: -Solve the bridgedb issues and finally fix #31967 Help with: -What the process of closing a ticket looks like / How do I commit my changes to an open ticket -Issues I had setting up bridgedb

1 0