- tor-project - lists.torproject.org

Tor Browser Team Meeting Notes, 06 January 2020
by Matthew Finkel 13 Apr '20

13 Apr '20

Hello everyone, Our first meeting of 2020 was held on 6 January. 2020 will be an exciting year for Tor Browser! We have a busy year ahead of us and we're hitting the ground running. The logs are available at http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-01-06-18.29.l… Summary: 1) Discussed how we can move forward with implementing per-site settings 2) Discussed how long it will take before we start writing 2020 instead of 2019 on documents 3) Discussed future plans for Namecoin integration (adding more platforms, timeline for adding in Alpha, etc.) With regard to (3), Namecoin is currently available in Tor Browser Nightly builds on Gnu/Linux 64-bit. Please provide feedback is you try it! ================================ Week of January 6, 2020 Discussion: How long will we be dating things 2019 when signing documents? Will this decade be as roaring as the 1900s version? - if it will be, is that a good thing pospeselr: Last weeks: - #31855 (remove end of year fundraising campaign) - small progress on Mozilla 1601040 and 1594455 This week: - continue baby-sitting above Mozilla tickets - #30570 (implement per-site security settings) - what do folks think about the discussion in the ticket? - tldr: looks like to build something consistent with the design laid out there requires a lot of work basically reimplementing what NoScript does, or heavily refactoring/redesigning NoScript's internals :/ - look into umatrix extension as an alternative to NoScript - put umatrix findings in a doc or on the ticket mcs and brade: Last few weeks: - #32636 (Clean up locales shipped with Tor Launcher). - Code review for #31855 (Remove EOY Campaign from about:tor). - Sponsor 27 work: - #19757 (permanent storage of client auth keys and associated management UI). - Time off for Christmas and end of year. This week/upcoming: - #19757 (permanent storage of client auth keys and associated management UI). boklm: Last few weeks: - Made patches for: - #32768 (Create a build-infos.json file containing firefox platform_version and buildid) - #32805 (Make creation of downloads.json optional) - Worked on #25102 which is almost finished (Add script to sign nightly build mar files, generate update-responses xml and publish the new version) - Looked at blog comments This week: - Help with publishing new releases - Finish work on #25102 (script to sign nightly build mar files, generate update-responses xml and publish the new version) and remaining things for #18867 (Ship auto-updates for Tor Browser nightly channel) - Try #32768 (Make script to optimize upload and download of Tor Browser releases) - Look at macOS signing situation sysrqb: Last few weeks: Mostly distracted by holidays, family, etc. Preparing releases for this week This week: Releases Reviewing roadmap for Q1 2020 Finishing remaining items we didn't finish last year Jeremy Rand: Last few weeks: #30558 is merged, yay. Attended 36C3; gave a talk and workshop; ran into boklm there :) This week: Ponder next steps for Namecoin now that the initial merge to Linux Nightly has happened. ================================ - Matt

1 11

Anti-censorship team monthly report: March 2020
by Philipp Winter 13 Apr '20

13 Apr '20

Hi friends, Here's what the anti-censorship team has accomplished in March 2020: Snowflake ========= * Released version 0.2.2 of the Snowflake WebExtension: <https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/> <https://chrome.google.com/webstore/detail/snowflake/mafpmfcccpbjnhfhjnllmma…> * Posted a third draft of Snowflake–Turbo Tunnel packages, allowing one Snowflake proxy to be shared among many upstream connections <https://lists.torproject.org/pipermail/anti-censorship-team/2020-March/0000…> * Made some progress on debugging and detecting Snowflake proxy issues: <https://bugs.torproject.org/33666> <https://bugs.torproject.org/32938> * Added module support to make builds and versioning easier: <https://bugs.torproject.org/33330> * Updated versions of Snowflake and pion-webrtc in Tor Browser: <https://bugs.torproject.org/33578> <https://bugs.torproject.org/33576> * Removed unused server-webrtc code: <https://bugs.torproject.org/33636> * Updated Snowflake license: <https://bugs.torproject.org/33637> * Investigated the work for making a Debian package of Snowflake: <https://bugs.torproject.org/19409> BridgeDB ======== * We added instructions to BridgeDB explaining how to add bridges on mobile platforms: <https://bugs.torproject.org/30317> * Worked with the Metrics Team to add a "bridge distribution mechanism" field to Relay Search, allowing bridge operators to see how their bridge is distributed: <https://bugs.torproject.org/33008> * Re-determined the success rate of both users and (what we believe to be) bots in how well they solve our newly-created BridgeDB CAPTCHAs: <https://bugs.torproject.org/24607#comment:17> * Made progress on having BridgeDB report internal metrics: <https://bugs.torproject.org/31422> * Debugged an issue in BridgeDB's deployment scripts: <https://bugs.torproject.org/33709> * Merged a patch (thanks to agix!) that makes BridgeDB use a CSPRNG when selecting cached CAPTCHAs: <https://bugs.torproject.org/31967> * Noticed that BridgeDB wouldn't allow bridges to change their distribution mechanism; i.e., if a bridge is first assigned to the HTTP mechanism, it wasn't able to change this by setting its BridgeDistribution config option. Implemented a fix for this issue: <https://bugs.torproject.org/33631> GetTor ====== * Patched updated procedure for Gitlab provider: <https://bugs.torproject.org/33034> * Make sure GetTor always responds to (malformed) emails too: <https://bugs.torproject.org/33543> * Overhaul of GetTor help and links message bodies: <https://bugs.torproject.org/23226> * Deployed fix for ignoring quoted messages in GetTor: <https://bugs.torproject.org/23225> Obfs4 ===== * Obfs4's extra25519 dependency changed, which breaks versioning-agnostic builds but as long as one is using Go modules (like Tor Browser does), it still works: <https://bugs.torproject.org/33464> * Merged a patch (thanks to thymbahutymba!) that makes our obfs4 docker image support docker-compose. This simplifies the deployment process. Miscellaneous ============= * Filed a ticket to get our noisebridge01 default bridge removed from Tor Browser because it no longer has a maintainer: <https://bugs.torproject.org/13727> * Worked with prospective GSoC students on their proposals. * Finished writing our NSF TTP grant. * We let bridge operators of soon-to-be-obsolete versions know that it's time to upgrade: <https://bugs.torproject.org/32672>

1 0

Tails report for March 2020
by intrigeri 12 Apr '20

12 Apr '20

Hi, here is the Tails report for last month: https://tails.boum.org/news/report_2020_03/ For your convenience, I'm attaching a simplified version of that web page. Cheers!

1 0

Notes from Vegas Meeting APRIL 9 2020
by Erin Wyatt 10 Apr '20

10 Apr '20

Vegas Team Meeting Notes April 9 2020 + GENERAL NOTES Georg 1. Network health work (sbws, reacting to issues with bandwith authorities) 2. More work on the licensing/copyright issue for TPI folks 3. Planning for the coming weeks and months Antoine 1. migrated trac/troodi, forrestii/fpcentral to the new ganeti cluster 2. tweaked monitoring for the ganeti cluster so we see total memory usage, opened #33810 to followup on more monitoring work 3. established roadmap for the CRM machine migration with hiro, #32198 4. *finally*, chiwui retired (our last "jessie"/LTS machine) #29399 5. routine (reboots, patch review, email aliases, pgp key updates Steph 1. Promoting Stellar org XLM match 2. Preparing for webinar next week 3. OTF learning lab reviewing 4. Media inquiries 5. Working on Community Portal Sarah 1. Prep for Monday's funder webinar. We currently have 12 attendees. 2. Received a total of $5,300 from Stellar campaign so far. $500 (so far) of that will be matched at the end of April. 3. Attending webinars about fundraising in this crazy time. Gus 1. Reviewing DocsHackathon pull requests. 2. Schedule online session "Tor UX Feedback, Challenges, and Lessons Learned from At-risk user" with a partner in Uganda. 3. Contacted training partners in global south to check how they're doing on this crisis. 4. Updated Tor people page with latest membership audit. 5. Answering Outreachy candidates. 6. Working on Community portal public launch. Alex: 1. Team seems to be doing well. 2. Roadmap meeting went well. 3. Back at doing regular Gitlab status meetings. 4. Ongoing development: working on Windows things this week. Erin: 1. HR/Ops stuff Charly 1. Continuing to write various non-technical documents 2. Sent Isa a draft for Vegas meeting format based on team feedback and hers 3. Isa stuff...calendar, reminders, etc... 4. Finished draft for syncing NextCloud calendars to Thunderbird. https://nc.torproject.net/f/28943 \o/ Pili 1. S27 end of month and work completion reports 2. Research on certificate options for Onion services 3. GSoC and Outreachy wrangling 4. Preparing for public launch of Community Portal week after next 5. Kicking off S58 6. Working a checklist for what needs to be done when releasing new features in Tor Browser. 7. Usual trac triage, mailing list moderation and general admin Gaba 1. Roadmap for teams 2. S30 Q2 report 3. HS DoS defenses proposal meeting with funder 4. Gitlab migration gets weekly meetings now Philipp 1. Worked with OTF applicants to get them a letter of support from Tor 2. Made good progress on sponsor 30; in particular creating feedback loop between BridgeDB and OONI 3. Reviewed Tor safety board submission 4. Got in touch with noisebridge person, and we may still have a new noisebridge default bridge 5. More sponsor 30 business as usual Antonela 1. Regular work with s9, s30 and planning s58 2. Working on finishing OnionBrowser UI/UX review to share with Guardian 3. Moving OTF learning lab work forward 4. Working on community.torproject.org final release 5. Waiting for TB 9.5a11 release Isabela 1. Organized documents for Board meeting and did Board meeting on wednesday 2. Working on the presentation for foundations on monday 3. Having meetings w/ sponsors and major donors Nick: 1. working on walking onions, reviews, etc 2. need to help pick outreachy/gsoc applicants by end of next week 3. likely next tor release (0.4.3.4-rc) on Friday. Or Monday. Mike: 1. Working on HS DoS proposal 2. Working on congestion control trajectory mail Karsten: 1. About to update user number estimates (#18167, #18203).

1 0

Anti-censorship meeting notes, 09 Apr 2020
by Philipp Winter 09 Apr '20

09 Apr '20

Hi all, Here are our meeting minutes: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-04-09-17.59.html And here is our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday April 9th 18:00 UTC Weekly meetings, every Thursday at 18:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress). == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == * Our anti-censorship roadmap: https://gitlab.torproject.org/torproject/anti-censorship/roadmap/boards * Our roadmap consists of a subset of trac tickets. For 2020 Q1, the trac keyword is anti-censorship-roadmap-2020Q1 * Next planning session: last week of April * The anti-censorship team's wiki page: https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam * Past meeting notes can be found at: https://lists.torproject.org/pipermail/tor-project/ * GetTor's roadmap: https://gitlab.torproject.org/groups/torproject/anti-censorship/gettor-proj… * Tickets that need reviews: from sponsors we are working on: * https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor30 * https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor28 * Anti-censorship related tickets that we want other teams to fix: * https://pad.riseup.net/p/tor-anti-censorship-tickets-keep ------------------------- --- April 9th 2020 -- ------------------------- == Announcements == * == Discussion == * == Actions == * Please jot down your March 2020 highlights for our monthly team report * https://pad.riseup.net/p/GDSSo-bqhi_dE1oJENyP == Interesting links == * == Reading group == * We will discuss "SymTCP: Eluding Stateful Deep Packet Inspectionwith Automated Discrepancy Discovery" on April 16 * https://censorbib.nymity.ch/#Wang2020a * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week (related to anti-censorship work). Help with: - Something you may need help with. phw: This week (2020-04-09): * Made sure that my feedback was still covered in catalyst's rebase of #5304. * Left some feedback in #10831. * Found a new maintainer of a next default bridge in noisebridge. * Finally wrapped up #13727 now that noisebridge01 is no longer in Tor Browser. * Wrapped up #29686 and #30941. * Filed #33835. * Reviewed Tor Research Safety Board submission. * Organised letter of support for an OTF application that seeks to distribute bridges in Turkey. * Made good progress on #32740. Next week: * Write a summary of our current BridgeDB distribution mechanisms and brainstorm new ones * Make BridgeDB report internal metrics (#31422) * Will have to tackle #32740 (Implement a feedback loop between BridgeDB and OONI) Help with: * Gaba: () Last week (2020-03-30): * not much related to anti-censorship This week (planned): * anti-censorship retrospective cecylia (cohosh): last updated 2020-04-09 Last week: - diagnosed proxy issues (#33666) - some grant submission things - started looking into building a test suite for NAT topologies (#25595) - investigated setting up a TURN server (#25596) - gave feedback on #32740 - team retrospective - popets things (paper reviews, artifact review) - sent an email to the pion peeps about testing NAT topologies (#25595) This week: - Resume obfs4 tests (#31701, #32657) - see if i can help push snowflake for android along (#28672) - set up some kind of NAT topology testing suite (#25595) - look into setting up a TURN server (#25596) - take a look at reviving the twitter responder in GetTor (#33036) - review GSoC proposals Needs help with: juggy : This week: - Tried to study Moat to implement audio captchas Next week: - Implement audio captchas in moat - Keep studying BridgeDB to write architectural overview Help with: - Question about current Moat implementation - it seems to be using XUL, which is deprecated by Firefox if I'm not wrong. I saw a thread in trac discussing reimplementing it with the newer Web Extensions API (but that was years ago)- is that still going on? arlolra: 2020-03-26 Last week: - merged #33665 Next week: - maybe the proxy parts of #19026 - start on #31201 Help with: - review of #19026 but also answer the question there dcf: 2020-04-09 Last week: - worked on branches for snowflake turbotunnel merge (#33745) - helped test snowflake proxy failures (#33666) - removed uniuri dependency from snowflake (#33800) Next week: - branches for snowflake turbotunnel merge (#33745) - share access to the snowflake broker CDN configuration (#30510) Help with: cjb: 2020-04-09 Last week: - gonna be afk with kids Next week: Help with: antonela: 2020-03-26 - working with Babatunde's interviews (OTF Fellowship) from Nigeria and Cameroon. Shared preliminar notes with Tunde and Nah (#32811) - started to work on this user research document, we still stick to the plan of running it during April (#31870) Help with: - nothing yet :) agix:2020-04-09 Last week: - Worked on #19997, but the issue seems to be in check.torproject - Worked on #33835, patch needs a few more tests before submission Next week: - Check out check.torproject's code base Help with: - catalyst: 2020-04-09 last week: - network team roadmapping and estimating s28/s30 tickets this week: - looking into how best to coordinate work on reachability testing (thanks, teor) thymbahutymba: 2020-04-02 Last week: - CI/CD pipeline for multiarch docker images, which has a problem with the apt tor version even though the apt repository have been changed into the Dockerfile. Next week: Help with: Hiro: (last updated before 2020-01-09) Started restoring Twitter Responder. When retrieving tweets I need to check for new tweets only otherwise Gettor will end up responding to old back log and already answered messages. <-- is this #27330 ? Next Week: - Work on gettor specs <-- Is this #3781? - More with review of strings and website content and translation

1 0

April's roadmap for the metrics team
by Gaba 07 Apr '20

07 Apr '20

Hi! Last week we met to discuss priorities and roadmap for April for the metrics team. You can read about it in the team's wiki page: https://trac.torproject.org/projects/tor/wiki/org/teams/MetricsTeam cheers, gaba -- Project Manager: Network, Anti-Censorship and Metrics teams gaba at torproject.org she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

roadmap for the network team
by Gaba 07 Apr '20

07 Apr '20

Hi! Today we met to discuss priorities for the next 3 months as well as roadmap. If you are interested in it we have updated the team's wiki page: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam Any needed changes to the roadmap will be discussed during the team's weekly meetings. cheers, gaba -- Project Manager: Network, Anti-Censorship and Metrics teams gaba at torproject.org she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

March 2020 report for the Network Health team
by Georg Koppen 07 Apr '20

07 Apr '20

Hello! Here come the highlights from the network health work in March: 1) We made substantial progress fixing the last critical bugs before we can deploy sbws and replace Torflow as our bandwidth scanner. We, additionally, mapped out the remaining work for April and started to tackle that, too. 2) As I indicated in my previous status report I've been working on detecting and resolving DNS resolution issues of exit relays[1]. I managed to get the analysis done and contacted relay operators provided they had a valid ContactInfo. Those, that were not able to fix their setup got the bad exit flag which should improve performance for Tor Browser users and other clients. It's been, however, only a first step in helping exit operators diagnosing and resolving those DNS problems. We need to do more work in this area in the future. For April the only big item on our list is getting sbws in a shape so it finally can replace Torflow as our bandwidth scanner. Georg [1] https://trac.torproject.org/projects/tor/ticket/32864

1 0

Network health meeting notes, 6 Apr 2020
by Georg Koppen 07 Apr '20

07 Apr '20

Hello! We had another weekly network-health meeting on Monday. The IRC log can be found at: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-04-06-18.00.log… The notes from the pad are for your convenience below: Discussion: - What should we do about #33775? - sbws measures some relays 100x lower than Torflow [GeKo: we move forward two-fold: a) we try to get more bw auths back to Torflow/using Torflow data as a short-term workaround and b) we intensify our efforts to fix the remaining sbws blockers] - IRC: Tor relay operators meetup [GeKo: we try to get to IRC meetups again being a mix of ask-me-anything and other agenda items] - Relay associations research and form [GeKo: we'll start with approaching one operator first, to refine what we have right now and then contact more] Statuses: GeKo: Last week: -sbws: posted all my review comments for #30905, put a patch for #33009 into needs_review -worked on the EFF legal FAQ update (ggus: Is it okay to reply to the EFF folks with what we came up with so far? Or should I wait a bit longer? (GeKo: I'll get to it this week]) -monthly/quarterly team admin stuff -started to work on integrating badexiting into our badconf-entry script (#33696) -dgoulet: there is some small shell script up for review, not sure if you saw it, see: #32864 and https://gitlab.torproject.org/gk/helper-scripts/-/commit/b40a0e100e8d3e6d15… for the actual commit. If you have some time for that that would rock This week: -sbws work -help with #33775 besides sbws work if needed -getting back to EFF for the legal FAQ update juga: Last week: - started a patch for #33831 Next week: - see with *GeKo*: where, what, to how info to add regarding #33775 and https://lists.torproject.org/pipermail/tor-relays/2020-April/018337.html - revision #30905 - review #33009 - Work on one of the following and see which other GeKo could work on: - work on #33350 - work on #33831 - work on #33832 gaba: Last week: nothing related Next Week: nothing related gus: Last week: - Tor Legal FAQ comments - Docshackathon - Helping Tor relay operators Georg

1 0

Notes from Vegas Meeting APRIL 2 2020
by Erin Wyatt 07 Apr '20

07 Apr '20

Vegas Team Meeting Notes April 2 2020 + GENERAL NOTES Georg 1. network health work 2. H1 bug bounty coordination 3. more work on the licensing/copyright issue for TPI folks 4. maybe more work on onion service education coordination (depending on steph's reply) Charly 1. Working on some non-technical documentation so we can all start leveraging our tools better i.e. syncing NextCloud calendars to Thunderbird, etc...https://nc.torproject.net/s/EWsRoQgqffept8a 2. Troubleshooting using NextCloud calendar - fun fact is that you cannot add attendees to shared calendars. Only the owner of the calendar can do that. Here is the link to the issue : https://github.com/nextcloud/server/pull/15676#issue-281071778 Antonela 1. Wrapping S27 2. Planning remote user research with Nah for S9 3. Working with Tunde on personas for S30 4. Met SimplySecure to sync about the OTF usability grant for Metrics. 5. 1.1 with isabela this week Antoine 1. partially resolved a IP address shortage, needs deployment 2. migrated vineale/gitweb and rude/RT to new ganeti cluster 3. handling reboots and other routine work Steph 1. Sent out Tor News 2. Incorporating final comments into an onion services page 3. Applying to be a def con vendor. They're still moving fwd at the moment https://forum.defcon.org/node/231015 4. Edited onion strings for translation 5. Press inquiries 6. Promoting Lumenthrophy's match of XLM donations throughout April 7. Preparing for our next webinar Sarah 1. Webinar for SF major donors on Thursday went well. We had 10 attendees and about 20 no-shows. We learned some things that we will use to improve our next event. We are working on following up with the attendees. 2. Making final preparations for webinar April 13th for foundation program managers. So far we have 8 planning to attend. We will be using Jitsi this time around. 3. Helping promote the stellar.org/Lumenthropy match campaign this month. We have $115 in donations so far that will be matched and this is in addition to the $4K the Stellar Development Foundation is contributing. 4. Preparing documents for the board meeting. Gus 1. DocsHackathon happening last week and this week. Happy to see new and old folks around! 2. Outreachy applicants: the contribution period ends on April 7. Some of them are engage on docshackathon too. (I've seen a few messages from applicants on frontdesk@ and wanted to make sure someone is checking there. - sarah)(yes, it's their answer to the 'common questions', I'm reviewing today/tomorrow --gus) 3. Reviewing Tor EFF Legal FAQ. 4. Contacting our training partners in the Global South regarding their work and plans. isabela: 1. working on follow ups from last week events plus organizing the next event w/ foundations 2. was researching about it and now I am working on Tor's application to the federal loans re:covid19 3. preparing for Board meeting this coming week 4. had my feedback delivered by the Board Alex: 1. Network Team retrospective went well. 2. Delivered TROVE info to the network team. Waiting for some review. 3. Team seems to be doing OK. Pili: 1. GSoC mentor wrangling. We got 11 applications for 7 projects 2. Wrapping up S27 and planning follow up projects 3. Tiny bit of work on websites last week 4. Helping out Outreachy applicants 5. Submitted torproject profile to Github sponsors 6. Meetings: S9, Tor Browser release meeting 7. Trying to figure out getting swag for volunteers in these times. (If they don't mind being sent this past year's campaign t-shirt, we can use our fulfillment company for this. - sarah)(Swag ops are on hold until Seattle's COVID19 situation is under control. -ewyatt)(I don't think there's a huge rush on it, we just need to know what to say :) -pili) Erin: 1. Deadline for feedback reviews extended to May 31 2. Working on US Federal COVID-19 loan stuff 3. Chatting with Kat today about swag stuff and how we should best communicate the pause in swag ops. 4. General HR/personnel stuff Matt: 1. Wrapping up S27 in Tor Browser-land 2. New Tor Browser releases next week 3. Full-steam ahead on Tor Browser migration to Rapid Release now Gaba 1. Teams Retrospectives this week 2. Metrics Roadmap for April - we are doing it month by month now 3. Will start sponsor 30 Q2 report soon 4. Gitlab dreams 5. Bringing proposals to grants team from David and George. 6. Soundtrack this week: https://www.youtube.com/watch?v=Q99_jobgGzA Philipp 1. Moving forward with sponsor 30 work (merged and deployed several BridgeDB fixes) 2. Some non-sponsor BridgeDB work 3. Reviewing volunteer patches Nick: 1. walking onion moves ahead; (also paper has been accepted to usenix security '20) \o/ congrats! 2. Likely 0.4.3.x release candidate next week. Mike: 1. HS DoS Discussions + investigation 2. Onionbalance + vanguards integration test investigation 3. Trying to decide what to prioritize in April and beyond <do you need roadmap help? --gaba> Karsten: 1. Made a metrics team roadmap for April. 2. Fixed two bugs in our user number estimates (#18167, #18203), still under review.

1 0