- tor-project - lists.torproject.org

November 2019 report for the UX team
by Antonela Debiasi 12 Dec '19

12 Dec '19

Hi Tor, OTF summit ========== We kicked off November in Taipei. I facilitated a session with our friends of "OK Thanks" about designing with communities and collaborative design processes. Thanks, Fiona and Tiffany for the invite and for sharing this space with me <3 We also had very insightful conversations with OTF partners and community members. Meeting such as like-minded individuals making an impact around the globe is always a huge focus drive and fuel of recharge energy to our day to day work. Onion Services ============== We've been working on Prioritizing Onions feature with acat. We want to allow users to 1. discover when a secure onion version of the website they are visiting is available and also 2. opt-in to upgrade their security. With onions becoming popular, onion secured sites may get upgraded automatically, like what HTTP to HTTPS does. But now, we want to introduce users about the benefits of onion security. https://trac.torproject.org/projects/tor/ticket/21952 mcs and brade made progress on the onion auth feature too. Onion services operators will be able to set an extra security layer. Tor Browser will also allow recurrent users to save those credentials at the first time of use. https://trac.torproject.org/projects/tor/ticket/19757 After all the work we have been doing at the UI related with onions, we may need to update our URL bar and circuit display to have a coherent and consistent UI. We are having that discussion here https://trac.torproject.org/projects/tor/ticket/32645 Tor Browser 9.5 =============== We want to allow users to quickly recover from website breakage that could happen because the security trade-offs, so we think per-site settings are a critical part of improving that flow. pospeselr, and I have been discussing how we can implement it at the browser user interface. https://trac.torproject.org/projects/tor/ticket/30570 The last release set Letterboxing enabled, and we got some confused users by the "weird margins." We've been discussing how we can introduce the benefits of letterboxing to users and also how to allow users to disable/enable the feature via the regular preferences panel UI. https://trac.torproject.org/projects/tor/ticket/32324 https://trac.torproject.org/projects/tor/ticket/32325 WWW === We have been discussing and proposing improvements to the current download Tor Browser page. We will run user research with communities during December so it can inform our changes. https://trac.torproject.org/projects/tor/ticket/32460 The styleguide got some love. We included updated brand assets, the Tor Browser icon, and some other good peaks. https://styleguide.torproject.org/ OONI ==== As part of S30, the ooni team has been working on exposing the new Circumvention test in the Probe app UI, both in desktop and mobiles. https://github.com/ooni/probe/issues/804 Localization ============ We did new rounds of tweets asking for translations for the manual and support portal. We debugged the errors with different locales on Lektor, and made it easier to add new locales. We updated the documentation - for translators https://trac.torproject.org/projects/tor/wiki/doc/translation/rules - for developers https://trac.torproject.org/projects/tor/wiki/doc/translation/developers Open Team ========= The UX Team roadmap kanban breathes here: https://dip.torproject.org/groups/torproject/ux/-/boards If you missed those, November weekly meetings notes are here: https://lists.torproject.org/pipermail/ux/2019-November/000473.html https://lists.torproject.org/pipermail/ux/2019-November/000474.html Peace and love, A -- Antonela Debiasi UX Team Lead @antonela E2330A6D1EB5A0C8 https://torproject.org

1 0

Metrics Team Meeting Notes, December 12th 2019 [include last week releases]
by Gaba 12 Dec '19

12 Dec '19

Hi! We had our meeting on Thursday December 12th. Pad for the meeting: https://nc.torproject.net/s/Znd4MkHebAznEgA Meeting Log: http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-12-12-15.02.log… Agenda and Notes: * Short update on exit scanner * Roadmap (gaba) https://trello.com/b/Mu5fYg53/tor-metrics-roadmap * Update on Metrics data portal: Simply secure sent a message and we agreed to meet on February for the work they are starting soon and next steps. Releases last week: #32684: Onionoo 7.0-1.23.0 -- Project Manager: Network, Anti-Censorship and Metrics teams gaba at torproject.org she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

S27 Meeting Today: Tuesday 10th December @ 15UTC
by Pili Guerra 10 Dec '19

10 Dec '19

Hi everyone, This is a reminder of our S27: Onion Services meeting happening today at 15UTC on #tor-meeting. This will be our last meeting on this project for the year. Thanks! Pili — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

1 0

Network Team Meeting Notes, 9 December 2019
by Alexander Færøy 09 Dec '19

09 Dec '19

Hello, Here is a short summary of the network team meeting from Monday the 9th of December 2019. 1) We started out by looking at the 0.4.2 status page on Trac to see how we are doing there. As this is probably released when this email is out, we decided to skip the step for the next meetings until we begin dealing with bugs for 0.4.3.x. 2) We went over our Kanban board. 3) We went over our review queue. People are getting better at distributing tickets about between themselves during the week. 4) We shortly discussed a policy proposal by Teor about planning meetings. Discussions are going to continue on the network-team mailing list. 5) Nobody had anything else to discuss. --- end of summary --- You can read today's network team meeting log at: http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-12-09-17.59.html Below are the contents of our meeting pad: gaba: (updated on December 4th) Last week (actual): s31 report (we want to send it on Friday) sV painfull report DRL implementers meeting grants proposals This week (planned): hopefully preparing roadmap activities (way behind this... sorry!) will be afk tuesday & wednesday next week sV report Help with: teor: (online first week of the month, offline at the usual meeting time) Week of 25 November (planned): Take Time for: - Check gitlab migration - Draft s31 report: relay/dirauth modules, tooling, and testing (Deadline: 30 Nov) - catching up on emails - post-0.4.2.4-rc backports Roadmap: - Sponsor 31 modularisation: - Modularisation dependency tooling (#32522) - Sponsor 31 code reviews Other: - Week of 25 November and 2 December (actual): Take Time for: - catching up on emails and IRC x2 - post-0.4.2.4-rc backports - Draft s31 report: relay/dirauth modules, tooling, and testing (Deadline: 30 Nov) - Meeting Times proposal - Check gitlab migration Roadmap: - Sponsor 31 modularisation: - Modularisation dependency tooling (#32522) - Sponsor 31 code reviews - consider clang -std=gnu99 in Travis for better C99 portability #32500 - Other small sponsor 31 reviews and merges Other: - Backports for new releases - Updating CI dependencies - Python 3 upgrades - 0.2.9 LTS end of life preparation - Chutney/Tor debugging - Reviewing external contributors - CI Fixes x 3 Week of 9 December (planned): Take Time for: - Prioritise work? Roadmap: - Sponsor 27 refactor Other: - Chutney debugging? - Bug fixes, ticket triage, and quick reviews - 0.2.9 LTS transition - Other work? Week of 9 December (actual): Take Time for: - Roadmap: - Other: - Bug fixes, ticket triage, and quick reviews - 0.2.9 LTS transition - Nick: Week of 2 December (planned): - Various documentation/fundraising writing - blog comments - PETS bidding - Fix needs_revision branches - Dirauth configuration isolation (32139) - C style work - Prep for stable releases, TBD Week of 2 December (actual): - Various documentation/fundraising writing - blog comments - PETS bidding - Fix needs_revision branches - Prepare stable releases Week of 9 December (planned): - Stable releases: 0.4.2.5, 0.4.1.7, 0.4.0.6, 0.3.5.9. - Catch up with old reviews - Meeting an MIT masters' student to help w research ideas. - Hacking TBD, not sure? Mike: Week of 2 December (planned): - Update circpad docs - File DNS cache mitigation ticket for Website Oracles paper; show it to Tobias - Clear out circpad simulator TODO and review python code Since 2 December (actual): - Updated circpad docs: Interested parties should review Sections 1.2-1.4; 4.1; 6.3; 7.5 https://github.com/mikeperry-tor/tor/blob/circuitpadding-dev-doc/doc/HACKIN… - Filed DNS cache mitigation ticket for Website Oracles paper; showed it to Tobias - https://trac.torproject.org/projects/tor/ticket/32678 - Addressed comments from Georg+Tobias on Website Oracles blog post Week of 9 December (planned): - Finish circpad docs; get docs merged to tor.git origin/master - Get Website Oracle blog post live (needs long-term link to circpad docs) - Clear out circpad simulator TODO (most are doc items now); update its README; review python code - Write draft of Sponsor2 report Need help with/at risk of dropping this month: - Deep-thought-required research project followup - (Google masque, BGP, ECN, Dennis's Mozilla video, etc etc...) catalyst: week of 12/02 (2019-W49) (planned): - sponsor31 wrap up documentation (#32206, #32208) - reviews - more follow up about C style - GSoD stuff as needed week of 12/02 (2019-W49) (actual): - sponsor31 wrap up summaries - reviews - shadow dev hiring stuff - #30984 (key-value lines for control.c) week of 12/09 (2019-W50) (planned): - reviews - more architecture documentation (#32206, #32208) - C style follow up - GSoD stuff as needed asn: Week of 04/12 (planned): - Still lots of work to be done with onionbalance. This week will be spent in making sure that little-t-tor and onionbalance compute the same hash ring. And also starting to do descriptor rotation etc. And maybe making onionbalance work over chutney. Week of 04/12 (actual): - Lots of onionbalance work: - Fix hashring calculations for OBv3 both in chutney and realnet - Fix broken tests. - Make onionbalance work over chutney. - Publish both descriptors - Fight INTRO2 MAC bug - Reviews and merges. Week of 09/12 (planned): - Figure out solution to INTRO2 MAC bug (talk to Nick about it). - Continue work on onionbalance. - Start rotating descriptors ahf: Week of 2 December (planned): - Lots of phone interviews. - Trying to back back on track with S28. - Follow up on all the feedback we have gotten about Gitlab. - Worked a bit on a "proposal" on issues with Tor's DNS subsystem. - Got a bit involved with #32604 (Thanks Tim for the big writeup there!) Week of 2 December (actually): - Had a lot of phonecalls about Shadow hire. Good progress seems to happen there. - Started working on ordering the Gitlab issues from the feedback we have gotten: 1. Some issues are easy rewrites. 2. Some are social (dcf found an interesting case where comment ID's are not from {0, 1, ..., N} per ticket, but is rather a global identifier. - Began with the "low hanging fruits" of the Gitlab feedback: headers, code, and pre tag errors. - Talked a bit with Roger about the DNS subsystem stuff. Week of 9 December (planned): - Some followups on 1:1's from last week. - Hopefully entering the last steps of the Shadow hire process. - Will need to do a bit of research for some emails we are working on. - Build a personal todo list for finalizing s28 tasks for December and November. - Might be a bit slower on IRC this week to try to deal with the s28 backlog I've build. dgoulet: Week of 02/12 (actual): - s27: #32021 - Reviews and merges. - AFK for personal reasons. Week of 09/12 (planned): - s27 final work. swati: Week of December 9 (planned): - Plan to continue working on the ticket https://trac.torproject.org/projects/tor/ticket/4310. - Completed sorting alphabetically the 'General Options' category. - Whitespace changes appeared while aplhabetically sorting the 'General Options'. Unfortunately these whitespaces do not throw any errors in HTML. They appear just fine. - Since I am unable to see the man-page rendition, I need to figure how to avoid causing whistespace changes in the file. -- Alexander Færøy

1 0

Anti-censorship team monthly report: November 2019
by Philipp Winter 09 Dec '19

09 Dec '19

Hi everyone, Here's what the anti-censorship team has been up to in November: Snowflake ========= * Moved to using the gorilla/websocket library instead of an outdated custom library for connections between the proxies and the bridge: <https://bugs.torproject.org/31028> * Expanded the coverage of Snowflake unit tests: <https://bugs.torproject.org/30867> <https://bugs.torproject.org/29259> * Updated the way proxies interact with the broker and began to collect and report metrics about how many proxies we have of each type (e.g., web extensions, badges, standalone instances): <https://bugs.torproject.org/29207> <https://bugs.torproject.org/31157> * Started more rigorously measuring Snowflake's network health: <https://bugs.torproject.org/32545> * Fixed a race condition in the Snowflake broker that was causing crashes: <https://bugs.torproject.org/32576> * Updated webextension and Snowflake badge deployments with new translations. GetTor ====== * Started working on a GetTor survivial guide: <https://dip.torproject.org/torproject/anti-censorship/gettor-project/gettor…> * Worked on using the GitHub REST API for uploading Tor Browser binaries: <https://bugs.torproject.org/32480> BridgeDB ======== * We significantly improved bridgestrap, our REST service that takes as input a bridge line, tests the given bridge, and then returns the test result: <https://bugs.torproject.org/31874> The idea is that BridgeDB uses bridgestrap to learn if the bridges it knows about actually work. Broken bridges are not handed out to users, which will improve user experience. Outreach ======== * Several Tor developers attended the OTF Summit in Taipei. We had numerous helpful conversations about circumvention, obfs4, and censorship analysis. - Roger had a session on Tor, with an emphasis on how Tor Browser can circumvent censorship. - Philipp talked to a few people who may be able to distribute private obfs4 bridges to users who need them. - Philipp and Arturo had a chat about how BridgeDB and OONI should work together in the future: BridgeDB will provide OONI with bridges it wants measured, and OONI returns test results, which BridgeDB should take into account when handing out bridges. For example, if a bridge is blocked in Turkey, BridgeDB should no longer hand it out to users in Turkey. Bridges ======= * Added a new default bridge at Georgetown University to Tor Browser: <https://bugs.torproject.org/32606> * We're working on getting another default bridge at the University of Minnesota added to Tor Browser: <https://bugs.torproject.org/32547> * We made our obfs4 docker image more usable. The image now uses a docker volume to persist tor's data directory, which makes it possible to keep your bridge identity when upgrading to a new docker image. We also added a new script, get-bridge-line, which conveniently gives you your bridge's bridge line. Take a look at our new installation instructions to learn more: <https://community.torproject.org/relay/setup/bridge/docker/> <https://bugs.torproject.org/31834> Thanks to thymbahutymba for providing us with plenty of helpful feedback! * We sent two private obfs4 bridges to somebody who further distributed them to people in China. According to some initial feedback, the bridges work well for the recipients. Miscellaneous ============= * Overhauled the DNS recommendations for exit relay operators: <https://community.torproject.org/relay/setup/exit/#dns-on-exit-relays> * We tried to understand the Internet shutdown in Iran and look for circumvention opportunities. In fact, the incident was not a total shutdown. Some data centers in Iran still had connectivity, so it was possible to use VPS systems in these data centers as proxies. Besides, The DNS resolvers of many ISPs in Iran still allowed requests for domains outside of Iran. That is, people could still resolve, say, foo.com and get its correct IP address. As a result, DNS tunneling was possible. We should invest in a DNS-based pluggable transport. Even if it may not have been very useful in this particular situation (throughput would have been excruciatingly low), it will certainly come in handy again in the future. Take a look at OONI's blog post on the shutdown: <https://ooni.org/post/2019-iran-internet-blackout/> * More grant writing and planning towards a "transition to practice" research grant.

1 0

Notes from Vegas Meeting DECEMBER 5 2019
by Erin Wyatt 09 Dec '19

09 Dec '19

(No Vegas Team meeting on November 28th.) Vegas Team Meeting Notes DECEMBER 5 2019: + NEW BUSINESS Gus - IFF Tor Village Pili - Are we all ok with receiving funding on our github account through github sponsors? Just double checking before I go ahead and put us on the waitlist… Discussion: This would allow people to donate to us through out GitHub account (https://github.com/sponsors) there don’t appear to be any commitments from our end on this, so yes, we’ll do it. Matt - When is the next feedback cycle? Discussion: Isa and ewyatt need to go back over the feedback and adjust the process; they will discuss it soon and make a timeline for the next cycle. + GENERAL NOTES Antonela - reviewed S9 report, writing UX team November report - cooking with onions, S27 - working with TB december tickets - working with OONI UX tickets, S30 - planning user research with communities with nah, S9 - working with WWW - talking with EFF's Soraya Okuda to come up with a set of education materials together. Steph - working on OTF learning lab app for onion services - EOY campaign: successful Giving Tuesday. Working on a post interviewing Cindy - Outreachy internship begins now. annalee_ will be working with me. - Reviewing MOSS post - in touch with b-renna at riseup to help them w more promotion - Cliqz launched a search engine that features onion addresses https://twitter.com/MarcAlHames/status/1202607453394874369 Gus - Reviewed Sponsor9 phase2 report. Bravo! - Onboarding our new Outreachy intern, c1e0. Welcome! :) - Writing blogpost for the Human Rights Day. - Following up with Global South training partnerships. In December we have trainings schedule in India, Uganda, Colombia, Brazil. - IFF Tor Village and main proposal - Doing a Tor talk at criptofesta Sao Paulo this Saturday (12/07) Roger - Defcon video is up: https://blog.torproject.org/next-chapter-anti-censorship - Rightscon submissions are now open. - Any progress on putting together Costa Rica initial invite list? Time is passing. Gaba - s31 report and blogpost - sV report - grant writing follow up for walking onions - DRL implementers meeting - follow up on reducing MOSS grant proposal (metrics team is starting to work on it at the end of January) - we are collecting feedback on gitlab migration - doing a Tor workshop at newsroom in Montevideo when visiting next week. - put gus in contact with virtualroad for trainings - put antonela-hiro-asn in contact with virtualroad for answering questions about onionizing their services Anarcat - ooni load investigation (#32660) - disk space issues for metrics team (#32644) - more puppet code sync with upstream, almost there - thinking cap on: less productive this week, but trying to think about larger issues (like fixing our installers) - TPA meeting decision: raised the disk size of the prometheus, 5EUR/mth extra (in allocated budget) - TPA meeting discussion: not sure when to do the next meeting and if monthly meetings are still relevant - wondering about support continuity during christmas vacations and how much support we provide in general, see also #31243, maybe room for a larger discussion about SLA? Philipp - Will give a Tor presentation at my old college in Austria (<https://www.fh-ooe.at/en/hagenberg-campus/>) - Will possibly give a second presentation there in April, but more business-focused - In the process of adding two new university default bridges - More BridgeDB progress (sponsor 30) and pursuing another data set for sponsor 28 - Grant writing for a "transition to practice" project - Investigating evolving snowflake block in China Pili - Finally finished and submitted the S9 Phase 2 report \o/ Thank you to everyone who helped out! - S44 report - S27 monthly and work completion reports - General end/start of month housekeeping - Generally Picking up where I left off at the end of October now the reporting is behind me... GeKo - Tor Browser team lead transitioning is working well and almost done. Please ping Matt for Tor Browser issues from now on :) - trying to finish all my Tor Browser work until the December holidays are starting - trying to find the capacity to think about upcoming network-health work and its priorities (gaba: we might want to sync about that at some point assuming this will fall onto your plate from a PM PoV, but I probably won't get to it this year anymore due to last minute Tor Browser work. Maybe some time in week 2? <geko: week 2 of january? yes, let's talk then. --gaba> Sounds good, thanks.) Alex - Shadow Simulation Developer hire process seems to be going well. - A bit behind on my S28 deliverables, but hope to catch up on that next week. - The feedback from the Gitlab Ticket survey went out and all teams have submitted really valuable feedback there. Thank you! - Lots of late meetings this week with a lot of smaller follows up to do. - We have an issue with Gitlab we need to figure out what is since it makes the service more difficult to use right now. Sarah - EOY campaign continues to go well. We have now surpassed that total amount of organic website income raised in the entirety of the 2018 campaign. - We are starting to see some larger gifts in response to our postal mailing. - Human Rights Day card going in the postal mail in the next couple of days to major donors and US monthly donors. - Compiling news articles to include in a mailing to sponsors. Matt: - Releases! - Team lead transition (finishing remaining pieces) - Working on roadmap of Tor Browser for next year - Thinking about how we can sustainably grow the "Applications" team for coordination, larger than Tor Browser isabela: - Met w/ Dees from Mozilla, will have a follow up meeting next week - Met w/ Will and Alec Muffet while in London - DRL Implementers meeting in London Nick: - Worked on proposal for walking onions funding. - New stable releases coming out soon. No major security bugs, but a backport of 32108 (accountingmax bug) is en route. - Winter is making me a bit brainless. Please remind me if there is something I should b doing for you. Erin - Shadow dev hiring - org/HR stuff Karsten: - Worked on proposal for OnionPerf funding. - Deployed the new Python-based exit scanner on an AWS instance and let it run over the weekend, with success. - Improved runtime of metrics website daily updater from 12+ to under 6 hours (#25924). - Worked on an Onionoo patch to avoid rewriting unchanged files in order to be nicer towards the ganeti cluster (#32660). Mike: - Scalability meeting + summary + followup

1 0

Network Team Meeting Notes, 4 December 2019
by Alexander Færøy 09 Dec '19

09 Dec '19

Hello, Here is a short summary of the network team meeting from Wednesday the 4th of December 2019. 1) We started out by looking at the 0.4.2 status page on Trac to see how we are doing there. We discussed whether to release soon, since 0.4.2 is supposed to be stable the 15th of December. 2) We went over our Kanban board. 3) We went over our review queue. 4) We discussed upcoming releases. Both the 0.4.2 release, but also stable releases. We went over some tickets that might need to be backported. 5) Nobody had anything else to discuss. --- end of summary --- You can read today's network team meeting log at: http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-12-04-22.59.html Below are the contents of our meeting pad: gaba: (updated on December 4th) Last week (actual): s31 report (we want to send it on Friday) sV painfull report DRL implementers meeting grants proposals This week (planned): hopefully preparing roadmap activities (way behind this... sorry!) will be afk tuesday & wednesday next week sV report Help with: teor: (online first week of the month, offline at the usual meeting time) Week of 18 November (planned): Take Time for: - Write relay/dirauth modules, tooling, and testing parts of s31 report (Deadline: 30 Nov?) - catching up on emails Roadmap: - Sponsor 31 modularisation: - Modularisation dependency tooling (#32522) - Do more modularisation (#31851 / #29211) - Sponsor 31 code reviews Other: - Bug fixes, ticket triage, and quick reviews Week of 18 November (actual): Take Time for: - catching up on emails Roadmap: - Sponsor 31 modularisation: - Modularisation dependency tooling (#32522) - Sponsor 31 code reviews Other: - Fixing work laptop Week of 25 November (planned): Take Time for: - Check gitlab migration - Draft s31 report: relay/dirauth modules, tooling, and testing (Deadline: 30 Nov) - catching up on emails - post-0.4.2.4-rc backports Roadmap: - Sponsor 31 modularisation: - Modularisation dependency tooling (#32522) - Sponsor 31 code reviews Other: - Bug fixes, ticket triage, and quick reviews Week of 25 November (planned): Take Time for: - catching up on emails and IRC x2 - post-0.4.2.4-rc backports - Draft s31 report: relay/dirauth modules, tooling, and testing (Deadline: 30 Nov) - Meeting Times proposal - Check gitlab migration Roadmap: - Sponsor 31 modularisation: - Modularisation dependency tooling (#32522) - Sponsor 31 code reviews - consider clang -std=gnu99 in Travis for better C99 portability #32500 Other: - Bug fixes, doc fixes, ticket triage quick reviews, and merges - Updating CI dependencies - Python 3 upgrades Nick: Week of 25 November (planned): - Short week due to US holiday. Not planning to be available Thursday through Sunday; please use signal if I'm needed. - Review and merge - Keep an eye on blog comments for 0.4.2.4-rc release post - analyze 0421/042 regressions, at last - List stuff I want to work on in December. - Any last-minute improvements needed for S31 wrapup. - Dirauth configuration isolation (32139) - Design for 32408 (migration path for options_act_reversible()) Week of 25 November (actual): - Review and merge - blog comments - S31 writeup stuff - Various bugfixes - Wrote/edited blog post for giving tuesday. - Helped with walking onions proposal - Code style/quality work. Week of 2 December (planned): - Various documentation/fundraising writing - blog comments - PETS bidding - Fix needs_revision branches - Dirauth configuration isolation (32139) - C style work - Prep for stable releases, TBD Mike: Week of 25 November (planned): - Catch up on mail - Follow-up + summary of scalability meeting - Update, file, and triage circpad bugs - Document circpad simulator and new bugs/gotchas in circpad doc - Document intuition behind state machine choice in circpad doc - Finish cleaning up circpad simulator Since 25 November (actual): - Some circpad simulator review + cleanup; a little bit more remains - Caught up on mail - Follow-up + summary of scalability meeting; related researcher mails - Updated and filed circpad bugs; some more triage + documentation remains - Brainstormed options for explicit congestion control; have some candidates - Wrote blog post draft for Website Oracles paper Week of 2 December (planned): - Update circpad docs - File DNS cache mitigation ticket for Website Oracles paper; show it to Tobias - Clear out circpad simulator TODO and review python code Need help with/at risk of dropping this month: - Deep-thought-required research project followup - (Google masque, BGP, ECN, Dennis's Mozilla video, etc etc...) catalyst: week of 11/25 (2019-W48) (planned): - public holiday 11/28 - reviews - sponsor31 wrap up - more follow up about C style stuff week of 11/25 (2019-W48) (actual): - public holiday 11/28 - some feedback to swati re gsod stuff - reviewed #32500 -- took a while to chase down origins of some "impossible" behavior - looked at #32629 - sponsor31 wrap up documentation week of 12/02 (2019-W49) (planned): - sponsor31 wrap up documentation (#32206, #32208) - reviews - more follow up about C style - GSoD stuff as needed asn: Week of 25/11 (planned): - Get back to onionbalance work (#31823 and #26768) - Do revisions as neede dfor the client auth control port work (#32563) - Continue S27 triaging. Week of 25/11 (actual): - Lots of core onionbalance work. I have a dirty branch that can: - Create an onionbalance configuration file and parse it - Fetch v3 descriptors from the instances - Collect intro points and re-certify them (switch the certificates) - Upload v3 descriptors for the service instance. - Branch can be found here: https://github.com/asn-d6/onionbalance/tree/v3_dev_wip - Worked on client auth control port stuff: - Implemented permanent ONION_CLIENT_AUTH_ADD credentials for mcs (#32562) - Fixed bug that came out of this (#32667) - Implemented some more functionality for the VIEW command for mcs (#30381) - Started a [tor-dev] thread about a new requested HS anti-DoS feature: https://lists.torproject.org/pipermail/tor-dev/2019-December/014097.html Week of 04/11 (planned): - Still lots of work to be done with onionbalance. This week will be spent in making sure that little-t-tor and onionbalance compute the same hash ring. And also starting to do descriptor rotation etc. And maybe making onionbalance work over chutney. ahf: Week of 25 November (planned): - Still some Shadow Dev stuff. - Follow up on Gitlab migration work with Gaba - Figure out the 503 issue on GL with Hiro - Test changes for #19327 Week of 25 November (actually): - Shadow Dev Hire continued. We are making progress. - Got lots of feedback from a lot of people in different teams and external contributors about issues with our migration, which needs to be fixed. - Spend some time looking into the 503 PR issue on GL with Hiro. - Talked with Hans about using GL Runners to build HTML versions of torspec.git #32627 Week of 2 December (planned): - Lots of phone interviews. - Trying to back back on track with S28. - Follow up on all the feedback we have gotten about Gitlab. - Worked a bit on a "proposal" on issues with Tor's DNS subsystem. - Got a bit involved with #32604 (Thanks Tim for the big writeup there!) dgoulet: Week of 18/11 (actual): - s27: #32546, #30381 (reviewed, merged), #32543. - s27: Revision on #32020 - s27: Meeting with asn, triage on all s27 tickets. - Worked on a test bed for the NetDev CFP submission. Week of 25/11 (planned): - Finalize s27-must ticket as much as possible. -- Alexander Færøy

1 0

Anti-censorship meeting notes, 5 Dec 2019
by Philipp Winter 06 Dec '19

06 Dec '19

Here's our meeting log: http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-12-05-18.00.html And here's our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday December 5th 18:00 UTC Weekly meetings, every Thursday at 18:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress). == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == * Our anti-censorship roadmap: https://dip.torproject.org/torproject/anti-censorship/roadmap/boards * Our roadmap consists of a subset of trac tickets. * The anti-censorship team's wiki page: https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam * GetTor's roadmap: https://dip.torproject.org/groups/torproject/anti-censorship/gettor-project… * Tickets that need reviews: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… * Projects from sponsors we are working on: * https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor30 * https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor28 --------------------------- --- 5th December 2019 --- --------------------------- == Announcements == * == Discussion == * Let's talk about how we choose future STUN servers * https://bugs.torproject.org/30579 * Concerns voiced at https://trac.torproject.org/projects/tor/ticket/32597#comment:6 * Alternative strategy: https://bugs.torproject.org/25591 * Iran Internet shutdown "post mortem" * What should we have done differently? * How can we be better prepared next time? * Have a DNS based transport that works with recursive ISP-resolvers? (there's a lot of talk about iodine https://github.com/yarrick/iodine in the ooni channels) * other DNS tunnels: https://trac.torproject.org/projects/tor/wiki/doc/DnsPluggableTransport/Sur… * Gettor workflow while gitlab doesn't accept pull requests (I still didn't have time to look at that but I will look it up nextt week. --gaba) * wrt to the migration we are gathering problems here: https://pad.riseup.net/p/gitlab-migration-problems * Snowflake seems to be partially blocked in China (see #32657 and #32597) * Can we get permissions to add/modify nagios monitoring targests ourselves? * This would remove friction and alleviate load on our admins * #30946 (port bridgedb to python3) should be on our roadmap * python2's EOL is on january 1 * Emerald onion has some spare capacity and can help us out * Do we want anything snowflake-related? More proxy-go instances? == Actions == * Please add your work to our monthly report! * https://pad.riseup.net/p/bwskP7zCeW3TTxfg_O1C == Interesting links == * A guide to work with distributed teams: "When you’re running a distributed organization, assume that someone missed the email, message, announcement, or meeting." https://increment.com/teams/a-guide-to-distributed-teams/ == Updates == FORMAT! Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week (related to anti-censorship work). Help with: - Something you may need help with. Hiro: Started restoring Twitter Responder. When retrieving tweets I need to check for new tweets only otherwise Gettor will end up responding to old back log and already answered messages. <-- is this #27330 ? Next Week: - Work on gettor specs <-- Is this #3781? - More with review of strings and website content and translation phw: This week (2019-12-05): * Reviewed #32480, #31157, #32576 * Agreed to give a Tor presentation at my old college in Austria, during vacation in January * Lots of thinking about PT steering committee * We decided not to be a part of it * Improved obfs4 docker bridge (#31834) * Pushed new docker image 0.3 and announced it on tor-relays@ * There's already more in #32550 * Tested new default bridge from UMN; added default bridge from Georgetown; removed dgoulet's IPv6 default bridge * More work towards getting another data source for RACE, so we can study obfs4 in the wild * Filed #32622 for a better STATUS_CLIENT message in a specific case * Added a persistent cache to bridgestrap, so test results don't disappear after a restart * Testing is computationally expensive and BridgeDB's host seems underprovisioned * Reached out to UMass Amherst and UMich research groups to get scans of default bridges going * Reached out to noisebridge once again, in the hope that the default bridge sets 'bridgedistribution none' * The original maintainers are all gone :/ * Started porting BridgeDB to Python 3 * Will require lots of tedious work * Took a look at the spydermix system Next week: * Help with: * Gaba: (updated October 30th) Last week (): * grants writing This week (planned): * gitlab migration: look at issues and problems in gitlab. cecylia (cohosh): last updated 2019-12-05 Last (2) weeks: - fixed (wrote, merged, and deployed) a data race in the broker that was causing crashes (#32576) - merged and deployed collection of proxy type metrics (#31157) - finished snowflake test coverage (#29259 and #32300) - continued work on understanding snowflake health (#32545) - started investigating possible snowflake blocking in China (#32657) - read papers and made some progress on grant writing - worked on setting up some throughput tests for windows (#31971) - made more fixes to gettor script for releases (#32480) - updated web extension and web badge deployments with new translations and #31157 This week: - finish full draft of grant - continue on #29206 and #25723 - run some concrete tests for snowflake on windows (#31971) - update github gettor links (#32393) - revisit #31109 and see if there's more we need to do for that - work on snowflake test suites #25595 - continue snowflake health checks and looking at censorship in china (#32657) Help with: - review of #32300 and #29259 - gettor repo at https://dip.torproject.org/torproject/anti-censorship/gettor-project/gettor is still behind - can't make pull requests in gitlab still - permissions error for https://trac.torproject.org/projects/tor/ticket/31157#comment:14 arlolra: 2019-12-05 Last week: - add a build step / documentation for code reuse in cupcake #32499 Next week: - read up on turbo tunnel - pick a new task (#31902, #31201, #19026, ?) Help with: - review #32499 dcf: 2019-12-05 Last week: - helped debug a broker crash (#32576) - turbo tunnel in meek - noted some Gitlab migration issues at https://pad.riseup.net/p/gitlab-migration-problems - wrote a summary of the Conjure paper Next week: - decommission old broker (#32502) - turbo tunnel in meek Help with:

1 0

October and November 2019 report for the Tor Browser team
by Pili Guerra 06 Dec '19

06 Dec '19

Hi everyone! October saw the culmination of the team's hard work over the previous four months with the release of our first 9.0 stable release[1], based on ESR68. During October we made the following additional releases: Tor Browser 9.0a7 [2], 9.0a8 [3] and 9.5a1 [4]. With the 9.0 stable release we started our work towards tightly integrating Torbutton code into Tor Browser by moving the various different functionalities it provides to other, more intuitive locations. As such, you can now request a new identity from its own dedicated button on the toolbar, and configure Tor network settings, such as bridges and proxy configuration from their own dedicated Tor section within Tor Browser Preferences. We also increased the number of locales supported to 32 with the addition of Macedonian (mk) and Romanian (ro). During October we fixed all outstanding reproducible build issues in time for our stable release. However, although the 9.0 stable release build is bit for bit reproducible and we managed to get two matching builds, we have one remaining challenge to achieve consistent reproducibility as we occasionally get builds that differ. The full list of tickets closed by the Tor Browser team in October is accessible using the TorBrowserTeam201910[5] keyword in our bug tracker. In November we continued with the 68esr rebase and tying up loose ends from our first 9.0 stable release based on Firefox 68 ESR. The new letterboxing feature raised a lot of questions and issues so we continued working on bug fixes[6] on this feature and further improving the experience[7][8] for our users. We have also started picking up sponsor work once more, working on implementing Onion Services Client Authorization[9] and key storage[10] in Tor Browser. We have also been working on making it easier to access v3 onion services through the use of the Onion-Location header and have been working on a mechanism for the browser to prompt the user about onion service redirection when encountering an Onion-Location from a website[11]. In order to share these and other new features more quickly, we are working on providing automatic nightly builds[12]. This will allow us to have a faster path to share new and experimental features with users for dedicated user testing and rapid iteration. Looking ahead to 2020 and what the team wants to work on, a number of us have been working on a proposal to move away from the ESR train and onto the Firefox rapid release cycle, starting with the Tor Browser for Android transition to Fenix[13]. We would also like to take this opportunity to implement Enhanced Tracking Protection (ETP)[14] from Firefox for performance improvements, pending funding. We made two releases in November: 9.0.1[15] 9.5a2[16]. The full list of tickets closed by the Tor Browser team in November is accessible using the TorBrowserTeam201911[17] keyword in our bug tracker. We are still struggling with reproducibility issues[18] and will continue working on these during December. Additionally, we will close off the year by continuining to work on all outstanding November issues, including letterboxing work, sponsor work and automatic nightly updates. All tickets on our radar for December can be seen with the `TorBrowserTeam201912` keyword in our bug tracker.[19] [1] https://blog.torproject.org/new-release-tor-browser-90 <https://blog.torproject.org/new-release-tor-browser-90> [2] https://blog.torproject.org/new-release-tor-browser-90a8 <https://blog.torproject.org/new-release-tor-browser-90a8> [3] https://blog.torproject.org/new-release-tor-browser-90a8 <https://blog.torproject.org/new-release-tor-browser-90a8> [4] https://blog.torproject.org/new-release-tor-browser-95a1 <https://blog.torproject.org/new-release-tor-browser-95a1> [5] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… <https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB…> [6] https://trac.torproject.org/projects/tor/ticket/32308 <https://trac.torproject.org/projects/tor/ticket/32308> [7] https://trac.torproject.org/projects/tor/ticket/32220 <https://trac.torproject.org/projects/tor/ticket/32220> [8] https://trac.torproject.org/projects/tor/ticket/32325 <https://trac.torproject.org/projects/tor/ticket/32325> [9] https://trac.torproject.org/projects/tor/ticket/30237 <https://trac.torproject.org/projects/tor/ticket/30237> [10] https://trac.torproject.org/projects/tor/ticket/19757 <https://trac.torproject.org/projects/tor/ticket/19757> [11] https://trac.torproject.org/projects/tor/ticket/21952 <https://trac.torproject.org/projects/tor/ticket/21952> [12] https://trac.torproject.org/projects/tor/ticket/18867 <https://trac.torproject.org/projects/tor/ticket/18867> [13] https://github.com/mozilla-mobile/fenix <https://github.com/mozilla-mobile/fenix> [14] https://trac.torproject.org/projects/tor/ticket/30939 <https://trac.torproject.org/projects/tor/ticket/30939> [15] https://blog.torproject.org/new-release-tor-browser-901 <https://blog.torproject.org/new-release-tor-browser-901> [16] https://blog.torproject.org/new-release-tor-browser-95a2 <https://blog.torproject.org/new-release-tor-browser-95a2> [17] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… <https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB…> [18] https://trac.torproject.org/projects/tor/ticket/32053 <https://trac.torproject.org/projects/tor/ticket/32053> [19] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… <https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…>

1 0

Damian's Status Report - November 2019
by Damian Johnson 05 Dec '19

05 Dec '19

Hi all! Just a quick update on what I've been up to. Now that our HSv3 branch is finally wrapped up giving thought to what's next... https://blog.atagar.com/november2019/

1 0