- tor-project - lists.torproject.org

Tor Browser team meeting notes, 14 Jan 2019
by Georg Koppen 15 Jan '19

15 Jan '19

Hi everyone! We had another weekly Tor Browser meeting yesterday. The IRC meeting log can be found at: http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-01-14-18.59.log… The meeting notes are copied below, for your convenience: Monday January 14, 2019 Discussion: - Google Summer of Code (GSoC) Application (pili - apologies I will likely be afk for the meeting) - Projects? Volunteer mentors? Could be both Tor Browser or "Applications Team" projects. (GeKo: tjr can imagine to mention the crash report project further) - Plan for Tor Launcher/Torbutton compat with ESR 68 (GeKo: tentative schedule for landing that is 9.0a1; we don't get enough testing for 8.5) - Replacement for donation banner (#29035) (GeKo: I put that on my plate and anto provides the remaining UX items) - Can we move this meeting 30 minutes or 1 hour earlier? (sysrqb now has a partial conflict, but can adjust if changing the meeting is too difficult) (GeKo: tentively moving to 1830UTC, I need to get back to igt0 whether that works for him, too) - next meeting? (GeKo: on Monday is US holiday, so let's meet on 1/22 instead) pospeselr: Last Week: - updated icons for #25702 (rebranding) and #28546 (windows installer branding) to fix clipping/squashing issue - reviewed #28711 (arraybuffer metadata in its own arena) and #28329 (TBA+Orbot design) - backported 1446472 (and than discovered tjr beat me to it lol) - squashed/rebased #25702 - began work on #25658 (security settings) boklm - ran into a couple of build issues this past week (just in case you weren't aware): - https-everywhere explicitly requiring python 3.6 in it's make.sh script (container installs python 3.7 now when just installing the python package) - issues building servo in the latest alpha branch in tor-browser, didn't delve too deeply into this on Friday since I was on my laptop [boklm: can you open tickets with some details about those issues?] richard : can do! This Week: - file tickets for above-mentioned issues - #25658 work (security settings) pili: likely afk for meeting Last week: - Sponsor 8 report - Tor Browser release meeting - OTF Onion service SMART objectives - Starting to look at team budgets This week: - Review 2019 needs and priorities - looking into orbot and trac discussion on mailing lists GeKo: Last week: - refined patch for #28716 (mingw-w64/clang toolchain) and mapped out remaining things to be done for #28238 - begin-of-the-month admin dance - finally commented on the ideas in doc for #3600 - I reviewed #28705 and started with #25702 and #26858 - wrote patches for #29028 (activate canvas warning improvements), #28874 (WebGL crashes), #28814, and #29081 (hardening of libwinpthread) - helped with bug investigations (#28823, #tra) - looked over #28329 and tor-launcher redesign - looked over sponsor proposals This week: - help with mobile stuff where needed - backport fix for bug 1469916 - work on various issues related to #28238 - work on the donation banner replacement (#29035) - looking closer at https://bugzilla.mozilla.org/show_bug.cgi?id=1376621#c12 - reviews, review, reviews sysrqb: Last week: Real World Crypto Wrote/sent email about Google Play reviews Worked a little on TBA bootstrap process (#28329) This week: More work on UI for #28329 Finish fastlane patch Review TOPL/Orbotservice ticket (#29080) Update branch for app crash during download (#28705) mcs and brade: Last week: - Worked on #28044 (Integrate Tor Launcher into tor-browser). - Did some experiments. - Commented in the ticket. - Opened #29045 for dormant mode follow up work (Tor Launcher). - Completed end of quarter/end of year administrative tasks. This week: - #28836 (Links on about:tor are not clickable anymore). - #28885 (notify users that update is downloading). - Work on a proposal for #28044 (Integrate Tor Launcher into tor-browser). - Out of the office on Friday, January 18th. boklm: Last week: - investigated binutils reproducibility issue and made patch to update binutils to 2.31.1 (#26148) - started a patch for #27531 (Tor Browser 8 crashes trying to print on Linux) - fixed some testsuite issues (#27136, #27114) This week: - continue work on testsuite - test patch for #27531 (Tor Browser 8 crashes trying to print on Linux) - some reviews: #29081, #28716, #28803, #28874 - will be afk on Friday tjr: Leave is coming, but unsure of dates. Lots of mingw work. "gk: where to track the remaining work for enabling accessibility support on windows, because it's still not functioning properly it seems with the patches we have" tjr: Can you elaborate? And/or show me a not-scary (trustworthy/open source) accessibility tool to test with? [GeKo: accessibility is not working in e10s, see: https://trac.torproject.org/projects/tor/ticket/27503#comment:13 ff. I noted that on the moz bug, see comments 11 and Jacek's reply in comment 19. I have not looked whether there are non-scary tools yet] "gk: --enable-accessibility on mingw-gcc" tjr: Yes, I did not test this (on TaskCluster or otherwise). If switching to mingw-clang is on the horizon, I am not inclined to try and get support for this working on TaskCluster [GeKo: works for me, just so you are aware of that this breaks the mingw-w64/gcc builds once this gets enabled on esr60][tjr: they use different mozconfigs; so it the mingw-gcc builds will stay --disable-accessibility][GeKo, yeah, fine with me] I have an --enable-accessibility, --enable-sandbox, pdbs esr60 build working in TaskCluster. Have requested uplift of a bunch of patches On central; I am personally being plagued by https://bugzilla.mozilla.org/show_bug.cgi?id=1519608 but others don't seem affected TODO: - Uplift the aforementioned esr60 patches - Land small -central patches (--enable-accessibility, Bump MinGW, _WIN32_WINNT) - Investigate ASLR - Investigate if we can ditch binutils We have a next step forward on the rust stuff: https://bugzilla.mozilla.org/show_bug.cgi?id=1376621#c12 It's not significant; but we'll see where to go from here. Am I correct in thinking that this is basically the same thing you did (look for connect/socket/etc calls) except you did it in the source, and this is on the object file? [GeKo: have not looked yet, but can do this week, hopefully; sysrqb thinks the answer is "yes"] Uplifted https://bugzilla.mozilla.org/show_bug.cgi?id=1446472 which will show the Canvas icon if canvas is auto-blocked because it has no user input. Landed https://bugzilla.mozilla.org/show_bug.cgi?id=1509829 which uplifts Tor's "Only reveal the OS in the JS navigator object and not the User-Agent header" I should backport this to esr60. anto: - working on #28329 - TBA + Orbot - working on #29035 - Newsletter Subscription links - reviewing TBA - added UX improvements ideas for TB on DRL doc for the UX team - reviewing sysrqb's list of GPlay TBA reviews sisbell: Last week: - #29080 Merge OrbotService and TOPL - did initial prototype and outlined details of changes needed in trac issue - #28803 - Integrate building PT - finished android-pluggable-transport project (ready for review) This Week: - #29080 - Cleanup work and create patches for OrbotService - #27609 - Evaluate Tor Onion Proxy - I’ll setup project in tor-browser-build and create patch as specified in #29080 Georg

1 0

Network team meeting notes, 14 Jan 2019
by teor 15 Jan '19

15 Jan '19

Hi, Our next meeting is on Tuesday 22 January at 1800 UTC. You can find our meeting logs here: http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-01-14-17.58.html Below are the contents of the meeting pad: = Network team meeting pad! = This week's team meeting is at Monday at 1800 UTC on #tor-meeting on OFTC. Welcome to our meeting! First meeting each month: Tuesday at 2300 UTC Other meetings each month: Mondays at 1800 UTC On #tor-meeting on OFTC. January schedule: * No meeting on 31 Dec or 1 Jan * Following meeting on 8 Jan 2019, 2300 UTC. * Meeting on 14 Jan, 1800 UTC * Meeting on 21 Jan 22 Jan?, 1800 UTC * No meeting 28 Jan; (some of) the team will be at a face-to-face meeting. (This channel is logged while meetings are in progress.) (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == (Search the list archive for older notes.) 3 Dec: https://lists.torproject.org/pipermail/tor-project/2018-December/002117.html 10 Dec: https://lists.torproject.org/pipermail/tor-project/2018-December/002120.html 17 Dec: https://lists.torproject.org/pipermail/tor-project/2018-December/002127.html 8 Jan: https://lists.torproject.org/pipermail/tor-project/2019-January/002155.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? <-- Check who is doing what on s19 and s31 on January. url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… Here are the outstanding reviews, oldest first: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… Including sbws: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… Core Tor/sbws is now part of the bug triage, CI, and reviewer assignment roles * Let's try a different way of looking at proposed tickets: https://pad.riseup.net/p/network-team-triage-2018 [See section about this below.] == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases * Remember to fill up actual point when you finish a task (as well as "fix" the estimate when starting the issue). * Add planned PTO to the calendar https://storm.torproject.org/shared/ISA5L5nH0Xu88iqSCx9ZjCXYSMKOBTdbUeWarbd… * Check other's people call for help in their entries. ------------------------------- ---- 14 January 2019 ------------------------------- == Announcements == * Teor is bringing a proposal for proposed ticket (discussion during hackweek?). https://pad.riseup.net/p/network-team-triage-2018 * We are starting weekly checkins on anti-censorship work. Every Thursday 20:00 UTC on #tor-meeting. Starting January 17th. * A lot of thoughts in the pad about network team priorities for funding. Add any comment to it. Al and the grants team will look at it and ping people if we start writing a related proposal for DRL https://storm.torproject.org/shared/cDDK_EyXoIZoiOzt3YSRo3cCme0C-JAZe5nCdvb… == Discussion == * Who needs help with reviews? (see query links in "Stuff to do every week") * Drafting Hackweek agenda. We will meet the week before the hackweek. • * draft agenda https://pad.riseup.net/p/tor-netteam-agenda-hackweek-2019.1-keep <-- please check it out and send me any comments/questions about it. • * date to discuss it: January 22nd 9pm UTC * Let's assign people in the team to the snowflake blockers tickets in the roadmap #25601, #29024, #21314 * Next Monday is MLK day in the US. Shall we do 1800UTC on Tuesaday the 22nd instead? == Proposed tickets == Please tag proposed tickets with 040-proposed or 041-proposed, and add a points estimate (in days). If the ticket needs to be added to the roadmap, put it on the list below, so we can talk about it at the meeting. Who can do the release capacity and estimated points updates every week? === 040-proposed === #29026 -- OpenSSL will not compile without engine support (needs_review) <-- approve for 040 #29029 -- Make "tried to establish rendezvous on non-OR circuit" into a protocol warning [needs review] <-- approve for 040 #29040 -- Tor crashes if ClientOnionAuthDir contains more than one public key for a hidden service (new) <-- defer deciding until asn & dgoulet input Here are the tickets currently labeled as 040-proposed: https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… Should we do capacity for 0.4.0? It's almost over. === 041-proposed === Capacity Estimate 32.4 points of proposed tickets, which is about one person's capacity for 0.4.1 120 days left until the 0.4.1 feature freeze, approximately 40 coding days per person 120 days * 5/7 work days in week * 200/240 non-leave days in year * 3/5 coding days in week (excluding review, admin, travel, meeting) The prop289 tickets have no points estimates, let's update the total when we add estimates (or defer them until next week) List of tickets New tickets for 21 Jan: #25417 -- HSFETCH support for v3 Hidden Services (needs_review) Points needs asn or dgoulet's input, how much effort will it take us to merge this code? Should we try for 0.4.1? Old tickets from 14 Jan: #29036 -- Coverage merge failures cause test_process_slow stderr check to fail (new, Sponsor ??) How often does this failure happen? <-- accepted for 041 #27162 -- Travis: consider running CI on beta, nightly, and tor's lowest supported rust (new, Sponsor V) <-- accepted for 041 #29053 -- Use descriptor structs to deterministically create descriptor dumps (new, probably out of scope for Sponor V) <-- leaning no for 0.4.1, but we can talk about it if you disagree -nm Let's defer this ticket, unless we think it's important? There's something subtly wrong with a bunch of our HSv3 IPv6 code: <-- defer deciding until asn & dgoulet input #26992 -- Add intro point IPv6 address to service descriptors (needs_revision) #23588 -- Write fascist_firewall_choose_address_ls() and use it in hs_get_extend_info_from_lspecs() (needs_revision) #23576 -- Make service_intro_point_new() take a node instead of an extend_info (needs_revision) I have tried to debug the issue for a few hours, but I didn't make much progress. I expect it will take a few days to debug: let's defer these tickets, and pick them up if we have time later in the release Open 041-proposed tickets: https://trac.torproject.org/projects/tor/report/75 Open 041-proposed tickets with no points estimate: https://trac.torproject.org/projects/tor/report/76 == Recommended links == == Updates == NOTE NEW FORMAT! Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: • - Something you may need help with. PLEASE DO NOT BULK-DELETE THE OLD ENTRIES! Leave the "Planned" parts! Leave the parts for last week and this week! gaba: Week of 01/07 (actual): • - back into 1:1s • - anti-censorship hiring • - S8 Q4 report • - remove s8 from tickets • - s31 • - s19 • - hackweek agenda • Week of 01/13 (planned): • - remove s8 from tickets • - anti-censorship plans - weekly meeting kickoff • - S8 report • - s31 follow up • Needs help with: • - please add points to the tickets you already have done (thanks people that added them to each ticket) teor: (offline) Week of 7 Jan (planned): High-Priority: - PrivCount proof of concept (#29004 and related tickets) Medium-Priority: - (no sbws reviews, I need to focus on PrivCount before the hackfest) - Maybe some code reviews if I get time - Sponsor 8 tasks - are these important enough to do anyway? - Ask metrics to monitor bootstrap speed - Tweak bootstrap settings to work when lots of fallbacks are down - And also on networks that drop packets Week of 7 Jan (actual): High-Priority: - PrivCount proof of concept (#29004 and related tickets) - Refactor for unit tests for extra-info documents - I was on CI/Coverity rotation, I made a ticket for one intermittent Travis failure Medium-Priority: - worked on proposed tickets process, tried it out for the first time - dealt with small sbws blocker - Did a few code reviews, I still have a lot left over. Week of 14 Jan (planned): High-Priority: - PrivCount proof of concept (#29004 and related tickets) - unit tests for extra-info documents Medium-Priority: - (no sbws reviews, I need to focus on PrivCount before the hackfest) - Sponsor 8 tasks - are these important enough to do anyway? - Ask metrics to monitor bootstrap speed - Tweak bootstrap settings to work when lots of fallbacks are down (and also on networks that drop packets) Help with: - Can someone check my calculations for our 0.4.0 and 0.4.1 workload? - I've run out of time to do all my code reviews. Can someone else please do them? Nick: Week of 7 Jan (planned): - Stable releases 0.3.3.11, 0.3.4.10, 0.3.5.7 - 28142 review and merge wtfpad patch - Help on snowflake startup issues - revise pubsub branch, time permitting, for S31 Week of 7 Jan (actual): - Started revising pubsub branch - stable releases - Lots of review and merge -- still working on pubsub - Added points to my closed tickets Week of 14 Jan (planned): - Finish pubsub revision - Merge final stuff for 0.4.0.1-alpha; freeze on Tuesday! - Release 0.4.0.1-alpha, maybe. - Triage 0.3.5 and 0.4.0 tickets :( - Advance modularization discussions - Help on snowflake stuff? Need help wih: - Triage 0.3.5 and 0.4.0 tickets :( - Advance modularization discussions dgoulet: (offline, in bed ill) Week of 01/07 (actual): - prop289: Authenticated SENDMEs. Implementation is done 99% in #26288 (branch: ticket26288_041_01). Still some bugs I'm chasing. Week of 01/14 (planned): - prop289: Fix remaining bugs (I know what they are). Jump on unit tests and then massive chutney testing. - Re-review spec for #28180 with ahf after dcf1 comments. Mike: Week of 1/17 (planned): - Fix up issues from circuitpadding reviews - Help asn with #28780 and #28634 Week of 1/17 (actual): - Worked on #28780 and #28334; pretty sure neither will make 0.4.0 freeze - Looked over #28142 review and fixups. Looks good - Helped with modularization planning - Did 0.4.0 reviews Week of 1/14 (planned) - Finishing touches on #28142 - convert wtf-pad TODO file to tickets and make a plan for 0.4.1 - Help more with modularization plan? catalyst: week of 01/07 (2019-W02) (planned): - finish up control-spec changes for new bootstrap phases - continue cleaning up sponsor8 bookkeeping - move relevant things from sponsor8 to sponsor19 - review more pubsub stuff as it comes up - think about more long-term stuff - ticket reviews week of 01/07 (2019-W02) (actual): - cleaned up some sponsor8 ticket bookkeeping - submitted another revision of bootstrap phase descriptions for control-spec.txt - chatted with teor about modularization and gaba about release planning and modularization - looked at sponsor19 roadmap stuff week of 01/14 (2019-W03) (planned): - prep for Brussels meeting - more follow up fixes related to #27167 - follow up on modularization thread - ticket reviews help with: - architectural issues related to #28925 (will chat at patch party time) juga (offline): - Week 07/01 (planned) Depending on reviews: - Continue with #28933 #28869 or leave it for next milestone - Decide whether it is needed that AsyncResults have timeout (#28864) - Decide whether it is needed to timeout putting results in the queue (#28866) - Maybe continue to work out how sbws can report excluded relays (#28563) - Week 07/01 (actual) - Finished with running one sbws main loop as part of the integration tests (#28869) - Exit gracefully (stop threads) on SIGINT or SIGTERM (#28933) - Commented on whether it is needed that AsyncResults have timeout (#28864) - Finished adding timeout when putting results in the queue (#28866) - Started with some refactoring (#29046, #29047) - Discussed to move bandwidth file parser to stem (#29057) - Week 14/01 (plan) - Continue on working out how sbws can report excluded relays in the bandwidth file (#28563) - Continue with refactoring (#28684) - Write last 3 months report asn: [Will be doing a Tor lecture in a local uni at the same time as the meeting] Week of 01/7 (planned): - Get #28142 closer to merged (address review comments etc.) - See if we can get #28780 and #28634 closer to merge_ready by EOW. - More anti-censorship hiring. - Do some initial PhD stuff. - Coordinate with 2-3 people who contacted me because they want Tor talks to happen around Athens. First one is upcoming Monday in my home university. Week of 01/7 (actual): - More #28142 work. It's now in merge_ready again after lots of rebasing, and merging in a few more patches from Riastradh. - More work on #28780 and #28634 but we are delaying this for 041. - Opened more tickets for remaining work and TODO items. - Anti-censorship hiring wrapped up. - Assigned reviews but failed to sync up with dgoulet so we are still in pad form. I will fixup trac and spreadsheet tomorrow: https://public.etherpad-mozilla.org/p/VxgEYUZzpv - Did reviews Week of 01/14 (planned): - Monday: Tor lecture in local university. - Get #28142 merged. - Work on the onion service proposal. - Check out the brussels hackfest thread. - Do reviews. Help with: - We good. ahf: Week of 1/7 (planned): Sponsor 8: - Review David's spec changes for the PT STATUS/LOG messages (#28181, #28182). - Fill out q4 report and points for s8 tickets we did in q4. Sponsor 19: - Working on a document to describe how the broker works and how the WebRTC protocol work at a high level to give people some idea about the API's used for the JS/Go proxy and the Snowflake client. - Debug an issue where the JS proxy will become idle and no data progress is made during bootstrap. Misc: - Next step for sysadmin hire with Linus/Hiro. - See if there is S8 tickets that makes sense for S19(?) Week of 1/7 (actually): Sponsor 8: - Marked tickets with my share of the points. Sponsor 19: - Patch submitted for DCF's comments for #28181. - Looks like we made a decisions with hires :-) - Progress on WebRTC part of broker document. Wrote some sample programs to wrap my head around the API. I think this will be a talk at our Brussels meeting. - Talked with Roger, David F, some JS friends, about using headless browsers for both proxy and client for Snowflake (like what Meek does). Misc: - Did code review over the phone with David Goulet for authenticated sendme's (loved this format!) - Reviewed some allocated patches. - Sysadmin meeting postponed to 1/14. Week of 1/14 (planned): Sponsor 19: - Finish WebRTC + broker + client + proxy architecture document. - Reach conclusion with David and David about #28181 and #28182. Misc: - Help David with code review for authenticated sendme's. - Sysadmin interview progress. CI/Coverage: - Try to reproduce #29036 again

1 0

December 2018 in sysadmin land
by Linus Nordberg 14 Jan '19

14 Jan '19

Hi Tor, The sysadmin and services team presents its December. # What's been done - Improvements to our list of services [0]. - New VM'S for CiviCRM ready for use. - The ordinary resolving of requests, as can be followed better over at [1]. [0] https://trac.torproject.org/projects/tor/wiki/org/operations/Infrastructure [1] https://trac.torproject.org/projects/tor/report/44 # Upcoming new things - Will be seing some of you in Brussels [2]. [2] https://trac.torproject.org/projects/tor/wiki/org/meetings/2019Brussels # Fact of the month Reading the sysadmin team wiki [3] will make you a better informed user. Providing material to it might make it even more useful! [3] https://help.torproject.org/tsa/

1 0

OONI Monthly Report: December 2018
by Maria Xynou 13 Jan '19

13 Jan '19

Hello Tor world, During December 2018, the OONI team wrapped up the year by preparing for the upcoming OONI Probe mobile app launch, making a series of improvements to Measurement Kit (our network measurement library) and by implementing an orchestra endpoint for test lists. ## Prepared for OONI Probe mobile app launch Following the public beta release of the revamped OONI Probe mobile apps in November, we spent December preparing for the stable release in January 2019. This involved: * Fixing bugs reported as part of the beta testing. * Improvements to how we managed translations in the mobile apps via: https://github.com/ooni/translations * Coordinating translations & joining the OONI Probe Office Hour on the Localization Lab Mattermost channel to address translator questions (https://www.localizationlab.org/blog/2018/12/11/ooni-probe-office-hour) We're extremely grateful to the Localization Lab for their great support in coordinating translations! ## Test list orchestra endpoint We added a dedicated ooni/orchestra API endpoint for provisioning OONI Probes with URLs to be tested: https://github.com/ooni/orchestra/pull/58 & https://github.com/ooni/orchestra/pull/57. This allows for a more dynamic and quick update of test lists on mobile devices and it's a first step towards rolling out OONI Probe Orchestration. ## Measurement Kit ### Released Measurement Kit v0.9.1 We released a new version of Measurement Kit: https://github.com/measurement-kit/measurement-kit/projects/2. This new version contains bug fixes and improvements over version 0.9.0 and will be included in the upcoming release of the mobile apps. ### Improved DNS engine in Measurement Kit We wrote the foundation for a new DNS engine in Measurement Kit. The requirements for this new DNS engine have been documented in https://github.com/measurement-kit/measurement-kit/issues/1689. We have implemented these requirements in a separate repository (https://github.com/measurement-kit/mkudns) which we plan on integrating in Measurement Kit v0.10.0 or v0.11.0. This new engine will allow us to save the content of sent and received UDP DNS packets, and will also allow us to timestamp network events. We will use this code when running some OONI tests to collect low level data useful to understand censorship. We are specifically planning on submitting base64 encoded packets to the OONI pipeline for further analysis and for historical records. ### Rewritten iOS integration layer We have created a new repository (https://github.com/measurement-kit/mkall-ios) for integrating Measurement Kit with the iOS apps. This new repository has been designed with OONI Probe for iOS in mind but could potentially be beneficial to any other project using Measurement Kit. The gist of this rewrite is that now the app can use Objective C code directly to interact with Measurement Kit. The code in mkall-ios will take care of mapping the Objective C requests to Measurement Kit's internal APIs. This change is great for us because it allows us to decouple the implementation of the OONI app from Measurement Kit internals. In turn, this improvement allows us to increase our code velocity, i.e. the speed at which we can change mutually independent parts of the code base by minimizing the surface over which changes propagate. The upcoming version of OONI for iOS will use this repository. We're working to implement similar changes for Android too. ## Updated the test list of the Democratic Republic of Congo (DRC) In preparation for the Democratic Republic of Congo's elections in late December 2018, we carried out research and coordinated with locals to update the country's test list. The updates can be viewed here: https://github.com/citizenlab/test-lists/pull/420 The CD test list was also updated earlier (November 2018) thanks to URLs provided by community members: https://github.com/citizenlab/test-lists/pull/413 ## IEEE publication Earlier in 2018, we published a research report on internet censorship in Nigeria, in collaboration with Paradigm Initiative: https://ooni.torproject.org/post/nigeria-internet-censorship/ A version of our research report was published in the IEEE Internet Policy Newsletter (December 2018 edition): https://internetinitiative.ieee.org/newsletter/december-2018/measuring-inte… ## OONI blog post for Tor Strength in Numbers blog series In support of the Tor Project's end-of-year fundraising campaign, we published a blog post, "Strength in Numbers: Fighting Internet Censorship", which is available here: https://blog.torproject.org/strength-numbers-fighting-internet-censorship Our blog post was translated to Russian and cross-posted by Roskomsvoboda: https://roskomsvoboda.org/43616/ ## Community activities ### MAMI Active Measurement Hackathon in Scotland OONI's Simone traveled to Aberdeen, Scotland, to participate at the Measurement and Architecture for a Middleboxed Internet (MAMI) Active Measurement Hackathon on 5th & 6th December 2018. The goal of the 2-day hackathon was to share knowledge and experience in internet measurement between OONI and MAMI. Information about the hackathon is available via MAMI's blog post: https://mami-project.eu/index.php/2018/12/20/mami-active-measurement-hackat… ### EngageMedia's OONI blog post The Philippines' EngageMedia published a blog post about OONI, explaining OONI Probe and encouraging local communities to participate in censorship measurement research. Their blog post is available here: https://www.engagemedia.org/blog/ooni-measure-censorship ## Userbase In December 2018, OONI Probe was run 298,455 times from 4,527 different vantage points in 209 countries around the world. This information can also be found through our stats: https://api.ooni.io/stats ~ The OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.torproject.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

Nyx Release 2.1.0
by Damian Johnson 12 Jan '19

12 Jan '19

Hi all, I'm pleased to announce Nyx 2.1.0. This is a fixup release that corrects issues uncovered over this last year... https://nyx.torproject.org/changelog/index.html#version-2-1 Cheers! -Damian

1 0

December 2018 report for the Tor Browser team
by Georg Koppen 11 Jan '19

11 Jan '19

Hello! This is the last report for our work done in 2018. In December we made two releases, Tor Browser 8.0.4[1] and 8.5a6[2]. Besides updating component like Tor (to 0.3.4.9) and OpenSSL (to 1.0.2q), Tor Browser 8.0.4 contained many backports from patches tested in our alpha series. The most important ones were a fingerprinting defense against protocol handler enumeration[3], enabling Stylo for macOS users[4], and setting the sandboxing level on Windows back to 5[5]. Tor Browser 8.5a6 got exiting updates on the Android side: It's been the first release that is being built reproducibly[6] and has multi-locale support in a single .apk.[7] Besides working on releases we outlined our further mobile work towards the next milestone, TBA-a3, which should bring us close to the shape we want Tor Browser for Android to be in. All tickets tracked for this task can be found under the `TBA-a3` keyword.[8] For the desktop side we made further progress on our QA efforts[9] and our security settings redesign[10]. The full list of tickets closed by the Tor Browser team in November is accessible using the `TorBrowserTeam201812` keyword in our bug tracker.[11] In January there are three big tasks we'll focus on. The first is getting our mobile code into shape for the third milestone. Secondly, we try to get as much done as possible for our security settings redesign. Thirdly, efforts are under way to replace our mingw-w64/gcc toolchain with a newer one based on mingw-w64/clang for Windows to be able to keep pace with the changes in Firefox code.[12] Additionally, we plan to start working on making Tor Launcher and Torbutton compatible with the next Firefox ESR (which is supposed to be 68).[13][14] All tickets on our radar for this month can be seen with the `TorBrowserTeam201901` keyword in our bug tracker.[15] Georg [1] https://blog.torproject.org/new-release-tor-browser-804 [2] https://blog.torproject.org/new-release-tor-browser-85a6 [3] https://trac.torproject.org/projects/tor/ticket/1623 [4] https://trac.torproject.org/projects/tor/ticket/26475 [5] https://trac.torproject.org/projects/tor/ticket/26381 [6] https://trac.torproject.org/projects/tor/ticket/25164 [7] https://trac.torproject.org/projects/tor/ticket/26843 [8] https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~TBA… [9] https://trac.torproject.org/projects/tor/ticket/27105 [10] https://trac.torproject.org/projects/tor/ticket/25658 [11] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [12] https://trac.torproject.org/projects/tor/ticket/28716 [13] https://trac.torproject.org/projects/tor/ticket/28044 [14] https://trac.torproject.org/projects/tor/ticket/10760 [15] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…

1 0

Notes from January 10 2019 Vegas team meeting
by Karsten Loesing 11 Jan '19

11 Jan '19

Notes for January 10 2019 meeting: Gaba (offline in a conflict resolution workshop): 1) S8 reports 2) Anti-censorship position decided. 3) Network team 3.1) modularization project and anti-censorship project starting 4) Collecting funding proposals for a couple of grant opportunities Arturo: 1) Will be releasing OONI Probe mobile 2.0 next week and working towards that 2) Published a blog post together with CAIDA on internet disruption in Gabon https://ooni.torproject.org/post/gabon-internet-disruption/ 3) Formed a partnership with ASUTIC from Senegal: https://twitter.com/OpenObservatory/status/1083096397161742336 isabela: 1) Sent invoice for Mozilla match 2) Helping organize fundraising 2019 roadmap 3) Working on 'there is no dark web' strategy -> 4) Working on response for OTF onion services proposal 5) Coordinating f2f meeting with Sida and presentation to Sida staff about Tor and our work with them (jan 30th) 6) Coordinating follow up with Mozilla - outcomes from our meeting at the All Hands 7) Follow up with media inquires and connecting with major donors Georg: 1. Dealing with backlog after vacation 2. Where are we with our blog comments policy? [see my update - Alison][Looks good - Georg] Sarah: 1) Working on campaign results and will send with December Fundraising report today. 2) Thanking campaign donors. 3) Connecting with major donors. 4) Planning for major donor and monthly donor program launch. 5) Granted funding for modularization work. 6) Al submitted a proposal for UX work. 7) Plotting out 2019 grant/foundation strategy. Alison: 1) Alison is working on all things LFI -- recruitment, curriculum revisions, website stuff 2) lots of Sponsor9 stuff happening -- upcoming travel and contact with partners 3) Colin is planning a relay operator meetup at FOSDEM 4) Maggie is working on volunteer coordination 5) We are all adding our ideas to a doc for the DRL SOI Antonela: 1) working on TBA8.5a 2) reviewing OTF onion services proposal 3) organizing Usability Research for 2019 4) reviewing tpo.org and tpo.org/about staging 5) asked sarah for the tpo.org/sponsors content 6) working on our new 2019/2020 outreach material 7) working on illustrations for tpo.org 8) preparing my talk for Fosdem 9) working on OONI country pages 10) Added a list of ideas at the DRL SOI doc 11) preparing next week Mozilla Monthly meeting, we will do a recap of what happened in All Hands Roger: ===Things I did: - Reviewed three more Usenix Security submissions; discussion continues. - Did three more safety board reviews / assessments. - Helped do further revisions of our RACE proposal; kept talking to our PM. - Advised Rob and Micah on a Shadow proposal we're hoping to do. - Helped move forward the anticensorship team selection. - Pulled together and submitted our Sponsor3 final report and outcome document. - Wrote two team mission-roadmaps (anti-censorship and network health). - My Fosdem main-track talk got in - I asked Antonela to help clean up my Tor slides. - Paul and I might go to NYC in March to debate Tor with NYPD folks. - Dealt with email disasters. Still somewhat ongoing. Let me know if I've dropped something. ===Questions for this group / things on my todo list: - I still need to do our SponsorM reports. That's now back to pending on me. - Should each vegas team try to write an equivalent mission-roadmap, like the two above? Could help with focusing mission, with identifying gaps, with fundraising, and with community engagement. - Should we write a 2018 annual report? It's been a while. - Can we have an employee handbook? Or even just a list of resources all in one place? I only learned last week that I can log in to adp and see my paystubs. - I have continued to drop the ball on answering the financials blog post comment full of questions that we would be smart to embrace transparency about. FYI in case anybody wants to step in or help out. - Should we take notes on the steps to a proper fundraising campaign, while it's still fresh? And/or do a retrospective. Like, there are several steps we should have started much earlier. [I am working on results and takeaways. - Sarah][I had in mind not just a retrospective, but a checklist for next time, with timing advise. -Roger] - Is somebody following the "Orbot trac consolidation" thread? Gaba or Pili maybe? Sue: 1) Finalizing month/quarter ending financial information to be able to bill our funders. 2) Did a massive reconciliation of expense reimbursements for employees and as of today will have paid out all expenses to employees that had been missed since October 2018. If you find any expenses that you feel you have not been reimbursed for please email accounting@ and I will follow-up with you directly. 3) Can I ask that team leads re-emphasize to all employees that they need to put in expense reimbursements on the current week’s time sheet and not on previous time sheets. This is how expenses are missed. As noted in my presentation in Mexico City if you have an expense for December, and it is January, you should include it on this week’s time sheet in January. Also, please add the date of the actual expense in the comments section. 4) Working on hiring contractor to assist with accounting work. 5) Finalizing 6/30/2018 audit. 6) Responded to DRL about 2016 audit findings, awaiting their response. Erin (Offline for meeting, at dispute resolution workshop with Gaba!): 1) Moving forward with anti-censorship team hiring (announcement soon) 2) Misc. personnel stuff Nick: 1) put out releases 2) building up to feature freeze on 15 Jan for 0.4.0.x 3) S8 is done; S19 and S31 are still ramping up. Steph: 1) blog posts: final count post up today 2) responding to some press inquiries 3) working on comms strategy 4) tried to share a FOSDEM stand and asked them to reconsider us to no avail. We were told by a rep we could have a "Birds of a Feather" meeting after a talk instead, but I havent heard back how to sign up for that -- if anyone finds out, lmk! and i'll keep digging 5) drafting a more specific Tor stories survey 6) social media, as always! Pili: 1) Sponsor 8 Q4 report 2) Collecting funding ideas for 2019 from teams. 3) Tor Browser Release meeting 4) Trying to get my head around budget for teams :) 5) Helping with response for OTF onion services proposal Karsten: 1) Started extending OnionPerf towards pluggable transport support. 2) Started refactoring R code in metrics-web to make it more maintainable. Mike: 1) Working on getting as much Sponsor2 (circuitpadding) stuff done by 0.4.0 freeze as possible 2) Helping with modularization plan

1 0

Topics on Internet Censorship and Surveillance (TICS): Call for Contributions
by juga 10 Jan '19

10 Jan '19

Hi, this might be of your interest: https://www.iaria.org/conferences2019/filesICN19/TICS.pdf Cheers, juga.

1 0

community team highlights -- November and December
by Alison Macrina 09 Jan '19

09 Jan '19

Behold! November 2018 Community Team highlights Meeting notes ================================================================== https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam#Curre… Community Portal and Support Portal ================================================================== In November we finished migrating the Tor Manual to Lektor and replaced the old manual. We updated the Tor manual screenshots to match the new UI, and added new info to the manual based on Maggie's user advocacy research. We also started creating community portal outreach kits with the UX team. Library Freedom ================================================================== Alison held weeks 23-26 of the first Library Freedom Institute cohort. The cohort worked on their final projects which were presented in December. Alison began working on recruitment for LFI cohort 2 (which will take place in 2019). We are also redesigning the Library Freedom website so that it's 50% Library Freedom Project and 50% Library Freedom Institute. Outreach/Sponsor9 ================================================================== We finalized some of our Sponsor9 travel dates for 2019. Gus continued coordination with partners in Argentina, Brazil, India, Thailand, and Indonesia. A number of us worked on the Sponsor9 Phase 1 report. Gus has also been coordinating a Tor volunteer project with the University of Sao Paulo (USP). Gus held a security workshop at BIENAL in Sao Paulo. dmr held the Aaron Swartz Day celebration in Ann Arbor @ AADL with Cryptoparty Ann Arbor. Kushal announced the dgplug Pune privacy meetup India (Kushal). Gus also held a Tor training with journalists (ABRAJI) ( https://blog.torproject.org/events/tor-training-abraji-sao-paulo) Sponsor19 ================================================================== Kat submitted the initial Sponsor19 report to the funder. Volunteers ================================================================== Maggie has been working on creating better volunteer onboarding and tasks, including trac tags for first time volunteer tasks and more. December 2018 Community Team highlights Meeting notes ================================================================== https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam#Curre… Community Portal and Support Portal ================================================================== We continued work on the community portal outreach kits, and followed up with the sysadmins about the support portal search function. emma moved the glossary to the support portal. Maggie worked on a Tor vs. VPN document for inclusion on the support portal. Localization ================================================================== emma, Erin, and Gus worked on organizing an AMA with Localization Lab in January. emma worked on a localization blog post. Library Freedom ================================================================== Alison wrapped up the first cohort of LFI in the first week of December. Now we're working on an analysis of the program and a curriculum review. The application period for LFI cohort two began December 10 (libraryfreedomproject.org/lfi) Alison is recruiting from various library organizations and on Twitter. She's also still working on the Library Freedom website redesign. Finally, we published an LFI EOY blog post at the end of December. Volunteers ================================================================== Maggie continues to work on volunteer onboarding and tasks with each team. Gus continued recruitment for the USP volunteers. Outreach and Sponsor9 ================================================================== Gus continued coordination with partners in India, Thailand and Indonesia, Argentina, and Brazil. Gus gave talks at Criptofesta Sao Paulo (https://blog.torproject.org/events/criptofiesta-sao-paulo) Criptofesta Salvador (https://blog.torproject.org/events/criptoaxe-salvador) Criptofesta Brasilia (https://blog.torproject.org/events/criptocerrado-brasilia) and a few private privacy workshops in Sao Paolo and Rio. Alison attended Mozilla All-Hands December 3-7. Alison submitted a RightsCon proposal for a panel of security activists from various organizations. Sponsor19 ================================================================== Kat started working on the second report for this sponsor. Relay Advocacy ================================================================== Colin resumed running once a month IRC relay operator meetings. He also started planning the FOSDEM relay operator meet-up. Steph and Colin are working on updating the relay flyers. Colin continues to work on communicating with OVH regarding relays without contactinfo added to the network. Finally, Colin has been working with Bill from EFF on a Tor relay challenge. -- Alison Macrina Community Team Lead The Tor Project

1 0

December 2018 report and January 2019 plans for the metrics team
by Karsten Loesing 09 Jan '19

09 Jan '19

Hello Tor, hello world! Below you'll find the highlights of Tor metrics team work done in December 2018 as well as a few expected highlights for the current month, January 2019. On behalf of the Tor metrics team, Karsten December 2018: Published technical report "Towards modernising data collection and archive for the Tor network" [1] and implemented a prototype replacement [2]. [1] https://research.torproject.org/techreports/modern-collector-2018-12-19.pdf [2] https://github.com/irl/bushel Published end-of-year campaign blog post "Strength in Numbers: Measuring Diversity in the Tor Network" [3]. [3] https://blog.torproject.org/strength-numbers-measuring-diversity-tor-network Updated the "Total consensus weights across bandwidth authorities" graph to only contain running relays and to also contain consensus numbers [4, 5, 6, 7]. [4] https://metrics.torproject.org/totalcw.html [5] https://bugs.torproject.org/28137 [6] https://bugs.torproject.org/28328 [7] https://bugs.torproject.org/28352 Updated 4 graphs containing OnionPerf data to show all sources separately rather than an aggregate number [8, 9]. [8] https://metrics.torproject.org/torperf.html [9] https://bugs.torproject.org/28603 Combined 3 graphs on consumed bandwidth into a single visualization using stacked area charts [10, 11]. [10] https://metrics.torproject.org/bandwidth-flags.html [11] https://bugs.torproject.org/28353 Found a bug [12] that broke bandwidth history graphs at the end of November 2018 and that subsequently caused glitches in the user number graphs, and re-imported missing data from November and December 2018. [12] https://gitweb.torproject.org/metrics-web.git/commit/?id=9dd35e29084ed9380c… Made a couple internal changes to the Tor Metrics website that will make it a lot easier to maintain in the future, including Java rewrites of the censorship detector [13] and parts of the advbwdist module [14], and using readr's read_csv() rather than R's save() and load() to speed up drawing graphs [15]. [13] https://bugs.torproject.org/21588 [14] https://bugs.torproject.org/28801 [15] https://bugs.torproject.org/28799 January 2019: Extend OnionPerf to support measuring with a pluggable transport. Deploy a fourth OnionPerf instance to improve vantage point diversity. Write a Tech Report that gives an overview of the Tor Metrics codebases. Use Java 8 date-time functionality [16] in more Tor Metrics codebases. [16] https://bugs.torproject.org/23752 Share more code between the modules providing data for Tor Metrics graphs [17]. [17] https://bugs.torproject.org/28342

1 0