- tor-project - lists.torproject.org

January 2019 report for the Tor Browser team
by Georg Koppen 07 Feb '19

07 Feb '19

Hi everyone! 2019 started with two releases for the Tor Browser team, Tor Browser 8.0.5[1] and 8.5a7[2]. Both contain security fixes to Firefox and ship updated Tor versions (0.3.5.7 and 0.4.0.1-alpha, respectively). The alpha release, moreover, contains our new logo for the alpha channel (thanks to Antonela and Richard for driving this!) and a number of fixes to crashes noticed in previous releases.[3][4][5] Apart from working on those releases we moved forward with our work on the next Tor Browser for Android milestone, TBA-a3. All tickets tracked for this task can be found under the `TBA-a3` keyword.[6] For the desktop side we made further progress in our security settings redesign[7] and started to move to a new toolchain for Windows, which is now clang-based[8]. The full list of tickets closed by the Tor Browser team in January is accessible using the `TorBrowserTeam201901` keyword in our bug tracker.[9] In February we plan to release another alpha containing in partiulcar the latest improvements for mobile users and to start addressing the remaining blockers for a Tor Browser 8.5 stable release. We'll work further on our toolchain improvements (the mingw-w64/clang-based toolchain and building 32bit Linux bundles on 64bit machines[10]) and on our Tor Launcher and Torbutton integration into the browser code itself.[11][12] All tickets on our radar for this month can be seen with the `TorBrowserTeam201902` keyword in our bug tracker.[13] Georg [1] https://blog.torproject.org/new-release-tor-browser-805 [2] https://blog.torproject.org/new-release-tor-browser-85a7 [3] https://trac.torproject.org/projects/tor/ticket/28705 [4] https://trac.torproject.org/projects/tor/ticket/27531 [5] https://trac.torproject.org/projects/tor/ticket/28874 [6] https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~TBA… [7] https://trac.torproject.org/projects/tor/ticket/25658 [8] https://trac.torproject.org/projects/tor/ticket/28716 [9] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [10] https://trac.torproject.org/projects/tor/ticket/26323 [11] https://trac.torproject.org/projects/tor/ticket/28044 [12] https://trac.torproject.org/projects/tor/ticket/10760 [13] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…

1 0

Board Meeting Minutes from December 10, 2018
by biella 06 Feb '19

06 Feb '19

Hi all, Please find our meetings from our Dec 10 2018 meeting here Regards, Gabriella https://gitweb.torproject.org/company/policies.git/commit/?id=83aa99915cd5a… Tor Project Board Meeting Minutes for December 10, 2018 Phone/video meeting called to order at 16:00 UTC Present: Isabela Bagueros, Shari Steele, Matt Blaze, Ramy Raoof, Cindy Cohn, Biella Coleman, Julius Mittenzwei, Roger Dingledine, Megan Price, Nighat D – Approval of October 1, 2018 minutes. Biella made the motion to approve, Ramy seconded, all voted in favor. RESOLVED: board approved minutes from October 1, 2018. 2. Board Discussed and Passed Two Resolutions around Bank and Stock Accounts – Motion one: The board of directors of the Tor Project, Inc., hereby authorizes Sue Abt, Erin Wyatt and Cindy Cohn to be added as a signatory on the organization's Bank of America checking account #XXXXX.Cindy moved the motion, Julius second, all voted in favor. – Motion two: The board of directors of the Tor Project, Inc., hereby authorizes Sue Abt to be added as signatory on the organization's Merrill Lynch stock account.Cindy moved the motion, Matt seconded the motion, all voted in favor. RESOLVED: Sue Abt, Erin Wyatt and Cindy Cohn added as signatories on the organization's Bank of America checking account and Sue Abt added as signatory on the organization's Merrill Lynch stock account. 3. Finances – Isabela went over grants, budget, and pending grants. – Discussion about changes aroundgrant writing and hiring priorities. Nick left 12:32 4. New board members – After Cindy’s initial discussion Shari, Ramy, and Biella volunteered to reach out to prospective candidate Meeting Adjourned at 18 UTC

2 1

Tor Browser team meeting notes, 4 Feb 2019
by Georg Koppen 04 Feb '19

04 Feb '19

Hello! Our first weekly meeting in February 2019 just finished. The IRC log, as usual, can be found at: http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-02-04-18.29.l… The notes from the pad are: Monday February 4, 2019 tjr - I am working this week, on: https://bugzilla.mozilla.org/show_bug.cgi?id=1407366 letterboxing prototype replying to geko's reply to my emails would like to work on the accessibility issue; but I think jacek is better suited. i asked if it was on his radar (GeKo: thanks, and yeah, Jacek helping would be very neat here) review gk's mingw-clang work yah know - emails and stuff - Not planning to work on this week: https://bugzilla.mozilla.org/show_bug.cgi?id=1471698 Work around binutils corrupting mingw clang binaries. https://bugzilla.mozilla.org/show_bug.cgi?id=1524742 What is Tor's thought on this? (GeKo: not high prio but it would be neat to get this fixed) mcs and brade: Last week: - Shared draft proposal for #28044 (Integrate Tor Launcher into tor-browser): https://lists.torproject.org/pipermail/tbb-dev/2019-January/000951.html - Created a patch for #29180 (MAR download stalls when about dialog is opened). - Revised patch for #28885 (notify users that update is downloading). - Started to look at the Firefox updater security audit report. This week: - #29328 (account for tor 0.4.0.x's revised bootstrap status reporting). - #29045 (ask tor to leave dormant mode). - Spend more time looking at the Firefox updater security audit report. - Respond to feedback on #28044 proposal (Integrate Tor Launcher into tor-browser). pili: Last week: - GSoC - S8 (TBA) Q4 report submitted This week: - Tor Browser Release meeting - Tor Browser Vision meeting sysrqb: Last week: - 80% complete with patch for #28329 (Bootstrapping UI) (GeKo: Yay, for getting this ready, it's a ton of work!) - Began looking at TOPL patches - Chatted with Anto about bootstrapping UI This week: - Finally, really, actually finish #28329 - Finish TOPL patch review - Integrate #28329 with TOPL (if any changes are needed) - Move onto next TBA-a3 ticket boklm: Last week: - published the releases - made patch for #29193 (obfs4 needs golang.org/x/net/http2) - made patch for #29235 (Build of https-everywhere fails because python3.6 is not available in buster anymore) - read the proposal for #28044 (Integrate Tor Launcher into tor-browser) This week: - try to get working patch for #26323 (Build 32bit Linux bundles on 64bit systems) - continue work on testsuite - some reviews - make patch for #29183 (We are using linux i686 langpacks in the linux x86_64 builds) igt0: Last week: - UI for #25764 is done, the integration side is a bit messy. - Review and tested more stuff This week: - Fix rough edges of my patch to the #25764 GeKo: Last week: - did a lot of work regarding the mingw-w64/clang toolchain: wrote patches for #28716, #29307, #29319; helped upstreaming an lld patch (https://bugs.llvm.org/show_bug.cgi?id=40582) and opened tickets for the remaining items to work on; posted bundles on #28238 to test the result - work on Torbutton integration into Tor Browser (#10760) - started to look into NSIS reproducibility issue (#29185) - reduced my email backlog - helped with the releases and dealt with blog comments - looked over the Tor Launcher proposal This week: - more work on #29185 and #10760 - looking into open issues for the mingw-w64 toolchain (SSP support, reproducibility) - begin of the month team admin stuff pospeselr: Last week: - various code reviews - #25658 (securiyt settings) UI work This week: - #25658, make all the new XUL actually do something besides look pretty - antonela: would you like a preview build of what we have so far? sisbell: Last week: - 29080/27609: TOPL - fixed more issues In TOPL based on feedback/testing - pull request being reviewed. Added content providers to tor-android-service. Started fixes based on orbot patches (in tor-browser-build). This Week: - 29312 - TBB for TOPL - 29313 - TBB for tor-android-service - Finish adding patches for tor-android-service - Will be taking PTO Friday (and possibly following Monday) Georg

1 0

Tor Browser Release Meeting: Wednesday 6th February @1900UTC
by Pili Guerra 04 Feb '19

04 Feb '19

Hi everyone, It's time for our next Browser Release meeting: Wednesday 6th February @1900UTC over at #tor-meeting We’re now looking ahead at our next Tor Browser Alpha release at the end of February as well as the security and stable releases in March. We’ll be taking requests, so please come along if you have anything you’d like to discuss. We look forward to seeing you there :) Thanks! Pili — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

1 0

announcing the next Tor Meeting location....
by Alison Macrina 04 Feb '19

04 Feb '19

We're excited to meet and hack with the Tor community in Athens, Greece in May 2019! The meeting planners are working on finalizing the precise dates and people for the invite-only portion of the meeting, but the open days will be held 18-19 May. Mark your calendars! Alison -- Alison Macrina Community Team Lead The Tor Project

3 3

Two new open jobs at Tor Project!
by Erin Wyatt 31 Jan '19

31 Jan '19

Hey everyone! We have two new open positions. Please help us spread the word! + Browser Developer https://www.torproject.org/about/jobs-browserdeveloper.html.en + Backend Engineer for OONI https://www.torproject.org/about/jobs-backenddeveloper.html.en Both job descriptions are attached in PDF and plain text format, and both are pasted below. Please share, forward, tweet, etc! Thank you! Have a great weekend. Cheers, Erin Wyatt Director of People and Office Operations ewyatt(a)torproject.org PGP: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE ———————————>8———————————>8———————————>8 Internet Freedom Nonprofit Seeks Backend Engineer for OONI The Tor Project, Inc. is looking for a dedicated backend engineer to work on OONI (https://ooni.torproject.org/) OONI is the Open Observatory of Network Interference: a free and open source software, global observation network for detecting censorship, surveillance, and traffic manipulation on the internet. You will be working to improve OONI’s data processing pipeline and other backend components responsible for recording measurements collected from our growing global user network. You will also be tasked with improving our network measurement methodologies and data analysis heuristics to increase the accuracy of our experiments. This is a full-time 12-month contract position, starting ASAP (no later than mid-May 2019); contract may be extended. The OONI team is based in Europe. However, this position may be performed remotely. Here are some of our code repositories: https://github.com/ooni/api https://github.com/ooni/pipeline https://github.com/ooni/orchestra https://github.com/ooni/collector https://github.com/ooni/sysadmin Required skills and qualifications: - Extensive experience in python or golang. - Comfortable working remotely. - Self-directed, self-disciplined, but good at working and communicating with a team. - Have experience and be comfortable with others reviewing your code and design; have experience and be comfortable reviewing others’ code. - Experience documenting and designing protocols. - Be comfortable with transparency! Preferred qualifications: - Experience designing, implementing, and maintaining scalable complex network applications. - Working experience with data processing pipelines. - Possess the confidence to refactor code and write unit-tests. - Familiarity with the challenges of developing and scaling data processing pipelines. - Familiarity with the network measurement field. - Experience with open-source software development, including working with distributed teams across different time-zones containing employees and volunteers of differing skill levels. - Basic familiarity with distributed version control systems. - Contributed significant chunks of code to multiple open-source projects in the past. - Be passionate about internet freedom and interested in contributing to it in a concrete way! Other notes: Academic degrees are great but not required if you have the right experience. You should be very good at working remotely at communicating with the team on a daily basis via Slack, IRC, instant messaging, email, and issue trackers. Salary negotiable. How to apply: Please email a *PDF* of your resume/CV, and a cover letter explaining how your qualifications and experience meet the requirements of this job description. Please include the reasons why you want to work on OONI. Please also include link to one or several code samples (of which you are authorized to share), and also your GitHub or GitLab profile, and three professional references. Email should be sent to jobs at openobservatory dot org with "OONI Backend Engineer" in the subject line. About the project: The Open Observatory of Network Interference (OONI) is a free software project under the Tor Project. OONI collects and processes network measurements with the aim of detecting network interferences, such as censorship, surveillance, and traffic manipulation. Since late 2012, OONI has collected millions of measurements across more than 90 countries around the world. The Tor Project, Inc., is a 501(c)(3) non-profit organization that provides the technical infrastructure for privacy protection over the Internet. With paid staff and contractors of around 30 technologists and operational support people, plus many volunteers all over the world who contribute to our work, the Tor Project is funded in part by government grants and contracts, as well as by individual, foundation, and corporate donations. We only write free and open source software, and we don't believe in software patents. The Tor Project, Inc., is an equal opportunity, affirmative action employer. ———————————>8———————————>8———————————>8 The Tor Project is looking for a Browser Developer (C++ and Javascript) As a browser developer, your job would be to work closely with other members of the Tor Browser development team on C++ patches to our Firefox-based browser, writing new APIs, altering functionality for privacy and security, and making improvements to our collection of Firefox add-ons (JavaScript code). Being a Tor Browser developer includes triaging, diagnosing, and fixing bugs; looking for and resolving web privacy issues; responding on short notice to urgent security issues; and working collaboratively with coworkers and volunteers to implement new features and web behavior changes. We also need help making our code more maintainable, testable, and mergeable by upstream. The person in this position will also review other people's code, designs, and academic research papers to make suggestions for improvement. This is a full-time position. Required Qualifications: - Experience in C++ (and ideally, JavaScript). Five years of C++ experience is probably necessary for the level of expertise we want, though some of these years can be replaced with other Object Oriented Programming and/or C experience. If you meet this level of experience with C++/OOP, JavaScript can be learned on the job. - Possess a solid understanding of issues surrounding secure C++ programming and reference counted memory (at least to the level of avoiding issues). - Be comfortable diving into new, unfamiliar codebases, looking for ways to alter and augment their functionality in specific, goal-oriented ways. - Be familiar with web technologies and how the web works, especially the same-origin model and web tracking. - Willingness and ability to justify and document technical decisions for a public, world-wide technical audience. - Be comfortable working remotely with a geographically distributed team. - Experience interacting with users and other developers online, including experience being confronted with differing ideas and opinions (not always in a nice manner), while maintaining a high level of professionalism. - Comfort with transparency: as a non-profit organization who develops open source software, almost everything we do is public, including your name (or at least your business name) and possibly salary information. Preferred qualifications: - Familiarity and/or experience with writing add-ons and/or patches for Mozilla Firefox or other web browsers. - Familiarity with compiling software for the Android platform. - Familiarity with browser fingerprinting defenses - Familiarity with Firefox's internal architecture, including its use of multiple processes and sandboxing. - Be intensely creative yet also ruthlessly pragmatic in your thinking. - Possess knowledge/familiarity of probability, statistics, and information theory. - Know enough about networking to be able to visualize what HTTP 1.1 looks like on the wire while encapsulated within Tor's network protocol. - Experience working with distributed (remote) teams across different time-zones with people of differing skill levels over multiple mediums, including email, instant messaging, and IRC. - Open-source experience: contributed significant chunks of code to multiple open-source projects in the past. - Familiarity with distributed version control systems, including Git. - Familiarity with rust - Genuinely be excited about Tor and its values! - Willingness and ability to travel internationally to twice-yearly team meetings (strongly preferred). For a more detailed understanding of the full breadth and depth of the work you'd be doing, have a look at The Design and Implementation of the Tor Browser, especially The Design Requirements section at https://www.torproject.org/projects/torbrowser/design/#DesignRequirements. Academic degrees are great, but not required if you have the right experience! The team coordinates via IRC, email, and bug trackers. This position may be performed remotely, but we would be happy to provide a desk at our office in Seattle, Washington. Salary negotiable. We have a competitive benefits package, including a generous PTO policy; 14 paid holidays per year (US; including the week between Christmas and New Year's, when the office is closed); health, vision, dental, disability, and life insurance; flexible work schedule; and occasional travel opportunities. To apply: Please email a *PDF* of your resume/CV, and a cover letter explaining how your qualifications and experience meet the requirements of this job description. Please include the reasons why you want to work at Tor Project, and include links to code samples, if possible. Email should be sent to job-browser at torproject.org with "Browser Developer" in the subject line. Link to at least one of your code samples (ideally, more than one and all of which we will presume you are authorized to disclose). No phone calls, please! About the Organization: The Tor Project, Inc., is a 501(c)(3) non-profit organization that provides the technical infrastructure for privacy protection over the Internet. With paid staff and contractors of around 30 technologists and operational support people, plus many volunteers all over the world who contribute to our work, the Tor Project is funded in part by government grants and contracts, as well as by individual, foundation, and corporate donations. We only write free and open source software, and we don't believe in software patents. The Tor Project, Inc., is an equal opportunity, affirmative action employer.

1 0

Damian's Status Report - January 2019
by Damian Johnson 30 Jan '19

30 Jan '19

Hi lovely onion enthusiasts! Here's my status report for the Nyx and Stem fronts this last month... https://blog.atagar.com/january2019/

1 0

Tor Browser team meeting notes, 28 Jan 2019
by Georg Koppen 29 Jan '19

29 Jan '19

Hi, Yesterday we had our first weekly meeting adhering to the new meeting time and location. For those following along at home: from now on we ,meet 1830UTC on Mondays in #tor-meeting2, as the meeting time usually overlaps with the network team meeting in #tor-meeting. That said our IRC log got covered by MeetBot as usual and is available at: http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-01-28-18.29.l… Meeting notes from the pad are below: Monday January 28, 2019 Discussion - planning for next mobile release (GeKo: We try to have TBA-a3 out by end of Feb, otherwise it's getting too close for the proposed 8.5 stable release date) mcs and brade: Last week: - Code reviews. - Revisited #28885 (notify users that update is downloading). - Worked on proposal for #28044 (Integrate Tor Launcher into tor-browser). - Experimented some more. - Draft proposal is nearly ready to share with the team. This week: - Publish draft proposal for #28044 (Integrate Tor Launcher into tor-browser). - Work on #29180 (MAR download stalls when about dialog is opened). - Revisit #28885 (notify users that update is downloading). GeKo: Last week: - release preparations - code reviews (#28885, #27828, #29097, #29143, #12885, #29178, #26858, #27531, #28705) - dealing with last minute release blockers (#29185, #29182, #29179) - wrote patch for #29187 - continued working on mingw-w64/clang toolchain and Firefox build (#28716 and #28238) - started to get back to emails (sorry, tjr, did not get to yours but they are on top of the stack now) - helped with various proposals and sponsor reports (nlnet, otf, sponsor8) - sysrqb: sisbell: see comment:14 https://bugzilla.mozilla.org/show_bug.cgi?id=1516642 (I am still thinking about what to reply, but we might want to do that outside of that particular bug anyway) - sysrqb: (okay, it's only bold here) ack. i wish following m-c was easier.VV - I got inspired over the weekend (and by the discussion on tbb-dev) and started to look at our updater security. I am in the process of going over the code and writing a state-of-the-tor browser-update document. It's a spare time project, so no big promises so far. Folks interested might enjoy the recent-ish audit of the firefox updater: https://bugzilla.mozilla.org/attachment.cgi?id=8985197 mcs: where is the tbb-dev discussion? I missed it somehow. (GeKo: I meant https://lists.torproject.org/pipermail/tbb-dev/2018-December/000934.html ff.) This week: - release preparations - further work on mingw-w64/clang toolchchain - getting back Torbutton integration into tor-browser (#10760) - trying to figure out #29185 - more emails - more reviews pospeselr: Last week: - code reviews ( #29082, #21805 ) - #25658 work (security settings) This week: - get a #25658 patch up for review boklm: Last week: - reviewed: #28618 #27597 #27503 - reopened and fixed #29097 (https-everywhere make.sh explicitly depends on missing python 3.6) - updated patch for #29143 (fix build of obfs4 in nightly builds) - made patches for: - #29158 (Add fix for DSA 4371-1 (apt vulnerability)) - #29181 (Make it possible to force rebuild of debootstrap-image) - #29178 (Don't build master of goxcrypto, goxnet, uniuri and go-webrtc) - helped build the new releases This week: - help with publishing the new releases - Try to find some fix for #29158 for wheezy-i686 (GeKo: I think the right thing to do here is not wasting too much time on finding a workaround for that but fix #26323) - continue work on testsuite - make patch for #29183 (We are using linux i686 langpacks in the linux x86_64 builds) - work on #25623 (Disable network during build) - work on #26323 (Build 32bit Linux bundles on 64bit systems) - some reviews: #28716, #28803 sysrqb: Last week: - 28705 and 28814 (Downloading crash, and allow installing another apk within TB) - Investigated mobile build failure after backporting patch - More of new bootstrapping UI (#28329) - but still not complete This week: - TBA release - Hopefully complete 28329 branch - Maybe fastlane igt0: Last week: - Updated #25764 tablet layout - Rebased #25764 on top of master - Reviewed more tor button tickets This week: - Send #25764 to review - More TBA alpha tickets pili: - Roadmapping - OTF Proposal (warnings/notifications & new identity) - NLNet ESR proposal - GSoC investigation sisbell: Last week: - Did testing of integrated TOPL.OrbotService code, various bug fixes and improvements. Everything now working correctly. - Opened 10+ issues on TOPL project (GitHub). These are for the changes we need for integration. This Week: - Finish TOPL commits to project (by tomorrow latest) and do pull request - Create new GitHub project with modified OrbotService - Fork Orbit project, integrating TOPL and the OrbotService - If time, start on tor-browser-build Georg

1 0

Notes from January 24 2019 Vegas team meeting
by Karsten Loesing 26 Jan '19

26 Jan '19

Notes for January 24 2019 meeting: Nick: 1) Prepping for hackweek 2) Need to meet with metrics team at hackweek; Gaba is making sure it happens. 3) 0.4.0.1-alpha is out. TBB folks, please let us know if you see any tbb-needs stuff. (GeKo: right now only #28614 and related tickets come to mind) 4) With the Brussels hackweek coming up, this is a good time to remind people about expenses. Let's talk about Sue's Harvest proposal? Gaba: 1) Coordinating for hackweek (metrics and network teams and 1 person from anti-censorship team) 2) Finished sponsor 8 Q4 report Arturo: 1) Launched the revamped OONI Probe mobile app! https://ooni.torproject.org/post/revamped-ooni-probe-mobile-app/ 2) Published an OONI Year in review blog post: https://ooni.torproject.org/post/ooni-in-2018/ 3) Published a research report on censorship in Zimbabwe: https://ooni.torproject.org/post/zimbabwe-protests-social-media-blocking-20… 4) Working on the OONI Explorer country pages 5) Going to publish a job posting for the OONI Backend engineer position Georg: 1) Preparing new Tor Browser releases (8.0.5 and 8.5a7); work on our next big Tor Browser for Android milestone Steph: 1) Edited copy for a beautiful new brochure 2) Strategizing with Isa 3) Upcoming posts: TPL, year in review/looking fwd 4) We will share a booth with fossasia at FOSDEM, Gaba taking from here 5) Press inquiries. 6) Creating new Tor stories survey Alison: 1) Finishing up new outreach brochures with comms and UX 2) Doing LFI recruitment and curriculum development 3) Much of the community team is prepping for sponsor9 travel Sarah: 1) Sending thank you emails with 2018 giving totals to monthly givers 2) Working with Al and grants team on NLnet proposals 3) Helping respond to OTF questions 4) Meeting with Isa and Jon about optimizing donation flow 5) Planning changes to the donation page for major donor program, monthly giving program, and cryptocurrency donations Antonela: 1) Wrapping outreach material, content was reviewed by comms and is ready for emmapeel to start the localization workflow. I'm still working with covers and back posters. 2) Reviewing tpo.org, tpo.org/about, tpo.org/download on staging with Hiro. 3) Working on OONI Country pages with Elio. We are running user testing with Explorer users this week, coordinated by Maria. 4) Working on Q12019 user research documents with Caroline Sinders 5) Alon will work on illustrations for tpo.org. He will join us at our regular open meetings. 6) I was a reviewer for the Spanish localization for the Pluggable Transports guide. 7) Reviewing OTF UX proposal 8) Fosdem Talk and Roger slides are in progress. Sue: 1) Working with auditors to finalize Financial Audit 2) Working with Sida Auditors for definitions required for Attestation Audit 3) Working with DRL Auditors on 2016 findings 4) Working on various payroll/pension items for International Payroll compliance Pili: 1) Team Roadmap reviews 2) S8 Report wrap up 3) Gettor handover meeting 4) More GSoC "investigation" isabela: 1) getting ready for Board meeting tomorrow (Friday Jan 25th) 2) reviewing reports (sponsor 8 and rose foundation) 3) reviewing proposals (NLnet, DRL, OTF) 4) synced with Steph on the 'there is no dark web strategy' 5) getting ready for all things w/ sida for next week Roger: 1) I'm getting back up to speed after health issues. I'm mostly answering and writing emails as usual. If you need something from me, let me know (with a fresh reminder I mean). Erin: 1) general hr stuff 2) anti-censorship team announcement will go out today Karsten: 1) Prepared metrics-web patch that will switch from Ant to Java-only for running the daily updater. This is the first step in reusing code between modules and simplify operation. 2) Worked more on last remaining Sponsor 13 report. 3) Preparing for Brussels next week. Mike: 1) Working on vanguards 2) Prepping for network team meeting

1 0

December 2018 User Feedback Summary
by Maggie 25 Jan '19

25 Jan '19

Hey, friends! Welcome to the December 2018 user feedback report. For more information on what users and community members were talking about this month, check out the December 2018/January 2019 User Feedback pad [1]. TL;DR: There were a bunch of releases this month, and lots of user bug reports in the blog post comments. Reddit was about the same as always (with a focus on VPN and fingerprinting questions), and RT brought in a lot of questions about bridges and TBA. - Confusion about using a VPN with Tor continues to be common on Reddit and RT. I'm hoping that these questions will be addressed by the Tor v. VPN guide I'm writing up for the support portal, which will incorporate some of the information that pastly previously posted [2]. - People (especially Reddit users) have lots of questions about whether certain actions will allow them to be fingerprinted. I think we could address some of this with an expanded FAQ entry, and potentially by linking to EFF's Panopticlick [3] so that users can experiment with their settings themselves. - Tor is still broken for screen readers. This is a high priority fix, not only because this issue may prevent users with impaired vision from using Tor, but also because the issue interferes with our commitment to making Tor easy to use for everyone. Now, on to the feedback! Scroll further down to see a summary of Reddit posts, some points from Google Play Store reviews, a list of the most common Stack Exchange tags from the month, and a collection of some notable issues and bugs mentioned by users in December. --- Most common questions on Reddit: - How can I hide the fact that I'm using Tor; or, should I use a VPN together with Tor? - (these questions appear all the time, and will be addressed in a Tor v. VPN doc I'm working on for the support portal.) - Will doing _____ allow me to be fingerprinted? --- TBA Reviews & Feedback on Google Play Store: The average review score is currently 4.2. Reviews are a mix of people who are very excited to be able to use Tor on their mobile, people who are getting 'proxy server' errors, and people who are upset that it's slower than their usual browser. I will continue to investigate the reported 'proxy server' errors through related RT tickets. Users are also experiencing crashes on certain Android devices when attempting to download a file using TBA. --- Most common stack exchange tags: tor-browser-bundle: 12 this month configuration: 8 this month help: 5 this month orbot: 5 this month --- Notable bugs, fixes, & issues: #27503 [4] - Disabling accessibility on Windows breaks screen readers - OPEN (NEEDS INFORMATION) #28720 [5] - NoScript blocks certain videos starting with 10.1.9.2rc2 on security level "safer" - CLOSED - FIXED #28874 [6] - https://browserleaks.com/webgl crashes tab on 64bit Tor Browser for Windows - CLOSED - FIXED #28836 [7] - Links on about:tor are not clickable anymore on Windows starting with 8.5a5 - OPEN - NEEDS REVIEW #28705 [8] - Tor Browser on Android is crashing on newer Android devices (>= Android N) by file download - OPEN - NEEDS REVISION #29043 [9] - NoScript freezes the browser when scripts are enabled (TB 8.5a6) - OPEN #29032 [10] - Tor Browser 8.0.4 stops displaying text correctly in Virtualbox on Windows - OPEN --- That's it for the month of December! In the interest of keeping things short(ish), I've left out some other feedback. If you want to know more, please do check out the December 2018/January 2019 User Feedback pad [1] or reach out to me via email (waywardwyrd at riseup dot net) or IRC (wayward). Thanks for reading! I'll see you all back here next month! - wayward (Maggie) pronouns: she/they | twitter: @meochaidha <https://www.twitter.com/meochaidha> pgp: 0626 9C68 D0CC 1A5B E41B 72F2 615E B878 975C 4CDC ------ Annotations: 1. https://storm.torproject.org/shared/u4ch1acnksyrZD2Zu8_ODT2l_Va8iMPgqWQU41g… 2. https://matt.traudt.xyz/posts/vpn-tor-not-mRikAa4h.html 3. https://panopticlick.eff.org/ 4. https://trac.torproject.org/projects/tor/ticket/27503 5. https://trac.torproject.org/projects/tor/ticket/28720 6. https://trac.torproject.org/projects/tor/ticket/28874 7. https://trac.torproject.org/projects/tor/ticket/28836 8. https://trac.torproject.org/projects/tor/ticket/28705 9. https://trac.torproject.org/projects/tor/ticket/29043 10. https://trac.torproject.org/projects/tor/ticket/29032

2 1