- tor-project - lists.torproject.org

December 2018 User Feedback Summary
by Maggie 25 Jan '19

25 Jan '19

Hey, friends! Welcome to the December 2018 user feedback report. For more information on what users and community members were talking about this month, check out the December 2018/January 2019 User Feedback pad [1]. TL;DR: There were a bunch of releases this month, and lots of user bug reports in the blog post comments. Reddit was about the same as always (with a focus on VPN and fingerprinting questions), and RT brought in a lot of questions about bridges and TBA. - Confusion about using a VPN with Tor continues to be common on Reddit and RT. I'm hoping that these questions will be addressed by the Tor v. VPN guide I'm writing up for the support portal, which will incorporate some of the information that pastly previously posted [2]. - People (especially Reddit users) have lots of questions about whether certain actions will allow them to be fingerprinted. I think we could address some of this with an expanded FAQ entry, and potentially by linking to EFF's Panopticlick [3] so that users can experiment with their settings themselves. - Tor is still broken for screen readers. This is a high priority fix, not only because this issue may prevent users with impaired vision from using Tor, but also because the issue interferes with our commitment to making Tor easy to use for everyone. Now, on to the feedback! Scroll further down to see a summary of Reddit posts, some points from Google Play Store reviews, a list of the most common Stack Exchange tags from the month, and a collection of some notable issues and bugs mentioned by users in December. --- Most common questions on Reddit: - How can I hide the fact that I'm using Tor; or, should I use a VPN together with Tor? - (these questions appear all the time, and will be addressed in a Tor v. VPN doc I'm working on for the support portal.) - Will doing _____ allow me to be fingerprinted? --- TBA Reviews & Feedback on Google Play Store: The average review score is currently 4.2. Reviews are a mix of people who are very excited to be able to use Tor on their mobile, people who are getting 'proxy server' errors, and people who are upset that it's slower than their usual browser. I will continue to investigate the reported 'proxy server' errors through related RT tickets. Users are also experiencing crashes on certain Android devices when attempting to download a file using TBA. --- Most common stack exchange tags: tor-browser-bundle: 12 this month configuration: 8 this month help: 5 this month orbot: 5 this month --- Notable bugs, fixes, & issues: #27503 [4] - Disabling accessibility on Windows breaks screen readers - OPEN (NEEDS INFORMATION) #28720 [5] - NoScript blocks certain videos starting with 10.1.9.2rc2 on security level "safer" - CLOSED - FIXED #28874 [6] - https://browserleaks.com/webgl crashes tab on 64bit Tor Browser for Windows - CLOSED - FIXED #28836 [7] - Links on about:tor are not clickable anymore on Windows starting with 8.5a5 - OPEN - NEEDS REVIEW #28705 [8] - Tor Browser on Android is crashing on newer Android devices (>= Android N) by file download - OPEN - NEEDS REVISION #29043 [9] - NoScript freezes the browser when scripts are enabled (TB 8.5a6) - OPEN #29032 [10] - Tor Browser 8.0.4 stops displaying text correctly in Virtualbox on Windows - OPEN --- That's it for the month of December! In the interest of keeping things short(ish), I've left out some other feedback. If you want to know more, please do check out the December 2018/January 2019 User Feedback pad [1] or reach out to me via email (waywardwyrd at riseup dot net) or IRC (wayward). Thanks for reading! I'll see you all back here next month! - wayward (Maggie) pronouns: she/they | twitter: @meochaidha <https://www.twitter.com/meochaidha> pgp: 0626 9C68 D0CC 1A5B E41B 72F2 615E B878 975C 4CDC ------ Annotations: 1. https://storm.torproject.org/shared/u4ch1acnksyrZD2Zu8_ODT2l_Va8iMPgqWQU41g… 2. https://matt.traudt.xyz/posts/vpn-tor-not-mRikAa4h.html 3. https://panopticlick.eff.org/ 4. https://trac.torproject.org/projects/tor/ticket/27503 5. https://trac.torproject.org/projects/tor/ticket/28720 6. https://trac.torproject.org/projects/tor/ticket/28874 7. https://trac.torproject.org/projects/tor/ticket/28836 8. https://trac.torproject.org/projects/tor/ticket/28705 9. https://trac.torproject.org/projects/tor/ticket/29043 10. https://trac.torproject.org/projects/tor/ticket/29032

2 1

Initial roadmap for the anti-censorship team
by Roger Dingledine 24 Jan '19

24 Jan '19

Here is an early brainstorming list of the scope for our future anti-censorship team. Let us know if we left out a critical category. And of course once we have actual team members I expect they will take this initial roadmap and do something even smarter than this list. :) (1) BridgeDB: - Automated monitoring - Understand current usage patterns, consider improving the design Don't get obfs4 bridges blocked by other transports (#28655) (2) Pluggable Transports: - Improve the PT interface with Tor, to pass logs etc (#25502) [with network team] - Tor Browser can use other circumvention tools as proxies (#28556) [with browser team] - Specific PTs: Maintain obfs4proxy (like fixing the iat bug that let Kazakhstan block it) Snowflake Httpsproxy Marionette Domain front through community sites - Talk to research groups to keep in touch about their PT research work (3) Improve Tor user experience for users in censored / crappy networks: - Gettor: automated monitoring and automated updates. Improve UX. - Understanding and reducing client time to bootstrap [with network team] and other parameters that are tuned poorly for slow networks (4) Understand Tor censorship: - Tor Browser network testing mode (#23839, #28531) [with browser team] - Reachability scanning for the default (shipped in Tor Browser) bridges [with ooni] - Understand bridge load and bridge blocking (e.g. fix user counting bugs that are making our Turkey count wrong) [with network / metrics teams] (5) Help users use bridges: - Help NGOs get their users on bridges (#28015, #28526) - Tor Browser *automates* picking the right PTs [with browser team] (6) Community outreach and integration: [with community team] - [Initial list of outreach partner NGOs elided for now, since some of them have opsec needs to keep their people safe]

9 10

Potential trademark violation - TOR Browser PRO
by Matt Traudt 23 Jan '19

23 Jan '19

Something called TOR Browser PRO by "Tor Powered Onion Browser" on the ... iOS App Store? https://old.reddit.com/r/deepweb/comments/ac11y6/how_trustworthy_is_this_wa…

8 11

Tor Browser team meeting notes, 22 Jan 2019
by Georg Koppen 23 Jan '19

23 Jan '19

Hi! Here are the notes from our weekly meeting which we had yesterday. The IRC log can be found at: http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-01-22-18.59.log… The notes from our pad are: Discussion - The canPlayMedia email on tbb-dev (GeKo: I'll check this out this week) - Tor Browser Release Meeting this week (GeKo: 1900UTC 1/23 in #tor-meeting) - upcoming meetings: we'll switch to Mondays 1830UTC in #tor-meeting2 (GeKo will send an announcement mail to tbb-dev) GeKo: Last week: - backported fix for bug 1469916 (#29082) - looked a bit more into #28238 - wrote patches for donation banner replacement (#29035) - wrote a patch for #27503 (enabling accessibility support on Windows) - wrote a patch to unbreak our nightly builds (#29105) - updated my patch for enabling MOZILLA_OFFICIAL on Windows, too (#28618) - reviewed and tested various patches (#25702, #29097, #28836, #26148, #26858) - release planning - need help with reviews of my tickets for the releases (#29082 (pospeslr), #27503, (boklm), #28618 (boklm), #29035 (mcs/brade + igt0?), #29104 (mcs/brade), #21805 (pospeselr), #27597 (boklm), #28814 (sysrqb)) - status updates - sysrqb: could you update the patch for #28705? I'd like to get that one into the alpha. [sysrqb:ack] - investigated #28575 (localization of NoScript and HTTPS-Everywhere) This week: - release preparations - patch reviews - look closer at https://bugzilla.mozilla.org/show_bug.cgi?id=1376621#c12 and at tjr's follow-up work - work on building firefox with mingw-w64/clang (#28238) - work on Torbutton integration into tor-browser (#10760) - review of #24131 (redoing tpo.org/download) - get back to replying to various email threads mcs and brade: Last week: - Code reviews. - Finished #28836 (Links on about:tor are not clickable anymore). - Produced a patch for #28885 (notify users that update is downloading). This week: - Code reviews: - #29035 (Post-YE campaign clean up) - #29104 (Rebase Tor Browser patches against 60.5.0esr) - Work on proposal for #28044 (Integrate Tor Launcher into tor-browser). tjr MinGW Build Stuff - Got a ton of stuff uplifted to esr60! - Things outstanding: High Priority - x86 Sandbox doesn't work: landed in central; awaiting uplift to 60: https://bugzilla.mozilla.org/show_bug.cgi?id=1520310 - ASLR: need to uplift to 60: https://bugzilla.mozilla.org/show_bug.cgi?id=1520308 ^^^ - Both of these are expected not be in 60.5 and will wait for 60.6 Low Priority (for me anyway) - I have an RDD crash but no one else seems to (central): https://bugzilla.mozilla.org/show_bug.cgi?id=1519608 - Accessibility compiles but doesn't work (affects central and esr60 AFAIK): https://bugzilla.mozilla.org/show_bug.cgi?id=1520177 - Remove binutils: https://bugzilla.mozilla.org/show_bug.cgi?id=1520311 INVALID - We'll need binutils for the next one (GeKo: that's kind of surprising from reading 1471698, but I am fine with that :) ) - binutils fixup: https://bugzilla.mozilla.org/show_bug.cgi?id=1471698 - the esr60 build requires a local mingw patch or firefox patches: https://bugzilla.mozilla.org/show_bug.cgi?id=1508316 Rust Build Stuff - https://bugzilla.mozilla.org/show_bug.cgi?id=1376621 - Got something working (Linux only), refactored, now investigating other OSes - I need a list of functions to look for. Does anyone have that? (Mike Perry maybe?) (GeKo: What we have is in thetor-browser-spec repo in the audits folder: https://gitweb.torproject.org/tor-browser-spec.git/tree/audits) I will definitely miss next week and start being less responsive sysrqb: Last week: - New TBA bootstrap UI/UX (#28329) This week: - Finish 28329 - Finish 28705 (Downloads crash app) - Finish 26844 (Fastlane) - Review 28814 sisbell: Last week: - #29080/27609 Finished changes to TOPL. Now using TOPL for tor installation and bootstrap. TOPL broadcasts messages back to Orbot services (log messages to user will not change). Finished changes and integration with Orbot with the exception of HiddenService and Cookie DBs. This Week: - #29080 - Open TOPL issues and submit requests to merge back changes (patch is fallback). Test integrated code with Orbot and add HiddenService and Cookie DBs (generates HiddenServicePort and HiddenServAuth in config file). pospeselr: I've an appointment at noon, so I'll be ducking out of this meeting early Last week: - finished up #25702 (rebranding) (woo!) - fix for #29097 (https-everywhere needs python 3.6) - worked a bit on #25658 (security settings redesign) This Week: - review #29082, #21805 - #25658 igt0: Last week: - Half of the week recovering from sickness :/ - Reviews and test torbutton patches - More adjustments for the #25764 (fixing tablet layout) This week: - Review more stuff - Try to finish #25764, it already took too much time. boklm: Last week: - reviewed #29105, #29081, #28874 - tested and fixed patch for #27531 (Tor Browser 8 crashes trying to print on Linux) - tested patch for #28546 (Rebrand Tor Browser's Window's Installer) and opened GitHub pull request - started patch for #29143 (Building obfs4 in tor-browser-build nightlies is broken due to uTLS support) - worked on fixes for testsuite tests performance-observer, resource-timing, user-timing, user-timing-worker This week: - some reviews: #27503, #28618, #28716, #28803, #27597 - help with releases build - continue work on testsuite antonela: Last week: - #28329 TBA + Orbot - reviewed #29035 This week: - #28329 TBA + Orbot - TBA QA Pili: Last week: - Sponsor 8 Q4 report This week: - Roadmap review - started playing with a Kanban board: https://storm.torproject.org/shared/4gXsycP8GV7aih2qwi0xY8iRnqEyZi2YfIyLQQF… - Sponsor 8 Q4 report wrap up - Finding GSoc volunteers Georg

1 0

Network team meeting notes, 22 Jan
by Nick Mathewson 23 Jan '19

23 Jan '19

Hello! You can find the logs of yesterday's team meeting at http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-01-22-17.58.html Here are the notes from that meeting: = Network team meeting pad! = This week's team meeting is at Tuesday 22 January at 1800 UTC on #tor-meeting on OFTC, because Monday is a US public holiday. Welcome to our meeting! First meeting each month: Tuesday at 2300 UTC Other meetings each month: Mondays at 1800 UTC On #tor-meeting on OFTC. January schedule: * Meeting on 21 Jan 22 Jan, 1800 UTC * No meeting 28 Jan; (some of) the team will be at a face-to-face meeting. February schedule: * Tuesday 5 February at 2300 UTC: teor is on leave, can we swap the 2300 UTC Tuesday meeting to Tuesday 12 February? * Monday 11 February at 1800 UTC, unless we swap (This channel is logged while meetings are in progress.) (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == (Search the list archive for older notes.) 10 Dec: https://lists.torproject.org/pipermail/tor-project/2018-December/002120.html 17 Dec: https://lists.torproject.org/pipermail/tor-project/2018-December/002127.html 8 Jan: https://lists.torproject.org/pipermail/tor-project/2019-January/002155.html 14 Jan: https://lists.torproject.org/pipermail/tor-project/2019-January/002170.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… Here are the outstanding reviews, oldest first: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… Including sbws: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… Core Tor/sbws is now part of the bug triage, CI, and reviewer assignment roles == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases * Remember to fill up actual point when you finish a task (as well as update the estimate when starting the issue). * Add planned PTO to the calendar https://storm.torproject.org/shared/ISA5L5nH0Xu88iqSCx9ZjCXYSMKOBTdbUeWarbd… * Check other's people call for help in their entries. ------------------------------- ---- 22 January 2019 ------------------------------- == Announcements == * Drafting Hackweek agenda. We will meet the week before the hackweek. * draft agenda https://pad.riseup.net/p/tor-netteam-agenda-hackweek-2019.1-keep <-- please check it out and send me any comments/questions about it. * date to discuss it: January 22nd 9pm UTC == Discussion == * teor is on leave on 5 February at our normal meeting time, can we swap the 2300 UTC Tuesday meeting to Tuesday 12 February? (Sounds okay; let's finalize this in Brussels.) * How can we review all the reviews in our backlog? (see query links in "Stuff to do every week") Ideas: move reviews around among people more proactively? prioritize which reviews are most urgent? share reviews of big tickets among 2 people? Let's talk more in brussels * Who can calculate the release capacity and estimated points every week? (Gaba will do the calculations, if teor sets up a spreadsheet. We can turn them into a script later if we want.) * 040 bugfixes until the stable release date * 041 all tickets until the code freeze date teor ran out of time to do the spreadsheet this week, let's work on it at the hackfest. * Nick needs others to help with Q&A on the release blogposts. Or we could stop opening comments. == Proposed tickets == * Teor is bringing a proposal for proposed ticket (let's try it for a few weeks, then discuss during hackweek) https://pad.riseup.net/p/network-team-triage-2018 Reminder: please add points estimates to proposed tickets! Please tag proposed tickets with 040-proposed or 041-proposed, and add a points estimate (in days). If the ticket needs to be added to the roadmap, put it on the list below, so we can talk about it at the meeting. === 035-proposed === #29042 Error loading private key after 0.3.5.7 upgrade needs_review #28248 Add comments around rust compilation flags accepted <=== accepted if Nick can do it quickly. #29134 Document the max number of v3 client auths I can make new === 040-proposed === Capacity Estimate TODO: turn capacity estimates into a script or spreadsheet ?? points of proposed tickets ?? points of accepted tickets ?? days left until the 0.4.0 release, approximately ?? * 0.36 = ?? coding days per person (see below for calculations) List of tickets that aren't on the roadmap #29040 -- Tor crashes if ClientOnionAuthDir contains more than one public key for a hidden service (new) <-- defer deciding until asn & dgoulet input #28363 -- Make a torrc option which prevents Tor from falling asleep Is this a duplicate of one of our Sponsor 8 dormant mode tickets? Open 040-proposed tickets: https://trac.torproject.org/projects/tor/report/77 Open 040-proposed tickets with no points estimate: https://trac.torproject.org/projects/tor/report/78 === 041-proposed === Capacity Estimate TODO: turn capacity estimates into a script or spreadsheet ?? points of proposed tickets ?? points of accepted tickets 113 days left until the 0.4.1 feature freeze, approximately 40 coding days per person, minus ?? days for 040 bugfixes 5/7 work days in week * 220/260 non-leave week days in year * 3/5 coding days in week = 0.36 coding days per calendar day (coding days exclude reviews, admin, travel, meetings) List of tickets that aren't on the roadmap #25417 -- HSFETCH support for v3 Hidden Services (needs_review) Points needs asn or dgoulet's input, how much effort will it take us to merge this code? Should we try for 0.4.1? There's something subtly wrong with a bunch of our HSv3 IPv6 code: <-- defer deciding until asn & dgoulet input #26992 -- Add intro point IPv6 address to service descriptors (needs_revision) #23588 -- Write fascist_firewall_choose_address_ls() and use it in hs_get_extend_info_from_lspecs() (needs_revision) #23576 -- Make service_intro_point_new() take a node instead of an extend_info (needs_revision) I have tried to debug the issue for a few hours, but I didn't make much progress. I expect it will take a few days to debug: let's defer these tickets, and pick them up if we have time later in the release There 79 tickets below, what do we do? Open 041-proposed tickets: https://trac.torproject.org/projects/tor/report/75 Open 041-proposed tickets with no points estimate: https://trac.torproject.org/projects/tor/report/76 {79 tickets here; tabling them till Brussels.} == Recommended links == == Updates == NOTE NEW FORMAT! Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: - Something you may need help with. PLEASE DO NOT BULK-DELETE THE OLD ENTRIES! Leave the "Planned" parts! Leave the parts for last week and this week! gaba: Week of 01/13 (actual): - remove s8 from tickets - anti-censorship plans - weekly meeting kickoff - S8 report - s31 follow up - help with various grant reports - bridgedb: talked with sysrqb and updated tickets Week of 01/21 (planned): - hackweek planning - anti-censorship meeting - finish s8 report for pili to send - check on s31 follow up teor: (offline) Week of 14 Jan (planned): High-Priority: - PrivCount proof of concept (#29004 and related tickets) - unit tests for extra-info documents Medium-Priority: - (no sbws reviews, I need to focus on PrivCount before the hackfest) - Sponsor 8 tasks - are these important enough to do anyway? - Ask metrics to monitor bootstrap speed - Tweak bootstrap settings to work when lots of fallbacks are down (and also on networks that drop packets) Week of 14 Jan (actual): High-Priority: - PrivCount proof of concept (#29004 and related tickets), focused on bandwidth stats this week - Travel preparation / hackfest preparation Medium-Priority: - a small IPv6 review, some sbws reviews - some proposed tickets admin, and other admin Help with: Nick: Week of 14 Jan (planned): - Finish pubsub revision - Merge final stuff for 0.4.0.1-alpha; freeze on Tuesday! - Release 0.4.0.1-alpha, maybe. - Triage 0.3.5 and 0.4.0 tickets :( - Advance modularization discussions - Help on snowflake stuff? Week of 14 Jan (actual): - Last-minute bugfixes and freeze on 0.4.0.1-alpha - Alpha release - Start a fresh round of 0.4.0 triage - Revise various tickets - Work on publish/subscribe refactoring - Fast-fixes for several smallish tickets. Week of 21 Jan (planned): - US Holiday on Monday. - Prepare for hackweek - Work on a scalability idea I've been tossing around. - Talk with some mozilla people. - Anticipating ~9 hours of meetings this week. :( - Trying to identify must-fix stuff for 040 or earlier. Please help? Need help wih: - Triage 0.3.5 and 0.4.0 tickets :( - Advance modularization discussions dgoulet: (offline, in bed ill) Week of 01/14 (planned): - prop289: Fix remaining bugs (I know what they are). Jump on unit tests and then massive chutney testing. - Re-review spec for #28180 with ahf after dcf1 comments. Mike: Week of 1/14 (planned) - Finishing touches on #28142 - convert wtf-pad TODO file to tickets and make a plan for 0.4.1 - Help more with modularization plan? Week of 1/14 (actual) - Finishing touches on #28142 - Weighted and prioritized wtf-pad tickets for 0.4.1; Over 53 points so far :/ - Looked at vanguards work; maybe 5-10 points here Week of 1/21 (planned) - Do some vanguards work - Figure out how much help with wtf-pad is available, and decide on in/out for 0.4.1 tikets - Write some wtf-pad documentation? catalyst: week of 01/14 (2019-W03) (planned): - prep for Brussels meeting - more follow up fixes related to #27167 - follow up on modularization thread - ticket reviews week of 01/14 (2019-W03) (actual): - reviews - found and helped investigate (surprise!) test nondeterminism along with Riastradh, ahf, nickm - made some comments on the pad about modularity stuff week of 01/21 (2019-W04) (planned): - reviews - prep for Brussels meeting juga (offline): Week 14/01 (planned) - Continue on working out how sbws can report excluded relays in the bandwidth file (#28563) - Continue with refactoring (#28684) - Write last 3 months report Week 14/01 (actual) - Continue with refactoring (#28684) - Adapt bandwidth file classes to be compatible with stem #29057 - Write last 3 months report - Revise Authorities should put a hash of the bandwidth file in their votes (#26698) Week 21 Jan (plan) - Review minor bandwidth file spec updates (#29079) - Revise Authorities should put a hash of the bandwidth file in their votes (#26698) - Update documentation for the relay prioritization and revise (#28868) - Look at stem bandwidth file parser (#29056) - Continue with refactoring (#28684) asn: [Will be at an apointment during the net team meeting, but I will be present on the one about the hackfest afterwards.] Week of 01/14 (planned): - Monday: Tor lecture in local university. - Get #28142 merged. - Work on the onion service proposal. - Check out the brussels hackfest thread. - Do reviews. Week of 01/14 (actual): - Did a lecture about Tor in a local university (unipi.gr) as part of the security class. There were about 30 people present and I feel like they really enjoyed it. They had lots of questions and the thing was interactive until the end. Was fun! - #28142 is merged no joke!!! - Worked on the onion service funding proposal. - Organizing a Tor meetup in a new hacklab in Athens this Friday. Gonna be a good one. - Did reviews. Week of 01/21 (actual): - Prepare for the hackfest. - Start triaging 040 bugfixes. - Do reviews. - Do the Tor meetup on Friday. Help with: - We good. ahf: Week of 1/14 (planned): Sponsor 19: - Finish WebRTC + broker + client + proxy architecture document. - Reach conclusion with David and David about #28181 and #28182. Misc: - Help David with code review for authenticated sendme's. - Sysadmin interview progress. CI/Coverage: - Try to reproduce #29036 again Week of 1/14 (actually): Sponsor 19 (and a bit of 8): - Conclusion reached for #28181 and #28182 and patches to tor via PR#645. - We had our first anti-censorship check-in meeting. CI/Coverage: - Didn't manage to reproduce #29036. Misc: - I think we have found what our second round tasks for sysadmins interviews are. - Managed to get some stomach bug thursday evening, was pretty useless friday and some of monday. - Reviews. - Added points to missing tickets. - Try to help with some of the random test failures before the 0.4.0 alpha. Week of 1/22 (planned): Sponsor 19: - Follow up on some action items from the anti-censorship meeting. - Figure out what Snowflake things we want to do in Brussels? - Finish proxy part of Snowflake architecture document. Misc: - Solve the Windows CI issue that I didn't finish last week.

1 0

Tor Browser Release Meeting: Wednesday 23rd January @1900UTC
by Pili Guerra 22 Jan '19

22 Jan '19

Hi all, It's Tor Browser Release meeting week again: Wednesday 23rd January @1900UTC over at #tor-meeting Our next release is planned for next week (end of January) so this will be a good chance to get a sneak peek at what's going to be going into the upcoming release. We look forward to seeing you there :) Thanks! Pili — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

1 0

I figured out v3 onion client auth and wrote a blog post
by Matt Traudt 21 Jan '19

21 Jan '19

See it here: https://matt.traudt.xyz/p/FgbdRTFr.html or http://mattttttssi4lhud.onion/p/FgbdRTFr.html or http://zfob4nth675763zthpij33iq4pz5q4qthr3gydih4qbdiwtypr2e3bqd.onion/p/Fgb… While doing so I opened two tickets: Document the max number of v3 client auths I can make https://trac.torproject.org/projects/tor/ticket/29134 Failing to connect to a v3 onion service with client auth produces really long lines in log https://trac.torproject.org/projects/tor/ticket/29135 Sometimes it seems like advanced features aren't documented very well, so I thought I'd write down what I figured out. I encourage Tor to use this in whatever way makes sense. Matt

3 2

Bandwidth scanner report - October-December
by juga 20 Jan '19

20 Jan '19

Hi, The main news during October-December were: - sbws 1.0 was released in October, including a Debian package and OpenBSD package. However it's recommended that bandwidth authorities wait for 1.0.3 release to start running it. - longclaw started to use bandwidth files created by sbws in November. This allowed us to detect more bugs. It has been stable since December. In October we decided that the short term main goals are: - Get sbws to scale and produce similar results as torflow. - Change Torflow to sbws in the current bandwidth directories . - Get all the directory authorities to run sbws. In a longer term, when all torflow instances are replaced, the main goal is to decide which should be the load balance in the Tor network. These were most of the tasks: * New features: - Add documentation about how the bandwidth measurements are selected and scaled before writing them to the bandwidth file. - Warn when the difference between the total consensus bandwidth and the total bandwidth with the relays included in the bandwidth file is larger than 50%. - Include headers in the bandwidth file about the percentages of measured relays that are included in the file. - Warn when the percentage of relays in the bandwidth file is less than the 60% of the relays in the network. - Write bandwidth file only when the percentage of measured relays is bigger than 60%. - Change the name of some keys used in the bandwidth file. - Do not measure round-trip time by default. It was proven that latency didn't affect much the measurements, and was slowing down the scanner. - When scaling bandwidths as torflow, round to 2 significant figures by default. This implements part of proposal 276. - Change Python minimal version. - Change default directories when sbws is run from a system service. - Do not overwrite bandwidth file to avoid race conditions, instead generate the files atomically. - Add command to remove old bandwidth files. - Create a Debian package. - Update sbws to use stem 1.7.0 release. - Add a command line argument for the configuration file. - Improve INSTALL and DEPLOY documentation. - Update bandwidth file specification. * Fixed bugs: - To include a relay in the bandwidth file, at least 2 measurements for that relay must be X seconds away. - Use the option to take into account measurements that are away from each other X seconds when it's enabled . - Do not resolve destination domain locally and unify criteria to choose relays as exits. - Bandwidth filtered is the maximum between the bandwidth measurements and their mean, not the minimum. - Stop measuring the same relay by two threads when a new loop with the new relays to measure starts. - Ensure de default scaling method is torflow, leave command line argument option but ignore it, update documentation reflecting this. - Continue running with default configuration when the config command line argument argument is provided but the file can not be found. - Use 5 "=" characters as terminator in the bandwidth files. - Update bandwidth file specification version in the `generator`. - Compare with consensus bandwidth and MaxAdvertisedBandwidth when scaling as torflow. - Remove old links in the documentation. Cheers!, juga.

1 0

Notes from January 17 2019 Vegas team meeting
by Karsten Loesing 18 Jan '19

18 Jan '19

Notes for January 17 2019 meeting: Gaba: 1) network team 1.1) progress on S8 reports 1.2) continue hackweek preparation 2) ooni 2.1) starting 1:1s 2.2) discussion on workflow for ooni probe development 3) anti-censorship 3.1) this week we start anti-censorship weekly meetings 3.2) kat sent first draft on second report 4) funding 4.1) gathering ideas from teams for DRL 5) metrics 5.1) sent report on sponsor 13 for December 6) attended (with Erin) workshop "equity informed conflict resolution in the workplace" at https://resolutionsnorthwest.org/. Georg: 1) We started to work on items for our esr68 transition (new Windows toolchain, Tor Launcher/Torbutton integration into the browser directly; more is to come here in the next weeks and months) 2) Preparations for the upcoming releases on 1/29 3) Work on ideas for upcoming proposals and OTF proposal revision Mike: 1) Finished up tor 0.4.0 Sponsor2 things 2) Helping plan modularization work and 0.4.1 Sponsor2 work Antonela: 1) Working on 2019/2020 outreach material with the community team 2) Preparing FOSDEM Talk 3) Working on illustrations for tpo.org 4) Working on #28329 - TBA Onboarding 5) Delivered #29035 - TB + TBA Newsletter subscription 6) Did OONI Country pages design review - We have user testing coordinated by Maria for next week 7) Reviewed OTF Onions proposal 8) Reviewing tpo.org and tpo.org/about on staging 9) Added ideas on DRL SOI - https://storm.torproject.org/shared/VH8GggHtKsYoXWqvftKSLsB1Z5goOWaWIxsHWX9… Steph: 1) working on another Tor stories survey 2) putting together our comms strategy 3) responding to press inquiries. 4) added several upcoming events to our blog listings. If there are others you’re involved with coming up, let me know Nick: 1) New alpha release tomorrow. 2) Getting ready for network team Hack week in Brussels, the week after next. Need to make sure we have the correct deliverables lists. Roger: 1) Out with eyeball woes. Send me email on Sunday / Monday if there's a thing I should know / remember / do. Sue: 1) Invoiced multiple funders 2) Closed books for December 3) Invoicing the remaining funders 4) Continue to work on multiple requests from the auditors to complete the 06/30/2018 audit and tax return. Erin: 1) General hr stuff 2) Moving forward with sysadmin screening process 3) Will be posting browser dev job soon (to replace Arthur) Karsten: 1) Wrote a patch for replacing all dates/timestamps in metrics-web with Java 8 date/time API types and started with a similar patch for metrics-lib. pili: 1) Almost done with S8 report 2) Moving Gettor forward 3) Trying to figure out if it makes sense to apply for GSoC this year - do we have excited/interested mentors in any team? 4) Getting closer to figuring out illustrations for the website 5) Logistics for S9 India visit Sarah: 1) Finalizing YE campaign results and documentation for Wiki. 2) Met with Alison and Arturo and Al to see how we can help secure new funding for LFI and OONI. 3) Helping with OTF response and Rose Foundation report. 4) Preparing to modify donate pages to include information about monthly donor and major donor programs. 5) Reconciling 2018 income with Sue. 6) Hoping to get system to accept additional cryptocurrencies up and running soon. isabela: 1) Preparing board book for board meeting jan 25th 2) Helping people finish answering all the questions from OTF on our onion service proposal 3) Start a doc for donation page modifications we will need in order to launch major donors program and monthly donors program 4) Working w/ money machine to define the projects we will be proposing for opportunities due at the first week of feb 5) organizing tasks for the 'there is no dark web strategy'

1 0

December Communications Report
by Stephanie A. Whited 16 Jan '19

16 Jan '19

Hi Tor, In December, we were focused on the EOY campaign across all of our channels. You can see the results in Sarah's fundraising report sent yesterday. Thank you to everyone who helped share the word and write blog posts. Steph attended Mozilla All Hands and worked with the Berkeley Group and attended their presentation on Tor's image and strategy insights to inform our upcoming comms strategy. We also worked with the UX and community teams on our website redesign. Dec in links and stats: New blog posts https://blog.torproject.org/strength-numbers-library-freedom-intellectual-f… https://blog.torproject.org/strength-numbers-usable-tools-dont-need-be-inva… https://blog.torproject.org/strength-numbers-internet-freedom-movement-must… https://blog.torproject.org/strength-numbers-entire-ecosystem-relies-tor https://blog.torproject.org/strength-numbers-measuring-diversity-tor-network https://blog.torproject.org/transparency-openness-and-our-2016-and-2017-fin… https://blog.torproject.org/strength-numbers-fighting-internet-censorship Twitter https://twitter.com/torproject New followers: 2,373 Top tweets: https://twitter.com/torproject/status/1070428737227931659 https://twitter.com/torproject/status/1073318560188022784 https://twitter.com/torproject/status/1072128288796143616 Mastodon https://mastodon.social/@torproject New followers: 340 LinkedIn https://www.linkedin.com/company/tor-project/ New followers: 85 Facebook https://www.facebookcorewwwi.onion/TorProject New followers: 136 Instagram https://www.instagram.com/torproject/ New followers: 80 Newsletter https://newsletter.torproject.org/archive/2018-12-27-invasive-data-tor-ecos… Notable press https://www.zdnet.com/article/half-of-the-tor-projects-funding-now-comes-fr… https://boingboing.net/2018/12/18/charitablegivinguide.html https://www.cyberscoop.com/tor-funding-isabela-bagueros-december-2018/ o/ comms -- Stephanie A. Whited Communications Director The Tor Project IRC: stephw PGP Key ID: 39A876AD <https://pgp.mit.edu/pks/lookup?op=get&search=0x6D6B72C339A876AD>

1 0