tor-project

tor-project@lists.torproject.org

17 participants
2325 discussions

July Communications Report
by Stephanie A. Whited 13 Aug '18

13 Aug '18

Hello Tor! Last month, we were out and about + working on copy for upcoming releases and our new site. I joined Alison, David, George, and Matt at HOPE for the Onion Report: https://livestream.com/internetsociety/hope/videos/178158095 We had a booth the whole weekend and were cleaned out of shirts for donations in a few hours. Matt and I (with help from gman and Yin) led a Tor session as part of the Computer Science for Cyber Security (CS4CS) Summer Program for High School Women. Another session with a new group is happening next week. July in links and stats: Blog posts https://blog.torproject.org/help-us-translate-our-new-support-portal https://blog.torproject.org/explore-tor-nyc-qa-isabela-bagueros https://blog.torproject.org/how-do-effective-and-impactful-tor-research https://blog.torproject.org/tors-open-research-topics-2018-edition https://blog.torproject.org/announcing-vanguards-add-onion-services https://blog.torproject.org/support-torservers https://blog.torproject.org/egypt-internet-censorship Twitter https://twitter.com/torproject avg at least 3 tweets/weekday New followers: 994* *We lost between 2,000-3,000 followers in the Twitter purge[1]. We gained 944 more back this month than however many we lost (exact number unknown). Top tweets https://twitter.com/torproject/status/1013859982876561408 https://twitter.com/torproject/status/1015311953596764160 https://twitter.com/torproject/status/1016712421044604929 https://twitter.com/torproject/status/1016307257771003904 https://twitter.com/torproject/status/1016712421044604929 https//twitter.com/torproject/status/1015311953596764160Mastodon https://mastodon.social/@torproject at least 1 post/week New followers: 221 Instagram https://www.instagram.com/torproject/ at least 1 post/month New followers: 57 LinkedIn https://www.linkedin.com/company/tor-project/ at least 1 post/week New followers: 59 Facebook https://www.facebookcorewwwi.onion/TorProject/ at least 1 post/weekday New followers: 178 Newsletter 1/month https://newsletter.torproject.org/archive/2018-07-31-research-tips-topics-e… Notable press https://www.techrepublic.com/article/5-ways-to-protect-your-privacy/ https://www.cyberscoop.com/domain-fronting-ban-letter-ron-wyden-marco-rubio… https://motherboard.vice.com/en_us/article/wjkjzm/what-went-wrong-at-the-ho… [1] https://www.nytimes3xbfgragh.onion/2018/07/12/technology/twitter-followers-… o/ -steph -- Stephanie A. Whited Communications Director The Tor Project IRC: stephw PGP Key ID: 39A876AD <https://pgp.mit.edu/pks/lookup?op=get&search=0x6D6B72C339A876AD>

3 3

[TSoP] stem.client - status report #6
by Dave Rolek 13 Aug '18

13 Aug '18

Hi everyone! This is my sixth status report for the stem.client TSoP project [1]. You may see my previous reports on the tor-project ml. [2][3][4][5][6] This report is about a week late. # Updates It's been roughly 2.5 weeks since my last update. I've still suffered from illness during this time - I'd say it knocked out most of a week :( - but I think I've made some decent progress in stem.client. I'm working through it, somewhat successfully. ## stem.client I'm working through my plans for the stem.client roadmap. You may recall from a previous status report [5] these early items on the roadmap: 1. refactor: Relay cell encryption/decryption/processing 2. centralize ORPort reads/sends (demux/mux) at connection level 3. implement required RelayCell subclasses (e.g. parsing of decrypted body) (1) is mostly done in #27112 [7], with just a few more changes I wish to make [8]. Both (2) and (3) have had some groundwork laid with #27112, as well. Notably I've created an intermediate RawRelayCell class that can handle arbitrary payloads (mostly to be used for encrypted payloads), and started to move the finer details of encryption/decryption/processing into the Cell abstraction. ## stem, general Discovering a py3 bug in #26432 [9], I filed #27030 [10]. I concurrently ran into some of the problems Damian did, and took notes about / fixed them concurrently: * hashing super() causing an infinite loop, a la b48ce682ef1a5fc1d4237d106700ec929f49246b (but not exactly this) [11] * a bit of cleanup from #26420 [12] I ran into a lot of trouble with the tests in #27053 [13], and provided a few rounds of input that has helped move that ticket forward. ## other project-related I convened with plcp a bit over IRC in discussing stem.client code and functionality of the tor-spec, reviewing some of their code [14]. And I did some stem ticket bookkeeping / responses. ## tor, general I've continued to do some bookkeeping / ticket triage as I run across things: * #25573, #25574 "DropMark" * #26228, respond on PR and close out PR * probably more at such lower notability that I didn't take a note about it ## misc I've improved my IRC client config for rejoining the registered IRC channels on reconnect - I should be easier to reach now, even when I'm not personally paying attention to the IRC client. # What's next There's only a bit over a week left in the project. I plan to focus as much as possible on stem.client! ## stem.client Please refer above to the roadmap bullets. I've highlighted a few more changes I wish to make for (1) in the ticket [8]. Between (2) and (3), I'm not sure what's best to tackle next. For (2), the work primarily involves rearchitecting the recv/send into its own thread(s) and centralizing the handling. I've done that sort of work before, so I think I could design and implement that well. For (3), the work is a bit more mundane, but it *does* provide the building blocks to do higher-level management of circuits, like extending a circuit (building blocks, naturally: EXTEND[ED][2] cells). I'm thus leaning to tackle (3) first. These are both important, but I think (3) enables other work to be done, whereas (2) is an architectural improvement that improves stability and usage, but doesn't open way for much functionality. ## tor-spec File tickets to track spec improvements resulting from TSoP experience. (These are bookkeeping / awareness tickets for my WIP changes.) I still haven't filed these, and the spec has changed a bit, so I'm deprioritizing this further until after stem.client coding. ## misc I've generated a backlog of tasks that I haven't gotten to, including ones I've mentioned in previous status reports. I'm deprioritizing these for now, but I really do hope to get to them. I'm not going to repeat / enumerate them here, for sanity's sake :) # Other Tor things Multiple in-person chats, yet again. While a sample size of 1 (i.e. me) is by no means scientific, I'd say there's a definite, growing interest in Tor and digital privacy overall. # Closing With illness persisting, I had another period where I stopped reading IRC scrollback proactively, but I think I might be back on track again. Nonetheless, please still mention my nick (dmr) if you want to get my attention! As with before, please don't hesitate to reach out to me via IRC or email! Thanks, Dave [1] https://lists.torproject.org/pipermail/tor-dev/2018-April/013090.html [2] https://lists.torproject.org/pipermail/tor-project/2018-May/001811.html [3] https://lists.torproject.org/pipermail/tor-project/2018-June/001830.html [4] https://lists.torproject.org/pipermail/tor-project/2018-June/001858.html [5] https://lists.torproject.org/pipermail/tor-project/2018-July/001886.html [6] https://lists.torproject.org/pipermail/tor-project/2018-July/001917.html [7] https://trac.torproject.org/projects/tor/ticket/27112 [8] https://trac.torproject.org/projects/tor/ticket/27112#comment:2 [9] https://trac.torproject.org/projects/tor/ticket/26432 [10] https://trac.torproject.org/projects/tor/ticket/27030 [11] https://gitweb.torproject.org/stem.git/commit/?id=b48ce682ef1a5fc1d4237d106… [12] https://gitweb.torproject.org/stem.git/commit/?id=d1284e6d0301de59ddf286b5e… [13] https://trac.torproject.org/projects/tor/ticket/27053 [14] https://github.com/plcp/stem-client/tree/6593f56f6dfdfc54102091b537b63f8dd1…

1 0

Notes from August 9 2018 Vegas team meeting
by Karsten Loesing 10 Aug '18

10 Aug '18

Notes for August 9 2018 meeting: Karsten: 1) Released Onionoo 6.2 which added a few enhancements, but also contained a regression or two. Our plan is to put out a minor or patch release early next week. 2) Handled an issue with CollecTor instances not syncing properly, which led to a data loss of one day. Fortunately, with teor's help, we were able to recover the missing data from friendly relay operators. Sarah: 1) Working with Arthur on including fundraising messaging in banners on the Tor Browser. 2) Looking into ways to increase subscription to Tor Newsletter. 3) Working with Giant Rabbit on updating the Donate page. 4) Reaching out to past major donors. 5) Excellent meeting with Dan and Nat from OTF on Monday. They offered to serve as resources in our efforts to diversify our funding. Shari: 1) meeting with auditor and Sue, who is coming to town 2) interviewing potential bookkeepers 3) reviewing other job applicants 4) budgeting fun with Sida 5) generally getting things ready to hand off to Isa isabela: 1) working on reports for sponsors 2) working on onboarding for pms 3) reviewing alpha launch copy / organizing comms and ux team collaboration 4) helped sue and shari deal w/ some requests from drl 5) met w/ matt about nyc tor workspace and more collaboration with IFF; met with jigsaw ux team and devs; met with Karsten about metrics team. 6) trying to organize all the things for mexico that I think are important and should happen 7) planing to have syncs with Sarah (on fundraising opportunities calendar) and Steph (on overall comms strategy) 8) got my visa for taiwan will get tickets today for OTF summit 9) plans for the future: general onboarding documentation for tor; diversity report and strategy for tor. Steph: 1) getting ready for def con, land fri morn in Vegas. Bringing stickers, relay flyers, one pagers. Roger's AMA is 6pm Saturday in Crypto & Privacy Village 2) working on tpo copy 3) led LFI media training Saturday 4) doing another Tor session at Computer Science for Cyber Security (CS4CS) Summer Program for High School Women on Wednesday 5) edited some copy for a Tor Browser feedback survey 6) Sarah and I are on a new alias to gather Tor stories - stories@ 7) Tommy is drafting a couple posts Mike: 1) Fixing more vanguards issues for another release next week (wrote README material that can be a blog post, but still hashing it out with asn). 2) Started working on Sponsor2 report; may have NSF portal permissions issues? Arturo: 1) We supported Zimbabwean communities on investigating censorship events during the riots that followed the general elections. 2) Maria gave an OONI lecture at Oxford University, as part of the Annenberg-Oxford Media Policy Summer Institute. 3) We have continued to interview community members to collect their feedback for the revamp of the OONI Probe mobile apps. 4) Submitted the July OONI status report: https://lists.torproject.org/pipermail/tor-project/2018-August/001939.html 5) Next week Arturo is going to be at FOCI, Baltimore presenting OONI

1 0

July 2018 report for the ux team
by Antonela Debiasi 09 Aug '18

09 Aug '18

Hello Tor! You'll find the highlights of Tor UX team work done in July 2018. ## Tor Browser Onboarding and about:tor Page We have been working closely with the Tor Browser team to have our new about:tor and onboarding user flow ready to test for next TB8 and TBA Alpha releases. We thought of each step of this onboarding as a possibility of learning. When a new user opens Tor Browser for the first time, we have the opportunity to explain how we are protecting them. Describing it in plain words is the best way to introduce the technology and the complex concepts it carries around. On Isabela's words: "The onboarding experience on the product should be to teach the user about the product, so they have a glance of what to expect out of their investment (investment here is the act of finding it, installing, opening it). It is the moment where you present the value proposition of our product to the user. In our case, Tor Browser is considered to be the highest standard to do what it does in comparison with what is out there in the market." You can read more about this process here: https://trac.torproject.org/projects/tor/ticket/25695 https://trac.torproject.org/projects/tor/ticket/25696 ## Tor Browser Icon We are changing visual elements related to Tor Browser's image for a new release scheduled later this year, and we want to come up with a concept that resonates with our users and community. To inform our efforts, we'd like to know what Tor Browser means to you. So, what does Tor Browser mean for you? We want to hear your feelings! We will be collecting community feedback for the following weeks here: http://bogdyardcfurxcle.onion/index.php/844392 https://survey.torproject.org/index.php/844392 Are you a designer or someone opinionated about product logos? Follow this trac ticket and braindump your ideas! https://trac.torproject.org/projects/tor/ticket/25702 ## User Testing Reports Helen has been reporting the last user testing we did once back in India, Spain, Uganda, and Colombia. Take a look here! This work is still in progress and we will review them with devs during our next Dev meeting. https://trac.torproject.org/projects/tor/ticket/27010 ## Support Portal The Support Portal has been launched last month, but we still need translators to help us to reach the Tier1 languages. Do you want to help us? https://blog.torproject.org/help-us-translate-our-new-support-portal We changed our UX Team meeting time. You are welcome to join us on Tuesdays at 1400 UTC in #tor-meeting :) On behalf of the Tor UX team, Antonela

1 0

OONI Monthly Report: July 2018
by Maria Xynou 09 Aug '18

09 Aug '18

Hello Tor world, In July 2018, the OONI team published two research reports in collaboration with local partners, examining censorship events in Egypt and Mali. We updated several test lists, continued to work on revamping the OONI Probe mobile apps and made significant progress on the OONI Probe desktop apps. We also carried out UX research (via a survey and interviews) to collect community feedback on the current and upcoming/revamped OONI Probe mobile apps. ## Report on internet censorship in Egypt In collaboration with Egypt's Association for Freedom of Expression and Thought (AFTE), we published a research report examining internet censorship in Egypt. The full report is available here: https://ooni.torproject.org/documents/Egypt-Internet-Censorship-AFTE-OONI-2… We also published a summary of the report on: * Our site: https://ooni.torproject.org/post/egypt-internet-censorship/ * The Tor blog: https://blog.torproject.org/egypt-internet-censorship Thanks to AFTE, we published Arabic translations: * Full report: https://ooni.torproject.org/documents/Egypt-Internet-Censorship-AFTE-OONI-2… * Report summary: https://ooni.torproject.org/documents/summary-egypt-internet-censorship-ara… Our research report received the following press coverage: * Mada Masr (English): https://www.madamasr.com/en/2018/07/02/news/u/report-internet-censorship-ha… * Mada Masr (Arabic): https://www.madamasr.com/ar/2018/07/02/news/u/%D8%AA%D9%82%D8%B1%D9%8A%D8%B… * Al Araby: https://www.alaraby.co.uk/medianews/2018/7/2/%D8%A7%D9%84%D8%B1%D9%82%D8%A7… * Al Manassa: https://almanassa.net/ar/story/10567 OONI's Maria was also interviewed about the report on the Al Araby TV channel: http://alaraby.tv/video/26968523/%D8%A8%D8%AA%D9%88%D9%82%D9%8A%D8%AA-%D9%8… (starts at 38 minutes). ## Report on internet censorship in Mali during 2018 elections During Mali's 2018 presidential election, locals reported that social media was inaccessible. Thanks to daily measurements collected (for more than a year) from Mali by our local partners, we were able to detect changes in censorship policies on Mali's election day. In collaboration with Internet Sans Frontieres, we published a report that shares OONI data, corroborating local reports on the blocking of WhatsApp and Twitter during the elections. We also found circumvention tool sites guardianproject.info and anonymizer.ru to be blocked on the election day as well. Our research report is available here: https://ooni.torproject.org/post/mali-disruptions-amid-2018-election/ Internet Sans Frontieres referenced OONI data from this report as part of their press statement: https://internetwithoutborders.org/mali-censure-des-reseaux-sociaux-pendant… In response, the EU election observation mission in Mali called on the government to guarantee access to the internet and to social media during the whole electoral period (including the second round of elections on 12th August 2018): https://eeas.europa.eu/election-observation-missions/eom-mali-2018/49004/d%…. Internet Sans Frontieres also published a blog post on this: https://internetwithoutborders.org/eu-asks-mali-to-protect-access-to-social… ## Progress on OONI Probe desktop apps A lot of progress was made in working towards a beta release of the OONI Probe desktop apps. See: https://github.com/ooni/probe-desktop/pull/2 We have reached a point where it's possible via the OONI Probe desktop app to run all the experiments currently supported by the mobile app, as well as to view the results. Several views are implemented based on the desktop app mockups and we did some testing and debugging of the app on Windows and macOS. As part of this work, we also made a lot of progress on the command line interface OONI Probe client. See: https://github.com/ooni/probe-cli/pull/13 Some highlights include being able to build a CLI ooni tool that will run on Linux to empower a fellow OONI developer that is developing on the Linux platform. Although we believe that we have made enough progress to call this a beta, we have decided to hold back a bit from "officially" calling it a beta, since we would like to do a bit more polishing of the desktop and CLI app. In particular, the outstanding issues are noted in the following two GitHub milestones: * OONI Probe Desktop: https://github.com/ooni/probe-desktop/milestone/1 * OONI Probe CLI: https://github.com/ooni/probe-cli/milestone/1 ## Progress on revamping OONI Probe mobile apps On the iOS version (of the revamped OONI Probe mobile apps), we made some UI and code improvements. See: https://github.com/ooni/probe-ios/commits/feature/gson_objects On the Android version, we finished the dashboard, the class to run tests asynchronously with callbacks and the first test results screen. See: https://github.com/lorenzoPrimi/ooniprobe-android/pull/2 & https://github.com/lorenzoPrimi/ooniprobe-android/pull/3 ## UX research As part of our work on revamping the OONI Probe mobile apps, we carried out UX research that aimed to collect community feedback on the current OONI Probe mobile apps, as well as on our mockups for the revamped/upcoming OONI Probe mobile apps. To this end, we created and circulated a survey, and interviewed multiple community members. We have many more interviews scheduled for August as well. We also published a blog post sharing the links to the survey, and encouraging community members to participate in usability feedback interviews: https://ooni.torproject.org/post/ooniprobe-ux-survey-and-interviews/ ## Updated test lists We carried out research (https://ooni.torproject.org/get-involved/contribute-test-lists/#test-list-r…) to update the following test lists: 1. South Sudan: https://github.com/citizenlab/test-lists/pull/366 2. Eritrea: https://github.com/citizenlab/test-lists/pull/367 Based on URLs provided by community members, we also updated the following test lists: 1. Uzbekistan: https://github.com/citizenlab/test-lists/pull/363 & https://github.com/citizenlab/test-lists/pull/368 2. Multiple country test lists with Wikipedia domains: https://github.com/citizenlab/test-lists/pull/365 ## Community use of OONI data ### Human Rights Censorship Dashboards: Monitoring internet censorship in Southeast Asia We are thrilled that Southeast Asian communities have set up a regional Open Observatory! Malaysia's Sinar Project launched the Internet Censorship Dashboards project which engages communities all across Southeast Asia with censorship measurement research through the use of OONI Probe and OONI data. The collected measurements will be displayed in a dashboard, enabling local monitoring of and response to regional censorship events. Their project is available here: https://sinarproject.org/digital-rights/updates/human-rights-censorship-das… ### Blocking of websites in Malaysia Malaysia's Sinar Project published a list of censored websites based on OONI data: https://data.sinarproject.org/dataset/list-of-censored-websites/resource/b2… ### Blocking of websites in Burundi CIPESA reported on the blocking of websites in Burundi through the use of OONI Probe and OONI data: https://cipesa.org/2018/07/a-new-interception-law-and-blocked-websites-the-… ### Tor blocking Briar's Torsten Grote created and published data tables that show the blocking of Tor around the world based on OONI measurements. This resource is available here: https://grobox.de/tor/ ## Community activities ### OONI Probe workshop in Albania OONI's Simone and Elio hosted an OONI Probe workshop at the Open Labs Hackerspace in Tirana, Albania, on 6th July 2018. Information about their workshop is available via the following links: https://www.facebook.com/events/396021484219636/ https://wiki.openlabs.cc/faqja/OONI_Probe_Workshop ### Lecture & OONI Probe usability workshop in Ukraine OONI's Maria gave an OONI lecture in Kiev, Ukraine, on 13th July 2018. Information about the event is available here: https://m.facebook.com/events/251993642054831/ She also facilitated a day-long OONI Probe usability workshop in Kiev on 14th July 2018. The aim of this workshop was to introduce local communities to censorship measurement research and collect their feedback on the usability of the OONI Probe apps. As part of the workshop, participants were requested to provide feedback for the current OONI Probe mobile apps, as well as for the mockups of the upcoming/revamped mobile apps. The feedback collected as part of this workshop is guiding the revamp of the OONI Probe mobile apps. ### Cambodia election monitoring Malaysia's Sinar Project leads most OONI community engagement activities across Southeast Asia. Leading up to Cambodia's 2018 elections (29th July 2018), Sinar Project led a campaign to engage locals in Cambodia with OONI Probe testing to montior (potential) censorship events. As part of these efforts, they created customized OONI Run links to measure the blocking of local media and NGO sites, embedded in the following site: https://sinarproject.org/digital-rights/kh-2018-elections/cambodia-2018-ele… ### Community meeting We held a community meeting on Slack (https://slack.openobservatory.org/) on Tuesday, 31st July 2018. As part of our July community meeting, we discussed the following: 1. Updates on internet blackouts methodology and next steps 2. Monitoring internet censorship during Cambodia's elections: Discussion of strategies carried out, lessons learned, feedback for the OONI team, and planned next steps 3. Presentation of Magma: A guide for network measurement and data analysis in risky environments ## Userbase In July 2018, OONI Probe was run 217,316 times from 4,497 different vantage points in 210 countries around the world. This information can also be found through our stats: https://api.ooni.io/stats ~ The OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.torproject.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

[TSoP 2018] Bandwidth scanner update - report #6
by juga 07 Aug '18

07 Aug '18

Hi, since the report #5, these has been the tasks i have worked on: sbws ----- - Create Debian package for sbws (#26848) - Initial autopkg test support - Continue with binaries should have manual pages (man) (#26926) - Continue with warn when there is not enough disk space (#26937) - Continue with check that the scaling is working [0] - Run sbws and Torflow from same box - Generate and graph sbws results with and without rtt - Generate and graph sbws results with a bigger time to download data and with default time - Parse raw torflow results - Graph raw torflow results and sbws - Start scaling sbws results in a similar way as torflow does Cheers, juga. [0] https://github.com/pastly/simple-bw-scanner/issues/182

1 0

Network team meeting notes, 6 August 2018
by Nick Mathewson 07 Aug '18

07 Aug '18

Hi, everyone! Logs here: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-08-06-16.58.html Pad contents below: = Network team meeting pad! = Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == 11 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001828.html 18 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001835.html 25 June: https://lists.torproject.org/pipermail/tor-project/2018-July/001863.html 2 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001866.html 9 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001884.html 16 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001888.html 23 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001926.html 30 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001928.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * Community guides, it's time to hand off to the next guide! * Let's look at proposed tickets! [but see discussion] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases ------------------------------- ---- 6 August 2018 ------------------------------- == Announcements == == Discussion == * Roadmap revision status -- please get back on that by today. https://pad.riseup.net/p/huDStrBDgqi5 * Backlog on reviews -- is anything stuck? * teor: our current rotations give each person 4 weeks on, then 3 weeks off. I'd prefer 1-2 weeks on, 1 week off. - Let's change starting in september, if there are no objections. * ahf on vacation from wednesday and to the 23rd: i have document planning duty this week, then community hero, then bug triage - anybody up for taking these over the next weeks until i am back? I will happily take yours when I'm back :-) - nick does bug triage on week of 8/20 - Need a CH for next week == Updates == nickm: Last week: * PETS backlog * Port RSA code to nss * various subtickets of 25510 (mobile API): * start tor with owning control port (24204) * fix a bug when restarting with version command * API to expose API implementor * Asked for more 25510 (mobile API) feedback * Prepared for 035 roadmap re-triage with Isabela -- sent email * Finished PETS discussion and meta-review * Diagnosed tricky 27003 regression in 034, due to interesting combination of effects. Needs another review; blocking release candidate. * Revised NSS+DH branch based on feedback from catalyst This week: * Release candidate? * Visiting inlaws Thurdsay through Monday; might miss next monday's meeting. * Revising roadmap. - Other TBD: possibly NSS+TLS depending on backlog status. Mike: Last Week: * Continued to update Open Research Topics post. * Can we link it and Chelsea's post on research.torproject.org? Can we replace the stuff that's there? * Fell into a deep rabbithole with vanguards bugfixing * Wrote https://github.com/mikeperry-tor/vanguards/blob/master/README_SECURITY.md - future blogpost on onion service security. * May contain some heresy. Please comment before it's too late! * Wrote a patch to eliminate the last class of unaccounted-for dropped cells in Tor that I would like in 0.3.4. It's just a CIRC_BW event thing for vanguards. Does not affect behavior normally, and does not change the format of CIRC_BW: https://trac.torproject.org/projects/tor/ticket/25573 * Is a merge commit forward from maint-0.3.4 to master still the way we're handling backports after the code reorg? Can I wait on the maint-0.3.4 review for making this? There are some annoying conflicts to deal with. * Have questions for asn/dgoulet: 1. I am noticing RPs being used that are not in my service's current consensus. Is this legit? Can clients use relays that are not in *any* consensus as RPs? (Like if I decide to use a bridge as an RP?) Will other relays prevent this? [This is legal -- clients and onion services aren't required to have the same consensus. A bridge should not serve as an RP or IP, but I'm not sure we prevent that. -nickm] 2. Can I safely close all of those circuits? What happens to clients when rend circs are ignored/closed? [Clients retry another RP if the service does not respond to a RP, but it's slow, because they have to do another intro as well. -teor] 3. Related: Is it better to close a rend circuit right after the extend to the rend point, or ignore the intro before the rend circuit gets built? [For the network? Ignore the intro. -teor] What happens if you never act on an intro request that you successfully ack (or don't ack)? [The intro point acks the intro, not the service. https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n1645 -teor] Is there any difference between either of those and what I'm actually doing wrt performance or security? Can you help me dig/test? (Is ignoring intro requests for certain rends the same as https://bugs.torproject.org/25882 ?) This week: * Sponsor2 report * Catch up on code reviews :/ * Vangaurds release? teor (offline): last week: - I was on the design meetings rotation, but I couldn't find any proposals to progress. I think we did ok with reviewing proposals and updating specs 2 weeks ago. - bwauth mentoring (mainly https://github.com/pastly/simple-bw-scanner/issues/182 ) - PrivCount in Tor: blinding and encryption (#25669, #23126, #26970) - New reviews (#23588) - Fast fixes (#26979, #26986, #23576) - Set up desk and chair - Tor meeting planning - reviewed 0.3.5 roadmap - helped recover consensuses from a Collector outage this week: - I am on the community hero rotation - revise macOS CI for Core Tor (#24629) - Work on PrivCount in Tor blinding and secret sharing branch (#25669) rest of 0.3.5: - Implement PrivCount in Tor noise generation (#26637, maybe #26398) - Merge PrivCount in Tor - Reduce my revision backlog komlo: - Last week: - Reviewed/commented on PrivCount tickets, let me know if we should schedule a meeting to talk over #26970 - This week: - Will finally get the chance to start on #26296, hoping to get a set of initial patches by this week/next week - Prep for RustConf - Send an email this week to aggregate Rust issues that I can check in with Rust people about, such as remaining issues for #25386 ahf: Last week: Sponsor 8: - Helped Arturo with building an embedable Tor .so. Marionette: - Talked with Roger + Georg shortly about Marionette. - Spend some time looking at changes to Marionette since Rome. - Participated in the PT meeting to discuss the above. Misc: - End of month stuff. - Reviewed: #27003, #26903, #26850, #20424, #26952 This week: - Finish all outstanding code reviews before going on vacation. - Write to John from Marionette about contact info etc. in case of troubles with their development efforts. - Make sure everything is good for my Mexico trip. - Go on vacation (8'th of august to 23'rd of august) to do BornHack. Will give a talk on Tor there :-) catalyst: last week (2018-W31): - benefits bureaucracy - reviewed NSS patches some more - reviewed #24649 (macosx builds, really also massive .travis.yml cleanup; thanks teor!) - prop#295 is waiting for Ashur to respond; when should we ping them next? [teor: another week or two?] this week (2018-W32): - ticket review - talk with ahf about #25502 (intermediate PT progress reporting) - create subtickets for #22266 (jump-to-80% problem) and sketch out designs - mikeperry, komlo: is it ok to use/adapt text from your research blog posts for the "big patches" guide? asn: Last week: - Did some triaging on 035/tor-hs tickets. - Looked at some vanguard related issues/code. - Did some more debugging on #26980. - Was on vacations for the better part of the week. This week: - Catch up on backlog from last week. - Do reviews. - Check some updates on ahmia TSOP. - Debug #26980 some more. - Read mike's vanguard updates.

1 0

[TSoP 2018] Ahmia status update ~ report #6
by Stelios Barberakis 07 Aug '18

07 Aug '18

Hello all, This is the biweekly status update for ahmia development, that arrives a bit late, since I should have sent it on Friday. The last two weeks I have been working on: === Ahmia-Site === * Added a "Did you mean" functionality. This utilizes Elasticsearch's fuzziness <https://www.elastic.co/guide/en/elasticsearch/guide/current/fuzziness.html> functionality, and more specifically phrase suggesters <https://www.elastic.co/guide/en/elasticsearch/reference/6.3/search-suggeste…>, to suggest actual terms when a mispell may have happened. For example: https://ahmia.fi/search/?q=snodwen or https://ahmia.fi/search/?q=tor+netork [1] * Changed the search criteria of elasticsearch searches, by 1) using weighted fields <https://www.elastic.co/blog/multi-field-search-just-got-better> and 2) adding 'anchor' and 'content' fields as well. That has improved the first (upper) results in some cases, and also increases the overall results fetched. [2] * Performed an overall html refactoring, to improve the code structure, fix some unmatched tags, etc [3] * A minor improvement on add onion page, makes clearer the response message, and doesn't redirect to new page. [4] * [Ongoing] I have been Integrating PageRank algorithm in order to improve results sorting based on website popularity. For each page we take into account the backlinks from the rest of the onion addresses to calculate its page rank coefficient. An appropriate formula needs to be done to combine this metric with the already elasticsearch relevance score [5] To be committed soon === Ahmia-Index === * Changed the bulk update request on ES aliases, to an iterative one, to prevent any error on the first requests from disrupting the rest of the requests [6] * Separated *add *and *remove *alias, functionality to make the first crawls of each month available from the beginning of the month. [7] [1] https://github.com/ahmia/ahmia-site/issues/25 [2] https://github.com/ahmia/ahmia-site/issues/29 [3] https://github.com/ahmia/ahmia-site/commit/ddcf1a32321a8506f99eaf8c402c0aec… [4] https://github.com/ahmia/ahmia-site/issues/27 [5] https://github.com/ahmia/ahmia-site/issues/30 [6] https://github.com/ahmia/ahmia-index/commit/08952b6609c7d0d8ee82afec4e64a1c… [7] https://github.com/ahmia/ahmia-index/issues/6

2 1

Regenerating storm github login token
by silvia [hiro] 06 Aug '18

06 Aug '18

Hi, We need to re-generate the token associated with the github-login mechanism for storm. So if you use github to login to storm.torproject.org you might have to re-authorise it. This will probably happen tomorrow 7th of August. Talk soon, -hiro

1 0

July 2018 report for the metrics team
by Karsten Loesing 03 Aug '18

03 Aug '18

Hello Tor, hello world! Below you'll find the highlights of Tor metrics team work done in July 2018. On behalf of the Tor metrics team, Karsten Published detailed specifications for reproducing the data behind Tor Metrics graphs [1]. [1] https://metrics.torproject.org/reproducible-metrics.html Published specifications [2] for querying and processing the per-graph CSV files added to Tor Metrics earlier this year. [2] https://metrics.torproject.org/stats.html Added two new graphs [3] to Tor Metrics showing circuit build times [4] and circuit round-trip latencies [5] both of which are based on existing Torperf/OnionPerf data. [3] https://bugs.torproject.org/25774 [4] https://metrics.torproject.org/onionperf-latencies.html [5] https://metrics.torproject.org/onionperf-buildtimes.html Extended Relay Search results tables to show a summary row [6] and made a couple of smaller fixes to improve the aggregated search feature [7, 8]. On relay details pages there are no longer false positive "not recommended" banners on relays that are running newer experimental versions [9] and more properties are linked to be able to perform easy follow-up searches for related relays [10]. [6] https://bugs.torproject.org/25050 [7] https://bugs.torproject.org/25238 [8] https://bugs.torproject.org/25864 [9] https://bugs.torproject.org/25159 [10] https://bugs.torproject.org/25533 Updated metrics-bot to now allow posting tweets up to 280 characters, which is good news for those autonomous systems with longer names [11]. Additionally, updated codebase to increase JavaDoc coverage and to comply with Tor Metrics Java styleguide [12]. [11] https://bugs.torproject.org/26762 [12] https://bugs.torproject.org/24692 Released Onionoo version 6.1-1.15.0 [13] which adds a new "os" parameter to filter relays and bridges by operating system, extends the "as" and "country" parameters by a special country code and AS number to return relays that were not found in the GeoIP database, and deprecates the "host_name" field in details documents in favor of the new "verified_host_names" and "unverified_host_names" fields for more accurate DNS results. [13] https://lists.torproject.org/pipermail/tor-dev/2018-July/013324.html Released CollecTor version 1.7.0 [14] which recognizes the new bridge authority, Serge. [14] https://lists.torproject.org/pipermail/tor-dev/2018-July/013320.html Fully integrated Relay Search into Tor Metrics [15]. [15] https://bugs.torproject.org/25392

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project