- tor-project - lists.torproject.org

Tor Browser Vision Brainstorm: Friday 8th February @ 20:00 UTC
by Pili Guerra 12 Mar '19

12 Mar '19

Hi everyone, We’ll be holding a brainstorming session this Friday 8th February @ 20:00 UTC over on #tor-meeting to discuss our joint vision for the Tor Browser in the near future. Please join us! We would love to hear your views. Thanks! Pili — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

5 7

Tor Browser team meeting notes, 11 March
by Georg Koppen 11 Mar '19

11 Mar '19

Hi! Our weekly meeting just ended, this time without meetbot as it was sick. Thus, here come just notes from the pad this time: Discussion: -browser dev hiring (GeKo: We'll do the next interview on IRC but think it's generally good to "get to know" folks we never met before via a video call before hiring) pospeselr: Last week: #25658 security level patch 29120 uplift investigated #29554, #23359 This week: #25658 fixes: right-to-left language support #29554 patch (fix about:preferences links not working correctly) #23359 patch (https everywhere adds itself back to toolbar on second launch, probably related to our torbutton code pointed out by intrigeri) tjr (probably absent) - Letterboxing: (GeKo: I'll write an email to tbb-dev, probably tomorrow, trying to get answers to all of your questions :) ) My goal for March is to do more data analysis on screen resolutions and put forward a proposal for 'We should use these set of dimensions' Before I do that; I'd like to get confirmation that this is something Tor Browser wants to at last try to ship in Alpha. My questions: - if it was ready in a 60-based Alpha would you ship it then or would you want to wait until 68? - what is the minimal viable product user experience wise? - does the margin needed different color or watermark? - do you need a button to disable it globally or after an individual resize? - do you need it to work on mobile? - for very low resolution - under 100 pixels in a dimension - does it need to do something intelligent or just not do any margins at all? - does it need a user walkthrough explainer? (Probably I think... maybe you can start thinking of how that would look?) - My current analysis is of the form https://ritter.vg/misc/ff/Content%20Resolution%20Analysis.html - See next steps in particular about defining a ftness function) - Is this an appropriate path forward? How often do you want me to stop and get review and from whom? - (I'm optimistic that this python based analysis it Is flexible enough that it can be easily changed, so I could to perform most of the analysis without bugging people) Reminder, it is in Nightly under the pref (you must add it) privacy.resistFingerprinting.letterboxing mcs and brade: Last week: - Fixed #29445 (Tor Browser is denying ESR policies.json). - Fixed #22402 (Improve the "For assistance" link). - Posted patches for #29440 (Update about:tor when Tor Browser is updated). - Posted a revised patch for #29627 (Moat: add support for obfsproxy's meek_lite). - Reviewed the Tor Launcher patch in #29430 (Use uTLS for meek TLS camouflage in Tor Browser). - Started review of #25658 (security slider replacement). - Helped with triage of incoming bugs. This week/soon: - Review #25658 (security slider replacement). - Work on #28628 (Introduce New Security Settings to users). - Investigate #29630 (TorBrowser creates empty directory in "/tmp”). - Investigate #27484 comment:13 (DDG onboarding doorhanger disappears after tab switch). - For #28044, revise proposal 102 to take into account intrigeri’s comments as well as some things we learned during implementation. - Review the Firefox updater security audit report. GeKo: Last Week: -reviews (#29194, #27486, #29445, #22402, #28329, #29572, #29440) - updated my patch for #28802 - investigated broken git repo updating in our build system (#29572) - finish begin-of-the-month team admin stuff This week: - release prep - help with reviews for the alpha release - antonela: we could need some UI guidance for the New Identity for Android feature (#28800) - how do we introduce the new security slider feature to users that already have done the UI tour? After all the bubble just says: "New to Tor Browser? Let's get started." Do we in general need a different pointer for newly introduced features? (GeKo: Antonela updates the ticket (#28628) with points that came up during the discussion) [tjr] Moz did that for the new tracking protection, it was a three step tutorial thing sisbell: Last week: - 29313: tor-android-service browser build (ready for review) - removed native build, added back in classes that Firefox android app needs - 29574 Configure Orbot project to use TOPL (ready for review) - fixes for duplicate class errors - 29575 Configure Firefox project to use TOPL (ready for review) - tested integrated APK - opened a couple of issues at TOPL project, opened issue at Orbot project regarding moving android resources from orbotservice to app module - looking to move tor-android-service project hosted on GitHub to guardianproject or torproject This Week: - Resolve bug where final bootstrap is not updating in UI in Android Browser - Work on moving resources out of orbotservice and tor-android-service libraries - submit PR for various fixes to TOPL project - respond to any code reviews antonela: Last week: - #29440 Update about:tor UI review - #25658 Security Settings UI review - #28628 Introducing the new Security Settings This week: - Mozilla/Tor monthly meeting: Anything we want to show? - 8.5 Review, TBA and TB - #28800 - New Identity - Letterboxing sysrqb: - Last week: #28329 (TBA configuration UI) BridgeDB patch review - This week #28329 testing and integration Release prep boklm: Last week: - made some patches for: - #25876 (Source release tarballs for Tor Browser) - #29572 (Fetching latest commits fails when building testbuilds) - #29675 (Nightly build should fail if "make fetch" fails) - #29667 (Add android-x86 to nightly builds) - updated patch for #26323 after review comments (Build 32bit Linux bundles on 64bit systems) This week: - continue work on #27137 and testsuite - some reviews - work on #25623 (Disable network during build) - help with build of new releases pili: Last week: - Outreachy application - UX ticket triage This week: - Start thinking about capacity planning for browser team - Start planning for OTF Onion Services proposal - Sponsor 8 Final report - Tor Browser 2 year vision write up - still very late with this!! - More UX ticket triage Georg

1 0

Network team meeting notes, 11 March
by Nick Mathewson 11 Mar '19

11 Mar '19

Hi! Here are the notes from our meeting of today. Meetbot is still down, so there's no log to attach. = Network team meeting pad! = This week's team meeting is at Monday 11 March at 1700 UTC on #tor-meeting on OFTC. Welcome to our meeting! First meeting each month: Tuesday at 2300 UTC Other meetings each month: Mondays at 1700 UTC until 3 November 2019 On #tor-meeting on OFTC. March schedule: * Tuesday 5 March at 2300 UTC * Monday 11 March at 1700 UTC * Monday 18 March at 1700 UTC * Monday 25 March at 1700 UTC April schedule notes: * Monday 22 April is an Easter public holiday May schedule notes: * teor will be on leave at the start of May (This channel is logged while meetings are in progress.) (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == (Search the list archive for older notes.) 11 Feb: https://lists.torproject.org/pipermail/tor-project/2019-February/002214.html 19 Feb: https://lists.torproject.org/pipermail/tor-project/2019-February/002225.html 25 Feb: https://lists.torproject.org/pipermail/tor-project/2019-March/002236.html 5 Mar: https://lists.torproject.org/pipermail/tor-project/2019-March/002244.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? We're using a kanban board: https://storm.torproject.org/shared/_mx8PMGOHFBOximocl1gy3COvhLPr6k3Ja7JA1v… <-- filter by your name and check the 'in progress' column is correct. * Check reviewer assignments! Here are the needs-review tickets, by reviewer: https://trac.torproject.org/projects/tor/query?status=needs_review&reviewer… Here are the outstanding reviews, oldest first: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… Including sbws: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… Core Tor/sbws is now part of the bug triage, CI, and reviewer assignment roles == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases * Remember to fill up the 'actual point' field when you close a ticket. We need those to calculate velocity. * Add planned PTO to the calendar https://storm.torproject.org/shared/ISA5L5nH0Xu88iqSCx9ZjCXYSMKOBTdbUeWarbd… * Check other's people call for help in their entries. ------------------------------- ---- 11 March 2019 ------------------------------- == Announcements == - The master branch is now 0.4.1.x; 0.4.0 development will continue in maint-0.4.0. - No more backports to 0.3.3; support ended a few weeks ago! - if you're a maintainer, please update your git scripts from the tor repository! - US DST began last Sunday; let's be careful for schedules next week [catalyst: are we going to follow US DST for the Monday meetings as we have before?] yes -- previously decided that Monday meetings move with US DST; see https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam We need to prioritize sbws's reviews this month as Juga is wrapping up their work in March. == Discussion == === Fixing IPv6-only network failures === Tor Browser is going to test the new ClientAutoIPv6ORPort option in Tor Browser Alpha. (Geko says, "looking at teor's comment in #29641 it seems we need #27647 fixed first?") === Tor Meeting === Does the network team have an extra roadmap day? we will only have 3 days in total (12, 13, 14th of July) When can we book tickets? wait a little please === Policy planning === We're still seeing how the draft merge policy works: review at the end of March. Can we review it the first week of April? Let's talk about the team capacity policy when Gaba gets back? Yes. I will be back the first week of April. == Recommended links == "Tech companies could change these things to make your life easier and protect your digital security and privacy. Why haven’t they yet?" https://fixitalready.eff.org/ On gitlab release management (they have a role that rotates) https://gitlab.com/gitlab-org/release/docs/blob/master/general/monthly.md == Updates == NOTE NEW FORMAT! Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: - Something you may need help with. PLEASE DO NOT BULK-DELETE THE OLD ENTRIES! Leave the "Planned" parts! Leave the parts for last week and this week! gaba: Week of 03/04 (actual): - processes https://gitlab.com/gabelula/tor-documentation-processes Week of 03/11 (planned): - tor scaling meeting - roadmap checking before leaving - traveling on the 14th teor: (online!) Week of 4 Mar (planned): Roadmap Coding (3 days per week): - Bandwidth stats for PrivCount: #29019, #17036, #29005 Roadmap Reviews: - nickm's chutney/tor CI tickets Other: - Update merge scripts to remove 033 - Large reviews - Put the merge policy on the wiki - Triage my email - Leave admin - Blocked: Stable maintainer triage and merges Week of 4 Mar (actual): Roadmap Coding (3 days per week): - Bandwidth stats for PrivCount: #29019, #17036, #29005 - CI with Chutney/Tor: #29703, #29729, #27912, #29280 Reviews: - 9/10 assigned reviews, including roadmap reviews - Didn't do #23588, because it's waiting on other tickets (see ticket for details) Other: - Bugfixes for #28656, #29643, #29706 - Revised #29640, #23576 - Ticket herding and opening bugfix tickets - Updated my user page, so the tickets are in priority order - Helped diagnose a bunch of different bugs, including #29707 in sbws - Partly Blocked: Stable maintainer triage and merges Week of 11 Mar (planned): Bug triage rotation - Write nice page with queries for bug triage rotation, like https://trac.torproject.org/projects/tor/wiki/user/teor Roadmap Coding (3 days per week): - CI with Chutney/Tor: #29729, #27912, #29280 - Backport merges for CI with Chutney/Tor - Bandwidth stats for PrivCount: #29019, #17036, #29005 - Rearrange the commits in a nice order on a bunch of new branches Roadmap Reviews: - Review nickm's parts of the CI with Chutney/Tor tickets - Other assigned reviews Other: - After chutney CI merges, do other stable maintainer triage and merges - Leave admin - If I have any time left over, review admin backlog, and plan other admin Blocked: (I wrote this list on Friday - it might be outdated) Dev work and merges are slow due to lots of CI failures: - Intermittent CI failures: Fixes needed: #29500 (circuit padding time) #29693 (circuit padding stochastic) #29437 (test-stem) Review and merge needed: #29706 (SRV memory management) Help with: Nick: Week of 4 March (planned): - Come up with a list of recommended versions - Reviews, merges. There are some big branches here, so I'll need longer than usual - Update my rup.py example code for the latest prop295 - Find some 040-must items to finish - Next steps on CI (ask teor) - Next steps on pubsub (pending catalyst review) Week of 4 March (actual): - Reviews and merges -- lots. these took a lot of time. - Made list of versions to un-recommend - Examined test determinism. Need to ask George and Mike about PRNG determinism on padding tests. - Fixed fork issues in thread-prng code (#29668) - Tons of email & meetings :/ Week of 11 March (planned): - Next steps on CI: get travis support running on chutney, and chutney in tor's travis. [Pending Teor's revisions on #27912] - Next steps on pubsub (per catalyst's review) - Work on #29357 (ActiveOnStartup option for TB) as an 040-must item - Update my rup.py example code for the latest prop295 - Sponsor 31 meeting - Scaling meeting - Possibly, kick off work on some more of my sponsor 19 and 31 stuff. - 29223 standardized abbrevs? - 29269 bridge stats? dgoulet (missing meeting): Week of 25 Feb (actual) - Proposal changes with teor on #26288. Code was put in needs_review. - BridgeDB tickets. The majority is in needs_review waiting on sysrqb. - Worked on the git maintenance scripts. - Reviews and open couple tickets. Week of 4 Mar (planned) - AFK. Mike: Week of 3/04 (planned) - Finish #29204 and #29494 - More research and scaling mails Week of 3/04 (actual): - Finished #29204 - Worked on reproducing a vanguards issue; found some onion service bugs - Lost glasses; got sick :/ Week of 3/11 (planned): - Vanguards workarounds for onion service bugs - Tor scalability - #28686 (Nick's stray review comments for wtfpad) - #28780 - flag for keeping circuit open (asn: are we sure this is actually needed?) catalyst: week of 03/04 (2019-W10) (planned): - reviews - finish up commenting on pubsub - expense reporting - make some progress on #28925 (distinguish proxy vs PT in bootstrap) if pubsub stuff works out well week of 03/04 (2019-W10) (actual): - rotations - finished POC hooking up pubsub to bootstrap -- builds but fails tests because pubsub isn't connected to mainloop yet - more comments on pubsub - chatted with juga somewhat about strategies to manage working simultaneously on multiple branches in git - updated wiki to clarify meeting times a bit better (including which canonical time zone is canonical for each meeting) week of 03/11 (2019-W11) (planned): - reviews - write up architectural comments on pubsub - work with nickm on pubsub revisions - work some more on #28925 (distinguish proxy vs PT in bootstrap) based on previous work hooking up pubsub to bootstrap help with: - nickm, progress on #28925 would go more smoothly if you can commit some patches to your pubsub pull request to hook up pubsub to the mainloop. do you think you'll have time to do this soon? - okay, will try to do it this week -nickm juga: Week 4 March (planned): - Release sbws 1.0.3 - Test all the children to Monitor relays that are not measured by each sbws instance (#28547) in the public network and fix them if need it Week 4 March (actual) - Released sbws 1.0.3 - Worked on AsyncResults have no timeout (#28864) - Worked on sbws keeps the number of AsyncResults less than the number of threads #28865) - Worked on Create an script to automate releases (#29294) - Worked on Add KeyValues to monitor relays that are not measured (#29591) - Created (unofficial) debian package/helped dirauth to set sbws(#29290) - Worked on converting correctly units, catched thanks to deploying in production sbws (#29707) - Revised and merged tickets - Created new tickets which i should get done at the end of the month - Closed tickets that do not apply anymore Week 11 March (plan) - New patch release with #29707 fix (and new unofficial debian package) - Work on or merge Stop the integration tests http server when the tests end (#28774) - Work on or merge Create an script to automate releases (#29294) - Continue with Work out how sbws can report excluded relays in the bandwidth file (#28563) - When sbws stops making progress, log a warning (#28652) - Work out how long it takes sbws to measure the network (#28983) Needs help with: - Questions in https://pad.riseup.net/p/fRWXN94cRnJDhJHBj1yt (you can just reply there) asn: [It's public holiday in Greece (clean monday). I will probably be outside for dinner tonight.] Week of 03/04 (actual): - Pushed #29221 into needs_review. - Started work on #28636. Mid-way there. - Pushed #29298 revisions. - Did merges. - Did reviews. Week of 03/11 (planned): - Do revisions for #29221, #29298. - Finish up roadmap task #29298. - Do pending merges/reviews. - Check updates on #5708. - Check new HSv3 bugs that dgoulet opened (#29665, #29669). Help with: ahf: Week of 3/5 (planned) Sponsor 19: - Finish #29207 - Talk with cohosh, gaba, and kat about Report #2 Misc: - End of month stuff: Harvest etc. Week of 3/5 (actually): Sponsor 19: - Talk with cohosh about splitting up #29207 (and that will also have to happen for #29206). - Look into GeoIP interface in Tor and how we should handle that in Snowflake (cohosh just opened #29734 for this). - Ditched trying to do JSON Schema stuff in Go for #29207/#29206 since it became too weird to work with. We should do it after the prototype works. Misc: - Reviews. - Did EOM stuff. Week of 3/11: Sponsor 19: - Report #2 meeting Tuesday. - Continue with #29207/#29206 with Cohosh. - Document protocol changes for #29207/#29206

1 0

Tor Browser Release Meeting - Wednesday 13th March @ 19UTC
by Pili Guerra 11 Mar '19

11 Mar '19

Hi everyone, Just a reminder of this week’s Tor Browser Release meeting: Wednesday 13th March at 19:00 UTC on #tor-meeting as usual PSA: Please check your UTC conversions if you’ve changed your clocks this weekend as this may be at a different time to what you are expecting :) We’re full steam ahead for the security release early next week and the 8.5 stable release at the end of the month so it’s a good time to come talk to us about that. Please come with your requests, questions suggestions… we look forward to seeing you there. Thanks! Pili — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

1 0

February 2019 in sysadmin land
by Linus Nordberg 11 Mar '19

11 Mar '19

Hi Tor, Here's what February looked like to the sysadmin team. # What's been done - We have hired anarcat! - Experimenting with full disk encryption of VM's. - GitLab VM setup (re: #29402). - Migration of the CiviCRM systems to new VM's with a recent OS. - Experimenting with Prometheus for trend analysis (re: #29681). - The ordinary resolving of requests and bug reports, as can be followed better over at [tickets]. [tickets] https://trac.torproject.org/projects/tor/report/44 # Upcoming new things - Getting anarcat up and running. - Trying out NextCloud for some set of Tor people, as a replacement for SVN, Sandstorm and possibly more (re: #29415). # Fact of the month Our backup server holds system backups for 77 hosts. Currently there are 338 full backups and 11886 incremental backups consuming 13 TB. Apart from system backups, we have PostgreSQL backups for five hosts, eating another 280 GB.

3 3

February 2019 report for the UX team
by Antonela Debiasi 11 Mar '19

11 Mar '19

Hello Tor, We started February in the cold Brussels. Elio and I presented the OONI and the UX team work at the Open Design dev room during FOSDEM. We got a packed room with a lot of people interested in design. Thanks, Bernard, Victoria, and Jan for the invite! You can see our presentations here https://fosdem.org/2019/schedule/track/open_source_design/ We focused our February efforts on having everything set to launch the new torproject.org. Thanks to all the people who helped us reporting bugs and sharing feedback! https://lektor-staging.torproject.org/tpo/ The community team has been traveling through India and Indonesia, and we ran user research on those countries too. Caroline is working on reporting findings of this material, and we will share it with the lists next month. Elio has been working on the new OONI Explorer redesign for a few months and now is done and under development. Take a look at the final versions https://www.figma.com/file/Z6PtVLW7YkqcTRIRsO2Qzg/Explorer-Country-Pages In collaboration with the Community team, we created outreach material focusing on the different types of user needs and expectations we have at our user base. We wrapped this project during February, and we are going to share it with our community during IFF. Come to grab one! https://share.riseup.net/#TuZ3elR8vt8WuKHtXfrw5w Last but not least, we have a #tor-ux room now (!) We are experimenting with this channel to have kickoff of new projects, tickets triage, and discussions about the work we are doing. So, if you are interested in seeing a lot of emojis, join us! Thanks, A

1 0

Tails report for February, 2019
by intrigeri 10 Mar '19

10 Mar '19

Hi, Here is a summary of what happened in Tails land in February, 2019. Online version with additional links: https://tails.boum.org/news/report_2019_02/ This month has seen the highest number of Tails boots per day ever: 27% more than a year ago! This is motivating: it confirms that Tails is useful and relevant. Releases ======== * Tails 3.12.1 was released on February 13. A critical vulnerability in the Skia library, used by Firefox and Chrome to render graphics, prompted this emergency release. * Tails 3.13 is scheduled for March 19. Code ==== - We have coordinated with the Tor Browser team wrt. the scope and timeline of upcoming big changes that will impact our work. - We have implemented a potential fix and a mitigation measure for a longstanding bug: `persistence.conf` sometimes becomes empty. - We have prepared a number of updates for Tails 3.13: - Debian Stretch 9.8, merged - Linux 4.19.20, merged - Tor 0.3.5, in progress - We released new versions of the verification extension to fix usability and security issues: - Download page is not refreshed when verification extension is installed. - Verification extension should not be detectable as per Sjösten, and al. - Updated to Forge 0.8.0. Documentation and website ========================= - We improved the known issue about clock going backwards. User experience =============== - We published 3 personas that describe the target audience of Tails: https://tails.boum.org/contribute/personas/ - We contracted visual artists to work on a video to explain how to start Tails (and use the boot menu key). - We analyzed why some people are wiping their persistence while upgrading with USB images. - We investigated outgoing network connections initiated by Etcher and researched how to solve the privacy concerns we have with them. Hot topics on our help desk =========================== 1. Electrum users are complaining about the fact that it may need to be upgraded. 2. Some people are affected by a regression with some Intel graphics cards (Braswell, Kaby Lake). 3. Partially applied automatic upgrades still cause trouble to some users. Infrastructure ============== - We took one more step towards making our CI feedback loop shorter: we've ordered sample candidate hardware. Next step is to benchmark it. - The sysadmin team met a few times to update our plans for next year. - We've helped upstream a solution to the dreaded ikiwiki PO vs. inlines bug. - As part of our effort to migrate to better maintained Puppet modules, we've switched to the puppetlabs/mysql module. - We fixed the remaining known regressions that were introduced where we migrated our website from _Apache_ to _nginx_. - We started discussing our strategy and timeline towards migrating to GitLab. Funding ======= - The 2 applications that we submitted to the NLnet NGI Zero PET project got rejected. Outreach ======== Past events ----------- - emmapeel and sajolida attended FOSDEM in Brussels. Upcoming events --------------- - Estrella Soria will organize a Tails workshop at the Cyborgrrrls technofeminist gathering: https://twitter.com/tecnochamana/status/1103659283449819137 on Thursday March 14 in MedialabMX, Ciudad de México. - sajolida and emmapeel will be at the Internet Freedom Festival on April 1-5 in Valencia, Spain. sajolida will hold there a workshop on creating usable tools from day one with paper prototyping: https://platform.internetfreedomfestival.org/en/IFF2019/public/schedule/cus… Press and testimonials ====================== - schabenstolz explains how to hide a Tails USB stick *inside* a ThinkPad X230 and connect it to an invisible switch to start on either the hard disk or the internal Tails USB stick: https://steempeak.com/blog/@schabenstolz/a-hidden-usb-stick-in-the-laptop-o… Translations ============ All the website --------------- - de: 47% (2634) strings translated, 8% strings fuzzy, 43% words translated - es: 54% (3015) strings translated, 4% strings fuzzy, 45% words translated - fa: 34% (1876) strings translated, 11% strings fuzzy, 35% words translated - fr: 93% (5176) strings translated, 1% strings fuzzy, 93% words translated - it: 35% (1939) strings translated, 6% strings fuzzy, 30% words translated - pt: 27% (1516) strings translated, 8% strings fuzzy, 23% words translated Total original words: 59517 Core pages of the website ------------------------- - de: 71% (1248) strings translated, 12% strings fuzzy, 73% words translated - es: 80% (1412) strings translated, 9% strings fuzzy, 81% words translated - fa: 34% (615) strings translated, 13% strings fuzzy, 33% words translated - fr: 98% (1745) strings translated, 1% strings fuzzy, 99% words translated - it: 63% (1107) strings translated, 17% strings fuzzy, 65% words translated - pt: 45% (794) strings translated, 14% strings fuzzy, 48% words translated Total original words: 16467 Metrics ======= * Tails has been started more than 725 034 times this month. This makes 25 894 boots a day on average, which is an all time record :) * 10 065 downloads of the OpenPGP signature of a Tails USB image or ISO from our website. * 71 bug reports were received through WhisperBack. (How do we know this? https://tails.boum.org/support/faq/#boot_statistics) Cheers, -- intrigeri

1 0

Network team meeting notes; March 5
by Nick Mathewson 08 Mar '19

08 Mar '19

Hi! It looks like meetbot.debian.net is down right now, so I can't past the link to the chat today. But here are our notes from the meeting: = Network team meeting pad! = This week's team meeting is at Tuesday 5 March at 2300 UTC on #tor-meeting on OFTC. Welcome to our meeting! First meeting each month: Tuesday at 2300 UTC Other meetings each month: Mondays at 1800 UTC On #tor-meeting on OFTC. March schedule: * Tuesday 5 March at 2300 UTC * Monday 11 March at 1700 UTC * Monday 18 March at 1700 UTC * Monday 25 March at 1700 UTC April schedule notes: * Monday 22 April is an Easter public holiday May schedule notes: * teor will be on leave at the start of May (This channel is logged while meetings are in progress.) (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == (Search the list archive for older notes.) 22 Jan: https://lists.torproject.org/pipermail/tor-project/2019-January/002184.html 11 Feb: https://lists.torproject.org/pipermail/tor-project/2019-February/002214.html 19 Feb: https://lists.torproject.org/pipermail/tor-project/2019-February/002225.html 25 Feb: https://lists.torproject.org/pipermail/tor-project/2019-March/002236.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? We're using a kanban board: https://storm.torproject.org/shared/_mx8PMGOHFBOximocl1gy3COvhLPr6k3Ja7JA1v… <-- filter by your name and check the 'in progress' column is correct. * Check reviewer assignments! Here are the needs-review tickets, by reviewer: https://trac.torproject.org/projects/tor/query?status=needs_review&reviewer… Here are the outstanding reviews, oldest first: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… Including sbws: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… Core Tor/sbws is now part of the bug triage, CI, and reviewer assignment roles == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases * Remember to fill up the 'actual point' field when you close a ticket. We need those to calculate velocity. * Add planned PTO to the calendar https://storm.torproject.org/shared/ISA5L5nH0Xu88iqSCx9ZjCXYSMKOBTdbUeWarbd… * Check other's people call for help in their entries. ------------------------------- ---- 5 March 2019 ------------------------------- == Announcements == - The master branch is now 0.4.1.x; 0.4.0 development will continue in maint-0.4.0. - No more backports to 0.3.3; support ends on Thursday! - US DST begins this coming Sunday; let's be careful for schedules next week [catalyst: are we going to follow US DST for the Monday meetings as we have before?] yes -- previously decided that Monday meetings move with US DST; see https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam == Discussion == === Review Assignments === We need to prioritize sbws's reviews this month as Juga is wrapping up their work in March. When we assign reviews, can we skip people who are on leave? Before we go on leave, can we give away our reviews? === Recommended Versions === Are these okay for versions to recommend in the directory: 0.2.9: 0.2.9.14 and later on clients; 0.2.9.15 and later on relays 0.3.3: no versions 0.3.4: only 0.3.4.10 and later, because of #28912 and #28245. 0.3.5: only 0.3.5.7 and later, because of #28912 and #28973. 0.4.0: 0.4.0.1-alpha and 0.4.0.2-alpha. ? In particular, I am claiming that TROVE-2019-001 and #29175 are not critical enough to make us unrecommend affected versions in the consensus. Is that right? -NM teor says: #29175 seems ok, your socks port should not be open to the world. For TROVE-2019-001, maybe relays and onion services should upgrade? Relay ops are reporting that it fixes memory usage issues. === Getting Help === What's the best way to get other people to help me with blockers? For example, backports are really slow due to Appveyor. I put a fix in #29601 on Thursday last week, and asked if someone to review it on IRC. Should I ask a specific person on IRC? Or is there a better contact method? === Fixing IPv6-only network failures === Tor clients don't work on IPv6-only networks, and it's starting to affect more users (#29641). There are config options that switch a client to prefer IPv6, but they aren't on by default. (If they are set the wrong way for the current network, they interact badly with the 0.3.0 guard code, because they cause too many connection failures.) When can we spend some time on getting tor clients working on IPv6-only networks? === Tor Meeting === - Brainstorming Tor meeting invites - is there anyone that we're working with a lot that we want to make sure is invited? === Policy planning === == Recommended links == == Updates == NOTE NEW FORMAT! Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: - Something you may need help with. PLEASE DO NOT BULK-DELETE THE OLD ENTRIES! Leave the "Planned" parts! Leave the parts for last week and this week! gaba (possible offline or lurking): Week of 02/25 (actual): - continue on https://gitlab.com/gabelula/tor-documentation-processes - track sponsors & update roadmaps on wiki for each sponsor Week of 03/04 (planned): - processes https://gitlab.com/gabelula/tor-documentation-processes - I will be offline the last 2 weeks of March but still reachable by signal. teor: (online!) Week of 25 Feb (planned): Roadmap Coding (3 days per week): - Plan my coding tasks after trimming Sponsor V Other: - Make Sponsor V smaller (24 points) - must be done before I start new coding tasks! - Send out release capacity meeting time - Blocked: Merge some merge_ready tickets - Blocked: Stable maintainer triage and merges - Leave admin (deferred) - Large reviews (deferred) Week of 25 Feb (actual): Roadmap Coding (3 days per week): - Get bandwidth counters working (#29019 and children) Other: - Release capacity meeting prep / revised proposed tickets process - Email backlog: draft proposal and policy comments, admin, etc. - 7/9 assigned reviews, including sbws reviews, and small reviews - Did some extra reviews (#29280, #28525, #26288, #29500) - Made Sponsor V smaller, and re-planned roadmap coding - CI/Coverity rotation: Fixed some urgent CI bugs (#29530, #29599, #29601) - Work out merge process, set up merge environment - Do some backport merges (#29145, #29599, #25116, #25113, #24903) - Clear out 033-backport, because 0.3.3 is no longer supported Week of 4 Mar (planned): Roadmap Coding (3 days per week): - Bandwidth stats for PrivCount: #29019, #17036, #29005 Roadmap Reviews: - nickm's chutney CI tickets Other: - Update merge scripts to remove 033 - Large reviews - Put the merge policy on the wiki - Triage my email - Leave admin - Blocked: Stable maintainer triage and merges Week of 4 Mar (actual): Roadmap Coding (3 days per week): - Bandwidth stats for PrivCount: #29019, #17036, #29005 Reviews: - 9/10 assigned reviews - Added a comment to #23588 explaining the extra work that needs to be done before I can review it. Other: - Bugfixes for #28656, #29643 - Revised #29640, #23576 - Ticket herding and opening bugfix tickets - Updated my user page, so the tickets are in priority order - Un-assigned a bunch of tickets that I won't be doing in the next 2 months Blocked: - Intermittent CI failures: #29500, #29693, #29437 Help with: Nick: Week of 25 Feb (planned) - Respond to ADL folks - Lots of email - More reviews: catch up - Discuss merging policy - Work on map_anon test breakage (29534) - Chutney CI work Week of 25 Feb (actual): - Reviews, merges - Answer lots of email - Work on policy proposals - Various CI&Chutney tickets: 29712, 29618, 29583 - Bugfix for map_anon test (29534?) Week of 4 March (planned)P: - Come up with a list of recommended versions - Reviews, merges. There are some big branches here, so I'll need longer than usual - Update my rup.py example code for the latest prop295 - Find some 040-must items to finish - Next steps on CI (ask teor) - Next steps on pubsub (pending catalyst review) dgoulet (missing meeting): Week of 25 Feb (actual) - Proposal changes with teor on #26288. Code was put in needs_review. - BridgeDB tickets. The majority is in needs_review waiting on sysrqb. - Worked on the git maintenance scripts. - Reviews and open couple tickets. Week of 4 Mar (planned) - AFK. Mike (likely will miss meeting) Week of 2/25 (planned) - Discuss #29494 ideas with dgoulet - Hopefully start on #28780 - Investigate potential vanguards false positive Week of 2/25 (actual): - Discussed #29494 ideas with dgoulet; pondered - Worked on scalability mails & pad - Mails with researchers - Investigated #29500 Week of 3/04 (planned): - Finish #29204 and #29494 - More research and scaling mails catalyst: week of 02/25 (2019-W09) (planned): - expense reporting (probably for reals because various statements have closed with posted transactions that were previously pending) - reviews - proof of concept of adapting some bootstrap reporting code to pubsub as part of #28226 review week of 02/25 (2019-W09) (actual): - reviews - some progress on POC adapting bootstrap reporting to pubsub - more review comments on pubsub - got some updates from dgoulet about what's needed to make a bridgedb release, including one open issue that already has a ticket open - medical bureaucracy week of 03/04 (2019-W10) (planned): - reviews - finish up commenting on pubsub - expense reporting - make some progress on #28925 (distinguish proxy vs PT in bootstrap) if pubsub stuff works out well juga (offline): Week 25 Feb (planned): - Merge pending tickets in 1.0 milestone - Release sbws 1.0.3 - Test all the children to Monitor relays that are not measured by each sbws instance (#28547) in the public network and fix them if need it Week 25 Feb (actual): - Merge pending tickets in 1.0 milestone - Test new master in the public network - Create debian package - Test debian package in the public network - Moved to 1.1 milestone tickets not that prioritary - Revisions - Wored on Timeout waiting for measurements (#28864, #28865) - Planned March Week 4 March (plan): - Release sbws 1.0.3 - Test all the children to Monitor relays that are not measured by each sbws instance (#28547) in the public network and fix them if need it Needs help with: - strategy to work with several branches that touch same code without ending in git merge/rebase pain? (to talk tomorrow in irc?) - note: additionally, sometimes i need to work on several tickets at the same time to test them all together asn: Week of 02/18 (planned): - Move towards finishing up #29298 after getting Mike's feedback. - Discuss more about WTF-PAD future. - Start looking into roadmap task #29221. - Do reviews. - If time permits, read Tim's response to "walking onions" thread wrt onion services. Week of 02/18 (actual): - Did revisions on #29298 after Mike's review. I think this is probs ready after a final review and a squash. - Discussed onionbalance proposal with dgoulet and Nick. Interesting developments I need to write down. - Discussed merge policy. - Discussed [tor-researchers] mailing list processes with Iain and Chelsea. - Did reviews. Week of 02/25 (planned): - Get #29298 merged. - Do roadmap item #29221. - Start scoping down open 040-must bugfixes like #29527 and #28970. - Write down the onionbalance v3 discussion. Help with: - Mike can you handle the appveyor #29500 bug? ahf: Week of 2/25 (planned) Sponsor 19: - Update Broker.markdown with Cohosh's comments on #28848 and close it. - Continue work on #29207. - Work with Cohosh on the Marionette bridge instance for the application team (#26920) - Talk with Kat and Gaba about Report #2 Misc: - Solve bootstrap-with-PT cancelling crash on Windows on #29562 - Try to reproduce asn/mikeperry's issue from #29500 on Windows Week of 2/25 (actually) Sponsor 19: - Finished #28848 together with cohosh. - Manage to get cohosh's docker testing environment up and running (#29489) - Continued work on #29207. Misc: - Fixed bootstrap-with-PT cancelling crash issue on Windows on #29562 - Spend some time trying to reproduce #29500, but without success. Gave up in the end. - Second review of David's authenticated sendme work in #26288 Week of 3/5 (planned) Sponsor 19: - Finish #29207 - Talk with cohosh, gaba, and kat about Report #2 Misc: - End of month stuff: Harvest

1 0

February 2019 report for the Tor Browser team
by Georg Koppen 08 Mar '19

08 Mar '19

Hello! In February the Tor Browser team made two releases, 8.0.6 and 8.5a8, mainly to pick up a security bugfix for Firefox[1]. Apart from that we worked on four major projects during the month: 1) Getting Tor Browser for Android ready for the next big alpha milestone: we got pluggable transport support working[2] and are currently finalizing our new UI[3]. With a bit of luck we can even test the enhanced Tor Onion Proxy Library (TOPL) in our next alpha as well, which will finally allow us to drop Orbot as a dependency.[4] 2) Integrating Tor Launcher into tor-browser[5]: this is basically done and awaiting review and further testing in upcoming alphas. The tighter integration into the browser code itself will allow us an easier transition to the next major Firefox release and removing Tor Launcher from the extension signing exceptions. 3) Cross-compiling our Linux 32-bit bundles on 64-bit machines[6]: we faced out-of-memory scenarios on some build machines when compiling 32-bit Linux bundles. They should be gone now with the cross-compilation. This is especially important for our switch to the next Firefox ESR which will very likely require even more resources to build Tor Browser. 4) Redesign of our security controls[7]: we like to make our security slider easier accessible and integrate it more into Tor Browser while we restructure our toolbar[8]. A patch for this feature is under review and will hopefully be available in the next alpha for further testing. The full list of tickets closed by the Tor Browser team in February is accessible using the `TorBrowserTeam201902` keyword in our bug tracker.[9] In March we'll continue polishing Tor Browser for Android, preparing a first stable release. This will be Tor Browser 8.5 which we hopefully get out at the end of the month. We have a number of tickets on our radar for that major release, which are still open, and that can get queried with the `tbb-8.5` keyword.[10] We'll see how far we get with those. Apart from release preparations we plan to finish our work on getting our testsuite[11] back into a usable shape and to work on our new mingw-w64/clang-based toolchain for Windows cross-compilation.[12] All tickets on our radar for this month can be seen with the `TorBrowserTeam201903` keyword in our bug tracker.[13] Georg [1] https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexit… [2] https://bugs.torproject.org/28802 [3] https://bugs.torproject.org/28329 [4] https://bugs.torproject.org/27609 and child tickets [5] https://bugs.torproject.org/28044 [6] https://bugs.torproject.org/26323 [7] https://bugs.torproject.org/25658 [8] https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/101-secur… [9] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [10] https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb… [11] https://bugs.torproject.org/27105 and child tickets [12] https://bugs.torproject.org/28716 [13] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…

1 0

Notes from March 7 2019 Vegas team meeting
by Karsten Loesing 08 Mar '19

08 Mar '19

Notes for March 7 2019 meeting: Georg: 1) Dev meeting invites Steph: 1) Answered questions for the internet health report. 2) Preparing for Libreplanet panel and booth. 3) Taking part in a small campaign for the 30th birthday of the web with the Web Foundation 4) Will be trying to raise money for an Outreachy intern to help with comms 5) Preparing for website launch. Reviewing illos. 6) Submitted application to be a def con vendor 7) Onion services inquiry 8) Blog comment policy done and live 9) International Womens Day prep Antonela: 1) Reviewing 8.5 Release, Security Settings, Onboarding, TBA Network Settings 2) Organizing IFF, TBA user testing script, accommodation, etc 3) Working on Personas with dunqan 4) Working on tpo.org with Hiro 5) Debriefing India and Indonesia travels with Pili and Caroline 6) Reviewing Community team's SOI, UX Team roadmap, tickets triage, end of month duties 7) Coordinating with Jon for printing outreach material Sarah: 1) Fundraising for Outreachy internship sponsorship. 2) Doing a soft launch of new acceptance of additional cryptocurrencies. If you know any enthusiasts who might want to donate, we have wallets now for several - just ping me. New webpage should launch next week. 3) Grants team is finishing a DRL SOI for training work in Brazil, India, and Mexico. Also a separate proposal for training work in Costa Rica. 4) Almost done with the Fundraising Team wiki: https://trac.torproject.org/projects/tor/wiki/org/teams/FundraisingTeam 5) Met with PM from Media Democracy Fund. 6) Connecting with folks at PayPal about problems using PayPal to donate on Tor Browser. Mike: 1) Padding, vanguards dev work 2) tor-scaling discussions Nick: 1) Many of the network team are going on leave some time soon; our rate of progress will go down a bit. 2) Much progress on 0.4.1 3) About to unrecommend a bunch of older releases in the consensus 4) Feedback on blog policy: On the most recent announcement, we were not successful on doing daily check-ins, nor were we able to give every comment a reply. Comments are now closed on that announcement (after 2 weeks). Sue: 1) Audit is done and Financial Statement is complete [Can you send this to me for the state registrations? - Sarah][Yes, will do] 2) Still have to do the 990 (tax return) for the six month period 1/1/18 - 6/30/18 3) Slugging through pile of stuff that has been piling up during this audit process 4) General invoicing, payroll and disbursement stuff Erin: 1) scheduling interviews for Browser and OONI devs 2) onboarding sysadmin 3) prepping for Isa being in the office next week 4) general HR stuff isabela: 1) writing blog post for International Women's Day 2) reviewing proposals that are going out on monday 3) writing 'ED update letter' to the community 4) working on next fy budget and board book docs (next board meeting will be on march 25th) Pili: 1) Helping with DRL SOI for Community Team 2) Started UX ticket triage with Antonela 3) Finished off the last of the Team vision exercises with the Browser team last week. 4) Collected dev-meeting invite suggestions from the Browser, Community and UX teams. 5) Outreachy 6) Fought with a couple of raspberry pis, onionshare and video compression tools 7) Gettor meeting Karsten: 1) Finished integration tests for metrics-web that already found their first bug. 2) Made progress on our last remaining technical report for Sponsor 13. 3) Started an exit list specification as first step to rewrite TorDNSEL. 4) Met for our monthly team retrospective. Gaba: 1) ooni hiring follow up 2) tor scaling coordination 3) onionperf/metrics checkin 4) outreachy follow up on fundraising campaign

1 0