- tor-project - lists.torproject.org

Tor Browser Release meeting - Wednesday 28th Nov @ 19:00 UTC
by Pili Guerra 26 Nov '18

26 Nov '18

Hi all! It’s Tor Browser Release meeting week again! Please join us this Wednesday 28th November at 19:00UTC in #tor-meeting on OFTC. We’re planning a new release for the 11th December so this is a good time to come to us with any last minute requests. Here is a link to the pad: https://storm.torproject.org/shared/6z9zWh3BoyCONtyeW8EcFmL5hLhw5TNxKqR2F20… Feel free to add any comments/requests/discussion points, etc… ahead of the meeting. We look forward to seeing you there. Pili — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

1 0

Tor Browser team meeting notes, 19 Nov 2018
by Georg Koppen 22 Nov '18

22 Nov '18

Hi! Here come the notes to our weekly meeting we had on Monday (I know, it's late, but not too late :) ). The IRC log can be found at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-11-19-18.59.log… And the items from our pad are pasted below, for your convenience: Discussion: -release preparations (GeKo: we are still on track to have a release by end of the week) -topics for the all hands meeting mcs and brade: Last week: - Finished #27239 (TB team feedback on jump-to-80% work). - Worked on #28196 (about:preferences#general is not properly translated anymore). - Participated in design discussions for #25658 (Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features). This week: - (We will be away from work this Tuesday, November 20 through Friday, November 23). - Help with code reviews. pospeselr: Last week: - Uplifted patch for #26540 to latest gecko-dev - filed bug https://bugzilla.mozilla.org/show_bug.cgi?id=1506693 - began work on #25702 ( tor-browser rebranding ) - currently have verification builds for Linux and windows using nightly assets from last week, currently building macOS - some open questions: - firefox has built in 'branding' directories which can be pointed to in the mozconfig; does it make sense from the tor-browser-build perspective to dynamically append the required ac_add_option line based on the make target (release, nightly, alpha), or should we add new mozconfigs for each sku? (11/19/2018 11:12:11 AM) boklm: could it be set using an environment variable that we define in the build script? (11/19/2018 11:12:33 AM) sysrqb: i think it's simply add '--with-branding=browser/branding/nightly' along with the other ./mach configure options we pass within the build tor-browser-build build script - do we want to customize the NSIS installer on windows with appropriate branding (release, nightly, alpha)? (Separate install path for alpha,release,nightly) (11/19/2018 11:15:45 AM) GeKo: fine with me, but let's do it in a different bug - do we want to migrate 'About Tor Browser' dialog override ( seen here: https://share.riseup.net/#GouAI9HHZkLR9HbbVxviOg ) from torbutton to tor-browser? Current changeset requires updated the XUL to point to the tor-browser icon set in tor-browser, otherwise torbutton needs to know about which branding tor-browser was built with. File a new bug for this? (11/19/2018 11:19:08 AM) GeKo: sounds good to me This week: - file a few Windows bugs related to branding - file misc other branding-adjacent bugs - integrate latest assets into the branding pipeline, update tor-browser-build igt0: Last Week: - More work on #27111 (TBA: about:tor) - #28093 (TBA: banner) - #28507 (privacy preferences were not working on TBA) - [sysrqb: I'm worried this is confusing and we should discuss this] (GeK: We go with the patch in #28507 for now) This week: - Adjustments in the #28093 to make it work on small-ish screens - More updates to #28507 - More TBA-a2 stuff GeKo: Last Week: -looked a bit at snaps and thought a bit about whether Tor Browser in the snap store is a good idea or not -wrote a mail to kinetik about cubeb temp files (#28373) for further understanding -thought about our Windows crashes over the weekend when defining MOZILLA_OFFICIAL. It seems this is due to us using an older binutils (2.26.1) while 2.27 has the underlying issue fixed; currently bisecting -backported a WebExtension API on the weekend for NRL folks (#27919), need to verify that it works -review, review, reviews (mostly integrating Tor Browser for Android into tor-browser-buid, and about:tor related mobile patches) -worked on #26483 but failed to find the time for writing all of the pieces. boklm picked this up, thanks! I'll take it from there tomorrow -wrote patch for #28515 and tested switching from en to en-US for Torbutton (needed for #25013) (see: #28261) -meeting about our security slider controls redesign This Week: -follow-up snap related email -try to do the remaining things for #26843 (Fennec localization) -getting everything reviewed for the alphas -building releases sysrqb: Last week: - Orbot integration (#28051) - Commented on TBA and Orbot builds in tor-browser-build (#27977 and #27443) - TBA+Orbot UI/UX (#28329) - TBA text selection bug (#27256) - TBA download failure bug (#27701) - Looked at TBA localization (#26843) This week: - Help finish sisbell with tor-browser-build integration (however I can help) - Review and comment on about:tor on Android ticket (#27111) - Finish investigating localization - Prep for TBA release tjr - have a mingw-clang build of esr60 running. - Example containing all the patches necessary: https://treeherder.mozilla.org/#/jobs?repo=try&revision=d2aff9d1bb5f5d73699… - Getting build in TC is blocked by: - the _finite / MATH_DEFINES issue: https://bugzilla.mozilla.org/show_bug.cgi?id=1508316 - Getting NSS patches backported. (which also blocks the x64 mingw-gcc build) - Future FYI: I have fxc2 compiling fine with mingw-clang, but compiling nsis with mingw-clang is very difficult. Haven't solved it yet. - Eventually, we'll want to fix it; but I figure worst case, keeping a mingw-gcc toolchain around for a release isn't horrible. [GeKo: we probably might want to do this anyway to avoid dealing with mingw-clang related issues popping up in any of the other projects. Should save us some time and helps with a gradual transition. We had this for quite a while when transitioning away from GCC to clang for macOS. It's kind of okay] - Monthly Mozilla/Tor meeting is tomorrow. Agenda topics include what meetings for the All Hands we want to have; and hopefully branding study update. boklm: Last week: - helped with #26843 (Fennec localization) - worked on testsuite setup (#26149), with tests reports now published at http://xer3kgd5ygqr7n6i.onion/ - made some plans to go to reproducible builds meeting next month - started patch for #25143 (Error when building a component that was already built) - some reviews This week: - fix testsuite issues (#27105 and child tickets) - test patch for #25143 (Error when building a component that was already built) - look at the logs from `-Wl,-t` to try to understand the issue from #26148 pili: Last week: - Reviewed tickets for next release as part of Tor Browser release meeting - Sponsor 9 report (not much Tor Browser related work :() This week: - More Sponsor 9 - try to finish roadmapping experiments - Looking forward to the TBA release antonela: Last week: - TB Security Settings https://trac.torproject.org/projects/tor/ticket/25658 - what else is needed? (GeKo: Some hint that the NoScript and HTTPS-E icon are not visible by default anymore on purpose; we should have a less scary warning when switching the sec slider level as the prefs _are_ applied without restarting) - First approach on Design TBA+Orbot configuration UI/UX https://trac.torproject.org/projects/tor/ticket/28329 This week: - TBA 2018 Donation banner review. - More on #28329 -- I invited Fabby, designer at Guardian Project to the UX meeting tomorrow so we can discuss it. - Making assets for pospeselr to implement TB icon. sisbell: Last week: - # 27443 Firefox for Android - moved to API 16 for NDK - # 27977 Integrated Orbot into build - # 28144 Tor Browser - removed the adding to torbutton (this is now part of Firefox build)’’ - # 28469 Added Libbacktrace patches for rust - # 28472 - Added makefile rules for Android builds This Week: - Respond and fixes to bug reviews arthuredelstein - Last week: - Finished https://trac.torproject.org/22343 (Save As FPI) - Opened https://bugzilla.mozilla.org/show_bug.cgi?id=1508355 - Posted patches for Permissions FPI (https://bugzilla.mozilla.org/show_bug.cgi?id=1330467) - Worked on optimistic SOCKS - This week: - Try to have a working prototype for optimistic SOCKS patch - Help with next version of banner when text or design is ready - Whatever administrative tasks needed - AFK Thursday/Friday. - AFK some of the following week but will be back on IRC after that. Georg

1 0

Fwd: Notice of Funding Opportunity Counterpart International Internet Governance/Freedom Program
by Gabriella Biella Coleman 21 Nov '18

21 Nov '18

Might be of interest to some folks on the list. -------- Forwarded Message -------- Subject: Notice of Funding Opportunity Counterpart International Internet Governance/Freedom Program Date: Wed, 21 Nov 2018 18:24:06 +0000 From: Dominic Bellone <dbellone(a)counterpart.org><mailto:dbellone@counterpart.org> To: Dominic Bellone <dbellone(a)counterpart.org><mailto:dbellone@counterpart.org> Dear Friends and Colleagues, Please find below Counterpart International’s Internet Governance/Internet Freedom project’s Request for Applications (RFA) concerning small advocacy and research projects for Sri Lanka, Ukraine, Venezuela, and Zimbabwe. If you have a great idea for a civil society led research and/or advocacy project (Up to $24,999) which advances a human rights based approach to internet governance, we’d be interested in reviewing a proposal. In general, we’re interested in projects that demonstrate a commitment to keeping the internet a vibrant and open democratic space for free expression, access to information, and privacy. Projects should be relevant to the current country context addressing appropriate legislative, regulatory, or legal threats to online rights. Activities should be broad based and inclusive of marginalized groups, the media, civil society, the private sector and government entities. Applications that are research focused (e.g. white paper legislative analysis) should include a plan to disseminate and advocate for the research findings. Projects may also include capacity building activities to expand advocacy skills for civil society. Proposal applications are due Friday, January 4th at 11:59 pm Eastern Standard Time and should be submitted to ‘proposals.igif(a)counterpart.org<mailto:proposals.igif@counterpart.org>’ with “CPI Project RFA #19-1 (Country Name)” in the subject line. Each project application must include: * A completed application template * A budget divided by milestone payments * A pre-award questionnaire (with accompanying requested documents) Please see attached for details. An online page this RFA is contained here<https://www.counterpart.org/request-applications-small-advocacy-research/><https://www.counterpart.org/request-applications-small-advocacy-research/>. Please let us know if you have any questions and we hope to hear from you soon! Best regards, Dominic Bellone PS This is a public call so please feel free to share with likeminded friends and associates concerned with our geographic and subject matter scope of work. Dominic Bellone Senior Program Officer | Internet Governance/Freedom +1.202.280.5275 Wire: @dominic71 Skype: dcb.sugaree.69 [cid:image001.png@01D44065.1C177180] In partnership for results that last. www.counterpart.org<http://www.counterpart.org><http://www.counterpart.org><http://www.counterpart.org> ________________________________ The contents of this email message and any attachments are confidential, and may be legally protected from disclosure. If you are not the intended recipient, or if this message has been addressed to you in error, please immediately alert the sender and delete this message and any attachments. If you are not the intended recipient, any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. ________________________________

1 0

Tor network team meeting notes, 19 Nov 2018
by teor 21 Nov '18

21 Nov '18

Hi all! Logs here: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-11-19-17.58.html Pad contents below: = Network team meeting pad! = This week's team meeting is on Monday at 1800 UTC (1 hour later for daylight saving time) on #tor-meeting on OFTC. Welcome to our meeting! First meeting each month: Tuesday at 2300 UTC Other meetings each month: Mondays at 1800 UTC (1 hour later for daylight saving time) On #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == (Search the list archive for older notes.) 15 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002027.html 22 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002032.html 29 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002036.html 6 Nov: https://lists.torproject.org/pipermail/tor-project/2018-November/002047.html 12 Nov: https://lists.torproject.org/pipermail/tor-project/2018-November/002054.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * Let's look at proposed tickets! 0.3.5 (bugs only): https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… 0.4.0: https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases * PLEASE add comments to the questions at the end of https://pad.riseup.net/p/q0s3rQxVzSeZ * Remember to fill up actual point when you finish a task (as well as "fix" the estimate when starting the issue). * Add planned PTO to the calendar https://storm.torproject.org/shared/ISA5L5nH0Xu88iqSCx9ZjCXYSMKOBTdbUeWarbd… << Remember that priority is Sponsor 8 - roadmap is sort out by priority >> Activity O2.5 is the one we are missing and need to be done in 2 months. ------------------------------- ---- 19 November 2018 ------------------------------- == Announcements == Please don't bulk-delete all the old entries from this pad any more. Instead, delete the "planned" and "actual" for the previous week, but leave the "planned" for this week in place. Please check the dates before deleting. Check other's people call for help in their entries. Snowflake kickoff meeting on November 27th: overview and what needs to be done. TUESDAY november 27th at 23 UTC in #tor-meeting <<-- Come to the party! == Discussion == * sponsor 8 work • O2.5 (bootstrap reporting) is most important • - right now working on this: catalyst, ahf, dgoulet, teor. any of you need help with it? * Please see tickets with tag "035-rc-blocker?" -- are any of them really rc blockers? Are there any other true rc blockers? https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… * Is our process for "proposed" working? <-- we still didn't go through it yet teor says: things seem to get stuck in proposed. * We'd like some more feedback about sbws and relay bandwidth self-tests: Should we improve relay bandwidth self-tests? (#22453) Or should we rely on sbws to create the bandwidths it needs? What about test networks? Should we make bandwidths grow faster in sbws? Or is a ramp-up period of 2-5 weeks fast enough? (These are maximum ramp-up times: client traffic also makes bandwidths grow.) Details here: https://lists.torproject.org/pipermail/tor-dev/2018-November/013546.html Reviewer role responsabilities: https://pad.riseup.net/p/q0s3rQxVzSeZ - we are continuing next week with this discussion. == Recommended links == Powershell cheat sheet (for Windows/Appveyor builds): https://ramblingcookiemonster.github.io/images/Cheat-Sheets/powershell-basi… == Updates == NOTE NEW FORMAT! Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: • - Something you may need help with. PLEASE DO NOT BULK-DELETE THE OLD ENTRIES! Leave the "Planned" parts! Leave the parts for last week and this week! Nick: Week of 11/12 (planned): - Send comments about prop295 draft back to Tomer et al - Triage 0.3.5 must-do vs may-do stuff. - Continue revising publish/subscribe code pending comments from Taylor #28226. - Continue work on "dormant mode" logic for #28335. Hope to finish first draft, but might pend #28226 work. - Time permitting, add more tests for myfamily memory improvements (#27359) - Plan when to do next alpha/stable releases. - Write a schedule for upcoming releases - Backports to 0.3.4 etc Week of 11/12 (actual): - Marked 035-rc-blocker tickets that we need to have done asap - More revisions on "dormant mode" - Released an alpha - Tried to get backports done - Planned releases through January (see https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTor… ) - Worked on CI rotation; tried to get freebsd passing - interviews Week of 11/19 (planned): - Send comments about prop295 draft back to Tomer et al - Write tests for family compression branch #27359 - write tests for dormant branch #28335 - Inbox zero - interviews - book travel for brussels - Vacation Wed through Fri. • Want help with: Mike: week of 11/12 (planned) - GPG? Does anyone use it? can we agree to stop? Kidding. ;) - More WTF-PAD fixups, tests - Vanguards release? - Datagram paper diff for nick Week of 11/12 (actual) - Corrdinated WTF things and triage with asn - Ended up having to do a lot more errands and moving tasks than expected Week of 11/19 (planned) - Short week. - Vacation next monday and tuesday (will miss meeting). help with: Nick/asn: Can we decide on something I must-do this week? Like update the paper and do maybe one WTF-PAD crucial item that is a blocker? That way I don't get distracted and drop something until next weds. ahf: Week of 11/12 (planned): Sponsor 8: - Hook up transports.c with the code from #28179 and test that it all still works on all our platforms. Sponsor 19 - One interview this week with a candidate. - Continue looking into Snowflake. Misc: - Do the Mexico reimbursement that I keep postponing. Week of 11/12 (actually): Sponsor 8: - Got #28179 cleaned up, moved to first round of review with David, Windows code still lacks tests. Talked with Nick about event loop testing. - Fixed #28485. - Began to look at #27100. - Talked with Hans (TGP) about #28409 Sponsor 19 - Interviews with more candidates. Things seems to be going well. - Not much Snowflake stuff this week. Misc: - Review of #21377 - Booked trip for Brussels. Week of 11/19 (hopefully): Sponsor 8: - Work on #27100 while we move forward with reviews of #28179. - Add missing tests to #28179. - Figure out what we do with benchmarks for #28409. Sponsor 19: - A few more interviews left. - Prepare for Snowflake kick off meeting next week (the 27th!) Misc: - Test #28518 on FreeBSD. - Some reviews asn: [Might be offline for part of the meeting depending on dinner time.] Week of 11/12 (planned): - Sufficient review has happenened on the WTF-PAD branch. It's now time to start working on the TODO items and wrapping this up so that we move towards merge. Coordinate this with Mike. - Do reviews. - Continue helping with the anti-censorship team hires. Week of 11/12 (actual): - Coordinated with Mike on the TODO items of WTF-PAD: - Started coding unittests for WTF-PAD: Have written a bunch of them already and generated a few review points as well. - I was passed a code by Riastradh that tests probability distributions. I'm currently studying the code to see how to apply this to the WTF-PAD prob distributions. It's complicated tests and this is kinda of a rabbithole with unclear benefits, so I might pull out if this gets too intense. - Still need to revise my unittests that test histograms to make them more robust. - Help with anti-censorship team hires. - Did reviews. Week of 11/19 (actual): - Continue review and striking out items from the WTF-PAD TODO list. Hopefully we can have the branch in merge_ready soon. - Continue with the anti-censorship team interviews. - Do reviews. Help with: - All good. dgoulet: Week of 11/12 (planned): - Holiday on November 12th. - Review #28179 important s8 ticket then move on to #28180. - Help nickm with #28335 and childs. Week of 11/12 (actual): - Review on EOL policy (#28453) - Review nickm's #28335 and #28249 - HSv3 ticket work: merge, comment, patch and review: #28275, #28128, #27471, #28425, #27841. Week of 11/19 (planned): - Released torsocks 2.3.0 this morning (\o/) - Big s8 ahf's branch has arrived in my courtyard for review: #28179 - Continue work on #28335 with nickm. gaba: Week of 11/12 (actual): - weekly meetings (ooni, metrics, fundraising, las vegas) and 1:1s - metrics data architect position - participate in interviews for anti-censorship team developer - ooni roadmap - gettor Week of 11/19 (planned): - anti-censorship interviews - ooni roadmap - OOO thursday & friday AND taking off monday & tuesday (but will be there for network meeting and snowflake meeting) help with: - communicating anything about sponsor8-bootstrap help/needs and progress catalyst: week of 11/12 (2018-W46) (planned): - reviews - #27167 - 0.3.5 bugfixes as needed week of 11/19 (2018-W46) (actual): - travel planning for Brussels; got some clarification about pre-approvals - fixed some Doxygen breakage (#28435) - reviewed #27740 (Rust patch mismerge) - looked at Nick's ringbuf stuff - wrote some comments following up about ringbufs and alternatives - reviewed feedback from mcs on bootstrap reporting changes week of 11/19 (2018-W47) (planned): - following up with Nick about #28226 if needed - finishing up review of #28226 (pubsub) - #27167 - reviews - travel request for Brussels help with: haxxpop: help with: teor (offline): Week of 12 Nov (planned): - Continue to work on s8 bootstrap tickets - pick guards from a reasonably live consensus (#24661) - do path selection from a reasonably live consensus (#28319) - Fix the s8 chutney consensus failure bugs - Do a review of the sbws specs once a week - Maybe: Make the fallback script ignore addresses in the whitelist, so we can rebuild the fallback list Week of 12 Nov (actual): - shorter week due to Internet Freedom Hack over last weekend - sbws spec ticket review, fixed sbws rounding (#27689 and children), relay bandwidth tests review - too much sbws, I won't do any more sbws until next Monday - created "end of life tor" instructions (#28453) and cleaned up after 0.3.2 on trac - backport reviews for 0.2.9, 0.3.3, and 0.3.4 - emailed Travis about increased network failure rates in tor and sbws - they suggested some changes, which sbws has implemented - Fixed Appveyor CI OpenSSL build failures (#28399) - Revised Windows version code (#28096) - Talked to researchers about Prio and PrivCount in Tor - Booked network team hackfest travel, other admin - Reviewed metrics job applications Week of 19 Nov (planned): - Continue to work on s8 bootstrap tickets - pick guards from a reasonably live consensus (#24661) - do path selection from a reasonably live consensus (#28319) - Maybe: Fix the s8 chutney consensus failure bugs - Maybe: Make the fallback script ignore addresses in the whitelist, so we can rebuild the fallback list - Defer: Any more reviews on sbws - Defer: Most other tasks Week of 19 Nov (actual): - sbws and relay bandwidth testing feedback - Meeting about Mozilla's privacy-preserving user stats system "Prio" - Helped with sponsor 19 analysis of Orbot Onionoo load - Metrics job applications - Stuck on pick guards from a reasonably live consensus (#24661) Help with: - Please feel free to remind me that Sponsor 8 is the priority right now. I spent a lot of time on other tasks last week, some were high-priority, some weren't. juga: - Week 11/12 (planned): - Tor code - Relays should regularly do a larger bandwidth self-test (#22453) - bandwidth testing circuits should be allowed to use our guards (#19009) - In a private network some relays advertise zero bandwidth-observed (#24250) - sbws - Change integration tests from bash to POSIX shell (#28106) - revisions - Week 11/12 (actual): - "Relays should regularly do a larger bandwidth self-test" - "In a private network some relays advertise zero bandwidth-observed" - figure out network problems with sbws in production - figure out problems when transition from sbws-git to sbws-debian package - modify sbws to do not use local domain resolver - review ticket about the rounding algorithm in sbws - Week 11/19 (plan): - review more tickets about rounding - check that there are not TODOs related to the moment when we changed sbws to work as torflow - continue with "Serve bandwidth file used in the next vote" - continue with "In a private network some relays advertise zero bandwidth-observed"

1 0

Public beta testing of OONI Probe mobile apps
by Maria Xynou 19 Nov '18

19 Nov '18

Hello, Thanks to great feedback provided by the community, the OONI team has been working on revamping and improving upon the OONI Probe mobile apps. Today, we are excited to announce that we have released the public beta! To further improve upon the apps before the stable release, we invite you to become beta testers and to report any bugs/issues. # Becoming a beta tester On Android: * Sign up to the beta: https://play.google.com/apps/testing/org.openobservatory.ooniprobe * Update your OONI Probe mobile app (to get the public beta) from Google Play On iOS: * Tap on this link from your device and follow the instructions: https://testflight.apple.com/join/rh3Ig7fE # Reporting issues Once you have installed and played around with the public beta of the OONI Probe mobile apps, we encourage you to report any issues you encounter. You can file tickets on the following GitHub repositories: * OONI Probe (all platforms): https://github.com/ooni/probe/issues * OONI Probe for Android: https://github.com/ooni/probe-android/issues * OONI Probe for iOS: https://github.com/ooni/probe-ios/issues Please check if the problem you are encountering has already been reported. If you’re not a GitHub user, you can share your feedback with us by writing an email to contact(a)openobservatory.org. Your feedback and bug reporting is hugely appreciated, as it will help us launch better apps! Thanks a million, and happy testing! ~ The OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.torproject.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

Tor as critical infrastructure
by Roger Dingledine 19 Nov '18

19 Nov '18

Tor is critical infrastructure across several very different spectra: - The underlying Tor proxy is the component that many internet freedom projects, from Briar to Onion Browser, rely on for their security properties. - The Tor Project is the origin and center of the pluggable transports idea, where our modularity means that tools like Lantern and Tunnelbear can (and do) directly reuse our obfs4 system for their own censorship circumvention goals. - OONI is increasingly becoming recognized as a core building block in assessing and understanding Internet censorship around the world. - Our browser changes in Tor Browser are changing the landscape of browser security, for example with Firefox declaring fingerprinting resistance as one of their top next priorities, and with Firefox and Brave and others wanting to bake Tor in to their "actually private browser mode" plans. - Facebook, New York Times, Securedrop, and many others have adopted Tor onion services as a safer security layer ("like https but better") for their users to reach their websites and other services. Some years ago the US Congress asked DRL to do a study of their funded projects, and one of the findings was that Tor was central to half of their projects at the time: https://www.rand.org/pubs/research_reports/RR794.html (see pages 73-74) That is, those projects wouldn't be able to accomplish their goals without relying on Tor for security and privacy and censorship resistance. We've always known Tor was in the middle of many efforts to improve lives around the world, but we would be wise to write this up in a way that others can recognize. Here are some potential concrete next steps: * A blog post with the above details and others that we brainstorm, to pull together all the parts of Tor that are critical infrastructure for other projects. * A condensed version for our future website, so the topic doesn't get lost in an old blog post. * A brochure-sized version that we can print out and give out at booths and conferences, alongside the "run a relay" advocacy brochures. * An intermediate-size version that we can use in funding proposals to remind funders of our critical role in this space -- not just for the traditional "internet freedom" funders but also for foundations and major donors and others who need help understanding our world. (On this last point, I had a discussion with one of our DRL program managers about Tor-as-critical-infrastructure, and he reminded me that DRL's charter is to not fund infrastructure. But even that is fine: everybody wants to see the stuff they fund get transitioned to broader use, and even when we aren't asking them to fund "infrastructure" directly, we can show them our consistent track record: "when you fund Tor things, it always ends up benefiting a much larger ecosystem.") --Roger

2 2

October Communications Report
by Stephanie A. Whited 16 Nov '18

16 Nov '18

Hi Tor, In October, the comms teams helped launch our end of year fundraising campaign. We’ve been working with The Berkeley Group on a brand perception study we can use to help create a marketing strategy next year. And I worked with Isa and Antonela on mockups for the new TPO site coming soon. October comms in numbers and links: New blog posts https://blog.torproject.org/strength-numbers-double-your-donation-mozillas-… https://blog.torproject.org/reflections-tor-meeting-newbie Twitter avg at least 3 tweets/weekday New followers: 3,894 Top tweets: https://twitter.com/torproject/status/1049370119338713088 https://twitter.com/torproject/status/1049328916790480901 https://twitter.com/torproject/status/1050381224554975233 Mastodon at least 1 post/week New followers: 290 LinkedIn at least 1 post/week New followers: 71 Facebook 1 post/weekday New followers: 193 Instagram at least 1 post/month New followers: 72 Newsletter 1/month https://newsletter.torproject.org/archive/2018-10-31-newbie-reflections-moz… Notable press https://techcrunch.com/2018/10/24/mozilla-tor-project/ https://www.zdnet.com/article/advertisers-can-track-users-across-the-intern… https://motherboard.vice.com/en_us/article/zm9jd4/old-school-sniffing-attac… -steph -- Stephanie A. Whited Communications Director The Tor Project IRC: stephw PGP Key ID: 39A876AD <https://pgp.mit.edu/pks/lookup?op=get&search=0x6D6B72C339A876AD>

1 0

October 2018 report for the ux team
by Antonela Debiasi 16 Nov '18

16 Nov '18

Hello Tor, We started October in the beautiful Mexico City. We met a lot of tor users in Mexico, and we got a lot of insightful discussions. Thanks Community team! We continued working with Tor Browser security settings. We are trying hard to make clear for our users to understand the trade-offs of picking each level. It is a work in progress now and will reach the stable channel soon. Reading the ticket could be overwhelming, but you can have an overview of our iterations looking at the attachments: https://trac.torproject.org/projects/tor/attachment/ticket/25658 Towards our intention to have more open conversations and share the work we are doing, we released the first documentation for one of the big projects we handled this year. Next scheduled docs include .onion security padlock and onboarding in TB8. Thanks, Pili for uploading it and Hiro for your review! https://trac.torproject.org/projects/tor/wiki/org/teams/UxTeam/Misc/Circuit… We are trying to find the most useful way to report the usability research we are running around the global south. As I mentioned in the previews recaps, we were using the ticket #27010 to archive our sessions. In addition to that, we put together a framework for reporting our usability testing. It captures a lot of data that shows the feature's history through development and UX. We already started to use it to inform our recent research on the Tor Browser, and we will have our first reports coming out soon. https://storm.torproject.org/shared/KaJn4JRxGajVno961aLOfqJs-8AsfIvGn-4e_5h… Also last month, we surveyed our community to pick the next Tor Browser Icon (!). The results were informed, and the applications team is already working on its implementation. Thanks all for participate! You can see the new Tor Browser icon here: https://trac.torproject.org/projects/tor/ticket/25702#comment:8 OONI released a newly redesigned version of Probe. We did design reviews with Elio and the OONI team to achieve the best experience for probers and researchers when they measure networks with their phones. Great work ooniers! https://lists.torproject.org/pipermail/ux/2018-October/000430.html The End of Year campaign is running, and we provided support to the Fundraising team with marketing material to promote it. We have banners running in different locales at torproject.org, Tor Browser and Tor Browser for Android. http://donate.torproject.org/ On behalf of the Tor UX team, Antonela

1 0

community team update, October 2018
by Alison Macrina 16 Nov '18

16 Nov '18

October 2018 Community Team highlights Meeting notes ================================================================== https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam#Curre… Tor Meeting ================================================================= We held the Mexico City meeting and it was amazing! You can read the notes from that meeting here [1]. Several Tor people including Gus and Antonela gave talks "Coloquio Academico Mecanismos de Privacidad y Anonimato en Redes" at UNAM after the Tor Meeting. Later in October, Alison sent out a survey for the next Tor Meeting location and dates to all core contributors (and the winner is Athens, May 2019) Community portal, support portal, and user advocacy ================================================================== We mapped out our needs for community.torproject.org and began working on outreach material for that portal along with the UX team. Maggie took on more user advocate responsibilities and continued the monthly user issues update email. Anti-censorship ================================================================== In October, Kat began work writing and aggregating reports about Tor's anti-censorship efforts. Localization ================================================================== emmapeel localized donate.torproject.org, got Chinese added to support.torproject.org, and added screenshots in Transifex. Library Freedom Institute ================================================================== Alison began migrating LFI content to a wiki. The LFI cohort completed weeks 19-22 of their training. Library Freedom also started a website redesign, which we will debut soon! Tor talks and outreach ================================================================== Maggie and Cybelle held a "Demystifying Tor" workshop at MozFest Alison submitted the CFP for the UX and community teams to talk at IFF. She also worked on planning for the two teams to attend that conference together. Roger submitted a talk to FOSDEM, Steph requested a stand, and ahf made a wiki for Tor people attending [2]. Gus is working on creating volunteer projects for students at the University of Sao Paulo (USP). Gus gave a Tor talk to students of LabJor [3] and gave a security workshop in Sao Paolo. Gus also organized travel to Guatemala to give a Tor talk and organized a security workshop at BIENAL in Sao Paolo. Relay advocacy ================================================================== Colin is working with a VPN company on deploying some exit relays. He also updated the obfsproxy bridge deployment instructions and identified primary documentation [4] and sent a moderation email to tor-relays [5]. He worked on deploying VMs for fallback directory list rebuilding and updated the fallback list in preparation for rebuild. Finally, Colin contacted operators running EOL versions of Tor and encouraged them to upgrade. ================================================================== [1] https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/N… [2] https://trac.torproject.org/projects/tor/wiki/org/meetings/2019Brussels [3] http://www.labjor.unicamp.br/ [4] https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4… [5] https://lists.torproject.org/pipermail/tor-relays/2018-October/016524.html -- Alison Macrina Community Team Lead The Tor Project

1 0

My first day as ED
by isabela 16 Nov '18

16 Nov '18

Hello Tor! We are officially done with the transition process! This means that I am now (for realz) Tor’s ED :) Shari will be in a consultant position till the end of the year, and starting 2019 she will join our Board. If you haven’t seen yet, here is her blog post on it: https://blog.torproject.org/strength-numbers-onion-blooms I wanted to write this note to you so we can review a bit of what was done during this transition period and how that lines up with some of the points I had on my (short term) vision for Tor. Some might remember the IRC chat after my nomination, where I shared a few bullet points of areas I would like Tor to focus on in the short term. Most of these are not new and are things that Tor (TPO+TPI) have been talking about for a while and know we should be doing. Let’s start with the goals related to: 1 - A Mature Tor Project (organization/community) 1.1 - Stable income flows from a diverse funding base ^ We built a Fundraising team (Sarah, Fundraising Director; and Al, Grant Writer) and equipped Sue (CFO) with a Finance team (Bekeela, Grant Manager; and Millicent, Bookkeeper) to help us achieve this goal. This is what I am calling our ‘money machine.’ They will work together with our new PMs (Gaba and Pili) on proposals and also on other sources of income for Tor (major donors, family foundations, direct donations, etc.). This team is meeting weekly to sync on all of the different grants, proposals, and fundraising campaigns we are working on or plan to do in the upcoming months. We also maintain a calendar where we will try to have at least 1 initiative per month related to bringing in money. Back in September, we created a calendar that goes till January, and in early 2019 we will have another big meeting where we will plan for the first 6 months of 2019 (the remaining time of our current fiscal year). 1.2 - Diverse and robust organization that meets our needs ^ A lot that I will be talking about in this email reflects on this goal. 1.3 - Strong organizational culture, focused on employee and volunteer happiness and stability ^ Shari did a lot of this already, from employee benefits and salary adjustments, to workshops at dev meetings (unconscious bias and the culture clash one in Mexico, for instance). A lot has been done, and of course there is still a lot to do. That is why I kept this goal here. For now I will just bring up one thing that I believe is important and we need to do. Tor has a culture, but we should be able to articulate our culture and define it so others know what it means, so most importantly, we don’t lose it as we grow. I just want to drop this here as a seed for others to think about it as well. We will resume this conversation in 2019 for sure! 1.4 - Global brand recognition - Tor means strong privacy ^ The Berkeley Group [theberkeleygroup.org] is a student organization of UC Berkeley that provides services to nonprofits for free or at a low cost. We contracted with them to research Tor’s brand perception by different demographics in the US and to provide us with suggestions of convincing points to improve our brand image, along with suggestions of channels we could use in a marketing strategy to help with that. We will be sharing all of this once it’s done, but we will use this to build a marketing strategy for 2019. Marketing means, as part of communications, how we will pitch to donors, how we do outreach, our website content, and the list goes on. It’s a bit of everything, but we should digest what The Berkeley Group delivers to us and figure out how we apply that in real life. Like the goal says, Tor should mean strong privacy for people, and all this work is to achieve that perception of our brand. Now let’s move to the other set of goals I had for product: 2 - Full Access (product) 2.1 - Any person on the planet can access the Tor Network ^There are a few things related to this goal, for instance people need to be able to bypass censorship against Tor to access the network. Also, we need to have clients that work on any device and any OS so we can really provide a way for *anyone* to access the Tor network. Of course both things are mega hard, and that’s ok. The goal here is for us to think about the challenges to get there and figure out how to get started. This year, mobile has been on our minds :) not only with releasing a mobile browser, but also with optimizing little t tor for mobile apps. We are also creating an anti-censorship team and building projects that will require different teams to work together to fix problems related to the user experience under censorship. 2.2 - Any person on the planet can use the Tor Network to access any website or online services ^Same thing, we can think of many different types of work that would help us achieve this goal. The work being done by our Community and UX teams, where folks are going to different countries, meeting communities at-risk, learning their needs, teaching them about online security and collecting their feedback on our tools is fundamental for us to achieve the *can use* part. And this goes too for the *can access* part of the goal 2.1, above this one. Goal 2.2 also is about accessing websites and online services. The painful captchas are a challenge we need to address, because this is a big complaint users have related to using Tor. At least some things have improved with CloudFlare and their alt-svc for .onion addresses solution, which is good. There is more to do, and this is a hard one to address, but we can’t ignore it just because it is hard. We should at least put our minds on it and see what can be done, and little by little we can get there. 2.3 - Ensure Tor Network is diverse, healthy, stable and scalable ^None of the above can be done if this one is not happening. To achieve this goal we will need a combination of efforts, like help from our research community and metrics and OONI teams, which can provide us with valuable information that can help us make new design decisions, monitor our network and test new code. Of course our network team is very important for this goal :) But we will need to add support for areas where we are under capacity right now, like monitoring the health of the network to make sure there is no malicious behavior or attacks on it. Sorry for the long email. Since today is considered my first day as ED, I thought it would be nice to go back to these goals and share a bit of how we can be working together to achieve those, and how the new people can help us too. I want to recognize that I am probably missing other goals we should be thinking about for the next 3 years. I would like to hear other thoughts, and I would like to do an update on this list at the meeting in Greece. This is the beginning of a conversation, not the end. I hope to have a chance to host a ‘tea time’ on irc before the end of the year for us to chat. Please hold me on that! I am mega busy, but I would really like to try that out before 2019. Cheers, Isabela PS: tons of <3 for Shari, who has been extremely amazing and who I will forever be thankful for her support, guidance, and help.

1 0