- tor-project - lists.torproject.org

Tails report for August, 2018
by intrigeri 11 Sep '18

11 Sep '18

Hi, here's the Tails report for August: https://tails.boum.org/news/report_2018_08/ Cheers, -- intrigeri

1 0

August 2018 report for the metrics team
by Karsten Loesing 11 Sep '18

11 Sep '18

Hello Tor, hello world! Below you'll find the highlights of Tor metrics team work done in August 2018. On behalf of the Tor metrics team, Karsten Moved ExoneraTor to its own webpage on Tor Metrics [1] in an effort to bundle all user-facing metrics-related content and services on the Tor Metrics website. [1] https://metrics.torproject.org/exonerator.html Released ExoneraTor 3.0.0 [2] which prepared moving the service to Tor Metrics and 3.0.1 [3] which fixed links to nearby IP addresses. [2] https://lists.torproject.org/pipermail/tor-relays/2018-August/015885.html [3] https://lists.torproject.org/pipermail/tor-relays/2018-August/016003.html Modified per-graph CSV files available on Tor Metrics [4, 5] in preparation of deprecating and removing pre-aggregated CSV files after September 15 [6]. [4] https://metrics.torproject.org/stats.html [5] https://bugs.torproject.org/26998 [6] https://lists.torproject.org/pipermail/tor-dev/2018-July/013371.html Released four Onionoo versions: 6.2-1.16.0 [7] which adds parameters and fields around AS numbers and names, 6.2-1.16.1 [8] which fixes an error in the serialization of history documents, 6.2-1.17.0 which fixes errors with the searching for relays with unknown AS numbers, and 6.2-1.17.1 [9] which fixes issues with slow reverse DNS lookups. [7] https://lists.torproject.org/pipermail/tor-dev/2018-August/013384.html [8] https://lists.torproject.org/pipermail/tor-dev/2018-August/013390.html [9] https://lists.torproject.org/pipermail/tor-dev/2018-August/013392.html Handled an issue with CollecTor instances not syncing properly, which led to a data loss of one day. Fortunately, we were able to recover the missing data [10]. [10] https://lists.torproject.org/pipermail/tor-relays/2018-August/015850.html Removed the "Fraction of relays reporting onion-service statistics" graph [11] after including its data in existing per-graph CSV files. [11] https://bugs.torproject.org/26950 Cleaned up and gently refactored all five major metrics codebases based on static code analysis [12]. [12] https://bugs.torproject.org/27234

1 0

Notes from network-team meeting, 10 Sep 2018
by David Goulet 10 Sep '18

10 Sep '18

Hello! (I ran the meeting for nickm this week.) Our meeting logs are at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-09-10-16.59.txt Our pad: --- = Network team meeting pad! = Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == 11 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001828.html 18 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001835.html 25 June: https://lists.torproject.org/pipermail/tor-project/2018-July/001863.html 2 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001866.html 9 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001884.html 16 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001888.html 23 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001926.html 30 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001928.html 6 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001936.html 13 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001947.html 20 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001954.html 27 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001963.html 4 Sep: https://lists.torproject.org/pipermail/tor-project/2018-September/001965.ht… == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * Community guides, it's time to hand off to the next guide! * Let's look at proposed tickets! [but see discussion] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases ------------------------------- ---- 10 September 2018 ------------------------------- == Announcements == == Discussion == == Updates == Nick: * Last week: * Merged OSS-Fuzz corpus into tor-fuzzing-corpora * Revised and merged complicated branches, including NSS * Handled fallout from NSS merge. whoops * Reviewed and merged v3 client auth (kudos to all who worked on it!) * Worked towards stable releases * Worked on getting clients not to need a cached_dir_t * This week * Stable releases (monday) * Fix OSS-Fuzz build * revise whitepaper * Start my prep for the mexico city meeting * Review and merge lots of stuff * Maybe, work on getting networkstatus to be mmaped. * Prep for feature freeze on friday: Lots of review and merge. * Post-freeze 0.3.5 ticket triage teor (offline): last week (from Tuesday): - I was on CI / Coverity rotation - Fixed some failures in chutney due to 0.3.4 changes (#27146 and children) - I tried some other fixes, but they turned out worse than before the fix - Emailed Travis CI again to fix startup hangs and network failures (#27366) - Fixed Windows/GCC 8 CI (#27389 and children) - Coverity found some issues in the new HSv3 client auth code - I didn't get a chance to look at Jenkins, is it ok? - Final 0.3.4 ticket triage - Bwauth work (#27398) - Other fast fixes, reviews, and ticket triage - Travel and expense admin this week: - Reviews! (I didn't do many reviews last week, due to 0.3.4) - Maybe we should run the latest GCC and clang in CI? - Create an updated list of fallback directory mirrors (#24786) - Catch up on meeting planning - If nothing more urgent comes up, back to PrivCount ahf: Last week: Sponsor 8: - Cleanup of #25502 code, test on Windows. - Looked at Nick's TLS work with NSS. Misc: - Reviewed #27315 and #17837. This week: Sponsor 8: - Get #25502 reviewed and in. - Work on things that shows up because of it or other pre-freeze tasks. Misc: - Maybe help asn with the HS proxy circuit identifier code if there is time (#4700). - CI/Coverity role. - Do an interview on a Ukrainian podcast about Tor. asn: [Might be offline during this meeting due to personal stuff.] Last week: - Helped out with the client auth stuff which is now merged. Did some testing of the feature, addressed some review feedback, found and fixed some bugs. - Discussed "onion services open issues" document with people. - Reviewed #26769, #27344. - Started a [tor-dev] thread about the state of the HA proxy patch #4700. This week: - Work on any other pre-freeze items. I took over #4700 from ahf; let's see if I can make it happen before the freeze. - Fix any other stuff that come up from the HS client auth work. - Do reviews. catalyst: last week (2018-W36): - fought with a sticky failure in Travis probably caused by caching - are the Travis performance gains from caching worth the headaches from sticky failures? - cleaned up #27402 work somewhat this week (2018-W37): - clean up and make pull request for #27402 - work on #27100 and #27103 haxxpop: Last week: - Worked on client auth. - Refactor some code on client auth. This week: - Fix bugs if we find in client auth dgoulet: Last week: * Worked on #20700 (hs v3 client authorization). Now merged upstream. The credit needs to go to haxxpop here so congrats! :) * Opened #27544 for the things to fix/work about #20700 post-merge. * Some NSS testing I did on my test relays. Couple fixes from nickm came out of it. This week: * Rush all things that needs to go in before the 035 freeze. Mike: Last week: - Worked nostly on non-core things (TBB 8 crash; investigating a mobile issue; vanguards README_SECURITY updates). This week: - Figure out how dirconns link to edge conns? (Does anyone understand this code?) [dgoulet: I would say Roger has been of great help in the past there for me :)] --- Cheers! David -- hCUSKfQhMOyOuV6tih13519RH3ZKS4Hc3o/XxZHHwZY=

1 0

August 2018 report for the Tor Browser team
by Georg Koppen 10 Sep '18

10 Sep '18

Hi all! In August we released our second alpha Tor Browser based on Firefox 60 ESR, 8.0a10[1], fixing a number of bugs and adding more features to make Tor Browser compatible with this new major Firefox version. It ships the first Tor release candidate, as well, 0.3.4.6-rc. Part of our onboarding[2] and our new about:tor page[3] landed in this alpha, too. Besides this release we finished our feature and network code reviews (the trac tickets still need to get updated for that, though) and mainly worked on implementing the remaining bits of our onboarding experience and streamlining the Tor Browser 8 experience. On mobile we finished the remaining items for our first alpha release but were still not able to get Tor Browser for Android 1.0a1 out this month. However, we made progress on integrating the mobile build process into our reproducible builds setup. First patches are up for review and are getting polished up for final inclusion in the repository.[4] The full list of tickets closed by the Tor Browser team in August is accessible using the `TorBrowserTeam201808` keyword in our bug tracker.[5] It's been 79 tickets this time! For September we had planned to get our new releases out which we actually did in the first week: Tor Browser 8.0, 8.5a1, and 1.0a1 (for mobile) went live! We now plan to collect all the feedback we get and start working on the most important issues. For Tor Browser 8 we have the `tbb-8.0-issues` keyword, which gives an overview over reported problems and bugs which are on our radar.[6] We plan to address as much as we can of them in an upcoming 8.0.1 release. Moreover, we plan to hammer down our next steps for our work on Tor Browser for Android. Orbot integration and Pluggable Transport support, as two of the most important improvements, are on our roadmap but there is more, like reproducible builds, that need to get coordinated.[7] All tickets on our radar for this month can be seen with the `TorBrowserTeam201809` keyword in our bug tracker.[8] Georg [1] https://blog.torproject.org/new-release-tor-browser-80a10 [2] https://trac.torproject.org/projects/tor/ticket/26961 [3] https://trac.torproject.org/projects/tor/ticket/26960 [4] See: https://trac.torproject.org/projects/tor/ticket/26693 and child tickets [5] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [6] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… [7] https://lists.torproject.org/pipermail/tbb-dev/2018-September/000906.html [8] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…

1 0

OONI Monthly Report: August 2018
by Maria Xynou 10 Sep '18

10 Sep '18

Hello Tor world, In August 2018, the OONI team published two research reports examining internet censorship in Venezuela and South Sudan. We also supported Zimbabwean communities monitoring censorship events during the 2018 general elections, wrapped up our UX research, created a prototype Android app for OONI Probe, improved the monitoring of our services and started research for semi-automated blockpage detection. Many OONI team members participated in outreach activities, presenting OONI at the Italian Hacker Camp, Oxford University, FOCI, Geek-Picnic and at Chaos Constructions. ## Report on internet censorship in South Sudan In collaboration with our South Sudan partner, The Advocates for Human Rights and Democracy (TAHURID), we published a joint research report examining censorship events in South Sudan. Our report, "South Sudan: Measuring Internet Censorship in the World's Youngest Nation", is available here: https://ooni.torproject.org/post/south-sudan-censorship/ ## Report on internet censorship in Venezuela In collaboration with our Venezuelan partners, IPYS Venezuela and Venezuela Inteligente, we published a joint research report examining recent censorship events in Venezuela. Our report, "The State of Internet Censorship in Venezuela", is available here: https://ooni.torproject.org/post/venezuela-internet-censorship/ ## UX research We wrapped up our UX research in August. As part of our work on revamping the OONI Probe mobile apps, we interviewed a number of community members to collect their feedback. We also analyzed the information submitted via our survey (https://ooniuxteam.typeform.com/to/a1P0cn & https://storm.torproject.org/shared/VpAFK13fdAozTGTolFd2EsT1CkLY8-YlBLbRERy…) We are now in the process of determining the next steps (in terms of which new features to prioritize on) for the revamp of the OONI Probe mobile apps based on the analysis of information provided via surveys and interviews. ## New Android prototype app for OONI Probe We now have a new prototype Android app for OONI Probe! The Android app includes the Test Results details screen. The UI of all screens have roughly been implemented and will be further iterated, polished and improved upon based on designer feedback. The app can run tests and store them in the database using the old Measurement Kit (MK) API. The iOS app codebase has been changed to reflect many new improvements in the Android app, such as Gson-like classes and more custom objects, instead of using dictionaries and arrays. Furthermore, we have started the implementation of the new MK API and we're planning to complete it soon. ## Improvements to the monitoring of OONI services As our infrastructure and user base grows, improving the monitoring of our infrastructure is essential to serving our users more effectively. Significant progress on this front was done during August 2018. The following ticket lists all of the issues that we identified and tracks improvements to the monitoring of our infrastructure: https://github.com/ooni/sysadmin/issues/226 The changes carried out in August include changing all the webserver configurations of OONI machines and a number of manual tasks. ## Research on semi-automated blockpage and blockserver detection Currently the OONI pipeline relies on the manual markup of blockpages. In August we started doing some research on automating the process of identifying and marking blockpages. ## Provided feedback to the Tor network team on using tor in a library-like way on mobile We collaborated with the Tor network team on testing and providing feedback to the changes they made to make it easier to integrate tor into mobile platforms. As part of that we wrote a basic test suite to check if the Tor integration was working properly and reported the bugs we found. See: https://trac.torproject.org/projects/tor/ticket/26948 For more context on this, see the following master trac ticket: https://trac.torproject.org/projects/tor/ticket/25510 ## Updated test list We carried out some research (https://ooni.torproject.org/get-involved/contribute-test-lists/#test-list-r…) to (further) update the Eritrean test list: https://github.com/citizenlab/test-lists/pull/382 ## Community use of OONI data ### Report on blocking of election watchdog website in Zimbabwe We supported Zimbabwean communities on the investigation of censorship events during the 2018 general elections. Our Zimbabwean partners and friends - Digital Society of Zimbabwe, MISA Zimbabwe and Koliwe Majama - published a report on the blocking of zimelection.com by state-owned TelOne. Their report is available via the following links: http://www.dszim.org/2018/08/10/zimbabwean-election-website-blocked-followi… https://koliwemajama.co.zw/zimbabwean-election-website-blocked-following-20… https://www.apc.org/en/blog/zimbabwe-2018-general-elections-website-blocked ## Community activities ### OONI presentation at the Italian Hacker Camp OONI's Simone traveled to Padua to present OONI at the Italian Hacker Camp (IHC) on 3rd August 2018. Information about his talk, titled "An update on internet censorship", is available here: https://www.ihc.camp/event/italian-hacker-camp-2018-08-02-2018-08-05-1/trac… ### OONI lecture at the Annenberg-Oxford Media Policy Summer Institute OONI's Maria traveled to Oxford to present OONI at the Annenberg-Oxford Media Policy Summer Institute on 6th August 2018. As part of her lecture, she explained OONI's methodologies and how researchers, journalists, policy makers and advocates can use OONI data as part of their work. Information about the event is available here: http://pcmlp.socleg.ox.ac.uk/news/annenberg-oxford-media-policy-summer-inst… ### OONI keynote at FOCI OONI's Arturo and Simone traveled to Baltimore to present OONI at FOCI on 14th August 2018: https://slides.ooni.io/2018/foci/. Information about their keynote, titled "Growing the Open Observatory of Network Interference", is available here: https://www.usenix.org/conference/foci18/workshop-program Arturo previously presented OONI at FOCI back in 2012, when the project was in its infancy. As part of this presentation, Arturo and Simone provided an update on what OONI has accomplished over the last six years, what are some of the challenges and what OONI's building next! ### OONI presentations in Russia OONI's Leonid gave talks at two events in Russia: 1. Geek-Picnic (https://geek-picnic.me/saint-petersburg) on 18th August 2018. Slides: https://slides.ooni.io/2018/geekpicnic/ 2. Chaos Constructions (https://chaosconstructions.ru/) on 25th August 2018. Slides: https://slides.ooni.io/2018/cc/ As part of his talks, Leonid presented OONI and censorship findings. ## Userbase In August 2018, OONI Probe was run 241,772 times from 4,483 different vantage points in 210 countries around the world. This information can also be found through our stats: https://api.ooni.io/stats ~ The OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.torproject.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

Notes from September 6 2018 Vegas team meeting
by Karsten Loesing 09 Sep '18

09 Sep '18

Notes for September 6 2018 meeting: Nick: 1) I'm supposed to be doing the volunteer valuations again. I need to know how many donated hosts we have. 2) I need a group created for distributing SBWS code. See question on #26849. 3) 9 days left till 0.3.5 feature freeze. 0.3.5 will be an LTS release. 4) Some sponsor8 items will likely be left over and go into 0.3.6. If there are mobility-API requests, we need to know ASAP, as planned. 5) 0.3.4-stable is delayed while we chase various stability bugs; most only affect testing networks, but we want to be absolutely sure. 6) Georg: did you make that ticket to remember about OSS-Fuzz? (Georg: Yes, #27462) (Cool; thanks! -Nick) Sue: 1) Working on Audit - auditors are in next week. I am in Seattle next week. 2) New Hires start next week - both Bookkeeper and Grants Manager Georg: 1) Tor Browser 8 is out. \o/ It's been the most complicated release so far and as it stands we are doing not that bad. The plan is to collect issues, address the most pressing ones this week and next week and then get a 8.0.1 out (including the Tor News link). 2) Tor Browser for Mobile is live on Google Play \o/ We are in the process of doing the website update and offering the .apk on our own website. (Arturo: What is the plan regarding removing/dropping OrFox from the market? OrFox is labeled as "Orfox: Tor Browser for Android", while the other is "Tor Browser for Android (Alpha)". I can imagine this creating some confusion for users). (GeKo: We have #27399 so far, the details are tbd, though. Arturo: thanks.) Alison 1) Community team and meeting planners are doing lots of Mexico City things like organizing the agenda, wiki, safety info (earthquakes!), open days planning, and so on. The blog post about the open days should be going out today or tomorrow or soon! 2) Library Freedom Institute is still the bulk of what I'm working on. This week we're writing up some documentation about talking to legislators about privacy and doing FOIA/public records requests in libraries. I'm also writing up the remainder of the curriculum for the year and also finished a press release about our new funding. 3) I met with Maggie, our new Moz Fellow, to get her onboarded with user advocate tasks. She will attend the next applications team and UX team meetings to introduce herself and get feedback about working collaboratively with these teams. 4) Tracking down the remaining updates that need to happen for the TB8 manual. It looks like the changes just need to be pushed from alpha to main, and some of the languages do not have up to date screenshots? GeKo is this right? (GeKo: My gut feeling says, "yes", but I have not looked at the actual work that got done) Karsten: 1) Rebased and tested an ExoneraTor patch from 2 years ago that has the potential of reducing database size from 270 GB to under 80 GB and query response times to a few seconds regardless of query parameters. 2) Prepared the Onionoo 7.0 release which is going to come out next week. Arturo: 1) Catching up with backlog after 2 week vacation 2) Leonid gave two presentation in Russia about "Russia disconnecting itself from the internet": Chaos Constructions (https://chaosconstructions.ru/) on 25th August 2018. Slides: https://slides.ooni.io/2018/cc/ (note slides are in Russian) & Geek-Picnic (https://geek-picnic.me/saint-petersburg) on 18th August 2018 3) Made considerable progress on OONI Explorer measurement pages: https://github.com/ooni/explorer/pull/16 4) Made several improvements to the monitoring of OONI services and documented the next steps for that: https://github.com/ooni/sysadmin/issues/226 5) Updated the JO test list: https://github.com/citizenlab/test-lists/pull/388 & NG test list: https://github.com/citizenlab/test-lists/pull/387 6) Determining the next steps for the revamp of the OONI Probe mobile apps now that our usability study has wrapped up (we have completed the interviews and analyzed the information submitted via surveys) isabela: 1) Dealing with the 'no isa in mexico' situation 2) helping teams with the tb8 release and tba alpha \o/ so happy they are out this week 3) working on reports 4) syncs with DRL 5) working on onboarding and preparing for Seattle next week 6) need to get the job post for anti-censorship team out and review the situation about selecting sysadmin candidates Shari: 1) DRL rejected both of our proposals (modularization and Tor browser updates). Gonna try to get a new SOI done by September 14 for the browser. 2) Interviewing grant writers this week. Hope to find one soon! 3) Everyone's coming to town next week. (Okay, not everyone, but lots of people.) Going to talk about grants management and audit. Onboarding a couple of new people. 4) Working with The Berkeley Group. Going back and forth on their MOU. 5) Catching up on lots of things after being out of the office for nearly two weeks. (Norway is gorgeous. Highly recommended!) Sarah: 1) Grants - interviewing grant writers and researching new private foundation funding in addition to updating info in GrantHub. 2) Updating Tor's listing on GuideStar. 3) Working with state registration consultant. 4) Writing to some donors we haven't heard from in a while and who don't receive the newsletter to tell them about the new releases. Steph: 1) tb8: sent press release to several journos, going heavy on social. emma is helping getting some tweets translated 2) open days post coming shortly. thanks to antonela for translating! 3) newsletter going out later today 4) trying to figure out if bitpay is still our best option for accepting bitcoin. Roger: 0) snap conference? snap for tor? 1) Have been spending the past week on the proposal; will spend the next week on it too. With a little distraction going to Seattle next Monday-Tuesday. 2) fake tor browsers on amazon; we passed the links to atagar and to jon and they're hopefully dealing. Mike: 1) Development; development; development

2 2

Tor Browser team meeting notes, 4 Sep 2018
by Georg Koppen 04 Sep '18

04 Sep '18

Hi all! Our weekly Tor Browser meeting just finished. The IRC meeting log can be found at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-09-04-18.00.log… and the items on our pad are listed below: Tuesday September 4, 2018 Discussion: - which sessions do we want at the team meeting day? [GeKo: at least one meeting for the final roadmap and a UX/Tor Browser sync; we'll use two more slots with topics to be done] mcs and brade: Last week: - Code reviews. - #26048 (potentially confusing "restart to update" message in ESR60). - #26049 (consider reducing the delay before the update prompt is displayed). - #27214 (Update descriptions for onboarding). - #27301 (TB8.0a10 about:tor UI Bugs). - #27348 (Tor Browser 8 onboarding UI bugs). - #27403 (The onboarding bubble does not show up). - Helped hiro with debugging Moat in Tor Launcher. This week or soon: - Note: Kathy and Mark will be out of the office this Thursday and Friday (September 6 and 7). - Use staged MAR files to test Tor Browser 7.5.6 to 8.0 updates. - Complete month-end administrative tasks. - Follow up on remaining updater and onboarding issues for Tor Browser 8.x. - Review our notes from #22074 (undocumented bugs since FF52esr) and file additional tickets if necessary. - Do some testing for #26251 (Adapt macOS snowflake compilation to new toolchain). arthuredelstein: Last week: - Worked on #26520 and #27401 (security slider/noscript problems) - Worked on #27403 (The onboarding bubble does not show up in the release candidate) - Wrote patch for #26561 (onion images not displayed) - Wrote patch for #26670 (make canvas permission respect fpi) - Worked on alternative patch for #27097 (Add "Tor News" signup newsletter link) This week: - #27097 Newsletter banner - #27290 WebGL is broken in Tor Browser 8 - #27413 (Implement better communication between NoScript and Tor Browser) - uplifting FPI permissions patch (https://bugzilla.mozilla.org/show_bug.cgi?id=1330467) - more anti-fingerprinting work - pref cleanup: (#27268) - #25555 (Optimistic SOCKS) sisbell: Last Week: Split commits for Android RBM Build: #27441 #26696 #26697 #27440 #27439 #27443 Worked on #27438 - android artifacts downloading outside of RBM. Created rust program for downloading and verifying android artifacts This week: Work related to #27438 - import of gpg keys into keystore and command line interface for library- - push source code Reviews of commits igt0: Last Week: - Finish the about:tor (#27111) - Updating the mobile code to support the new padlock (#26690) - Tested TBA in different devices(mobile and table) This week: - Finish #26690 - Start the development of the circuit display for android(UI side) boklm: Last week: - helped build the new releases - made patches related to watershed update (#26570, #26411, #27182, #27183) - started looking at #27408 (Make it possible to find which tor-browser-build.git commit was used to build a nightly) - worked on #26149 (Add some ansible roles for tor browser testsuite setup), which is almost done This week: - help with getting the releases published - try to finally get the testsuite running on nightly builds (#26149) - start reviewing some of the android tor-browser-build patches - will be afk this Thursday, until Friday morning next week GeKo: Last week: -Tails summit -release preparations -finished network code audit; I think we are good but the rust part was painful; might be worth having a second opinion about it This week: -help with getting releases out -deal with release fallout -create a new gpg subkey -writing up my network review notes on the trac ticket and finally close it -begin-of-the-month admin stuff -sysrqb/igt0/sisbell: should we meet after this meeting to discuss tba stuff? (provide anto is around, too) [GeKo: we decided to create a pad for the possible topics to talk about and postpone the meeting after the first alpha is finally out] pospeselr: Last week: - #26381 investigations (about:tor page does not load on first start on Windows) - implemented an improved trace logger This week: - #26381 investigations Bob Owen got back to me in the filed bug on Firefox Bugzilla (#1485836) Confirms that the cause (though not the root cause) seems to be content processes spinning up before the sandboxing policies have been set up properly So the question is what's causing the content processes to launch sooner in the failing case? (about:tor?) sysrqb: Last week: Nearly released the first TBA alpha, after two attempts Investigated why the APK was built with debugging enabled Began investigating backporting the necessary patches for using Android SDK API version 26 This week: Finish backporting patches for API 26 Release first TBA alpha Georg

1 0

Notes from network-team meeting, 4 Sep 2018
by Nick Mathewson 04 Sep '18

04 Sep '18

Hi! Our meeting logs are at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-09-04-16.59.html Below are the contents of this meeting's pad. = Network team meeting pad! = Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. This week we're meeting on Tuesday 4 September, because Monday 3 September is a US holiday. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == 11 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001828.html 18 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001835.html 25 June: https://lists.torproject.org/pipermail/tor-project/2018-July/001863.html 2 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001866.html 9 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001884.html 16 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001888.html 23 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001926.html 30 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001928.html 6 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001936.html 13 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001947.html 20 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001954.html 27 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001963.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * Community guides, it's time to hand off to the next guide! * Let's look at proposed tickets! [but see discussion] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases ------------------------------- ---- 4 September 2018 ------------------------------- == Announcements == == Discussion == (teor: I put some CI questions here. But let's talk about CI at the Tor Meeting in a few weeks time.) teor: We have some very productive volunteers. How can we balance reviewing their code, and our other tasks? Here's what I think we can do: * run their code on CI before reviewing * ask them to open pull requests on GitHub, or push their branches ourselves * ask them to write unit tests * let them know that some reviews will be delayed until mid-September * ask them to review each others' code? == Updates == Nick: Last week: * Drafted a sidechannels-and-datagrams whitepaper; got fast feedback from Mike * Backend for memory reduction via more efficient family storage * Tracked down a memory leak in my NSS code. (This took way more time than you'd think.) * Made new rotations. * Reviewed and merged a bunch of stuff. * Released 0.3.4. This week: * Revise and expand sidechannels-and-datagrams whitepaper. * Further revisions to NSS code TBD * more memory hacking as needed * more review, possibly even on non-sponsored stuff, time permitting. * Start working on next stable releases. * More tests for TLS code? * Revise code based on reviews teor (offline): last week (+ Monday this week): - Worked on fixing failures in chutney due to 0.3.4 changes (#27146 and children) - Reviewed the fixes to the vanguards patch (#25573) - Bwauth work (#27107, #27341, #27398) - Emailed Travis CI to fix startup hangs and network failures (#27366) - Reviewed some UTF-8 patches (#27367) - Windows CI is broken (#27389) - Other fast fixes, reviews, and ticket triage - Helped purge old trac admin accounts this week: 0.3.4: - Get chuntney working in mixed 0.3.3/0.3.4 networks (#27146) - maybe we should run chutney in travis CI? (#20647) - our macOS time API seems to return weird results on i386 (#26987) - Create an updated list of fallback directory mirrors (#24786) 0.3.5: - bwauth work (#27135) dgoulet: Last week: - HS ticket triage and work on some. - Finalized for upstream merge #20700. nickm: This is rather large... if you want, you can defer this to me and asn for upstream merge? (no, I'm cool with it -nick) - Started working on #27359 using nickm's backend code. - Bad relays activity was high last week so spent some time there. This week: - Finalize #27359. - Hunt around for tickets needed to be completed pre-freeze. catalyst: last week (2018-W35): - proof of concept of deferring directory bootstrap status (#22266) this week (2018-W36): - community guide rotation - clean up #22266 work a little (mostly improving tests) - add connection tracking abstraction for bootstrap reporting (#22266) - make some progress on #25502 (PT progress in bootstrap reporting) ahf, i left a rough sketch of an incremental piece i plan to work on in a comment at https://trac.torproject.org/projects/tor/ticket/27100#comment:2 ahf: Last week: Sponsor 8: - Looked at Nick's NSS RSA and TLS code (#26819). Wrapped my head arouns the NSS API's. - Looked shortly at #27255 (mmap of cached consensus), gonna postpone that until my other S8 tasks are done (#25502). - Back to #25502 (PT bootstrap error handling) Misc: - Looked at Marionette status. - Got through my review queue from before vacation (#24104, #17873, and #24204) - Some discussion about DEFCON badges with Steph. This week: Sponsor 8: - Follow up on NSS-TLS reviews. - Focus on #25502. Misc: - Bug triage role. asn: Last week: - Wrote a draft of the "onion services open issues" blog post based on Mike's README_SECURITY document. Circulated it to David and Mike. We need some more thinking on the right way to publish it, so that it does not sound alarmist but still informs people of the open issues with onion services. - Review #26818. - Tested onionshare's onion v3 support. - Updated v3 wiki page to bring it more up to date. - Started debug on another HSv3 descriptor upload fail (the only one around atm): #27436 This week: - Think more of the way we should publish the "onion services open issues" blog post. Talk more with Steph, David and other people who might have feedback. - Do reviews. - Help with open v3 issues Mike: Last week: - Updated #25573 based on review, made a merge branch on master. - Reviewed #27241; have some questions there - Vanguards bug fixes + v0.2.2 release - Reviewed asn's onion services post; updated README_SECURITY - Reviewed and commented on Nick's side channels paper - Replied to teor's sbws tor-dev thread. - Failed at CI; really hate digging through jenkins. Kept putting it off until it was too late :/ This week: - WTF-PAD/Sponsor2 work

1 0

Notes from August 30 2018 Vegas team meeting
by Karsten Loesing 31 Aug '18

31 Aug '18

Notes for August 30 2018 meeting: Alison: 1) Mexico City meeting planning!!! Hoping to get the open days blog post out on Friday or so (with Spanish translation, need someone's help with that). We have lots of great things going on on the open days, including sessions in English and in Spanish, sessions for newcomers, and a relay operator meetup. I will be sharing the invite-days schedule draft as soon as I hear back from a couple of people who had major collisions. Then I will help people with making changes. There is lots of free time in this schedule and lots of places for adding new sessions!! I have been coordinating with teams about the team meeting day so if you haven't yet, please let me know when your team needs to meet on Sept 29. It's okay if you wait and do this yourself once I share the schedule but it may be easier to get those times to me now in case you need other teams at your meetings. I will also soon start planning the State of the Onion talk for the invite and open days, and will need to coordinate with all of you. Other than that we are just working on last minute odds and ends. If you need anything related to the meeting, just ask! 2) Starting to think about roadmapping at the meeting, looking forward to meeting with our new project manager(s). 3) LFI: We are in week 13! We just covered email privacy, next week we'll be talking about some more basic security stuff and also making a list of best practices for talking to lawmakers about privacy-related stuff (getting their support for privacy tech and practices, both locally and nationally, and how to communicate with them when bad things like Cambridge Analytica happen). After that we're talking about how to teach privacy to youth. We just sent out tshirts and pins to everyone who asked for them! 4) Gus is in Kenya with Helen already beginning trainings! Very exciting! Sarah: 1) Organizing current grant info and researching future opportunities in preparation for in-person grant meeting in Seattle 9/10-9/11. 2) Interviewing grant writers. 3) Completed MDF final report and will submit today. 4) Finalized plan with Giant Rabbit to optimize email lists and subscription process. 5) Beginning to compile information to complete state registrations necessary for fundraising. 6) YE campaign - Thinking about having a "rush"day where we have a $20K match (outside of the Mozilla match). Roger: 1) I was reminded of Micah Lee's https://github.com/firstlookmedia/gpgsync while trying to help some folks think through our new website. Maybe we have enough non-expert gpg users at Tor now that we should consider using it as an org? 2) I worry that trac has gone unusable for new users. That is, pretend you're a new user with a bug to file, and you want to show up and make an account and file a ticket. The barriers we've put up against jerks are turning away the real users too. :( [Ideas during brainstorming: we can set up a central web page to explain the situation to people. But a web page to explain that the user experience sucks will only help so much. Another floated idea was to encourage new people to file their tickets on github and then we could migrate them or something.] Steph: 1) working on the newsletter for this month 2) tba blog post ready 3) going over website copy for TPO with Antonela and Isa 4) talked with Sarah and Giant Rabbit about email lists 5) planning our def con badge. have included Antonela and ahf in the thread with the volunteer to discuss some options 6) blog post on mexico city open days in final steps 7) talking through processes / workflow between comms, ux, other teams 8) wrote press release for tb8, finalizing outreach plan isabela: 1) got some reports out still has at least 2 I want to finish by early next week. 2) balancing current projects priorities - we are about to do 2 big launches that involves work done for the past year (work done by community, ux, browser teams) 3) building documentation for new peeps (onboarding for pms) and for all peeps related to reorg and how the new workflows will look like 4) exercising my 'task delegations' and trying to get some things out of my to do list (asked Karsten for help on one of this tasks and I'm looking on whatelse can be delegated) 5) I need devs to finalize the programming languages at the anti-censorship team job post so we publish it. 6) sync with Erin on performance review process at tor and general onboarding deck 7) will build a calendar for folks to know what i am doing and when in Mexico and book 1:1s with me if they want to Karsten: 1) Continued testing ExoneraTor database changes. 2) Put out ExoneraTor version 3.0.1 with a fix to links to nearby IP addresses. 3) Started making plans for the team day in Mexico City. Mike: 1) Development work on vanguards; sponsor2 padding stuff; core-tor Georg: 1) Tor Browser 8 release preparations 2) First alpha for Tor Browser on Mobile should finally go out soonish(TM)

1 0

Network team meeting notes from 27 Aug
by Nick Mathewson 28 Aug '18

28 Aug '18

Hi! You can find the logs at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-08-27-16.59.html Below are our notes from the meeting. = Network team meeting pad! = Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == 11 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001828.html 18 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001835.html 25 June: https://lists.torproject.org/pipermail/tor-project/2018-July/001863.html 2 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001866.html 9 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001884.html 16 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001888.html 23 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001926.html 30 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001928.html 6 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001936.html 13 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001947.html 20 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001954.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * Community guides, it's time to hand off to the next guide! * Let's look at proposed tickets! [but see discussion] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases ------------------------------- ---- 27 August 2018 ------------------------------- == Announcements == """ Sponsor8 ends on Dec 31, and we have some deliverables that needs to make 035. The 035 merge window closes on Sept 15. With that in mind, we need to prioritize these deliverables, and ask some folks to step out from rotations and most code reviews for the next month or so, so we can get it all done. Code reviews will also prioritize sponsor8 work, so, some reviews might be delayed and not added to the weekly review spreadsheet. For the rest of us, we don't intend that reviews and rotations should take up your whole life. If you're spending more than 20% or so of your week on reviews and rotations, then we might need to recalibrate. Talk to Nick and Isa if that sounds like the situation you're in. We will resume normal team operations once we get the sponsor8 deliverables done :) thank you for the understanding. """ Sbws can match torflow! Here are our current sbws design questions: https://lists.torproject.org/pipermail/tor-dev/2018-August/013402.html We fixed some failures in chutney, tor 0.3.4 and tor master. Please pull the latest chutney, and base new branches on the latest tor. == Discussion == Who do we want at the teams day at the Mexico City meeting? (teor suggests: staff, and people who are making significant contributions to core tor, sbws, etc.) Have we missed anyone? Is it too late to ask? - Alex from the Rust team is planning to join, but noting him here to make sure we send an official invite Accepting PRs not on Github: [komlo] - It is hard to review PRs that don't have Travis output- how do we feel about requiring PRs on github for external contributors so that we can see the status of Travis builds? Is there a non-github alternative where we can still see Travis output? Is this something that should be in our Coding Standards? [catalyst: i'm inclined to agree. PRs on our GitHub repo also run Appveyor and Coveralls CI, which not everyone has enabled on their forks. in practice, when i review a non-GitHub patch or contribution, i usually push a version to my fork and make a PR so that CI runs.][Asking for PRs and/or creating PRs as needed sounds like it can be a community hero thing. -nm][+1 -teor] == Updates == Nick: Last week: - Got NSS working. It now passes all its tests, and a chutney network bootstraps, and a client connects to the network. Going to add a bunch more tests, and hunt down a couple of memory leaks, but I think we've got a good start here. Timeline for review? [catalyst: i can hand off to ahf if he's willing] - Helped diagnose timing issues in voting w mixed chutney networks (27146) - Looked at memory profiles, and opened subtickets & subsubtickets for #26630. (We're wasting a lot of memory in our directory code.) - Helped diagnose bridge bootstrapping issues w chutney on 0.3.4 (27080) - Reviewed and merged a bunch of stuff - Released 0.3.4.7-rc. New release date for 0.3.4.8: How about September 10? [works for me -teor] - Bug triage. Cleared out tickets in "- Select a component" and tickets without a milestone; worked on incoming tickets. - Fixed a crash caused by new openssl not liking some of the tricks in test_tortls.c (#27226) This week: - Actually write the sidechannels whitepaper that I said I'd finish last week :/ - NSS: add a bunch more tests, and hunt down a couple of memory leaks - NSS, Privcount, etc: revisions based on reviews, if any - Work on one or more memory reduction tickets under #26630 and #27243. - Taking off Thursday. - More review and merging teor (offline): last week: - sbws can match torflow's results (next step: design feedback) https://trac.torproject.org/projects/tor/attachment/ticket/27135/20180826_0… Thanks to juga and pastly for all their hard work! - Fixed broken bridge tests in chutney (#27080) - We changed consensus timings between 0.3.3 and 0.3.4 (#27146) - Helped with Rust linking (#27272, #27273, #27274) - Other fast fixes, reviews, and ticket triage - Helped purge old trac admin accounts this week: 0.3.4: - Review the fixes to the vanguards patch (#25573) - Get chuntney working in mixed 0.3.3/0.3.4 networks (#27146) - maybe we should run chutney in travis CI? (#20647) - our macOS time API seems to return weird results on i386 (#26987) - Create an updated list of fallback directory mirrors (#24786) 0.3.5: - PrivCount in Tor: blinding and encryption (#22898: reviews, fixes, design meeting) - bwauth work (#27135) dgoulet: Last week: - Worked on #27246 for Sponsor 8. - Worked on #27215 which makes the HS default version to 3 in 0.3.5. - Memory profiling of Tor client. From the results, nickm opened #27243 and the childs for improvements. For the curious: https://people.torproject.org/~dgoulet/volatile/perf/ - Reviewed HS client authorization branch (#20700). Almost done after the on-disk design now in the spec. Hoping to have a potential merge candidate this week. - Reviewed a series of tickets (see Timeline). This week: - Keeping myself available for #20700 next revision (client HS auth). - Review anything related to S8 tor client memory optimization. - Possibly also help asn on the HS open bugs if time permit. - Work on prop289 if time allows it. asn: Last week: - Wrote patch for #26980. This was a reliability issue for HSv3 because it was causing descriptor upload failures. Patch has been merged, and my HSv3 has been functioning well ever since. - Review #23576, #13843, #24880, #22958. - Was away from Monday and up to Wednesday. This week: - Start working on "onion services open issues" blog post with Mike. My plan is to start by writing an early draft, and then pass it to Mike for feedback. Rinse and repeat. - Get client auth (closer to) merged. - Try to get some time to seriously look into #25882. This is the main reliability issue we have in HSes (v2/v3) right now, and it's quite fundamental because it's caused by simple circuit timeouts. Diagnosing and fixing this issue is probably some work since it requires a stressed out HS. ahf Last week: - Returned to Tor after some vacation. This week: - Sponsor 8: - Get back on track with #25502 (PT error reporting) - Figure out where we are with memory optimization. - Look into Nick's NSS work. - Misc: - Go over review backlog. komlo (offline): - Last week: - Rough draft of a peer reivew checklist for research on Tor, will finish this in a month after I can meet with Ian to discuss. Once we have this I'll pair with Mike to finish this up and publish - RustConf catch up (sent an email to get Alex up to speed so he can help with diagnosing build issues) - This week: - Ad-hoc Rust ticket review, there are a lot of small tickets that need review haxxpop (offline): - Last week: - Discussed the client auth code with dgoulet - This week: - Revise the client auth pr according to the comments catalyst: - last week (2018-W34): - ran into #27226 on macos. reviewed Nick's fix - made some progress on #22266 (bootstrap progress reporting) - this week (2018-W35): - community guide rotation [to nickm] - more on #25502 and #22266 (bootstrap progress reporting) - more home maintenance backlog Mike: Last week: - Updated #25573 (half-closed connection id tracking) based on review - Kept digging into #27066. Have a potential stopgap fix. - Rebased WTF-PAD branch onto master This week: - Look over and reply to sbw mail - Continue work on WTF-PAD as per https://github.com/mikeperry-tor/tor/blob/adaptive_padding-rebased_0.3.5/PA…

1 0