- tor-project - lists.torproject.org

Tor Browser Release meeting - Wednesday 14th Nov @ 19:00UTC
by Pili Guerra 13 Nov '18

13 Nov '18

Hi, Just a reminder that we’ll be having our bi-weekly Tor Browser release meeting this Wednesday (14th November) at 19:00UTC. Please come with any questions, requests and comments you may have. Here is a link to the pad: https://storm.torproject.org/shared/6z9zWh3BoyCONtyeW8EcFmL5hLhw5TNxKqR2F20… Feel free to add any comments/requests/discussion points, etc… ahead of the meeting. Everyone is welcome! Pili — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

1 0

Tor Browser team meeting notes, 12 Nov 2018
by Georg Koppen 13 Nov '18

13 Nov '18

Hi! Below are our weekly Tor Browser team meeting notes. The chat log can be found at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-11-12-18.58.log… and our pad entries are/were: Discussion: - Tor Browser in the Snap Store? (see Iain's mail) [GeKo will reply to it on Tue or Wed] - upcoming 1:1s - Team responsibilities restructuring - things to take over from Arthur: - annual rebase - maintaining circuit display UI - optimistic SOCKS (if I don't finish it) - adding locales - Mozilla uplift coordination - things Arthur will continue to maintain: - torpat.ch - arthuredelstein.net/exits - permissions FPI uplift (with Mozilla) - IRC presence GeKo: Last week: -Jacek worked on the Windows accessibility issue, patches are up for review/merged, see: https://bugzilla.mozilla.org/show_bug.cgi?id=1430149 and we probably can soon be testing them in our nightly builds -reviews (#25013, #28260, #27443, #26540, #22343) -worked on #27443 and #26483 (alas no time for the design doc update #25021) -helped with proposals -helped with the anti censorship position interviews -security controls redesign This Week: -More work to get TBA-a2 into shape (reviews, help with #27443, #26483 and other related bugs) -another round of looking into doc for #3600 -look again over the cubeb - audio files disk leak and reply to Mozilla dev mail -write mail regarding Tor Browser snap -hopefully getting back to updating the Tor Browser design doc (#25012) mcs and brade: Note: We will be away from work Tuesday, November 20 - Friday, November 23. Last week: - Finished #22074 (Review Firefox Developer Docs and Undocumented bugs since FF52esr). - Reviewed #28039 (Tor Browser log is not shown anymore in terminal since Tor Browser 8.5a2). - Reviewed #22343 (Save as... in the context menu results in using the catch-all circuit). This week: - #27239 (TB team feedback on jump-to-80% work) - #28196 (about:preferences#general is not properly translated anymore) tjr: * MinGW - Landed sandbox support on -central. x86/x64 builds on -central should be consistently runnable. - Working on getting mingw-clang tests running on -central https://bugzilla.mozilla.org/show_bug.cgi?id=1475994 - Uplifted a bunch of mingw-clang patches to esr60. Intend to figure out what else besides this we need to uplift and get it done. - Have a esr60 build of mingw-clang successfully building. Haven't tested if it runs yet. - Intend to harass people about uplifting nss patches to esr60, which would unblock uplifting the build jobs - Nothing is stopping us at this point to start bringing the mingw-clang toolchain into rbm; I'm just intimidated to start trying to do it. - Keeping an eye on the accessibility stuff! https://bugzilla.mozilla.org/show_bug.cgi?id=1430149 * Fuzzyfox - It's in Nightly. It would probably be easy enough to backport to esr60. - We had someone test it manually a bunch, and they found only one minor issue. https://bugzilla.mozilla.org/show_bug.cgi?id=1506295 - That said, I am less certain it is worry-free. I wanted to do some performance debugging locally. - We also don't know what level of security assurance it gives us at different levels, and how it compares with Tor's 100ms choice right now. * Emailed kinetik about cubeb audio files (https://trac.torproject.org/projects/tor/ticket/28373) - Got a response that there are temp files. I didn't fully understand his other replies. - Does anyone at Tor have the bandwidth to drive this conversation, or should I try to? [GeKo: I will get back to that one this week] * TB 8 Retrospective Followup - please help me - Tor disables the web extensions process on <platforms>. The tickets/reasons for this are <?> - [GeKo: In ESR60 this is only available on Windows (IIRC the feature landed for macOS and Linux in Firefox >= 61; The reason for this is that this breaks Torbutton/NoScript communication needed for our security slider, see: https://trac.torproject.org/projects/tor/ticket/27411] - [tjr] Okay, so it seems like the path forward for this is just integration them into the browser? Is relying on that for the next ESR a safe approach, or should I investigate these prefs and ensure they keep working in the next ESR just in case we need them? - I'm going to talk to #build folks about the rust stuff, continuing the conversation in https://bugzilla.mozilla.org/show_bug.cgi?id=1376621 and trying to build consensus among them on a path forward. I intend to propose this issue to the Tor Uplift Team (Ethan) as a 'must complete' by the next ESR. - I think it'd be good to get feedback from Mozilla on the strategy to import torbutton/torlauncher into the browser codebase. I am in a holding pattern for that waiting for tor browser proposals to be written. - I need to think about how to better communicate open mozilla bugs as we approach next ESR - I have been writing a WinDbg guide for trac for debugging mingw-clang builds with WinDbg * Other: I am considering writing a tbb-dev proposal to increase the max content processes from 4 to 999. This would increase memory consumption, especially for users with a lot of tabs. It would provide some small level of tab isolation at the process level, but only for new tabs opened, not tabs reused. The security gain contains a lot of "Well if the user does this, things are kinda better, but if they do this they're no better." So not sure if it's useful, the main draw is that it's a 4 character patch, so easy to do, just difficult to decide one. igt0: Last week: - First set of patches to #25013 (torbutton within torbrowser) - Rebased #27111 (about:tor on mobile) This week: - Finish #25013(add the necessary bits of code in tor browser) - Add banner on tor browser(#28093) - More TBA alpha2 stuff pospeselr: Last week: - Final patch for #26540 (pdfjs circuit isolation) - #3600 work ( doc could use some eyes: https://storm.torproject.org/shared/Kw99Ow0ExZFFC6FKD5CeryfVFAoAL9Z_iEVlflI… ): [GeKo: I'll give it another look this week] - Some more work on the brainstorming/design doc, circling in on a 'mix and match' solution here - Still some open questions here regarding user experience related to OAuth and cookie keying: - If you use an OAuth provider (say oauth.com) via foo.com, should the session cookie related to oauth.com be valid for other sites using that provider, or should that cookie be double-keyed to foo.com|oauth.com? My intuition is that oauth.com should not be treated as a first party in such a scenario. - Mozilla's Ehsan Akhgari has pointed me to some patches added in Firefox 64 that appear to be necessary for this work (determining whether domains have been interacted with by a user) - A bit of Athens travel planning This week: - Uplift #26540 - filed bug https://bugzilla.mozilla.org/show_bug.cgi?id=1506693 - Investigate per-sku app icons - Backporting user interaction patches from Firefox 64, adding debugging hooks for the various redirect entry points needed regardless of final solution here sysrqb: Last week: TBA+Orbot - #28051 A little S19 interview work rust audit TBA+tor-browser-build This week: Finish TBA+Orbot - #28051 TBA localization Review #26690 - TBA onion-padlock Review #25013 - move Torbutton into tor-browser boklm: Last week: - made two builds with `-Wl,-t` for #26148 (binutils update) and started looking at logs - updated and tested patches for #27265 (In some cases, rbm will download files in the wrong project directory) and #27045 (Add option for firefox incremental builds) - made patch for #28260 (Use Rust 1.28.0 to build Tor), with help from gk. This week: - look at the logs from `-Wl,-t` to try to understand the issue from #26148 - work on bringing back the testsuite sisbell: Last week: - # 27443 Firefox for Android - add test dependencies for gradle, testing various ndk versions, rust versions and API levels - # 28144 Update tor-browser for Android - Add extensions and repackage and debug sign apk, verified apk runs on device This Week: - # 28144 Add makefile for Android - # 27443 Investigate rust deltas between 1.26/1.28 [GeKo will find out the patch that fixes this for 1.28 and sisbell meanwhile tries to get #27977 in shape] pili: Last week: - DRL Proposal This week: - Carry on roadmapping... - OTF Engineering lab follow up - Tor Browser Release meeting this week! (just an announcement :) ) [19:00 UTC :) ] arthuredelstein: Last week: - Refactored/simplified patch for https://bugzil.la/1330467 (FPI for permissions); will post soon - Investigated https://trac.torproject.org/26498 (bn-BD not displayed in title bars) - Revised https://trac.torproject.org/22343 (Save As... FPI) - Started working again on https://trac.torproject.org/25555 (Optimistic SOCKS) - Revised https://trac.torproject.org/28187 (Change Tor Circuit display icon to an onion) This week/next week - Try to get something working for #25555 - See if it's possible to fix #26498 antonela: Last week: - Security Settings - Tor Browser Icon survey ended - https://trac.torproject.org/projects/tor/ticket/25702#comment:8 - when can we have it packed? [GeKo: not sure yet as we are not used to have three different icons for our release channels; pospeselr will look into the changes we'd this week] This week: - Moar Security Settings - Leading Orfox users to Tor Browser Android (27399) - Design TBA+Orbot configuration UI/UX (28329) Georg

1 0

Tor network team meeting notes, 12 Nov 2018
by Nick Mathewson 12 Nov '18

12 Nov '18

Hi! Logs here: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-11-12-17.59.html Pad contents below: = Network team meeting pad! = This week's team meeting is on Monday at 1800 UTC (1 hour later for daylight saving time) on #tor-meeting on OFTC. Welcome to our meeting! First meeting each month: Tuesday at 2300 UTC Other meetings each month: Mondays at 1800 UTC (1 hour later for daylight saving time) On #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == (Search the list archive for older notes.) 15 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002027.html 22 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002032.html 29 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002036.html 6 Nov: https://lists.torproject.org/pipermail/tor-project/2018-November/002047.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * Let's look at proposed tickets! 0.3.5 (bugs only): https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… 0.4.0: https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases * Remember to fill up actual point when you finish a task (as well as "fix" the estimate when starting the issue). * Add planned PTO to the calendar https://storm.torproject.org/shared/ISA5L5nH0Xu88iqSCx9ZjCXYSMKOBTdbUeWarbd… << Remember that priority is Sponsor 8 - roadmap is sort out by priority >> Activity O2.5 is the one we are missing and need to be done in 2 months. * Remember that you can already book the flight to Brussels for hackweek. (Ask jon & gaba if you have any question) ------------------------------- ---- 12 November 2018 ------------------------------- == Announcements == Please don't bulk-delete all the old entries from this pad any more. Instead, delete the "planned" and "actual" for the previous week, but leave the "planned" for this week in place. Please check the dates before deleting. Check other's people call for help in their entries. Nick's upcoming release plans: Starting now: Stay up to date on backports. [See spreadsheet about backport status.] Late next week, around Nov 23: TB releases with 0.3.5.4-alpha. ~Dec 3: 0.3.5.5-(rc or alpha) [Note short window from TB release!] Dec 11: TB releases again. ~Jan 2: Release 0.3.5.6-(rc or stable). Release 0.3.4.10. Release 0.3.3.11. Jan 15: Feature freeze for 0.4.0. Later in Jan: Release 0.4.0.1-alpha. Snowflake kickoff meeting on November 27th: overview and what needs to be done. == Discussion == * sponsor 8 work O2.5 (bootstrap reporting) is most important - right now working on this: catalyst, ahf, dgoulet, teor. any of you need help with it? * Please see tickets with tag "035-rc-blocker?" -- are any of them really rc blockers? Are there any other true rc blockers? https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… * Is our process for "proposed" working? == Recommended links == Cool talk on communication in teams http://lenareinhard.com/do-you-read-me-better-communication-for-stronger-te… == Updates == NOTE NEW FORMAT! Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: - Something you may need help with. PLEASE DO NOT BULK-DELETE THE OLD ENTRIES! Leave the "Planned" parts! Leave the parts for last week and this week! Nick: Week of 11/5 (planned): - Comment on new version of crypto thing /prop295 - Review wtf-pad design and code (waiting on status update for proposal revisions) - Meet with B Bhumiratana to chat about net privacy - Plan and possibly start working on #2149 ("extra dormant") with dgoulet - Revise or merge #28226 (messaging system) - Release 0.3.5.4-alpha? - Possibly, design for testing sustems that use pub/sub. Week of 11/5 (actual) - Implemented a python version of prop295, circulated in network team. Got comments on new version's readability. - Reviewed wtf-pad design; initial architectural review of code. - Met with B Bhumiratana (Eisenhower fellow). He said he knows Haxxpop :) - Designed #28335 ("extra dormant nouveau") with dgoulet and started coding. - Released 0.3.5.4-alpha - Wrote enhancement for checkIncludes.py (#28362) to detect circular include structures among directories. Resolved the ones we have in lib. - Merge, Reveiew, etc. - Figured out OpenSSL 1.1.1/TLS 1.3 client problem (#28245) - Rearranged 035-can / 035-must tags a bit Week of 11/12 (planned): - Send comments about prop295 draft back to Tomer et al - Triage 0.3.5 must-do vs may-do stuff. - Continue revising publish/subscribe code pending comments from Taylor #28226. - Continue work on "dormant mode" logic for #28335. Hope to finish first draft, but might pend #28226 work. - Time permitting, add more tests for myfamily memory improvements (#27359) - Plan when to do next alpha/stable releases. - Write a schedule for upcoming releases - Backports to 0.3.4 etc Want help with: Mike: week of 11/5 (planned) - New GPG subkey. Kill me. - More WTF-pad proposal updates - Vanguards release? - WTF-PAD updates, fixups, tests - Datagram paper diff for nick week of 11/5 (actual) - WTF-pad proposal disussion - WTF-PAD updates, fixups (maybe 80% of the way through code review change requests) - Highlights: Supports 65532 states now with not much addtl overhead week of 11/12 (planned) - GPG? Does anyone use it? can we agree to stop? Kidding. ;) - More WTF-PAD fixups, tests - Vanguards release? - Datagram paper diff for nick help with: ahf: Week of 11/05 (planned): Sponsor 8: - Finish #28179 and get it reviewed+landed. - Talked with HC from TGP about #28409. Sponsor 19: - Continue wrapping my head around PT tasks for s19 (mostly focusing on Snowflake). - Help UX with #27385. - Anti censorship team hire. Misc: - Review #28298. - Do reimbursements from Mexico. Week of 11/05 (actually): Sponsor 8: - Got first patches for #28179 pushed to bugs/28179. Sponsor 19: - Looked at HTTPS Proxy (for the alt. PT part of S19) - Discussed #28298 with Antonela. - Interview with two candidates. Some pre-interview meetings with technical questions, etc. - Send out email to network team about S19 kick off meeting. Misc: - Reviewed #28298. - Didn't do Mexico reimbursement... Week of 11/12 (planned): Sponsor 8: - Hook up transports.c with the code from #28179 and test that it all still works on all our platforms -- begin on #28180 with David. - Begin on #27100. Sponsor 19 - One interview this week with a candidate. - Continue looking into Snowflake. Misc: - Do the Mexico reimbursement that I keep postponing. - Book flight tickets for Brussels. asn: Week of 10/29 (planned): - Continue reviewing, refactoring and testing the WTF-PAD code. - Try to come up with a useful WTF-PAD state machine that we actually want to merge. - Do reviews. Week of 10/29 (actual): - Continue reviewing, refactoring and testing the WTF-PAD branch. Passed knowledge to Nick so that he can also do some reviewing. Found some bugs and wrote some commits to improve code. - Did reviews (#28308, #28906, #28184, #28245). - Help out with the anti-censorship team hires. Week of 11/05 (planned): - Sufficient review has happenened on the WTF-PAD branch. It's now time to start working on the TODO items and wrapping this up so that we move towards merge. Coordinate this with Mike. - Do reviews. - Continue helping with the anti-censorship team hires. Help with: - Mike we should figure out next steps to move thjis to merge. dgoulet: (offline for meeting) Week of 11/5 (planned): - Planned, review and/or work on #28335 with nickm. - Available for ahf to review #28179 and then start working on the code for #28180 (s8). - Finalize whatever s8 other tasks come up this week. Week of 11/5 (actual): - Review #28330 subsystem branch from nickm. - Ticket work on HSv3 bugs: #27841, #28184. Week of 11/12 (planned): - Holiday on November 12th. - Review #28179 important s8 ticket then move on to #28180. - Help nickm with #28335 and childs. gaba: Week of 11/5 (actual): - gettor follow up - hackweek cancel KU reservation - get into ooni work/roadmap - start looking at CVs that come up for data architect position for metrics team - several weekly meetings (ooni, metrics, fundraising, las vegas) and 1:1s - work on DRL proposal that was submitted on Friday Week of 11/12 (planned): - weekly meetings (ooni, metrics, fundraising, las vegas) and 1:1s - metrics data architect position - participate in interviews for anti-censorship team developer - ooni roadmap - gettor help with: - communicating anything about sponsor8-bootstrap help/needs and progress catalyst: week of 11/05 (2018-W45) (planned): - reviews - bug triage rotation - 0.3.5 bugfixes as needed week of 11/05 (2018-W45) (actual): - bug triage - reviewed #28229 - continued reviewing #28226 -- sent comments on msg stuff - preliminary planning for Athens meeting week of 11/12 (2018-W46) (planned): - reviews - #27167 - 0.3.5 bugfixes as needed help with: haxxpop: Week of 11/5 (planned): - Probably discuss about #28275. A lot of ideas are going through. So fun :). And I will fix it if there is something to be changed. - Write the tor-keygen man page, if I have time left. help with: teor (online!): Week of 5 Nov (planned): - Pick up a s8 bootstrap ticket, and do it - Try and make progress on the s8 chutney consensus failure bugfix tickets - Defer: Make the fallback script ignore addresses in the whitelist, so we can rebuild the fallback list - Defer: Work on PrivCount in Tor prototype - merge the crypto_rand_double() C code in #23061, and write a Rust equivalent - minor fixes to privcount_shamir - finish off the travis CI config for chutney / turn it into a config to test PrivCount in Tor Week of 5 Nov (actual): - Started "pick guards from a reasonably live consensus" (#24661), found #28319 - More admin, hackfest planning - Cleared my ticket backlog, lots of little ticket updates, code reviews - Planning for s8-bootstrap - Reviewed metrics' total consensus weight and consensus weight by flag graphs - Extensive reviews on various sbws tickets - Looked at some CVs for the metrics position - Internet Freedom Hack presentation and mentoring Week of 12 Nov (planned): - Continue to work on s8 bootstrap tickets - "pick guards from a reasonably live consensus" (#24661) - do path selection from a reasonably live consensus (#28319) - Fix the s8 chutney consensus failure bugs - Do a review of the sbws specs once a week - Defer: Make the fallback script ignore addresses in the whitelist, so we can rebuild the fallback list - Defer: Work on PrivCount in Tor prototype Week of 12 Nov (actual): - sbws spec ticket review - more admin Help with: - nickm, I would like help on how to access --RUNNING-FORKED in #28096. It seems to require an abstraction layer violation: argv is in tinytest.c, but tor code is in test_common.c. Is there some simple trick I'm missing? (So, IMO it would be okay to look at the "v" argument in main in testing_common.c: it is argv. Yes, that's a layer violation, but tinytest is under our control anyway. Alternatively, we could extend tinytest, I guess? I'll be around at the patch party time to talk more if it's helpful -nickm) juga: Week of 11/05 (planned): - tor code - continue with #21377: DirAuths should expose bwauth bandwidth files - continue with #22453: Relays should regularly do a larger bandwidth self-test - start with #26698: Authorities should put a hash of the bandwidth file in their votes - undecided on trying to start some tasks that are not priority but on which the rest of the work on bandwidth stuff might depend - Week 11/05 (actual): - Tor code - serve bandwidth files used in the votes (#21377) - include the digest of the bandwidth file in the vote (#26698) - Bandwidth File specification - correct scaling methods examples (#27690) - correct key/values (#28085) - Tor Directory Protocol specification - remove bandwidth file headers key/values (#28382) - include a "bandwidth-file" item the vote documents (#28359) - updated sbws Debian package to 1.0 - started to write about the bandwidth distribution goal problem - Week 11/19 (plan): - Tor code - Relays should regularly do a larger bandwidth self-test (#22453) - bandwidth testing circuits should be allowed to use our guards (#19009) - In a private network some relays advertise zero bandwidth-observed (#24250) - sbws - Change integration tests from bash to POSIX shell (#28106) - revisions - Help with: - anyone: review my tickets in "needs_review" :)

1 0

October 2018 report and November 2018 plans for the metrics team
by Karsten Loesing 12 Nov '18

12 Nov '18

Hello Tor, hello world! Below you'll find the highlights of Tor metrics team work done in October 2018 as well as a few expected highlights for the current month, November 2018. On behalf of the Tor metrics team, Karsten October 2018: Added a new graph to Tor Metrics that compares total consensus weights across bandwidth authorities [1, 2]. [1] https://metrics.torproject.org/totalcw.html [2] https://bugs.torproject.org/25459 Extended the graphs on Tor Browser downloads by platform [3] and by locale [4] to also show Tor Browser update pings [5]. [3] https://metrics.torproject.org/webstats-tb-platform.html [4] https://metrics.torproject.org/webstats-tb-locale.html [5] https://bugs.torproject.org/27931 Worked towards extending metrics-web's ipv6servers module to cover existing statistics on relays by flags/versions/platforms [6]. The goal is to replace some really old code and to prepare creating new graphs on relays by consensus weight and bridges by versions/platforms. [6] https://bugs.torproject.org/28116 Deployed changes to streamline percentile computation in various metrics-web modules to now use Apache Commons Math rather than custom implementations [7]. [7] https://bugs.torproject.org/26035 Released CollecTor 1.8.0 [8] with some minor fixes and improved logging to hopefully track down an issue where we were missing server descriptors. [8] https://lists.torproject.org/pipermail/tor-dev/2018-October/013493.html Improved monitoring of Onionoo uptime and freshness [9] [9] https://bugs.torproject.org/28271 November 2018: Start rewriting the CollecTor module that archives relay descriptors in Python using Stem as proof of concept. This is part of our Sponsor 13 work [10]. [10] https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor13 Review and deploy the extended ipv6servers metrics-web module to replace major portions of the old legacy module [11]. [11] https://bugs.torproject.org/28116 Find a Metrics Data Architect as third full-time member of the metrics team. The job description [12] will soon be distributed by the usual channels and also linked from the Tor Metrics website. [12] https://www.torproject.org/about/jobs-metrics-data-architect.html

1 0

Job Opening - Metrics Data Architect
by Erin Wyatt 09 Nov '18

09 Nov '18

Hello, everyone! We have a new open position: https://www.torproject.org/about/jobs-metrics-data-architect.html.en The job posting is available at the link above, pasted below, and attached as a PDF. Please help us spread the word by sharing, forwarding, tweeting, whatever! :) Thank you all! Have a great weekend! Cheers, Erin ————————>8————————>8————————>8 Internet Freedom Nonprofit Seeks Metrics Data Architect 7-Nov-2018 The Tor Project, Inc., a 501(c)(3) nonprofit organization advancing human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, is seeking an experienced Data Architect to take our metrics work to the next level. Tor is for everyone, and we are actively working to build a team that represents people from all over the world — people from diverse ethnic, national, and cultural backgrounds; people from all walks of life. Racial minorities, non-gender-binary people, women, and people from any group that is generally underrepresented in tech are encouraged to apply. The team: Our Metrics Team has been collecting data since 2004 to help improve the tools we build and learn more about the Tor network. For example, we monitor the number of relays and clients in the network, their respective capabilities, the number of clients connecting via bridges, fluctuations in network speed, etc. Gathering this data results in huge data archives, so we are also working to develop tools to process this data and make it available to everyone. How we achieve our goals: • Robustness (We want to avoid bugs and/or bad design decision that cause us to miss data) • Timeliness (users need up-to-date network status information) • Scalability (as the network grows, so does our data) • Transparency (our community rightly wants to know what data we're collecting) The Tor Metrics team presently consists of two full-time developers; this position will be the third. Our team works asynchronously on each person’s own schedule, but we sync regularly via Git, Trac, IRC, e-mail, and an occasional video chat. The most interesting challenge for the Metrics team is how to gather data on an anonymity system without de-anonymizing users. The job: The person in this position will work directly with helping us design and refine systems for gathering and analyzing data. The bulk of our code is written in Java, but smaller portions are written in R, Python, PostgreSQL, and JavaScript. Part of this job will be to analyze and fix bugs in our current code and review patches. We will also be migrating parts of our code from Java to Python, and the person in this position will help with that. Our main five codebases: • Collector (https://gitweb.torproject.org/collector.git/ ) • metrics-lib (https://gitweb.torproject.org/metrics-lib.git/ ) • Onionoo (https://gitweb.torproject.org/onionoo.git/ ) • Exonerator (https://gitweb.torproject.org/exonerator.git/ ) • metrics-web (https://gitweb.torproject.org/metrics-web.git/ ) Requirements: Technical abilities/experience: • Have experience finding your way into existing Java/Python/R/PostgreSQL code bases and the ability to review patches and make changes to fix bugs/smaller enhancements. • Able to identify shortcomings in our data pipeline and suggest improvements to reduce complexity and future maintenance efforts. • Experience working with Git and Trac or similar issue tracking tools. • Ability to learn quickly and can adapt to our current processes; are able to improve future processes for releasing software and operating services. • Understanding of the inherent privacy implications of gathering data in an anonymity system, the security implications of gathering metrics data from semi-trusted relays in the Tor network, and the challenges of processing large amounts of data per day (specifically performance and scalability challenges). Collaborative requirements: • Ability to work remotely 90% of the time, as most team synchronization happening via email and/or IRC. • Participation in weekly IRC meetings and monthly team video chats. • Willingness and ability to travel internationally up to four times per year, to semi-annual Tor meeting plus up to two team-internal meetings. • Language: write and speak fluent English. • Comfortable posting to a public mailing list or speaking up in a public IRC channel to ask questions, even when you think the question might be obvious or silly. Bonus skills: • Data analysis: Ability to make sense of data sets and use data analysis tools to find and visualize interesting patterns. • Open source attitude: You're accustomed to a pattern of early and frequent releases without attempting to finalize things on your own and have contributed to open source projects before. • Scientific writing: Experience writing technical reports about data findings. • Mathematics: Knowledge of basic statistics. • Networking background: Experience working with networks and measurements in the past. • You support Internet Freedom! This is a full-time position that can be done remotely/internationally or in our office in Seattle, WA. To apply, send a cover letter that includes a statement about why you want to work at the Tor Project, your CV/resume (including three professional references), and a link to a code sample or some non-trivial software project you have significantly contributed to. All documents should be in PDF format labeled with your name. Please send to job-metrics at torproject dot org with “Metrics Data Architect” in the subject line. No phone calls please! Flexible salary, depending on experience. The Tor Project has a highly competitive benefits package, including a generous PTO policy; paid holidays (including the week\ between Christmas and New Year's, when the office is closed); health, vision, dental, disability, and life insurance paid in full for employee; 401(k); and flexible work schedule. (Please note that benefits package specifics can vary slightly from country to country, but we aim to treat everyone equally.) The Tor Project's workforce is smart and committed. The Tor Project currently has a paid and contract staff of around 47 developers and operational support staff, plus many thousands of volunteers who contribute to our work. The Tor Project is funded in part by government research and development grants, and in part by individual, foundation and corporate donations. If you’re new to the Tor Project scene, are curious what our workplace culture is like, or just want to read about how fun our semi-annual meetings are, hear what our new Development Director had to say about all of it: https://blog.torproject.org/reflections-tor-meeting-newbie The Tor Project, Inc., is an equal opportunity, affirmative action employer.

1 0

Notes from November 8 2018 Vegas team meeting
by Karsten Loesing 09 Nov '18

09 Nov '18

Notes for November 8 2018 meeting: Georg: 1) Plans for making our blog more useful by dealing better with comments [alison steps up writing a first draft with help from other folks --GeKo] 2) Future vegas team meeting times Roger: -----On my near-term todo list----- 1) Continue helping Kat with sponsor19 report 2) Write follow-ups, and open trac tickets, from Taipei censorship meetings (many new ideas!) 3) Do the SponsorM final report (due this month) 4) Post a 2016 financials blog post (pending on an answer from Sue about our USG / non-USG ratio) 5) Meeting next week with some department-of-justice people to try to teach more them about the value of encryption (and why not to outlaw it). -----Things you might want to know----- 6) I signed up to potentially be on an NSF review panel in 2019, as part of service to NSF so they continue thinking kindly of us. Dates TBD (if they pick me). 7) I signed up to do a Tor talk at the KNOW 2019 conference in March, since they agreed to do a donation to Tor (woo). 8) I am officially moving to New York City, probably in January. -----Things I'm excited to see progress on----- 9) Steph: how are we doing at taking advantage of OTF's Learning Lab? [I talked to Dan and he'll ping us when it's time to get started; we'll create a post, infographic, or some other material based on one of our projects, probably usability -steph] 10) Gaba: How are we doing at coordinating with Nathan (and OTF engineering lab) on initial bootstrap from censored appstore? 11) Alison: how are we doing at a community lab proposal for bringing Tor community people to the next Tor meeting? [I think we are delaying on this one until the DRL proposal is in, so we can focus on what's most important. -RD] [yeah, I reached out to Al and am going to ping them again next week when they have finished the DRL proposal] 12) Isabela: How are we doing at setting up your internal feedback process? [I plan to work on this with Erin, create an internal communication plan etc] 13) Mike: did you actually launch the tor-researchers list? I see a bunch of pending subscription attempts. [Yes, but I did not announce it or invite anyone yet. The first couple looked spammy/randos and then I got busy with other things - Mike] 14) Geko: can we do a bug bounty status summary? how many bugs, how many bounties, how many reporters, etc? also, should we open up the bounties to more people? OTF seems keen to continue funding the bounties. [Yes, we should have a new contract more or less soonish. And, yes, a summary sounds good. How did you envision that? Just a .txt file/email to tor-project? A blog post with press/social media coverage? Or... --GeKo] [A blog post, the first of a yearly set of blog posts, would be a good first option. -RD][Fine with me. This won't happen in November, though. Should we aim for some time in December then? --GeKo] 15) Alison: status of toronto library endorsement letter? (i think you wrote a draft and then nobody responded) [and then Jon replied just to me asking for it on letterhead, and I sent it back to him signed on letterhead] 16) Erin: do we have an onboarding kit for new employees, explaining travel policies, timesheets, other policies, who to go to for help, etc? Seems like we keep almost having one. [Erin is not on this meeting] 17) Sue: are we good on assigning enough hours to sponsor19, or will the numbers not add up right? 18) Who is leading the censorship developer hiring? [It looks like Erin has started it back up. I heard from Isa that we might ask Gaba and Alex to lead it. -RD] 19) Who is leading the sysadmin hiring? [I heard from Isa that we might ask Linus to lead it. -RD] -----Other things on the edge of my plate----- 20) NYU Tor affiliation plan? [what is this? isa] 21) How are we doing at our plan to handle blog comments more consistently? [i flagged that as something to discuss on my list - Alison] Alison: 1) working on community portal outreach kits. new flyers! 2) worked on DRL proposal with others 3) coordinating LFI board meeting 4) wrapping up LFI cohort 5) organizing curriculum for next LFI cohort 6) submitted IFF CFP 7) Other stuff: LF website redesign, completing training materials for community portal (when we're finished with outreach kits), Colin is working on a Tor relay challenge and planning some relay operator meetups, and the rest of the community team will finalize sponsor9 travel for next year soon Arturo: 1) Wrote a lot of specifications for new measurement techniques to use in OONI Probe tests: https://github.com/ooni/spec/pull/118 2) Working towards a beta release of OONI Probe 2.0 3) Had an important infrastructure incident which is still being resolved: https://github.com/ooni/sysadmin/issues/24 4) Helped write the DRL proposal 5) Maria went to Taiwan for the OTF summit & several other community events Nick: 1) Two new releases out. Any chance for a TB alpha before mid-dec, so we can get users trying the latest alpha before we are planning to ship the stable? [Should be doable. Maybe in week 47 (like two weeks from nowish)? --GeKo] 2) Going to have to clamp down on what we actually fix in 0.3.5. It's time to triage out all but the most critical stuff; please be aware (and selective) when we ask for 035-must tickets. Mike: 1) Sponsor2 work Gaba: 1) Followed up on Gettor but so far not answer from ilv. Hiro offered to do the work on refactoring that needs to happen to get it back to work. I will talk with her on Monday if ilv does not answer by then. 2) Started getting into OONI to help with roadmap and work assignment. Will start participating in their roadmap and meetings. 3) Network team is working good on their way to complete work for sponsor 8 that ends on December 31st. 4) Metrics team hiring the a data architect for the team. Started receiving CVs. 5) Helped with DRL proposal. 6) Sent mail to Nathan (cced Isa) on engineering lab. It seems from the reply he gave that we need to draft a more specific proposal for him to look at. I mentioned gettor but not initial bootstrap from censored appstore.. 7) Hackweek (metrics & network) in Brussels underway. Jon is looking for a hotel to host the meetings in Brussels. Cancelled KU Leuven as it was too much back and forth for some people. 8) Interviews for anti-censorship position are coming. It will be hard to have people already volunteering on it and very good candidates to choose from. Not easy decision. 9) Roger: I sent you a mail to coordinate the SponsorM report. [right, will answer -RD] Pili: 1) Started putting together SIDA Phase 1 report 2) Helping out with DRL Proposal 3) Iterating on best way to Visual Identity Definition Project 4) Iterating on framework for user testing reports. isabela: 1) I'm working on DRL proposal 2) I had a long catch up sync with Roger 3) I will meet OTF PMs this Saturday and SIDA PM this Sunday 4) I will be in Seattle from Nov 12-16 to finalize the transition Sarah: 1) Helping with DRL proposal. 2) YE campaign - sorted out metrics confusion with Karsten and good news is that we are seeing increased traffic to the donate page over last year, but the bad news is that we are seeing fewer donations. I am working today to modify the donate page and will ping Antonela for new banner art and have Giant Rabbit implement. 3) Meeting with OTF and SIDA PMs with Isa this weekend. 4) Next week will finalize with Al postal mail letters to donors we don't have email addresses for and letter to family foundations. 5) Moving forward with allowing people to donate additional types of cryptocurrency. 6) Researching conferences and events for fundraising opportunities. Sue: 1) Working on budget and budget narrative for DRL proposal 2) Working with auditors to complete tax return by 11/15 deadline 3) Invoicing for work completed in 3Q 4) Working on completion of MA PC for 2016 Steph: 1) working on blog post and press release. 2) wrote copy for a couple more pages for the new site 3) working with The Berkeley Group on our brand study 4) submitting a panel to LibrePlanet 5) talked with Dan at OTF about Learning Lab 6) preparing for campaign blog posts 7) starting to use Tor stories gathered through our survey for promotion Antonela: 1) working on TB security settings. 2) working on TBA #28329, #27399. 3) synced with Geko and Isabela about the UX work on the DRL Proposal. 4) submitted a talk to the Open Design track in FOSDEM. 5) working with Steph and Isabela on freezing tpo.org and tpo.org/about so we can move it to translation and development. 6) working with the community team on our new outreach material. 7) a new banner iteration on the EOY campaign is live at tpo.org [I'll send you a note about donate.tpo today. I think it would help the campaign to change the TB banner before 12/11, but don't know how much work that creates for everyone. - Sarah][Noted. I think that might be doable in the same week as the alpha and probably a new Tor Browser for Android are coming out. --GeKo] Karsten: 1) Had a very useful retrospective and roadmap session with irl and gaba. 2) Created a bunch of tickets for roadmap items. 3) Discussed various graphs related to consensus weight. Shari: 1) helping with DRL proposal! 2) so many loose ends 3) Isa's in Seattle next week for the transfer of power! :)

1 0

IFF Proposal Submission Deadline - Tomorrow!
by Matthew Finkel 08 Nov '18

08 Nov '18

Hi Y'all! The deadline for the Internet Freedom Festival (IFF) call for proposal is this Friday, November 9. Please remember to submit your proposals before then. They are looking for sessions spanning organizational security, community healing, regional experiences, and security threats. You can submit your proposal here: https://platform.internetfreedomfestival.org If you are new the the IFF, the week long festival filled with glitter that brings together the various communities working against online censorship and surveillance. Everyone has something to contribute! Submit your sessions proposals before the Nov 9 deadline! In addition, this year Tor is playing an active role in shaping the technical track, so please see the areas of interest and please submit a proposal if you are working on anything that will make this festival better! https://internetfreedomfestival.org/#hacking Thanks! Matt

1 0

Network team meeting notes, 6 November 2018
by Nick Mathewson 07 Nov '18

07 Nov '18

Hi! IRC logs are at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-11-06-23.00.html The contents of our pad are below ```````````````` = Network team meeting pad! = This week's team meeting is on Tuesday at 2300 UTC on #tor-meeting on OFTC. (If the time doesn't work for you, we'll see you the week after.) Welcome to our meeting! First meeting each month: Tuesday at 2300 UTC Other meetings each month: Mondays at 1800 UTC (1 hour later for daylight saving time) On #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == (Search the list archive for older notes.) 1 Oct: No online meeting; in-person meeting in Mexico City. 9 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002005.html 15 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002027.html 22 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002032.html 29 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002036.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * Let's look at proposed tickets! 0.3.5 (bugs only): https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… 0.3.6: https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases * Remember to fill up actual point when you finish a task (as well as "fix" the estimate when starting the issue). * Add planned PTO to the calendar https://storm.torproject.org/shared/ISA5L5nH0Xu88iqSCx9ZjCXYSMKOBTdbUeWarbd… << Remember that priority is Sponsor 8 - roadmap is sort out by priority >> Activity O2.5 is the one we are missing and need to do in 2 months. In November everybody need to start checking snowflake as it is something that is coming in December. ------------------------------- ---- 6 November 2018 ------------------------------- == Announcements == Please don't bulk-delete all the old entries from this pad any more. Instead, delete the "planned" and "actual" for the previous week, but leave the "planned" for this week in place. <--- Check other's people call for help in their entries. Alpha/Master maintainer doc: https://trac.torproject.org/projects/tor/ticket/28225 catalyst asks: which time zone switch are we following for the meeting? US? A: Monday meeting will switch with US DST. patch party remains fixed at 23:00 UTC. (The EU/AU optional catch-up time is moving with EU DST.) US DST switches on 04 Nov, but first meeting of the month is at patch party time. So 12 Nov meeting is at 18:00 UTC. == Discussion == * sponsor 8 work O2.5 (bootstrap reporting) is most important - right now working on this: catalyst, ahf, dgoulet, teor. any of you need help with it? * who else want to do snowflake? schedule snowflake intro meeting * who is going to answer these emails? Dealing with frequent suspends on Android: https://lists.torproject.org/pipermail/tor-dev/2018-November/013529.html Why is the execute bit set on onion service keys: https://lists.torproject.org/pipermail/tor-onions/2018-November/000338.html Both have answers... ? I wrote this question 24 hours ago * neel wrote a new ClientAutoIPv6ORPort option that makes Tor choose between IPv4 and IPv6 client connections at random: https://trac.torproject.org/projects/tor/ticket/27490 It works well, but it could be smarter about relay weights and systems that only have IPv4 (or only have IPv6): https://trac.torproject.org/projects/tor/ticket/17835 Should we merge it as an experimental feature? Decision: Merge it as an experimental feature, and if it causes bugs, fix those bugs. For details, see https://trac.torproject.org/projects/tor/ticket/27490#comment:21 == Recommended links == Cool talk on communication in teams http://lenareinhard.com/do-you-read-me-better-communication-for-stronger-te… == Updates == NOTE NEW FORMAT! Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: - Something you may need help with. PLEASE DO NOT BULK-DELETE THE OLD ENTRIES! Leave the "Planned" parts! Nick: Week of 10/29 (planned): - Implement pubsub message dispatch API and subsystems API. - Do something with consensus mmap patches. (But what?) - release 0.3.4.next? - Get un-stuck on #27359? - Try to design an "extra dormant mode" for #2149 Week of 10/29 (actual): - Implemened pubsub message dispatch API (#28226) - released 0.3.4.9 - Started implementing subsystems logic - Finished #27359 (family representation), adding prop298 as a followup. Thanks to teor for brainstorming help! - Met with S Chakravarty from IIITD - Talked with Catalyst & Teor about bootstrapping designs and plans - Merged memory-map patches (#27244) - Met with asn to learn about wtf-pad - Worked on pending funding proposal with gaba, al, isa, asn, and others - Wrote a PETS meta-review - Reviewed and mergedvarious patches - Wrote a "subsystem manager" branch (#28330) Week of 11/5 (planned: - Comment on new version of crypto thing /prop295 - Review wtf-pad design and code (waiting on status update for proposal revisions) - Meet with B Bhumiratana to chat about net privacy - Plan and possibly start working on #2149 ("extra dormant") with dgoulet - Revise or merge #28226 (messaging system) - Release 0.3.5.4-alpha? - Possibly, design for testing sustems that use pub/sub. Want help with: Mike: Week of 10/29 (planned) - Write more tests for wtf-pad; help asn with review and/or chutney tests - Write diff for nickm's datagram paper - Update WTF-PAD proposal - Maybe help Jaym diagnose why #23512 seems off? Week of 10/29 (actual) - Updated WTF-PAD proposal - Rebased WTF-PAD for nickm - Wrote more tests for wtf-pad; helped asn/nick/teor with review; fixups - vanguards fixes and features week of 11/5 (planned) - New GPG subkey. Kill me. - More WTF-pad proposal updates - Vanguards release? - WTF-PAD updates, fixups, tests - Datagram paper diff for nick help with: ahf: Week of 10/29 (hopefully): Sponsor 8: - Continue implementation for #28179 - Talk with HC about ARM64 Orbot Sponsor 19: - Spend some time (half a day? a morning maybe?) on some of the Snowflake tasks. Misc: - End of month tasks. Week of 10/29 (actually): Sponsor 8: - Continued work on #28179. - Talk with dgoulet+dcf about #28180 (and some S19 stuff). Sponsor 19: - Began looking at our S19 roadmap tickets. - Looked at the HTTPS Proxy PT for the "Backup PT" roadmap task. - Looked at Snowflake design. Misc: - October Harvest report done. - Looked a bit at the Graphite data collection code with David. - Got through my review backlog. Week of 11/05 (hopefully): Sponsor 8: - Finish #28179 and get it reviewed+landed. - If the above gets done, look into next S8 item(s). - Look into #27100. Sponsor 19: - Continue wrapping my head around PT tasks for s19 (mostly focusing on Snowflake). - Help UX with #27385. - Anti censorship team hire. - Write email about Snowflake meeting last Tuesday of november, 23 UTC Misc: - Review #28298. - Do reimbursements from Mexico. help with: - Don't think anything right now(?) asn: Week of 10/29 (planned): - Continue reviewing/testing WTF-PAD code. - Do reviews. Week of 10/29 (actual): - Spent most of my time reviewing, refactoring and testing the WTF-PAD code and proposal. - Did reviews - Merged an HSv3 branch in upstream tor! - Helped with bridgedb funding proposal. - Helped with a few hsv3 tickets. Week of 11/05 (planned): - Continue reviewing, refactoring and testing the WTF-PAD code. - Try to come up with a useful WTF-PAD state machine that we actually want to merge. - Do reviews. help with: dgoulet: Week of 10/29 (planned): - Get further into #25502 meaning taking care of #28180 and hopefully starting to implement soon. - Reviews and 035 tickets as much as possible. - Draft the stable maintainer policy with teor's help. Week of 10/29 (actual): - Discussion with dcf1 and ahf on the spec side of #28181. - Worked on doc/HACKING/Maintaining.md document. - Merge a series of HS ticket upstream. - Discussion about #28275 which in the end turns out to be a bad idea so we'll take a different route. - Review and discuss HSv3 tickets. - Looked at the "subsystem manager" branch from nickm as a first skim. No comments yet. - Some side project with ahf on exporting various Tor stats using Graphie format and Grafana/Prometheus to visualize. Week of 11/5 (planned): - Planned, review and/or work on #28335 with nickm. - Available for ahf to review #28179 and then start working on the code for #28180 (s8). - Finalize whatever s8 other tasks come up this week. gaba: Week of 10/29 (actual): - OTF Summit in Taipei - week 1:1 - fundraising & proposals - roadmap: I will check on people about sponsor8 tickets Week of 11/5 (planned): - gettor follow up - hackweek cancel KU reservation - get into ooni work/roadmap - start looking at CVs that come up for data architect position for metrics team - several weekly meetings (ooni, metrics, fundraising, las vegas) and 1:1s help with: - communicating anything about sponsor8-bootstrap help/needs and progress catalyst: week of 10/29 (2018-W44) (planned): - reviews - hiring stuff - more detailed outline of sponsor8 work - 0.3.5 bugfixes as needed week of 10/29 (2018-W44) (actual): - wrote up outline of new abstractions for bootstrap tracking (#28281) - cleaned up #28018 children - started reviewing #28226 (pubsub) week of 11/05 (2018-W5) (planned): - reviews - bug triage rotation - 0.3.5 bugfixes as needed help with: haxxpop: Week of 10/29 (planned): - Continue writing the man page Week of 10/29 (actual): - End up fixing #28184 instead of writing the tor-keygen man page. Week of 11/5 (planned): - Probably discuss about #28275. A lot of ideas are going through. So fun :). And I will fix it if there is something to be changed. - Write the tor-keygen man page, if I have time left. help with: teor (online!): Week of 29 Oct (planned): - Get my timesheets and post-travel admin done (awaiting advice from accounting) - Work on PrivCount in Tor prototype - minor fixes to privcount_shamir - module design, merge privcount_shamir, stub other modules - finish off the travis CI config for chutney / turn it into a config to test PrivCount in Tor - Make the fallback script ignore addresses in the whitelist, so we can rebuild the fallback list - Work on code review backlog. Maybe small revision and small ticket backlog if I have time Week of 29 Oct (actual): - Hackfest, meeting planning, and lots of timesheet and post-travel admin admin - Finished all my outstanding code reviews, and did some re-reviews, and some quick fixes - Merged some chutney debugging improvements - Helped nickm with MyFamily RAM usage reduction (#27359) - Worked with nickm and catalyst on s8 bootstrap - Worked with Karsten on a metrics bug that we want to avoid in PrivCount (#28305) - Fix our Windows version detection (#28096) - Helped with a ~ path handling bug (#28311) Week of 5 Nov (planned): - Pick up a s8 bootstrap ticket, and do it - Try and make progress on the s8 chutney consensus failure bugfix tickets - Work on PrivCount in Tor prototype - merge the crypto_rand_double() C code in #23061, and write a Rust equivalent - minor fixes to privcount_shamir - finish off the travis CI config for chutney / turn it into a config to test PrivCount in Tor - Make the fallback script ignore addresses in the whitelist, so we can rebuild the fallback list Week of 5 Nov (actual): - Started "pick guards from a reasonably live consensus" (#24661), found #28319 - More admin - Go through my ticket email backlog, lots of little ticket updates - Planning for s8-bootstrap Help with: - I am stuck on #28096. It's a tinytest fake Windows fork issue. nickm, can you help? Details here: https://trac.torproject.org/projects/tor/ticket/28096#comment:11 Answer: nickm will look at the ticket - Can I have a second opinion on #26376? I am not sure which cross-compiling doc we should be merging. Answer: we will try out the process, and maybe rewrite the instructions based on what we learn - When can I stop doing Sponsor 8 and move on to PrivCount and the fallback directory mirrors? This week? Answer: Maybe for a day every week for a break - How do we feel about adding a Windows Server 2016 build to Appveyor? (#28318) Answer: Let's try it, and then think about moving to Travis when it has C support juga (offline): Week of 10/29 (planned): - sbws - relase 1.0, update deb - start using sbws in production (#28224) - tor code - start with #21377: DirAuths should expose bwauth bandwidth files - prioritize open tickets - bandwidth file specification - whatever needs to get fixed after review Week of 10/29 (actual): - sbws - relased 1.0.0, and 1.0.1, updating debian package to 1.0.1 - bandwidth file specification - created pull requests with updates - tor code - started with #21377: DirAuths should expose bwauth bandwidth files - some prioritization of open tickets (sbws and tor code) - looked at bridge bandwidth scanner code - started using sbws in production (#28224) Week of 11/05 (plan): - tor code - continue with #21377: DirAuths should expose bwauth bandwidth files - continue with #22453: Relays should regularly do a larger bandwidth self-test - start with #26698: Authorities should put a hash of the bandwidth file in their votes - undecided on trying to start some tasks that are not priority but on which the rest of the work on bandwidth stuff might depend

1 0

October 2018 report for the Tor Browser team
by Georg Koppen 06 Nov '18

06 Nov '18

Hello! In October the Tor Browser team did three releases picking up Firefox security fixes and other improvements: Tor Browser 8.0.3[1], 8.5a4[2], and for mobile 1.0a3[3]. For mobile we fixed DNS requests bypassing Tor[4] and for the desktop alpha we included a backport of a defense against fingerprinting a user by protocol handler enumeration, which Mozilla developed.[5] Tor 0.3.5.3-alpha is tested in the desktop alpha bundles as well. Moreover, all the deskop bundles contain our end-of-the-year-campaign donation banner to help us collect unrestricted money. Non-release related work comprised (among others) severel bugs tackling reproducibility issues[6], moving our mobile build integration into tor-browser-build forward[7], and looking into integrating Torbutton tighter into the Firefox codebase directly.[8] The full list of tickets closed by the Tor Browser team in October is accessible using the `TorBrowserTeam201810` keyword in our bug tracker.[9] For November we plan to get our next major alpha release of Tor Browser for Android out. Highlights will be an included Orbot which makes installing a separate app unnecessary and the full integration of the mobile build process into tor-browser-build, making it possible to tackle remaining reproducibility issues[10]. Additionally, we have a bunch of UX improvements in the pipeline for that release, e.g. an own about:tor page for mobile[11] and .onion indicators in the URL bar, similar to those we already see on desktop platforms[12]. All tickets on our radar for this month can be seen with the `TorBrowserTeam201811` keyword in our bug tracker.[13] Georg [1] https://blog.torproject.org/new-release-tor-browser-803 [2] https://blog.torproject.org/new-release-tor-browser-85a4 [3] https://blog.torproject.org/new-release-tor-browser-android-10a3 [4] https://trac.torproject.org/projects/tor/ticket/28125 [5] https://trac.torproject.org/projects/tor/ticket/1623 [6] https://trac.torproject.org/projects/tor/ticket/26475 and https://trac.torproject.org/projects/tor/ticket/27827 [7] https://trac.torproject.org/projects/tor/ticket/26993 [8] https://trac.torproject.org/projects/tor/ticket/25013 [9] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [10] https://trac.torproject.org/projects/tor/ticket/25164 [11] https://trac.torproject.org/projects/tor/ticket/27111 [12] https://trac.torproject.org/projects/tor/ticket/26690 [13] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…

1 0

Tor Browser team meeting notes, Nov 5 2018
by Georg Koppen 06 Nov '18

06 Nov '18

Hi! We had our weekly Tor Browser meeting yesterday. Our IRC log can be found at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-11-05-18.58.log… Notes from our pad are Discussion: - status updates - timesheet deadline - tba-a2 release planning (GeKo: we plan to have everything ready for TBA-a2 in about two weeks) - We are embedding tor button within tor browser, should we ship it with all locales? (GeKo: I think for now let's just go with en-US and we can think about adding locales as we go) - OTF engineering lab - need a TBA volunteer to coordinate with Nathan and possibly gaba (for gettor stuff) on ways for users to get TBA initially e.g if it's censored on app stores (GeKo: we mull over this idea in the coming days to have something we can pursue after we have the TBA release out) mcs and brade: Last week: - Returned from vacation and caught up on email, recent bug activity, etc. This week: - Revisit #22074 (Review Firefox Developer Docs and Undocumented bugs since FF52esr). - Review for #28039 (Tor Browser log is not shown anymore in terminal since Tor Browser 8.5a2). - Review for #22343 (Save as... in the context menu results in using the catch-all circuit). GeKo: Last week: -helped with the Tor Browser for Android release -started to look into FPI of redirect write-up (#3600) -reviews, reviews, reviews (#28125, #22343, #28258, #27827, #28310, #25013) -started with begin of the month updates -finished first part of bisecting rust reproducibility issues (#26475) (as new fun thing for my spare time) -participated in the tor browser 8 retrospective meeting (tjr or anyone: do we have a link to the meeting notes? I lost it in my IRC backlog) - https://docs.google.com/document/d/1J3a4mzY3BjoIUw80LbUoA5180bAFCwB1DoaiKnN… -took two days off This week: -finish begin of the month updates -make significant progress on design doc update (#25021) -think more about our security settings redesign (#25658) -looking more into the single-locale repacks (#27466) sysrqb: Last week: TBA release (after needing only one re-signing by boklm, thanks!) Reviewed #25013 (integrating torbutton into tor-browser) Integrated Orbot into TBA (#28051) This week: TBA+Orbot - #28051 Rust audit - #27616 igt0: Last week: - Sent a new patch to #25013 (torbutton) - Updated #26690 (padlock for android) - Reviewed #28125 (Don't let Android leak DNS queries) This week: - Finish all the open tickets with patch (#25013, #26690, #28093, #27111) sisbell: Last week: - # 27443 Firefox for Android - fixed arch dependencies and updated mozconfig to align with tor-browser mozconfig (GeKo: could you remove the ccache related entries? we are building within containers from scratch and ccache should not help much in that scenario. However, it might do so in local builds which is why it is there.) This Week: - # 27977 - Look into orbot in tor-browser-build - # 28144 - TorButton investigate adding to projects (igt0: I think this ticket is affected by the #25013) - # 27609 - Evaluate Tor Onion Proxy Library pospeselr: Last week: - updated and minimal patch for #26540 (setting pdfjs range request first party domain) - wrote some words on arthur's #28259 (is not saving history hurting tbb retention rates) This week: - need to verify cookies are sent/stored correctly with #26540 following some concerns from arthur (GeKo: are those concerns documented somewhere? if not, could we add them to the ticket?) pospeselr: not documented, putting on the ticket - review feedback/changes on #3600 discussion doc, figure out what we should actually implement given the options tjr: - Worked on backporting mingw-clang patches to esr60 - Got a running build on -central with --enable-sandbox - Need to re-apply the __try / __except mappings, since mingw-clang cannot use them - Annoyingly, the test suite doesn't work in TC for an unknown reason =( - Fixed a fuzzyfox crash - arthuredelstein: Last week: - Finished patches for https://bugzilla.mozilla.org/1330467 Working on uploading branch, https://github.com/arthuredelstein/tor-browser/commits/1330467+7, to Mozilla's Phabricator instance for review - tjr: I do not recommend trying to use phabricator. Just attach patches. arthur: OK! Just one by one attachments? There's quit a few so I thought it would help keep things organized. - Opened https://trac.torproject.org/projects/tor/ticket/28259 (Is not saving history hurting Tor Browser retention rates?) - Also opened https://trac.torproject.org/projects/tor/ticket/28315, https://trac.torproject.org/projects/tor/ticket/28316 (New Identity for this Site, New Identity per Search) - Worked on revising #22343 (Save As) - Wrote patch for https://trac.torproject.org/projects/tor/ticket/28187 (Change Tor Circuit display icon to an onion) This week: - Optimistic SOCKS (https://trac.torproject.org/projects/tor/ticket/25555) - ff60-esr bugs pili: Last week: - Preparing Tor Visual Identity exercise to eventually choose illustrations for the website and product, e.g onboarding This week: - Roadmap formatting and review boklm: Last week: - made patch to fix obfs4 nightly build (#28310) - worked on #28260 (Tor nightly builds are broken on Linux with Rust enabled (since 10/31)) - worked on #27265 (In some cases, rbm will download files in the wrong project directory) and #27045 (Add option for firefox incremental builds) - fixed #28287 (es download-easy link broken) This week: - do more testing of patch for #27265 - follow-up on #26148 (binutils reproducibility issue) - continue looking at #28176 and how to bring back the testsuite - will be afk on thursday antonela Last Week: - worked on security settings (#25658) This Week - continue working on security settings (#25658) - Tor Browser Icon survey ends this week. I'll inform the results with the list. - testing Orbot free TBA, thinking about (#28329) Georg

2 2