- tor-project - lists.torproject.org

Tor Browser team meeting notes, 27 Aug 2018
by Georg Koppen 27 Aug '18

27 Aug '18

Hi! Our weekly Tor Browser meeting just finished. Here are the notes, as usual. The IRC log is found on http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-08-27-17.59.log… and the pad items are below: Monday August 27, 2018 Discussion: - Status of sandboxing discussion? [GeKo: We pick this up again after the releases are out] - Next meeting [GeKo: next meeting is Tue 9/4, 1800UTC due to Labor day in the US] mcs and brade: Last week: - Investigated and posted a fix for #27221 (Tor Browser 8.0a10 wants to update to 8.0a10). - Spent a little time looking at #25694 (Improve the user experience of updating Tor Browser). - Worked on desktop onboarding: - Filed and fixed #27283 (default uitour permission does not work with 1st party isolation). - Created a patch for #27213 (Update about:tbupdate to new (about:tor) layout). - Completed our patches for #26962 (new feature onboarding). This week or soon: - Out of the office: - This Thursday and Friday (August 30 and 31). - Next Thursday and Friday (September 6 and 7). - Follow up on #26962 (new feature onboarding). - Comment in #27214 (Update descriptions for onboarding). - Do what we can for #25694 (Improve the user experience of updating Tor Browser). - Fix some of the about:tor and onboarding issues that are mentioned in #27301 (TB8.0a10 UI Bugs). - Review our notes from #22074 (undocumented bugs since FF52esr) and file additional tickets if necessary. - Do some testing for #26251 (Adapt macOS snowflake compilation to new toolchain). GeKo: Last week: -reviews -network code review -being at the Tails summit -helped debugging the TB8-is-caught-in-an-endless-loop-no-windows-bug (#27261) This week: -start building tb8 -finish network review -PSA: I made be harder available in the internet as usual between wed-sat due to travel and family obligations sysrqb: Last week: Worked on TBA-alpha preparations Reviewed mobile onboarding Began working on #26982 (httpclientandroidlib leaks information about Android version) Looked at Android specific about:config preferences (#27256) This week: Patch reviews Maybe TBA-alpha release, maybe? More of #27256 and #26982 Oh, and may be AFK on Wednesday. tjr: Not much. Waiting on reviews for mingw-clang, and feedback from jacek on https://bugzilla.mozilla.org/show_bug.cgi?id=1483762 The NSS stuff we needed in -esr60 sounds like it will land sometime soonish, so that would unblock landing build jobs there too Fission stuff. Keeping an eye out for Tor concerns =) igt0: Last week: Sent a bunch of updates to #25696 - Copy - Colors - Update configuration More updates to the mobile preferences - #27220 - #27271 This week: Finish about:tor once for all More alpha bugs sukhe: Last Weeks: - #13373 (RUNPATH), #24465 (libatomic): (related tickets) compiled but running tests boklm: we set `chrpath -d $LIB` in projects/firefox/build because of #22242. so how should we handle that for Firefox since we remove the RUNPATH later? Should I just manually set `chrpath` or should we let the RUNPATH added by selfrando, or selectively remove that? I had initially set selfrando to 0 so didn't discover it. but then later I saw in the code that if selfrando is enabled, we remove the RUNPATH for Firefox [boklm: not sure yet how to handle that. Can you post your current branch in the ticket?] sukhe: sure, thanks. - #26476 (Windows crash): continuing with the log comparisonz This Week: - #27061 (langpack) when ESR 60.2 is released - happy to help with 8.0 release including rebasing, building, testing :-) - Continue the above tasks boklm: Last week: - worked on #26149 (Add some ansible roles for tor browser testsuite setup) - helped investigate updater issue (#27221) and tested the fix made by brade and mcs - investigated and started fixing an rbm issue (#27265) This week: - work on #26149 (Add some ansible roles for tor browser testsuite setup) - reviews if needed, and help with the 8.0 release After this week: - out of the office from 2018-09-06 to 2018-09-13 (included) sisbell: Last Week: Investigated how to remove download dependencies during android gradle build Created program to generate keyrings for android build files downloaded from bintray This week: Create program to generate section of RBM config for android build dependencies Create program to collect sha hashes for dependencies downloaded from google repo and add to RBM config [boklm: not sure generated rbm config will be easy to maintain. Maybe this script could be doing the download directly instead of writting rbm config?] Verify that RBM is no longer downloading dependencies as part of the build [boklm: Could you start splitting commits from your branch (for instance, one for adding stretch to debootstrap-image, for adding android-toolchain, for adding the new platform definition to rbm.conf, for fixing the rust build, etc ...), so we can start reviewing them, and merge the parts that are ready?] pospeselr: Last Week: - investigated #26381 (about:tor not loading on first boot in localized builds) - filed bug with mozilla ( https://bugzilla.mozilla.org/show_bug.cgi?id=1485836 ) - tjr: I have no idea. bob is out today (bank holiday) but should be back tomorrow. - Was there something about this only triggering when TB was installed to a 'special folder'? - pospeselr: nope, it's a timing issue related to tor-launcher and sandboxing on windows [GeKo: the idea was that the desktop folder might be treated differently with sandboxing level >= 3 as the cypherpunk reported this is not a problem in different folders] - root cause still a mystery This Week: - continue digging into #26381 - try to identify which sandboxing setting is exposing the race condition - dig into the tab creation logic and see if I can get some sort of idea of what the actual failure is - fiddle around with the tor-launcher code and see if I can figure out what exposes the issue from there - investigate whether installing to other folders makes issue go away arthuredelstein Last week: - Wrote patch for #21787 - Performed audit for #26611 (verify no locale leaks in ESR60 `Intl` APIs) - Wrote patches for #27268 (preferences cleanup), #27262 (Remove more HTTP pipelining preferences) and #27257 (In Tor Browser prefs, "dom.network.enabled" should have been ...) - Opened and close #27291 (NoScript not working on TBB/ESR60 on Windows) after investigation - Tracked down #26561 (Onion images are not displayed) - Tracked down #26670 (Cannot allow Canvas Image Extract in tbb 8.0a9) - Wrote patch for #27276 (Update security slider to follow NoScript protocol change) - Posted strings for #27097 (Add "Tor News" newsletter signup link in Tor Browser) - Started investigation of wasm (we will disable for first stable release) - Met with Tor uplift team This week: - Fix #26561, #26670, #26520 (NoScript is broken with TOR_SKIP_LAUNCH=1 in ESR 60-based Tor Browser) - Create Tor Newsletter link (#27097) - More ff60-esr fingerprinting resistance things as time allows - Whatever's needed for next release Georg

1 0

[TSoP 2018] Ahmia status update - report #7
by Stelios Barberakis 27 Aug '18

27 Aug '18

Hello all, This comes in late, sorry about that, we had some issues deploying the recent changes. The new things that we have integrated since the last report are: --- Ahmia Site --- * Integrated Page Popularity algorithm (based on backlinks). The goal here is to improve the sorting (of the results), by pushing the popular pages a bit higher. Tuning the formula to combine page popularity score with the IR (information retrieval) score, optimizing for all cases, is a black art. It will need a lot of testing. It's currently deployed as a silent feature (you need to append &r <https://ahmia.fi/search/?q=onion+routing&r> at the end of the url), so that we can evaluate the results we get on the production environment, before making it the default. Current results are not great, but they are promising, and I am confident that we will further improve it (some ideas are listed in the reference). [1] * Improved django validators and added v3 onion support (that applies for the domains added by user only, since the crawler and index were already working with v3) [2] * Improved statistics figures by increasing the width and adding grid lines [3] * Updated travis configuration to match the current development [4] I am really glad and thankful that I had the chance to participate in this summer of privacy program. I suppose this is the last report for this summer, however there are still things that I plan to work on, so I will continue to participate on ahmia development in my own pace. The OFTC channel is currently active, which means that we are open to any ideas, suggestions etc. Best Regards, Stelios [1] https://github.com/ahmia/ahmia-site/issues/30 [2] https://github.com/ahmia/ahmia-site/pull/34 [3] https://github.com/ahmia/ahmia-site/pull/36 [4] https://github.com/ahmia/ahmia-site/pull/42 -- PGP key: http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xF9A1BD9B4DDEBDEF

2 1

Notes from August 23 2018 Vegas team meeting
by Karsten Loesing 27 Aug '18

27 Aug '18

Notes for August 23 2018 meeting: Georg: 1) Tor Browser 8.0a10 got out; got good feedback and good bug reports 2) The first Tor Browser for Mobile alpha is about to get out 3) We scrambling to our feet to fix all the things we need to have fixed for Tor Browser 8.0; tentative release candidate build start next Wed/Thu; code freeze next Wed; the release date is 9/5 isabela: 1) Interviewing Grant Manager and Grant Writer candidates 2) Meeting with Mozilla on research about Tor brand perception and convincing points 3) Reviewing lots of copies! Tor Browser desktop and mobile alpha releases, newsletter banner and other docs folks needed me to review related to campaigns 4) Still working on sponsors reports and invoices - got some out, still behind on a couple of them 5) Prep-work for week of sept 10th in Seattle meeting w/ finance and fundraising teams 6) Board meeting last Monday (8.20) my first one :) finally 7) Continue to work whenever I can on PMs onboarding (they should start mid Sept so I have some time) 8) Plan on sending Alison some session ideas this week (sorry I'm behind on this) Steph: 1) TBA and website copy 2) blog editing 3) someone we met at def con has offered to make a badge for us! talking through options — is there someone with electronics design or firmware experience to talk through some options? 4) talking over email list optimization, newsletter signup banners Sarah: 1) Working on MDF report and will finish first draft by tomorrow. 2) Completed update of torproject.org/donate. Giant Rabbit should make this live today. 3) Working with Steph to better track upcoming conferences and speaking engagements. I'd ideally like to start building in major donor luncheons and other visits to existing travel. 4) Optimizing email list creation and clarifying usage in Civi as well as making the subscribe/unsubscribe process easier for the user. 5) Collecting and organizing past YE campaign materials and results to begin putting together this year's plan. Mike: 1) Will review Roger's updated Sponsor2 report today (just saw the mail). 2) Still pondering research developer position. I might work on a draft JD to see what people here think? [Sounds good to me, GeKo] Alison: 1) I'm working on LFI curriculum changes for next year and starting to think about end of year recruitment. 2) Organizing MX agenda emails into an initial draft schedule, will be sharing with everyone very soon and then folks can edit as they wish. 3) Gus is getting everything ready for his Kenya trip. 4) He is also working on some outreach efforts for Mexico (Oaxaca, Mexico City) 5) Outreachy has ended, but we're encouraging our two interns to stick around. 6) Colin is working on a plan for regular relay operator meetings. He will pilot it with two a month to address different timezones. 7) Jaruga, Colin, Tommy, and Gus are working with emmapeel to add more languages to the TB manual. Karsten: 1) Started cleaning up all five major metrics codebases based on static code analysis. 2) Rebased a two-years old ExoneraTor branch with major improvements to the database schema that will hopefully not only reduce database size but also minimize variance of query response times. Nick: 1) Mostly hacking 2) We're focused on sponsor8 deliverables for our sep15 merge deadline; other stuff may be slowed in Tor. 3) I hope to have another 0.3.4 out by the end of the month -- maybe a release, but that depends on bugs and the complexity for fixing them.

1 0

July Community Team update!!!!!
by Alison Macrina 22 Aug '18

22 Aug '18

July 2018 Community Team highlights Meeting notes ================================================================== https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam#Curre… Tor Meeting ================================================================= In July we continued to plan the Mexico City meeting, with special emphasis on the open days. Outreachy and Summer of Privacy ================================================================== Jaruga continued work on documentation (her work can be tracked here [1], and Cy continued collecting Tor user issues from around the web [2] Library Freedom Institute ================================================================== Alison covered weeks 5-9 in LFI and made plans for our in-person meetup in NYC. You can follow our progress, too [3]. We also started working with Mozilla to bring the Glass Room Experience to North American libraries. Tor talks and outreach ================================================================== We had a great time at the HOPE conference in NYC! Lots of people stopped by our table, we held an excellent informal workshop about running relays, and you can check out our "official" panel talk here [4]. Gus held a Tor meetup at FISL in Porto Alegre, Brasil [5]. He also began planning a few other Tor outreach/UX events -- in September he'll conduct outreach and workshops in Nairobi, Kenya, Oaxaca, Mexico, and Mexico City. He also translated the Tor training slides into pt-BR! Relay advocacy ================================================================== Colin held a relay operator meetup at PETS in Barcelona. Around 40-50 people attended that and an onion workshop, and then everyone went to an afterparty at a local bar. He got great feedback from local operators and a few commitments to running new relays! Colin, Jaruga, and nusenu worked on keeping the relay operator wiki updated. Colin began work on system to collect new relay operator contact information in order to send monthly "welcome" / "thank you" emails. He also worked on updating the fallback directory list Colin also started working with a developer on possibly reviving Tor weather. He also began initial planning for a relay operators meetup in Mexico City during the meeting, as well as a larger relay community summit. User support and localization ================================================================== emmapeel started as localization coordinator, and Colin helped get her onboarded and hand off localization tasks. The support portal had its "soft launch" and we worked on updating the content with some of the information Cy found in researching user issues. Gus and emmapeel worked on a localization content workflow for the portal [6]. We created new TB 8.0 content for the Tor Browser manual and started working on localization. Other stuff ================================================================== We changed the meeting time to Mondays at 1600 UTC to be friendlier to more timezones. ================================================================== [1] https://tor.dial.ga/ [2] https://ethercalc.org/fk4bgj7ntrbj [3] libraryfreedom.chat (read only) [4] https://livestream.com/internetsociety/hope/videos/178158095 [5] https://blog.torproject.org/tor-meetup-porto-alegre-brasil [6] https://lists.torproject.org/pipermail/tor-community-team/2018-July/000195.…

1 0

Minutes from June 20th meeting
by biella 21 Aug '18

21 Aug '18

Hi all, Here are the June 20th 2018 Tor board minutes, approved Monday. I will be pasting our minutes in the body and providing the permanent link to them and as I mentioned sending them out shortly after our board meetings. Regards, Biella https://gitweb.torproject.org/company/policies.git/plain/minutes/TPI_Board_… Tor Board Meeting Minutes for June 20, 2018 Phone/Video Meeting called to order at 16:00 UTC Present: Shari Steele, Matt Blaze, Ramy Raoof, Cindy Cohn, Linus Nordberg, Biella Coleman, Nick Mathewson, Julius Mittenzwei, Megan Price, and Roger Dingledine 1. Administrivia – Approval of April 16, 2018 minutes. Matt moved the motion, Megan seconded, all voted in favor. RESOLVED: minutes from April 16, 2018 approved. – Approval of March 12, 2018 minutes with amended time from 17:00 UTC/16:00 Rome to 16:00UTC/ 17:00 Rome time. Biella moved the motion, Matt seconded, all voted in favor. RESOLVED: minutes from March 12, 2018 approved. – Discussed potential dates for Mexico City Board meeting with current proposal being: October 1st closed meeting and October 2nd in the morning for the open meeting. 2. Executive Director Transition Overview – Job descriptions for two project manager positions and fund raiser have been drafted and circulated. 3. Personnel Overview – Shari provided an overview of personnel status. 4. Finances – Shari went over 2017-2018 financials and proposed budget 2018-2019. – Went over future/upcoming Tor Budget for July 1 2018 to June 30 2019. Biggest change is an increase in salaries/benefits and to accommodate new hires. – Approval of 2018-2019 budget: Megan moved the motion, Cindy seconded, all voted in favor. RESOLVED: 2018-2019 budget approved. 5. New Board Members – Cindy will be proceeding to follow up for inviting potential candidate to Mexico City. Ramy left at 13:30 6. Other Business – With feedback in place, Biella will be finishing finalization of meetings minutes for release. Meeting Adjourned at 13:41 UTC

1 0

Fwd: Call for ideas: What should be in the Internet Health Report?
by Matthew Finkel 21 Aug '18

21 Aug '18

FYI. (I also replaced the clicktrackers in the below email) ---------- Forwarded message ---------- From: Mozilla <Mozilla(a)e.mozilla.org> Date: Tue, Aug 21, 2018 at 2:27 PM Subject: Call for ideas: What should be in the Internet Health Report? To: matthew.finkel(a)gmail.com Dear Mozillians, Today the Internet Health Report team is launching a Call for Ideas <https://internethealthreport.org/yourideas/>-- an opportunity for friends, allies, and readers to suggest the topics that deserve coverage in the next Report. The Internet Health Report <https://internethealthreport.org/2018/> is a check up on the internet. It includes research and stories from people all over the world on how the internet is working for good--or bad--in their lives. * We invite everyone to submit ideas <https://docs.google.com/forms/d/e/1FAIpQLScjVdkx69izq7NbaiHfrh_GiDtYVqaYYnq…> before September 14. * We’re mainly looking for research, articles, and inspiring initiatives to make the internet healthier, but also suggestions about issues people don't hear enough about. We accept ideas on our website <https://internethealthreport.org/yourideas/> (anonymous or public) or by Twitter message (use the hashtag #internethealth). To kick- off the campaign we will host a Twitter chat today (August 21)* 1pm - 2:30pm ET (7 - 8:30PM CEST)*. We hope you will join! Just follow the conversation led by @mozilla. *Please help us spread the word in your communities and among friends who care about the health of the internet.* Here is an example tweet you can use: 🚨 Mozilla is hosting an #internethealth Report Call for Ideas 🚨 You can recommend what topics — from facial recognition to cyberwarfare — should be investigated in 2019 Report. Reply with ideas + links to studies or projects we should examine or visit https://mzl.la/ideas The Call for Ideas is available in 4 languages (English: https://mzl.la/ideas // French: https://mzl.la/idees // Spanish: https://mzl.la/tusideas // German: https://mzl.la/ideen) but submissions can be from anywhere in the world and in any language. We hope you'll join us on Twitter or get your ideas over to us before September 14th. Working for a healthier internet is a team effort. A big thank you for being part of the team. The IHR team (Solana, Kasia, Jairus) ------------------------------ * You're receiving this email because you're a registered Mozillian. We'll send you timely and occasional organizational news and updates - meant just for Mozillians. If you do not wish to receive these updates, please unsubscribe here <https://click.e.mozilla.org/?qs=434b787285796223cb44611de89db42b894961b4abb…>. We do some aggregate tracking <https://click.e.mozilla.org/?qs=434b7872857962231855305363464b18ffc116e671e…> on these emails to improve the experience. If you would like to opt out of tracking please update your email preferences <https://click.e.mozilla.org/?qs=434b787285796223cb44611de89db42b894961b4abb…> to text only. Read the Mozilla Privacy Policy <https://click.e.mozilla.org/?qs=434b787285796223eaa5632e7b5773baea58179e303…> here.* Mozilla 331 E. Evelyn Avenue <https://maps.google.com/?q=331+E.+Evelyn+Avenue+%0D%0AMountain+View,+CA+940…> Mountain View, CA 94041 USA -- Matthew Finkel

1 0

Tor Browser team meeting notes, 20 Aug 2018
by Georg Koppen 21 Aug '18

21 Aug '18

Hi! We had another Tor Browser meeting yesterday. The IRC log can be found at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-08-20-17.59.log… And here are the notes from our pad: Tor Browser Meeting Notes Monday August 20, 2018 Discussion: -tommy: Tor Browser for small businesses -reminder: sessions for Mexico - Mozilla viewport size quantization: https://bugzil.la/1407366 - viewport fingerprinting for mobile (igt0: I know sysrqb opened a bug, I wonder if we fix it for mobile, it will make the sites terrible) (GeKo: That's #27083. Let's discuss the drawbacks/improvements compared to our current solution there, in general I think mobile is no showstopper here) mcs and brade: Last week: - Finished #26514 (intermittent updater failures on Win64). - Worked on desktop onboarding: - Updated our patches for #26961 (new user onboarding). - Updated out patches for #27082 (enable a limited UITour). - Worked on #26962 (new feature onboarding). - Answered updater questions for #25485 (libstdc++.so.6: version `CXXABI_1.3.11' not found). - Sent Alison some ideas for the Mexico City meeting agenda. - Helped with triage of incoming bugs. This week: - Continue working on #26962 (new feature onboarding). - Scope the work and determine what we have time to implement for #25694 (Improve the user experience of updating Tor Browser). - Review our notes from #22074 (undocumented bugs since FF52esr) and file additional tickets if necessary. - After the Tor Browser nightly builds include the network team's fix for #26876, do some testing for #26251 (Adapt macOS snowflake compilation to new toolchain). GeKo: Last week: -release preparations and release help -helped with mobile reviews and testing (we are close!!) This week: -help with the mobile release where needed -monitoring our blog etc. for 8.0a10 fallout -trying to finish network code review -starting to the Tails summit on Saturday -planning the work for remaining two weeks before 8.0 hits the ground -igt0, sysrqb, sisbell: should we get together to plan the post-first-tba work? (GeKo: the decision was, yes, maybe later this week after the alpha is out) -reminder: please do your daily status updates on #tor-dev (/me status: fixing everything) -pospeselr: it seems #26450 fell through the cracks? Was that ready for review again after my initial pass? (GeKo: no, all is good) sysrqb: Last week: - Release preparations for first alpha version of TBA - Reviewed #25696 - Android onboarding - Reviewed #26884 - torbutton on android - Clarified #26314 - Mobile TB landing page - Attended RustConf - Started creating Android signing key for Alpha release(s) - #26536 - Revised Android permissions - #24796 - Worked more on Investigating Account Manager patch - #26858 This week: - First TBA Alpha release - Finish #26858 - Bug fixing... arthuredelstein: Last week: - Finished audit of HTTP2/AltSvc (#14952) - Finished audit of User Timing API (#26598) - Patches for "Add ca, ga, id, is, nb locales for Tor Browser" (#27129) - Patched "UI locale is detectable by button width" (#24056) - Patch for "Add new Tor Browser locales to our website" (#27151) - Reviewed #26456, #26833, #26628, #26655 - Met with the Tor Uplift team - Updated https://torpat.ch/locales and https://torpat.ch/support-locales This week: - More fingerprinting protections for ff60-esr - Review https://bugzilla.mozilla.org/show_bug.cgi?id=1333933 for unpatched items - Any patch reviews needed - Optimistic SOCKS? (GeKo: that won't be in 8.0 as we need more testing than our schedule provides. It's therefore not high prio but we should work on it during our 8.5 dev time) boklm: Last week: - fixed some testsuite tickets: - #27133: update useragent string in fp_navigator, useragent and settings tests - #27122: fix slider_settings tests - made patch for #25485 (replace firefox by a wrapper script) and tested it - made patch for #27178 (add support for xz compression in mar files) - helped build and publish 8.0a10 release This week: - continue working on #27105 (Fix Tor Browser testsuite for esr60) and subtickets - look at #12968 (HEASLR) PSA: I'm planning to be afk from 2018-09-06 to 2018-09-10, just after 8.0 release igt0: Last week: - Did several UX iterations on #25696 (On boarding) - Fixed issues in the #26884 (sec settings) - Iterated again in the about:tor for mobile(I am trying to avoid to change lot of gecko code) - Reviewed some code This week: - Finish about:tor (#27111) (I am testing in on tablets) - Update XPInstall to bypass the addons signature checks pospeselr: Last week: - #26874 (smb leak) uplift (was actually a bug introduced by another Mozilla patch, so they're handling it) - reviewed boklm's #27045 [boklm: can you post the logs from the error you get? pospeselr: done!] - rustconf on the 16th and 17th, successfully indoctrinated into the cult of rust - a bit of investigation into #26381 (about:tor page not loading properly in localized windows bundle) This week: - continue #26381 investigation sisbell: Last Week: Attended RustConf on 16-17 Created program to parse android dev file. Found indexes on class annotations differ between builds. This week: Parse data sections of dex file to get more info on deltas between builds. sukhe: Last Weeks: - #26476 (Windows crash): still investigating, doing log comparison now between TC and tor-browser builds - Looking at #24465 (Snowflake bundle libatomic; revision) and #27061 (langpack) - Merged #27152 (fxc2 update; small change) This Week: - Continue the above tasks Georg

1 0

Network team meeting notes, 20 Aug 2018
by Nick Mathewson 20 Aug '18

20 Aug '18

Hi! You can find our logs at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-08-20-17.00.html Below are the notes from our meeting today: = Network team meeting pad! = Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == 11 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001828.html 18 June: https://lists.torproject.org/pipermail/tor-project/2018-June/001835.html 25 June: https://lists.torproject.org/pipermail/tor-project/2018-July/001863.html 2 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001866.html 9 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001884.html 16 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001888.html 23 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001926.html 30 July: https://lists.torproject.org/pipermail/tor-project/2018-July/001928.html 6 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001936.html 13 Aug: https://lists.torproject.org/pipermail/tor-project/2018-August/001947.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * Community guides, it's time to hand off to the next guide! * Let's look at proposed tickets! [but see discussion] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases ------------------------------- ---- 20 August 2018 ------------------------------- == Announcements == """ Sponsor8 ends on Dec 31, and we have some deliverables that needs to make 035. The 035 merge window closes on Sept 15. With that in mind, we need to prioritize these deliverables, and ask some folks to step out from rotations and most code reviews for the next month or so, so we can get it all done. Code reviews will also prioritize sponsor8 work, so, some reviews might be delayed and not added to the weekly review spreadsheet. For the rest of us, we don't intend that reviews and rotations should take up your whole life. If you're spending more than 20% or so of your week on reviews and rotations, then we might need to recalibrate. Talk to Nick and Isa if that sounds like the situation you're in. We will resume normal team operations once we get the sponsor8 deliverables done :) thank you for the understanding. """ If anyone has an opinion on bwauth scaling and how sbws needs to match torflow, please contribute to: * https://github.com/pastly/simple-bw-scanner/issues/182 * Trac #27135 We don't want to be making last-minute changes to the design. == Discussion == Do these tickets block 0.3.4: - our macOS time API seems to return weird results (#26987, #27139) - did we break the consensus between 0.3.3.9 and master? (#27146) [I've tried to opine on these tickets. -nm] == Updates == Nick: Last week: - NSS TLS stuff. Got X509 working (?). Worked on TLS initialization. - Worked on roadmap revision - Met about congestion control alternatives - Review & merge a bunch of patches - Initial (messed up) bisecting on #27080 This week: - Draft a whitepaper about datagram-related attacks - NSS TLS: maybe finish the implementation? - Help work on 034 blocker tickets. teor (offline): last week: - PrivCount in Tor: blinding and encryption (#24629, #26972) - bwauth mentoring (mainly https://github.com/pastly/simple-bw-scanner/issues/182 and #27135) - Reviewed the large vanguards patch (#25573), and other code reviews (#23588, #15188, #22747, #27190 #27191) - Worked on bridges are broken in 0.3.4 and master (#27080) - our macOS time API seems to return weird results (#26987, #27139) - did we break the consensus between 0.3.3.9 and master? (#27146) - I was on leave for a local holiday on Wednesday this week: - Keep on trying to fix bridges are broken in 0.3.4 and master (#27080) - PrivCount in Tor: blinding and encryption - reviews, fixes, design meeting - other reviews and revisions rest of 0.3.5: - work out the earliest rust version tor supports, and add CI for it - Implement PrivCount in Tor noise generation (#26637, maybe #26398) - Merge PrivCount in Tor komlo (offline): - Last week: - Gave a talk about Rust, had a lot of conversations about how to move forward with some existing Rust issues. Will be sending updates/syncs this week - This week: - Finish writing a draft for a peer review checklist, will work with Mike on adding his input/finalizing this - Look over recently-opened Rust tickets (thank you to the people opening these and adding improvements!) haxxpop: - Last week: - The client auth code is ready for review and test. Even thought the test still fails on Windows but I think we can review and test the code while I fix this issue. The code is in https://github.com/torproject/tor/pull/36 - This week: - One thing that we haven't discussed about yet is how clients generate their keypairs (how the command will look like). After discussing about this, I think I will implement it. catalyst: - last week (2018-W33): - CI/Coverity rotation - reviewed some more of teor's CI changes - PM candidate interviews - more digging in bootstrap related code for #25502, #22266 - this week (2018-W34): - design meeting organizer rotation - #25502, #22266 (bootstrap progress reporting improvements) Mike: Last week: - Continue discussions about congestion control - Make sure Sponsor2 report is good for submission - Chat with Tobias Pulls about adaptive padding implementation variants - Code reviews This week: - Help with anti-censorship hiring process - Update #25573 - Keep digging into #27066 - WTF-PAD proposal update - Research website update - Vanguards/onion service security blog post with asn?

1 0

Board Minutes from July 14, 2016, to April 16, 2018
by biella 18 Aug '18

18 Aug '18

Hello, The board is releasing our first batch of Tor Project meeting minutes from July 14, 2016, to April 16, 2018 [1]. After our next reunion, to be held on August 20, 2018, we will release minutes as a single item shortly after we meet. Before the board made the decision to publish them, I had volunteered to write a report about board work and accomplishments. Now that we are releasing our minutes, there is less of a need to write a detailed report, but I’ve decided to highlight some of things we’ve done and what we are up to in the next few months. As is probably obvious, board minutes are a fairly conventional genre of documentation for providing an official record of decisions taken by the board. They reference our collective discussions and include other standard information such as the start time of meeting, place or method of connecting, and a list of present and absent members. They tend to contain regular items of business, such as a discussion of pending and current grants and the finance reports, both of which relate to one of the core of duties of a board: fiduciary oversight of the organization. But these notes also provide a limited window into other aspects of the organization, as well as its shifting concerns and priorities depending on unforeseen factors and events. Early in this board’s tenure, we, along with TPI (The Tor Project, INC.) officers (Shari, Roger and Nick) dealt with matters of organizational housekeeping: filling board positions, establishing email voting protocols, clarifying and defining roles around the officers, and approving new policy documents or changes in existing policy documents. (These documents are included with the minutes.) With that in place, we moved on to other tasks that are also typical of boards, such as the ED review, which was carried out in the winter of 2017. As the organization stabilized, we were free to take on more time consuming projects, such as board expansion and diversification, which involved a number of meetings outside of the regular board reunions as we vetted and interviewed potential new members. Another fairly large undertaking for the current board was finding a replacement for Shari after she notified us of her plans to retire. While a search committee was constituted and tasked with the bulk of the initial work—compiling names, reaching out to candidates, scheduling meetings, and holding initial interviews—the entire board and TPI officers were also pulled in at various points to rate the long list of applications, hammer out procedures and timing, and interview and discuss the final few candidates. While the minutes provide a fairly accurate record of board duties, roles, and accomplishments, board members contribute in ways that are not registered or reflected in our minutes. Shari has reached out to individual board members to help build strategic partnerships, as she did with Mozilla, for instance. Other board members have many informal discussions with members of the Tor community that directly loop back into board discussions, while organization officers like Roger reach out to board members to discuss particular grants. We’d also like to remind everyone that they should feel free to contact us at any time on any matter related to the Tor Project (I've included our contact information below). Now that we’ve wrapped up the ED search, we’ve returned again to expanding the board, and a few of us are in the process of reaching out to a couple of other candidates, one of whom was recommended by a Tor community member (and we happily continue to welcome recommendations like these). Like everyone else, we are also thrilled to work with the incoming ED, Isabela, who will be joining us for our August board meeting. While there will be period of transition as we work with a new ED, we feel the organization has matured and stabilized under Shari’s careful and skilled guiding hand to the point where we can help Isabela fulfill her strategic vision. We were exceedingly impressed by her plan to make Tor more usable and more technically robust and we felt her wide-ranging experience running projects and teams, her intense familiarity with Tor, and her dedication to the fight for privacy and the people of Tor, made her the ideal candidate to shepherd this organization forward into the future. Don’t hesitate to contact any of us if you have any questions, queries, suggestions, and/or comments. Gabriella Coleman, on behalf of the entire board. ps-- I'd like to thank Linus for formatting all the minutes and putting them online. [1] https://gitweb.torproject.org/company/policies.git/tree Gabriella Coleman, biella(a)riseup.net <mailto:biella@riseup.net> Megan Price, meganp(a)hrdag.org <mailto:meganp@hrdag.org> Cindy Cohn, cindy(a)eff.org <mailto:cindy@eff.org> Linus Nordberg linus(a)torproject.org <mailto:linus@torproject.org> rsa4096/8C4CD511095E982EB0EFBFA21E8BF34923291265 Ramy Raoof, ramyraoof(a)riseup.net <mailto:ramyraoof@riseup.net> Bruce Schneier, schneier(a)schneier.com <mailto:schneier@schneier.com> Matt Blaze, blaze(a)cis.upenn.edu <mailto:blaze@cis.upenn.edu> Julius Mittenzwei, julius(a)mittenzwei.com <mailto:julius@mittenzwei.com>

3 2

July spreadsheet: users queries, demands, and issues
by cy63113 17 Aug '18

17 Aug '18

Hi everybody, As many of you know, I've been gathering, for the last for 3 months, issues, comments, demands, and suggestions from different sources like IRC channels, blog comments, Stack Exchange, Tor and Tails Reddit, RT, Facebook, and Twitter. During these months, I noticed that there are multiple users reporting of the same issues, the number #1 are connection problems in TBB alpha and unstable version (7.5.6 & 8.09): "TOR unexpectedly exited" "It is not working" "Fail to connect" and so on, mostly in Windows 10. Also, there are lots of users concern is if is safe to use Tor in Windows. You can check the July spreadsheet here: https://ethercalc.org/fk4bgj7ntrbj A curious fact, seems (there's no way to know for sure) that many more men than women make questions, looking for answers, ask for help... in the monitored channels. Please feel free to reach me out if you have feedback, comments or something else. Cheers, Cybelle

2 1