- tor-project - lists.torproject.org

Notes from November 8 2018 Vegas team meeting
by Karsten Loesing 09 Nov '18

09 Nov '18

Notes for November 8 2018 meeting: Georg: 1) Plans for making our blog more useful by dealing better with comments [alison steps up writing a first draft with help from other folks --GeKo] 2) Future vegas team meeting times Roger: -----On my near-term todo list----- 1) Continue helping Kat with sponsor19 report 2) Write follow-ups, and open trac tickets, from Taipei censorship meetings (many new ideas!) 3) Do the SponsorM final report (due this month) 4) Post a 2016 financials blog post (pending on an answer from Sue about our USG / non-USG ratio) 5) Meeting next week with some department-of-justice people to try to teach more them about the value of encryption (and why not to outlaw it). -----Things you might want to know----- 6) I signed up to potentially be on an NSF review panel in 2019, as part of service to NSF so they continue thinking kindly of us. Dates TBD (if they pick me). 7) I signed up to do a Tor talk at the KNOW 2019 conference in March, since they agreed to do a donation to Tor (woo). 8) I am officially moving to New York City, probably in January. -----Things I'm excited to see progress on----- 9) Steph: how are we doing at taking advantage of OTF's Learning Lab? [I talked to Dan and he'll ping us when it's time to get started; we'll create a post, infographic, or some other material based on one of our projects, probably usability -steph] 10) Gaba: How are we doing at coordinating with Nathan (and OTF engineering lab) on initial bootstrap from censored appstore? 11) Alison: how are we doing at a community lab proposal for bringing Tor community people to the next Tor meeting? [I think we are delaying on this one until the DRL proposal is in, so we can focus on what's most important. -RD] [yeah, I reached out to Al and am going to ping them again next week when they have finished the DRL proposal] 12) Isabela: How are we doing at setting up your internal feedback process? [I plan to work on this with Erin, create an internal communication plan etc] 13) Mike: did you actually launch the tor-researchers list? I see a bunch of pending subscription attempts. [Yes, but I did not announce it or invite anyone yet. The first couple looked spammy/randos and then I got busy with other things - Mike] 14) Geko: can we do a bug bounty status summary? how many bugs, how many bounties, how many reporters, etc? also, should we open up the bounties to more people? OTF seems keen to continue funding the bounties. [Yes, we should have a new contract more or less soonish. And, yes, a summary sounds good. How did you envision that? Just a .txt file/email to tor-project? A blog post with press/social media coverage? Or... --GeKo] [A blog post, the first of a yearly set of blog posts, would be a good first option. -RD][Fine with me. This won't happen in November, though. Should we aim for some time in December then? --GeKo] 15) Alison: status of toronto library endorsement letter? (i think you wrote a draft and then nobody responded) [and then Jon replied just to me asking for it on letterhead, and I sent it back to him signed on letterhead] 16) Erin: do we have an onboarding kit for new employees, explaining travel policies, timesheets, other policies, who to go to for help, etc? Seems like we keep almost having one. [Erin is not on this meeting] 17) Sue: are we good on assigning enough hours to sponsor19, or will the numbers not add up right? 18) Who is leading the censorship developer hiring? [It looks like Erin has started it back up. I heard from Isa that we might ask Gaba and Alex to lead it. -RD] 19) Who is leading the sysadmin hiring? [I heard from Isa that we might ask Linus to lead it. -RD] -----Other things on the edge of my plate----- 20) NYU Tor affiliation plan? [what is this? isa] 21) How are we doing at our plan to handle blog comments more consistently? [i flagged that as something to discuss on my list - Alison] Alison: 1) working on community portal outreach kits. new flyers! 2) worked on DRL proposal with others 3) coordinating LFI board meeting 4) wrapping up LFI cohort 5) organizing curriculum for next LFI cohort 6) submitted IFF CFP 7) Other stuff: LF website redesign, completing training materials for community portal (when we're finished with outreach kits), Colin is working on a Tor relay challenge and planning some relay operator meetups, and the rest of the community team will finalize sponsor9 travel for next year soon Arturo: 1) Wrote a lot of specifications for new measurement techniques to use in OONI Probe tests: https://github.com/ooni/spec/pull/118 2) Working towards a beta release of OONI Probe 2.0 3) Had an important infrastructure incident which is still being resolved: https://github.com/ooni/sysadmin/issues/24 4) Helped write the DRL proposal 5) Maria went to Taiwan for the OTF summit & several other community events Nick: 1) Two new releases out. Any chance for a TB alpha before mid-dec, so we can get users trying the latest alpha before we are planning to ship the stable? [Should be doable. Maybe in week 47 (like two weeks from nowish)? --GeKo] 2) Going to have to clamp down on what we actually fix in 0.3.5. It's time to triage out all but the most critical stuff; please be aware (and selective) when we ask for 035-must tickets. Mike: 1) Sponsor2 work Gaba: 1) Followed up on Gettor but so far not answer from ilv. Hiro offered to do the work on refactoring that needs to happen to get it back to work. I will talk with her on Monday if ilv does not answer by then. 2) Started getting into OONI to help with roadmap and work assignment. Will start participating in their roadmap and meetings. 3) Network team is working good on their way to complete work for sponsor 8 that ends on December 31st. 4) Metrics team hiring the a data architect for the team. Started receiving CVs. 5) Helped with DRL proposal. 6) Sent mail to Nathan (cced Isa) on engineering lab. It seems from the reply he gave that we need to draft a more specific proposal for him to look at. I mentioned gettor but not initial bootstrap from censored appstore.. 7) Hackweek (metrics & network) in Brussels underway. Jon is looking for a hotel to host the meetings in Brussels. Cancelled KU Leuven as it was too much back and forth for some people. 8) Interviews for anti-censorship position are coming. It will be hard to have people already volunteering on it and very good candidates to choose from. Not easy decision. 9) Roger: I sent you a mail to coordinate the SponsorM report. [right, will answer -RD] Pili: 1) Started putting together SIDA Phase 1 report 2) Helping out with DRL Proposal 3) Iterating on best way to Visual Identity Definition Project 4) Iterating on framework for user testing reports. isabela: 1) I'm working on DRL proposal 2) I had a long catch up sync with Roger 3) I will meet OTF PMs this Saturday and SIDA PM this Sunday 4) I will be in Seattle from Nov 12-16 to finalize the transition Sarah: 1) Helping with DRL proposal. 2) YE campaign - sorted out metrics confusion with Karsten and good news is that we are seeing increased traffic to the donate page over last year, but the bad news is that we are seeing fewer donations. I am working today to modify the donate page and will ping Antonela for new banner art and have Giant Rabbit implement. 3) Meeting with OTF and SIDA PMs with Isa this weekend. 4) Next week will finalize with Al postal mail letters to donors we don't have email addresses for and letter to family foundations. 5) Moving forward with allowing people to donate additional types of cryptocurrency. 6) Researching conferences and events for fundraising opportunities. Sue: 1) Working on budget and budget narrative for DRL proposal 2) Working with auditors to complete tax return by 11/15 deadline 3) Invoicing for work completed in 3Q 4) Working on completion of MA PC for 2016 Steph: 1) working on blog post and press release. 2) wrote copy for a couple more pages for the new site 3) working with The Berkeley Group on our brand study 4) submitting a panel to LibrePlanet 5) talked with Dan at OTF about Learning Lab 6) preparing for campaign blog posts 7) starting to use Tor stories gathered through our survey for promotion Antonela: 1) working on TB security settings. 2) working on TBA #28329, #27399. 3) synced with Geko and Isabela about the UX work on the DRL Proposal. 4) submitted a talk to the Open Design track in FOSDEM. 5) working with Steph and Isabela on freezing tpo.org and tpo.org/about so we can move it to translation and development. 6) working with the community team on our new outreach material. 7) a new banner iteration on the EOY campaign is live at tpo.org [I'll send you a note about donate.tpo today. I think it would help the campaign to change the TB banner before 12/11, but don't know how much work that creates for everyone. - Sarah][Noted. I think that might be doable in the same week as the alpha and probably a new Tor Browser for Android are coming out. --GeKo] Karsten: 1) Had a very useful retrospective and roadmap session with irl and gaba. 2) Created a bunch of tickets for roadmap items. 3) Discussed various graphs related to consensus weight. Shari: 1) helping with DRL proposal! 2) so many loose ends 3) Isa's in Seattle next week for the transfer of power! :)

1 0

IFF Proposal Submission Deadline - Tomorrow!
by Matthew Finkel 08 Nov '18

08 Nov '18

Hi Y'all! The deadline for the Internet Freedom Festival (IFF) call for proposal is this Friday, November 9. Please remember to submit your proposals before then. They are looking for sessions spanning organizational security, community healing, regional experiences, and security threats. You can submit your proposal here: https://platform.internetfreedomfestival.org If you are new the the IFF, the week long festival filled with glitter that brings together the various communities working against online censorship and surveillance. Everyone has something to contribute! Submit your sessions proposals before the Nov 9 deadline! In addition, this year Tor is playing an active role in shaping the technical track, so please see the areas of interest and please submit a proposal if you are working on anything that will make this festival better! https://internetfreedomfestival.org/#hacking Thanks! Matt

1 0

Network team meeting notes, 6 November 2018
by Nick Mathewson 07 Nov '18

07 Nov '18

Hi! IRC logs are at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-11-06-23.00.html The contents of our pad are below ```````````````` = Network team meeting pad! = This week's team meeting is on Tuesday at 2300 UTC on #tor-meeting on OFTC. (If the time doesn't work for you, we'll see you the week after.) Welcome to our meeting! First meeting each month: Tuesday at 2300 UTC Other meetings each month: Mondays at 1800 UTC (1 hour later for daylight saving time) On #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == (Search the list archive for older notes.) 1 Oct: No online meeting; in-person meeting in Mexico City. 9 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002005.html 15 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002027.html 22 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002032.html 29 Oct: https://lists.torproject.org/pipermail/tor-project/2018-October/002036.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Also, let's check for things we need update on our spreadsheet! Are there important documents we should link to? Things we should archive? * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * Let's look at proposed tickets! 0.3.5 (bugs only): https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… 0.3.6: https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases * Remember to fill up actual point when you finish a task (as well as "fix" the estimate when starting the issue). * Add planned PTO to the calendar https://storm.torproject.org/shared/ISA5L5nH0Xu88iqSCx9ZjCXYSMKOBTdbUeWarbd… << Remember that priority is Sponsor 8 - roadmap is sort out by priority >> Activity O2.5 is the one we are missing and need to do in 2 months. In November everybody need to start checking snowflake as it is something that is coming in December. ------------------------------- ---- 6 November 2018 ------------------------------- == Announcements == Please don't bulk-delete all the old entries from this pad any more. Instead, delete the "planned" and "actual" for the previous week, but leave the "planned" for this week in place. <--- Check other's people call for help in their entries. Alpha/Master maintainer doc: https://trac.torproject.org/projects/tor/ticket/28225 catalyst asks: which time zone switch are we following for the meeting? US? A: Monday meeting will switch with US DST. patch party remains fixed at 23:00 UTC. (The EU/AU optional catch-up time is moving with EU DST.) US DST switches on 04 Nov, but first meeting of the month is at patch party time. So 12 Nov meeting is at 18:00 UTC. == Discussion == * sponsor 8 work O2.5 (bootstrap reporting) is most important - right now working on this: catalyst, ahf, dgoulet, teor. any of you need help with it? * who else want to do snowflake? schedule snowflake intro meeting * who is going to answer these emails? Dealing with frequent suspends on Android: https://lists.torproject.org/pipermail/tor-dev/2018-November/013529.html Why is the execute bit set on onion service keys: https://lists.torproject.org/pipermail/tor-onions/2018-November/000338.html Both have answers... ? I wrote this question 24 hours ago * neel wrote a new ClientAutoIPv6ORPort option that makes Tor choose between IPv4 and IPv6 client connections at random: https://trac.torproject.org/projects/tor/ticket/27490 It works well, but it could be smarter about relay weights and systems that only have IPv4 (or only have IPv6): https://trac.torproject.org/projects/tor/ticket/17835 Should we merge it as an experimental feature? Decision: Merge it as an experimental feature, and if it causes bugs, fix those bugs. For details, see https://trac.torproject.org/projects/tor/ticket/27490#comment:21 == Recommended links == Cool talk on communication in teams http://lenareinhard.com/do-you-read-me-better-communication-for-stronger-te… == Updates == NOTE NEW FORMAT! Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: - Something you may need help with. PLEASE DO NOT BULK-DELETE THE OLD ENTRIES! Leave the "Planned" parts! Nick: Week of 10/29 (planned): - Implement pubsub message dispatch API and subsystems API. - Do something with consensus mmap patches. (But what?) - release 0.3.4.next? - Get un-stuck on #27359? - Try to design an "extra dormant mode" for #2149 Week of 10/29 (actual): - Implemened pubsub message dispatch API (#28226) - released 0.3.4.9 - Started implementing subsystems logic - Finished #27359 (family representation), adding prop298 as a followup. Thanks to teor for brainstorming help! - Met with S Chakravarty from IIITD - Talked with Catalyst & Teor about bootstrapping designs and plans - Merged memory-map patches (#27244) - Met with asn to learn about wtf-pad - Worked on pending funding proposal with gaba, al, isa, asn, and others - Wrote a PETS meta-review - Reviewed and mergedvarious patches - Wrote a "subsystem manager" branch (#28330) Week of 11/5 (planned: - Comment on new version of crypto thing /prop295 - Review wtf-pad design and code (waiting on status update for proposal revisions) - Meet with B Bhumiratana to chat about net privacy - Plan and possibly start working on #2149 ("extra dormant") with dgoulet - Revise or merge #28226 (messaging system) - Release 0.3.5.4-alpha? - Possibly, design for testing sustems that use pub/sub. Want help with: Mike: Week of 10/29 (planned) - Write more tests for wtf-pad; help asn with review and/or chutney tests - Write diff for nickm's datagram paper - Update WTF-PAD proposal - Maybe help Jaym diagnose why #23512 seems off? Week of 10/29 (actual) - Updated WTF-PAD proposal - Rebased WTF-PAD for nickm - Wrote more tests for wtf-pad; helped asn/nick/teor with review; fixups - vanguards fixes and features week of 11/5 (planned) - New GPG subkey. Kill me. - More WTF-pad proposal updates - Vanguards release? - WTF-PAD updates, fixups, tests - Datagram paper diff for nick help with: ahf: Week of 10/29 (hopefully): Sponsor 8: - Continue implementation for #28179 - Talk with HC about ARM64 Orbot Sponsor 19: - Spend some time (half a day? a morning maybe?) on some of the Snowflake tasks. Misc: - End of month tasks. Week of 10/29 (actually): Sponsor 8: - Continued work on #28179. - Talk with dgoulet+dcf about #28180 (and some S19 stuff). Sponsor 19: - Began looking at our S19 roadmap tickets. - Looked at the HTTPS Proxy PT for the "Backup PT" roadmap task. - Looked at Snowflake design. Misc: - October Harvest report done. - Looked a bit at the Graphite data collection code with David. - Got through my review backlog. Week of 11/05 (hopefully): Sponsor 8: - Finish #28179 and get it reviewed+landed. - If the above gets done, look into next S8 item(s). - Look into #27100. Sponsor 19: - Continue wrapping my head around PT tasks for s19 (mostly focusing on Snowflake). - Help UX with #27385. - Anti censorship team hire. - Write email about Snowflake meeting last Tuesday of november, 23 UTC Misc: - Review #28298. - Do reimbursements from Mexico. help with: - Don't think anything right now(?) asn: Week of 10/29 (planned): - Continue reviewing/testing WTF-PAD code. - Do reviews. Week of 10/29 (actual): - Spent most of my time reviewing, refactoring and testing the WTF-PAD code and proposal. - Did reviews - Merged an HSv3 branch in upstream tor! - Helped with bridgedb funding proposal. - Helped with a few hsv3 tickets. Week of 11/05 (planned): - Continue reviewing, refactoring and testing the WTF-PAD code. - Try to come up with a useful WTF-PAD state machine that we actually want to merge. - Do reviews. help with: dgoulet: Week of 10/29 (planned): - Get further into #25502 meaning taking care of #28180 and hopefully starting to implement soon. - Reviews and 035 tickets as much as possible. - Draft the stable maintainer policy with teor's help. Week of 10/29 (actual): - Discussion with dcf1 and ahf on the spec side of #28181. - Worked on doc/HACKING/Maintaining.md document. - Merge a series of HS ticket upstream. - Discussion about #28275 which in the end turns out to be a bad idea so we'll take a different route. - Review and discuss HSv3 tickets. - Looked at the "subsystem manager" branch from nickm as a first skim. No comments yet. - Some side project with ahf on exporting various Tor stats using Graphie format and Grafana/Prometheus to visualize. Week of 11/5 (planned): - Planned, review and/or work on #28335 with nickm. - Available for ahf to review #28179 and then start working on the code for #28180 (s8). - Finalize whatever s8 other tasks come up this week. gaba: Week of 10/29 (actual): - OTF Summit in Taipei - week 1:1 - fundraising & proposals - roadmap: I will check on people about sponsor8 tickets Week of 11/5 (planned): - gettor follow up - hackweek cancel KU reservation - get into ooni work/roadmap - start looking at CVs that come up for data architect position for metrics team - several weekly meetings (ooni, metrics, fundraising, las vegas) and 1:1s help with: - communicating anything about sponsor8-bootstrap help/needs and progress catalyst: week of 10/29 (2018-W44) (planned): - reviews - hiring stuff - more detailed outline of sponsor8 work - 0.3.5 bugfixes as needed week of 10/29 (2018-W44) (actual): - wrote up outline of new abstractions for bootstrap tracking (#28281) - cleaned up #28018 children - started reviewing #28226 (pubsub) week of 11/05 (2018-W5) (planned): - reviews - bug triage rotation - 0.3.5 bugfixes as needed help with: haxxpop: Week of 10/29 (planned): - Continue writing the man page Week of 10/29 (actual): - End up fixing #28184 instead of writing the tor-keygen man page. Week of 11/5 (planned): - Probably discuss about #28275. A lot of ideas are going through. So fun :). And I will fix it if there is something to be changed. - Write the tor-keygen man page, if I have time left. help with: teor (online!): Week of 29 Oct (planned): - Get my timesheets and post-travel admin done (awaiting advice from accounting) - Work on PrivCount in Tor prototype - minor fixes to privcount_shamir - module design, merge privcount_shamir, stub other modules - finish off the travis CI config for chutney / turn it into a config to test PrivCount in Tor - Make the fallback script ignore addresses in the whitelist, so we can rebuild the fallback list - Work on code review backlog. Maybe small revision and small ticket backlog if I have time Week of 29 Oct (actual): - Hackfest, meeting planning, and lots of timesheet and post-travel admin admin - Finished all my outstanding code reviews, and did some re-reviews, and some quick fixes - Merged some chutney debugging improvements - Helped nickm with MyFamily RAM usage reduction (#27359) - Worked with nickm and catalyst on s8 bootstrap - Worked with Karsten on a metrics bug that we want to avoid in PrivCount (#28305) - Fix our Windows version detection (#28096) - Helped with a ~ path handling bug (#28311) Week of 5 Nov (planned): - Pick up a s8 bootstrap ticket, and do it - Try and make progress on the s8 chutney consensus failure bugfix tickets - Work on PrivCount in Tor prototype - merge the crypto_rand_double() C code in #23061, and write a Rust equivalent - minor fixes to privcount_shamir - finish off the travis CI config for chutney / turn it into a config to test PrivCount in Tor - Make the fallback script ignore addresses in the whitelist, so we can rebuild the fallback list Week of 5 Nov (actual): - Started "pick guards from a reasonably live consensus" (#24661), found #28319 - More admin - Go through my ticket email backlog, lots of little ticket updates - Planning for s8-bootstrap Help with: - I am stuck on #28096. It's a tinytest fake Windows fork issue. nickm, can you help? Details here: https://trac.torproject.org/projects/tor/ticket/28096#comment:11 Answer: nickm will look at the ticket - Can I have a second opinion on #26376? I am not sure which cross-compiling doc we should be merging. Answer: we will try out the process, and maybe rewrite the instructions based on what we learn - When can I stop doing Sponsor 8 and move on to PrivCount and the fallback directory mirrors? This week? Answer: Maybe for a day every week for a break - How do we feel about adding a Windows Server 2016 build to Appveyor? (#28318) Answer: Let's try it, and then think about moving to Travis when it has C support juga (offline): Week of 10/29 (planned): - sbws - relase 1.0, update deb - start using sbws in production (#28224) - tor code - start with #21377: DirAuths should expose bwauth bandwidth files - prioritize open tickets - bandwidth file specification - whatever needs to get fixed after review Week of 10/29 (actual): - sbws - relased 1.0.0, and 1.0.1, updating debian package to 1.0.1 - bandwidth file specification - created pull requests with updates - tor code - started with #21377: DirAuths should expose bwauth bandwidth files - some prioritization of open tickets (sbws and tor code) - looked at bridge bandwidth scanner code - started using sbws in production (#28224) Week of 11/05 (plan): - tor code - continue with #21377: DirAuths should expose bwauth bandwidth files - continue with #22453: Relays should regularly do a larger bandwidth self-test - start with #26698: Authorities should put a hash of the bandwidth file in their votes - undecided on trying to start some tasks that are not priority but on which the rest of the work on bandwidth stuff might depend

1 0

October 2018 report for the Tor Browser team
by Georg Koppen 06 Nov '18

06 Nov '18

Hello! In October the Tor Browser team did three releases picking up Firefox security fixes and other improvements: Tor Browser 8.0.3[1], 8.5a4[2], and for mobile 1.0a3[3]. For mobile we fixed DNS requests bypassing Tor[4] and for the desktop alpha we included a backport of a defense against fingerprinting a user by protocol handler enumeration, which Mozilla developed.[5] Tor 0.3.5.3-alpha is tested in the desktop alpha bundles as well. Moreover, all the deskop bundles contain our end-of-the-year-campaign donation banner to help us collect unrestricted money. Non-release related work comprised (among others) severel bugs tackling reproducibility issues[6], moving our mobile build integration into tor-browser-build forward[7], and looking into integrating Torbutton tighter into the Firefox codebase directly.[8] The full list of tickets closed by the Tor Browser team in October is accessible using the `TorBrowserTeam201810` keyword in our bug tracker.[9] For November we plan to get our next major alpha release of Tor Browser for Android out. Highlights will be an included Orbot which makes installing a separate app unnecessary and the full integration of the mobile build process into tor-browser-build, making it possible to tackle remaining reproducibility issues[10]. Additionally, we have a bunch of UX improvements in the pipeline for that release, e.g. an own about:tor page for mobile[11] and .onion indicators in the URL bar, similar to those we already see on desktop platforms[12]. All tickets on our radar for this month can be seen with the `TorBrowserTeam201811` keyword in our bug tracker.[13] Georg [1] https://blog.torproject.org/new-release-tor-browser-803 [2] https://blog.torproject.org/new-release-tor-browser-85a4 [3] https://blog.torproject.org/new-release-tor-browser-android-10a3 [4] https://trac.torproject.org/projects/tor/ticket/28125 [5] https://trac.torproject.org/projects/tor/ticket/1623 [6] https://trac.torproject.org/projects/tor/ticket/26475 and https://trac.torproject.org/projects/tor/ticket/27827 [7] https://trac.torproject.org/projects/tor/ticket/26993 [8] https://trac.torproject.org/projects/tor/ticket/25013 [9] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [10] https://trac.torproject.org/projects/tor/ticket/25164 [11] https://trac.torproject.org/projects/tor/ticket/27111 [12] https://trac.torproject.org/projects/tor/ticket/26690 [13] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…

1 0

Tor Browser team meeting notes, Nov 5 2018
by Georg Koppen 06 Nov '18

06 Nov '18

Hi! We had our weekly Tor Browser meeting yesterday. Our IRC log can be found at http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-11-05-18.58.log… Notes from our pad are Discussion: - status updates - timesheet deadline - tba-a2 release planning (GeKo: we plan to have everything ready for TBA-a2 in about two weeks) - We are embedding tor button within tor browser, should we ship it with all locales? (GeKo: I think for now let's just go with en-US and we can think about adding locales as we go) - OTF engineering lab - need a TBA volunteer to coordinate with Nathan and possibly gaba (for gettor stuff) on ways for users to get TBA initially e.g if it's censored on app stores (GeKo: we mull over this idea in the coming days to have something we can pursue after we have the TBA release out) mcs and brade: Last week: - Returned from vacation and caught up on email, recent bug activity, etc. This week: - Revisit #22074 (Review Firefox Developer Docs and Undocumented bugs since FF52esr). - Review for #28039 (Tor Browser log is not shown anymore in terminal since Tor Browser 8.5a2). - Review for #22343 (Save as... in the context menu results in using the catch-all circuit). GeKo: Last week: -helped with the Tor Browser for Android release -started to look into FPI of redirect write-up (#3600) -reviews, reviews, reviews (#28125, #22343, #28258, #27827, #28310, #25013) -started with begin of the month updates -finished first part of bisecting rust reproducibility issues (#26475) (as new fun thing for my spare time) -participated in the tor browser 8 retrospective meeting (tjr or anyone: do we have a link to the meeting notes? I lost it in my IRC backlog) - https://docs.google.com/document/d/1J3a4mzY3BjoIUw80LbUoA5180bAFCwB1DoaiKnN… -took two days off This week: -finish begin of the month updates -make significant progress on design doc update (#25021) -think more about our security settings redesign (#25658) -looking more into the single-locale repacks (#27466) sysrqb: Last week: TBA release (after needing only one re-signing by boklm, thanks!) Reviewed #25013 (integrating torbutton into tor-browser) Integrated Orbot into TBA (#28051) This week: TBA+Orbot - #28051 Rust audit - #27616 igt0: Last week: - Sent a new patch to #25013 (torbutton) - Updated #26690 (padlock for android) - Reviewed #28125 (Don't let Android leak DNS queries) This week: - Finish all the open tickets with patch (#25013, #26690, #28093, #27111) sisbell: Last week: - # 27443 Firefox for Android - fixed arch dependencies and updated mozconfig to align with tor-browser mozconfig (GeKo: could you remove the ccache related entries? we are building within containers from scratch and ccache should not help much in that scenario. However, it might do so in local builds which is why it is there.) This Week: - # 27977 - Look into orbot in tor-browser-build - # 28144 - TorButton investigate adding to projects (igt0: I think this ticket is affected by the #25013) - # 27609 - Evaluate Tor Onion Proxy Library pospeselr: Last week: - updated and minimal patch for #26540 (setting pdfjs range request first party domain) - wrote some words on arthur's #28259 (is not saving history hurting tbb retention rates) This week: - need to verify cookies are sent/stored correctly with #26540 following some concerns from arthur (GeKo: are those concerns documented somewhere? if not, could we add them to the ticket?) pospeselr: not documented, putting on the ticket - review feedback/changes on #3600 discussion doc, figure out what we should actually implement given the options tjr: - Worked on backporting mingw-clang patches to esr60 - Got a running build on -central with --enable-sandbox - Need to re-apply the __try / __except mappings, since mingw-clang cannot use them - Annoyingly, the test suite doesn't work in TC for an unknown reason =( - Fixed a fuzzyfox crash - arthuredelstein: Last week: - Finished patches for https://bugzilla.mozilla.org/1330467 Working on uploading branch, https://github.com/arthuredelstein/tor-browser/commits/1330467+7, to Mozilla's Phabricator instance for review - tjr: I do not recommend trying to use phabricator. Just attach patches. arthur: OK! Just one by one attachments? There's quit a few so I thought it would help keep things organized. - Opened https://trac.torproject.org/projects/tor/ticket/28259 (Is not saving history hurting Tor Browser retention rates?) - Also opened https://trac.torproject.org/projects/tor/ticket/28315, https://trac.torproject.org/projects/tor/ticket/28316 (New Identity for this Site, New Identity per Search) - Worked on revising #22343 (Save As) - Wrote patch for https://trac.torproject.org/projects/tor/ticket/28187 (Change Tor Circuit display icon to an onion) This week: - Optimistic SOCKS (https://trac.torproject.org/projects/tor/ticket/25555) - ff60-esr bugs pili: Last week: - Preparing Tor Visual Identity exercise to eventually choose illustrations for the website and product, e.g onboarding This week: - Roadmap formatting and review boklm: Last week: - made patch to fix obfs4 nightly build (#28310) - worked on #28260 (Tor nightly builds are broken on Linux with Rust enabled (since 10/31)) - worked on #27265 (In some cases, rbm will download files in the wrong project directory) and #27045 (Add option for firefox incremental builds) - fixed #28287 (es download-easy link broken) This week: - do more testing of patch for #27265 - follow-up on #26148 (binutils reproducibility issue) - continue looking at #28176 and how to bring back the testsuite - will be afk on thursday antonela Last Week: - worked on security settings (#25658) This Week - continue working on security settings (#25658) - Tor Browser Icon survey ends this week. I'll inform the results with the list. - testing Orbot free TBA, thinking about (#28329) Georg

2 2

35C3 Vouchers
by Jonathan Marquardt 05 Nov '18

05 Nov '18

Hello everyone! If anyone has any 35C3 vouchers left, please notify me! I'd like to attend the relay operators meetup. -- OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3 https://www.parckwart.de/pgp_key

2 1

Damian's Status Report - October 2018
by Damian Johnson 05 Nov '18

05 Nov '18

Hi lovely onion enthusiasts! Here's my status report for the last couple months (I skipped Semptember's since August's was really late)... https://blog.atagar.com/october2018/ Cheers! -Damian

1 0

Notes from November 1 2018 Vegas team meeting
by Karsten Loesing 02 Nov '18

02 Nov '18

Notes for November 1 2018 meeting: Georg: 1) We got Tor Browser for Android 1.0a3 out Gaba: 1) attended sustainable open source software organized by gunner and open collective 2) attended OTF summit 3) going back into the roadmap and specially tickets that are marked as sponsor8 4) can we move the las vegas meeting for 30 minute later? Or I'm late for 30 min. The meeting starts just when I need to take kids to school. Alison: 1) writing outreach content for community portal 2) drafting LFI cohort two schedule 3) finalizing LFI cohort two recruitment materials and plans 4) writing some text for the DRL proposal 5) advising a high school student on a Tor research paper 6) writing a follow up email to the organizers of Tormenta 7) Maggie presented with Cybelle at Mozfest 8) Colin is onboarding Pili, Maggie, and Sarah on RT 9) coordinating meeting dates and locations for the next Tor Meeting 10) continuing work on the LFI wiki 11) wrote CFP for IFF and submitting today! Sarah: 1) YE campaign results - Bad news: we are $20,000 behind where we were at this point last year. - Good news: We’ve received 604 gifts for $35,612. 357 people have given for the first time. We’ve gained 24 new monthly donors and we are generating $3,000/month from all monthly donors. 2) Campaign next steps - Modifying some graphics - Writing more campaign-related blog posts - Boosting social media. Please encourage your networks to contribute. Help Steph and me identify and reach out to influential external validators who might be willing to amplify the campaign. Can LFI and OONI retweet? - Brainstorming the next set of TB banners. (Puppies!) - TBA banners - Postal mail letter going to people who have given though the mail before and for whom we don’t have an email address. - Still working on cryptocurrency issue. Several donors have asked to be able to send Bitcoin and Monero directly, but Sue: I think we need to check with the auditors about this process. 3) Grants - Al and many others are deep in DRL anti-censorship proposal writing - Modularization proposal is about to be complete - Letter to family foundations will be sent after the 11/8 DRL deadline 4) I'll be AFK 11/5 but available on Signal isabela: 1) done with sponsor8 Q3 report 2) catching up with modularization proposal and drl proposal 3) writing down the information for sue to build a grant forecast report for me 4) answered questions from the berkeley group for their research Mike: 1) Working on sponsor2 work sue: 1) done with reporting requirements for all 10/31/18 deadlines 2) working on budget for DRL proposal, getting the template ready for percentages from team leads for personnel 3) still training two new employees 4) catching up on all emails (way behind due to travel and deadlines) nick: 1) team working on timeline stuff for drl proposal 2) moving ahead with sponsor 8 things 3) jon and gaba and team are planning netteam hackfest 4) too much email, too many meetings. :) Shari: 1) finishing edits on DRL proposal 2) need to do expense reports for Yale and Mexico City 3) helping with end-of-year campaign as needed 4) general catch-up after too much travel Karsten: 1) Finished first version of metrics-web's ipv6servers module rewrite towards replacing large parts of the legacy module. 2) Helped write job posting for new metrics developer. To be distributed soon. Steph: 1) fundraising campaign sharing and planning 2) responded to a couple press inquiries 3) wrapping up website copy Antonela: 1) working on Tor Browser Security Settings 2) reviewing DRL Proposal 3) writing wiki docs for Circuit Display and Onion Security Indicator 4) Tor Browser Icon pool was sent 5) working on EOY iterations in Tor Browser and tpo.org 6) working on tpo.org and tpo.org/about redesign 7) working with Helen on usability research reporting

1 0

Tor Browser Release Meeting Today - Wednesday 31st November 18:00UTC
by Pili Guerra 31 Oct '18

31 Oct '18

Hi everyone, Just a reminder that we’ll be having our bi-weekly Tor Browser release meeting today at 18:00UTC. Please come with any questions, requests and comments you may have. Everyone is welcome! Pili — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

1 1

Tor Browser team meeting notes, 29 Oct
by Georg Koppen 30 Oct '18

30 Oct '18

Hi! The meeting log of our weekly meeting yesterday can be found on http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-10-29-18.01.log… The pad contents are pasted below for your convenience: Monday October 29, 2018 Discussion: - next meeting (GeKo: we switch to 1900 UTC from next week on, wiill send an email to tbb-dev) - security control redesign (GeKo: the plan is to due the incremental approach: implement what we have in proposal 101 and start thinking about making especially the "safer" mode even more usable; scheduling meeting for next week Wed 1900 UTC to hammer our the remaining issues; will send mail to tbb-dev) GeKo: Last week: - helped with getting releases out - done with Tor bundles ticket triage (yay) - reviews (a bunch of tor-browser-build patches for our Tor Browser for Android, #28082, #26498, #28185, #28125; started with #22343) - we hired external folks to fix our Windows accessibility bug (#25703), not sure when we get that work scheduled, though, yet - work on the security control redesign (#25658) - work on updating our design doc (not as much as I have hoped, though :( ) (#25021) - started first look into single-locale repacks and thinking how to integrate that into our build system (#27466) This week: - more reviews - tba release? (GeKo: yes, we'll have one this week) - further work on tor browser design doc update (#25021) - looking closer into single-locale repacks (#27466) - looking closer at fpi of redirects - begin of the month updates -afk for parts of wed + whole thu+fri igt0: Last week: - Tested a bit #28125(TBA proxy bypass, i need to write down what kind of tests i did) - Sent a new patch to #26690 (padlock on mobile) - Have a patch to #27111 (about:tor on mobile, however it is blocked by #25013) - Implemented the donation banner, however it is not easy testable because it depends of #27111 This week: - More updates to the #25013 (Move TorButton code to the tor browser repository) - more reviews tjr - I got a mingw-clang x64 build with sandbox running and seemingly stable - Have to upstream a MinGW patch and land a couple of MinGW bumps, but then it will be in TC - Will work on getting tests running, and doing some TC build stuff cleanup - To the extent possible, would love to start working on moving this into rbm. (GeKo: As I said on IRC, ping either boklm or me, I opened #28238) - I can probably start this, but will need guidance. - Fuzzyfox landed in Nightly, and you can enable it yourself and try it out - Have to add prefs manually. Has an intermittent crash-on-enable. Performance is sometimes fine, sometimes unusable?? - Circulated the 3600 design doc to mozilla folks. - I think folks are planning to show up to the Wens morning meeting to discuss it, so Richard, would be great if you could come. sysrqb: Last week: Worked on #28125 (DNS leak on Android) Attended funder meeting This week: Continue working on #28125 Reviewing #25013 (integrating torbutton into tor-browser) Rust audit Integrating Orbot into TBA boklm: Last week: - helped publish the new releases - reviewed patches to integrate android build in tor-browser-build - opened and started thinking about #28176 (Cleanup and add the testsuite to tor-browser-build.git) and started some prototype to try to see if that looks like a good idea This week: - follow-up on #26148 (binutils reproducibility issue) - continue looking at #28176 and how to bring back the testsuite - make patch for #27265 (rbm issue when downloading some files) and #27045 (Add option for firefox incremental builds) - afk on Thursday pospeselr: Last week: - posted tech overview doc for #3600 (redirects) to dev list: https://storm.torproject.org/shared/Kw99Ow0ExZFFC6FKD5CeryfVFAoAL9Z_iEVlflI… - associated #3600 prototyping - updated tbblogger to use fmtlib: - utf8, utf16, utf32, and wide strings and pointers all handled transparently regardless of OS/CPU architecture This week: - #3600 doc feedback, prototyping sisbell: Last week: - # 27441 Debian image to use stretch - merged - # 26696 Platform def in rbm.conf - merged - # 26697 Android toolchain - merged - # 27443 Firefox for Android - fixed packaging issues. This Week: - # 27443 - sync mozconfig entries with the one in tor browser repo. Cleanup system dependencies - # 28144 - TorButton investigate adding to projects arthuredelstein: Last week: Starting working on automated unit tests for #22343 (Save as) Made more progress on FPI of permissions (https://bugzilla.mozilla.org/1330467) Opened #28163 (Make "new window" and "new tab" menu item labels consistent) and #28174 (Block non-.onion subresources) Wrote patch for #28187 (Change Tor Circuit display to an onion) This week: Keep pursuing FPI permissions Finish unit tests for 22343 (Save as) for future uplift Look into more ff60-esr bugs? Read through pospeselr's redirect document and make comments pili: Last week: Experimenting with roadmap formats... This week: More roadmap experimentation Thinking about matching up tor browser releases/features with user testing sessions reviewing anto's wiki docs :D AFK Thursday and Friday anto Last week: #28093 - Made TBA mobile + tablets EOY Banner mocks - https://trac.torproject.org/projects/tor/ticket/28093#comment:4 #25658 - Worked on Security Settings This week: #25658 - More on Security Settings Sent Tor Browser Icon Poll - https://lists.torproject.org/pipermail/tor-project/2018-October/002034.html Writing wiki docs for the work we did over the circuit display and .onion security indicator. If you think I'm missing anything important, please let me know! WIP here: https://storm.torproject.org/shared/Ju1LYUrUQBsBNAXJX9xr1u5XPUOSNEGia1emcAj… https://storm.torproject.org/shared/51oEioNhpFgEYAcVswnczZORLmGjR_mlVsYKdPz…

1 0