tor-project

tor-project@lists.torproject.org

17 participants
2325 discussions

Tor Browser team meeting notes, 26 March 2018
by Georg Koppen 26 Mar '18

26 Mar '18

Hi! Our Tor Browser meeting just finished. The chat log can be found on http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-03-26-18.00.log… and our pad items are: Monday, March 26, 2018 Discussion: -roadmap (https://docs.google.com/spreadsheets/d/1joFGDiHaqlorGeXhytKakiSnWY9TqTDv5Xq…) -thoughts from the Rome meeting? (GeKo: I prefer a pre-meeting day as other teams are doing instead of having multiple days for gathering the roadmapping stuff) -next tor browser team meeting (It will be on 4/3 1800 UTC on #tor-meeting) GeKo: Work done since Rome: -releases, releases, releases -prepared the roadmap trying to take results from our session, the mobile session etc. into account -shortened my review queue, sorry that it took so long (I am almost done but will finish the remaining things this week) -#21777 (little progress but not done) -https://bugzilla.mozilla.org/show_bug.cgi?id=1442406 -looked again at #10394 to disable automatic HTTPS-Everywhere updates (Arthur is curious about this one.) [GeKo explained the idea in the meeting, see IRC log] -started to integrate building rust and tor with it enabled into tor-browser-build (#25481) -backlog due to dev meeting This week: -#21777 -https://bugzilla.mozilla.org/show_bug.cgi?id=1442406 -#25481 -update to the security control redesign proposal -continue triaging ages old bugs mcs and brade: Since Rome: - Worked on patches for #25405 (cannot use Moat if a meek bridge is configured ). - Spent a little time on #20212 (Tor can be forced to open too many circuits by embedding .onion resources). - Backported patches for #23439 (Exempt .onion domains from mixed content warnings). This week: - Finish #25405 (cannot use Moat if a meek bridge is configured). - Start rebasing the Tor Browser updater patches for ESR 60. igt0: Since Rome: - Updated #25013 addressing arthur's comments; - Rebased and built Orfox(Orfox-1.5.1-RC-1) - Investigated if it is possible to drop items from external apps inside orfox/firefox(Android 7 feature) This Week: - Take a look into the domain-isolator component to verify if it is possible to use it in the alpha tbb for android build. isabela: This week: - finish reviewing TB(desktop+mobile) roadmaps and updating/organizing ux roadmap to make sure we are aligned - start preparing final reports for sponsor4 that ends on march 30th - following up on censorship team stuff and FB proposal stuff <- does tb team has any feedback on this? boklm: Since Rome: - helped with building/publishing new releases - bisected binutils issue for #16472 - worked on #25304 (Update gcc to 6.4.0 (Linux)) - fixed: - #25531 (Add locks in archive.tpo rsync scripts) - #25585 (Use https instead of http to fetch dependencies when possible) - #23640 (Send a patch to add rbm to the reproducible-builds.org documentation) This week: - finish publishing releases - try to fix binutils reproducibility issue (#16472) and -debug build (#25584) - finish #25304 (Update gcc to 6.4.0 (Linux)) - fix #25318 (Add Tor Browser nightly builds email notification) - make some progress on #18867 (Ship auto-updates for Tor Browser nightly channel) pospeselr: Last Week: - visited the Netherlands This week: - go through 1432966's dependent bugs and bring down any patches required to fully fix #25147 - investigating work to excise /proc dependency on Linux (#20283) sysrqb: Since Rome: - We have a roadmap for TBA! - Orfox patches merged into Alpha (#19675) - Updated Orfox build docs (#25562) - Chatted with Arthur about building TorLauncher (and TorButton) as system add-ons (#24856) This week: - Building/Releasing Orfox based on 52.7.3esr (with help from the Guardian Project) (today) - Update HTTPS-Everywhere add-on bundled with Orfox (#25603) - Open some more tickets for tracking roadmap milestones - Continue working on TBA tickets arthuredelstein: Since Rome: - Worked on a patch for https://trac.torproject.org/projects/tor/ticket/24309 (new tor circuit display) - Did some more rebasing to mozilla-60. This week: - Continue to rebase - Try to uplift permissions isolation patch, which is nearly ready - Review Tor SoP applications Following week: - afk for 3 days Georg

1 0

Network team meeting notes, 26 March 2018
by Nick Mathewson 26 Mar '18

26 Mar '18

Hi, all! Our weekly meeting logs are available from: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-03-26-16.58.html Below is a record of the contents of our pad. ----------- = Network team meeting pad, 26 March 2018 = ROS: My name is Guildenstern, and this is Rosencrantz. (GUIL confers briefly with him.) (Without embarrassment.) I'm sorry - his name's Guildenstern, and I'm Rosencrantz. -- Tom Stoppard, _Rosencrantz And Guildenstern Are Dead_ Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) == Stuff to do every week == * Let's check and update the roadmap. What's done, and what's coming up? * Check reviewer assignments at * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… == Announcements == * 0.3.3.x triage has happened. How was it? * Starting 0.3.4.x triage this week. I could use help.-N * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing 0.3.4.x work. * Important dates: * Apr 15, 2018 -- 0.3.3.x stable is supposed to be ready! * May 15, 2018 -- 0.3.4.x feature freeze! * Dgoulet now has commit permissions cool! :confetti_emoji: * dgoulet will be AFK on Friday/Monday, national holidays (Easter...). * ahf will be semi-AFK on Thursday/Friday/Monday (will be around for the meeting for sure) for easter. * isis will be semi-AFK on Friday/Monday * 0.3.3.x triage status: * 033-included-2018 are the ones that are still included after the first 2 rounds: https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… * There are also some new tickets still in the milestone that survived the first round of triage, but which we aren't currently planning to tackle in 0.3.3.x-final. They are tagged with 033-removed-2018 : https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… == Discussion topics == * Kat reminds us that we should nominate volunteers to receive Tor swag. - Let's maybe do this on another pad, so we aren't discussing volunteers in public :/ * We need to finish all the 033-must tickets. How are we going to do this? = Updates = == Nick == Last week: * Lots of post-rome tasks * Did 0.3.3.x triage * Worked on lots of little bugs * Helped interview 4/5 of ED candidates. Last 1st-round interview is Tuesday. * Went to Libreplanet on Saturday, gave a quick overview of network team stuff as part of State Of The Onion, talked to bunches of people. (Thanks to isabela and stephw and flexlibris and n8fr8!) * Cleared out my review queue * Quick refactoring branch to help people experiment with other relay crypto designs. This week: * PETS reviews, week 1. * Tons of meetings * Putting out 0.3.3.4-alpha. * 033-must tickets * Talking with dgoulet about CPU-usage-when-idle (done) * Talking with ahf about idle API * Talking with dgoulet, isis, catalyst about wide creates isabela Last week: * catch up on all the follow ups from Rome / sent summary to the ml This week: * prep for this meeting * follow up with FB proposal and censorship team dgoulet: Last week: * Post-Rome tasks: notes to the Wiki, emails. * Triage 0.3.3 tickets. * Addressed 033-must tickets. Some important ones: #25226 and #24767. * Reviewed and opened some tickets. See Timeline for this: https://trac.torproject.org/projects/tor/timeline?from=Mar+26%2C+2018&daysb… * Organized our roadmap modularization work with ahf: #25498. * Organized our roadmap Reduce CPU usage work with nickm: #25500 * Feedback on mike's tor-dev@ email thread: [tor-dev] Setting NumEntryGuards=2 * Helped breaking down Sponsor Bucket network team tasks with asn. This week: * Ticket work and review, most of it will be 033-must. * Modularization work with ahf. * Follow up on larger tickets from last week (#25226, #24767). * Organize the work for wide CREATE cells with isis/nickm/catalyst. Mike: Last week: * Mailinglist posts about two guards & QUIC * Meetings about other funding proposals, personel * (re)read a handful of research papers, filed tickets * Some ticket review This week: * Xfer two guards thread -> proposal. Does anyone have any other points/concerns/arguments? * TL;DR is that one guard is not any better than two, and arguably worse, because our path restrictions allow an adversary to force the use of a second guard at any time for specific activity. I am assuming we want to keep our path restrictions. Is this correct? * Relatedly, in order to prevent the adversary from being able to force the use of a *third* guard, we also need to ensure that the two guards we pick are not covered by the same path restrictions (ie must be chosen from different /16 and family). * Trim down prop247 to cover what we are doing with the vanguard script (which will also match our planned final implementation). * Review other tickets. (Are we deliberately assigning a new person to review a ticket each time it goes back to needs_revision? This seems expensive, but does mean more eyeballs) [dgoulet]: No, if it goes back in needs_revision, the original Reviewer stays as is and in charge of reviewing again when it goes back in needs_review. isis: last three weeks?: - finding bugs #25517 - refactoring protover and giving it a more memory efficient voting algorithm #24031 - reviewed linker/build modifications for testing rust code which calls C code #25386 - adding more tests for previously untested things #25605 #25425 - giant email to Ian about various handshake design considerations and (mis)usage(s) of hash functions - revising prop#269 based on said discussion/reading - documented our current policy for Rust dependencies and set up a script to help vendor them #25310 - reviewed a unittest that nick and juga wrote #25515 - ticket/hackerone triaging while people were in rome/afk - reviewed volunteer win32 patches from mailing list #25479 - reviewed/shepherded new rust module for calling tor's logger #23881 - fixed a flaky HSv3 unittest #25450 - reviewed other changes to Rust coding standards #25368 - wrapped our sha2 implementation so that we can call it from Rust #24659 - reviewed teor's crypto_rand_double_sign() in rust #25381 - reviewed/shepherded next stage of the crypto.h refactor #24658 - bought a mac and set up stuff like fish and rustup and git for testing thingsxk this week: - wrap our RNG? #24660 - finish the sha2 thing since it's also blocking the handshake work #24659 - more prop#269 thinking/writing ahf: Since Rome: Sponsor 8: - Discussed basic modularization with David (#25498): - Started looking into building a Tor with some of the dirauth code ripped out. Misc: - Reviewed: #25398, #25399, and #25512. - Post-Rome tasks: emails, backlog, look at tickets. - Wrote the onion_status.pl script for status reporting. - Got the subprocess API to work with the event loop on Unix. Now trying to get it work on Windows. - Participated in the weekly PT meeting. This week: Sponsor 8: - Continue with trying to build a Tor with some dirauth code left out. - Discuss Idle interface with Nick. Misc: - Need to review #25425 and #23846. - Bug triage rotation role. haxxpop Last week: Nothing Next week: I will start implementing the client authorization for v3 onion service (as I told dgoulet and asn in Rome) [dgoulet] Awesome! [asn]: epic juga Last week: * collecting questions for the virtual "bandwidth authority team" * bwscanner: * started merging PRs without review * solved some bugs and PRs * cleaned up not used code * status: still buggy and not getting nice numbers * sbws: still not sure whether to dedicate time on it or continue with bwscanner * got access to ln5 box for testing, though still not running bwscanner to do not generate traffic * funding: * received negative answer from previous funding attempt (aka F1) * submitted application for new funding attempt (aka F2) * writing application for new funding attempt (aka F3) Next week: * Look sbws more in detail, document? * bwscanner: * solve current blocking bugs: (https://github.com/TheTorProject/bwscanner) u#111, #94, others * document better what is doing * try run it with shadow? * funding: submit application for F3 (deadline sat) * time for working on #25515? * i would like to join this meetings to continue sharing updates and discuss bwscanner questions when i have them. - is this cool w/ the team?, and where/when/who i could send questions that would talk longer to discuss? pastly: sbws (simple bw scanner) is my attempt as a bw scanner been running some scans primarily for timing information got set up on ln5's donated box next steps: come up with and implement an intelligent scan order for relays sphynx documentation catalyst: last week (2018-W12): - day off to recover from travel - dealing with contractors at home - wrote up notes from Rome - sent near-term recommendations to team from CI session (thanks everyone who started signing up for and enabling their personal repos!) - reviewed tickets #24740, #24659 - installed Homebrew and Rust on my Mac to help review stuff that needs those - helped people with Travis and GitHub setup - CoC and SoV feedback this week (2018-W13): - talking to people about CC stuff - more ticket review - help with 033 and 034 tickets as needed - Coverity rotation duty asn: Last three weeks: - Attended Rome meeting! - Gave Tor talk in ENS Paris. Gave talk in Tor meetup hackfest in Athens. - Worked on network team roadmapping and worked on spreadsheets for roadmap and metadoc. - Worked on SponsorBucket roadmapping and briefed team about upcoming Snowflake position. Need help from Roger/Isa on figuring out next steps based on my last email to the thread. - Handed over the first round of weekly reviews with David. - Reviewed #17799, #24767, #24989, #6236. - Setup github account, github repo and travis and started transitioning there: https://github.com/asn-d6/tor - Discussed switching to 2 entry guards with Mike on [tor-dev]. I can be persuaded that it's a good idea but we need a proposal. - Worked on #14389 (UX of client auth for onions) with Arthur and David. Need more little-t-tor work and analysis. - Opened ticket about rev counter issue found by Roger and made an implementation plan: #25552 This week: - More reviews. - Start working on my vanguard simulation again. My goal is to have something initial on github by the end of the week, so that Mike can start using it in a week or two. - Need to do more work on #20212 and #25609 so that we can move forward there. Some mikeperry wisdom might be needed there.

1 0

Notes from March 22 2018 Vegas team meeting
by Karsten Loesing 23 Mar '18

23 Mar '18

Notes for March 22 2018 meeting: Shari: 1) Catching up on email. 2) Scheduled ED first round interviews. Now interviewing five strong candidates. 3) Reworking Sida budget (again). 4) Gathering statistics about where the Tor Project's money comes from to send to tor-meeting. 5) Planning a trip to San Francisco, either at the end of next week or April 6-8. Nick: 1) Also busy with ED screening interviews 2) Rome was great, wasn't it? 3) Ramping up with new network team plans and organizing methods, thanks to Isabela and the whole team: * Minimal roadmap * Regular roadmap checkins * only doing roadmapped stuff. * Preassigned ticket reviewers * preassigned rotations * Regular 1:1:1 meetings w me and isabela and each team member. * aggressive ticket triage * Serious CI * Every roadmap task has at least 2 people on it. 4) Doing libreplanet this weekend with Isa, Nathan, Alison and Steph. 5) Trying to fix all the bugs in 033 Georg: 1) Finalizing Tor Browser roadmap for the next few months, starting to install new procedures (e.g. rotating release duties) 2) Roger: There is still the Taler Mail from Shari from 02/20 asking you about your opinion. [Noted, will answer soon. -Roger] Alison: 1) Working on new community team roadmap 2) Doing LibrePlanet with a bunch of people this weekend! 3) Lots of LFI curriculum design 4) Kat is working on #24148 to get special treats to noteworthy volunteers 5) Colin is choosing our Outreachy intern(s) 6) Excited to have the Tor relay advocate position open! 7) Getting back on track for Sponsor 9 tasks after the meeting -- organizing content for community.torproject.org 8) Colin is also connecting with the group working on Localization Linguine 9) Trying to wrap up the remaining tasks for this Community Council. 10) Got lots of feedback from the CC session in Rome 11) Organizing the Tor Meeting committee. This is something we discussed in Rome and I think it'll make the meetings run even better. Steph: 1) DuckDuckGo Privacy Challenge is running. We had a bug with our campaign page, but it is fixed as of this morning https://www.crowdrise.com/duckduckgoprivacychallenge [should the rest of us make accounts for the challenge? i wasn't clear on what that gets us. -Roger] [if you want to personally fundraise for us, tell the story of why, then share your personal fundraising link. - Steph] 2) Preparing for LibrePlanet this weekend. Will be on a State of the Onion panel with nickm, n8fr8, isa. Had a retractable standing banner and flyers made for our table. Thanks to Alison for help putting this together 3) Mozilla Fellow application period opened yesterday, we’ll host a relay advocate https://blog.torproject.org/protect-open-web-ford-mozilla-fellow Mike: 1) Catching up and following up on Rome things. Wrote a tor-dev post about switching to two entry guards and (re)read a few related research papers. Plan to write a second post summarizing Rome QUIC meeting. 2) ReCaptcha is still banning all Tor users. Should we organize a publicity campaign about this? I find it deeply frustrating that they have set themselves up as the gatekeeper of "legitimate" traffic for the Internet and are now abdicating that responsibility in favor of just simply banning portions of the Internet instead. Do any other orgs care about this? [do we have any contact there? -steph][They actually don't ban all Tor users but some of the exit nodes are blocked, true. Georg] [I think it'd work best if we at least try to talk to someone there] Isabela: 1) a lot of follow up for different teams from discussion in Rome (did a summary for network team already, will work on reviewing+organizing roadmaps tbb,ux,services) 2) working on upcoming grants follow ups: FB research one (for 'one click solve all censorship problems') / OTF email bundle / Censorship Team 3) creating inventory of Tor swags in my house to build a control system to help with reports (yes I will take shirts and stickers to LibrePlanet) [Alison: yessss thank you] 4) prepared a short presentation on ux world at tor's land for LibrePlanet 5) Strong follow up with folks from countries we plan to visit on Q2 (this is priority after I catch up with Rome follow ups) 6) important - need help planning the FB research thing (head count for research and final deliverable) Roger: 1) continued progress towards a censorship team (session in Rome) 2) is there anything we should do to help with execdir search? [answer, no, the search committee is doing initial screening and that's a fine step for now] 3) can we draw more attention to the relay advocate position? like, a jobs page [answer: yes, we should make a page for it. Maybe Tommy will start on it.] 4) we've been helping damian go through another round of "is each member still active" 5) let's get to work on an invite list for santiago? 6) community council timing question: elect a new one next, or fix up the guidelines next? [Georg: I think we should fix up the guidelines first] [Alison: I think that's fine, and we can start the conversation after the CoC vote which is planned for next week] [answer: consensus is that we should have the next election on time ish, so we don't mess with our process too much, and we can fix up the guidelines after that.] Karsten: 1) Started providing metrics timeline events as Atom feed: https://metrics.torproject.org/news.atom 2) Explained why metrics are important and what we do to make sure they're safe: https://metrics.torproject.org/about.html 3) Released Onionoo protocol version 5.1 with smaller changes to handling nicknames and relay families. Arturo: 1) Established partnership with Karisma Foundation (Colombia): https://twitter.com/OpenObservatory/status/976059705037656064 2) Released press statement with CHRDI partner to encourage OONI Probe testing in Sierra Leone leading up to their next round of elections: https://snradio.net/ooni-probe-mobile-app-ooni-chrdi/ 3) Integrated a patch into measurement-kit for allowing us to integrate Tor into it: https://trac.torproject.org/projects/tor/ticket/23846#comment:8 4) A lot of progress on the OONI Probe golang implementation 5) Almost caught up with the huge backlog of email and things to tend to after a 3 week conference marathon

1 0

[Funding Opportunity] Mozilla Fellowships
by Tom Ritter 22 Mar '18

22 Mar '18

This is their copy/paste template: Mozilla just opened applications for the next cohort of the Mozilla Fellows program, a 10-month fellowship that is a transformative experience for emerging leaders concerned with making the internet a safer, more accessible resource for everyone. Fellows expand their network and sphere of influence; design impactful projects with the potential to reach millions; and learn from and collaborate with a global community of thousands of Mozillians. Mozilla Fellows are also awarded competitive funding and benefits. I’m writing you because I thought you might be interested in applying or know someone else who is. You can read more about the program and apply here, and see the recent announcement here. Applications are due April 20, 2018. https://foundation.mozilla.org/fellowships/apply/ https://blog.mozilla.org/blog/2018/03/21/seeking-fellows-better-internet-ap…

2 1

February Communications Report
by Stephanie A. Whited 21 Mar '18

21 Mar '18

Hello! Here's some of what the comms team got up to in February. Team written and/or edited blog posts  ================================== https://blog.torproject.org/weve-launched-search-our-next-executive-director https://blog.torproject.org/tor-outreachy-internships-underrepresented-peop… https://blog.torproject.org/volunteer-spotlight-meejah-helps-you-integrate-… https://blog.torproject.org/italian-anti-corruption-authority-anac-adopts-o… https://blog.torproject.org/new-guide-running-tor-relay    Social Media  ============  - Transitioned appearance to new covers featuring Antonela’s design   Twitter   ====== Posted at least 3 times each weekday.   Tweets: 75  New followers: 3,432  Top tweets: https://twitter.com/torproject/status/963444593860767744 https://twitter.com/torproject/status/968578305447391232 https://twitter.com/torproject/status/961400961485955074    Facebook  =========  Posted at least once every weekday.  New likes: 166 LinkedIn  ========= Posted at least once a week.   New followers: 44 Monthly Newsletter   =================  Sent 3/1:  https://newsletter.torproject.org/archive/2018-02-28-ed-search-relay-guide-…   Press Notables  ============= http://www.tomshardware.com/news/italian-anac-tor-whistleblower-platform,36… https://www.madamasr.com/en/2018/03/12/feature/politics/study-blocked-acces…  o/ -comms -- Stephanie A. Whited Communications Director The Tor Project IRC: stephw PGP Key ID: 39A876AD <https://pgp.mit.edu/pks/lookup?op=get&search=0x6D6B72C339A876AD>

1 0

OONI Monthly Report: February 2018
by Maria Xynou 19 Mar '18

19 Mar '18

Hello, The OONI team had an exciting month! We expanded our Latin American community by forming two new partnerships with Asociación por los Derechos Civiles (Argentina) and Fundación Karisma (Colombia). Our outreach efforts also focused on Africa, as we hosted OONI workshops in Uganda and South Africa. Following research, we updated the Egyptian and Mali test lists, and we published a follow-up study on the censorship events that occurred during Iran's anti-government protests. We also published a blog post that explains how to mine OONI data. We continued to make progress on the revamping of the OONI Probe mobile apps, we experimented with writing the OONI Probe CLI for the OONI Probe desktop apps, and we made a series of significant improvements to our data processing pipeline to better serve measurements on OONI Explorer. # Established new partnerships We are excited to have formally established two new partnerships! We now also have the opportunity to collaborate with: 1. Asociación por los Derechos Civiles (Argentina), Announcement: https://twitter.com/OpenObservatory/status/961617333113548800 2. Fundación Karisma (Colombia) As part of our new partnerships, we aim to collaborate on the study of internet censorship through the collection and analysis of OONI Probe network measurements. # Updated test lists We carried out research (https://ooni.torproject.org/get-involved/contribute-test-lists/#test-list-r…) <https://ooni.torproject.org/get-involved/contribute-test-lists/#test-list-r…> to identify more URLs to test for censorship in Egypt and Mali. Based on this research, we updated the following test lists: * Egypt: https://github.com/citizenlab/test-lists/pull/301 * Mali: https://github.com/citizenlab/test-lists/pull/304 We also updated the following test lists based on URLs provided by community members: * Zimbabwe: https://github.com/citizenlab/test-lists/pull/297 * Kenya: https://github.com/citizenlab/test-lists/pull/298 # Revamping of OONI Probe Mobile We made a significant amount of progress on revamping the OONI Probe mobile app. Based on mockups, we implemented a working proof of concept iOS mobile app to showcase the new UI. Based on this work we will be finalising the copy of the mobile app and begin a first round of user testing. # OONI Probe Desktop App This month we experimented with writing the OONI Probe CLI that is going to be driven by the desktop app in golang: https://github.com/openobservatory/gooni. The main things we were looking to compare and contract with the node.js app were: * How easy it is to link to the measurement-kit C++ library * How easy it is to cross-build and ship the CLI tool as a standalone binary * What tooling and libraries we would be needing to use to implement the full CLI tool * What the overall architecture of this software component should look like We are quite pleased with the results and believe this is probably the direction we are going to go for. Other factors that we took into account when thinking about using golang are: * How familiar developers in our team and community are with golang vs node.js * The security of the libraries and development process # OONI Pipeline & OONI Explorer We made a series of significant improvements and optimisation to our data processing pipeline to allow us to almost entirely move onto the new pipeline for serving measurements from OONI Explorer. In particular, we added better indexes to allow sorting by test_start_time (and therefore not break pagination in edge cases), as well as some fixes to prevent bad queries from making the database irresponsive. For more details, please refer to: * https://github.com/TheTorProject/ooni-explorer/pull/122 * https://github.com/TheTorProject/ooni-measurements/pull/50 * https://github.com/TheTorProject/ooni-measurements/pull/51 # Blog posts We published two blog posts in February: 1. I have hands, how can I mine OONI data? (https://ooni.torproject.org/post/mining-ooni-data/) <https://ooni.torproject.org/post/mining-ooni-data/%29> 2. Iran Protests: DPI blocking of Instagram (https://ooni.torproject.org/post/2018-iran-protests-pt2/) <https://ooni.torproject.org/post/2018-iran-protests-pt2/%29> The first post explains how to mine OONI data, while the second includes a follow-up study on the censorship events that occurred in Iran during anti-government protests. # Community activities Our outreach efforts focused on Africa during February. ## South Africa On 16th February 2018, we presented OONI (as part of a 1 hour talk) to the students and faculty members of the Computer Science department of the University of Cape Town. Further information about this seminar is available here: http://www.students.uct.ac.za/event/internet-censorship-measurements ## Uganda We participated in the "Internet Policy in Africa: Research Methods for Advocacy" workshop hosted in Kampala between 26th February 2018 to 3rd March 2018 (http://globalnetpolicy.org/event/research-methods-africa/) <http://globalnetpolicy.org/event/research-methods-africa/%29>. As part of this week-long event, we facilitated the following workshops: 1. "Network Measurement Research": A 1.5 hour workshop explaining OONI methodologies & presenting OONI censorship findings from various African countries. 2. "Deep Dive: Network measurement data analysis": A 2.5 hour workshop teaching OONI data analysis and interpretation. We also participated in a working group that designed a research project examining the relationship of internet censorship with conflict resolution in South Sudan. # Userbase In February 2018 OONI Probe was run 280k times from 4,924 different vantage points across 210 countries around the world. This information can also be found through our stats: https://api.ooni.io/stats ~ The OONI team. -- Maria Xynou Research and Partnerships Coordinator Open Observatory of Network Interference (OONI) https://ooni.torproject.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

No network team meetings this week
by Nick Mathewson 17 Mar '18

17 Mar '18

Hi! We're most of us likely to be traveling and/or recovering from travel this week. As such, let's not do our regular network team meeting times, and just check in day by day. Peace, -- Nick

1 0

Network team meeting notes, 5 March 2018
by Nick Mathewson 06 Mar '18

06 Mar '18

Hi! Network team meeting logs here: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-03-05-17.59.html Pad below: Network team meeting pad, 5 March 2018 Welcome to our meeting! Mondays at 1800 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Meeting notes from previous weeks: * https://lists.torproject.org/pipermail/tor-project/2018-January/date.html , search "network team" * https://lists.torproject.org/pipermail/tor-project/2018-February/001654.html * https://lists.torproject.org/pipermail/tor-project/2018-February/001664.html * https://lists.torproject.org/pipermail/tor-project/2018-February/001671.html * https://lists.torproject.org/pipermail/tor-project/2018-February/001674.html Old Announcements: * 0.3.3.x is in feature-freeze. No new features (except for #24902, which has permission.). * Please, work on bugfixes! It would be great to have this release release on time. (Planned date is 15 April) * Please fill in the code subsystems spreadsheet at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Please fill in Isabela's heat-mapping exercise with areas of tor work: what are our priorities? https://pad.riseup.net/p/38VbTZUIzG4X * Team rotation roles are open for March. teor also added "Frontline Support", which they can do most of the time. https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… Announcements: * Review-group-34 is now open, incorporating what is left of groups 32 and 33. https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~rev… * There are 39 tickets in review-group-34-- mostly because a lot of tickets from Tor:unspecified are pulled in. Let's try to resolve those rather than just throwing them all back. * There are 23 tickets in 033-must: https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~033… . Please grab some that you can fix, * Rome coming up! If you're there for the team days, our first (net team only) meeting is ______________ at ________. * If you are around and want to help with it (this is optional!) you can join people from the team from around 3pm to 5pm on March 9th to finsih up organizing tasks for 6 months roadmap (the work on To Do that I [isabela] wrote) THINGS TO DO: * Review tickets in review-group-34. * Fix things in 033-must. * Fill out the various areas/roles/subsystems spreadsheets, if you have not done so already. * Get some rest; take care of yourselves on the way to Rome! * If you doing work related to a sponsor open this pad: https://storm.torproject.org/shared/-p-gQvABCmlABNLLWFCe77RoN9e9AAeOux532lu… * I (isabela) need your help on defining and list the work we will actually do for the next 6 months on each sponsor deliverable * Please check the sponsor8 Activity O2.3 in that pad - the list created by nick and ahf is more or less the type of list I am looking to have for the other sponsors. * For all NSF grants I added the stuff Roger wrote about what we will do next on the last report we sent the sponsor. That is there for reference. I need the people who are working in those areas to look at it and organize what work should be done for the next months, a bullet point list should be enough. * After the list of work is done for each sponsor, I will ask you to add the tickets related to that work * End goal here is to have this done so at the 6 months roadmap planning meeting we are just assigning work and organizing it in the timeline Discussion: * * US DST changes over while we're in Rome. we might want to figure out whose DST we're going to track for meeting times [catalyst] * are we doing any more planning for the pre-meeting hackfest on 3/10? [catalyst] ==== Updates: Nick: * Last week: - Jury duty consumed most of my time Tue->Fri. - Released 0.2.9.15, 0.3.1.10, 0.3.2.10, 0.3.3.3-alpha. - Tried to catch up with answering tickets and email. - A little planning for rome. - Opened several tickets for improved wakeup/timeout handling: * 25373 * 25374 * 25375 * 25376 * 25377 * This week: - Fix as many 033-must issues as I can - Grab and/or drop 034 tickets as I can - Prep for rome meetings - Travel to rome - Enjoy a little time in rome before the meeting starts pastly (50%+ offline for meeting): tl;dr: I'm talking to my coworkers about finding time and rationalizing funding for working on the torflow/bwauth problem. Working idea is currently to make something simplier than peerflow but still better than what Tor currently has. We/I will be attending the related sessions in Rome. Once we decide if/when I can work on this, I'll stay in communication with the network-team about progress and implementation details so that the transition will go even more smoothly than KIST's ahf Last week: Sponsor 8: - Roadmap document with Isa. - Wrote a patch to add a StatsReporter subsystem in Tor that can emit internal stats to external services for my phone: https://gitlab.com/ahf/tor/commit/96a1eb1dce3a82572dc09ad018955b34c47d0bb0 Misc: - Landed small patch for #25378 - Participated in PT meeting. - More messing around with PT/Windows code. - Setup a relay on a host to try the statsreporter code in a relay-setting. This week: - Get the StatsReporter code in a shape where it can be reviewed by others. - Prepare for Rome meeting and travel to Rome: - Finish Windows/PT project to demo for PT people in Rome. - See if I have overlooked any documents/roadmapping tasks before Rome. - Book Seattle meeting flights. catalyst: last week (2018-W09): - make it easier to allow Travis builds to fail silently if necessary (#25388) - Rome meeting and Seattle hackfest logistics (more time-consuming and annoying than usual because reasons) - roadmappy stuff this week (2018-W10): - more meeting prep - more roadmappy stuff - May/June hackfest logistics - Rome meeting - CoC and SoV feedback as needed Mike: Last week: - Went through controller bw events, wrote a patch for CIRC_BW (#25400) - Implemented bandwidth-based side-channel detection for vanguards This week: - Rome & travel isabela: last week - worked with nick on organizing some stuff at the pad (above at todo part) this week - at iff - trying to get as much done before rome. isis: last week: - reviewed #25268 and tested/attempted to reproduce #3940 - wrote unittests for some things in circuitbuild.c and bridges.c that were not tested - reviewed and cleaned up the rust logging code #23881 - got a working sha2 wrapper in Rust (around our C) code, but there's still linking issues #24659 - added some cleanups to the crypto.c refactor #23658 - looked into some other issues with rust builds #25341 this week: - book stuff for may hackfest - pre-roadmapping planning/organisation - review #25386 which claims to fix my linker issues for #24659 -

1 0

February 2018 report for the Tor Browser team
by Georg Koppen 06 Mar '18

06 Mar '18

Hi all! Just a short update on what the Tor Browser team worked with in February and what we are up to in March. We made an alpha release, Tor Browser 8.0a2[1], containing a new Tor alpha (0.3.3.2-alpha) and a bunch of updates to other components (Torbutton, Tor Launcher, HTTPS Everywhere, and NoScript). Apart from that we worked on fixing up Moat which allows receiving bridges from BridgeDB using the meek pluggable transport.[2] It will be available in the next alpha which is scheduled for next week for further testing. Moreover, almost all of our remaining time got spent on upstreaming as many patches as possible to Mozilla as the merge window for the next Firefox ESR (60) is closing next week. We spent time on updating our toolchains as well.[3][4][5] On the mobile side we are close to have the Orfox patches merged into our tor-browser.git repository[6] and both Tor Launcher and Torbutton integrated into it as well.[7][8] That's a first step in providing their functionality to Android users, too. The full list of tickets closed by the Tor Browser team in February is accessible using the `TorBrowserTeam201802` keyword in our bug tracker.[9] In March we hope to make further progress on patch uplifting and toolchain updates, and we will be at the dev meeting to plan for the next six months including the Tor Browser 8 release. We hope to get back to our user interface improvements which are still in the pipeline (e.g. circuit display updates[10]) while starting the countdown for Tor Browser 8 preparations: that includes finishing the rebase of our remaining patches to ESR 60 and writing new patches to address compatibility requirements and new "features" coming with the new Firefox version. All tickets on our radar for this month can be seen with the `TorBrowserTeam201803` keyword in our bug tracker.[11] [1] https://blog.torproject.org/tor-browser-80a2-released [2] https://bugs.torproject.org/23136 [3] https://bugs.torproject.org/16472 [4] https://bugs.torproject.org/25304 [5] https://bugs.torproject.org/21777 [6] https://bugs.torproject.org/19675 [7] https://bugs.torproject.org/25013 [8] https://bugs.torproject.org/25260 [9] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [10] https://bugs.torproject.org/24309 [11] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…

1 0

Tor Browser team meeting notes, 5 Mar 2018
by Georg Koppen 05 Mar '18

05 Mar '18

Hi! Here are the meeting notes from our first meeting in March 2018. The chat log is on http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-03-05-19.00.log… and the items from the pad are: Monday, March 5, 2018 Discussion: - next meeting (GeKo: the plan is to have the next one on Monday March 26, 1800 UTC taking summer time into account) - isa's meeting pad: https://storm.torproject.org/shared/2RXUuAa_G4_GNy5yHFt8gjFqOv2wAJeq8-_0mQm… mcs and brade: Last week: - For #23136 (Moat integration): - Fixed #25389 (backport Subprocess.jsm runaway CPU fix (Mozilla 1370027)). - Responded to code review feedback and delivered an updated patch. - Filed some follow up tickets: - #25360 (Moat UI is hidden if there are no default bridges) - #25405 (cannot use Moat if a meek bridge is configured) - Found and filed #25362 (setup dialog opens after tor restart when TOR_FORCE_NET_CONFIG=1). - Did some preparation for the Rome meeting. Planned for this week: - Work with Arthur to find the root cause for #25331 (Test from #18912 failing). - Help with code reviews. - Work on #25405 (cannot use Moat if a meek bridge is configured). - More preparation for the Rome meeting. - Mark travels to Rome, arriving Saturday. pospeselr: Last week: - #22794 uplift to firefox (tracked in bugzilla https://bugzilla.mozilla.org/show_bug.cgi?id=1441327 ) - #25147 backport of fix to ( https://bugzilla.mozilla.org/show_bug.cgi?id=1432966 ) This Week - fix #1441327 ff patch based on their CR feedback, backport said fixes back down to tor-browser - sync with Pari issues spreadsheet - more uplifts - ROME ROME ROME GeKo: Last Week: - Work on #21777 (I basically get mozilla-central cross-compiled now with the clang/minw-w64 toolchain and the result is running \o/; now we need to fix the breakage caused by enabling Stylo) - Code review for moat (#23136), the new HTTPS-E build system (#25339) and partly for merging the Orfox patches (#19675) - I got my patches for #23439 and #21321 uplifted (no mixed content blocking for .onion domains) - I am nearly done with writing an updated draft for the security control redesign proposal This week: - Begin-of-the-month team admin work - Sending the security control redesign proposal to tbb-dev - release preparations - meeting planning - #21777 - reviews, reviews, reviews - Meeting in Rome boklm: Last Week: - Fixed #25339: Install python 3.6 for building HTTPS-Everywhere - Worked on toolchain updates (#16472, #25420, #25304) - Made patch for #25422 (rbm: Give more details in "Cannot checkout" errors) This week: - Continue to work on toolchain updates - Fix #25318 (Add Tor Browser nightly builds email notification) - reviews some tickets if needed - help with building the new releases - will spend some time at IFF, before traveling to Rome tjr Landed time jittering in Nightly. Dealing with fallout. Worked on why MinGW won't run. Thought I had reproduced it not running, then it ran! Seems related to graphics (Still) I'm going to try to flip off the 2 graphics prefs, and run the tests in TC, and see if I can get consistency. I need to write up a wiki page about what (exactly) we block with fingerprinting protection. x64 build in TaskCluster - GeKo, based on your latest work: go for it, or hold off? [GeKo: Go for it. I think the clang thing is cool but there is so much to do that is left that I see it as a plan for the next esr or when we switch to the regular release cycle or maybe for Tor Browser 8.5] Something to think about: Which is more valuable to do first: a proxy bypass test harness for mobile or for desktop? [GeKo: If it's a "we'll work on that in Q3 2018"-thing then I think mobile would be good as we should have our alpha out by then and could use this test harness for ensuring there are no serious things like proxy bypasses on mobile, which is the platform I suspect will have more of those issues than desktop right now.] The light at the end of the Timer Fuzzing tunnel is starting to appear, so I want to start thinking about the 'next big thing' igt0: Last week: - #25126, update the code to use torbutton git repo and to work on Firefox m-c. - #25013, make it work as a feature extension and update the code to work on m-c This week: - Since we are following the feature extension approach I need to update the tor button proposal. - preparation for the Rome meeting. - Try out tor button in the firefox mobile sysrqb: Last week: - Sick with the flu, lost a lot of time - Nearly landed 1440789 (should land this week) - Attended (the end) of the Localization Summit at IFF - Arthur, I hear there will be a discussion about langpacks in Rome, I'm interested in that conversation This week - At IFF, talking with users, trainers, and translators - Landing 1440789 - New branch for Orfox patches merge (#19675) - Finish mobile roadmap and send email arthuredelstein: Last week: Worked on uplift: https://bugzilla.mozilla.org/show_bug.cgi?id=1433592 https://bugzilla.mozilla.org/show_bug.cgi?id=1434772 (landed) https://bugzilla.mozilla.org/show_bug.cgi?id=1441449 (revising) https://bugzilla.mozilla.org/show_bug.cgi?id=1330467 (getting close) Worked on revising https://trac.torproject.org/projects/tor/ticket/22343 This week More uplift: https://torpat.ch/short Rebasing Flying to Rome, arriving on Saturday Georg

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project