- tor-project - lists.torproject.org

Notes from the Tor Browser team meeting, 29 May 2018
by Georg Koppen 30 May '18

30 May '18

Hi! We had our last weekly meeting in May yesterday due to a US holiday on Monday and here come the usual notes. The chat log can be found at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-05-29-18.00.log… The notes from the pad are: Tuesday, May 29, 2018 Discussion: -nightly releases, preparations for the alpha mcs and brade: Last week: - Reviewed #25750 (update Tor Launcher for ESR 60). - Reviewed #23247 (Communicating security expectations for .onion). - Tested the new circuit display on macOS. - Took a lot of time off for family events. This week: - For a couple more days, we still have limited availability for Tor work. - Begin #22074 (Review Firefox Developer Docs and Undocumented bugs since FF52esr). sysrqb: Last week: - Finished TorLauncher updates for 60ESR (#27570) - Tested which unit tests fail/break with TBA patches (#25741) - Started rebasing tor-browser patches (using Arthur's branch, #25543) onto FF61 (#26233) This week: - Continue rebasing tor-browser patches onto FF61 (#26233) - Help igt0 with troubleshooting orfox igt0: Last Week: - Helped out Arthur to wrap up the 26100; - Kept pocking Gecko trying to figure out why the latest ESR release is crashing(I also asked for help from the JSAPI team https://bugzilla.mozilla.org/show_bug.cgi?id=1463741) This Week - Still need to figure out why Orfox is crashing - Look again in Tor Button for Mobile (What it needs to be done in the esr60) - Finish my JSConf slides and present it. boklm: Last week: - made patches for: - #22242 (Selfrando embeds the RUNPATH in Linux binaries) - #26165 (make it possible to use gcc:var/setup without hardening wrapper) - #25860 (Clean up OpenSSL's configure options for Windows) - #25859 (Clean up zlib's build script) - #12968 (Specify HEASLR (High Entropy Address Space Layout Randomization) in MinGW-w64) - updated patch for #25862 (move mingw helper scripts to firefox) - updated and rebased patch for #16472 (binutils update) - looked at the list of things to do for #26050 (achieve update "watershed" for ESR60-based Tor Browser) This week: - file upstream binutils ticket for #26148 - review some tickets (#25832, #25894, #25975, #9711) - continue work on some ansible roles for testsuite VMs setup (#26149) tjr - We know where the (one?) crash in x64 sandbox is and are working on a fix - Scheduled some all hands meetings, scheduling more this week. - Working on getting Jacek as a contractor for mingw-clang GeKo: Last Week: - reviews, reviews, reviews - debugged various issues with our proposed patch for nightly linux builds based on esr60 (#26073) - wrote a fix for about:tor not shown in upcoming nightlies (#26129) - helped antonela with builds for user testing (arthur asks: what were results? did circuit display ever work?) [GeKo: not sure about the results but we fixed the issue with the circuit display and .onion icons not showing up) - worked on setting up new signing (sub) keys (MAR and Tor Browser) - debugged issues with our switch for macOS to the new toolchain; the good news is I get Tor Browser built (wrote patch for #9711 and started with #26195) - went over the patches we want to have on ESR60 for the mingw-w64 build: tjr: are there patches left we want to uplift? [GeKo: currently not but we want to have backport at least one patch to get the browser compiled for mingw-w64: https://bugzilla.mozilla.org/show_bug.cgi?id=1448748; we'll probably want to pick https://bugzilla.mozilla.org/show_bug.cgi?id=1411401 and https://bugzilla.mozilla.org/show_bug.cgi?id=1389967 as well, once they are ready] This Week: - finish MAR signing key testing - finish macOS switch to new toolchain (including all the other components, not only firefox) - make progress on the network review pospeselr: Last Week: - finished up #23247 patch (for tor-browser and ESR60), though when applied against ESR60 tryserver tests start failing left and right - investigated said failures, but haven't fixed yet This Week: [GeKo: + start to work on #26039] - fix #23247 test failures - resolve localization issue - taking Friday off, flying to Kansas for wife's bike race arthuredelstein: Last Week: With igt0, finished up revisions for https://trac.torproject.org/projects/tor/ticket/26100 Finished up revisions for https://trac.torproject.org/25543 (update tor-browser.git for esr60) Posted my WIP patches for feeback on https://bugzilla.mozilla.org/show_bug.cgi?id=1330467 This week: Work on more ff60-esr tickets: (#26128, #14952, #25555) Rebase branches for mozilla-beta (#26233) (sysrqb: great, thanks!) sukhe: Last Week: - Worked on #26073. I think it's done but I will wait for it to be merged. - Meeting with Hooman: #25483 This Week: - Will work on #26216 and #26203 - If there is a higher priority ticket for the nightly, please let me know. [GeKo: no, #26203 is the highest prio for now] Georg

1 0

[TSoP2018] Bandwidth scanner status - status report #1
by juga 30 May '18

30 May '18

Hi, Since SoP started, these has been the tasks i have worked on: Bandwidth List format specification: -------------------------------------- - Version 1.1.0 was merged [1] - Replace timestamp by the the latest scanner result time [2] - Started to work on adding KeyValues counting errors in Bandwidth Lines [3] little-t-tor -------------- - Stop logging stack contents when reading a zero-length bandwidth file [4] - Fix Tor to accept node_id at the end of a bandwidth file line [5] - Stop warning when Bandwidth files contain additional header lines [6] - Create unit test for the additional header lines and for whole Bandwidth files [7] Simple Bandwidth Scanner (sbws): --------------------------------- - Discussion about the order of hops when measuring relays [8] - Make sbws a proper Python package by including all files required in source and binary distributions [9] Generation of Bandwidth List files: - Started to work on adding failure types and number to the Relays' Bandwidth Lines [10] - Replace timestamp by the the latest scanner result time [11] - Add additional headers [12] - Include software and sofware_version headers [13] Best, juga. [1] https://trac.torproject.org/projects/tor/ticket/25869 [2] https://trac.torproject.org/projects/tor/ticket/26155 [3] https://trac.torproject.org/projects/tor/ticket/26200 [4] https://trac.torproject.org/projects/tor/ticket/26007 [5] https://trac.torproject.org/projects/tor/ticket/26004 [6] https://trac.torproject.org/projects/tor/ticket/25960 [7] https://trac.torproject.org/projects/tor/ticket/25947 [8] https://github.com/pastly/simple-bw-scanner/issues/167 [9] https://github.com/pastly/simple-bw-scanner/pull/163 [10] https://github.com/pastly/simple-bw-scanner/issues/160 [11] https://github.com/pastly/simple-bw-scanner/issues/169 [12] https://github.com/pastly/simple-bw-scanner/pull/130, https://github.com/pastly/simple-bw-scanner/issues/119 [13] https://github.com/pastly/simple-bw-scanner/issues/128

1 0

Fwd: [TSoP2018] Ahmia status update #1
by Stelios Barberakis 29 May '18

29 May '18

Hello all, This is an update report for ahmia project, as part of the Tor Summer of Privacy 2018. The first two weeks I have been working on updating and slightly improving the codebase of *ahmia-site, ahmia-index, ahmia-crawler* subprojects. More specifically: * Updating python packages and adding python3 support (default version from now on), to have a clean building process. * Prettifying the code towards pep8 compliance * Fixing some minor issues, like unresolved references, substitude deprecated methods, etc * Separating code from configuration by introducing environment variables approach through python-decouple. The already pushed commits can be found at the corresponding github repositories [1] <https://github.com/ahmia/ahmia-site/commits/tsop18>, [2 <https://github.com/ahmia/ahmia-crawler/commits/tsop18>], [3 <https://github.com/ahmia/ahmia-index/commits/tsop18>]. Best Regards, Stelios -- PGP key: http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xBF6EA91B7CBE3998

1 0

[TSoP] stem.client - status report #1
by Dave Rolek 29 May '18

29 May '18

Hi everyone! This is my first status report for the stem.client TSoP project [1]. # Updates A lot of these first two weeks has been improving development processes, workflows, and coordination. A new Trac keyword "dev" now exists for stem tickets related to developers/development. [2][3] I'll be adding more and addressing some of these soon. I continued some work on the stem.control caching behavior, to wrap up #25821 [4] and tie out a remnant event into a new ticket, #26129 [5]. I've been planning out some of the architecture/design of stem.client [6], as well as reviewing existing code [7]. For the former, I'm especially considering how to make stem.client most useful within the Tor and Python ecosystems. I've looked at the "sans-io" style in hyper-h2 that meejah mentioned [8][9][10][11], along with similar resources [12][13][14]. I've also been looking at a few of the modules in the Python stdlib and projects in the ecosystem, to try to understand their potential integration points. # What's next For both architecture and code review, I have a bit more work to do. I'll confer further with Damian for these. Architecture discussion will be started on a private pad and then opened up to the larger community. Afterwards, I'll be moving onto these cells: * CREATE * CREATED * CREATE2 * CREATED2 * PADDING_NEGOTIATE And then I'll be working on CERTS, AUTH_CHALLENGE, NETINFO cells and the "v3 handshake". # Other Tor things I'd like to point out some other Tor things I'm doing, too, that aren't under the scope of stem :). I've had some mild involvement in the University of Michigan getting their exit node [15] up and running again. And Cryptoparty Ann Arbor will be having an event on Sat., June 9th, at the public library. [16] # Closing As with before, I've been active and reachable over IRC, where my nick is dmr. I'm still attending the network-team meetings, and since I've been asking some clarifications on the tor-spec [17], I'll probably be more chatty in those soon, too! Please don't hesitate to reach out to me via IRC or email. Thanks, Dave [1] https://lists.torproject.org/pipermail/tor-dev/2018-April/013090.html [2] https://trac.torproject.org/projects/tor/query?keywords=~dev&component=Core… [3] https://trac.torproject.org/projects/tor/wiki/doc/stem/bugs?action=diff&con… [4] https://trac.torproject.org/projects/tor/ticket/25821 [5] https://trac.torproject.org/projects/tor/ticket/26129 [6] https://trac.torproject.org/projects/tor/ticket/26226 [7] https://trac.torproject.org/projects/tor/ticket/26227 [8] https://lists.torproject.org/pipermail/tor-dev/2018-February/012906.html [9] https://lists.torproject.org/pipermail/tor-dev/2018-February/012908.html [10] https://lists.torproject.org/pipermail/tor-dev/2018-April/013100.html [11] https://python-hyper.org/h2/en/stable/ [12] https://sans-io.readthedocs.io/how-to-sans-io.html [13] https://www.youtube.com/watch?v=7cC3_jGwl_U [14] https://github.com/python-hyper/h11 [15] https://metrics.torproject.org/rs.html#details/5AFAC3D00E97D6733112CC9CA2A7… [16] https://aadl.org/node/372209 [17] https://trac.torproject.org/projects/tor/ticket/26228

1 0

Notes from May 24 2018 Vegas team meeting
by Karsten Loesing 25 May '18

25 May '18

Notes for May 24 2018 meeting: Mike: 1) Finishing vanguards specification; finalizing vanguards rpo 2) On vacation Jun 7-15; Key Mozilla will not be at all-hands on the 16th, likely going to skip it. 3) Prepping for Seattle meeting. Georg: 1) We helped Antonela with Tor Browser bundles for user testing 2) We are about to switch to ESR60-based Tor Browser nightly builds 3) Timesheet approval Nick: 1) Stable release out (0.3.3.6). We'll know if it's good once users get it. 2) Going to take off from most everything else in order to prep for Seattle meeting. 3) Possibly not at this meeting next week, depending on Seattle schedule. 4) Monday's a holiday and I'm traveling Tuesday: you won't see me (much) then. Karsten: 1) iwakeh leaves the metrics team by end of May (and not by end of June as originally planned), and irl joins in July, which leaves just me as paid metrics team person in June. It's unclear whether we'll able to do reviews in June. Maybe it will be a month of documentation and housekeeping without actual code changes. 2) We're putting out new releases of everything on Friday and next week to switch from Gson to Jackson. The main reason is to practice the release/deployment process with irl. Steph: 1) Success in getting a website opened to Tor users, though behind a captcha 2) Interviewing Mozilla fellows this week 3) Ran a booth at RightsCon last week with invaluable help from Kat, Sina, and Sukhbir! Thanks Jon for getting our gear sent out! 4) Working through our presence at Def Con, seems we cannot have a booth in the village as we had hoped, but Roger could still do an AMA 5) Worked with Colin and Tommy on a post announcing Colin’s new position as relay advocate 6) Worked with Antonela on a post about user testing at cryptorave 7) Lining up future posts on the blog content calendar with Tommy 8) Replying to questions from a journalist Arturo: 1) It's been a week very packed with conferences and social gatherings. I am currently in San Francisco. 2) Published interview with Julie Owono: https://ooni.torproject.org/post/ooni-community-interviews-julie-owono/ 3) Working on research reports 4) Updated test lists (KZ, PK, global) 5) OONI data was cited in various research reports & we got press coverage from a Malaysian news website 6) Making a considerable amount of progress on the OONI Probe windows app 7) Wrote in this ticket some considerations about how to test circumvention tools in OONI Probe: https://github.com/ooni/spec/issues/109. isabela: 1) got extensions for sponsor17 and 13 (this one will come for us to sign more towards the end of the contract) 2) writing a evaluation report for sponsor4 (they requested it) this is based on what we wrote at 'monitoring and evaluation' part of the proposal 3) organizing nce request for sponsor8 and a short evaluation/expectations report for sponsor9 (phase 1 ends in June so we will have to write a lot of reports, phase 2 plans and budget for them) 4) organizing a soft launch for support.tpo so we can have translations done and all the remaining blockers resolved (this is hanging way too long is priority to solve this so we can at least meet a few of the website redesign deliverables) 5) will meet CEO of cliqz on June 5th in NYC 6) going to Seattle next week for network team hackfest and to sync with Shari 7) working on PMs job posts 8) plan on start organizing content creation process for new tpo site Shari: 1) trying to organize everything for Isabela handoff 2) too much travel (I'm at the airport now) 3) good connections at RightsCon 4) anti-censorship project

1 0

Notes from Tor Browser team meeting, 21 May 2018
by Georg Koppen 22 May '18

22 May '18

Hi all! Yesterday we had the newest edition of our weekly Tor Browser meeting. The chat log can be found at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-05-21-17.58.log… The notes from the pad are: Monday May 21, 2018 Discussion: -Preparations for Mozilla's All Hands meeting? - What tjr has in mind: - Tor Product Discussion - mostly introduce the Uplift project and SPB ideas to a Mozilla Product person - Fingerprinting / Tor Uplift - plan what Ethan and co should work on first - Network Programming (probably?) - UI/UX meeting - Sandboxing - Mobile Direction - what is happening with Fennec - Mobile Programming: snorp, nalexander - WebRTC: Nils, Arthur, Richard -Next meeting (28th is Memorial Day in the US)? Maybe on 29th same place, same time? [GeKo: Yes; will send a mail to tbb-dev] mcs and brade: Last week: - Revised the patches that we worked on for #25543 (Rebase Tor Browser patches for ESR60) to account for GeKo's feedback. - Reviewed Matt's revised patch for #25750 (update Tor Launcher for ESR 60). - Fixed #20890 (Increase connection timeout to avoid "Could not connect to Tor control port" errors). - Contributed to the ongoing discussion in #25694 (Activity 3.1: Improve the user experience of updating Tor Browser). This week: - We will be away from keyboard a lot but will do our best to monitor IRC and email. - Follow up on any remaining ESR60 patch issues (#25543). GeKo: Last week: -reviewed ESR60 tor-browser branch -reviewed #25750 (update Tor Launcher for ESR 60) -wrote a first patch for updating the macOS toolchain (finally, we seem to be able to use an own cctools, see #9711) -started the esr52-esr60 network audit -closed some old and unused milestone on Trac; minor bug triage -wrote a patch to deal with Torbutton and Tor Launcher being legacy extensions now (#26127) -tested whether the circuit display patch (#24309) works "out-of-the-box" with ESR 60 (it does not! (surprise, I know) -prepared our authenticode signing to use SHA-256 as signing hash algorithm (#18287) This week: -finish macOS toolchain for ESR 60 -further progress in esr52-esr60 network audit -(MAR-)key creation -a bunch of reviews -getting ESR60-based nightly builds going [GeKo: the plan is to give antonela as fast as possible ESR52-based bundles with patches for #24309 and #23247 for user testing and getting the switch to ESR60-based Linux nightlies done this week] sysrqb: Last week: - Worked on Tor Launcher patches (25750) - More TBA testing and rebasing onto 60 and 61 - Orfox troubleshooting This week: - Finish TorLancher patches - Help igt0 debug Orfox crash - More TBA testing igt0: Last Week: - Tor Button for ESR60 (#26100) - Tried to bisect a crash in Orfox This Week: - Finish the Tor Button for ESR60 - Reduce the website that makes Orfox crash removing the noise and creating a simple test case. - Finish my presentation slides to the JSConf boklm: Last week: - made patches for: - #26059 (Use mar files from the signed directory when generating incremental mars) - #26054 (Make sure to create incrementals from previously signed MAR files) - updated patch for #16472 (updating binutils to 2.26.1) and opened #26148 (updating to binutils > 2.26.1) - started reviewing #25832 (Enable pthread support for mingw-w64) but need to use ESR60 to test it - worked on some ansible roles for testsuite VMs setup (#26149) This week: - fill upstream binutils ticket for #26148 - look at #12968 (Specify HEASLR (High Entropy Address Space Layout Randomization) in MinGW-w64) - review and test #25832 (Enable pthread support for mingw-w64), #25894 and #25975 (get a rust compiler for Windows and macOS) or other tickets needed for the switch to ESR60 in nightly builds - work on some ansible roles for testsuite VMs setup (#26149) pospeselr: Last week: - working implementation for #23247 (Communicating security expectations for .onion) -no longer sick This week: - rebase patch for ESR60 tjr - MinGW: No significant outward progress from last week. Working on cleaning up patches for landing and debugging last few issues. - Had discussions with people about All Hands Meetings sukhe: Last Week: - Worked on https://trac.torproject.org/projects/tor/ticket/26073 with Arthur (patch tor-browser-build.git for Firefox 60 ESR) - RightsCon (Wed-Fri) This Week: - Wrap up #26073 - Meeting with Hooman for #25483 (Snowflake Windows) Georg

1 0

Notes from network team meeting, 21 May 2018
by Nick Mathewson 22 May '18

22 May '18

Hi! Meeting logs are available at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-05-21-16.59.html Notes are below: ========================= = Network team meeting pad, 21 May 2018 = "I am satisfied the usage of passing acts of Parliament for the taking upon one a surname is but modern; and that any one may take upon him what surname, and as many surnames as he pleases, without an act of Parliament." - Sir Joseph Jekyll, Barlow v Bateman, 1730 Welcome to our meeting! Mondays at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) == Previous notes == 23 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001747.html 30 April: https://lists.torproject.org/pipermail/tor-project/2018-April/001750.html 7 May: https://lists.torproject.org/pipermail/tor-project/2018-May/001760.html 14 May: https://lists.torproject.org/pipermail/tor-project/2018-May/001769.html == Stuff to do every week = * Let's check and update the roadmap. What's done, and what's coming up? url to roadmap: https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check reviewer assignments at https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… * Check rotations at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… == Announcements == * No online team meeting next week! (US Holiday) * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Important dates: * May 30, 2018 -- hackfest! * Remember: don't spend more than a day working on anything that isn't on the 033 or 034 milestones. * See hackfest pad at https://pad.riseup.net/p/0RxS2ZcRe9Eb for .... - scheduling meetings with nickm and isa! - prep-work that isa and nick (and maybe you) should do before the meeting - the list of people, which is the only even quasi-sensitive thing == Discussion == == Updates == Nick: Last week: - Release 0.3.4.1-alpha - Got appveyor branch working -- what are my next steps? #25549 [catalyst: see my updates for something we want to consider] - Triaged some 0.3.4.x tickets away - Worked out list of things to prepare before the meeting - Worked on a few OSS-Fuzz issues that turned out to be a minor openssl problem. Our side of it turned into #26116 - Started work on ChangeLog/Releasenotes for 0.3.3.6. This week: - Release 0.3.3.6 as stable. Any blockers? - Maybe the crash in #25957, but it looks hard to diagnose - Prepare for Seattle discussions. - Hunt bugs in 0.3.4.x. - Gonna take Friday off, I hope! Monday too! (US holiday) catalyst: last week (2018-W20): - coverity rotation -- uneventful - researched some EINTR and SA_RESTART stuff related to #26040 - more work on #25061 (adding test coverage for stuff that wasn't tested before) - filed #26142 (use C99 inttypes.h macros for U64 etc.) - briefly looked at #25549 again. looks like good progress so far. #26076 might be an intermittent failure? it would help to squash stuff into more readily reviewable chunks. #25942 seems ready but is effectively part of #25549 - maybe we should decide whether to merge #25549 anyway and deal with #25942 if it happens often enough to be ananoying? (it's okay with me -nick) - helped Nick proofread the 0.3.4 ChangeLog - did a few small string handling exercises in Rust. read a little about how Rust does async things - maybe talk about some architecture stuff at this week's patch party (Nick, teor, komlo, isis?) this week (2018-W21): - community advocate - more #25061 - code review - prep for Seattle hackfest - some possibly time-consuming urgent home maintenance teor: last week: - collect data, analyse data, write paper - keep up with bandwidth authority work this week: - analyse data, write paper - prepare for Seattle - travel to Seattle Mike: last week: - Refactored vanguards scripts to make them easier to test, package, etc. Registered repo with travis+coveralls - Wrote tons of tests for vanguards repo. 91% coverage!1 - Wrote config file and options parsing for vanguards repo. - Fell into python-import-loop hades, slayed a hydra-like beast, called the outer gods out on some bullshit, and returned to earth. - Whie testing, discovered that BUILDTIMEOUT_SET was reporting incorrect stats. Wrote patch (#26121) - Tried to help improve CIRC_BW field spec. Maybe succeeded? (#26110) - Reviewed Nick's fix for handling malformed connected cells in #26072 (thanks Nick) - Realized that #26072 meant that CIRC_BW bandwidth field accounting needed a slight change (#26117 - Read and commented on asn's work on vanguard params in #25545 - looks good! Thanks asn! this week - Document vanguards config options and other things in the README - Get vanguards repo pip/deb package-ready isabela: - working on preparation for Seattle: - anti-censorship update - prep work for retrospective - prep work for roadmap - organized slots for 1:1:1 in seattle asn: Last week: - Fixed a few bugs on the vanguard simulator that were impacting the results (#25545), and also merged a few patches from Mike. Produced graphs and did an analysis to guide the final vanguard topology. You can read the analysis here: https://github.com/asn-d6/vanguard_simulator/wiki/Optimizing-vanguard-topol… - Reviewed and revised #25947 and #25960. Waiting for ACK from juga before merge_ready. - Peaked a bit into #26022 and validated Karsten's bug. - Drafted response to big provider who wants to start using v3 onions. - Got up to date about SSL DV certs for v3 onions. A document is being drafted and I got in touch with the authors. - Gave some feedback on #23247. - Assigned weekly reviews - Community hero work: + Spoke with researchers who want to do a "darkweb study" and informed them of previous such work. + Helped potenial volunteer in IRC understand torguts and review rotations. + Communicated with haxxpop about client auth work. Answered some emails but didn't manage to do good progress. Hoping to continue this week. This week: - More work on remaining vanguard stuff. - Get up to date with client auth work by haxxpop. - Start organizing 0.3.5 work. - Talk with big provider about v3 integration. haxxpop: Last week: - Wrote the test for republishing a descriptor when SIGHUP - Refactor the code according to asn's comments This week: - Probably work with asn to find a UX design for client auth ahf Last week: Sponsor 8: - Made a simple snooze hook for #25497 for Orbot to disable network. Testing on own device now to see if it makes a difference or causes problems. Misc: - Review of #17873 and got Nick to do some additional reviewing. Some discussion on IRC about this fix too. - Went over all the tickets in Core Tor with missing milestone and tried to triage them. - Think I have everything ready for the Seattle meeting \o/ This week: Sponsor 8: - Standardize our S8 reporting metrics for event loop returns, CPU usage, and memory usage for reporting for Isa, ideally so that there is just some reports ready for Isa to pull when she needs them. Misc: - Might be away Friday. - Give (hopefully) final OK to #17873 isis: last week: - dealt with some small rust changes we needed as prerequisites to doing any of our crypto stuff in rust #26106 #26107 #26108 #26109 - re-reviewed the appveyor progress #25942 #25549 - worked on the ffi for optionally using ed25519-dalek #23886 - did more of the wide extend stuff based on nickm's review/suggestions #25651 - took most of thursday and all of friday off to move this week: - hopefully finishing up the wide extend cells #25651 - getting to the sending wide creates/extends #25649 - i moved to a new house! it does not have internet yet, because lasers. if you urgently need my attention, please feel absolutely free to signal me, it will definitely be the fastest/most reliable way to reach me.

1 0

Notes from May 17 2018 Vegas team meeting
by Karsten Loesing 18 May '18

18 May '18

Notes for May 17 2018 meeting: Karsten: 1) Worked on various smaller improvements to our statistics-generating code as a (positive) side effect of specifying processes for Sponsor 13 deliverable 2. Mike: 1) Trying to finish up as much of the vanguards code as possible before Seattle. Alison: 1) Uganda prep! All trainings are coordinated. We have a super packed schedule, meeting with lots of people, doing usability tests, threat modeling, and Tor trainings. Bringing tons of tshirts and stickers. Super excited!! 2) LFI starts in about three weeks and we're all ready to go. You can check out the first few weeks of our course materials here: https://github.com/alisonLFP/libraryfreedominstitute 3) Did user experience coordinator interviews this week 4) Colin is officially the new relay advocate! He's beginning by reaching out to the torservers partners and big relay operators, and also created a new IRC channel for relays. 5) Gus also started this week as community liaison! 6) HOPE got back to us about our table! So now we have one Tor table and one Tor talk. 7) Mexico City meeting planning is going fine, but it would be great to have a couple more people helping. 8) reviewing apps for Mozilla Open Web Fellow/user advocate 9) Still looking for someone to take over admin of RT 10) Gonna test the new Tor training slides in Uganda, make some edits based on feedback, and then share them on the community team wiki Nick: 1) Released an alpha; planning to release a stable. 2) Not much is up right now; gearing up for Seattle network-team meeting 3) Planning to take a couple of days off next week to prep for Seattle. Georg: 1) Full steam ahead with preparing ESR 60 switch; first Linux nightly based on ESR 60 is planned for next week isabela: 1) Worked on organizing the workshops in Colombia in June (me, Antonela and Gus will be there) - we will do workshops with a very diverse set of communities in 3 different cities. 2) Sending reports to sponsors 3) Catching up with all website redesign work - support site is pending translations and torproject site needs some organizing for content creation 4) Interviewing User Research Coordinators; got job post for Localization Project Manager done (with Erin and Shari) should be up soon; working on Anti-Censorship Team Lead/PM job post 5) Following up with Brave on their implementation of support to Tor. Plan to reach out soon to Cliqz. Documentation for 3rd party integration that I was working on was put aside because I was doing training in SP but I plan on picking this up again next week. 6) Preparing for Seattle visit at the end of the month (network team meeting and me and shari syncs)

1 0

Notes from user feedback at training in São Paulo [mobile and desktop]
by isabela 16 May '18

16 May '18

hello Tor, I thought of sharing this with y'all since it touches different things. In São Paulo we did a Tor training, Gus explained how information about you and your computer can be collected online and used to identify you and learn your online behavior. Then he explained how Tor can help you to protect your online identity and we spend some time with people installing Tor on desktop (linux and mac mostly) and on mobile (Android and iOS). After everyone had installed I did a quick exercise with everyone where I asked them to write their impressions, could be complains of things that didn't work as expected or just feedback related to how they would like to the tools to behave or missing features. This is a compilation of that feedback :) you will notice that we are already working on fixing some of this stuff which is great, it shows we are on the right path. But some things were new and could even be a bug (which in this case I hope you help me confirm that and I will create a ticket). - surprised with the speed of the network, had used it before and gave up on it because of how slow it was, but now it seems faster - could not install it due to old OS version - plug-ins that are already installed as part of Tor Browser made the person confused (should Tor Browser come with plug-ins when it recommends to not install plug-ins) - Orfox + Orbot: settings for both are quite confusing and complicated to understand - on iOS app store - apps that are not recommended by Tor has Tor's logo while OnionBrowser doesn't - it wasn't easy to know that some sites (with javascript or http only) was not working because of security reasons (this lead the person to give up on Tor Browser - before this training - thinking it was bug not a feature) - Didn't understood what is the need of Orbot, besides using it to connect Orfox to Tor - It's not clear when you download Orfox that you need Orbot too - could not find the apk for Orbot and Orfox on the torproject.org website - Debian stable (backports) did not find the Tor Browser pt-br version for installing the package - information is all in English - need to be translated to Portuguese BR - could not find the circuit it was using on Android (neither on Orfox or Orbot) - could not find how to change the languages settings of Orbot - it's hard to verify that you are downloading the right build from torproject.org website (signature verification process) - OnionBrowser is crashing every time you go away from browser or lock your phone; the browser crashes and you need to restart it all over again and reestablish the Tor network connection - could not understand why the sites were not behaving as expected (didn't make the connection of it with TB security features that was blocking things to protect them) - on Debian the security slider configurations were not sticking - user would pick a configuration i.e. safest close the browser, re-open it and the browser was back on 'standard' - what does Tor recommends? Is not clear if we recommend standard or safest (higher security) when using Tor Browser. User would like to follow our recommendation since they aren't sure what to use - language settings on Orbot was not sticking (user had to pick it again after closing the app) cheers, isabela

1 0

April 2018 report for the metrics team
by Karsten Loesing 15 May '18

15 May '18

Hello Tor, hello world! Below you'll find the highlights of Tor metrics team work done in April 2018. On behalf of the Tor metrics team, Karsten Extended the draft document with graph specifications from 0.5 to 4 out of 6 categories on Tor Metrics. Released Onionoo protocol version 5.2 [1] which adds the "version_status" field to details documents and version 6.0 [2] which includes all exit addresses in "exit_addresses", regardless of whether they are used as onion-routing addresses or not. [1] https://lists.torproject.org/pipermail/tor-dev/2018-April/013054.html [2] https://lists.torproject.org/pipermail/tor-dev/2018-April/013079.html Released metrics-lib 2.3.0 [3] which adds support for reading web server logs contained in tar-archives and a backwards compatible related API change. [3] https://lists.torproject.org/pipermail/tor-dev/2018-April/013079.html Got most Tor Project websites to update Relay Search URLs [4, 5]. [4] https://bugs.torproject.org/25286 [5] https://bugs.torproject.org/25288 Held an in-person planning meeting Aberdeen to update the roadmap [6] and to prepare adding irl as (backup) operator for Tor Metrics services [7]. [6] https://lists.torproject.org/pipermail/metrics-team/2018-April/000775.html [7] https://bugs.torproject.org/25726

1 0