- tor-project - lists.torproject.org

OONI Monthly Report: November 2017
by Maria Xynou 07 Dec '17

07 Dec '17

Hello, The OONI team made steady progress in November 2017. We reported on recent censorship events in Pakistan, as well as on cases of DNS misconfiguration. We also updated various test lists in collaboration with community members, and we presented OONI at the Free Society Conference and Nordic Summit (FSCONS). We are currently working on improving the design and usability of our mobile apps, and we completed the first draft of the onboarding process for the OONI Probe Android app. We also made an alpha release of node.js bindings for measurement-kit, made progress on implementing dynamic serving of test lists via the orchestration backend, and we started writing an architecture and threat model document for probe orchestration. # Published research report on recent censorship events in Pakistan In collaboration with Bytes for All we published a research report examining recent censorship events in Pakistan. This report is available here: https://ooni.torproject.org/post/how-pakistan-blocked-social-media/ Through the analysis of OONI network measurements collected from Pakistan, we confirmed the blocking of 14 news websites and various social media sites and instant messaging apps during Islamist protests. Our report received the following press coverage: https://www.thenews.com.pk/print/250865-internet-body-issues-report-on-news… # Published research report on cases of DNS misconfiguration* * As part of our analysis of OONI measurements and investigation into DNS failures, we uncovered various cases of DNS misconfiguration. We reported these cases in the following post: https://ooni.torproject.org/post/not-quite-network-censorship/ # Progress on mobile app redesign We are currently working on improving the design and usability of our mobile apps. During November we completed the first draft of the re-designed onboarding process for the OONI Probe Android app, and we worked on the Interaction Design elements. # Updated test lists We collaborated with community members on updating various test lists. During November, we updated the following test lists: 1. Sierra Leone: https://github.com/citizenlab/test-lists/pull/262 2. Pakistan: https://github.com/citizenlab/test-lists/pull/259 3. Nigeria: https://github.com/citizenlab/test-lists/pull/255 & https://github.com/citizenlab/test-lists/pull/257 4. India: https://github.com/citizenlab/test-lists/pull/261 5. Algeria: https://github.com/citizenlab/test-lists/pull/249 # Architecture & Threat model for Probe Orchestration We started writing an architecture and threat model document for the Probe Orchestration system and we also started collaborating with Cure53 to get it audited by them. # OONI data publishing Amazon accepted us into their Open Data program (https://aws.amazon.com/government-education/open-data/) <https://aws.amazon.com/government-education/open-data/%29> and as a result all the public OONI data is available for free on s3. You can access all our public JSON reports inside of this s3 bucket: s3://ooni-data/autoclaved/jsonl/ Example: https://s3.amazonaws.com/ooni-data/autoclaved/jsonl/2017-11-06/20171031T181… (If you were previously using s3 hosted data, the bucket name changed from ooni-public to ooni-data) Moreover we also offer, for batch import, lz4 compressed daily dumps of all measurements. These are available here: s3://ooni-data/autoclaved/jsonl.tar.lz4/ Example: https://s3.amazonaws.com/ooni-data/autoclaved/jsonl.tar.lz4/2017-12-01/dash… To get a listing and metadata of all the files in a given bucket, you may look for the index.json.gz file Example: https://s3.amazonaws.com/ooni-data/autoclaved/jsonl.tar.lz4/2017-12-01/inde… If you are using the AWS Command Line Interface (https://docs.aws.amazon.com/cli/latest/reference/) <https://docs.aws.amazon.com/cli/latest/reference/%29> and have a AWS access key configured, be sure to pass in the --no-sign-request option. Example: $ aws s3 --no-sign-request ls s3://ooni-data/autoclaved/jsonl/2017-12-04/ We will be releasing a short blog post explaining how to use this data, once Amazon updates their Open Data page to list us as a project. # Test lists orchestration Progress was made on implementing dynamic serving of tests lists via the orchestration backend. See: https://github.com/TheTorProject/proteus/pull/29 # Node.js bindings for Measurement-kit We made an alpha release of node.js bindings for measurement-kit: https://github.com/measurement-kit/measurement-kit-node It's not yet ready for usage by the general public, but we have been using this as a foundation for the development of our new OONI Probe desktop apps. # Community activities We presented OONI at the Free Society Conference and Nordic Summit (FSCONS) in Norway on 4th November 2017. Information about our presentation is available here: https://frab.fscons.org/en/fscons17/public/events/309. We also attended the OTF Summit in Valencia, and hosted our monthly community meeting on 28th November 2017. As part of the community meeting, we discussed strategies for monitoring emergent censorship events and rapidly responding to them (in light of recent censorship events in Pakistan, for example). # Research citing OONI data During November OONI data was cited in the following research: * Citizen Lab Submission to the United Nations Special Rapporteur on violence against women, its causes and consequences: https://citizenlab.ca/wp-content/uploads/2017/11/Final-UNSRVAG-CitizenLab.p… * Internet Censorship Capabilities in Cyprus: An investigation of online gambling blocklisting: https://www.researchgate.net/publication/319482512_Internet_Censorship_Capa… # Userbase In November 2017 OONI Probe was run 184,800 times from 3,544 different vantage points across 202 countries around the world. This information can also be found through our stats here: https://api.ooni.io/stats ~ The OONI team. -- Maria Xynou Research and Partnerships Coordinator Open Observatory of Network Interference (OONI) https://ooni.torproject.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

Damian's Status Report - November 2017
by Damian Johnson 06 Dec '17

06 Dec '17

Hi all, here's what I've been up to this month... http://blog.atagar.com/november2017/ http://blog.atagar.com/interview-with-ben-collier/ Cheers! -Damian

1 0

November 2017 Report for the Tor Browser Team
by Georg Koppen 06 Dec '17

06 Dec '17

Hi everyone! November was an exciting month. The Tor Browser team made four releases: Tor Browser 7.0.9[1], 7.0.10[2], 7.5a7[3], and 7.5a8[4]. Tor Browser 7.0.9 and 7.5a7 fixed a critical vulnerability reported to us by Filippo Cavallarin potentially affecting Tor Browser users on macOS and Linux. Thanks again for notifying us and coordinating the disclosure! Tor Browser 7.0.10 and 7.5a8 picked up Firefox security fixes and new Tor versions. The alpha release was the first that contained 64bit Windows bundles[5] and an improved Tor Launcher user interface[6][7]. Besides release related work we tried to finish our remaining Sponsor4 items this month. We succeeded with the excecption of our custom Panopticlick deployment (FPCentral)[8][9] and our improvements for fetching and using non-default bridges (done via moat)[10]. Working on those two remaining deliverables will be top priority over the coming weeks. The full list of tickets closed by the Tor Browser team in November is accessible using the `TorBrowserTeam201711` keyword in our bug tracker.[11] Apart from finishing the two remaining Sponsor4 tasks we plan to prepare this month the remaining tickets for our next major stable release, Tor Browser 7.5, which is due January 23, 2018. And we hope we can spend some time on tackling remaining regressions from our 7.0 release. Finally, the mobile work will get up to speed which is internally tracked under Sponsor8. We'll start with merging the Orfox patches into our repository[12] and making first investigations about the state of the proxy safety on mobile[13]. All tickets on our radar for this month can be seen with the `TorBrowserTeam201712` keyword in our bug tracker.[14] For those interested in Tor Browser work planned in the longer term (which means the coming months) we've created a roadmap taking dependencies of other teams into account.[15] This should give everyone a fair understanding of where we are heading toward. Feedback is welcome! Georg [1] https://blog.torproject.org/tor-browser-709-released [2] https://blog.torproject.org/tor-browser-7010-released [3] https://blog.torproject.org/tor-browser-75a7-released [4] https://blog.torproject.org/tor-browser-75a8-released [5] https://trac.torproject.org/projects/tor/ticket/20636 [6] https://trac.torproject.org/projects/tor/ticket/23261 [7] https://trac.torproject.org/projects/tor/ticket/23262 [8] https://trac.torproject.org/projects/tor/ticket/6119 [9] https://trac.torproject.org/projects/tor/ticket/23738 [10] https://trac.torproject.org/projects/tor/ticket/23136 [11] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [12] https://trac.torproject.org/projects/tor/ticket/19675 [13] https://trac.torproject.org/projects/tor/ticket/21863 [14] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… [15] https://storm.torproject.org/shared/roevbMxlBi5rxSAh57iRjy8w1MB2HZArEmM2Jek…

1 0

UX team report for November 2017!
by isabela 06 Dec '17

06 Dec '17

Hello Tor! Here is some updates from the UX team for the month of November. First of all! We now have Antonela as part of our team working on Design o/ Hiro is also working with us on some projects like the website redesign. And I am now leading the UX team :) (besides project managing stuff as I always do). We reviewed and gave feedback to the Metrics team new 'timeline of events' project (which is pretty cool). Our feedback can be found as comments at the 24260 ticket. [1] We are also in touch with OONI to review their revamp of mobile experience. And we helped the Tor Browser team by doing QA on the Tor Launcher new UI project, you can see the bugs we found and other feedback under 24371. [2] Another big effort we worked on during November is the Website Redesign project! So, for those catching up just now with it, the website redesign [3] is a big project that aims to not only redesign 'torproject.org' but create 3 other portals to better organize the content that is now hosted at 'torproject.org'. Those other 3 portals are: community.torproject.org, dev.torproject.org and support.torproject.org Before November we had mocks for all of these sites done and their cotent organized as well. After montreal we decided to build the support site first, so we started to work on it. Each project follows the same list of steps to get it done: 0) content architecture - map current content related to the portal and organize it 1) whiteboard draw organization of the content into pages 2) wireframe these pages 3) create design for these pages [these include design reviews till we are happy with what we have] 4) start organizing content for the pages (with the design already done we will be working with that) 5) update high definition mockups with real content 6) guerrilla user testing #1 7) start coding the pages 8) once content is finished we upload them on transifex for translation to start 9) Once coding is done we can start QA by language (as translations gets complete) Right now we are working on 4 and 5 of those steps for support.tpo, but we have done 0-2 for all portals. If you would like to check out the design for support you can find it under the main ticket tracking all the work to build that site 24129. [4] Another work we are doing that is part of this big effort is the creation of 'styleguide(a)torproject.org'. If you were at the Seattle dev meeting (Q4 2016) you might remember that we were working on a design style guideline for Tor Project [5] What we did was to apply that to some components of 'bootstrap' and have a fork version of it where people can easily build sites using the css/templates from styleguide.torproject.org We are still working on that in December but should be done soon. This work will definetly speed up the process of building sites within the Tor Project ecosystem. But a site is not only done with 'frontend' or better saying html and css hehe We still had to decide what framework to use to build those. So that was another work we did in November, based on the requirements we had we decided to test a framework called Lektor 24275 [6], we also got stakeholders who will be editing the site to test it and everyone liked it. So this will be the framework we will use. If you have any questions about any of the projects the UX team is working please reach out to us! If you would like our help with any project you are working on, reach too! Our roadmap [7] is public and you can check what we have planed for December in there o/ Cheers, isabela [1] https://trac.torproject.org/projects/tor/ticket/24260 [2] https://trac.torproject.org/projects/tor/ticket/24371 [3] https://trac.torproject.org/projects/tor/ticket/21222 [4] https://trac.torproject.org/projects/tor/ticket/24129 [5] https://media.torproject.org/image/Tor%20Style%20Guide%20v1.3.pdf [6] https://trac.torproject.org/projects/tor/ticket/24275 [7] https://docs.google.com/spreadsheets/d/1ELMvnIksL-m_r0vJt_rwpIkcjyzZpCyYiQJ…

1 0

Grants Update, November 2017
by Tommy Collison 04 Dec '17

04 Dec '17

Hey all, Here's what I got up to in November. *Grants:* (1) OTF accepted a proposal to perform Tor usability work. \o/ (2) Wrote a consumer privacy grant for the Rose Foundation. (3) Researched general support grants. (4) Wrote about the cool things people are doing with onion services and researched some grants for them. (5) Worked with the community team researching/planning potential relay support and Global South grants. As a reminder, https://pipeline.torproject.net exists as a place where you can tell me about work you’d do if you had the funding. What gets funded isn’t my decision, but I can do research and maybe play matchmaker with suitable foundations. *Not Grants:* (1) Tinkered on various bits and bobs related to our end-of-year fundraising over at https://donate.torproject.org/pdr. Almost at $250,000, thanks to Mozilla. T-shirts have started to go out, and they look amazing [a]. (2) Highlighted Damian's amazing contributions to Tor in what is, I believe, Tor's first volunteer spotlight [b]. (3) Wrote about Nyx, the command-line Tor relay monitor [c]. (4) Wrote about Bastet, our new directory authority [d]. *Non-Tor:* (1) Attended http://aaronswartzday.org in San Francisco at the start of the month. Met cool people, listened to some cool talks, and gave out a bunch of Tor webcam stickers. (2) Took my first pilot's lesson. Goal: fly to Tor's meeting next autumn. (Jk. Sorta.) TC [a] https://twitter.com/0x2be3/status/937752533656854528 [b] https://blog.torproject.org/volunteer-spotlight-damian-johnson [c] https://blog.torproject.org/meet-nyx-command-line-tor-relay-monitor [d] https://blog.torproject.org/introducing-bastet-our-new-directory-authority

2 1

Network team meeting notes, 4 Dec 2017
by Nick Mathewson 04 Dec '17

04 Dec '17

Hi! Meeting transcript available here: http://meetbot.debian.net/tor-meeting/2017/tor-meeting.2017-12-04-17.59.html Notes below: ------------ Network team meeting pad, 4 December 2017 `This must be the wood, she said thoughtfully to herself, `where things have no names. I wonder what'll become of MY name when I go in? I shouldn't like to lose it at all -- because they'd have to give me another, and it would be almost certain to be an ugly one. But then the fun would be, trying to find the creature that had got my old name! [...] Just fancy calling everything you met "Alice," till one of them answered! Only they wouldn't answer at all, if they were wise.' -- Through the Looking Glass Welcome to our meeting! Every Monday at 1700 UTC 1800 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Meeting notes from last week: * https://lists.torproject.org/pipermail/tor-project/2017-November/001578.html Old Announcements: - On the roadmap spreadsheet: Please take december/january tasks. (If somebody else has already taken something you want, please talk to them and/or add yourself too.) https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… - Please review stuff in review-group-26 - Soon it will be time to triage 0.3.3.x tickets. Please make yourself the owner of tickets in that milestone that you will do. - The meeting time is now 1800 UTC. Discussion Topics: - Do we want any network team hackfest days before the March meeting in Rome? (The meeting is from Sunday 11 March to Thursday 15 March, and teor needs to book flights soon) teor: - Last week: - Implemented PrivCount country and AS features for the next release - Revised some of the client code for IPv6 in microdesc consensus (prop#283) - So many security issues. I helped out a little. - Tried to help out with the 10.000 Tor Hidden Service ticket (#15251) - Sketched some experimental privcount measurements for HSDirs (#24468) - This week: - PrivCount release and deployment - Admin for collecting research data - Start implementing onion service client counts for experimental PrivCount? - Book flights for Rome - do we want a hackfest before Rome? (Discussion: Yes, that seems like a good idea to people. Perhaps one day only. Can somebody ask Jon et al to make arrangments?) asn: Last week: - Reviewed various SponsorV guard-discovery tickets: #23100 and #23114! Also #13837! - Did some thinking on #23247 (have another UX+onion meeting this wednesday) - Thought about some HSDir-related statistics: #24468 and #24425 - Backported #23862 to 031 and 030. - Thought a bit about tor_free code-style and inserted my opinion in #24337. Not planning to spend more time on this debate. - Opened ticket about ripping out guardfraction: #24456 This week: - More review on prop247 related tickets by mike. - Some prop224 work on #24346 and #23603. - Start rebooting prop247 (see above). Sent email to get prop247 back in track and would appreciate reply from Mike: https://lists.torproject.org/pipermail/tor-dev/2017-November/012632.html - Started re-reading my prop247 simulator code. dgoulet: * Last week: - Tracing cell timings in tor from inbuf to outbuf with KIST. Trying to find issues and contentions. So far so good. Hopefully will try to post some results soon. (Branch is "cell-tracing") - Over the weekend, I hit #24346 on one of my v3 HS and turns out after investigation that it is due to #23603 which is back in 032 and High priority. - Reviewed 032 tickets in review-group-26. - Some patches for 032 milestone as well for HSv3. (#24346 and #24425) - Worked on the some of the TROVEs' advisories and patches. - Investigate a bit more #23696 and the solution for now is to downgrade the warning to info since we will have platforms where the monotonic time is not true. * This week: - Attempt a 033 triage of my assigned, HS and scheduler tickets. - Have all my 032 tickest in needs_review (especially #23696 and #23603). - I should start looking at HS + IPv6 which is planned for 033. Sync up with what teor has been doing so far with IPv6. - Feature free of 033 is Jan 15th so I really need to continue working on 033 tor-sched tickets. Most scheduler fixes heavily depend on #23709 being merged so would be neat to have a reviewer soon-ish for it. It ain't small nor simple but it is a lot of code removal. Thanks! Nick: * Last week: - Worked on security patches a lot. - Released a new alpha and security releases. - Worked on a rust client-side privcount implementation. - Released several proposals - Talked with a namecoin dev - Talked with mozilla people about specification work * This week: - Review merge_ready stuff for 0.3.2 and Reveiew group 26. - Review other stuff for Review group 26. - Ideally, merge some version of my _free() patch [#24377]. Can we decide on which of the several proposed variants we like? IMO they are all okay. - Improve coarse_time speed on channels and osx and ios. - Open RG27, I hope. - Decide about a sandbox strategy for future Tor releases. - Follow-up about utf8 proposal - Follow-up about privcount proposal - Follow-up about hibernation proposal - Finish rust client-side privcount proof-of-concept hacking - Other tickets as time permits - Review 23709. Mike: Last week: - Fixed up #23114 based on asn's review - Implemented #13837 and #23101 This week: - Write up stuf for Prop247 experiments - Review #20699 (I should be looking at v3 control port stuff for prop247 anyhow). ahf Last week: Sponsor 8: - Talked with Hans and Nathan about build-system integration for mobile Tor code if we want it in tor.git. - Looked into Android.mk / autotools integration. - Updated test scripts to fetch .onion as well as exit node tests. - Looked into whether #24374 is helping with udivdi usage (missing soem work: see #1 in this week). - Looked at the current tracing code for Tor: Android's tracing framework expects "enter function"/"leave function" and tor_trace() probably wont be suitable for that. - Wrapped my head around libevent / event loop code in Tor. Misc: - Meeting with Mozilla about specification work. This week: Sponsor 8: - Catch up some loose ends from last week: 1. Have an easier way to compare `simpleperf` sample reports. Right now the #24374 patches looks like they yield a performance enhancement, but it is hard to compare the relative data in the reports. 2. Collect data from event loop data on device. - Create a way for other people to easily (via Orbot UI) to get tor bench/test results on the device for debugging (if they are available). - Discuss december optimization work with Nick. Misc: - Bug triage rotation duty. isis: last week: - Investigated how offline rust dependencies work and documented it #22907 - Debugged the meek←→moat tunnelling and redirects not working #22432 - Fixed a couple moat bugs #24433 #24443 - Removed some of the other (untested, unused) cruft from bridgedb's codebase #3015 - Updated the BridgeAuth and enabled IPv6 bridge reachability testing #24264 this week: - actually finish the proposal writeups for prop#249 prop#269 and prop#270 and the new one for XE5/hila5 catalyst: Last week (2017-W48): - looked at #24377 (*_free() nulling macros) -- leaning away from uppercasing them for now - bug triage - still looking into clock skew / reasonbly live consensus issues. structure of event handling code for connections is very counterintuitive This week (2017-W49): - following up on #24377 (and any related stuff) - work on a reasonable way to defer descriptor fetches if we wouldn't be able to initialize our guard state due to expired consensus (#2878, #23605) - maybe raise severity of untrusted clock skew warnings to NOTICE so they're more visible? - catching up from roof monster attack - vacation 12/8 (Friday); also vacation on 12/15 and 12/22 Sebastian: Following topics are important lately: - security updates for dirauths/public list of those not updated yet - More difficult to host exit nodes with 80/443 port combination - Limit streams originating from one circuit? isabela: Last week: - Got replies from testers - they also told me where they were testing it from and so far is like 2/3 wifi 1/3 mobile - Finished deadline stuff :) Also participated on a nice panel about privacy,surveillance within the political context now (it was a closed meeting with private foundations) I spoke a lot about ways .onion services can help the resistance (will email use cases to asn) This week: - sync on wed with asn, geko and antonela - follow up on:#23247 - start reviewing sponsor8 quarter work - to see how we are doing in general - work on a new set of reports (none related to network team tho) - prep for mozilla all hands next week - will be in seattle wed - sat - Sent out Tor Launcher weekly check in email (ping for isis) asking folks to send their updates for this week

1 0

Notes from November 30 2017 Vegas team meeting
by Karsten Loesing 02 Dec '17

02 Dec '17

Notes for November 30 2017 meeting: Steph: 1) hidden services are now onion services site wide! thanks, kat! 2) we passed 216k with mozilla’s match 3) blog post on Primavera Hacker out now, looking fwd to more localized posts like this Nick: 1) Met with namecoin developer, chatted about status of prop279, name service integration, etc. 2) Making progress on various fronts; roadmap seems to actually be working this time 3) Meeting with mozilla folks tomorrow to talk about specifications. We need to figure out what kind of scope makes the most sense for us to do. Alison: 1) resolving all November roadmap tasks for the community team! 2) planning Library Freedom Institute schedule 3) working on the support portal 4) onboarding Parinishtha, our new Outreachy intern. her first assignment is to review various places where users submit questions/issues, organize those into categories, and share them with devs 5) finishing relay ops blog post, which might be better off as an even longer/better organized guide 6) thinking about the initial plans for the next two Tor meetings Arturo: 1) Published report (in collaboration with Bytes for All) on censorship events that occurred in Pakistan last weekend: https://ooni.torproject.org/post/how-pakistan-blocked-social-media/ 2) Published report examining cases of DNS misconfiguration: https://ooni.torproject.org/post/not-quite-network-censorship/ 3) Made an interactive data visualisation showing some cursory analysis of the Tor reachability data from OONI measurements. How can we maximise the usefulness of this endeavour for all the tor teams? 4) Hosted monthly OONI community meeting 5) OONI talk got accepted at CCC Shari: 1) Trying to shake off travel, a bad toothache and family entertaining to get through my email backlog. If you're waiting on something from me, you might want to remind me about it! 2) Finalizing new big grant for usability and outreach. Sent contract document; working with Isa and Tommy next week on work plan. 3) Working on Rose Foundation funding proposal with Tommy. 4) Reviewing end-of-year fundraising drafts before we send them. 5) We are all moved into our new Seattle office, downstairs from our old Seattle office. Roger: 1) Re-integrating semi-idle people into teams? 2) Isa and I talked to Brad -- new time allocations imminent I hope? [Brad: updated budget to actuals on grants sent to you and Isa this morning. Making sure there are no flaws with our updated time allocation budgets before distributing to Vegas team for review. Expect to receive today/tomorrow] 3) I'm the only one who has asked for CCC travel reimbursement so far. 4) Brad: can somebody acknowledge the Minnesota accounting mail? [Brad: yes, I will respond] Karsten: 1) Published Tor Metrics roadmap until September 2018. 2) Added Compass functionality into Atlas and scheduled turning off Compass by end of the year. 3) Put out new Onionoo release 1.8.0. 4) Added metrics timeline entries underneath graphs on Tor Metrics website. 5) Switched to Salt for maintaining OnionPerf instances. Brad: 1) Just finished updating grant/contract compliance database through Oct 31, including budget-to-actuals on grants and milestone status on deliverable-based contracts 2) Met last week with Roger & Isa to update employee time budgets, and today finishing analysis of estimated burn rate needed to utilize remaining NSF and DRL grant funds 3) Pending any changes based on remaining grant funds, updated employee time budgets will be distributed to Vegas team tomorrow 4) Hearing that some employees did not receive updated budgets the last time they were revised (early October), so I will make sure that any changes are communicated to budgets are communicated to both employees and team leads. Mike: 1) The systems simulating my consciousness are slowly coming back to full capacity. I guess somebody paid the rent. 2) My current thinking re Sukhbir (deciding on Mail vs Chat) is that we should pick the project that allows us to quickly capture the most users. I see three paths to this: A) work on Thunderbird and hope our changes are eventually merged (very risky); B) work on k9-mail and hope those changes are merged (less risky); C) work on a browser-based chat that notices when people who have it installed are using Twitter DMs, Facebook, or Gmail chat, and offers to upgrade them to onion service chat instead. Georg: 1) Sponsor 4 work is almost done; some remaining bits need to be wrapped up (which will be done next week), then only moat support is still missing which is being worked on 2) No Tor Browser talk at CCC. I heard with one slot more we would have been in.

1 0

reducing spam on bad-relays@?
by nusenu 28 Nov '17

28 Nov '17

Hi, I know bad-relays@ is more exposed to spam because it does not require subscription for obvious reasons, but would it be possible to reduce the amount of spam on that mailing list by sending potential spam candidates to the moderation queue? thanks, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_

2 2

Please welcome Tor's new Outreachy intern, Parinishtha!
by Alison Macrina 27 Nov '17

27 Nov '17

Hello Tor community, I'm pleased to introduce Tor's new Outreachy intern, Parinishtha Yadav. Parinishtha will be working on some things related to user support and communication, including helping with content for the forthcoming support portal and organizing user feedback/issue reports for developers. Please join me in welcoming Parinishtha to our community! Here's more about her in her own words: Hello! I am Parinishtha, a fourth year student at IIT Roorkee, India, who will be working as an Outreachy intern with Tor for the next three months. I'll be working with Alison, Tommy and Steph on figuring out where user pain points are -- what works and what doesn't. I am passionate about good books and obsess over great music. I also happen to be a national level freestyle swimmer, and go on frequent treks in the Himalayas. Tor has an amazing open-source community, and I'm really excited about this opportunity to be a part of it. I also look forward to continue contributing after my intern period ends. You can say hi to me (pari on IRC) or drop a line at parinishtha07(a)gmail.com. I tweet sometimes, my handle being @ParinishthaY (https://twitter.com/ParinishthaY) Cheers! Parinishtha -- Alison Macrina Community Team Lead The Tor Project

1 0

Network team meeting notes, 27 Nov 2017
by Nick Mathewson 27 Nov '17

27 Nov '17

Hi! You can see a transcript of our latest meeting at http://meetbot.debian.net/tor-meeting/2017/tor-meeting.2017-11-27-17.00.html Below is a copy of our pad. ================= Network team meeting pad, 27 November 2017 Welcome to our meeting! Every Monday at 1700 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) ===== This of course is the way to talk to dragons, if you don't want to reveal your proper name (which is wise), and don't want to infuriate them by a flat refusal (which is also very wise). No dragon can resist the fascination of riddling talk and of wasting time trying to understand it. -- J.R.R. Tolkien, _The Hobbit_ ====== Meeting notes from last week: * https://lists.torproject.org/pipermail/tor-project/2017-November/001576.html Announcements: - Sponsor M is no longer billable: please let me or isabela know if you need to do more work on M stuff, and we can work something out. - On the roadmap spreadsheet: Please start taking december/january tasks. (If somebody else has already taken something you want, please talk to them and/or add yourself too.) https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… - Team rotation for December please: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… - Please review stuff in review-group-26: https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… - Remember: many people take time off in December! If you're going to do something in December that requires another person, please confirm that they will be around. - Soon it will be time to triage 0.3.3.x tickets. Please assign tickets in that milestone that you will do to yourself. - Aiming for many releases next Tuesday (5 Dec) Discussion Topics: - meeting time -- 1800 UTC is yes. Not sure whether to track DST yet. Going to say "yes", but we can change our mind between now and the next DST transition. Will flip a coin to decide whose DST. teor: - Last week: (actually two weeks, sorry it's so long!) - Revised prop#283, which moves relay IPv6 ORPorts from microdescs to the microdesc consensus - Started designing relay IPv6 ORPort reachability checks, turns out they need IPv6 relay extends https://trac.torproject.org/projects/tor/ticket/24404 - consensus health got a "ReachableIPv6" pseudo-flag, thanks tjr! (#24287) https://consensus-health.torproject.org/ - Relay Search (Atlas) got IPv6 ORPort and IPv6 Exit "additional flags", thanks irl! (#10401) https://atlas.torproject.org/#toprelays - Merged code that adds rend point IPv6 addresses to HSv3 client intro cells, thanks neelc! (#23577) (There's still more work to be done for HSv3 IPv6, see #23493.) - Patched metrics onion service graphs to show which ones measure v2 and v3 services (#24048) https://metrics.torproject.org/hidserv-dir-onions-seen.html - Wrote and rewrote parts of the new "PrivCount in Tor using Shamir Secret Sharing" proposal https://github.com/teor2345/privcount_shamir/commits/noise-limits - Fixed a nasty little bug where Tor checks cached bridge descriptors, rather than confirmed running bridges (#24392) - Opened a ticket about pruning our list of supported consensus methods https://trac.torproject.org/projects/tor/ticket/24378 - Why is a zstd-compressed microdesc consensus larger than a gzipped one? Am I doing it wrong? https://trac.torproject.org/projects/tor/ticket/24368#comment:1 [nick: I tried to answer, but found even more questions! See the ticket.] - Tried to help out asn with the microdesc fetch bugs - Kept implementing PrivCount features for the next release - This week: - PrivCount Experimental features, bug fixes, and release komlo: This week: - Submitting #23881 (rust logging) for review (hopefully Tuesday) isabela: last week: - sent out reminder to testers for Nov test - worked on dec 1st deadlines - met with asn, geko and antonela on HS UX tasks - elected a couple for December this week: - focus on my deadlines - organize hs states on google doc for antonela to add icons - checking in on moat server <- question for isis catalyst: last week (2017-W47): - investigated Tor Browser error reporting oddities (#24367, now specifically in #24428; thanks brade!) - investigated client-in-future clock skew errors * with an expired consensus that's not reasonably live (+27.5h) it looks like stuff hangs far earlier than with the expired yet reasonably live (+3.5h) case * looks like there are situations where we might hang indefinitely but don't because enough relays are unreachable that we hit the warning error count * it also looks like +27.5h gets a "trusted" clock skew indication from a dirauth sooner than +3.5h does? this week (2017-W48): - bug triage - start sketching out larger-scale bootstrap progress/error reporting improvements - roof monsters are eating my roof so i'll be sporadically unavailable - investigate sporadic oniongit CI pipeline failures (low disk space?) - starting to think that a heuristic for inferring client clock skew from non-dirauth relays might start looking like EWMA (with incremental variance too); maybe we can refactor the circuitmux EWMA code to help with this? Nick: last week: - Released 0.3.2.5-alpha - Reviewed open proposals wrt privcount; commented. - Started implementing some privcount backend stuff in Rust - Worked on a faster monotime_coarse_absolute() for 32-bit platforms (#24374) - Worked on free-macro rewrite (#24337) - Opened review-group 26. - Reviewed and merged various fixes - Fixed bugs in consensus diff corner cases. - Analyzed hashring storage failure probabilities (#23170) and workarounds (#24425, #24426) - Wrote trivial C backend for Rust to call our logging functions - Analyzed and wrote fixes for the bugs GeKo found with STACK (#24423) This week: - Try android performance tools (sponsor 8.) - Inform packagers and users of upcoming releases on/around December 5. - Backport more tickets to earlier stable series, as appropriate. - Write/revise TROVE advisories and revise patches (as needed). - (Also get CVEs) - Prototype and publish revised privcount/shamir proposal - Review some stuff in review-group-26 - Publish other pending proposals (if any) - Clarify and revise our security policy on bug severities (#22962) - Review December roadmap; convince everybody to take on tickets there. - Other TBD. - Please grab me to talk about design or code whenever you want - Meet with a namecoin person who's in town. dgoulet: - Last week: * Worked on TROVE-2017-12. Needs review/merge on the security list. * Worked on #24313 HS bug. A patch exists. * Finalized #23709 that is removing in/out channel's queue. That branch is in need_review for 033 and has bumped the code coverage of channels to 84%. I've been running that code on both my relays with running with valgrind. So far so good. * After the above, I've made a "cell tracing" branch that tracks cells from inbuf to outbuf. Idea is to have a way to measure performance of the cell fast path at every steps and try to find possible bugs with cells stuck for too long or try to answer questions like "why 2.78 seconds on average?" (not a "confirmed number"). * Tried to find the bug on #24346 but we need to add more logging to hunt it down. * Review couple tickets in review-group-25. - This week: * Re-re-revalidate the cell tracing branch, clean it up and run it more thoroughly to try to identify where and why we might have cell latencies in order to identity if the scheduler is at fault. * Continue ticket review/patches for 032 and 033. * If I receive my Android device this week, I'll maybe try with ahf to setup the dev. environement to profile HS and scheduler. asn Last week: - Got #23817 merged. This should help a lot with #21969. - Attended UX+onion+TorBrowser meeting. tl;dr is that we should focus on #23247 in the short-term, and we also discussed #21952. We have another meeting this Wednesday. This week: - Catching up with last week's backlog. Please let me know if I should pay attention to something that I'm not mentioning below. - Continue review of #23100 and #23114. - Plan development on md/guard issues (#24113, #23863) - Figure out next most important guard/prop224 stuff that I should be doing. mike: Last week: - Began testing #23101 (pre-building HS-specific circuits for vanguards/pinned middles). Still needs more testing, unit tests, cleanup. This week: - Cleaning up #13837 (pinned middles) and #23101. Let them run for a while with prop247 simulator, monitor paths built and timeout rate, write tests, etc. - Maybe write a simple patch for #24228 (to slow down CBT circuit building by 3X or so)? ahf Last week: Sponsor 8: - Landed `simpleperf` notes in tor.git - Optimization meeting with Nick - Looked into n8fr8's new split orbot work. - Do multiple builds for different ABI's for testing to get 64-bit information. - Put Tor's bench+tests on device via the Orbot APK, but still no way of automatically running them without using adb/shell. - Started looking into the event loop code in Tor for instrumentation. - Looked into HC's (from Guardian Project) work with automated Orbot-build-via-gitlab-ci-to-fdroid-repository(!) This week: Sponsor 8: - Get event loop instrumentation into tor.git - Update sponsor 8 wiki documentation on n8fr8's split orbot changes as that will probably simplify things for people. - Get `simpleperf` results for via-onion/via-exit/bootstrap tests for both 32-bit and 64-bit for comparison. - Help others (David and Nick) with getting up and running on Android. Misc: - Look into #24368 [compression, zlib, zstd] and maybe see if we should tune our parameters there (as per Nick's comment). - Tor specification meeting with Mozilla. Maybe: - Look into David's tracing code in Tor and see if it can be made to work with the Android NDK tracing features. isis: last week: - revisited prop#249 prop#269 and prop#270 and began revising - looked at my beginning implementation of prop#269 from last year - re-read a couple lattice papers and reviewed a reference implementation of one of the NIST submissions - took the rest of the week off this week: - re-raise prop#249 discussion on the ML and hopefully put that one into "accepted" state - re-write prop#269 and prop#270 - track down and fix some bug in the moat server - work with dcf on getting the meek tunnel working?

1 0