tor-project

tor-project@lists.torproject.org

16 participants
2324 discussions

June 2017 grants report
by Tommy Collison 01 Aug '17

01 Aug '17

Hello Tor! I call this a grants report, but I do other writing-y stuff as well. ### July 2017 - Wrote and submitted three new grants, two to MDF and one to DRL. - Edited the final report for the MOSS grant, which will also go out as a blogpost in the next week or two. - Wrote two blogposts. [1] [2] - Researched a bunch of new grants. - Worked on the onboarding wiki. - Worked on UX/UI stuff. - Worked on a grant submission system, which'll make it easier to apply for grants. [1] https://blog.torproject.org/blog/tor-joins-online-day-action-net-neutrality [2] https://blog.torproject.org/blog/de-anonymization-smart-homes-and-erlang-at… As always, you can email me if you have questions or comments. -TC p.s. I'll be in San Francisco August 16-30; hope to see some of you!

1 0

Sukhbir's July 2017
by Sukhbir Singh 01 Aug '17

01 Aug '17

Hi, In July, I worked on the following: * Tor Messenger - Completed the transition to ESR52 including switching to the new build system that uses runc, and rebasing the patches. We are now building on Tor Browser tag tor-browser-52.2.0esr-7.0-1-build1. https://gitweb.torproject.org/tor-messenger-build.git/log/?h=esr52 We are now reusing most of the build components from Tor Browser thanks to the power of rbm! - This month, the focus is to pick tickets that we think are critical and then close them before the end of the month, working towards the 0.5.0b1 release. * TorBirdy Prepared and tested TorBirdy release 0.2.3 that will be released in the coming week. -- Sukhbir

1 0

UX team summary for July 2017
by Linda Naeun Lee 01 Aug '17

01 Aug '17

Hi all! July was another good month for UX. :) I gave a talk to PETS 2017 about my paper ( https://petsymposium.org/2017/papers/issue3/paper2-2017-3-source.pdf) which evaluated the usability of Tor Launcher. I got a great reaction from the audience, most of which seemed to buy the "usability is important!" message. Some OTF people were in the audience, and they seemed to understand how critical usability work is! We were encouraged to apply for a grant to get some funding for UX work, so Isa and Tommy are following through on that in August. Isa and I worked in person while at PETS to information architect what will go on the home portal for torproject.org. We know it's taking a while, and people are wary of attempts to improve the site. But we're quite serious and persistent! It's just not funded at the moment and getting our spare cycles. We finished redesigning Tor launcher (https://marvelapp.com/3f6102d/) to better guide users through configuring their network settings. Some of the changes made were: 1) combining all the configuration options into a single screen, as inspired by the in-browser network settings menu 2) clarifying which countries will need to configure bridges on the first screen 3) incorporating the bridgeDB service into the interface. In addition we started other work, such as: - potential changes to the tor browser toolbar to give easier access to security controls - messages and indicators for different states when visiting a .onion site (http + .onion, for instance) - user testing for onionbrowser to validate recent changes to their onboarding sequence Cheers, Linda N. Lee Current Key: https://pgp.mit.edu/pks/lookup?search=lindanaeunlee GPG Fingerprint: FA0A C9BE 2881 B347 9F4F C0D7 BE70 F826 5ED2 8FA2

2 1

Reviving the 'Trac discussion' - next meeting on July 11th
by isabela 01 Aug '17

01 Aug '17

Hi everyone, It has been a while since we started evaluating if we want to find alternatives to Trac. You might remember we sent a survey out to collect more info, and based on the answers we believe we should figure out a better solution. https://lists.torproject.org/pipermail/tor-project/2017-March/000975.html https://lists.torproject.org/pipermail/tor-project/2017-March/000978.html In Amsterdam meeting we hosted a discussion on the results of our survey and up to this moment we have been evaluating gitlab as a possible alternative to Trac or eventually as a possible code review tool we can use. But this has been a little 'loose' and we wanted to organize things better in order to be able to make decisions and move forward. Therefore we are thinking of breaking this into 3 'tasks' we want to cover for development: * continue integration - jenkins is doing this now for us (only used for internal contributors tho, would be nice to think of a way external contributors could use it / maybe setting up travis for them) * code review - We have a test gitlab instance running at https://oniongit.eu [or emuo4mf6vwghcaqn.onion]. Network team has accounts on it and we would like to have more people testing it. Please bear in mind that this is a test machine, it is not backed up, and can be slow on occasions. * issue tracker - could be gitlab or another solution, we are still looking into how to solve this one (yes, the wiki is not on this list for now) So! We would like to propose the following moving forward: 1. Meet on irc to answer any questions on this new approach and get more people trying our gitlab testing installation [MEETING IS ON JULY 11TH TUESDAY AT 1400 UTC ON #tor-project channel] 2. Set up a 'end date' for our gitlab testing phase - that is why we would like more folks trying it out 3. Look into a plan to provide CI for external contributors (using travis maybe?) 4. Create a list of requests for what we need for issue tracker and see what to do about that We believe that covering the points above will help us move forward with this project. Please reach out to hiro if you'd like to have access to the gitlab test set up. Any questions/feedback is welcome as always. thanks! isabela and hiro o/

3 5

Notes from 31 July Network Team Meeting
by Nick Mathewson 31 Jul '17

31 Jul '17

Hi, all! We had another network team meeting today. The log is at http://meetbot.debian.net/tor-dev/2017/tor-dev.2017-07-31-17.00.html Notes from the pad are below. Network team pad, for 31 July Meeting (or 1 August, for those in UTC+5 or later) Notes from last week's meeting: * https://lists.torproject.org/pipermail/tor-project/2017-July/001323.html (Did we do what we had planned?) Announcements and reminders: * Montréal hackfest pad is at Things we should talk about: * Has there been progress on review-group-21 ? * I saw some coverity issues last week but no coverity master. Did they get handled? * We should assign roles for August: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * Isa wonders if we should pursue gitonion because of it not working for folks who are using TB at high security level * What is blocking 0.3.1.x-stable? Tasks for after the meeting: * nickm: fix tor_parse_long regression * everyone: take roles for august * everyone: answer on oniongit email thread! teor (not online): Last week: * Worked with Nick on a spec and draft C code for PrivCount blinding in production tor * Made crypto_rand_double() randomise all the mantissa bits, and remove a slight bias #23061 * Deploy experimental PrivCount for Single Onion Service counts * Start work on a circuit sampling feature for experimental PrivCount, because python can be slow This week: * More PrivCount testing * Maybe re-deploy some additional experimental PrivCount features * Maybe get cell crypto working in endosome Nick: Last week: * Worked with Teor on getting the privcount blinding and tabulation system into Tor. This simplifies privcount a lot because events no longer need to get marshalled and unmarshalled, and makes Tor expose much less information that it does now (or did, under previous privcount branch) * Lots of code review on prop224 stuff. * Misc review and fixes * Merge workaround for some coverity madness; get rewarded with 14 coverity issues; resolve 10 of them. * Delayed 0.3.1.x-stable by a month. This week: * More work on privcount: get spec draft finished with Teor; share with other privcount people and with sponsor Q folks. * Try to finish review on 20657 (prop224 service-side stuff) * Release an 0.3.1.x-alpha * Other hacking TBD dgoulet: Last week: * Service implementation under review in #20657. * Client implementation++ in #17242. I've actually almost exclusively only worked on that. * Prop224 upstream bug opened: #23056 This week: * Finalizing and hopefully putting #17242 in review for upstream. * Assisting asn as needed on nickm's review of #20657. komlo (offline): This week: * Refactoring and getting ready for code review for protover rust * Thinking abuot creating a "intro to rust" coding exercise for the rust hackday ahf Last week: Sponsor 8: - Went over Catalyst + Nick's control port proposal and looked into the control port protocol. - Created a wiki page for network team sponsor 8 planning/notes: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/Sponsor8 - Wrapped my head around the Android emulator, but I doubt we will be able to use that for much metrics collections. The android-x86 project might be more relevant here. - Got a test apk to run where I could test Android's "Doze" feature. Misc: - Reviewed #23030, #22883, #22927, #22915, and #20247 - Got a bit excited about asn+dgoulet's prop224 work and got a service running with an ircd to test it out. This week: Sponsor 4: - Fix remaining issues that is missing for Sponsor 4 and 0.3.1. - Write blog post about compression + consensus diff. Sponsor 8: - Look into Android-x86 for a "fast" non-device environment. - Start collecting "Doze" metrics from Orbot to see how we do. - (ahf, please document hwo to do the above stuff as you go along, so that other folks can try it too? -nickm) Misc: - Traveling to SHA2017 at the end of the week. asn: Last week: - Reviewed and tested more #20657 code. - Started fixing up prop224 service-side #20657 based on Nick's review (about halfway there) - Started reviewing and testing David's client-side #17242 branch. - Some hackerone triaging. This week: - Finish up fixing #20657 branch. - Review and test the client-side branch. - Fix more prop224 bugs - Write some unittests for client-side prop224. Mike: Last week: - Finished tor patches for pinning layer2 and layer3 guards (#13837) - Started work on stem-based prop247 prototype/performance simulator This week: - Finish prop247 prototype; Start onionperf testing catalyst: Last 2 weeks (2017-W29, 2017-W30): - moved house - looked into error reporting in test suite in #22636 - started catching up on email and Trac - Tor launcher automation meeting This week (2017-W31): - await arrival of household furniture, etc. - write up some notes to follow up on Tor launcher stuff - file ticket for test suite error reporting issues i noticed in #22636 and write up some of my observations about them - resume attempting to get chutney to do something useful to simulate #20532 isis: last week: - reviewed #22885 - revised my patch for showing info about cert expirations #17639 and wrote a test for it - revised travis configs and got them merged #22636 - fixed a whole lot of brokenness resulting from upgrading the BridgeDB machine to Debian 9 (#22998 #23032 #23033 #23034) - this week: - revising the new captcha server for moat #15967 - working on standardisation and finishing up the crypto needed for hyphae #22775 - updating #16562 with notes from meeting with trevor and reading the generalised edDSA specs/conversations Isabela: Last week: - finished deliverables report for Sue - worked with Erin on onboarding wiki page (thanks for the brainstorming) - submitted modularization proposal and got contract for sponsor8 proposal! - had meeting about tor launcher new design - trying to make sure all teams/people related to it, coordinates between themselves for networkers, TB team will give a wish list for part of the experience that they have to build, so you can review and tell what is possible what is not possible) This week: - july report for sponsor4 - prep work for sponsor8 - prep work for trac/git meeting (which got moved to August7!) - reminder about vacation time (august 7 till 14 - work on 15 - vacation again from august 16 till 21)

1 0

Notes from July 27 2017 Vegas team meeting
by Karsten Loesing 28 Jul '17

28 Jul '17

Notes for July 27 2017 meeting: Georg: 1) Follow-up bug bounty launch work 2) Helped with the support wiki and with thinking about planned Tor Browser toolbar changes 3) Moving forward with the coding tasks for the desktop browser position and helped drafting job descriptions for the mobile ones Nick: 1) I'll be out in August from the 14th through the 18th; 30th through Sep 1. I will see personal email, but will probably be ignoring lists. 2) All seems well on the network team. Slowed down a bit because of vacation series, but 3) I have a suggested clarification for PR about the research board, based on conversation I had with a confused researcher at PETS. Where to send? (Upshot: The only research we oppose is research done by harming users. The only legitimate goal of the board is to avoid harms to users.) 4) PETS note: The research community is speeding up about producing useful stuff again. - Should we do anything to resurrect anonbib? - Let's go back over the week and write up everything we need to do or think about wrt Tor based on PETS talks and conversations, before we forget.. 5) Sponsor Q: I've been coordinating with Teor to make sure that Privcount advances, in fulfillment of our SponsorQ privacy-preserving measurement goals. There's a tor patch for the backend now. 6) Sponsor R: There is no way that the prop224 hs-ng branch gets merged before Roger's talk tomorrow. But an August merge still does look likely. 7) Just deferred our release date for 0.3.1.stable by a month, to early September. Isabela: 0) Was at PETS last week - we submitted DRL Core Tor Modularization SOI \o/ 1) Working with Erin and folks on the onboarding wiki page - https://share.riseup.net/#zTanTv1bj7dtkCiwiE5DKg 2) UX/Linda - worked with Linda on website redesign building the information architecture for torproject.org page while we were at PETS (got feedback from Roger, Mike and other folks at PETS on it too) Next step is to create new wireframes based on that and present to comms team on August 15. Working with Linda on different UX problems (TB toolbar, .onion and ssl certificates behavior, tor launcher) we are trying to use the model of problem definition, hypothesis brainstorming, pick a hypothesis to build and the test it, iterate if needed in order to fix UX issues. We should stick to this model as much as possible. Also working on building a user test for Onion Browser onboarding project. 3) services land/Hiro - hiro is on vacation these days - this and the other time when we needed a tb release and geko was out on vacation, lead me to suggest the creation of 'vacation backup table' (email sent to tor-internal) / plan to follow up on that next week. 4) Other work going: deliverables reports, sponsorR stuff for Roger, Sponsor8 prep work, following up with proposals, prep for Orfox release next week, meetings meetings meetings Steph: 1) Working with Erin, Isa, Tommy on onboarding wiki 2) Been working on blog content, lots of posts lined up 3) Still waiting on Giant Rabbit to finish newsletter setup, then will have to edit content depending on when they're ready 4) Keeping up with ongoing comms stuff: regular social media posting scheds, responding to press, building press list Karsten: 1) Cleaned up metrics hosts after upgrading to Debian stretch. 2) Decided to accept data from researchers on "contributed" pages and linked data on the Tor Metrics website. Starting with two research groups, currently discussing details. Should probably announce this once the pages are online. 3) Assisted in writing the MOSS final report, which will likely go on the blog once it's out. Shari: 1) Finishing up final report for MDF on donation funding. 2) Lots of meetings re: various funding stuff. 3) I'll be traveling quite a bit this next week. Mike: 1) PETS meeting with traffic analysis researchers went well. Discussed blockers and steps forward 2) Got Sponsor2 year 1 report materials to Matt Wright

1 0

Dutch police and Tor in the AlphaBay/Hansa operation
by Cristian Consonni 26 Jul '17

26 Jul '17

Hi, some context: «Dark web marketplaces AlphaBay and Hansa shut down»[1] The police has put up a couple of pages with a list of usernames that they identify as customers or vendors of the markets and some FAQs[2a][2b]. Note (from [2b]): --- Have you de-anonymized TOR? No. But if we would have, we wouldn't tell you ;). --- and also (from [2a]): --- Are you against TOR? No, the Dutch police and judicial authorities are not against the anonymous use of the internet, encryption or TOR. We only act when these techniques are being used for committing criminal offences. --- Cristian [1]: https://www.theguardian.com/technology/2017/jul/20/dark-web-marketplaces-al… [2a]: http://politiepcvh42eav.onion/faq.html [2b]: http://politiepcvh42eav.onion/hansafaq.html

2 1

Onboarding wiki - we want your input! :)
by Erin Wyatt 25 Jul '17

25 Jul '17

Hello everyone! Hello! Isa and I will be getting together next week to work on the onboarding wiki page, and we'd like your input! If you have a moment, please tell us your idea(s) on how to improve the way we orient newcomers (all types). We’ll start on Wednesday, so anytime before then would be grrrreat. We're looking for all kinds of suggestions -- From IRC/email/encryption etiquette to process/procedure for starting new projects and getting support to technical/security/privacy suggestions and/or requirements -- WE WANT IT ALL. >:) There are three categories: 1. Things I wish I had known when I started with Tor Project (in any capacity). 2. Things I wish new people knew when they started with Tor Project. 3. Things that don't fit into either of the above categories, but should still be recorded on the Onboarding Wiki. Please submit your ideas here: https://pad.riseup.net/p/Tor_Project_Onboarding_Brain_Dump If you prefer to email your suggestions, that’s fine! Also, if you have a document or a link to a personal pad with the info, please email it to me. Thanks in advance! Hope you’re all having a great week. Cheers, Erin Wyatt HR Manager ewyatt(a)torproject.org GPG Fingerprint: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE

2 1

Network team meeting notes, 24 July 2017
by Nick Mathewson 24 Jul '17

24 Jul '17

Hi! Below's the pad from this week's meeting. The meeting transcript is available at http://meetbot.debian.net/tor-dev/2017/tor-dev.2017-07-24-17.00.html ===== Network team pad, for 24 July Meeting (or 25 July, for those in UTC+5 or later) Notes from last week's meeting: * https://lists.torproject.org/pipermail/tor-project/2017-July/001305.html (Did we do what we had planned?) Announcements and reminders: * Various network team hckfests are on 9th to 16th October. Nickm is confused about when. - we should make a pad for the schedule isis wrote, with updates (komlo) * I've added the August calendar for the Team Rotation -dgoulet * Not much progress on review-group-21 :/ Things we should talk about: * Tasks for after the meeting: * teor (not online): Last week: * Took a few days leave, because ugh, winter, again * Wrote some more tor circuit code for endosome, found some tor-spec ambiguities * Did a code review on some of Rob's PrivCount code * Booked Montreal travel and arranged hackfests and meetings * Worked out when the grant money for my current job will run out This week: * Implement one final PrivCount feature before deployment * Test PrivCount before deployment * Deploy and Run PrivCount Single Onion Service counts * Maybe get cell crypto working in endosome taylor: (I believe this is the week that Taylor is moving. Let's all wish them an easy relocation! -nickm) asn Last week: - Wrote patch for #22735. Found and fixed some bad bugs on #20657 while writing this patch. - Wrote code and tests for #22940. - Continued review and testing of #20657. Found some more issues, particularly regarding the overlap mode and descriptor rotation logic. - Reviewed #22895 and #22979. - Did some hackerone bug triaging since we publicly launched our bug bounty campaign. This week: - Mod HS circuitmap to be used by client side prop224 for RP circs. - Continue reviewing and testing of service-side #20657. Find and fix more bugs, and hopefully move it towards upstream merge. - Start reviewing David's client-side code. - We are approaching prop224 merge time, so do any other prop224 action items that must happen. nickm: Last week: - PETS. Had good convesations about . A couple of interesting attack papers . anti-fingerprinting research . traffic padding . The research safety board . I2P . getting large patches/add-ons deployed This week: . Review, merge, bugfix. :( . Document, specify :( . Work on guard stuff, measurement, trace stuff. (dgoulet: lttng advice? Also I should coordinate with teor) . Enter sadly delayed sponsor8 items from meeting with ahf onto bugtracker so I can't forget ahf (might be missing the start of the meeting): Last week: Sponsor 8: - Up and running with Android development environment for Orbot + Core Tor. - Up and running with Android power measurement via their dodgy Python scripts (on a nexus 5x). - Met with a friend in Copenhagen to get a fast walkthrough of the Android environment. Misc: - Did a talk on Tor at TheCamp.dk. This week: - Document Sponsor 8 development environment with Android on trac wiki. - Figure out how we can collect measurement on Android about battery/CPU usage where we have "fast" test-to-result times. - Create tickets for sponsor8. - Look into our wake-ups on an Android device. - Figure out how much we can measure CPU wake-ups/network via the Android simulator. Things I could need help with: - Find Nick + Catalyst's pad/log about control port enhancements (URL?) - Need to figure out what functions in core tor that does network activity on timers. dgoulet: Last week: - Massive amount of prop224. Addressing asn's review of #20657 - Mostly coding #17242. - Prop224 is now closer to reality where we had our first client<->service connection yesterday ;). The whole chain has been glued together and is working! This week: - Finalize #17242 (client code) so we can test the whole stack more thoroughly. - Need to make a branch that contains it all for arma so he can showcase it at our *last* final sponsor R meeting and then two days later to Defcon. - Basically, expect me to only focus on prop224 so we can reach our deadline goal and start merging more and more upstream. komlo (not online): - I am starting my new job this week (!!), so will pick up more tor work next week pastly (also attending meeting in #tor-project for people who provide support): - Measuring latency in Tor seems to be going well. Reimplemented Ting all last week. - Now that Rob is back from PETS, will discuss how to update KIST tickets. Mike: Last week: - PETS - Met with Matt Wright, Marc Juarez, Moshen Imani, Nick, Roger about prop254 - Discussed potential issues with flow control and other planned histogram changes - Worked with Matt on outline of stuff for Sponsor2 report. (He will be submitting it.) This week: - Catch up on mail and other things since PETS - Flesh out details for Sponsor2 report; send them to Matt - Work on torrc options for Prop247 prototype (#13837) - Help with Tor Browser interview process Isabela: Last week: - PETS - Finished the modularization proposal - submitting as we meet (today, cuz we were waiting to hear back from Laura on a question related to the submission form) This week: - NSF reports! help organize that for arma (Mike already created a plan for sponsor2 one while at PETS) - We got sponsor8 contract!! I will get you more info as we figure out if we want our start date to be August 1st or later - July is ending and I wonder if we are closing the deliverable for sponsor 4 - I sent an email to try to create a backup person plan for vacation season - sent to tor-internal. isis: last week: - sending out emails for internship and getting things set up for them - discussions about differences in signatures #16562 - upgraded bridgedb server to Debian 9 and recalibrated the CI #22998 - did some thinking about potential security implications of not having random payloads in drop cells #22948 - revised tor.git travis CI configs #22636 - looked into dependency libraries for intern project this week: - revise captcha server for moat according to review/specs #15967 - get the bridge bandwidth scanner project rolling

1 0

Linda away 8/1-8/4 (Tues to Friday next week)!
by Linda Naeun Lee 24 Jul '17

24 Jul '17

Hi all, I'll be in Canada for a destination wedding + vacation. Isabela will be the one facilitating the UX ticket triage meeting on 8/1 and UX team meeting on 8/2, so those will still be on. Cheers, Linda N. Lee Current Key: https://pgp.mit.edu/pks/lookup?search=lindanaeunlee GPG Fingerprint: FA0A C9BE 2881 B347 9F4F C0D7 BE70 F826 5ED2 8FA2

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project