- tor-project - lists.torproject.org

Re: [tor-project] User queries and issues for Nov-Dec'17
by Parinishtha Yadav 12 Jan '18

12 Jan '18

On 12/01/18 3:23 PM, Georg Koppen wrote: > Parinishtha Yadav: >> >> On 08/01/18 5:32 PM, Georg Koppen wrote: >>> Parinishtha Yadav: >>>> Hello people of Tor >>>> >>>> Wish you all a very happy new year! As an Outreachy intern with Tor, I >>>> spent the last month gathering data and user queries from different >>>> platforms on the internet (IRC, mail handles, Tor blog comments, >>>> stackexchange, tor subreddit, RT, etc.). The aim was to have all these >>>> queries in one place, in a sorted and organised manner. Some of the >>>> queries identified will be added to the support portal by the community >>>> team. >>>> >>>> I have created a spreadsheet on storm, with the following read only link >>>> - https://storm.torproject.org/shared/RV8v026JvwzZ_82ZMRO_4GHAxUtqUhW8Abu6xaQ… >>>> <https://storm.torproject.org/shared/RV8v026JvwzZ_82ZMRO_4GHAxUtqUhW8Abu6xaQ…> (the >>>> first sheet has bugs/errors and the second one contains doubts/queries). >>>> You can find the legend for colors used on the top right of the sheet. >>>> In case anyone feels this will be relevant to their work in any way, or >>>> is looking to pick some bugs to fix or areas to work on, you are welcome >>>> to refer to this spreadsheet. >>>> >>>> This is my first time sending this spreadsheet out, and I plan to keep >>>> doing so around the same date every month. So in case there are any >>>> suggestions that come to mind, don't hesitate to shoot me a mail and I >>>> will do my best to take them into account and make this as helpful as >>>> possible. >>> Thanks for collecting the information and putting it into that >>> spreadsheet. Really appreciated. I wonder about the workflow in case >>> changes to the spreadsheet are necessary. E.g. if one opens a bug on >>> Trac after reading a report and now wants to update the spreadsheet with >>> the bug number. Or if one wants to add already existing bug numbers. >>> >>> Sending a mail to the tor-project list for those small changes seems too >>> noisy to me. Should we just send an email to you and you'll update the >>> spreadsheet accordingly? Or could we just make it editable (if we are >>> worried about that in general then only for a bunch of folks) to make >>> that process more efficient? >>> >>> And how do we developer interact with you ideally in case we have >>> follow-up questions about some of the spreadsheet items? Are you on IRC >>> in one of the tor channels? Or should we write you an email? Or... >>> >>> Georg >>> >>> Hey Georg >>> >>> As for the workflow, I agree that there is no need to send out a mail >>> on tor-project with small issues. There are two strategies we can >>> follow simultaneously: >>> 1. I can give edit rights to a small group of people. This is for >>> people who regularly work on this stuff and they then may not email or >>> contact me every time, but can make the necessary updates on their >>> own. Please let me know who all to share access with. I am attaching >>> my public key and signature along. > Thanks. I'll talk to the team next Monday in our meeting (1900UTC in > #tor-meeting) figuring out how we want to handle it. Let's go with > access rights from there. I will try to join in on that meeting. In case there's anything that pops up then.. > >>> 2. People can mail me personally with the information they want >>> updated on the spreadsheet and I will take care of it. This method can >>> be used by people who will be sending out this information >>> occasionally and do not have edit rights. > Let's start with some observations: > > 1) Regarding row 30: I wonder whether Malwarebytes is responsible for > that we have https://trac.torproject.org/projects/tor/ticket/24709 where > another weird issue got resolved once this tool got disabled. I wonder > if that could help with row 26 and row 25 as well. > > 2) I think row 3 and row 18 can got together (maybe just mentioning the > two different error codes in column D. > > 3) row 21 and 40 is #24136. I wonder whether we should have just one row > for both. > > 4) re row 45: Did anybody contact the Tails people about that? Might be > worth it. At least to know whether they are aware of this issue and have > a ticket number for us for the spreadsheet. I have added #24709 as a "possible issue" for 30, 26 and 25. Have combined 3 and 18 as suggested. Also added #24136 as the ticket for 21 and 40. (Didn't combine them yet since they were listed under different operating systems, but have mentioned in both rows that the same issue exists on the other operating system) > >>> As for developer interactions, I am available on IRC on #tor-project >>> and #tor-meeting with the username pari. Let me know if you want me to >>> be active on any other channels too. (like #tor-dev) >>> And of course, writing me a mail is always another option you can >>> exercise. I usually reply within an hour. > That's perfectly fine, no worries. And welcome! > > One thing I am wondering is how the update to the spreadsheet is > working. I am especially interested in easily finding out changes over > time. How is that planned? I discussed this with Alison in our meeting on Wednesday, and for now, we have decided that I should go ahead and create a new sheet on the same spreadsheet, called 'January bugs' and 'January doubts'. That will keep track of any new issues that are coming up this month, while I will keep updating items on the older sheet as they are fixed,etc. Having just one link to the spreadsheet for several months will make it easier to keep track of things. Maybe after a few months, I can create a whole new fresh spreadsheet as this one will have way too many sheets. During the first week of every month, I will send out a mail that calls out issues and changes over the previous month, and also outlines the areas that users have been reporting for the particular month. For eg: my mail for first week of February will list the issues that have been coming up over January, and also mention issues that were fixed from the Dec spreadsheet. Let me know what you think of this! Cheers, Pari > Georg >

1 0

Notes from January 11 2018 Vegas team meeting
by Karsten Loesing 12 Jan '18

12 Jan '18

Notes for January 11 2018 meeting: Alison: 1) I'm excited to be serving on the FSF Award Committee again! 2) Amogh is going to give a Tor talk at nullcon in Goa, India next month. Helping him prepare. 3) Connected with the people in India who run Privacy Month 4) Connected to some privacy activists in Uganda 5) Preparing for a talk at the University of Washington next week. 6) LFI applications are starting to trickle in! Deadline is February 1. I continue building the curriculum and schedule. 7) Work continues on the relay ops wiki/#24497. 8) Added more content to the support portal articles. Phoul is working on the translation plan. The UX team will then get them added to the portal, which is now being built. 9) Pari sent out her user issues/bugs spreadsheet, and it's already getting a lot of use! 10) Phoul isn't making any progress with Transifex about the webml issues. He's going to follow up with me and the UX team about next steps. 11) Phoul is submitting our GSoC org application! 12) on Friday I'll go on Deutschlandradio to talk about LFP 13) Shari, gunner, Jon and I started planning the Rome meeting. Can we talk about having an "Around the Tor World" plenary? 14) Our Tor talk was accepted to LibrePlanet! I followed up with the people who agreed to present. 15) Connected with Kevin Gallagher who worked on this paper: https://www.usenix.org/system/files/conference/soups2017/soups2017-gallaghe…. He's working on a CS PhD at NYU and his thesis is about Tor. Roger: 1) Finished PETS reviews. 2) teor and I have been talking to the OVH abuse people about the current network overload, and at their suggestion I filed an official abuse ticket on Monday morning. On Tuesday they passed my "please contact us" request on to the overloaders. Here's hoping. 3) Been helping dgoulet with a technical mitigation for the overload. 4) Wrote up draft statement-of-work and budget for upcoming censorship circumvention project. Isa/Georg/Nick/Shari, hoping for feedback. 4a) We're going to want to hire one or more Snowflake devs soon. 4b) Accounting-wise, this one is cost-reimbursement, and so are SIDA and DRL and NSF, so we're going to need to get more serious about efficient time allocations. 5) I'm going to Seattle in late January for an internal-Tor coordination meeting, and to NYC in mid Feb for a conference talk and for an NYU Tor pep rally. 6) At the 34c3 relay operator meetup, we talked a lot about scheduling more in-person relay operator meetups in 2018 so we don't feel forced into going to 35c3 just for that. Alison, can you send me your notes from our Montreal conversation about the _relay coordinator_ job description? A funding proposal seems wise too. [Alison: yes, I will send you this.] Georg: 1) Fought my backlog 2) Preparations for Tor Browser 7.5 (due on January 23) 3) Coordination with the UX team about all the projects we plan to work on in Q1/Q2 2018 4) Alison: are we good with Tor folks being at Rightscon? Do we have the right people planning to come? [Alison: the proposal we ended up submitting is a panel on ethical user testing/design with Simply Secure and a few other orgs. The Tor person who is going to be on the panel is Sukhbir, who is working on the Sponsor 9 user testing. I don't know which other Tor people are planning to go.][Georg: okay, sounds good] Mike: 1) Mostly heads down working on guard stuff for 0.3.3 Nick: 1) 0.3.2 is stable; 0.3.3 alpha should be out later this month; new stable releases for other series soon. 2) Still somewhat in disarray from the winter break. Arturo: 1) Published a blog post on the situation in Iran: https://ooni.torproject.org/post/2018-iran-protests/ 2) Established partnership with the Digital Society of Zimbabwe (https://twitter.com/OpenObservatory/status/950317331493867521) 3) Started implementing the revamped OONI Explorer 4) Dealt with various infrastructure hurdles that are now, mostly, resolved or going to be resolved 5) Measurement Kit windows support is moving forward pretty well 6) Releasing today/tomorrow a new version of OONI Probe mobile with support for the Instant Messaging tests 7) Added some stuff to the Tor trac page for the Rome meeting: https://trac.torproject.org/projects/tor/wiki/org/meetings/2018Rome. Let me know if you would like to know anything in particular about Rome :) Karsten: 1) Playing Whac-A-Mole with Onionoo tickets on Trac. 2) Reviewing/revising patches to sanitize and parse torproject.org web logs. 3) Updated format of the News page on Tor Metrics, and added support for displaying ongoing events. https://metrics.torproject.org/news.html isabela: 1) closing sponsor4 work (january is the last month) 2) working on sponsor9 work plan 3) trying to keep everything else moving while i am doing the above ^^ - organized meetings this week for: 3.1) user testing in India - Antonela and Sukhbir are organizing an event in Mumbai, where they will give talks about tor and do user testing with the audience 3.2) sync with Tor Browser and UX team - 2018 will be the year of user experience revolution at Tor Browser! :) lots going on here, so we did a sync to get everyone in the same page, more here: https://storm.torproject.org/shared/s2-cU-9VsopW7SryzRzNPyQg35TB-sdcBlTFfHD… 3.3) sync with comms and community on support.torprpoject - we will probably launch this in early Feb! tasks lists and updates can be found here: https://pad.riseup.net/p/support-tpo 4) reviewing roadmaps for ux, services and network team - I also plan on organizing another big sync with all teams on roadmaps/dependencies in February as a kickoff for preparing to do new roadmaps in Rome (March).

1 0

Community Team December update
by Alison Macrina 11 Jan '18

11 Jan '18

Hello Tor World, Here's an update from the Community Team for December! December 2017 Community Team report Meeting notes December 2017 ================================================================== https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam#Curre… December was a short, but still productive month! Support ================================================================== We finalized the copy that will go into the support portal and started thinking about who should be responsible for maintaining and updating this information. We also continue to answer user questions from frontdesk@. Our Outreachy intern Pari did a lot of work on the user issues spreadsheet (and now in January it's released!). Relay operators guide ================================================================== We got a lot of work done on the relay operators guide (#24497 and here https://trac.torproject.org/projects/tor/wiki/TorRelayGuide) Tor talks ================================================================== We helped organize a Tor talk at nullcon in Goa, India for 2018. Library Freedom Institute ================================================================== LFI applications opened (libraryfreedomproject.org/lfi) and the blog post went up https://blog.torproject.org/new-program-turns-librarians-privacy-advocates. Community governance ================================================================== We finalized the draft text for the code of conduct proposal (which is now in the discussion phase on tor-internal@). Alison attended the Mozilla All-Hands meeting and met the amazing Diversity and Inclusion team. Got lots of feedback on Tor community stuff and looked at Mozilla's community participation materials. ================================================================== -- Alison Macrina Community Team Lead The Tor Project

1 0

December 2017 Report for the Tor Browser Team
by Georg Koppen 10 Jan '18

10 Jan '18

Hello! Here comes the Tor Browser status report for December 2017. In that month the team made three releases, Tor Browser 7.0.11[1], 7.5a9[2], and 7.5a10[3]. The first two releases were mainly concerned with including new Tor versions (0.3.1.9 and 0.3.2.6-alpha respectively) and fixing Firefox security bugs. Tor Browser 7.5a10 tested various fixes for inclusion in the upcoming Tor Browser 7.5. Most notably we sorted out why "Print to File" on Linux was broken[4][5], updated the security slider copy to get it more in line with what is shipped with Orfox on Android[6], and made sure CSS line-height does not reveal the user platform[7]. Non-release work focused on making progress on our remaining Sponsor 4 deliverables: getting Moat[8] and FPCentral[9] deployed. Alas, we did not finish those items in December but we plan to do so this month. Moreover, we coordinated with the UX and the network team to get several usability improvements into Tor Browser, starting from a better circuit display[10] over redirecting users to .onion websites[11] to communicating the security state of .onions better[12]. On the mobile side we worked on including all the Orfox changes into our tor-browser.git repository.[13] That way we can easily build all flavors of Tor Browser from a single repository. Additionally, work got started to make Torbutton and Tor Launcher compatible with mobile requirements. The full list of tickets closed by the Tor Browser team in December is accessible using the `TorBrowserTeam201712` keyword in our bug tracker.[14] In January we plan to get Tor Browser 7.5 out, containing lots of improvements worked on in the past weeks and months. We'll continue working with the UX team on making progress on the above mentioned projects and plan to write a proposal for streamlining the security controls visible on the Tor Browser toolbar. We plan to finally get FPCentral and Moat deployed and on our mobile side of things we hope to have all Orfox patches merged and work will be under way to adapt Torbutton and Tor Launcher to mobile requirements. A first proposal for Torbutton got already posted on the tbb-dev mailing list.[15] All tickets on our radar for this month can be seen with the `TorBrowserTeam201801` keyword in our bug tracker.[16] Georg [1] https://blog.torproject.org/tor-browser-7011-released [2] https://blog.torproject.org/tor-browser-75a9-released [3] https://blog.torproject.org/tor-browser-75a10-released [4] https://bugs.torproject.org/23970 [5] https://bugs.torproject.org/23016 [6] https://bugs.torproject.org/21847 [7] https://bugs.torproject.org/23104 [8] https://bugs.torproject.org/24689 [9] https://bugs.torproject.org/6119 [10] https://bugs.torproject.org/24309 [11] See: https://lists.torproject.org/pipermail/tor-dev/2017-December/012660.html and follow-up emails [12] https://bugs.torproject.org/23247 [13] https://bugs.torproject.org/19675 [14] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [15] https://lists.torproject.org/pipermail/tbb-dev/2018-January/000723.html [16] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…

1 0

OONI Monthly Report: December 2017
by Maria Xynou 10 Jan '18

10 Jan '18

Hello, The OONI team made steady progress in December 2017. We established three new partnerships and updated our test list documentation and several test lists. We deployed OONI Explorer based on our re-engineered data processing pipeline, and we developed a new endpoint for OONI Proteus that allows OONI Probe instances to obtain lists of URLs for dynamic testing. We also made a lot of progress on the revamping of the OONI Probe mobile apps, particularly in preparation for our next release which will include IM tests. We also participated at the 34th Chaos Communication Congress, where we presented OONI and engaged participants with OONI via our assembly. # Established new partnerships We are excited to have formally established three new partnerships! We now also have the opportunity to collaborate with: 1. Association of Freedom of Thought and Expression (AFTE) - Egypt 2. Digital Society of Zimbabwe (DSZ) - Zimbabwe 3. Campaign for Human Rights and Development International (CHRDI) - Sierra Leone As part of our new partnerships, we aim to collaborate on the stable collection of network measurements from local vantage points, the creation and maintenance of censorship measurement resources (i.e. test lists), and on reporting on censorship events. # Updated test list documentation To support community members, we updated our documentation to include a new section describing the type of research required for contributing to test lists. The updated test list documentation is available here: https://ooni.torproject.org/get-involved/contribute-test-lists/ # Updated test lists During December, we collaborated with community members on updating the following test lists: 1. Ukraine: https://github.com/citizenlab/test-lists/pull/269 2. Belarus: https://github.com/citizenlab/test-lists/pull/273 3. Russia: https://github.com/citizenlab/test-lists/pull/271 # OONI Explorer based on new pipeline As of early December 2017, OONI Explorer serves measurements based on the new OONI data processing pipeline. # New OONI Orchestrate API We have developed a new endpoint for OONI Proteus that allows OONI Probe instances to obtain a list of URLs to test dynamically. This will make it easier to provision probes with fresh test lists. See: https://github.com/TheTorProject/proteus/pull/33 # OONI Probe mobile A lot of progress has been made on revamping the OONI Probe mobile app. We have been working on preparing a release, coming out in January 2018, that will allow users to test instant messagging apps (WhatsApp, Facebook Messenger, and Telegram) for censorship via the OONI Probe mobile app. The new design mockups for iOS and Android are finalized and ready for the implementation phase. # Community activities ## 34C3 The OONI team attended the 34th Chaos Communication Congress (34C3), Europe's largest annual hacker conference on technology, society, and utopia. At 34C3, we hosted an assembly (called "OONI-verse") where we showcased OONI tools and engaged participants with the OONI project. Information about our assembly is available here: https://events.ccc.de/congress/2017/wiki/index.php/Assembly:OONI-verse We also presented OONI at 34C3 in a lecture titled: "OONI: Let's fight internet censorship, together!" (https://events.ccc.de/congress/2017/Fahrplan/events/8923.html) <https://events.ccc.de/congress/2017/Fahrplan/events/8923.html%29> Furthermore information about our participation at 34C3 is available through our relevant blog post: https://ooni.torproject.org/post/ooni-34c3/ ## LAVITS and Primavera Hacker 2017 OONI was also presented at two conferences in Chile: LAVITS and Primavera Hacker 2017. Further information is available here: https://ooni.torproject.org/post/ooni-lavits-phacker-2017/ ## Translations 1. Derechos Digitales (our partner from Chile) translated the OONI Risks documentation to Spanish: https://ooni.torproject.org/es/about/risks/ 2. In preparation for the release of new instant messaging app tests, the OONI Probe mobile apps were translated by community members to the following languages: Arabic, Traditional Chinese, Simplified Chinese, French, German, Greek, Hindi, Italian, Norwegian, Persian, Russian, and Spanish. # OONI highlights from 2017 and plans for 2018 As the end of 2017 approached, we published a blog post outlining some OONI highlights from 2017, as well as our plans for 2018 (encouraging community feedback and participation). This blog post is available here: https://ooni.torproject.org/post/ooni-in-2017/ # Userbase In December 2017 OONI Probe was run 280,924 times from 4,550 different vantage points across 210 countries around the world. This information can also be found through our stats here: https://api.ooni.io/stats ~ The OONI team. -- Maria Xynou Research and Partnerships Coordinator Open Observatory of Network Interference (OONI) https://ooni.torproject.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

December 2017 report for the metrics team
by Karsten Loesing 09 Jan '18

09 Jan '18

Hello Tor, hello world! Below you'll find the highlights of Tor metrics team work done in December 2017. On behalf of the Tor metrics team, Karsten Added three new graphs [1, 2, 3] on IPv6 servers statistics to Tor Metrics. [1] https://metrics.torproject.org/relays-ipv6.html [2] https://metrics.torproject.org/bridges-ipv6.html [3] https://metrics.torproject.org/advbw-ipv6.html Made several improvements to Relay Search [4] (formerly known as Atlas), including aggregated search [5], map [6], and visual integration into Tor Metrics [7, 8]. More details about the recent work on Relay Search were published in a blog post [9]. [4] https://atlas.torproject.org/ [5] https://atlas.torproject.org/#aggregate [6] https://atlas.torproject.org/#map [7] https://bugs.torproject.org/23518 [8] https://bugs.torproject.org/24399 [9] https://blog.torproject.org/we-made-big-improvements-searching-relays Changed ExoneraTor [10] to only serve completed dates, which excludes the current day and the day before that. [10] https://exonerator.torproject.org/ Released Onionoo 5.0-1.9.0 [11] which removes $ from fingerprints in family fields. [11] https://lists.torproject.org/pipermail/tor-dev/2017-December/012718.html Changed metrics-web and ExoneraTor from being a Tomcat web application to shipping with an embedded Jetty, and deployed these changes on all torproject.org instances for easier maintenance. Put out internal releases of metrics-web and ExoneraTor to facilitate development for new contributors.

1 0

UX team December 2017 report.
by isabela 09 Jan '18

09 Jan '18

General ======== In December the UX team got great news about funding for our big website redesign and user testing project as well as our User Testing Program. The grant finally came through and now there is nothing holding us back from getting this work done! :) We also participated at Mozilla All Hands and got closer to MOSS folks in general, we hope to keep up with the relationship since there is a lot both UX teams can learn from each other and cooperate with each other. Another thing we did was to start organizing user testing that Sukhbir and Antonela will do in India in January [1]. Got in touch with people to help organize meetups in different cities where we hope to give talks about Tor and also perform face to face user testing on the user facing work we are doing. Projects: ======= styleguide.torproject.org ---------------------------- Our styleguide isalmost ready. Weplan on doing an internal/community only launch in January (this means send emails to tor-project and ux lists) and then a public launch to the world right after with a blog post, tbd with comms team. [2] support.torproject.org ------------------------- As we described in our last monthly update, we are working on the website redesign each portal per time.The Support Portal is the first portal we are working with and is it already in development. [3] The Comms and community teams are working closely with us to define and sort the most useful content to help our users.We hope to have the content ready by January so we can start with translations! survey.torproject.org ---------------------------------------------- We are going to have our own survey platform. We have been testing Limesurvey and we are now ready for deployment. This will be an important tool for our User Testing Program. [4] Metrics team - Atlas (relay search) project ------------------------------------------------ Thanks to Teor's invite, we helped the Metrics Team (and all the Tor Community!) with #24399. [5] You can check our new set of icons here [6].Irl did an impressive job putting them together and Antonela will include them on our styleguide in January. .onion services UX projects -------------------------------- With asn from Network team, Georg from TB and Tom Ritter help, we worked on improving a couple of user experiences for .onion services. We decided to prioritize two tickets for December: Ticket : ".Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing" [7] Instead of redirecting them, we decided to prompt them for the option to switch to the .onion address. We created the mocks for the experience [8] and now asn is driving a proposal to define how the backend should work to build this experience [9]. Ticket: Communicating security expectations for .onion: what to say about different padlock states for .onion services [10] We are pretty much done with the design part of this work. Now we just need to finalize the copy and coordinate the implementation with the TB team. We are organizing all the states, their icons and their copies at a document linked in the ticket [11]. TB team - UX updates ---------------------------- Also, we are working with the Tor Browser Team on optimize our circuits display #24309[12]. We explored a bunch of options and we will continue to work on it in January with the TB team. We are planning to test some of this approaches with users during 2018 too. [1] https://trac.torproject.org/projects/tor/ticket/24513 [2] https://pad.riseup.net/p/styleguide-todos [3] https://trac.torproject.org/projects/tor/ticket/24129 [4] https://trac.torproject.org/projects/tor/ticket/23669 [5] https://trac.torproject.org/projects/tor/ticket/24399 [6] https://people.torproject.org/~irl/icons/ <https://people.torproject.org/%7Eirl/icons/> [7] https://trac.torproject.org/projects/tor/ticket/21952 [8] https://trac.torproject.org/projects/tor/attachment/ticket/21952/21952.png [9] https://lists.torproject.org/pipermail/tor-dev/2017-December/012660.html [10] https://trac.torproject.org/projects/tor/ticket/23247 [11] https://docs.google.com/document/d/1KHkj2DpmFMB0mjHEfehD5ztY2L0lQzKNtZqct1T… [12] https://trac.torproject.org/projects/tor/ticket/24309

1 0

Intent to Minimise Effort: Fallback Directory Mirrors
by teor 09 Jan '18

09 Jan '18

Hi, Fallback directory mirrors help Tor clients find the tor network, and take load off Tor directory authorities. [0] Since Tor 0.2.8, I've generated a fallback directory mirror list every 6 months or so. I'd like to minimise the amount of effort I put into this in future. (But I think it's valuable, so I won't abandon it.) I'm happy to spend half a day every 6 months to update the input lists and run automated checks on a bunch of relays [1]. But contacting relay operators to agree to go on the list (opt-in), or check their relay details, is a time-consuming process. Here's what you can do to help: * We ask relay operators to opt-in. We could ask them to opt-out (contact us to be taken off the list) instead. The opt-in list hasn't been updated for about a year, so we will have to switch to opt-outs soon to get enough good fallbacks. - If we do opt-ins, who is going to contact relay operators? - If we do opt-outs, how do we make sure operators know they can opt-out? - (And how do we make sure we get stable relays?) * I wrote down the opt-in process in [1]. Maybe it's too complicated. - Can you design a better process? * If you're good at mail merges or scripting mail, that's one way we could contact a bunch of relay operators without it being time-consuming and error-prone. - Can you do mail merges? (I can't!) * We can improve the fallback script to make it easier to use. (See [1] and [2].) - Can you write python? If anyone wants to help out with any of these things, let me know. I'm going to do a fallback directory mirror refresh some time in the next few weeks. About 12% of fallbacks have failed, and it looks like this is placing extra load on the directory authorities. [3] There's already a ticket for it [4], and I'm happy to do a minimal refresh. If we don't get 150 fallbacks from a minimal refresh, I'll switch to opt-out and see how that goes. [0]: https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors [1]: https://trac.torproject.org/projects/tor/wiki/doc/UpdatingFallbackDirectory… [2]: https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… [3]: https://lists.torproject.org/pipermail/tor-relays/2017-August/012886.html [4]: https://trac.torproject.org/projects/tor/ticket/22271 T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------

4 7

Tor Browser team meeting notes, 8 Jan 2018
by Georg Koppen 08 Jan '18

08 Jan '18

Hi! The first Tor Browser meeting in 2018 finished about one hour ago. The meeting notes are at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-01-08-18.59.log… And the notes from the pad are: Monday, January 08, 2018 Discussion: - Tor button proposal mcs and brade: Since December 18th: - Worked on Moat integration for Tor Launcher (#23136) and pushed code to torproject.org repo. - Helped a little with bug triage. - Took time off for Christmas and to spend time with family. - Did end of 2017 stuff for our company. Planned for this week: - Work on Moat integration loose ends (#23136), - Note that review and deployment is waiting for BridgeDB server deployment (#24432). - Review Igor's Torbutton proposal. - Look at stall due to LZMA consensus diffs (#24826) and other new tickets. igt0: Did: - Reviewed sysrqb Orfox tor-browser branch - Sent tor button proposal Planned for this week: - Update proposal after comments - Take a look in the tor browser setting extension, we can make it part of the tor button for mobile. - Look at the Fortify C extension and verify why is it disable on firefox for android(https://bugzilla.mozilla.org/show_bug.cgi?id=1415595) sysrqb: Past: -Pushed first tor-browser branch including Orfox patches for review (#19675) -https://github.com/sysrqb/tor-browser/commits/tor-browser-52.5.2esr-7.5-2_attempt0_1 -Began writing proposal for tor-launcher re-write/migration for webextensions -This should be completed and emailed tonight -Began reading about Firefox sandboxing and IPC -Looked (a little) at Sandboxed Tor Browser This week: -Finish tor-launcher proposal and email it -Finish investigating Firefox sandboxing on Android (why it is disabled?) -Read Igor's proposal -Review comments on Orfox patches and begin making branch merge-ready - Look at new Orfox tickets (#24753, etc) and tbb-mobile keyword -Oh, and look at/think about https://bugzilla.mozilla.org/show_bug.cgi?id=1415595 (enabling FORTIFY_SOURCE on Android) pospeselr: Did: - so much email - took off the week between xmas and new-year - researched root cause of #15599 ( Range requests used by pdfjs are not isolated to URL bar domain ) XMLHttpRequest object derives the firstPartyDomain (and other various attributes) from a generic nsIGlobalObject object passed in, normally this is an nsIWindow associated somehow with the JS context, but for the rangeRequest in the Web Worker the method used for creating the request just passes in a generic global object associated with the system principal (which is why we get put on the default circuit) - investigated a couple of possible avenues to resolving via changing: pdf.js, Web Worker code, pdf.js : XMLHttpRequest doesn't seem to support overwriting the firstPartyDomain via JS so dosn't seem to be much we can do here Web Worker : actually has a copy of the firstPartyDomain and friends associated with it, but we seem to lose the association by the time the JS is running This week: - investigate how we can get the window or worker actually associated with the running JS; comments in the code suggest there is a way to do so, they just opted to use a generic global because it was easier boklm: since december 18: - published the 7.5a10 release - worked on #24514, #23892, #23911, #24197 - took some time off this week: - work on getting windows builds away from precise (#18691) - look at the Win64 nsis build issue (#23561) - start looking at the work for having tor-browser-nightly updates (#18867) arthuredelstein Since december 18: Took time off Finished and posted a new revised patch for https://trac.torproject.org/projects/tor/ticket/22343 Investigated https://trac.torproject.org/projects/tor/ticket/21805 Opened and posted a patch for https://trac.torproject.org/projects/tor/ticket/24702 Started work on rebasing to mozilla-central for nightly rebase This week: Continue rebase work Review some Mozilla bugs for the uplift team https://trac.torproject.org/14952 GeKo - since december 18 * took time off (from dec 21 to jan 5 inclusive) * worked on the new clang toolchain https://trac.torproject.org/projects/tor/ticket/21777 * got STACK running with Tor Browser/Firefox * fought my backlog today - this week * reviews * 7.5 release planning * work on the design doc update (this has to be done before 7.5 is getting released) * start proposal for A2.1 of the OTF contract (security features/button and how to show them on the toolbar) * generic tor browser team admin things isabela - finishing sponsor4 reports - organizing UX and TB sync for wed (more coming via email0 - building sponsor9 work plan (lots of user testing! related to the work we will talk about on wed) tjr Have been working on Spectre/Meltdown work Going to send an intent to implement on the canvas permission prompt to Mozilla to gather feedback: https://github.com/w3c/permissions/issues/165 Would like to work on more MinGW build stuff; but Spectre stuff will take priority Georg

1 0

Network team meeting notes, 8 Jan 2018
by Nick Mathewson 08 Jan '18

08 Jan '18

Happy new year! Our meeting logs are visible here: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-01-08-17.59.html And below are the contents of our pad: ====== Network team meeting pad, 8 January 2018 "My first name is a random set of numbers and letters And other alphanumerics that changes hourly forever My last name, a thousand vowels fading down a sinkhole To a susurrus" -- Aesop Rock, "Shrunk" Welcome to our meeting! Every Monday at 1700 UTC 1800 UTC on #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! Note the meeting location: #tor-meeting on OFTC! (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Meeting notes from last week meeting: * https://lists.torproject.org/pipermail/tor-project/2017-December/001602.html Old Announcements: - On the roadmap spreadsheet: Please take january tasks. (If somebody else has already taken something you want, please talk to them and/or add yourself too.) https://docs.google.com/spreadsheets/d/1Ufrun1khEo5Cwd6OwngERn829wU3W3eskdr… - Soon it will be It is now time to triage 0.3.3.x tickets. Please make yourself the owner of tickets in that milestone that you will do. - The meeting time is now 1800 UTC. - Let's have some proposal discussions. Isis kicked off the process here: https://lists.torproject.org/pipermail/tor-dev/2017-December/012666.html - We are planning a single-day pre-planned highly-focused hackfest before the Rome Tor meeting - teor: Jon says we will have a venue for the pre-Rome hackfest - komlo: Should there be a Rust update/planning session? What should we prepare/do beforehand to help this be planned/highly-focused? - Please check in with the roadmap; december is almost over as a working month! What isn't getting done? How are we doing? Announcements: - Tor 0.3.2.8-rc came out two weeks ago - review-group-28 is open, there are 11 tickets left in needs_review: https://trac.torproject.org/projects/tor/query?status=needs_review&keywords… - 0.3.2.9 should come out tomorrow Discussion: - strategy/plan for addressing current network issues. dgoulet, nickm, teor, isis try to figure it out. [dgoulet] +1, I would like to know what is the current status as the information is a bit scattered around in too many emails :S. * Let's come up with gsoc ideas . In Rust? [] * Is our team days for Rome "final" (as in, can one book flight tickets now - they are cheap from .dk right now) ? [I think so, but please confirm with Jon? -nickm] teor: - Last few weeks: - PrivCount fixes - Code reviews - Tried to help relay ops with network load issues - Made the fallback list easier to parse, and added a spec - Did a fallback directory rebuild with pastly, we're going to merge the new list soon - Revised some of the IPv6 patches - This week: - Implement (more) PrivCount onion service stats - Get the test network running new IPv6 consensus code - Specify a common format for the authority list and fallback list pastly: fallback directory stuff (code review and script running) with teor asn: Last weeks: - Continued reviewing #13837 and #23101. Some bugs were found that need to be addressed before merging this patchset, but looking pretty promising so far. Currently testing the old branch, and waiting for a new branch from mike to test further. - Also reviewed #24634. - Helped triage remaining 0.3.2 bugs. - Found two more prop224 bugs on my clients and services. Notified dgoulet (they are on the pad) about them but still not in trac. They seem rare enough that they shouldn't delay 032 release. - Removed the guardfraction feature from the codebase (#24456). - Attended CCC and participated in the Tor Q&A. Had various discussions about Tor, onion services and their use cases, bandwidth authorities, mixnets, etc. - Did some more thinking on what to do about the future of bandwidth authorities. Did a post with future avenues: https://lists.torproject.org/pipermail/tor-dev/2017-December/012703.html and also discussed with a few people how to pick it up in the future, but we should certainly prioritize inside the network team for this to work. - Helped with a Tor meetup in Athens: https://trac.torproject.org/projects/tor/wiki/org/meetings/AthensTorMeetupJ… Some people volunteered to implement the name system proposal for Tor. I'm not hyper confident about this, but I'll do a meeting with them and see where it goes. This week: - Handle any remaining post-holiday post-CCC backlog. - Continue testing #13837 and #23101. - Attend RWC in Zurich. Hoping that this will refresh my brain with some more research stuff and talk to more people about Tor. Nick: Last week: * Worked on bugs * Triaged all vacation email; caught up some. * Wrote PETS reviews * Tried to merge things and stay up-to-date * Fixed windows and rust+arm failures on jenkins * Tried to triage away some 032 issues * COPE WITH SNOWSTORM This week: * Release 0.3.2.9-something: * With Geoip update * With fallback-dirs update. * Should it be called "stable"? * Update stable releases too, perhaps? * inbox zero * Review some tickets in review-group-28 * Followup on proposal 285 (utf-8) * Followup on proposal 286 (hibernation API) * Pick final set of 033 tickets to hack on. * COPE WITH MELTING SNOW Mike: Last week/break: - Got back from break, dealt with email and paperwork - Tried to keep up with DoS discussions and CBT-related tickets This week: - Work on #13837 and #23101 - CBT-related DoS tickets. Am I needed on any? (I've CCed you on some) dgoulet: Last week: - AFK. This week: - Coming back to life. Dealing with backlog this morning. - Organize the remaining work I need to do before the feature freeze which includes either going through the 580+ tor-bugs@ email I got or just mark them as read and look at Trac instead so I don't go too mad. - I want to follow up on the network load situation to see where we are at with the team. - Review, Patch, Review, Test, Repeat... ahf: Last week('ish'): Sponsor 8: - Met with Benjamin from The Guardian Project at 34c3 to talk about his issues with Tor memory limits on Apple iOS. - Been investigating memory patterns in Tor using DTrace and instruments (macOS tool). - Wrote an experimental patch to add DTrace probes in Tor (https://gitlab.com/ahf/tor/tree/feature/dtrace) - Did the Q4 reporting for S8 (before the holidays). Misc: - Went to 34c3 and went to all the Tor things I could find scheduled :-) This week: Sponsor 4: - Look into GeKo's #24826 (LZMA speed problems with Tor Browser). - Zstd parameter tuning (#24368) Sponsor 8: - Talk with David about his tracing (src/trace) code in Tor and what the long term roadmap is. - Finish DTrace patch and ensure it works nicely on macOS and FreeBSD. - Look into using SystemTap for Linux (DTrace'ish system with same API, but works on Linux). Misc: - Help out with release issues(?) komlo: - It would be helpful for someone to review #23881 (wrap tor's logging system for use from Rust) - I have some questions about what level of refactoring we want/need on the C side - This week: At RWC! catalyst: Last week (2018-W01): - reviewed some code (including #24733 unaligned access) - investigation for #24661 (accept reasonably live consensus for guard selection) - dealing with contractors - fighting virus This week (2018-W02): - work on #24661 - summarize possible guard selection timestamp issues - look over Pari's user queries/errors list for sponsor8 purposes - possible follow up about free() macro single-evaluation stuff - follow up about CoC stuff as it arises - more dealing with contractors (the joys of discovering previous owner's deferred maintenance items!) - still fighting virus isabela: January is the last month for sponsor4 so I am working on closing that up. Still dont know the status on Moat (isis: any update?) sponsor8 Q4 report is due in January so I will be working on that and pinging - nick, alex and catalyst for help whenever needed [this is due Jan 31 - I have other priorities, so I might actually be done by end of the month on this one - does this timeframe helps? Timeframe on that? -nickm] I also plan on working on organizing the network team - so we can get started on 2018; might recruit some people for help on that too [please grab me to help as needed. let me know in advance -nickm - will do!] Submitted proposal for OTF that includes .onion services work (during holidays)

1 0