- tor-project - lists.torproject.org

GSoC 2017 Ahmia status update #4
by Pushkar Pathak 22 Jul '17

22 Jul '17

Hello everyone, This is the bi-weekly status report for Ahmia - Hidden Service Search ## Fixed broken statistics page Statistics page has been fixed and is working at 'ahmia.fi/stats/'. [0] ## Linking structure of onions Linking structure of onions is visualized at '/stats/link_graph/'. [1] The data for popularity of domains according to clicks and backlinks is not currently available. This graph will be updated once this data is available. Next task is to update documentation and software dependencies. Thanks, Pushkar Pathak [0] : https://github.com/ahmia/ahmia-site/commit/142a661ed638cb4ef28a4bcba3814c5f… [1] : https://ahmia.fi/stats/link_graph

1 0

GSoC 2017 - unMessage: Report #4
by Felipe Dau 22 Jul '17

22 Jul '17

Hi everyone! This is my report #4 for the unMessage GSoC project. # Updates Since the last report I continued working on #21 [0] to properly use Twisted: - Finished making the Peer class' methods asynchronous - Installed the reactor in both UIs - Removed support for the Peer class running/calling its own reactor from a thread as now both UIs pass one to the constructor I also started changing some other parts that should not depend on IO to just make objects talk to other objects to simplify writing unit tests for #33 [1]. # What's next As #21 and #33 are complex tasks, I will continue working on them in the next period of GSoC. This period was more focused on using Twisted correctly (#21) and the next one will be more focused on testing (#33). More details on these tasks can be followed in the respective tickets [0, 1] and branches [2, 3]. Thanks, -Felipe [0]: https://github.com/AnemoneLabs/unmessage/issues/21 [1]: https://github.com/AnemoneLabs/unmessage/issues/33 [2]: https://github.com/felipedau/unmessage/tree/21/deferreds [3]: https://github.com/felipedau/unmessage/tree/33/feature/test-suite

1 0

GSoC 2017 - Crash Reporter for Tor Browser: Report #4
by Nur-Magomed 21 Jul '17

21 Jul '17

Hi everyone! This is my bi-week status report for GSoC project "Crash Reporter for Tor Browser". # The work was focused on Crash Reporter server side: - we took Mini-Breakpad-Server (MBS) [1] instead of Socorro: there were problems with setting up Socorro and we decided to make work version with MBS; - splitted it into 2 services [2]: MBS-Submit (to get reports that's sent by Crash Reporter client) and MBS-View (to view gotten reports). # What's next We plan consider carefully Crash Reporter data fields (that sends) and making reproducebly build TorBrowser with enabled Crash Reporter. Kind regards, Nur-Magomed [1] https://github.com/electron/mini-breakpad-server [2] https://github.com/nmago/mini-breakpad-server/commit/da3e4ed015a288ef7261bb…

1 0

Notes from July 20 2017 Vegas team meeting
by Karsten Loesing 21 Jul '17

21 Jul '17

Notes for July 20 2017 meeting: Nick: 1) Spoke to EFF lawyers concerning licensing on specs and proposals; will speak to Shari about what they said. 2) Helped Isabela a bit with modularization proposal Alison: 1) finishing support wiki, would like to have blog post out next week after support meeting 2) "support team" meeting Monday to talk about streamlining support efforts 3) Tommy and I are talking today about future funding for outreach 4) writing FOSS/Tor cultural norms doc for onboarding 5) Colin is plugging away at the RT backlog 6) Colin is also getting ready to appear on a podcast. Yay for more people doing public speaking about Tor! 7) Colin is doing some GSoC coordination 8) asked the unconscious bias trainers for the information we wanted. waiting for a reply. Shari: 1) What do we need to do to move forward with Montreal meeting agenda planning? 2) David Goulet asked about a documentary filmmaker who'd like to film people in Montreal. Thoughts? 3) Reached out to new strategic planner. 4) Signed contract with new auditor. 5) Lots of grant proposals and reporting. 6) Scheduled conversation with lawyers to renew our trademarks on Tor Project and onion logo. Steph: 1) Bug bounty launched. Will be sharing throughout today and sporadically to follow. Post on our site + at H1 (great q&a with gk!). Has so far been picked up by ZDNet, Threatpost, VentureBeat, probably more to follow. 2) Still working with Giant Rabbit on our newsletter. Should be on the last step: creating a form for people to subscribe directly and feed into CiviCRM. 3) Lining up blog content in an editorial calendar so we can always post at least 1/week. Maintaining other posting schedules: linkedin: 1/wk. twitter: 3-6/day. fb: 1-2day. 4) Outlined comms goals for MDF grant, helped with editing. Will map out more in depth goals / strategy to come. 5) Creating templates. Have ppt, docx, pages. Need to create odf versions. 6) Working back through press inquiries, compiling press list and published articles. Georg: 1) I worked on the bug bounty program launch. Thanks to all who helped getting this finally going. 2) Hiring process for desktop browser dev seems to move forward pretty well. Worked on the mobile browser dev descriptions as well. Isa: What needs to be done to move those forward? (I guess we wait on input from Nathan and/or Mike)? 3) I spent some time looking at the GSoC project related to Tor Browser (the crash reporter mentored by Tom) 4) Sponsor4 work Brad: 1) Shari and I have selected new CPA firm, Lindley & Associates, to provide audit and tax preparation services for TPI 2) Fieldwork for 2016 audit will begin in August; some audit work on fiscal year ending June 30, 2017 will be performed concurrently 3) Working with Jon to streamline travel & expense tracking for Montreal meeting 4) Last Friday, July 14, was the first pay date with our new US-based payroll provider ADP. Any issues to report? Arturo: 1) The OONI Partner gathering went very well and so did CLSI (CitizenLab Summer Institute) 2) I am going to be away on vacation from the 26th of July until 11th of August. 3) The beta version of the measurements API is live: https://measurements-beta.ooni.io/ and the re-engineering pipeline has been generating the data for it and running since a week or so. We hope to be able to deprecated the legacy pipeline in a couple of months. 4) We are a bit late with the ooniprobe-mobile app release and are still wrapping up some of the remaining dev work to be done for that 5) For sending push notifications and showing messages in the mobile app of users we have setup a CMS that seems to suck less than others (https://getgrav.org/) May be of interest to infrastructure people. Karsten: 1) Wrote initial input for MOSS award final report. 2) Deployed new CollecTor 1.2.0 on both hosts, started working on CollecTor 1.3.0 release. 3) Still looking into fixing some broken statistics for the last week of June 2017.

1 0

Fwd: Submit a session proposal for MozFest 2017!
by Tom Ritter 20 Jul '17

20 Jul '17

Deadline is August 1st Festival is October 27-29 in London It would be great if Tor had some representation! -tom ---------- Forwarded message ---------- From: Tom Ritter <tom(a)mozilla.com> Date: 18 July 2017 at 08:50 Subject: Fwd: Submit a session proposal for MozFest 2017! To: Tom Ritter <tom(a)ritter.vg> ---------- Forwarded message ---------- From: Christopher Lawrence <clawrence(a)mozillafoundation.org> Date: Mon, Jul 17, 2017 at 1:36 PM Subject: Submit a session proposal for MozFest 2017! To: all-moco(a)mozilla.com Cc: Sarah Allen <sarah(a)mozillafoundation.org>, MoFo Executive Team <exec(a)mozillafoundation.org> Hi everyone, I just wanted to follow up with what Sarah Allen discussed on today’s project call. The eighth annual MozFest will take place in London from Friday October 27 - Sunday October 29. It’s the most ambitious iteration of the festival yet, and a key moment for the global network for Internet health to convene, organize and act. Propose a MozFest session today. The festival’s sessions, speakers and workshops are built to foster collaboration across disciplines, borders and continents. We’re ready to face the biggest issues of the day -- from fake news, online harassment and global cyberattacks to inclusion, innovation and web literacy -- together, with an eye toward practical, open source solutions. This year, the festival will feature six spaces -- physical and thematic areas based around broad topics related to Internet health -- delivering a variety of talks, sessions, code sprints, artwork and hands-on workshops. Read more about the MozFest spaces. I’d like to personally invite you to propose a session, workshop or demo that is hands-on, educational and encourages collaboration. As Mozillians, your creativity, expertise, and contribution to the open web will allow you to contribute to a growing global network. Also we would love and appreciate your help in two additional ways: Share the call for proposals with your personal network. We’re striving to have a huge diversity in voices taking part in the discussion about Internet health. You can find a sample email, along with photos and graphics, here to share with your networks. Tweet! Suggested Tweet: How will you keep online freedom and opportunity alive on the web? Submit your #MozFest proposal: https://mozillafestival.org/proposals We look forward to reading your session ideas. The deadline for submissions is August 1. Chris ______________ Christopher Lawrence V.P. Leadership Network Mozilla Foundation t: @chrislarry33 s: chrislarry33 e: clawrence(a)mozillafoundation.org m: +1.718.757.0843

2 1

Network team meeting notes, 17 July 2017
by George Kadianakis 19 Jul '17

19 Jul '17

Hi; we had our regular meeting. Logs here: http://meetbot.debian.net/tor-dev/2017/tor-dev.2017-07-17-17.00.html And updates below: ================== teor (not online): Last week: * Took a few days leave, because winter [wow winter!!!] * Fixed some bugs in PrivCount's circuit and cell counting * Got a PrivCount code review from Nick (thanks!) and made tickets for it * Wrote some tor cell packing & unpacking code, so stem can learn to talk ORPort #18856 https://github.com/teor2345/endosome * Found some tor bugs that might affect link padding (#22934, #22948) This week: * Implement some more PrivCount features * Deploy and Run PrivCount Single Onion Service counts * Plan and book Montreal travel * Maybe do cell crypto in endosome komlo (most likely won't be able to make today's meeting) Last week: - Submitted patches for #22905 and #22830 (thanks Isis for splitting!) - Booked Montreal trip This week: - I am going to follow nickm's fuzzing guide to fuzz rust protover, as the last step before submitting this for review. dgoulet Last Week: * The load and configure v3 service patch was merged!!! (#21979) * Addressed multiple things found in #20657 by asn * Continue the prop224 client implementation (#17242) * Important issue found for prop224 service, asn's opened the ticket in #22940. This week: * Address asn's review on #20657 so we can put it back in needs review for nickm and thus upstream merge. * Continue client implementation #17242. * Roger's Defcon talk on July 28th is my hard deadline to have a working alpha product of prop224 so we can give the world a branch to play with. isabela: Last Week: - got the sponsor4 june report out - start working with brad on info for nsf reports (because storm was down the progress report part got delayed) This week: - will catch up on PT discussion - will work on tor launcher automation update (if possible) - will be at PETS catalyst: Last week (2017-W28): - helped Roger with sponsor3 reporting - started more aggressively tagging stuff with sponsors - laptop and phone brain transplants (Apple, Y U make iCloud Keychain "Local Items" unusable after migration?) - helped atagar with some stem bugs #22894 #22902 - helped isis with some Travis CI stuff #22636 - .onion UX stuff - Trac meeting - made some progress on learning enough about chutney to make a #20532 test case This week (2017-W29): - packing and moving! (see earlier email message for details) - more review of #22636 - more #20532 pastly: - KIST code still available on gitweb. Need to talk to dgoulet sometime about reviewing - KIST still running on my relay and dgouelet's IIRC - Want to update tickets, but want to put in as little work as possible. Ideally would just attach paper or something, but it wasn't accepted and don't want its first publication to be an attachment on some ticket. Talking to co-author. - Attempts at measuring network latency. Last week: home-grown with RIPE Atlas. Meh. This week: Ting. nickm: Last week: - Review and merge on lots and lots of things, incl HS work - Chase down misc bugs on odd platforms, fix them. (including zstd 1.3.0) - Initial review and comment on the preliminary tor privcount patch series - Finish triage on tor-unspecified, start marking some sponsors' tickets in 0.3.2-alpha milestone This week: - PETS - Livetweet PETS? - Talk with collaborators about sponsor2/anti-fingerprinting stuff - Hack, time permitting [WARNING: SSH HATES ME RIGHT NOW; THIS INTERNET CONNECTION IS TERRIBLE] asn Last week: - Mad review of #20657. Got familiar with the code and now I'm getting deeper with testing. - Reviewed #22803. - Started coding #22735. Not an easy task but very important for prop224. - Started maintaining a pad with open prop224 tickets, so that we can organize development/merging better as time gets closer: https://pad.riseup.net/p/LPVY6AL_prop224_upstreaming - (Had no real time for prop247 simulation stuff...) This week: - Write patches for two major open service-side issues: #22735 and #22940 - Continue review of #20657. - More prop224 frenzy. ahf: (traveling - will miss the meeting). Sponsor 4: - Extended our analyzer to include all Tor traffic such that we can see which percentage the directory traffic amounts to. - Started writing the outline of a blog post for blog.tpo about the Sponsor 4 work. Sponsor 8: - Read up on what the proposal includes for the network team. - Kick off meeting with Nick on Sponsor 8. - Looked into how to do battery measurements on the Android platform and trying to figure out how I can make it as reproducible as possible when on a physical device and if it is possible to track in an emulator (the wakeups only). - Read up on using Guardian Projects orbot to get Tor onto a device on Android as an apk. This week: Sponsor 4: - Discuss results with Nick for the dir / total traffic part. - Finish blog post about Sponsor 4 work. Sponsor 8: - Follow up on tasks from the Tuesday kick-off meeting: look at Nick's results with which functions that are running in a timer and do network $stuff. - Get more knowledge of the Android platform work. isis: last week: - made a server for BridgeDB's CAPTCHAs so that we can serve them to moat too #15976 - made a cmdline option to see the expiration date for a tor signing cert #17639 - polished up and fixed a Travis config for tor #22636 - investigated and fixed some problems with rust builds #22830 #22905 - opened some other rust build system integration tickets #22906 #22907 #22909 - reviewed #22349 (on gitlab!) and #22916 - reviewed and cleaned up #19476 - removed some dead/obsolete code in rephist.c #19871 - started moving the internship forward this week: - more work on getting the intern started and set up - get review/feedback for moat CAPTCHA api #15976 - start writing moat backend server #22871 - revising farfetchd #15876 - maybe getting a service set up for farfetchd?

1 0

Expanding our people page
by Damian Johnson 18 Jul '17

18 Jul '17

Freedom! Sweet GSoC-less freedom! Ok, lets ruin it. Between newhires and new volunteers Tor is growing quite a bit right now and a common complaint I've heard for years is that our community makes it maddeningly hard to figure out who's who. Yes, for many of us this is intentional but for others it's not... "Who's that arma guy I was talking with on irc? He seemed nice. Ok, thanks. Now which of these people is Roger? Great. And, what does he do?". Multiply that by ninety dev meeting attendees and it's no wonder we drive our lovely hair-pulling newcomers to early baldness. For much of our community this anonymity is intentional and we definitely don't want to muck with that, but I suspect some opt-in information from those of us ok with it could make our community a lot easier to join. As such I'd like to run the following questionnaire among our tor-internal@ membership... * Would you like to be listed on the 'core people' webpage [1]? If so... * What name or alias would you like to be called? * Provide a description for the page of what you do. * Would it be ok to list your IRC nick? If so, what is it? * Would it be ok to list your OpenPGP key? If so what is your public key? * Is there a photo or image you'd like to have displayed? Many folks will say 'heck no' to much of this and that's perfectly fine. The last question is a bit of an experiment where I'm curious if we can pattern ourselves after the EFF's page [2]. Maybe this won't pan out but here's my thoughts... * Newcomers first come to know us by cryptic irc nicks that look akin to truncated sha256 digests. Pictures may make our community feel friendlier and more approachable. Note this *doesn't* need to see a photo. For example see Mark Burdett and Ben Burke on the EFF page. * Maybe a page of smiling faces and cartoon turtles will be helpful to Shari for her upcoming fund raiser? Maybe this'll work, maybe it won't. My hope is that folks will have fun coming up with a picture to represent them, but maybe too few people will to make it work. Who knows - worth asking. ;) Thoughts? This dovetails nicely with my role maintaining tor-internal@ so I'd be happy to keep it up to date as we continue to grow our community. Cheers! -Damian [1] https://www.torproject.org/about/corepeople.html.en [2] https://www.eff.org/about/staff

14 31

Fwd: Cybersecurity and cryptography ebooks in our new bundle!
by Shari Steele 17 Jul '17

17 Jul '17

Hey all. Name your own price for cybersecurity and cryptography ebooks! And while I love EFF (one of their chosen charities), I encourage you to choose "select a new one" and then do a search for Tor Project. You can always select us in this way for any Humble Bundles you purchase. Shari > Begin forwarded message: > > From: "Humble Bundle" <contact(a)mailer.humblebundle.com> > Subject: Cybersecurity and cryptography ebooks in our new bundle! > Date: July 17, 2017 at 11:22:36 AM PDT > To: ssteele(a)eff.org > Reply-To: contact(a)humblebundle.com > > <http://track.cordial.io/c/102:5969310af4ab4ee605cf8d98:ot:56c3e4e8733462ca8…> > <http://track.cordial.io/c/102:5969310af4ab4ee605cf8d98:ot:56c3e4e8733462ca8…> > Pay what you want for a bundle of ebooks on > cybersecurity, hacking, cryptography & more! > <http://track.cordial.io/c/102:5969310af4ab4ee605cf8d98:ot:56c3e4e8733462ca8…> > Secrets and Lies: Digital Security in a Networked World, Applied Cryptography, The Art of Deception, Social Engineering, and other great titles from Wiley > Get it now! <http://track.cordial.io/c/102:5969310af4ab4ee605cf8d98:ot:56c3e4e8733462ca8…> > Supporting: > <http://track.cordial.io/c/102:5969310af4ab4ee605cf8d98:ot:56c3e4e8733462ca8…> > Pay what you want for a bundle celebrating comics greats Kirby & Eisner! > <http://track.cordial.io/c/102:5969310af4ab4ee605cf8d98:ot:56c3e4e8733462ca8…> > Check it out! <http://track.cordial.io/c/102:5969310af4ab4ee605cf8d98:ot:56c3e4e8733462ca8…> > <http://track.cordial.io/c/102:5969310af4ab4ee605cf8d98:ot:56c3e4e8733462ca8…> <http://track.cordial.io/c/102:5969310af4ab4ee605cf8d98:ot:56c3e4e8733462ca8…> <https://track.cordial.io/c/102:5969310af4ab4ee605cf8d98:ot:56c3e4e8733462ca…> <http://track.cordial.io/c/102:5969310af4ab4ee605cf8d98:ot:56c3e4e8733462ca8…> > > This email was sent to ssteele(a)eff.org <mailto:ssteele@eff.org> > unsubscribe from this list <https://track.cordial.io/optout/index.php?mcID=102:5969310af4ab4ee605cf8d98…> | update your preferences <https://www.humblebundle.com/newsletter-update?id=56c3e4e8733462ca89422378> > © 2017 Humble Bundle Inc. | 201 Post Street 11th Floor | San Francisco, CA | 94108 > >

1 0

Notes from July 13 2017 Vegas team meeting
by Karsten Loesing 14 Jul '17

14 Jul '17

Notes for July 13 2017 meeting: Arturo: 1) We ran the OONI Partner gathering in Toronto and it went well. 2) Now attending CLSI where we have many OONI Sessions Alison: 1) About to submit the Sappi graphic design grant for making LFP posters 2) Need to start creating the schedule for the Tor Meeting 3) Working on code of conduct draft with Catalyst 4) Putting finishing touches on support wiki, writing blog post for it 5) Organized meeting for support team 6) A few members of the community team lost a bunch of data stored on Sandstorm, appears to be unrecoverable :( 7) Phoul continues to work with Trusteer to solve issues with blocking Tor Browser/Firefox ESR 8) I'd like to start organizing the Tor meeting schedule next week sometime. Karsten: 1) Put out CollecTor 1.2.0 release, started working on 1.3.0, to be released by end of the month. 2) Worked on a specification of sanitized bridge descriptors. 3) Will be working on MOSS final report and blog post over the next very few weeks. Isabela: 1) Reports and invoices: finished june report for sponsor4 - sent out last invoice for MOSS, got back from them a request for final report and blog post Brad: Is Sponsor 4 ready to invoice now? 2) Working on NSF reports - met with Brad yesterday - got a little blocked because of storm issue but started working on pads for each NSF grant to collect report information. 3) working with Linda on website redesign - preparing the tpo information architecture doc so we don't loose track when building wireframs. We got comms team looped in in the project now. For July Linda will continue to work on the website wireframes+organzing content/functions; update tor launcher wireframes and organize user testing for onion browser onboarding project 4) working with hiro on issue tracker 'benchmarking' table (requirements from survey, vs gitlab and trac has to offer). Hiro is also working on the grant pipeline form and on remaining tor blog tasks. 5) long pending stuff that i never get to finish - tor launcher feature brief update, growth strategy update - hope to get to those :( [Sandboxing planning, Tor Messenger strategy; just two things that might be missing on your list :) GeKo] ! true and PT POC 6) will be at PETS next week o/ Steph: 1) Preparing for bug bounty launch: Tor blog post, H1 q&a blog post, coordination with H1 on press outreach, OTF will support on social media. Projected launch date: next Thurs 2) Finalizing newsletter, will likely send by Tues. Running a lot of tests with Civi 3) Upcoming content: bug bounty, safety hierarchy of diff ways to access Tor, Tor 6 mos metrics, sha2017 4) Tommy and I have joined website redesign convo, adding commments. Copy to come later 5) Maintaing consistent posts on FB (at least 1/day), twitter (3-6/day), linkedin (1/week). Analytics up over the past month. Nick: 1) All's well with the network team afaict. 2) Trying to get everything straightened out with timesheets, expenses, etc. Thanks to Brad and Sue for all their help! (Am I supposed to confirm that expenses/travel were preapproved?) Brad: I verify proper approval before we issue expense reimbursement. No need to confirm on your end, but please note any concerns you have re: lack of proper approval and/or potentially unallowable charges during your review (Nick: Thanks, Brad!) 3) Roger -- please look at Taylor's notes wrt sponsor3 and let us know if we're on the wrong track? 4) Done with massive ticket triage and labeling on tor: unspecified. Started to sponsor-label some of our tickets 5) At PETS next week. Georg: 1) I Helped with the bug bounty launch planning 2) I worked on moving the browser dev hiring forward (we are almost ready to start with the coding tasks) 3) Isa -- Where are we with the job postings for the mobile work? [Question: would the description of the current browser dev be the same for the mobile work?] [not exactly. we could certainly reuse parts but we need to add mobile specific things (knowledge of Java might certainly be a good thing; experience with mobile development as well etc.)] 4) Did we figure out the timesheet management questions? <- we are still working on it Brad: 1) Closing the books and performing final review for fiscal year-end 2) Completed final steps of conversion to ADP for US-based payroll processing (first paycheck is July 14) 3) Updating grant/contract sub-ledgers to reflect budget-to-actuals through June 30 4) Gathering info to assist arma with annual reports due for Sponsors M, V, 2 & 3 6) Creating detailed travel budget for Montreal meeting based on invite lists 7) Working with Jon to overhaul spreadsheet he uses to track attendees for Montreal meeting 8) PETS meeting next week: should we expect to receive any large invoices that are to be paid out of TPI's PETS fund? Mike: 1) Helping with the Tor Browser hiring 2) Emailing researchers about changes to padding code and fixing bugs 3) Meeting with folks at PETS next week Shari: 1) Lots of loose ends requiring bits of my attention. 2) Working on final report for donation database. 3) Worked with Jon to get invitations out; can we send the last ones? 4) Answering lots of questions for MDF general operating grant. 5) I have to answer DRL questions. 6) mikeperry, did you see my email about Mozilla/Amazon? Please respond to it about whether you'll be around to help!

1 0

Update from Tor's Community Council
by Jens Kubieziel 13 Jul '17

13 Jul '17

Hi friends, I am writing on behalf of the Community Council with some updates. We wanted to be in touch and let folks know what we have been up to since the recent election. We have had several meetings with the new Council (Alison, qbi, Linda, Hiro, Gunner). We are enjoying working together. In the near term, we are prioritizing the drafting of policies and procedures for the Council. Our plan is to draft these sequentially and then ask for community input once we think specific policies and procedures are ready for feedback. Procedures we are drafting include case handling, Council operations (e.g. when and how we meet), and Council elections. Policies we are drafting include conflict of interest, operational security (in particular what we store and where), and confidentiality (what is and is not confidential). We welcome anyone interested to reach out to any or all Council members if you have input, questions or concerns you would like to share We'll continue to update the community at least once a month. thanks, -- Jens Kubieziel http://www.kubieziel.de Weisheit ist mehr als Wissen: Es kommt darauf an, was zu tun ist, und nicht, was zunächst getan werden soll. Herbert Clarke Hoover

4 4