- tor-project - lists.torproject.org

Crash Reporter for Tor Browser - GSoC 2017 Intro
by Nur-Magomed 12 May '17

12 May '17

* Didn't change the title in previous letter, sorry :/ Hi everyone! My name is Nur-Magomed, I’m 4th year student from North-Caucasus Federal University, Russia. This summer, I will be working on Crash Reporter for Tor Browser as a part of GSoC 2017. My mentors are: Tom Ritter - Primary Mentor, Georg (gk) - Backup Mentor. At the beginning I would like to thank all Tor dev community and my mentors that helped me and accepted my proposal, I’m glad to be a part of Tor dev community! About project Crash Reporter will be helping developers to improve Tor Browser, find bugs and crash reasons easier, that would make Tor Browser more stable and user-friendly. Mozilla Firefox has the crash reporter based on Google BreakPad with server side - Mozilla Socorro. My summer work is focused at adapting Firefox Crash Reporter for Tor Browser (Linux version). And also adapting Socorro for changed Crash Reporter and run it as “.onion” service. Full project proposal can be found at blog [1] or in PDF file [2]. Project timeline GSoC coding period starts on May 30 and ends on August 21 comprising a total of 12 weeks: week 1 - 5 : Crash Reporter client side | +--- week 1+2 : Build Tor Browser with Crash reporter. Improving crash data minidumps generator (don’t save privacy data in reports) | +--- week 3 : Redesign report’s client UI form, making functionality to delete data after sent, removing not necessary UI functions | +--- week 4 : Adapting report’s sender for Tor network (sending through Tor network) | +--- week 5 : Testing and review code week 6 - 11 : Crash Reporter server side based on Socorro | +---week 6+7 : working on Collector, adapting it according to changed minidumps | +---week 8+9 : updating DB structure, adapting Processor (for DB and for Collector’s reports) | +---week 9+10 : Working on statistic site - updating design templates, ORM classes for DB, and etc. | +---week 11 : Testing and review code. Setting up service on Tor network. week 12: Final testing, documentation Before coding will start there are some tasks to do (I'm starting work): > be sure which ones of fields or of their combinations could be privacy-sensitive > find the best way that explains to user what happened and what he can do after crash (in UI design) > try build Tor Browser with Crash Reporter from Firefox [for Linux] I will send bi-weekly status reports to this list, and also public it on my blog [1]. Please don’t hesitate to contact me if you have any suggestions. E-Mail: nmagoru [at] gmail.com IRC (OFTC): nmago Time Zone: UTC+03:00 Kind regards, Nur-Magomed Links: [1] https://torcrashreporter.wordpress.com/2017/04/03/google-summer-of-code- proposal-crash-reporter-for-tor-browser/ [2] https://torcrashreporter.files.wordpress.com/2017/05/final_proposal.pdf

2 1

Re: [tor-project] Welcome Nur-Magomed!
by Nur-Magomed 12 May '17

12 May '17

Hi everyone! My name is Nur-Magomed, I’m 4th year student from North-Caucasus Federal University, Russia. This summer, I will be working on Crash Reporter for Tor Browser as a part of GSoC 2017. My mentors are: Tom Ritter - Primary Mentor, Georg (gk) - Backup Mentor. At the beginning I would like to thank all Tor dev community and my mentors that helped me and accepted my proposal, I’m glad to be a part of Tor dev community! About project Crash Reporter will be helping developers to improve Tor Browser, find bugs and crash reasons easier, that would make Tor Browser more stable and user-friendly. Mozilla Firefox has the crash reporter based on Google BreakPad with server side - Mozilla Socorro. My summer work is focused at adapting Firefox Crash Reporter for Tor Browser (Linux version). And also adapting Socorro for changed Crash Reporter and run it as “.onion” service. Full project proposal can be found at blog [1] or in PDF file [2]. Project timeline GSoC coding period starts on May 30 and ends on August 21 comprising a total of 12 weeks: week 1 - 5 : Crash Reporter client side | +--- week 1+2 : Build Tor Browser with Crash reporter. Improving crash data minidumps generator (don’t save privacy data in reports) | +--- week 3 : Redesign report’s client UI form, making functionality to delete data after sent, removing not necessary UI functions | +--- week 4 : Adapting report’s sender for Tor network (sending through Tor network) | +--- week 5 : Testing and review code week 6 - 11 : Crash Reporter server side based on Socorro | +---week 6+7 : working on Collector, adapting it according to changed minidumps | +---week 8+9 : updating DB structure, adapting Processor (for DB and for Collector’s reports) | +---week 9+10 : Working on statistic site - updating design templates, ORM classes for DB, and etc. | +---week 11 : Testing and review code. Setting up service on Tor network. week 12: Final testing, documentation Before coding will start there are some tasks to do (I'm starting work): > be sure which ones of fields or of their combinations could be privacy-sensitive > find the best way that explains to user what happened and what he can do after crash (in UI design) > try build Tor Browser with Crash Reporter from Firefox [for Linux] I will send bi-weekly status reports to this list, and also public it on my blog [1]. Please don’t hesitate to contact me if you have any suggestions. E-Mail: nmagoru [at] gmail.com IRC (OFTC): nmago Time Zone: UTC+03:00 Kind regards, Nur-Magomed Links: [1] https://torcrashreporter.wordpress.com/2017/04/03/google-summer-of-code-pro… [2] https://torcrashreporter.files.wordpress.com/2017/05/final_proposal.pdf

1 0

GSoC 2017 - Introduction: unMessage
by Felipe Dau 11 May '17

11 May '17

Hi everyone! I am Felipe, one of the students accepted into GSoC this year. I am a Computer Engineering student at the Federal Technological University of Parana (UTFPR) in Brazil, studying Anonymous Communication on a research project lead by David R. Andersen [0], who is also my advisor. Since I joined the project three years ago, we have mostly worked on pyaxo [1], nymserv [2], nymphemeral [3], and recently, unMessage [4] - check them out! unMessage is a peer-to-peer instant messenger that provides privacy and anonymity to its users. In order to achieve that, it uses the Double Ratchet Algorithm [5] for encryption, Onion Services [6] for transport metadata minimization and its own protocol for application metadata minimization. unMessage is still in alpha stage, there are many things to explore, research and develop, and improving it is the GSoC project I am going to work on while mentored by dawuud [7] and meejah [8]. Specifically, we are going to: - Improve its setup script [9] - Use attrs [10] - Support file transfer [11] - Add a logger [12] - Make functions/methods asynchronous [13] - Add a test suite [14] Depending on the development of each task, it is possible that there will be more time available to: - Use automat [15] - Support offline messages [16] Although we selected a couple of user features, most of the tasks are architecture centered to increase its quality and maintainability. unMessage has potential to become a great app the community can benefit from, providing useful features and a good user experience for private and anonymous communication - this project is a big step in this direction. More information can be found in the GSoC proposal [17], documentation [18], GitHub page [4] and issues tracker [19]. Feel free to contact me as well: OFTC: dau Email: dau(a)riseup.net PGP: 0xC5A49047572A0D47 Having this opportunity means a lot to me. I am looking forward to start working with the Tor community and continue to do so after the summer. Thank you very much! I would like to thank David R. Andersen, who has been my advisor since we started working together, developed unMessage with me and has always been supportive. I also would like to thank Patrick Schleizer, HulaHoop and meejah for the support and contributions since the first unMessage release. This project has only made possible because of you! Thanks, -Felipe [0]: https://github.com/rxcomm [1]: https://github.com/rxcomm/pyaxo [2]: https://github.com/rxcomm/nymserv [3]: https://github.com/felipedau/nymphemeral [4]: https://github.com/AnemoneLabs/unmessage [5]: https://whispersystems.org/docs/specifications/doubleratchet [6]: https://www.torproject.org/docs/hidden-services.html [7]: https://github.com/david415 [8]: https://github.com/meejah [9]: https://github.com/AnemoneLabs/unmessage/issues/35 [10]: https://github.com/AnemoneLabs/unmessage/issues/34 [11]: https://github.com/AnemoneLabs/unmessage/issues/12 [12]: https://github.com/AnemoneLabs/unmessage/issues/30 [13]: https://github.com/AnemoneLabs/unmessage/issues/21 [14]: https://github.com/AnemoneLabs/unmessage/issues/33 [15]: https://github.com/AnemoneLabs/unmessage/issues/36 [16]: https://github.com/AnemoneLabs/unmessage/issues/32 [17]: https://gist.github.com/felipedau/8b48c6fde875e673f62d7569a27f254a [18]: https://unmessage.readthedocs.io [19]: https://github.com/AnemoneLabs/unmessage/issues

1 0

OONI team status report April 2017
by Arturo Filastò 10 May '17

10 May '17

Hello Tor! Here are some updates related to what the OONI team has been up to in April 2017. # OONI Monthly Report: April 2017 The OONI team made steady progress in April 2017. We released the stable version of ooniprobe's distribution for Raspberry Pis ("Lepidopter"), as well as the beta version of our data processing pipeline. We created proof of concepts for the orchestrator backend and the client component, and we improved the monitoring of our infrastructure. We also made progress towards new ooniprobe mobile and desktop releases which feature improvements based on community feedback and translations in 4 additional languages. Below we provide some highlights from OONI's activities in April 2017. ## Stable release of ooniprobe's distribution for Raspberry Pis ("Lepidopter") We released the stable version of ooniprobe's distribution for Raspberry Pis (lepidopter). It includes the latest version of ooniprobe (2.2.0), as well as a series of improvements and bugfixes. The full changelog for this release can be found here: https://github.com/TheTorProject/lepidopter/blob/master/ChangeLog.md#lepido… To install this version of the image follow the instructions detailed here: https://ooni.torproject.org/install/lepidopter/ ## Proof of Concept (PoC) for orchestrator backend We have implemented a proof of concept prototype for the OONI orchestrator backend specified here: https://github.com/TheTorProject/ooni-spec/blob/master/opos/OONI-Probe-Orch… In this iteration of the probe orchestration mechanism (source code available here: https://github.com/TheTorProject/proteus) The following functionality is supported: * Ability for probes to register with the orchestration registry (https://github.com/TheTorProject/proteus/tree/master/proteus-registry) * Ability for probes to update the metadata about their probe (https://github.com/TheTorProject/proteus/tree/master/proteus-registry) * Support for sending push notifications via Apple Push Notifcation service and Firebase Cloud Messagging (https://github.com/TheTorProject/proteus/tree/master/proteus-notify) * Support for administrators to schedule measurements via a web interface (https://github.com/TheTorProject/proteus/tree/master/proteus-frontend) * Ability for probes to receive the tasks they have been notified about and mark them as accepted, rejected or done (https://github.com/TheTorProject/proteus/tree/master/proteus-events) * Multiple architecture build system The next steps include the deployment of the testing infrastructure for the orchestration backend and starting to test it out inside of the mobile apps. ## Proof of Concept (PoC) for orchestrator in probe A proof of concept prototype was written to support orchestration inside of measurement-kit: https://github.com/measurement-kit/measurement-kit/pull/1210. The client component supports the basic orchestration workflow that includes: * Probes registering with the orchestration system; * Probes updating the probe metadata; * Probe listing the tasks they should be running; * Probes accepting, rejecting and concluding a task. A sample command line interface that demonstrates the full orchestration workflow has also been implemented to do end-to-end testing. ## New ooniprobe releases We worked towards new releases of ooniprobe in April. The latest version of ooniprobe includes: * Integration of OONI's HTTP Header Field Manipulation test into ooniprobe mobile apps * Improvements to ooniprobe based on community feedback * Translations in 4 additional languages: Arabic, Farsi, Russian and Greek * Support for Right-To-Left languages in ooniprobe mobile and ooniprobe desktop ooniprobe now supports a total of 9 languages: English, Arabic, Farsi, Russian, Hindi, Spanish, French, Italian and Greek. ## Beta version of next-generation pipeline The pipeline is ready to process data on a daily basis, it has already reduced our storage usage by factor of ~3x enabling faster data processing. The pipeline still has some bugs to be investigated and some features to be implemented to replace prev-generation pipeline, but all stability bugs are fixed at the moment. The beta version of the pipeline can be found at https://github.com/TheTorProject/ooni-pipeline/pull/62 ## Improvements to OONI infrastructure We have done a series of improvements to the OONI infrastructure, including adding support for better monitoring based on prometheus: https://github.com/TheTorProject/ooni-sysadmin/pull/106 (and https://github.com/TheTorProject/ooni-sysadmin/pull/108) Some probes for sending us notifications when some of the core infrastructure components (bouncer, collectors, test-helpers, ooni-explorer and ooni-measurements) go down have been setup. You can inspect the public stats by accessing the grafana frontend to prometheus at the following URL (username: guest, password: guest): http://prometheus.infra.ooni.io:3000/ ## Outreach and community engagement On 7th April we presented OONI at the International Journalism Festival (IJF) in Perugia, Italy. Information about our talk, titled "Uncovering Internet Censorship", can be found here: http://www.journalismfestival.com/programme/2017/uncovering-internet-censor… We also hosted our monthly community meeting on https://slack.openobservatory.org/ on 25th April (meeting minutes: http://meetbot.debian.net/ooni/2017/ooni.2017-04-25-15.59.log.html) As part of the meeting, we discussed the translation of ooniprobe and approaches for upcoming data visualizations. ## Userbase In April 2017 ooniprobe was run 57,471 times from 1,535 different vantage points across 158 countries around the world. This information can also be found through our stats here: https://measurements.ooni.torproject.org/stats ~ The OONI team

1 0

Network team meeting notes, 8 May 2017
by Nick Mathewson 08 May '17

08 May '17

Hi! Our meeting logs are available from http://meetbot.debian.net/tor-dev/2017/tor-dev.2017-05-08-16.59.html Below is the text of the pad we worked on this meeting, with all our status updates. --------------------------- Network team meeting notes, 8 May 2017 ============================ Discussion topics: - Last week of merge window. Please help review? [NM] - Don't forget your needs_revision tickets (if any) [NM] - some problems brewing re directory downloads and guards? (#21969) [TY] - network team hackfest! Post meeting: - Please look at all tickets in maint-0.3.1 https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… - If you're the owner on it, and it's a feature that's not going to happen for 0.3.1 -- please defer or find somebody else to do it this week? - If it's in "new" and you're going to do it, please make it accepted or assigned? - If it's in needs_revision -- can you revise it? - If it's in needs_review -- can you review it? ============================ Nick: - Last week: - Finished consensus-diff implementation - Hacked together a connsensus-compression backend for ahf's prop278 work - Review, merge, review, merge. - Worked on fixes to some longstanding chutney bugs - Met with UX folks and TBB folks and PT folks to talk about bootstrapping UI - Met with Taylor to work on bootstrapping status report API, talk about faster bootstrapping - This week: - Review code and try to merge it. - Tor presentation at MIT class on Wednesday (6.858). - Complete or defer all my enhancement-y coding tasks for 0.3.1.x - Make tickets for ideas about faster bootstrapping in 0.3.2 komlo: - Last week: - Submitted for review additions to the torspec glossary (#21744) - Added notes to, excited for Sebastian's initial Rust patch (#22106) - This week: - Still working on a rust protover. Right now, implementing compute_vote & thinking about how to translate smartlists between Rust/C FFI - Helping with current bwauth code on #21846, thanks teor for the review catalyst: last week: - fixed #22103 by deleting useless checks - several rounds of followup fixes due to test case memory management! - Tor Launcher usability meeting - met with nickm to outline an improved model of bootstrapping so we can hopefully have a better UX in the future - did some research into exponential backoff techniques (we're not doing too badly, but maybe we should tune our constants?) - analyzed my obfs4 bootstrap stuff a bit more; wrote up some comments and uploaded a log file to #21969 - helped nickm with #22143 this week: - help nickm refine the bootstrap status reporting improvements - more obfs4 bootstrap failure analysis? - other bootstrap UX improvement work asn: Last week - Finalized the rend e2e circuit branch (#21859) and now it's in needs_review for 0.3.2. - Finalized ed25519 validation branch (#22006) and now it's in needs_review for 0.3.1. - Think about guard discovery stuff. - Open a new prop224 spec ticket (#22052). Waiting for feedback. - Posted some theories in #21969 This week: - Work on #21043: prop224 client-side descriptor fetching - Do some SponsorR bookkeeping. - More guard discovery stuff. Mike: Last week: - Reviewed Prop247 and commented in email. - Padding and Rusting This week: - Meeting with Isa about Bridge discovery, other things - More padding, more rusting pastly: - we submitted our KIST paper last week - investigating EWMA cell_count values vs Tor queueing time - sometimes Tor queue times are longer than their expected minimum possible - this could be okay. but what type of clients are being queued longer? Bulk? Bulk and web? - if any circuits are being held back in Tor, it should be ones with higher EWMA values (bulk). Verify that. ahf: Last week (unordered): Sponsor 4: - Read up on directory connections: the dirserv and directory module. - Started pushing patches for bug #21667 on `bugs/21667` on gitlab.com/ahf still a few things left to do. - Landed patches for #21665. - Reviewed: #22143, #21649, #21650. Coverity duty: - Patches for CID: 1405875 (bug #22177): Needs an additional patch to enhance the test. - Patches for CID: 1405876 (bug #22164): Should be OK. This week (ordered): Sponsor 4: - (review nickm's #22148) - Finish bug #21667 (prop #278). - Look at Nick's changes in #21668 + write/fix tests for it. - Help Nick with reviews when need be for consdiff (if any?) (#22148 plz) dgoulet: Last week: - Finalized unit tests for #20657. Then, followed by stress testing prop224 service. Many bugs were found but it's getting more and more stable. - Opened #22173 which will be needed by prop224 at some point. - Some minor review of couple of tickets for 031 merge. - Help asn for a Guard discovery mini dev meeting. - Most prop224 groundwork tickets have been merged now in 031! Woot! (#21888) This week: - Continue integration and stress testing #20657. I do have identified some issues that need to be resolved. Once this is getting more stable, I'll probably jump on client implementation with asn (final block!). - Need to review and integrate the HS e2e crypto branch from asn (#21859). isis: last week: - meeting with nick to discuss things to work on - spent some time thinking about what i want out of employment/contract - implemented more of the crypto we need for hyphae - fought with Mike Hamburg's decaf_25519 implementation to try to get testvectors - mostly took the week off this week: - arranged a meeting with isa for this week, to brainstrom hyphae UI - send notes from meeting with nick to shari - still taking time off isabela: - last week I sent notes of tor launcher automation meeting - following up on some to fthat this week - Almost done with DRL review and will email deliverables to stakeholders this week - last week I did prep work for new hires (lots of new hires coming with new proposals!) hopefully will start writing job posts this week (not publish them yet) - this week will work sponsor4 report for April - this week will help organize hackfest

1 0

Notes from May 4 2017 Vegas team meeting
by Karsten Loesing 08 May '17

08 May '17

Notes for May 4 2017 meeting: Nick: 1) Digicert renewals (plural) 1.1) blog.torproject.org (expires june 14.) 1.2) fa-blog.torproject.org (seems not to be used? redirects to blog.tpo) 1.3) petsymposium (not needed any more; we switched to let'sencrypt?) 1.3.1) Plan: see if we can move it all to letsencrypt; if not, tell nick and he'll renew. 1.3.2) Update: during the meeting, arma asked weasel and weasel said he'd migrate the blog cert to letsencrypt. nickm's current plan is to renew nothing. 2) Personnel: adding an engineer 3) Possibility of sprint to work on guard discovery resistance? Roger: Things to discuss: 1) Torcoin. Trademarks in general. 2) Status of blog conversion? 3) GSoC decisions come out todayish. Things I did in the last week: 4) I published our 2015 financials, and helped Linus publish some corp docs 5) I finished my two PETS reviews 6) I did several more talks and panels (Miami, Denver, Philly), to help the public understand "the dark web" Todo: 7) Writing Defcon submission (due today) 8) I should write up SponsorR milestones for Brad 9) Brad and I should make a plan re NSF foreigner funding question 10) Fastly blog post 11) Organize PETS stipends 12) Answer guard discovery meet-up thread 13) Answer VG and Comcast conference invite 14) Look at Linda's website mail 15) execdir@ forwards to Colin Alison 1) More content creation for support portal 2) More grantwriting 3) Lots of trainings last week/this week/this month 4) Other stuff the community team is working on: Global South meeting ideas, Global South outreach/training and the coordination thereof, relay operator support, membership guidelines. Shari 1) Lots of productive meetings in New York last week. Good meeting with Mitchell Baker of Mozilla this week. Doing followup this week. 2) Hired a writer (Tommy Collison) who starts 5/20. Circulating job description for communications director. Figuring out tasks for new writer. 3) Researching strategic planning for open source projects. Reached out to Sue Gardner about Wikimedia. Also looking at processes used by Mozilla and Red Hat. 4) Settled on dates for Montreal meeting. We should start thinking about team meeting day. 5) Lots of edits on lots of grants. 6) Talking with lots of folks about Tor's place in Internet of Things. Karsten: 1) Finally submitted funding proposal that was due April 30. 2) Made OnionPerf's onion service measurements available on Tor Metrics as beta. 3) Started preparing for metrics-lib 1.7.0 and 2.0.0 releases this month and possibly the next, with a planned blog post in June. 4) Started using Harvest for time tracking. 5) Got a new CollecTor mirror up and running. Georg: 1) Mainly worked on fixing Tor Browser 7.0 related bugs 2) Cross-team coordination for the bridge automation work Mike: 1) Refreshed the Guard discovery (Prop247) branch and reviewed currently open questions for a meeting. 2) Followed up with Mozilla's IoT person. Didn't hear back (spam filtering of @torproject.org?) 3) Helping with Bridge testing design 4) Meeting with Isa next week. Hopefully we will both also have a chance to talk to an an ethnographic researcher doing work on anonymity. Isabela: 1) Submitted Metrics proposal 2) Working on proposal review questions - if all goes well we think this work will start in July. 2.1) Will send email with deliverables list to all stakeholders to start preparing teams for this work 3) Had meeting on Tor Launcher automation work (trying to see what are the dependencies on different teams (under different sponsors deliverables) - sending out a summary this week as well as some next steps 4) Lots of new hiring coming up with proposals being approved - I am starting to prepare the work for drafting those job posts, defining the positions and will reach out to stakeholders to coordinate writing. 5) Hiro - had progress on blog migration work - we will need to freeze it for some time and will coordinate that with the community. 6) Linda is working on wireframes for the new portals / she is doing this work with a volunteer for now. She will be at Stockholm internet freedom event from SIDA 7) Plan on sending roadmaps to tor-project list / and send user growth strategy update Arturo: 1) Made a great deal of progress in implementing the client side component of orchestration 2) We now have 100% ooniprobe translations in Greek, Farsi, Arabic and Russian that are going to be part of next weeks release

1 0

Community Team report - April 2017
by Alison 04 May '17

04 May '17

Hi all, Here are the meetbot logs for the last two community team meetings, which covered our work in April: http://meetbot.debian.net/tor-project/2017/tor-project.2017-04-19-18.01.log… http://meetbot.debian.net/tor-project/2017/tor-project.2017-05-03-18.02.log… Here is what we've been working on in April: - Members of the Community Team conducted trainings or gave Tor presentations for Political Research Associates (US), University of Michigan (US), Tennessee Library Association (US), Open Data Camp (India) - Derecho Digitales submitted a proposal to OTF for their Tor relay/public awareness/workshops/training campaign in Latin America. They are in discussions with NoiseTor to help with this campaign as well. - Support portal meetings now happen every Monday with members of the UX and Community Teams. The Community Team's current priority for the portal is creating all the q&a content. View our progress or help us out here: https://gitweb.torproject.org/support-portal.git/tree/plain. - We are in the early ideas phase of planning for the Outreach Portal, which will be another component of the website redesign. This page will include things like training materials, and outreach calendar, and information for relay operators. - We are making a list of Transifex contributors to send them tshirts! - We officially ratified the Social Contract: https://gitweb.torproject.org/community/policies.git/tree/social_contract.t…. - We collected and reviewed feedback from the Tor Meeting in Amsterdam. - We worked on preliminary planning for a future Tor Meeting to take place in the Global South. So far, most of the ideas for locations are in Latin/South America. - There are now two public channels for discussion of Tor outreach in the Global South: tor-south(a)lists.torproject.org and #tor-south on IRC in OFTC. - We are writing two grants: one for Global South outreach, and one for Library Freedom Project. -- Alison Macrina Community Team Lead The Tor Project

1 0

SponsorR Status Report April 2017
by George Kadianakis 04 May '17

04 May '17

Hello, here is the April 2017 report for SponsorR: - During April, we moved forward and resolved tons of tickets on prop224 groundwork implementation that we hope to merge in tor-0.3.1: https://trac.torproject.org/projects/tor/ticket/21871 https://trac.torproject.org/projects/tor/ticket/21889 https://trac.torproject.org/projects/tor/ticket/21891 https://trac.torproject.org/projects/tor/ticket/21919 https://trac.torproject.org/projects/tor/ticket/21978 https://trac.torproject.org/projects/tor/ticket/21980 https://trac.torproject.org/projects/tor/ticket/22052 - Continued work on the service-side part of prop224: https://trac.torproject.org/projects/tor/ticket/20657 We are currently testing the hidden service code using chutney, and splitting it into smaller branches to ease review. - Lots of design discussion on protecting onion addresses against phishing attacks: https://lists.torproject.org/pipermail/tor-dev/2017-April/012123.html Also research on validating ed25519 public keys to avoid equivalent onion addresses: https://lists.torproject.org/pipermail/tor-dev/2017-April/012225.html We posted our ed25519 pubkey validation code: https://trac.torproject.org/projects/tor/ticket/22006 - Published technical report about relays we found camping the HSDir hash ring to monitor directory activity of hidden services: https://lists.torproject.org/pipermail/tor-dev/2017-April/012161.html - More discussion on the name system proposal (prop279): https://lists.torproject.org/pipermail/tor-dev/2017-April/012126.html

1 0

PETS 2017 registration is open
by Roger Dingledine 04 May '17

04 May '17

For those wanting to go to PETS this year, registration is open: https://petsymposium.org/2017/registration.php (If you go, be sure to arrange to stay for the Saturday hike as well.) --Roger

1 0

Job Opening - Communications Director
by Erin Wyatt 02 May '17

02 May '17

Hey Everyone! We are announcing the Communications Director vacancy today. The job description is pasted below, is attached in PDF format, and can be found on our website at https://www.torproject.org/about/jobs-comm-director.html.en. Please help us spread the word by posting, forwarding, tweeting, etc. Thank you! :) Cheers, Erin Wyatt HR Manager ewyatt(a)torproject.org GPG Fingerprint: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE p.s. We also have a new writer/editor person! Email introduction later today. (OMG, the suspense!) :D Internet Freedom Nonprofit Seeks Experienced Communications Director The Tor Project, Inc., a 501(c)(3) nonprofit organization that provides technical infrastructure for privacy protection over the Internet, is seeking a Communications Director to help us tell the world about our important work. The ideal candidate will have at least five years of experience talking with the press and leading social media campaigns. The ability to explain technical concepts to non-technical audiences is essential. This senior level position will report directly to the Executive Director and will be part of the organization's leadership team. The Communications Director will set and guide the strategy for all communications and public relations messages to consistently articulate the Tor Project's mission. Tor software is built by a mix of paid staff and volunteers. This job includes working closely with this diverse, international community of people who make Tor and related software products. This is a hands-on position for a highly skilled communications professional with a fierce passion for technology and social media. Responsibilities: Represent the Tor Project to the press. Write press releases, handle press calls, and distribute media calls to appropriate members of the Tor Project community. Train staff and community members on media and coach/prep/debrief them for specific media calls. Manage the Tor Project's social media presence. Develop the Tor Project's social media strategy and oversee staff and volunteers who contribute to our social media efforts. Publish the Tor Project's weekly newsletter, Tor Weekly News (TWN). Translate technical software releases posted to our blog so the general public can better understand the Tor Project’s work. Maintain the press section of the torproject.org <http://torproject.org/> website. Collect, organize and post the Tor Project's press clippings to the website. Develop and distribute an organizational press kit. Manage the Tor Project's media contacts. Help to write and edit content for the Tor Project's upcoming website reorganization. Be a key member of the reorganization team. Write and update the Tor Project's one-pagers and other information pieces distributed at conferences and talks. Coordinate speaking opportunities and conferences for Tor Project staff and community members. Maintain the Tor Project's website calendar of speaking engagements. General writing and editing responsibilities as required. Qualifications: Excellent verbal, written, and editing skills in English; fluency in other languages is a plus. Commitment to helping Tor Project developers be regarded as respected global resources for information about open source anonymity and privacy technologies. Demonstrated skill and comfort in proactively building relationships with top tier reporters and editors, and in positioning subject matter with the media to achieve high-impact placements. Demonstrated experience with complex and high profile social media engagement. Comfortable with highly technical topics and ability to explain them clearly and accurately to non-technical audiences. Knowledge of and appreciation for the free and open source software movement. Demonstrated experience with issues management, including media crisis management, and driving more advantageous coverage of the organization, its projects, and its people. Strong generalist understanding of the basic mechanics of how the Internet works, as well as issues related to privacy, security, censorship, and surveillance. Experience with, or willingness to learn how to use, communications and collaboration technologies such as PGP, IRC, Jitsi, WordPress, and etherpads. Hard working and highly organized with superior attention to detail. Highly collaborative with experience working with and as part of remote teams. Self-starter who thrives on working independently with a dispersed workforce. Experience working or living outside the United States is a plus. Fundraising and fundraising communications experience is a plus. Willingness to travel to international meetings twice a year. Excellent social skills and a sense of humor. The successful candidate will probably hold a Bachelor's degree in journalism, communications, marketing, public relations or a closely related field. The ideal candidate will be energetic, unflappable and flexible, and will thrive in a highly-technical collaborative environment. The Tor Project's workforce is smart and committed. Experience working with open source communities and/or a dedication to Internet civil liberties are added pluses. The Tor Project currently has a paid and contract staff of around 25 developers and operational support staff, plus many thousands of volunteers who contribute to our work. The Tor Project is funded in part by government research and development grants, and in part by individual, foundation and corporate donations. Flexible salary, depending on experience. The Tor Project has a competitive benefits package, including a generous PTO policy; 13 paid holidays per year (including the week between Christmas and New Year's, when the office is closed); health, vision, dental, disability, and life insurance paid in full for employee; flexible work schedule; and occasional travel opportunities. This is a full-time position. The Tor Project’s main office is in Seattle, and we’d be delighted to supply a desk for the Communications Director there, however, this job can be done remotely. Knowledge of media and press contacts within the United States is essential. To apply, send a cover letter and your resume to hr(a)torproject.org <mailto:hr@torproject.org> with the subject "Communications Director." Tell us why you think you're the right person for this job, and please include links to writing samples. No phone calls please! The Tor Project, Inc., is an equal opportunity, affirmative action employer.

1 0