- tor-project - lists.torproject.org

Tails report for May 2017
by sajolida 06 Jun '17

06 Jun '17

Find our May 2017 report online here: https://tails.boum.org/news/report_2017_05/

1 0

May 2017 report for the metrics team
by Karsten Loesing 06 Jun '17

06 Jun '17

Hello Tor, hello world! Below you'll find the highlights of Tor metrics team work done in May 2017. On behalf of the Tor metrics team, Karsten Added new visualizations of OnionPerf onion server measurements to the Metrics website [1]. [1] https://metrics.torproject.org/torperf.html?start=2017-03-03&end=2017-06-01… Experienced a sustained increase in requests to the Onionoo [2] servers from 800/sec ~4k/sec for almost 1 week, which could finally be handled by increasing the number of front-end servers from 2 to 5 and reducing the TLS RSA key size from 4k to 2k. [2] https://metrics.torproject.org/onionoo.html Released metrics-lib version 1.7.0 [3] which adds support for newly added fields in Torperf/OnionPerf files and extra-info descriptors, streamlines some method names, and fixes a few bugs. [3] https://lists.torproject.org/pipermail/tor-dev/2017-May/012261.html Performed an analysis of adding Laplace noise to directory-request statistics to evaluate whether the resulting statistics would still be sufficient for estimating user numbers, but concluded that this still needs more research. [4] https://trac.torproject.org/projects/tor/wiki/org/teams/MetricsTeam/Obfusca…

1 0

Network team meeting notes, 5 June 2017
by Nick Mathewson 05 Jun '17

05 Jun '17

Hello! Below are our notes from this week's meeting on #tor-dev The meeting log is availble here: http://meetbot.debian.net/tor-dev/2017/tor-dev.2017-06-05-17.00.html ============================ Network team pad, for 5 June Meeting (or 6 June, for those >= UTC +5) Things we should talk about: * Let's do something about that crashing bug [TROVE-2017-00{4,5} , I assume?] (remember: anything in this pad is public, even if you delete it, it's in the history) (Currently discussing on network-team-security.) * Can we please not use Google Docs? They don't work for teor in Tor Browser #22478 (Noted.) * should isa go to wimlington for 1 day? (could be usefult for organizing drl and tor launcher auto feature tasks) [dgoulet] Might be useful for me at least since I'm going to the DRL meeting after in Montreal. * Do we want to Add noise to PaddingStatistics? #22422 [teor, mikeperry, ... } ] * What is our path towards calling sponsor4-bw-usage work completed? [isabela, nickm, ahf] Tasks for after the meeting: * Team rotation calendar for June is open: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRot… * PLEASE TRIAGE 0.3.1.x TICKETS. That is, make sure that what you own is what you will do. If there is something that must be done, and you won't do it, make sure there's a plan :) * "Does anybody see any "needs_revision" or "new" or "reopened" tickets on 0.3.1 that it would be a Bad Idea to defer? If so let's make sure they are assigned, and/or "high" priority." teor: Last week: * Released PrivCount 1.0.0: https://github.com/privcount/privcount/blob/master/ReleaseNotes.markdown * Found some trouble with the ed25519 link handshake in my test authority logs #22460 * Opened Reduce REACHABLE_TIMEOUT in test networks #22463 * I think dgoulet would like this so when a chutney relay is killed, it disappears * Opened Stop using GeoIP country after buf has gone out of scope #22490 (Please feel free to grab any of the bugs I have opened.) This week (or month): * Revise: Make clients wait before trying to bootstrap from a directory authority #17750 * Update the config on my test net authorities * Design Hidden Service Upload Statistics for PrivCount 1.1.0 These are the simplest and safest stats we could collect: * How many descriptors are uploaded per HSDir? * How many intro points per descriptor? (Histogram, HSv2 only) * How many bytes per descriptor? (Histogram) How many bytes per HSDir? * How many different descriptor versions are uploaded? (Histogram) haxxpop Last week: * Read some prop224 service code of dgoulet * Review a bit of asn's client side descriptor fetching This week: * Continue reviewing asn's code asn [Unlikely I'll be around for the meeting. It's some orthodox christian national holiday here today.] Last week: - Finalized #21403. It's now on David's hands. - Did more guard hackfest prep and sent out homework mail. - Pushed #22430 but it now needs revisions. - Pushed #22052 which got merged. - Reviewed #22460. This week: - More hackfest preparation. - More proposal247 cleanup. - Travel prep. - Travel! Mike: Last week: - At Seattle office! - Got Adaptive Padidng stuff running in chutney. Working with Marc Juarez on making real histograms. (mikeperry/adaptive_padding-draft-rebsed2). This week: - Continue to test AP code and add features to help research - Prep for guard meeting, maybe send out some more links Nick Last week * More "unspecified" triage. I'm up to #10000 * Diagnose and fix 22460, 22466 * Planning on sponsor8 work This week: * Reminded tor-relays about EOL for 0.2.4, 0.2.6, 0.2.7 on 1 Aug. * More "unspecified" triage. * Merge fixes for 22460, 22466, TROVE-2017-004, TROVED-2017-005; put out releases. * Prep for delaware meeting komlo Last week: - Finished implementing protover API in Rust (but it still needs refactoring) - Added more Rust coding standards to https://trac.torproject.org/projects/tor/wiki/RustInTor, feedback welcome (the wiki is a work in progress, more to come) This week: - Refactor/basic clean up of Rust protover, get ready for wider review - Hackfest prep catalyst: Last week: - [sponsorM] more delving into control.c and bootstrap reporting. lots of messy stuff happens by side effect. - #22413 check libzstd version at configure time - Community Team meeting - reviewed #22466 - [sponsorM] Tor Launcher meeting - bug triage - commented on #22469 (exitpolicy syntax inconsistencies) This week: - prep for Wilmington meeting - dig more into whether TLS timeouts or our retry schedule more strongly delays bootstrapping ahf: Last week (unordered) - Working on #22275 (prop #278 merge to dir-spec.txt). - Cleaning up the test cases in #22497 - Reviewed bug fixes for #6298 - Oniongit testing. - Got ESTA approved for traveling to the US. This week: - Close sponsor 4 tasks: #22275 + look and compare measurements. - Help out with 0.3.1 issues! - See if I've not already looked at some of the things in asn's hackfest homework email. - Travel to the US! isabela: - work on writing sponsor4 may report - figuring out how to 'declare done' sponsor4 core team activity: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/Sponsor… - organizing notes from tor launcher automation feature meeting past friday (june 2nd) - should i go to wimlington and hang out for a day? like wednesday maybe. Could be helpful to organize tor launcher automation tasks as well as drl upcoming contract tasks dgoulet Last Week: - SponsorR ticket triage. - Finalized #20657. Heavy testing on the service branch. Also tested along with asn's client branch (#21403). - I've now taken over #21403 until further notice from asn. - Review of #22460 and #22466. - Bad relays world needed me again... - Test network updates and poking unresponsive operator. - Helped with the new TROVE this morning taking armadev work and putting it in commits. This week: - Preparing for Wilmington meeting. - prop224 client implementation (#21403).

1 0

May 2017 Report for the Tor Browser Team
by Georg Koppen 05 Jun '17

05 Jun '17

Hi! In May we made an alpha release, Tor Browser 7.0a4[1], mainly to test the progress we made in our transition to Tor Browser based on Firefox ESR 52. Highlights in this release were stability improvements, binding permissions to the first party domain in the URL bar, and neutering various new and old fingerprinting vectors. For users with a 64bit Linux system Selfrando support got added which was one of our main security enhancements that lived in the hardened series previously. We'll evaluate this defense in our alpha series over the coming releases and hope we can ship it soon in our stable series as well. Apart from doing release work we focused on getting Tor Browser 7.0 more stable, fixing our test suites[2], and on making our build system faster and more scalable. Switching our official nightly builds to using rbm, our new reproducible builds manager, got delayed, unfortunately, but we continued to fix bugs in it as we found them[3] and hope to get to the transition during June eventually. The full list of tickets closed by the Tor Browser team in May is accessible using the TorBrowserTeam201705 tag in our bug tracker.[4] For June we plan to release Tor Browser 7.0 and move onto the Firefox ESR 52 train, finally. We expect some fallout from that and will address the major issues as fast as we can while we are finishing the remaining items for the 7.0 transition[5]. We plan to continue our build system improvements and get back to integrating our Panopticlick instance into our Q&A environment as a top priority[6]. Furthermore, we'll start upstreaming our newly written patches to Mozilla and plan to create new ones for outstanding tracking and fingerprinting defenses. All tickets on our radar for this month can be seen with the TorBrowserTeam201706 tag in our bug tracker.[7] Georg [1] https://blog.torproject.org/blog/tor-browser-70a4-released [2] https://trac.torproject.org/projects/tor/ticket/21982 [3] E.g. https://trac.torproject.org/projects/tor/ticket/22444 [4] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [5] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… [6] https://trac.torproject.org/projects/tor/ticket/6119 [7] https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam2017…

1 0

May 2017 Transifex report
by Colin Childs 05 Jun '17

05 Jun '17

Hi everyone, Below is the monthly Transifex report for May, 2017: ### Report Attached are daily, weekly and monthly translation graphs. The Y axis is "source words". 13.41K source words 3,317 collaborators 154 languages 42 Project resources 3 languages at 100% completion (across all 42 project resources): French (fr) French (Canada) (fr_CA) Spanish (es) -- Colin Childs Tor Project https://www.torproject.org Twitter: @Phoul

1 0

Notes from June 1 2017 Vegas team meeting
by Karsten Loesing 05 Jun '17

05 Jun '17

Notes for June 1 2017 meeting: Nick: * Doing huge triage of old tickets. Closing approx 1/3. Labeling the others. * We're investigating and closing bugs in 0.3.0 and 0.3.1. Maybe our LTS process for 0.2.9 has made us get less testing on 0.3.0? Needs investigation and thinking. * Blog seems good in spite of initial hiccups. * Need to decide whether we're done with sponsor 4 work. Deliverables are open-ended enough we could declare victory now, or do more. Probably there will be bugs discovered, and it would be good to be able to bill for fixing them. Could use advice. A: Do not actually call it done until _at least_ we have metrics and a writeup. We don't agree about bugfixes. TODO: We should get another OTF proposal for core Tor work on our radar, since Nov 30 is coming up sooner than we think. * Transitioning towards sponsor-8 (DRL next) work on mobile performance: I need to poke my team. I've been putting "sponsor8-maybe" on old tickets as I go. * Question for Shari/Isabela: how is network team hire going? * Talking to Museum of Science people today. Discussion: Do we have a plan? A: Biella will lead; Alison has ideas. Roger: At the community team meeting yesterday, I suggested that maybe we should move closer to having a support portal, without waiting for sponsor to finish making its decision. I know that would not include all of the automated search, good website design, etc that we want to do. But it could help users now. Good idea / bad idea? The plan: we're going to suggest that the community team set up a wiki page with their current questions and answers, so they can get some testing with real users and so they can benefit users. Then we'll see if that's enough and adapt as needed. Question: Have we sent out Montreal invites? Or personalized save-the-dates? Answer: Alison and Shari are going to do an initial draft of an invite list, with help after that from Roger, so we can move things forward. In particular, this time around we should separate "is invited" from "is offered travel funding", because we can't afford to fund travel for all the people we would be pleased to see there. What is the integration plan for the potential new communications director? How should we help? Answer: Shari is going to lead making sure that they get up to speed at the right pace and by talking to the right people at the right times. Georg: * Tor Browser 7.0 preparations; we got delayed a bit but are still on track for getting it out in time * Discussion regarding sandboxing progress on tbb-dev mailing list; how do we proceed? Shari: * Hosting lots of people in Seattle this week and next * Almost certainly giving offer to new Communications Director * Following up with a couple of funders isabela: * In seattle this week - had a meeting on 'state of grants' to identify what areas should be priority for applying to new grants (at least during summer) * Other things I'm doing in seattle - meeting with erin on the new hires, meeting with brad to get invoices out. Working with Tommy to get the metrics updated proposal at the funder form * Organizing meeting for Friday to talk about tor launcher automation. Friday June 2nd 1800UTC at #tor-project irc channel Arturo: * We did a series of tweets to summarise what we know based on OONI data related to internet censorship in Egypt: https://twitter.com/OpenObservatory/status/870066944124366848 (it would be nice to get a retweet on this) [done] * Probe orchestration system is at beta stage and we are testing it with a test app with Nuke: https://github.com/TheTorProject/proteus/releases * Made small improvements aimed at reducing finger-printability of ooniprobe, namely the randomisation of URL testing: https://github.com/TheTorProject/ooni-probe/pull/758 and drafted some text on the measures we currently take on this front and what we can do in the future * Published research report on Internet censorship in Indonesia: https://ooni.torproject.org/post/indonesia-internet-censorship/ (https://blog.torproject.org/blog/state-internet-censorship-indonesia) Mike: * In Seattle this week * Trying to get adaptive padding work usable by researchers before PETS, or sooner (status: the state machine, histogram, and leak-pipe code is all written, as is negotiation. but I need to support specifying new machines in torrc and the consensus still. and do more testing.) * Helping ASN plan the Guard meeting for the week after next Alison: * In Seattle with lots of Tor people this week. * Continuing lots of work on the IMLS grant -- will be wrapping it up next week right before I go on vacation. * On vacation from 8 to 14 June. * Colin completed a lot of new questions and answers for the support portal. * Thinking about Roger's feedback above re: support portal deployment. We should discuss. [this point was answered during arma's time, see his notes above] * This week I am beginning to work on the Community Team roadmap. * Thinking about Montreal meeting todo. We will meet about the schedule next week. * Helped EFF activism team work on their train-the-trainer documents. * Regularly checking in with our Global South contacts. We need to get them meeting invites asap for visas, and we should think about anything else we can do to make attending the meeting more seamless for GS folks. [alison and others in seattle will work on the draft invite list and send to vegas-leads this week] * If you gave me feedback on the membership doc draft, I promise I will look at it and respond soon! We will begin the proposal period after the network team hackfest. Karsten: * Called Sponsor X deliverable 4 done, despite not having written a proposal or patch. Simulations of Laplace noise added to dirreq-stats indicate that this needs more work on the statistics aggregation side. Otherwise we'd risk breaking user number estimates. * Deep into metrics-lib improvements for last remaining Sponsor X deliverable 2 which will bring runtime improvements that many other tools will benefit from as well as interface improvements that will lower the barrier for new users/contributors. Brad: * Shari has approved adoption of Harvest but decisions still need to be made before roll-out * Use of Harvest is encouraged but not required for May or June * Usernames will be used for Harvest accounts

1 0

UX team meeting and UX ticket triaging times set!
by Linda Naeun Lee 02 Jun '17

02 Jun '17

Hi all, The UX meetings will now be held on Wednesdays at 1600 UTC on #tor-project. The UX ticket triaging will be held on Tuesdays at 1500 UTC on #tor-project. I've attempted to automate some email reminders for these events the day before, which may or may not work. We'll see how that goes. Cheers, Linda

1 0

How to have a meeting on IRC + finding a slot for the UX team meeting
by Linda Naeun Lee 02 Jun '17

02 Jun '17

Hey all, What's the right way to go about hosting a reoccurring meeting on irc? I know that other teams have their meetings, and that the channels are used for specific things/we don't necessarily want them to be primarily scheduled with meetings. I'd like to have the UX team meeting on IRC on Wednesdays at 1500 or 1600 UTC, on either tor-dev or tor-project. Would this be okay? Which channel should I use? Thanks, Linda

3 3

UX team monthly summary + Linda's monthly summary
by Linda Naeun Lee 31 May '17

31 May '17

Hi all, UX team: We also restructured our meetings, triaged tickets across components to find UX-related tasks, and started using the #ux-team ticket to triage our tickets across components. I'm very excited about these new processes, since I think they'll be beneficial for organizing UX work in the future. Linda: I made the initial wireframes for all pages and subpages for torproject.org and participated in brainstorming next steps for improving Tor launcher. I also attended Stockholm Internet Forum, worked on organizing the UX team, and spent time talking to volunteers/journalists/researchers. Reflection: I think that the UX team is maturing, with the new processes and organization. This makes me excited, and I also hope to spend less energy organizing and doing more work. While I am also proud to have finished the wireframes for tpo.org and did a lot of work, this month had more travel/outreach interaction than I would have liked. I need to work on balancing that with my work. Cheers,

1 0

Fwd: Thank you!
by Erin Wyatt 30 May '17

30 May '17

Hi everyone! I’ve been helping train a new person at my old job, and I got some Tor Project fan mail to pass along to you. Also, over the weekend I met a couple non-technical people that are totally obsessed with Tor and wanted to send their love as well. <3!!! Thanks, everyone, for all your hard work! People notice and appreciate you! :) -Erin > Begin forwarded message: > > From: Christopher Mounce > Subject: Thank you! > Date: May 29, 2017 at 9:38:05 PM PDT > To: ewyatt(a)torproject.org > > Hi Erin, > > This is Angie's fiancé (Angie from Vartan). I wanted to say thank you for the Tor stickers/webcam covers, and thank you for your work on the Tor Project! > > As a programmer, I've long been interested in how technology can aid anonymity and free speech, and I have a lot of respect for Tor and the team behind it. So when Angie told me her manager was being trained by someone from that team, that was exciting news to hear! Surprising, too -- I didn't realize anyone from Tor was in the Seattle area. > > Hope you had a good Memorial Day weekend, and thank you again for your work! > > Chris Mounce

3 2