- tor-project - lists.torproject.org

I posted our 2015 financials
by Roger Dingledine 22 Apr '17

22 Apr '17

You can read much more here: https://blog.torproject.org/blog/transparency-openness-and-our-2015-financi… Also, Linus has published some of our core corporate documents, like the Articles of Organization from founding the organization, our Form 1023 where we applied for non-profit status, and our IRS determination letter where they confirmed it. You can see those here: https://gitweb.torproject.org/company/policies.git/tree/corpdocs Yay transparency, --Roger

1 0

Fwd: April 2017 Report for Tor Bridge Distribution
by isis agora lovecruft 22 Apr '17

22 Apr '17

Hi! Here is a copy of my status report for the month of April, as sent to OTF just now. (It's sent today because this is the last day of my OTF Project funding.) ----- Forwarded message from isis agora lovecruft <isis(a)patternsinthevoid.net> ----- > From: isis agora lovecruft <isis(a)patternsinthevoid.net> > Subject: April 2017 Report for Tor Bridge Distribution > Date: Fri, 21 Apr 2017 20:20:18 +0000 > Message-ID: <20170421202018.GB4452(a)patternsinthevoid.net> > To: otf-projects(a)opentechfund.org, otf-active(a)opentechfund.org > Cc: isis agora lovecruft <isis(a)patternsinthevoid.net>, Henry de Valence <hdevalence(a)hdevalence.ca> > > Hello, > > The following progress was made in April 2017: > > - We redesigned some parts of our protocol, specifically with the aim of > improving user experience and making it easier to design user interfaces > for it, i.e. making the proofs about the credentials smaller. > > - We released a provisional draft of our social bridge distribution > protocol, now called Hyphae, including implementation and design notes. [0] > > - We designed a RESTful API for Tor Browser to use to automate requests for > bridges and reporting that bridges are blocked (cf. Appendix B of [0]). > > - We set up a meek-server for BridgeDB, a new Google developer account, and > an AppEngine meek reflector, in order to allow automated requests to the > new distributor be made in a censorship-resilient manner. [1] > > This is our final report for this project. We are incredibly thankful to > OTF for their support, both financial and in terms of the wonderful > community of fully excellent people they have worked so hard to establish > and maintain. As always, we're happy to help ongoing and future OTF > projects acheive their goals in the future. Also happy to just chat with > any of you any time. Thanks! <3 > > [0]: https://lists.torproject.org/pipermail/tor-dev/2017-April/012221.html > [1]: https://bugs.torproject.org/16650 > > Best regards, > -- > ♥Ⓐ isis agora lovecruft > _________________________________________________________ > OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35 > Current Keys: https://fyb.patternsinthevoid.net/isis.txt ----- End forwarded message ----- -- ♥Ⓐ isis agora lovecruft _________________________________________________________ OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35 Current Keys: https://fyb.patternsinthevoid.net/isis.txt

1 0

Notes from April 13 2017 Vegas team meeting
by Karsten Loesing 21 Apr '17

21 Apr '17

Notes for April 13 2017 meeting: Nick: 1) I'll be away from IRC next week, but hacking as time permits 2) Network-team development continues apace 3) worked with Isa on roadmap 4) worked with Roger/asn on SponsorM-catalyst coordination Roger: =====Ongoing issues we should be aware of: 1) The russian exit relay operator 2) Khazakstan's dpi censorship (Allot) has spread to Azerbaijan. Also Turkey continues to block Tor quite well and we don't know how. How do we make progress there? 3) Snowflake development could use some attention. 4) Fastly blog post and renew =====Stuff for individual people: 5) Fyi, MIT has blackholed all of riseup. (Fixed as of a week later.) 6) Who is leading: Sida follow-up? 7) Who is leading: Choosing people for DRL implementor's meeting? 8) Working with Nick on "censorship stuff Catalyst could work on" 9) Working with Griffin on "posting our 2015 990 soon" 10) Working with Isabela on "nsf point people from the network team" 11) Working with Linus on posting the corporate documents Shari: 1) Met with Mozilla last week and following up this week or early next week. 2) Talked about some AMS feedback with Biella and Linus. 3) Checking in with Jon about Montreal plans. 4) Scheduling trip to NY for Netgain meeting. Making plans to meet lots of folks while I'm there. 5) Reviewing resumes for writer applicants and doing screening interviews with Erin. 6) Interviewing/talking with a couple of people for CommDir position. Georg: 1) We are busy with preparing the new stable and first alpha release (based on esr52) 2) I started to move our bug bounty program forward again Isabela: 1) One last thing with ISC - changes on milestone 3 2) Following up on the roadmaps/dependencies things - emails to teams are going out today 3) be off tomorrow all day 4) interviewing for comms dir 5) hiro is pretty much ready with a gitlab instance for network team to try out (migrate out of trac project) / she is also digging into the blog upgrade/migration work 6) Linda is working on the website redesign project - check her list for this month at the ux team roadmap: https://storm.torproject.org/shared/sphA6vPmW1ZI4owe0kPRRukQu3T_lvADnmnZCuH… Mike: 1) Met with Mozilla last week 2) Distracted by taxes this week Karsten: 1) Got the funding proposal in shape for Cass to turn it into real English next week. 2) Worked more on simulation of directory-request statistics with Laplace noise with mixed results. 3) Got 3 OnionPerf instances up and reporting useful measurements. 4) Preparing to go on vacation starting tomorrow night until next Friday morning. (Somebody else will have to send these notes if they're supposed to go out on Monday, otherwise they'll go out next Friday.) 5) Started a vote on the social contract, almost started another one for community council membership. Arturo: 1) We released ooniprobe 2.2.0 that includes the new web UI: https://github.com/TheTorProject/ooni-probe/releases/tag/v2.2.0 2) We wrote a blog post with some of events we attended in the past months: https://ooni.torproject.org/post/ooni-iff-rightscon/ 3) We wrote a blog post for a Brazilian newsletter (not yet published) 4) We are coordinating with people in DRC (Congo) to monitor ongoing possible censorship events due to current protests 5) Updated test lists for Azerbaijan and Venezuela following reports from people informing us of censorship events in the countries

1 0

Citizen Lab Summer Institute 12-14 July in Toronto-- deadline tomorrow!
by Alison 20 Apr '17

20 Apr '17

Apologies for the last minute notice, but I just found out about this and thought maybe folks on this list might want to cobble together a last minute application. >From their website: "The Citizen Lab Summer Institute (CLSI) is a meeting place for researchers and practitioners from academia, civil society, and the private sector who are working on Internet openness, security, and rights. It brings together perspectives from a wide range of backgrounds across technical and social science disciplines. Participants range from established experts to those just entering the area." https://citizenlab.org/summerinstitute/2017.html

1 0

Weekly UX meeting on Jitsi!
by Linda Naeun Lee 20 Apr '17

20 Apr '17

Hi all, We're meeting weekly on https://meet.jit.si/TorUX on Mondays at 15:00 UTC. Currently, it's going to be discussions about redesigning the website. Feel free to listen in on what is going on, if you are curious.

2 4

Fwd: Tor Research - Re: Weekly UX meeting on Jitsi!
by Linda Naeun Lee 20 Apr '17

20 Apr '17

Hello UX meeting-y people (and I've cc'ed tor-project as well, if anyone wants to give me their two cents): I have gotten an unusual request--a researcher wants to observe us. Are there guidelines on this sort of thing? My immediate gut reactions is: well, this is technically a public channel but having someone observe us and participating are different. And as a researcher, I know that people being aware that they are being observed cause them to act differently versus when they are unaware anyway (not that he shouldn't have asked for consent, he definitely should have). What are your thoughts? ---------- Forwarded message ---------- From: COLLIER Ben <s1263350(a)sms.ed.ac.uk> Date: Wed, Apr 12, 2017 at 7:10 AM Subject: Tor Research - Re: [tor-project] Weekly UX meeting on Jitsi! To: "linda(a)torproject.org" <linda(a)torproject.org> Dear Linda, I hope that this finds you well. I'm a doctoral researcher at the University of Edinburgh currently researching the Tor Project and the broader Tor community - in particular my research seeks to explore how antisurveillance tech communities discuss and express values through design processes. I've been conducting some initial interviews with members of the Tor community and I was hoping to carry out some online research - in particular sitting in on a couple of discussions like the one on Jitsi mentioned in your email below. In terms of meetings like this one, or on Tor Project's IRC channels, do you think it would be possible for me (with the consent and knowledge of participants) to observe and include these in an anonymised form in the research? If so, I'm very keen to conduct these in a mindful and respectful way, and to minimise any disruption, and would be happy to discuss the best way to do this in this particular case. I would also be very happy to feed back and discuss my findings with participants and the wider community once the research is complete. I'm also absolutely happy to answer any questions or discuss any concerns which you or any other member of the team have about my research. Very best, Ben Collier Twitter: @JohnnyHistone Scottish Centre for Crime and Criminal Justice Research: http://www.sccjr.ac.uk/about-us/people/ben-collier/ Edinburgh University PhD Student Profile: http://www.law.ed.ac. uk/research/students/viewstudent?ref=339 PhD Blog: https://bencollierblog.wordpress.com/ ------------------------------ *From:* tor-project <tor-project-bounces(a)lists.torproject.org> on behalf of Linda Naeun Lee <linda(a)torproject.org> *Sent:* 11 April 2017 20:22:14 *To:* tor-project(a)lists.torproject.org; ux(a)lists.torproject.org *Subject:* [tor-project] Weekly UX meeting on Jitsi! Hi all, We're meeting weekly on https://meet.jit.si/TorUX on Mondays at 15:00 UTC. Currently, it's going to be discussions about redesigning the website. Feel free to listen in on what is going on, if you are curious. The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.

3 4

Post Doctoral Fellow Position (Australia)
by teor 20 Apr '17

20 Apr '17

Hi All, My employer is advertising the following position, which closes 23 April 1200 AEST (0300 UTC): The University of New South Wales Australian Centre for Cyber Security (ACCS) is seeking a Post-Doctoral Fellow on a 2-year contract. The position is open to candidates working in cyber security or any related area. This includes, but is not limited to machine learning, AI, knowledge management, simulation, privacy, or any area that can be applied to cyber security. For more information, including salary, benefits and potential duties, please see the following: https://www.unsw.adfa.edu.au/post-doctoral-fellow-australian-centre-cyber-s… The University of New South Wales is international well-respected, and consistently within the World Top 100 rankings. The Australian Centre for Cyber Security (ACCS) is a focal point for the research of some 60 scholars from various faculties across UNSW who conduct research work on different aspects of cyber security. The Centre is based in Canberra at the Defence Force Academy that provides both advanced research as well as undergraduate and graduate education on cyber security. ACCS serves as a national hub for policy related research and education across the full spectrum of cyber security (hardware, software, payload, networks, policy, human factors, organizational factors and the information ecosystem). ACCS offers five distinct Masters programs, an undergraduate program and supervisors a number of doctoral candidates within their research programs. -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------

1 0

Network team meetings notes from 17 April 2017
by isabela 20 Apr '17

20 Apr '17

Hi! Our meeting transcript is at http://meetbot.debian.net/tor-dev/2017/tor-dev.2017-04-17-17.01.html Below our status report from this week =========== ahf: Last week: - Short week due to easter in DK Thursday + Friday. - Finished cleaning up the patches for #21662, #21663, #21664. - Started uploading patches for #21662 + #21663 + #21664 to https://gitlab.com/ahf/tor/tree/prop278/21663 for review. Should be done tonight Danish time. - All the dirty code, except streaming support, is in https://gitlab.com/ahf/tor/tree/bugs/21663 This week: - Going to work on reviewing Nick's consdiff code. - Figure out a sensible upper bound for the LZMA code. (#21665) - Add the missing header code for Prop#278 to the directory code (#21667) catalyst: - last week was mostly house-hunting in Wisconsin with spouse - week before that, refactored some baseNN code - deleted some base64 code (nopad stuff) - still a fair amount of work to do in that space, will try to outline some recommendations when i get a chance - started to look at anti-censorship stuff (sponsorM) isis: Last week: - finished specification (first draft) of social bridge distributor - talked over some parts of draft with other cryptographers - finished up some loose ends of OTF contract This week: - Finish setting up the meek tunnel to BridgeDB - Sketch out notes on UX ideas for Linda - Sketch out API for TBB team - Close out OTF contract on Friday asn: Last week: - Busy on #21859 which is gonna be used both by service and client-side of prop224 - Reviewed various HS groundwork tickets - Helped collect PT/censorship tasks that must be done on the short-term - Tried to do some extra validation of ed25519 pubkeys based on discussion with Ian. Failed. This week: - More work on e2e circuit stuff #21859 - More work on implementing the validation required for ed25519 keys Mike: Last week: - Distracted by taxes and not feeling well This week: - Will fix up #16861 and rebase Adaptive Padding patches onto it - Further Adaptive Padding work pastly: - tentative amazing results from very large kist network simulation - more simulations in progress to confirm results - paper written and submitted by May 2nd - lots of progress implementing flexible scheduler selection - added preprocessor stuff to disable kist if it is impossible to run (like on windows/osx) questions: - is a consensus param desired to set UseKIST network-wide? - if so, how do? pointers to code that does something similar? ["Yes; see use of networkstatus_get_param()". -nick] Isabela - sent out sponsor 4 march report - start prepping for team roadmap/dependecy tracking exercise Nick - Reviewed lots of prop224 backend code. - Finished "consdiffmgr" branch, which is the server-side backend for prop140. Now under review. - This week: on vacation! I'll be reviewing code, not a lot more. dgoulet - prop224 backend work with #21888 - hidden service, hidden service, hidden service

1 0

Re: [tor-project] meek-azure funding has run out
by Sina Rabbani 20 Apr '17

20 Apr '17

Dear Team, I have good news, Rabbi Rob Thomas (robt(a)cymru.com) is going to cover the costs associated with keeping meek alive. So far I have setup 2 new accounts with Amazon and Azure and working to confirm the functionality. https://d183ohpl22nq2f.cloudfront.net/ https://meek.azureedge.net/ Cloudfront is working fine and i'm trying to resolve issues with the Azure CDN. Is there a ticket I can update with these details? I think I should also bring up a backend server (bridge) and share the new config lines for the Tor Browser Bundle. I'm hoping to get all this done by Monday or sooner. Thank you David for keeping this service operational for so long and thank you Rob for keeping it alive! All the best, Sina "Be the change that you wish to see in the world." - Mahatma Gandhi ----- On Jan 19, 2017, at 2:17 AM, Yawning Angel yawning(a)schwanenlied.me wrote: > On Mon, 9 Jan 2017 20:08:03 -0800 > David Fifield <david(a)bamsoftware.com> wrote: > >> On Mon, Jan 09, 2017 at 03:06:17PM -0800, Shari Steele wrote: >> > Hey David. >> > How much money do we need for 2017? >> >> The total for meek-azure November 2015 to November 2016 was $6290.69, >> or about $525 a month on average. I believe it could go 2× or higher >> if we relaxed rate limits. meek-amazon is higher, $13756.30 or >> $1150/month over the same time period. > > Has there been any progress on finding alternative funding for this? > dcf's comments on trac indicate "no", which would be unfortunate. > > -- > Yawning Angel > > _______________________________________________ > tor-project mailing list > tor-project(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

7 12

Community team meeting report 19 April
by Alison 20 Apr '17

20 Apr '17

Hi everyone, The Community Team has started using MeetBot for better meeting logs and reporting. Here's our MeetBot log for today's meeting: http://meetbot.debian.net/tor-project/2017/tor-project.2017-04-19-18.01.log… Alison

1 0