- tor-project - lists.torproject.org

The Tor Project's priorities for the period June to September 2021
by Gaba 15 Jun '21

15 Jun '21

Hi! In the last couple of weeks we reviewed teams priorities for the next few months. We will do this again at the end of September. I'm sending this mail for transparency on what the Tor Project is focus on right now. # General priorities for the Tor Project performance network health moving tor from C to Arti improving censorship circumvention usability Work board: https://gitlab.torproject.org/groups/tpo/-/boards # Applications 1. V2 Deprecation UI/UX 2. about:torconnect 3. Desktop ESR Transition - starts in July 4. Enable HTTPS-Only Mode 5. Integrate libhttps-everywhere-core (replacing https-everywhere webextension) - tor-browser#40458 6. Go/Rust/Java dependency resolution: how to resolve dependencies ahead of time. 7. improve bridge selection in tor browser Work board: https://gitlab.torproject.org/groups/tpo/applications/-/boards # Core 1. security fixes 2. tor network performance - shadow experiments - congestion control 3. arti - margot things for network health team - shadow simulations should be possible with arti 4. CI with follow up with sysadmin teams 5. HS v2 deprecation - Onion Balance for V3: Multi-service support. Possibly to reduce memory consumption to avoid having to run multiple instances. 6. Shadow v2 will come out in this period. 7. Update the fallbackdirs list Work board: https://gitlab.torproject.org/groups/tpo/core/-/boards # Network Health 1. Run the "bad hsdir" hunter scripts and other bad-relay detection scripts. 2. Deploy sbws on all bandwidth authorities replacing Torflow and fix critical issues 3. Various work within our performance and scalability project 4. Support for researchers for network experiments 5. Integrate metrics into network-health 6. bad-relay tooling improvements 7. Improve user support for relays operators 8. Handle EOL relays 9. sbws2 10. Start accumulating a list of metrics we want to have from arti-based relays 11. Map out possible plans for quantifying and improving our trust in relays/operators 12. Surprise 'anomaly analysis' on the network as needed Work board: https://gitlab.torproject.org/groups/tpo/network-health/-/boards # Anti-Censorship 1. Better bridge distribution strategies (e.g. Conjure, Salmon) 2. Make GetTor more reliable and reduce maintenance burden 3. Rewrite gettor in Go to include it in rdsys 4. Complete integration of bridgedb into the more general rdsys 5. Improve the performance of Snowflake for users in Asia 6. Provide more feedback to users that run Snowflake proxies 7. Tor reachability from various countries Work board: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards # TPI Websites 1. Donations page redesign 2. Improve bridges.torproject.org 3. Remove outdated documentation from the header 4. Migrate blog.torproject.org from Drupal To Lektor 5. Support forum 6. Developer portal 7. Get website build from jenkins into to gitlabCI for the static mirror pool (before December) 8. Maintenance tasks: - Bootstrap upgrade - browser documentation update - get translation stats available - rename 'master' branch as 'main' - fix wiki for documentation - get onion service tooling into tpo gitlab namespace Work board: https://gitlab.torproject.org/groups/tpo/web/-/boards # Tor Project Administrators Priorities: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/roadmap/2021 Work board: https://gitlab.torproject.org/tpo/tpa/team/-/boards/117 # User Experience 1. Tor Browser 10.5 > V2 Onion Services Deprecation. 2. Tor Browser 10.5 > Improving connecting to Tor. 3. Tor Browser 10.5 release, 11.0 planning. 4. User Research > Reporting Tor Browser survey from Q1/Q2 2021. 5. Working with net on arti DX. 6. Working with applications on enabling HTTPS-Only Mode. 7. Working with circumvention on improving bridges.torproject.org. 8. Working with community on publishing peers material in community.torproject.org. 9. Working with community on Tor Documentation Hackathon. 10. Working with community on support.torproject.org. 11. Working with fundraising on donate.torproject.org. 12. Working with web on dev.torproject.org. 13. Working with comms on social media suppport. Work board: https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… # Community Team 1. Organize Tor facilitators meetup with human rights defenders and partners in Latam and East Africa. 2. Release the new Community section with Tor training resources. 3. Work with Outreachy intern to help Tor users and delivery user monthly feedback report to Tor Browser developers and other teams. 4. Organize the 3rd #DocsHackathon to update Tor websites and user support documentation. 5. Work on the new support forum and blog comments platform with UX, Web, and TPA team. 6. Contributing with Comms team on contents and campaigns related to our community, mission, and values. 7. Contact and build partnerships with new human rights defenders organizations in the Global South. 8. Localize the new donate.torproject.org website. 9. Follow up #KeepItOn and Stop Stalkerware coalitions work and campaigns. 10. Monthly Tor localization hangout with translators. 11. Meet with Tor relay associations and relay operators for Network Health team & research. 12. Build stats and automation for localization and Tor websites. 13. Publish reviewed translations to the websites and Tor Browser. Work board: https://gitlab.torproject.org/groups/tpo/community/-/boards cheers, gaba

1 0

L10n Monthly Hangout this Friday June 18th!
by emma peel 15 Jun '21

15 Jun '21

Hello everybody: Prepare yourself for this Friday June 18th Localization Hangout! We are going to go through the priorities of translation for the Tor Project, solve doubts, share localization tricks and tools, favorite translation music, funny anecdotes, long held questions... We are starting at 12 UTC on the chat, and we will have a BBB call as well, at 13 UTC. More information and how to join: https://gitlab.torproject.org/tpo/community/l10n/-/wikis/Monthly-Tor-Locali… emmapeel Localization Coordinator Tor Project

1 0

Onionoo 8.0-1.26.0 released
by Iain R. Learmonth 15 Jun '21

15 Jun '21

Hi, I have released Onionoo 8.0-1.26.0. Onionoo is a web-based protocol to learn about currently running Tor relays and bridges. Onionoo itself was not designed as a service for human beings—at least not directly. Onionoo provides the data for other applications and websites which in turn present Tor network status information to humans. The latest changes: Medium changes * Use IPFire geolocation database instead of MaxMind. * Fix inconsistencies between ASN/GeoIP/rDNS lookups in summary and details documents. * Decode percent-encoded characters in the search parameter in the same way as in the other parameters. * Stop decoding a + sign to a space character in any of the parameters. Minor changes * Simplify logging configuration. * Set default locale US and default time zone UTC at the beginning of the execution. * Update to metrics-lib 2.17.0. You can find the release at: https://dist.torproject.org/onionoo/8.0-1.26.0/ You can find the sources at: https://gitlab.torproject.org/tpo/metrics/onionoo/-/tree/onionoo-8.0-1.26.0 Thanks, Iain.

1 0

metrics-lib 2.17.0 released
by Iain R. Learmonth 15 Jun '21

15 Jun '21

Hi, I have released metrics-lib 2.17.0. metrics-lib, which also goes by the name DescripTor, is a Java API that fetches Tor descriptors from a variety of sources like cached descriptors and directory authorities/mirrors. The DescripTor API is useful to support statistical analysis of the Tor network data and for building services and applications. This release is the sum of over 9 years of development, with the latest changes: Medium changes * Detect GeoIP files automatically by filename. Minor changes * Update to Apache Commons Logging 1.1.3. You can find the release at: https://dist.torproject.org/metrics-lib/2.17.0/ You can find the sources at: https://gitlab.torproject.org/tpo/metrics/library/-/tree/metrics-lib-2.17.0 Thanks, Iain.

1 0

Updated Tor Browser Signing Key
by Matthew Finkel 14 Jun '21

14 Jun '21

Hello everyone, The Tor Browser OpenPGP signing key expired on 12 June. We extended the expiration of the subkey again, due to the pandemic. We hope this is the last time that will be necessary. The valid key should be available from keys.openpgp.org now. The key is attached, as well.

1 0

Anti-censorship meeting notes, 10 June 2021
by Cecylia Bocovich 10 Jun '21

10 Jun '21

Hi everyone, Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-06-10-16.00.html and our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday June 10th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Announcements == No announcements this week == Discussion == - @meskio: you're working on gettor; are you in touch with the component that uploads to https://archive.org/details/@gettor ? dcf thinks the way files are organized in those uploads is unusual. - https://blog.archive.org/2011/03/31/how-archive-org-items-are-structured/ - https://gitlab.torproject.org/tpo/anti-censorship/gettor-project/gettor/-/b… - Currently there's one file per item; it could be multiple files in each item. - Could be one item per release: torbrowser-10.0.14 - Or one item per release-arch: torbrowser-10.0.14-win64 - Direct download links can point to the single files within the item that they need, e.g. https://archive.org/download/torbrowser-10.0.14/torbrowser-install-win64-10… - It would be good to get a second opinion from anarcat. == Actions == No actions this week == Updates == cecylia (cohosh): last updated 2020-06-10 Last week: - opened core/tor#40406 to discuss how we use the BridgeDistribution option in Tor - FOCI reviews and PC meeting - deployed a new version of the snowflake broker - made progress on implementing support for vanilla bridges in rdsys (rdsys#38) - following OONI's work on integrating snowflake and obfs4 - anti-censorship team roadmapping and issue triaging - working on a snowflake blog post for the 10.5 release - worked on making the moat-shim deployment more secure This week: - work on rdsys#38 as a prereq for rdsys#12 - work on bridgedb#32276 deployment - follow up on arlo's snowflake broker work Needs help with: arlolra: 2021-06-10 Last week: - More snowflake!39 Next week: - Maybe get back to snowflake-webext #10 Help with: - snowflake !39 dcf: 2021-06-10 Last week: - commented on broker components https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: Help with: agix:2021-06-10 Last week: -Busy with university stuff Next week: -Work on bridgebox for rdsys -More research on httpt #4 Help with: - maxb: 2021-06-03 Last week: - Made some improvements to github.com/max-b/nat-testing for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Now have separate containers for each piece along w/ a reasonably simulated network topology - Got really good feedback from cohosh as always Next week: - Make config fixes cohosh suggested - Implement alternative NAT types - Add testing wrapper w/ "pass/fail" conditions meskio: 2021-06-10 Last week: - debian package snowflake included in the debian go-team (looking for a mentor) https://salsa.debian.org/go-team/packages/snowflake - getting to learn the insides of gettor - start rdsys email implementation Next week: - MVP of gettor rewrite in rdsys (rdsys#32) Help with: -

1 0

UX team monthly meeting notes, June 8th
by Antonela D 08 Jun '21

08 Jun '21

Hello, == Monthly User Experience Team Meeting == Open IRC meetings happen monthly on the first Tuesday of the month at 1400 UTC in #tor-meeting on OFTC. The next meeting will be held on Tuesday July 13th at 1400 UTC in #tor-meeting on OFTC. Here are the minutes for the meeting of June 8th: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-06-08-14.00.log… Here are the minutes for the meeting of May 11th: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-05-11-14.00.log… Here are the minutes for the meeting of April 6th: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-04-06-13.58.log… Here are the minutes for the meeting of March 2nd: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-03-02-13.58.log… *--------------------------* *Tuesday June 8th 14:00 UTC* *--------------------------* == What projects are we working on? == S9 - Usability and Community Intervention on Support for Democracy and Human Rights - https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… []=Sponsor%209&label_name[]=UX S28 – Survey reporting for "Get more alpha users of Snowflake" - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… S30 - Empowering Communities in the Global South to Bypass Censorship - https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… []=Sponsor%2030&label_name[]=UX S103 – Collaborative ResistancE to Web Surveillance (CREWS) - https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… []=Sponsor%20103 == Announcements == * Tor Browser 10.0.16 Release: - https://blog.torproject.org/new-release-tor-browser-10016 * Tor Browser Alpha 10.5.a15 for Release: - https://blog.torproject.org/new-release-tor-browser-105a15 * V2 Onion Services deprecation: - https://twitter.com/torproject/status/1388905624847757315 == Agenda == 1. Snowflake Report Published (duncan) https://gitlab.torproject.org/tpo/ux/research/-/raw/master/reports/2021/pub… 2. TB 10.5 Alpha release on June 7th week?, call for testing (antonela) https://gitlab.torproject.org/tpo/ux/research/-/issues/41 3. donate page? donate page! (duncan) https://gitlab.torproject.org/groups/tpo/-/milestones/22 4. UX team roadmapping (antonela) 5. Status update about Feedback Collection Fund (josernitos) == Open Call for User Research == Find out how to contribute to the UX team: https://community.torproject.org/user-research/how-to-volunteer/ Thanks! A -- Antonela Debiasi UX Team Lead torproject.org @antonela E2330A6D1EB5A0C8

1 0

Anti-censorship team monthly report: May 2021
by Cecylia Bocovich 08 Jun '21

08 Jun '21

Hi everyone! This is what we've been up to in May! May 2021 monthly report Snowflake ========= * Snowflake now implements the PTv2 Go API specification https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Fixed a goroutine leak causing memory problems in the Snowflake server https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Fixed a CPU issue with Snowflake on the probetest service https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Improved our standalone proxy setup documentation https://gitlab.torproject.org/tpo/web/community/-/issues/203 BridgeDB ======== * Send QR codes for bridges over email https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40008 * Have BridgeDB distribute obfs4 bridges by default https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40011 * Fix an HTML injection vulnerability in the HTTPS distributor https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40014 * Setup Gitlab CI https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40012 Other ===== * meskio has joined our team as a new full-time anti-censorship developer! * We posted a report on the censorship of Tor in Belarus: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/blo… * We're starting work on a new Conjure PT for Tor! https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/9 https://censorbib.nymity.ch/pdf/Frolov2019b.pdf

1 0

Outreachy Intern Introduction
by Kulsoom Zahra 04 Jun '21

04 Jun '21

Greetings everyone! My name is Kulsoom Zahra (she/her). I'm from India. I'm happy to share that I've been selected as an Outreachy Intern for the May-Aug 2021 corhot! Project - Help Tor Project support our users Mentored by Gus I developed interest into privacy and digital security long back and heard of Tor. Being actually a part of the project is undoubtedly an overwhelming experience! I'm exicted to learn and grow with the community. My nickname on IRC is kulsoom_z. Regards, Kulsoom Zahra

2 1

Anti-censorship meeting notes, 03 June 2021
by Cecylia Bocovich 03 Jun '21

03 Jun '21

Hey everyone, Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-06-03-16.00.html and our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday June 3rd 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == Our anti-censorship roadmap: Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards The anti-censorship team's wiki page: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home Past meeting notes can be found at: https://lists.torproject.org/pipermail/tor-project/ Tickets that need reviews: from sponsors we are working on: All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… Sponsor 30 https://gitlab.torproject.org/groups/tpo/-/milestones/4 https://gitlab.torproject.org/groups/tpo/-/milestones/7 https://gitlab.torproject.org/groups/tpo/-/milestones/5 https://gitlab.torproject.org/groups/tpo/-/milestones/6 Sponsor 28 must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… Public bug-reporting pad: https://pad.riseup.net/p/tor-anti-censorship-bugs-keep <-- we have anonymous tickets handling now. Let's see which anti-censorship repos to include. == Announcements == we're starting to work on a Conjure PT for Tor == Discussion == produce snowflake releases need signed git tags (tags also useful for go modules) and a documented release process tarballs not necessary, for debian at least == Actions == add to the monthly report: https://pad.riseup.net/p/gzx2ELX_6sFoh_8Xsw77 == Interesting links == == Reading group == We will discuss "" on Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2020-06-03 Last week: - fix HTML injection issue with bridgedb (bridgedb#40014) - update version of snowflake in Tor Browser (tor-browser-build#40302) - worked on s28 deliverables - revised and merged snowflake!36 - reviewed snowflake!40 - wrote up a detailed plan on how to integrate bridgedb with rdsys (rdsys#12) - created some new issues for rdsys work - gave feedback to NAT testbed (snowflake#25595) This week: - more performance investigations for snowflake#40026 - work on rdsys#38 as a prereq for rdsys#12 - work on bridgedb#32276 deployment - follow up on arlo's snowflake broker work - work on a blog post for the snowflake release in TB stable Needs help with: arlolra: 2021-05-20 Last week: - Next week: - Maybe more !39 Help with: - !37 - !39 dcf: 2021-06-03 Last week: - main branch name change in goptlib and meek https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/6 - more review of Snowflake JSON rendezvous https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - made a ticket to upgrade snowflake bridge for tor security fix https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: Help with: Antonela: 2020-08-27 This week: agix:2021-06-03 Last week: -Busy with university stuff Next week: -Work on bridgebox for rdsys -More research on httpt #4 Help with: - hanneloresx: 2021-3-4 Last week: - Submitted MR for bridgestrap issue #14 Next week: - Finish bridgestrap #14 - Find new issue to work on Help with: - maxb: 2021-06-03 Last week: - Made some improvements to github.com/max-b/nat-testing for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Now have separate containers for each piece along w/ a reasonably simulated network topology - Got really good feedback from cohosh as always Next week: - Make config fixes cohosh suggested - Implement alternative NAT types - Add testing wrapper w/ "pass/fail" conditions meskio: 2021-06-03 Last week: - debian package snowflake client and proxy (snowflake#19409) - getting acquaintanced with gettor and rdsys Next week: - gettor rewrite in rdsys (rdsys#32) Help with: - HashikD: 2021-01-22 This week: - Next week: - Help with: -

1 0