- tor-project - lists.torproject.org

minutes from the sysadmin meeting
by Antoine Beaupré 17 Jun '21

17 Jun '21

Hi everyone! Two new sysadmins were hired, so we're holding meetings again! Welcome again to kez and lavamind, who both joined us last week. Here are the minutes from the meeting we held on June 14 and 16. # Roll call: who's there and emergencies * anarcat * gaba * kez * lavamind No emergencies. # Triage & schedules * Introduce the triage system * the "triage star of the weeks" rotates every two weeks * the star triages the boards regularly, making sure there are no "Open" tickets, and assigning tickets or dealing with small tickets * see also [TPA-RFC-5][] for the labeling nomenclature * we were doing weekly checkins with hiro during the handover on wednesday, since we were both part time * work schedules: * j: monday, tuesday - full day; wednesday - partially * kez: flexible - TBD * anarcat: monday to thursday - full day [TPA-RFC-5]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-5-gitlab#… # Communication in the team What is expected? When to bring it in IRC versus email versus ticket? Acknowledgements. * we expect people to update tickets when they work on them * we expect acknowledgements when people see their names mentions on IRC # Short term planning: anarcat going AFK This basically involves making sure our new hires have enough work while they are gone. We reviewed the Doing/Next columns and assign issues in the [TPA board][] and [web board][]. [web board]: https://gitlab.torproject.org/groups/tpo/web/-/boards [TPA board]: https://gitlab.torproject.org/groups/tpo/tpa/-/boards We also reviewed the letter anarcat later sent to `tor-internal@` (private, not linked here). Then the meeting paused after one hour. When we returned on wednesday, we jumped to the roadmap review (below), and then returned here to briefly review the Backlog. We reviewed anarcat's queue to make sure things would be okay after he left, and also made sure kez and lavamind had enough work. gaba will make sure they are assigned work from the Backlog as well. # Roadmap review Review and prioritize: * [yearly TPA roadmap][] * web * [board][] * [priorities][] [yearly TPA roadmap]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/roadmap/2021 [board]: board [priorities]: https://gitlab.torproject.org/tpo/web/team ## Web priorities allocations (sort out by priorities) We reviewed the priorities page and made sure we had most of the stuff covered. We don't assign tasks directly in the wiki page, but we did a tentative assignation pass here: * Donations page redesign (support to Openflows) - kez * Onion Services v2 deprecation support - lavamind * Improves bridges.torproject.org - kez * Remove outdated documentation from the header - kez & gus * Migrate blog.torproject.org from Drupal To Lektor: it needs a milestone and planning - lavamind * Support forum - lavamind * Developer portal - lavamind & kez * Get website build from jenkins into to gitlabCI for the static mirror pool (before December) - kez * Get up to speed on maintenance tasks: * Bootstrap upgrade - lavamind * browser documentation update (this is content and mostly is on gus's plate) gus * get translation stats available - kez * rename 'master' branch as 'main' - lavamind * fix wiki for documentation - gaba * get onion service tooling into tpo gitlab namespace - lavamind ## TPA roadmap review We reviewed the TPA roadmap for the first time since the beginning of the year, which involved going through the first two quarters to identify what was done and missed. We also established the priorities for Q3 and Q4. Those changes are mostly contained in [this commit on the wiki][]. [this commit on the wiki]: https://gitlab.torproject.org/tpo/tpa/wiki-replica/-/commit/5968075c75d4249… # Other discussions No new item came up in the meeting, which already was extended an extra hour to cover for the extra roadmap work. # Next meeting * we do quick checkin on monday 14 UTC 10 eastern, at the beginning of the office hours * we do monthly meetings instead of checkins on the first monday of the month # Metrics of the month Those were sent on June 2nd, it would be silly to send them again. -- Antoine Beaupré torproject.org system administration

1 0

The Tor Project's priorities for the period June to September 2021
by Gaba 15 Jun '21

15 Jun '21

Hi! In the last couple of weeks we reviewed teams priorities for the next few months. We will do this again at the end of September. I'm sending this mail for transparency on what the Tor Project is focus on right now. # General priorities for the Tor Project performance network health moving tor from C to Arti improving censorship circumvention usability Work board: https://gitlab.torproject.org/groups/tpo/-/boards # Applications 1. V2 Deprecation UI/UX 2. about:torconnect 3. Desktop ESR Transition - starts in July 4. Enable HTTPS-Only Mode 5. Integrate libhttps-everywhere-core (replacing https-everywhere webextension) - tor-browser#40458 6. Go/Rust/Java dependency resolution: how to resolve dependencies ahead of time. 7. improve bridge selection in tor browser Work board: https://gitlab.torproject.org/groups/tpo/applications/-/boards # Core 1. security fixes 2. tor network performance - shadow experiments - congestion control 3. arti - margot things for network health team - shadow simulations should be possible with arti 4. CI with follow up with sysadmin teams 5. HS v2 deprecation - Onion Balance for V3: Multi-service support. Possibly to reduce memory consumption to avoid having to run multiple instances. 6. Shadow v2 will come out in this period. 7. Update the fallbackdirs list Work board: https://gitlab.torproject.org/groups/tpo/core/-/boards # Network Health 1. Run the "bad hsdir" hunter scripts and other bad-relay detection scripts. 2. Deploy sbws on all bandwidth authorities replacing Torflow and fix critical issues 3. Various work within our performance and scalability project 4. Support for researchers for network experiments 5. Integrate metrics into network-health 6. bad-relay tooling improvements 7. Improve user support for relays operators 8. Handle EOL relays 9. sbws2 10. Start accumulating a list of metrics we want to have from arti-based relays 11. Map out possible plans for quantifying and improving our trust in relays/operators 12. Surprise 'anomaly analysis' on the network as needed Work board: https://gitlab.torproject.org/groups/tpo/network-health/-/boards # Anti-Censorship 1. Better bridge distribution strategies (e.g. Conjure, Salmon) 2. Make GetTor more reliable and reduce maintenance burden 3. Rewrite gettor in Go to include it in rdsys 4. Complete integration of bridgedb into the more general rdsys 5. Improve the performance of Snowflake for users in Asia 6. Provide more feedback to users that run Snowflake proxies 7. Tor reachability from various countries Work board: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards # TPI Websites 1. Donations page redesign 2. Improve bridges.torproject.org 3. Remove outdated documentation from the header 4. Migrate blog.torproject.org from Drupal To Lektor 5. Support forum 6. Developer portal 7. Get website build from jenkins into to gitlabCI for the static mirror pool (before December) 8. Maintenance tasks: - Bootstrap upgrade - browser documentation update - get translation stats available - rename 'master' branch as 'main' - fix wiki for documentation - get onion service tooling into tpo gitlab namespace Work board: https://gitlab.torproject.org/groups/tpo/web/-/boards # Tor Project Administrators Priorities: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/roadmap/2021 Work board: https://gitlab.torproject.org/tpo/tpa/team/-/boards/117 # User Experience 1. Tor Browser 10.5 > V2 Onion Services Deprecation. 2. Tor Browser 10.5 > Improving connecting to Tor. 3. Tor Browser 10.5 release, 11.0 planning. 4. User Research > Reporting Tor Browser survey from Q1/Q2 2021. 5. Working with net on arti DX. 6. Working with applications on enabling HTTPS-Only Mode. 7. Working with circumvention on improving bridges.torproject.org. 8. Working with community on publishing peers material in community.torproject.org. 9. Working with community on Tor Documentation Hackathon. 10. Working with community on support.torproject.org. 11. Working with fundraising on donate.torproject.org. 12. Working with web on dev.torproject.org. 13. Working with comms on social media suppport. Work board: https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… # Community Team 1. Organize Tor facilitators meetup with human rights defenders and partners in Latam and East Africa. 2. Release the new Community section with Tor training resources. 3. Work with Outreachy intern to help Tor users and delivery user monthly feedback report to Tor Browser developers and other teams. 4. Organize the 3rd #DocsHackathon to update Tor websites and user support documentation. 5. Work on the new support forum and blog comments platform with UX, Web, and TPA team. 6. Contributing with Comms team on contents and campaigns related to our community, mission, and values. 7. Contact and build partnerships with new human rights defenders organizations in the Global South. 8. Localize the new donate.torproject.org website. 9. Follow up #KeepItOn and Stop Stalkerware coalitions work and campaigns. 10. Monthly Tor localization hangout with translators. 11. Meet with Tor relay associations and relay operators for Network Health team & research. 12. Build stats and automation for localization and Tor websites. 13. Publish reviewed translations to the websites and Tor Browser. Work board: https://gitlab.torproject.org/groups/tpo/community/-/boards cheers, gaba

1 0

L10n Monthly Hangout this Friday June 18th!
by emma peel 15 Jun '21

15 Jun '21

Hello everybody: Prepare yourself for this Friday June 18th Localization Hangout! We are going to go through the priorities of translation for the Tor Project, solve doubts, share localization tricks and tools, favorite translation music, funny anecdotes, long held questions... We are starting at 12 UTC on the chat, and we will have a BBB call as well, at 13 UTC. More information and how to join: https://gitlab.torproject.org/tpo/community/l10n/-/wikis/Monthly-Tor-Locali… emmapeel Localization Coordinator Tor Project

1 0

Onionoo 8.0-1.26.0 released
by Iain R. Learmonth 15 Jun '21

15 Jun '21

Hi, I have released Onionoo 8.0-1.26.0. Onionoo is a web-based protocol to learn about currently running Tor relays and bridges. Onionoo itself was not designed as a service for human beings—at least not directly. Onionoo provides the data for other applications and websites which in turn present Tor network status information to humans. The latest changes: Medium changes * Use IPFire geolocation database instead of MaxMind. * Fix inconsistencies between ASN/GeoIP/rDNS lookups in summary and details documents. * Decode percent-encoded characters in the search parameter in the same way as in the other parameters. * Stop decoding a + sign to a space character in any of the parameters. Minor changes * Simplify logging configuration. * Set default locale US and default time zone UTC at the beginning of the execution. * Update to metrics-lib 2.17.0. You can find the release at: https://dist.torproject.org/onionoo/8.0-1.26.0/ You can find the sources at: https://gitlab.torproject.org/tpo/metrics/onionoo/-/tree/onionoo-8.0-1.26.0 Thanks, Iain.

1 0

metrics-lib 2.17.0 released
by Iain R. Learmonth 15 Jun '21

15 Jun '21

Hi, I have released metrics-lib 2.17.0. metrics-lib, which also goes by the name DescripTor, is a Java API that fetches Tor descriptors from a variety of sources like cached descriptors and directory authorities/mirrors. The DescripTor API is useful to support statistical analysis of the Tor network data and for building services and applications. This release is the sum of over 9 years of development, with the latest changes: Medium changes * Detect GeoIP files automatically by filename. Minor changes * Update to Apache Commons Logging 1.1.3. You can find the release at: https://dist.torproject.org/metrics-lib/2.17.0/ You can find the sources at: https://gitlab.torproject.org/tpo/metrics/library/-/tree/metrics-lib-2.17.0 Thanks, Iain.

1 0

Updated Tor Browser Signing Key
by Matthew Finkel 14 Jun '21

14 Jun '21

Hello everyone, The Tor Browser OpenPGP signing key expired on 12 June. We extended the expiration of the subkey again, due to the pandemic. We hope this is the last time that will be necessary. The valid key should be available from keys.openpgp.org now. The key is attached, as well.

1 0

Anti-censorship meeting notes, 10 June 2021
by Cecylia Bocovich 10 Jun '21

10 Jun '21

Hi everyone, Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-06-10-16.00.html and our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday June 10th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Announcements == No announcements this week == Discussion == - @meskio: you're working on gettor; are you in touch with the component that uploads to https://archive.org/details/@gettor ? dcf thinks the way files are organized in those uploads is unusual. - https://blog.archive.org/2011/03/31/how-archive-org-items-are-structured/ - https://gitlab.torproject.org/tpo/anti-censorship/gettor-project/gettor/-/b… - Currently there's one file per item; it could be multiple files in each item. - Could be one item per release: torbrowser-10.0.14 - Or one item per release-arch: torbrowser-10.0.14-win64 - Direct download links can point to the single files within the item that they need, e.g. https://archive.org/download/torbrowser-10.0.14/torbrowser-install-win64-10… - It would be good to get a second opinion from anarcat. == Actions == No actions this week == Updates == cecylia (cohosh): last updated 2020-06-10 Last week: - opened core/tor#40406 to discuss how we use the BridgeDistribution option in Tor - FOCI reviews and PC meeting - deployed a new version of the snowflake broker - made progress on implementing support for vanilla bridges in rdsys (rdsys#38) - following OONI's work on integrating snowflake and obfs4 - anti-censorship team roadmapping and issue triaging - working on a snowflake blog post for the 10.5 release - worked on making the moat-shim deployment more secure This week: - work on rdsys#38 as a prereq for rdsys#12 - work on bridgedb#32276 deployment - follow up on arlo's snowflake broker work Needs help with: arlolra: 2021-06-10 Last week: - More snowflake!39 Next week: - Maybe get back to snowflake-webext #10 Help with: - snowflake !39 dcf: 2021-06-10 Last week: - commented on broker components https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: Help with: agix:2021-06-10 Last week: -Busy with university stuff Next week: -Work on bridgebox for rdsys -More research on httpt #4 Help with: - maxb: 2021-06-03 Last week: - Made some improvements to github.com/max-b/nat-testing for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Now have separate containers for each piece along w/ a reasonably simulated network topology - Got really good feedback from cohosh as always Next week: - Make config fixes cohosh suggested - Implement alternative NAT types - Add testing wrapper w/ "pass/fail" conditions meskio: 2021-06-10 Last week: - debian package snowflake included in the debian go-team (looking for a mentor) https://salsa.debian.org/go-team/packages/snowflake - getting to learn the insides of gettor - start rdsys email implementation Next week: - MVP of gettor rewrite in rdsys (rdsys#32) Help with: -

1 0

UX team monthly meeting notes, June 8th
by Antonela D 08 Jun '21

08 Jun '21

Hello, == Monthly User Experience Team Meeting == Open IRC meetings happen monthly on the first Tuesday of the month at 1400 UTC in #tor-meeting on OFTC. The next meeting will be held on Tuesday July 13th at 1400 UTC in #tor-meeting on OFTC. Here are the minutes for the meeting of June 8th: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-06-08-14.00.log… Here are the minutes for the meeting of May 11th: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-05-11-14.00.log… Here are the minutes for the meeting of April 6th: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-04-06-13.58.log… Here are the minutes for the meeting of March 2nd: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-03-02-13.58.log… *--------------------------* *Tuesday June 8th 14:00 UTC* *--------------------------* == What projects are we working on? == S9 - Usability and Community Intervention on Support for Democracy and Human Rights - https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… []=Sponsor%209&label_name[]=UX S28 – Survey reporting for "Get more alpha users of Snowflake" - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… S30 - Empowering Communities in the Global South to Bypass Censorship - https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… []=Sponsor%2030&label_name[]=UX S103 – Collaborative ResistancE to Web Surveillance (CREWS) - https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… []=Sponsor%20103 == Announcements == * Tor Browser 10.0.16 Release: - https://blog.torproject.org/new-release-tor-browser-10016 * Tor Browser Alpha 10.5.a15 for Release: - https://blog.torproject.org/new-release-tor-browser-105a15 * V2 Onion Services deprecation: - https://twitter.com/torproject/status/1388905624847757315 == Agenda == 1. Snowflake Report Published (duncan) https://gitlab.torproject.org/tpo/ux/research/-/raw/master/reports/2021/pub… 2. TB 10.5 Alpha release on June 7th week?, call for testing (antonela) https://gitlab.torproject.org/tpo/ux/research/-/issues/41 3. donate page? donate page! (duncan) https://gitlab.torproject.org/groups/tpo/-/milestones/22 4. UX team roadmapping (antonela) 5. Status update about Feedback Collection Fund (josernitos) == Open Call for User Research == Find out how to contribute to the UX team: https://community.torproject.org/user-research/how-to-volunteer/ Thanks! A -- Antonela Debiasi UX Team Lead torproject.org @antonela E2330A6D1EB5A0C8

1 0

Anti-censorship team monthly report: May 2021
by Cecylia Bocovich 08 Jun '21

08 Jun '21

Hi everyone! This is what we've been up to in May! May 2021 monthly report Snowflake ========= * Snowflake now implements the PTv2 Go API specification https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Fixed a goroutine leak causing memory problems in the Snowflake server https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Fixed a CPU issue with Snowflake on the probetest service https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * Improved our standalone proxy setup documentation https://gitlab.torproject.org/tpo/web/community/-/issues/203 BridgeDB ======== * Send QR codes for bridges over email https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40008 * Have BridgeDB distribute obfs4 bridges by default https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40011 * Fix an HTML injection vulnerability in the HTTPS distributor https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40014 * Setup Gitlab CI https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40012 Other ===== * meskio has joined our team as a new full-time anti-censorship developer! * We posted a report on the censorship of Tor in Belarus: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/blo… * We're starting work on a new Conjure PT for Tor! https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/9 https://censorbib.nymity.ch/pdf/Frolov2019b.pdf

1 0

Outreachy Intern Introduction
by Kulsoom Zahra 04 Jun '21

04 Jun '21

Greetings everyone! My name is Kulsoom Zahra (she/her). I'm from India. I'm happy to share that I've been selected as an Outreachy Intern for the May-Aug 2021 corhot! Project - Help Tor Project support our users Mentored by Gus I developed interest into privacy and digital security long back and heard of Tor. Being actually a part of the project is undoubtedly an overwhelming experience! I'm exicted to learn and grow with the community. My nickname on IRC is kulsoom_z. Regards, Kulsoom Zahra

2 1