tor-project

tor-project@lists.torproject.org

17 participants
2326 discussions

February - May 2020 User Feedback Report
by Nicolei Ocaña 22 Jun '20

22 Jun '20

Hiya Welcome to the User Feedback Report for the months of February to May 2020. Hopefully, everyone is staying safe and socially distant/healthy :) tl;dr: Questions with minimal to no information (other than "Tor Browser won't open," "Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you fix the underlying problem and restart Tor, Tor Browser will not start," and "Gah! Your tab just crashed!") (26 occurrences), video playback questions (14), "Run as administrator" issue [1] (6), letterboxing feature (6), and CAPTCHA loop issue on some websites (5) dominated RT. Reddit is constantly questioning letterboxing and trying to identify the true The Hidden Wiki (there is none). Metrics from Frontdesk queue: in the last month we answered more than 325 requests on Frontdesk queues. We still have a lot of spam that we clean every day. ## Frontdesk highlights a) Tor Browser: Users are unaware of the purpose of Letterboxing. They are under the impression that this is a Tor Browser layout bug. b) Browsing: Users identified the CAPTCHA while browsing with Tor Browser. Some users reported that infinite CAPTCHA loop included trac.torproject.org and sites where users logged into email or bank accounts. b) Browsing: Users remarked not being able to watch YouTube videos on YouTube.com. Users are unaware that NoScript blocks larger media elements by default. For users connecting on Tor Exit nodes blocked by YouTube/Google, we recommended to use <https://invidio.us/> as a workaround. c) Website: Users installed the Windows 64-bit version of the desktop version of the Tor Browser because they presumed by clicking the "Download for Windows" button, their platform would be auto-identified by the website. d) VPN products, fake Tor Browsers and "Tor Browsers": Users are confused which application, both desktop version and mobile, are created by the Tor Project. Users cite issues with "The Tor Browser," confusing us for Tor Browser + Private VPN combinations, the Tor Browser version offered on Tails, or the Tor Browser on iPhones. We had some occurrences of iOS users asking support for their money back because they installed an App that wasn't Tor Browser / Onion Browser. Now, on to the feedback! Scroll further down to see a summary of Reddit posts, some points from Google Play Store reviews, a list of the most common Stack Exchange tags from the month, and a collection of some notable issues and bugs mentioned by users in the past few months. ## Common questions on Frontdesk - Questions regarding Letterboxing: "Last update of my Tor-Browser has an issue, it does not go full screen, well it goes full screen, the browser itself but not the web page, the web pages i open don't fill up the browser and it is annoying." User titled tickets: "Graphical glitches - Tor 9.5" and "How to enable normal screen resolution !?" - Questions involving the CAPTCHA loop - Questions regarding video playback. - Questions regarding donations (can't donate on Tor Browser, follow-up on gifts, etc.) - Questions with the prompt: "Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you fix the underlying problem and restart Tor, Tor Browser will not start." - Question with minimal to no information other than "Tor Browser won't open" (or something similar) - Questions "Where I can download Tor Browser in my language?" and "How can I change the website language?" - Users with "proxy errors" or requesting bridges on countries that are censoring the internet or are blocking Tor. - Questions involving dll files are missing: "I have windows 7 I downloaded TOR with no trouble but when I try to run it a message comes up saying, my computer does not have ms-win.crt 11-1-0.dll. I dont know what that means. Can you help." - Questions explicitly stating that "I cannot download the Tor Browser from <https://www.torproject.org/>" - Questions concerning installing the Windows 32-bit version - Questions regarding using the Onion Browser for iOS Phones - Questions concerning using fake Tor Browsers from App Store not developed or endorsed by The Tor Project ## Most common questions of Reddit (/r/TOR) - Tor exited unexpectedly - Questions regarding using Tor and a VPN - Can my ISP see that I am using Tor? - What's the difference between using Tor Browser, Orbot: Tor for Android, and Tor Browser (Alpha) - Tor blocked everywhere ## TBA Reviews & Feedback on Google Play Store The average review score is 4.3 stars with 38,215 total reviews. Below are some common problems mentioned by users in Google Play reviews: - Can't Can't take screenshots [3] - Browsing speed a bit slow and sluggish - Save Image option doesn't work [7] - How does one ask for a "New Tor Circuit for This Site" on mobile [6] ## Most common stack exchange tags tor-browser-bundle: 15 asked in June configuration: 14 June hidden-services: 9 June anonymity: 7 asked since February security: 7 asked since February relays: 6 asked in June ## Notable bugs, fixes, & issues mentioned by users - #29470 [2] - error message torBrowser-8.0.5-osx6 No Mountable file systems - OPEN - #27987 [3] - Add setting for enabling/disabling flag_secure in Android browser (a.k.a. Mobile screenshot issue ) - OPEN - #25959 [4] - Add uBlock Origin to Tor Browser Bundle - CLOSED - #22089 [5] - Add Decentraleyes to slighten off a bit Exit traffic and work around some CDNs blocking of Tor - OPEN - #25764 [6] - Improve how circuits are displayed to the user on Android - OPEN - #33702 [8] - RSA_get0_d could not be located in the dynamic link library tor.exe - OPEN --- Other user suggestions: - "Great browser, but it would be nice if an update brought a dark theme and the torbutton from the PC version (the little onion button). If some how a tor developer see's this please add those two things for the mobile version and thank you for making a great browser." - "I'd request uBlock Origin to be added to Tor, it's been recommended several times and there's multiple forum posts and Reddit posts about it. Not having it only decreases privacy and security. Also, could you add an option to donate to Tor via bitcoin, seems incredibly inadequate that an organization preaching for privacy and security does not have any means of supporting them through any alt coins." --- Whew! Those were a lot of months to cover! Thanks for reading! Hopefully we go back to these per month :)! ## Annotations 1. https://trac.torproject.org/projects/tor/ticket/33702 2. https://trac.torproject.org/projects/tor/ticket/29470 3. https://trac.torproject.org/projects/tor/ticket/27987 4. https://trac.torproject.org/projects/tor/ticket/25959 5. https://trac.torproject.org/projects/tor/ticket/22089 6. https://trac.torproject.org/projects/tor/ticket/25764 7. https://trac.torproject.org/projects/tor/ticket/31013 8. https://trac.torproject.org/projects/tor/ticket/33702

2 1

Anti-censorship meeting notes, 18 Jun 2020
by Philipp Winter 18 Jun '20

18 Jun '20

Hi all, Here are our meeting minutes: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-18-16.00.html And here is our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday June 18th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress). == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap will go into https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam <-- it will be moved into gitlab * Past meeting notes can be found at: https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors we are working on: * https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor30 <-- it will be moved into gitlab * https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor28 <-- it will be moved into gitlab * Anti-censorship related tickets that we want other teams to fix: * https://pad.riseup.net/p/tor-anti-censorship-tickets-keep == Announcements == * == Discussion == * proposal on how to use gitlab https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/28 == Actions == * == Interesting links == * Ongoing Internet measurement village talks this month: https://ooni.org/post/2020-internet-measurement-village/#schedule * https://wwdaacc20.com/ Worldwide Developers Against Apple Censorship Conference, June 22 == Reading group == * We will discuss Geneva on June 25th * https://censorbib.nymity.ch/#Bock2019a * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. phw: This week (2020-06-18): * Reviewed #31282. * Wrote patch for #29184. * Deployed test branch of BridgeDB-internal metrics and fixed bugs that I discovered. * Worked on #33647. * Familiarising myself with Gitlab. * Wrapped up #33162. * Worked on #34260. Next week: * Wrap up #34260. Help with: * #33647 * #29184 cecylia (cohosh): last updated 2020-06-18 Last week: - getting used to and helping with gitlab migration - reviewed a bunch of snowflake proxy on android code - worked on getting snowflake set up for sponsor 28 test range - updated GetTor releases to Tor Browser 9.5 release - fixed a small typo in the GetTor Gitlab provider links - implemented NAT behaviour discovery at proxies and matching at broker (#34129, #33666) - began trial integration of GetTor with BridgeDb autoresponder code This week: - look at viatsk's work on NAT test suite (#25595) - revisions and hopeful merge/deployment of #34129 - add more stun servers (#30579) - Break up BridgeDB's autoresponder code and do a trial re-implementation of GetTor (#3780) - Follow up on discussions of debian obfs4proxy package - sponsor 28 evaluation prep - translations? Needs help with: juggy : This week: - Dig into the algorithm for how BridgeDB distributes bridges Next week: - Implement audio captchas in moat, figure out how to reduce audio captcha request size - Keep studying BridgeDB to write architectural overview Help with: arlolra: 2020-06-11 Last week: - Next week: - follow ups to #33365 - start on #31201 Help with: - dcf: 2020-06-18 Last week: - provided some feedback on NAT-aware broker rendezvous (#34129) Next week: - share access to the snowflake broker CDN configuration (#30510) Help with: Antonela: 2020-06-18 - brought the TB10.0 proposal to the browser team. They are reviewing it. - reviewed personas with Dunqan this week, we will have a draft for your review by the end of the month agix:2020-06-11 Last week: -Started taking a look at #34318 -(Will be occupied due to university exams till 06-26) Next week: -Work on fixing #34318 Help with: - thymbahutymba: 2020-04-02 Last week: - CI/CD pipeline for multiarch docker images, which has a problem with the apt tor version even though the apt repository have been changed into the Dockerfile. Next week: Help with: HashikD: 2020-04-28 Last week: - Made a code patch for most tickets related to Part A of project. Next week: - Learning about WebSocket and deciding on WebSocket library. Help with:

1 0

Meetrics meeting notes, June 18th 2020
by Gaba 18 Jun '20

18 Jun '20

Hi! Metrics Meetings are happening every Thursday at 15UTC in #tor-meeting in irc.oftc.net Here are the minutes for the meeting of June 18th: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-11-14.59.log… Meeting pad: https://pad.riseup.net/p/tor-metricsteam-2020.1-keep And here is the pad notes: Public pad URL is: https://pad.riseup.net/p/tor-metricsteam-2020.1-keep Weekly meetings, every Thursday at 15 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress). Links: Old Metrics Team wiki page (including roadmap) : https://trac.torproject.org/projects/tor/wiki/org/teams/MetricsTeam << this will be moved to gitlab wiki >> OnionPerf board: https://gitlab.torproject.org/tpo/metrics/onionperf/-/boards Next meeting: Thursday, June 25th, 15 UTC ----------------------------------------------------- Agenda Thursday, June 18th, 15 UTC ----------------------------------------------------- op-??3 instances https://metrics.torproject.org/torperf.html As one option we could change the default file size on m-web from 50 KiB to 5 MiB in order to have timeouts being displayed at all, now that there are no 50 KiB/1 MiB downloads anymore. As another option we could redefine timeout for smaller downloads and hope to see the same distribution there. Needs analysis. Keep op-??2 instances running until we have a plan, most likely until next meeting. GitLab migration proposal on how gitlab will work: https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/29 karsten opens a ticket in https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues to mirror the OnionPerf gitolite code in GitLab Adding documentation ticket (#40001) to current roadmap gaba says this seems okay. Reviews Any blockers, anyone? Log: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-18-14.58.log… -- she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

OONI Monthly Report: May 2020
by Maria Xynou 16 Jun '20

16 Jun '20

Hello, Throughout May 2020, the OONI team worked on the following sprints: * Sprint 12 - Beluga (1st May 2020 - 10th May 2020) * Sprint 13 - Orca (11th May 2020 - 24th May 2020) * Sprint 14 - Ponyo (25th May 2020 - 31st May 2020) Our work can be tracked through the various OONI GitHub repositories: https://github.com/ooni Highlights are shared in this report below. ## OONI Probe desktop app Following the launch of the new OONI Probe desktop app (for Windows and macOS) in April 2020, we made improvements and released OONI Probe Desktop 3.0.1 in May 2020: https://github.com/ooni/probe-desktop/releases/tag/v3.0.1 ## Released OONI Probe Mobile 2.4.0 We released OONI Probe Mobile 2.4.0! * Android: https://github.com/ooni/probe-android/releases/tag/v2.4.0 * iOS: https://github.com/ooni/probe-ios/releases/tag/v2.4.0 Highlights from the latest OONI Probe mobile app release include: * New Dashboard design * New button to run all tests in one go * Improved NDT speed test (i.e. NDT test re-written to increase reliability and measurement accuracy) * Middlebox tests are now grouped with the performance tests * Telegram, NDT, and DASH tests re-written in golang ## Making the OONI Probe apps rely entirely on the golang engine As part of our ongoing efforts to make the OONI Probe apps rely entirely on our golang engine, we: * Implemented the golang framework on iOS: https://github.com/ooni/probe/issues/1166 * Made a series of updates: https://github.com/ooni/probe-engine/issues/551 & https://github.com/ooni/probe-engine/issues/598 ## Add support for configuring push notifications In May 2020, we created an experimental countly plugin for configuring and sending push notifications to users by country (https://github.com/ooni/backend/issues/378). We also deployed a production instance of the countly instance (https://github.com/ooni/backend/issues/379) using their digital ocean droplet. This was tested with the OONI Probe mobile app. Through these activities, it seems that Countly offers all of the necessary features that we require to implement all of our planned activities around push notifications. ## Adding support in OONI Probe for availability testing of the circumvention tools Tor, obfs4proxy, and Psiphon The new Tor and Psiphon tests are available through the recently launched OONI Probe desktop app (https://ooni.org/install/desktop). In May 2020, we worked towards integrating these tests into the OONI Probe mobile app as well, in addition to expanding our methodologies. To this end, we: * Wrote the UI for the Tor test results on mobile: https://github.com/ooni/probe/issues/885 * Wrote the UI for the Psiphon test results on mobile: https://github.com/ooni/probe/issues/884 * Wrote a prototype for a STUN reachability test: https://github.com/ooni/probe-engine/issues/626 * Saved Tor logs to a file: https://github.com/ooni/probe-engine/issues/625 ## Developing OONI Probe orchestration logic that is specific to circumvention tool testing As part of our work on developing OONI Probe orchestration logic that is specific to circumvention tool testing, we added backend support for retrieving Tor bridges from bridges.tpo (https://github.com/ooni/orchestra/pull/88). We also documented the next steps towards deploying and merging the Tor bridgedb orchestra integration in the following ticket: https://github.com/ooni/backend/issues/426 ## Making OONI Probe’s reporting logic more resilient to censorship As part of our ongoing efforts to make OONI Probe’s reporting logic more resilient to censorship, we added support for submitting measurements through the use of circumvention tools. The OONI Probe engine now supports setting an external SOCKS5 proxy, which we tested for performing and submitting measurements. The probe-engine also supports starting an on-demand Psiphon tunnel. Relevant tickets: https://github.com/ooni/probe/issues/888 https://github.com/ooni/probe-engine/issues/509 https://github.com/ooni/probe-engine/issues/543 We also added logic for detecting which circumvention strategy should be used when speaking to backends (https://github.com/ooni/probe/issues/887). More specifically, we: * Added DoH as the primary DNS for the session, with the system resolver as the fallback; * Added fallback support to cloudfronting; * Added support for persistent proxies, like Tor or Psiphon. We also added failover support to probes (https://github.com/ooni/probe-engine/issues/407), enabling us to connect to different collectors and choose the one with the best performance. Finally, we added support for discovering when OONI backend infrastructure is being blocked (https://github.com/ooni/probe/issues/886). ## Analyzing collected censorship circumvention tool test results and integrating them into OONI Explorer and the OONI API Following the release of the new OONI Probe desktop app (which includes the new Tor and Psiphon tests), we have been collecting, analyzing, and openly publishing censorship circumvention tool results on OONI Explorer and the OONI API. In May 2020, we began research on how to present country-level information on OONI Explorer for the Tor test. As part of this activity, we made a CSV dump of all the recent Tor test measurements (https://gist.github.com/hellais/784a8115642d2b47072bfe4e177d1c59). ## Implement beta quality backend logic for prioritising URLs We made progress on testing and developing the URL prioritization backend. Specifically, we worked on improving the performance of the counter tables. See: https://github.com/ooni/backend/issues/411 ## Analyze data to extract website metrics We made progress on backend work required to extract website metrics. Specifically, we experimented a bit more with a different database solution, called ClickHouse. In order to better understand how performant it would be for our use case, we worked on ingesting all OONI data from the metadb into ClickHouse (https://github.com/ooni/backend/issues/410). We also had several discussions on the requirements for the extraction and analysis of website metrics (https://github.com/ooni/backend/issues/419). We added support to the aggregation API (which builds per website aggregate views of the data) to handle the category_code as an axis (https://github.com/ooni/backend/issues/409). This enables us to count the number of blocked sites per category or the number of blocked categories in a given country. We also deployed and further tested the CSV and JSON aggregate endpoints (https://github.com/ooni/backend/issues/402). ## Reprocessing old measurements using the fast-path pipeline Our new fast-path pipeline makes the near real-time analysis and publication of measurements from around the world possible. However, OONI measurements span all the way back to 2012, and many of the older measurements have not been processed by our new fast-path pipeline yet. As part of our ongoing efforts to reprocess older OONI measurements, we added support for parallelising “can” processing in the fast-path pipeline: https://github.com/ooni/backend/issues/392 ## Managing the MaxMindDB license change Over the years we have used the MaxMind GeoIP database (https://www.maxmind.com/en/home), but since they changed their license, we have been working towards creating our own ASN database. This work is documented through the following tickets: https://github.com/ooni/probe-engine/issues/620 https://github.com/ooni/probe-engine/issues/584 https://github.com/ooni/probe-engine/issues/507 ## Published report on the OONI Run usability study findings During May 2020, we completed the OONI Run usability study and collected feedback as part of our research on the limitations of the current OONI Run link format. In May 2020, we carried out 9 interviews (out of 16 interviews overall), through which we were able to collect detailed community feedback on the challenges associated with using the OONI Run platform, as well as suggestions for improvement and feature requests. Following our analysis of information and feedback collected through our survey (https://ooni.typeform.com/to/r9c5ee) and the 16 interviews, we documented community feedback and shared it through a report. This report is available here: https://ooni.org/post/2020-06-09-ooni-run-usability-study-findings/ Our report outlines the objectives, personas, assumptions, and methods of this study. It also shares, in detail, the challenges and suggestions that survey and interview participants shared with us. Based on this feedback, we aim to release an improved version of OONI Run by the end of 2020. ## Improving our server infrastructure As part of our ongoing efforts to improve our server infrastructure, we continued to perform regular maintenance work on our servers, but we also had to deal with a few incidents. Specifically, we: * Cleaned-up the autoclaved files from the data collector, as we were running out of storage space: https://github.com/ooni/backend/issues/407 * Expanded disk on hkgmetadb to account for the growing dataset: https://github.com/ooni/backend/issues/422 * Improved SSH connection handling in our fastpath pipeline, allowing us to be more resilient in handling the retrieval of report files from the collectors: https://github.com/ooni/backend/issues/404 ## Testing and quality assurance We made progress on improving the quality of our software through better testing and quality assurance procedures. Namely, we: * Started using a random host header when not speaking with OONI: https://github.com/ooni/probe-engine/issues/578 * Started using 127.0.0.2 as default resolver IP: https://github.com/measurement-kit/measurement-kit/issues/1884 * Wrote several blog posts about the improvements to the testing engine based on the analysis of measurements: https://github.com/ooni/probe-engine/issues/619 ## Expanding OONI Probe measurement methodologies We published a report which evaluates OONI's new measurement engine within the context of the blocking of Women on Web (www.womenonweb.org) in Spain. This report is available here: https://ooni.org/post/2020-engine-evaluation-spain/ We have been working on expanding our measurement methodologies to detect more forms of website censorship. To this end, we have been working on experimental code that combines OONI's Web Connectivity test with SNI blocking detection methodology (and other techniques). Our aim is to eventually ship a new and improved Web Connectivity test -- as part of the OONI Probe apps -- that also measures SNI based filtering, as part of the broader set of website censorship checks. To evaluate how these experiments work in practice (and if they work as expected), we collaborated with Vasilis Ververis (Magma project) and Spanish hacktivists to measure the blocking of www.womenonweb.org in Spain through the use of these new experimental methodologies. Our report (https://ooni.org/post/2020-engine-evaluation-spain/) describes our experimental implementation for the www.womenonweb.org case and discusses some next steps. ## Published report on the blocking of websites in Myanmar In collaboration with OTF Fellow Phyu Kyaw, we published a report on the recent blocking of 174 domains in Myanmar. This report is available here: https://ooni.org/post/2020-myanmar-blocks-websites-amid-covid19/ In March 2020, authorities in Myanmar directed local ISPs to block "fake news" as part of efforts to tackle disinformation around COVID-19, but an official blocklist hasn't been publicly disclosed. OONI measurements confirm the DNS based blocking of 174 domains in Myanmar, many of which include ethnic media websites. We compared the blocked news outlets with the Myanmar Press Council's "fake news" list, and found that many media sites that aren't in the public "fake news" list are blocked anyway. Our report received press coverage by Deutsche Welle: https://www.dw.com/de/r%C3%BCckschritte-bei-pressefreiheit-in-myanmar/a-535… ## Published report on the blocking of social media in Burundi We published a report on the blocking of social media in Burundi amid its 2020 general election. This report is available here: https://ooni.org/post/2020-burundi-blocks-social-media-amid-election/ OONI measurements collected from Burundi reveal the blocking of 18 social media platforms on 20th May 2020 (election day), including skype.com, youtube.com, whatsapp.com, twitter.com, facebook.com, instagram.com -- among many others. These sites appear to be blocked -- on Econet (AS37336) and Viettel Burundi (AS327799) -- through the use of some form of Deep Packet Inspection (DPI) technology, as the blocking only occurs when we attempt to establish an HTTPS connection (resulting in connection reset errors), as opposed to the IPs being blocked or the DNS queries being interfered with. OONI data also shows the blocking of the WhatsApp and Telegram apps, and suggests that access to Facebook Messenger was blocked too. Interestingly, the blocking of Facebook Messenger on the Lacell Burundi (AS327720) network was implemented on a DNS level by returning an IP address in the DNS answer which is in the “reserved for future use” 240.0.0.0/8 netblock. ## Collaboration with Netalitica Netalitica researchers continued to do great work in reviewing and updating the Citizen Lab test lists (https://github.com/citizenlab/test-lists). In May 2020, we reviewed the updates (made by Netalitica researchers) to the following test lists: * Venezuela: https://github.com/citizenlab/test-lists/pull/634 * Qatar: https://github.com/citizenlab/test-lists/pull/633 We also made the following test list updates: https://github.com/citizenlab/test-lists/pull/623 https://github.com/citizenlab/test-lists/pull/628 https://github.com/citizenlab/test-lists/pull/629 ## Data analysis As part of our partnership with Azerbaijan Internet Watch, we analyzed all OONI measurements collected from Azerbaijan between 1st January 2020 to 31st May 2020 (https://github.com/ooni/ooni.org/issues/506), based on which we produced relevant charts and wrote a report. We also completed data analysis pertaining to a separate research project examining the blocking of LGBTQI websites (https://github.com/ooni/ooni.org/issues/437) in several countries around the world. ## Google Summer of Code (GSoC) student We are excited to have a Google Summer of Code (GSoC) student join our team for the summer of 2020! In May 2020, Krona Emmanuel started his GSoC internship with the OONI team. As part of his 4-month internship, Krona will work on making improvements related to social media sharing on OONI Explorer. Further details about this project are available here: https://community.torproject.org/gsoc/ooni-explorer-findings/ We started off by collaborating with Krona on defining user stories for social media sharing: https://github.com/ooni/explorer/issues/462 ## Mastodon To better reach free software (and digital rights) communities, we started using Mastodon. The OONI Mastodon account is available here: https://mastodon.social/@ooni ## Community use of OONI data ### Blocking of Women on Web in Spain The Magma project -- in collaboration with several Spanish hacktivists -- published a research report documenting the blocking of reproduction rights website womenonweb.org in Spain. Their report (which was supported by the use of OONI Probe and OONI data) is available here: https://blog.magma.lavafeld.org/post/women-on-web-blocking/ ### Blocking of news portal in Venezuela Through the use of OONI Probe and OONI data, VEsinFiltro reported the blocking of a news portal (runrun.es) in Venezuela. See their relevant tweets: https://twitter.com/i/status/1261978668945018880 This was also reported by IPYS Venezuela (who also made use of OONI Probe and OONI data): https://twitter.com/ipysvenezuela/status/1262482417069285383 ## Community activities ### Organizing the online Internet Measurement Village 2020 Before the IFF got canceled in light of the escalating global impact of the COVID-19 pandemic, we had originally planned to organize and host an Internet Measurement Village during the last 2 days of the IFF. While we still hope to organize and host an in-person Internet Measurement Village next year as part of IFF 2021, this year we decided to organize and host a version of this village online. To this end, we spent time throughout May 2020 planning the online Internet Measurement Village 2020, coordinating with other measurement projects and community members, creating the schedule, and trying out various platforms (e.g. to check which streaming solutions to use). The Internet Measurement Village 2020 will be hosted entirely online, and will consist of presentations that are live-streamed on the OONI YouTube channel (https://www.youtube.com/c/OONIorg), enabling anyone from the internet to view the presentations, learn about the projects, and participate in discussions through the live chat. The Internet Measurement Village will take place mostly throughout June 2020, starting on 10th June 2020 and ending on 3rd July 2020. We have published the schedule here: https://ooni.org/post/2020-internet-measurement-village/ ### Clean Insights Symposium Extraordinaire On 12th May 2020, OONI’s Arturo was invited to participate in the Clean Insights Symposium Extraordinaire (a podcast organized by the Guardian Project) to discuss OONI. As part of the podcast, Arturo was asked the following questions: * OONI provides benefits but with risk. How do you communicate these to the people doing the measuring or being measured? How does user experience and consent play a role? * Within an internet freedom and human rights context, are there additional threats and risks to consider? Is measuring itself a crime in some places? * What do you do with the data that OONI collects? How long do you keep it? Is it public or private? Can it cause harm? * Who does OONI benefit and how? Is it just an advocacy tool, or does it have technical impact in the design of other services and apps? The podcast is available here: https://guardianproject.info/podcast/2020/cleaninsights-panel-ooni.html ### OONI Community Meeting On 26th May 2020, we facilitated the monthly OONI Community Meeting on our Slack channel (https://slack.ooni.org/), during which we discussed the following topics: * Brief updates from the OONI team * Update on OONI Run survey outcomes * Improving the SEO of OONI.org * Creating a Censorship Alert System * Investigating DoS attacks against media websites ## Userbase In May 2020, 8,430,917 OONI Probe measurements were collected from 6,199 networks in 211 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on “monthly coverage worldwide”): https://explorer.ooni.org/ ~ The OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

Tor Browser meeting notes, 15 June 2020
by Gaba 15 Jun '20

15 Jun '20

Hi! Tor Browser meetings are happening every Monday at 1800UTC on #tor-meeting in irc.oftc.net We had a meeting on June 15th and here are the logs and notes. Log: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-15-18.02.log… Pad: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/tor… Contents of the pad for today: == Tor Browser meeting pad! == Next meeting is at Monday 15 June 1800 UTC on #tor-meeting on OFTC. June Schedule: * Monday 15 June 18:00 UTC * Monday 22 June 18:00 UTC Release meetings: https://pad.riseup.net/p/tor-browser-release-meeting-keep Tuesday June 23th 18:00 UTC thanks :) Tuesday July 7th 18:00 UTC (This channel is logged while meetings are in progress.) (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Upcoming Releases and other important dates 2020.06.30: 9.5.1 and 10.0a2 - ESR68.10, ESR78.0 Latest Releases: 2020.05.22: 9.5a13 https://blog.torproject.org/new-release-tor-browser-95a13 2020.06.02: 9.5 Stable https://blog.torproject.org/new-release-tor-browser-95 2020.06.02: 10.0a1 https://blog.torproject.org/new-release-tor-browser-100a1 == Previous notes == (Search the tor-project mailing list archive for older notes.) == What project we are working on? == SPONSOR 58 - Tor Browser Security, Performance, & Usability Improvements Parent ticket: https://trac.torproject.org/projects/tor/ticket/33664 Wiki page: https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor58 Timeline: https://nc.torproject.net/s/ow2r6cLgL7Cd9BA == Stuff to do every week == Check reviews not taken! How reviews from last week worked? Any blocker? For S58: https://trac.torproject.org/projects/tor/query?status=needs_review&sponsor=… ------------------------------- ---- 15 June 2020 ------------------------------- == Announcements [please date] == We are in the middle of the transition from trac.torproject.org to gitlab.torproject.org. Trac and Gitlab can not update tickets right now. Wait for mail sent to tor-project@ on Tuesday morning. == Discussion [please date] == (June 15th) s58 Object 2.1 - UX : https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor58 - Anto starts on this in June. Implementation is in obj 2.4 (June 15th) s30 Tor Browser - UX https://trac.torproject.org/projects/tor/ticket/31283 has proposal for improving censorship circumvention UX. TB folks to review it. (June 15th) GitLab migration (two parts) tickets divided into new projects in gitlab workflows Log : http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-15-18.02.log… == Status Updates == Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: - Something you may need help with. sysrqb: Week of 08 June (planned): Tor Browser Nightly build machine Finish "Decide which components of Fenix to rip out, disable, or use" (#33939) Create tickets/plan for S58 O2.1 Week of 08 June (actual): Made progress on #33939 (but did not finish) Created tickets/plan for O2.1 Gitlab migration preparations Some adminy things Week of 15 June (planned): Really, really finish #33939 Review testsuite patches and merge them so we have a working...testsuite Catch up on current 9.5/10.0a tickets Finally land vpx patch upstream Mike: Week of 06/08 (planned): - gecko-dev proxy audit Week of 06/08 (actual): - Review of upstream DNS patch (looks good, I think) - metrics tickets followup - circpad bug fixes Week of 06/15 (planned): - gecko-dev proxy audit mcs and brade: Week of June 8th (actual): - Worked on some tbb-9.5-issues: - #34362 (Improve Onion Service Authentication prompt). - #34369 (Fix learn more link in Onion Auth prompt). - #34370 (Improve identity doorhanger message during failed onion auth). - Did some research for #34366 (onion-location mechanism -> full URL). - Poked upstream bug for #31607 (App menu items stop working). - https://bugzilla.mozilla.org/show_bug.cgi?id=1586061 - Created and posted a minimal extension that demonstrates the bug. - Worked on upstreaming the #28885 patch (notify users update is downloading). - https://bugzilla.mozilla.org/show_bug.cgi?id=1642404 - Added tests and posted a revised patch; waiting on review. - Reported some bugs with Trac -> GitLab migration (fixed by ahf). Week of June 15th (planned): - Follow up on active tickets: - #33851 (Patch out Parental Controls detection and logging). - #33998 (stop using XUL <grid> soon). - #33848 (Disable Enhanced Tracking Protection). - Spot-check acat’s 33533+6 branch (updated ESR78 rebase). - Create a patch for https://bugzilla.mozilla.org/show_bug.cgi?id=1642754 - This is a spin-off of Mozilla bug 1642404 and covers the remainder of #28885. ahf: Last week: - Working with all the teams on Gitlab migration. This week: - Some Gitlab support - Back to getting Tor working in Fenix. GeKo: Last week: -started to split of branches for S58 code and ESR 78 migration -redid toolchain patches to take into account tor-browser-build branching strategy (#34432) -started work on application-services build integration (#34101) -reviewed #33533 up to and including 33533+5 -helped with Gitlab migration of browser tickets This week: -playing with Gitlab and helping further with Gitlab migration -finishing review of #33533 and posting notes -#34432 and #34101 -reviews (we have a bunch of them in our backlog) acat: Last week: Finished rebasing patches to 78 beta (#33533) Addressed review issues for uplifting patch #27604 Reviews This week: Possibly address GeKo's feedback on #33533 Finish uplift #32414 (Make Services.search.addEngine obey FPI) Document rebase process for tor-browser-spec Maybe start covering some patches with tests Jeremy Rand: Week of June 8 (actual): Filed #34399 (Electrum-NMC can't make outgoing connections on Python 3.8+) Submitted patch for #34399 Week of June 15 (planned): Solicit more test reports on Namecoin integration (including from users who were affected by #34399) boklm: Last week: - made some patches for #28396 and #33991 - started looking at doing builds with rootless containers in rbm, and using mmdebstrap to create debian chroots This week: - continue trying to do some builds with rootless containers and mmdebstrap -- she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

Network meeting notes, 15th June 2020
by Gaba 15 Jun '20

15 Jun '20

Hi! Network meetings are happening every Monday at 1700UTC on #tor-meeting in irc.oftc.net We had a meeting on June 15th and here are the logs and notes. Log: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-15-17.00.log… Pad: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/tor… Contents of the pad for today: == Network meeting pad! == Next meeting is at Monday 22 June 1700 UTC on #tor-meeting on OFTC. June Schedule: * Monday 22 June 17:00 UTC Welcome to our meeting! We meet each month at: Mondays at 1700 UTC On #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == (Search the tor-project mailing list archive for older notes.) 1 June: https://lists.torproject.org/pipermail/tor-project/2020-June/002857.html 8 June: https://lists.torproject.org/pipermail/tor-project/2020-June/002865.html == Stuff to do every week == Let's check and update our roadmap: What's done, and what's coming up? Any change? All the trac tickets for the roadmap are in the team's page: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam S28 & S30 - Continue after October - Ahf S55 - Nickm & dgoulet Non sponsor stuff DoS defenses = Dgoulet + Asn Library Size reduction = Ahf + Dgoulet sbws = Ahf + Juga Check reviewer assignments! How reviews from last week worked? Any blocker? Here are the outstanding reviews, oldest first, including sbws: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… Go over our 0.4.4 status page at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTor… . (If maint-0.4.4 were released as stable tomorrow, what would we regret?) - scheduled to enter feature freeze on Monday June 15th == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases. * Check other's people call for help in their entries. Volunteers need help. Please help them when you are around. Maybe we should have times of day when different people are responders, and expectations of who helps. ------------------------------- ---- 15 June 2020 ------------------------------- == Announcements [please date] == Assigned reviews (Will put on gitlab when gitlab becomes RW again): dgoulet -> #33816 Fill in missing IPv6 addresses in extend cells nickm -> #34065 Make routerset_contains_router() support IPv6 asn -> #34433 Replace clang-format.sh with a faster, better version == Discussion [please date] == * [June 15] We need somebody to take over the fallback list. - dgoulet will ask geko * [Jun 15] Who (besides nickm) will look at Chutney? * [June 15] Gitlab's questions (not ready yet but will be tomorrow) 044 milestone https://gitlab.torproject.org/tpo/core/tor/-/milestones/50 wiki page not transfered yet (all trac wiki is in https://gitlab.torproject.org/legacy/trac/-/wikis/home) roadmap: it will be eventually in https://gitlab.torproject.org/groups/tpo/core/-/boards do all of you have accounts? * [Jun 15] Any needs_revision sutff that c should pick up? === Active Proposed Policies === * Pull Request Guidelines (stalled) === Design proposals under discussion === 315: require more fields in directory documents (still waiting [6/1]) 316: flashflow (asn and nickm are reviewing, should schedule discussion with pastly. [5/18]) 317: dns (under discussion on ML [5/18]) 318: limit protovers (waiting for more commment; needs discussion [6/1]) 319: wide everything (nick replied on ml; waiting for more discussion [6/1]) 320: tap out again - Do we have a consensus to replace this with a "deprecate v2 onion services" proposal? If so, who writes it? [6/1] protover rethinking (teor's email to tor-dev) (nick needs to reply [5/18]) 321: happy families (need feedback [6/1]) 322: dirport linkspec (need feedback [6/1]) == Recommended links == == Updates == Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: - Something you may need help with. PLEASE DO NOT BULK-DELETE THE OLD ENTRIES! Leave the "Planned" parts! Leave the parts for last week and this week! Nick: Week of 8 Jun (planned): - Prepare for 0.4.4 freeze - Merge pending S55 code, and increase my command of the remaining work on O1.1 - Talk with Metrics about S55 stuff? - S69 wrap-up email - Tor-unspecified triage: wow do we need it - Code-formatting hacking. Week of 8 Jun (actual): - Merged teor's S55 work. - S69 wrap-up email - lots of triage discussion - Code-formatting hacking - S55 ipv6 reachability experiments Week of 15 Jun (planned): - Get chutney actually working with assumereachable disabled (34445 through 34449) - Work on aftermath of gitlab migration. - Work with dgoulet to advance S55 planning. - Get S55 reachability test more advanced. - Release 0.4.4.1-alpha. ahf (afk today due to public holiday): Week of 8/6 planned: - Work with the Admin team on Gitlab migration. - As much other things as I can squeze in while waiting for different batch tasks to complete. Focus on Fenix still. Week of 8/6 actually: - Worked with a lot of people on the Gitlab migration. Week of 15/6 planned: - Back to Fenix stuff with Browser Team - Support Gitlab people if we go with that. asn: Week of 08/06 (planned): - Reply on all the recent responses on PoW thread -- lots of work done there. - Publish fix for #32040. - Merge prop#310 patch. Week of 08/06 (actual): - Did a proposal revision on the PoW thread. More work needed here. - Merged #310. - Reviewed and tested padding bugfixes: #30992 and #32040. #30992 got merged, but #32040 needs a bit more tweaking. Week of 15/06 (planned): - More work on PoW proposal. Fold in David's work on the scheduler and derive results from that. - Hopefully merge #32040. - More reviews & merges jnewsome: Week of June 1 (actual): - Added GH milestones and issues in shadow/shadow - Sent out Tor Project update - Added more thread/interposition APIs in shadow/phantom to support more syscalls. - Did some straceing to identify more syscalls we need for tor Week of June 8 (planned): - Hand off OnionPerf work for now (#33974: update to tgen 1.0) - Identify more syscalls needed to simulate Tor. (use nm/objdump; chutney; src/lib/sandbox) - Figure out (how to avoid implementing) netlink - Check whether we already can interpose Tor's name lookups (via libevent) Week of June 8 (actual): - shadow/phantom: Identified and documented syscalls needed for Tor, based on strace + sandbox config. https://github.com/shadow/shadow/issues/849 - Reviewed PR to add file IO support for shadow/phantom - More review for adding yaml config for shadow/shadow Week of June 15 (planned): - Work out logging from the shim with the new file IO design - Help flesh out support for syscalls and libraries needed to run Tor - Start looking into code-coverage tools (gcov) pastly: Week of 18 May (planned): - Finish bones of external FlashFlow repo (python?) to control tor clients that perform FF measurements - Finish bones of little-t tor changes s.t. measurement can be performed - Discuss FlashFlow with network team devs as they have questions c: Week of May 25 (planned): - close up work on #33609 - get started on other s55 tickets, potentially knock out 'easy' ones first and take it from there - update https://trac.torproject.org/projects/tor/wiki/doc/gsoc with my information Week of May 25 (actual): - #33609 ready for review - started hunting down and working on other Sponsor55-can and -must issues - talking in #tor-project about wiki Week of June 1 (actual): - opened and made #34381 ready for review - IPv4 part of #32888 Week of June 8 (planned): - #33598 - IPv6 part of #32888 <-- do you have a ticket for it? Week of June 8 (actual): - #32888 IPv6 PR: https://github.com/torproject/tor/pull/1932 - requested reproducibility info for https://bugs.torproject.org/33598 -- maybe I'll start thread on tor-dev@ since trac is read-only - wrote Outreachy blog post explaining Tor's IPv6 goals Week of June 15 (planned): - during meeting, poke someone about https://github.com/torproject/chutney/pull/66 - chutney work with nickm (#34445 - #34448) - force myself to remain regularly active on tor-dev@ so we can get things done more efficiently :) - in general just check behind myself and others to clean up open issues in need of commentary or review -- she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

Trac to Gitlab Migration Information
by Alexander Færøy 15 Jun '20

15 Jun '20

# tl;dr Trac is retiring; we're moving to gitlab. We wanted to do this in a more elegant way, but we're low on resources, and there are going to be some bumps in the road here. If you use or engage with the Tor bugtracking system or our wiki, this email may be relevant to you. If you don't, you can stop reading now. # Why migrate? We're hoping gitlab will be a good fit because: * Gitlab will allow us to collect our different engineering tools into a single application: Git repository handling, Wiki, Issue tracking, Code reviews, and project management tooling. * Gitlab is well-maintained. * Gitlab will allow us to build a more modern approach to handling CI for our different projects. This is going to happen after the ticket and wiki migration. (Note that we're only planning to install and use the freely licensed version of gitlab. There is an "enterprise" version with additional features, but we prefer to use free software whenever possible.) # What's the plan? On Friday June 12th, we're going to put trac into read-only mode. You'll be able to read trac, but not make any changes to it. That's when we'll start migrating to gitlab. We have been doing a bunch of trial migrations and we may need to do a few more until we get it right. We anticipate that gitlab will be pretty unstable over the weekend. We hope we'll be in a stable position on Tuesday, and our gitlab installation will be open for people to use it. It will be up on https://gitlab.torproject.org This won't be as smooth a process as we would like: we're going to lose some features -- but, no data. In the coming weeks, we're going to try to put extra time aside to fix whatever issues come up. We are migrating tickets and wiki from Trac into Gitlab issues and wiki. We will continue having https://git.torproject.org/ as canonical git server. People will be able to move repos into gitlab whenever they are ok with it. # What will break, and when will you fix it? Most notably, we're going to have an interruption in the ability to open new accounts and new tickets. We _did not_ want to migrate without a solution here; we'll try to have at least a stop-gap solution in place soon, and something better in the future. For now, we're planning for people that want to get a new account please send a mail to <gitlab-admin(a)torproject.org>. We hope to have something else in place once the migration is succesful. We're not going to migrate long-unused accounts. Some wiki pages that contained automated listings of tickets will stop containing those lists: that's a trac feature that gitlab doesn't have. We'll have to adjust our workflows to work around this. In some cases, we can use gitlab milestone pages or projects that do not need a wiki page as a work around. # What will keep working the same as in Trac? We're not going to throw away any ticket data; it'll all be migrated on the new system. We're going to try to keep most old URLs working on systems such as https://bugs.torproject.org/ All existing tickets will keep their current numbers. # How can I... ... report an issue in Tor software? For now, just use one of the mailing lists, if it can't wait till the bugtracker is open again. tor-dev(a)lists.torproject.org is the best mailing list to use for now. ... report an issue in the bugtracker itself? Please hold off till the migration is finished. At that point you can email <gitlab-admin(a)torproject.org>. ... fix a bug? If you have a patch you want to make sure we know about, and it can't wait till the bugtracker is open again, please use one of the mailing lists: tor-dev(a)lists.torproject.org would be best. ... get an account if I'm already an active contributor? Please send a mail to <gitlab-admin(a)torproject.org>. We hope to have something else in place once the migration is successful. All the best, The Gitlab migration folks -- Alexander Færøy

3 5

Anti-censorship meeting notes, 11 Jun 2020
by Philipp Winter 11 Jun '20

11 Jun '20

Hi all, Here are our meeting minutes: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-11-15.59.html And here is our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday June 11th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress). == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == * Our anti-censorship roadmap: * Our roadmap consists of a subset of trac tickets on keyword #anti-censorship-roadmap-2020 * The anti-censorship team's wiki page: https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam * Past meeting notes can be found at: https://lists.torproject.org/pipermail/tor-project/ * GetTor's roadmap: https://gitlab.torproject.org/groups/torproject/anti-censorship/gettor-proj… * Tickets that need reviews: from sponsors we are working on: * https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor30 * https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor28 * Anti-censorship related tickets that we want other teams to fix: * https://pad.riseup.net/p/tor-anti-censorship-tickets-keep == Announcements == * We will migrate from trac to gitlab on Jun 12th. - Check with Gaba if you have any questions/comments/worries * https://lists.torproject.org/pipermail/tor-project/2020-June/002866.html == Discussion == * S30 UX Update * Any review about Antonela's work: * https://trac.torproject.org/projects/tor/ticket/31282 == Actions == * == Interesting links == * Ongoing Internet measurement village talks this month: https://ooni.org/post/2020-internet-measurement-village/#schedule == Reading group == * We will discuss V2Ray and VMess on June 11 * https://v2ray.com/en/ * https://guide.v2fly.org/en_US/ * https://www.v2ray.com/en/configuration/protocols/vmess.html * https://github.com/v2ray/manual/blob/master/eng_en/protocols/vmess.md * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out, in hopes that others will pick it up? * Two summaries on the recent vulnerabilities: * https://lists.torproject.org/pipermail/anti-censorship-team/2020-June/00010… * https://pad.riseup.net/p/64MatYTvPX5_xvPCF-uz == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. phw: This week (2020-06-11): * Pushed obfs4 docker image to our new organisation account. * https://hub.docker.com/orgs/thetorproject * Revised fix for #33835, so it discards multipart messages whose content type is not text/plain. * Reviewed #34350. * More thinking about generalising wolpertinger. Sent summary to anti-censorship-team@. * Wrapped up implementation of BridgeDB internal metrics (#31422) and deployed branch for testing. Next week: * Help with: * #33835 cecylia (cohosh): last updated 2020-06-04 Last week: - made some progress on GetTor twitter responder (#27330) - created #34423 to start looking at GetTor for Tor Browser on android - talked with alwayslivid about GetTor telegram distributor - Looked at BridgeDB autoresponder code to try integrating Gettor (#3780) - Implemented NAT discovery at the client for Snowflake (#34129) - More dogfood of snowflake on android This week: - look at viatsk's work on NAT test suite (#25595) - Concrete plan to integrate GetTor with BridgeDB (#3780) - implement NAT behaviour discovery at proxies and matching at broker (#34129, #33666) - Follow up on discussions of debian obfs4proxy package - translations? Needs help with: - review of #34129 juggy : This week: - Dig into the algorithm for how BridgeDB distributes bridges Next week: - Implement audio captchas in moat, figure out how to reduce audio captcha request size - Keep studying BridgeDB to write architectural overview Help with: arlolra: 2020-06-11 Last week: - Next week: - follow ups to #33365 - start on #31201 Help with: - dcf: 2020-06-11 Last week: - looked into requirements for sharing snowflake broker CDN configuration (#30510) - checked with Kyle about snowflake fingerprinting results Next week: - share access to the snowflake broker CDN configuration (#30510) - review NAT-aware broker rendezvous (#34129) Help with: agix:2020-06-11 Last week: -Reviewed 31422 & 33835 Next week: -Look for and dig into a new ticket (didn't get around to it last week) Help with: - Antonela: 2020-06-11 - Updates and progress on extending personas. Working with Duncan on it https://trac.torproject.org/projects/tor/ticket/32811 - Will bring the TB 10.0 proposal to the browser team so we can collaborate on figuring out what is doable for the next stable release https://trac.torproject.org/projects/tor/ticket/31283#comment:3 - Tunde's fellowship is about to end. He will be joining The Berkman Klein Centre for Internet and Society at Harvard University after the fellowship ends. His report will be available for publication at the end of June. - Discussed with sysqrb how we can improve the way we are sharing TBA bundles for testing so we can run a call for testing for snowflake in TBA soon. thymbahutymba: 2020-04-02 Last week: - CI/CD pipeline for multiarch docker images, which has a problem with the apt tor version even though the apt repository have been changed into the Dockerfile. Next week: Help with: HashikD: 2020-04-28 Last week: - Made a code patch for most tickets related to Part A of project. Next week: - Learning about WebSocket and deciding on WebSocket library. Help with:

1 0

Metrics meeting notes, June 11th 2020
by Gaba 11 Jun '20

11 Jun '20

Hi! Metrics Meetings are happening every Thursday at 15UTC in #tor-meeting in irc.oftc.net Here are the minutes for the meeting of June 11th: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-11-14.59.log… Meeting pad: https://pad.riseup.net/p/tor-metricsteam-2020.1-keep And here is the pad notes: ----------------------------------------------------- Agenda Thursday, June 11th, 15 UTC ----------------------------------------------------- OnionPerf project: https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor59 Setting up op-??3 instances only 5 MiB downloads (now: 50 KiB, 1 MiB, 5 MiB) no v2 onion anymore without #34303 fix (cannibalizing circuits): 0.4.3 or 0.4.4 or master, not backported to 0.3.5 yet; this will be part of op-??4 no fix for having to open new ORconn for extending to first hop yet (#34257) no static guards yet no dropping timeouts yet retire op-??2 one week later, if all goes well! Trac/GitLab migration Any blockers? How can I tell what trac ID introduced a given line of code? (should we merge branches with --no-ff?) BridgeDB does this by following this development model: https://nvie.com/posts/a-successful-git-branching-model/ karsten does the next merge to some task-xy-merged branch for phw to take a look before it goes to master. -- she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

Tails report for May 2020
by intrigeri 11 Jun '20

11 Jun '20

Hi, here's the Tails report for May 2020: https://tails.boum.org/news/report_2020_05/ For convenience's sake, I'm attaching a simplified HTML version. Cheers!

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project