-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi y’all! I was asked to write up some notes on the CDMX Meeting for tor-mobile folks; figured the report might be useful to my fellow onionfolk in the way that other reports are on this list. Anyway, some updates on Onion Browser-ish things, with a focus on the Tor meeting (mostly just summarizing some notes I took and TODOs I made):
* From before the meeting: A few weeks ago I finally posted to my Patreon after like, a year of silence? Something like that. There’s plenty of updates on the past year of work in there.[1]
* I provided an update on installs/usage: Onion Browser crossed 1 million downloads at some point in April. There are about 1,700 app sessions per day (which only counts users who’ve opted in to analytics and sharing that data with app developers[2], so it’s a very low-ball count).
* Folks are seeing a lot of fake “Tor” or “Onion Browser” apps in the Apple App Store or the Google Play Store. In the past we’ve submitted requests to Apple about apps using the Tor branding or the Onion Browser name. (Technically trademark is the only thing we have to act on, since our permissive OSS licenses allow redistribution as long as the correct license bits are written down in there.) Someone said we should maybe have something (in the wiki?) about what to do if you find someone else’s app pretending to be official Tor/Onion Browser/Orbot/etc -- like who to notify here, and what steps & language we use when submitting the request to the app stores.
* I learned from Nick that as of 0.3.4.X, “DisableNetwork 1” now also disables unnecessary CPU wakeups (basically things only needed when Tor is connected) -- this might help with some of the stability issues that happen when the device sleeps (since I do set DisableNetwork when that event is triggered).
* There’s (possible?) new funding from Guardian Project that will hopefully jump-start more work on Onion Browser again soon. Had a great conversation with Fabby who works with Guardian Project; looking forward to putting a roadmap together when I have some spare cycles again. (I’ll probably have more time to have those conversations in earnest after the US election.)
* Started working on an update to Tor.framework (the little-t tor integrating bits that build into Onion Browser) to update the Tor in it. (It’s currently stuck on 0.3.3.x right now.) I’m like 99% sure the current issues are due to cleanup and refactoring in tor (like some of the work towards making it usable as a library). Couldn’t work on it in CDMX because I didn’t bring a Mac with Xcode on it, but I’ve been tinkering around with it since I got back.[3][4] Hopefully more on that soon.
* Not exclusively Onion Browser related, but since I also do operate a few .onions, I was around a lot of conversations about .onion usability (esp with long v3 ones) and things like HTTPS Everywhere and alt-svc headers as solutions. I’d love to get some work in on alt-svc in Onion Browser[5], and maybe experiment with some explicit user consent like in [6]. Hand-in-hand with that, it could be cool to implement some built in list of well-known and well-attested clearnet -> onion site mappings in the app (going along with the HTTPS Everywhere ruleset in the app).
[1]: https://www.patreon.com/posts/lots-of-long-21317240 [2]: https://support.apple.com/en-us/HT202100 [3]: https://github.com/iCepa/Tor.framework/compare/master...mtigas:tor_0_3_5_2-w... [4]: https://github.com/OnionBrowser/OnionBrowser/commit/90dc95f11c2949d7114bc1f5... [5]: https://github.com/OnionBrowser/OnionBrowser/issues/148 [6]: https://trac.torproject.org/projects/tor/attachment/ticket/21952/21952.png
Cheers,
Mike Tigas https://mike.tig.as/ | @mtigas 0xDFD760C4 | 0x6E0E9923