Hello everyone!
Our weekly Tor Browser meeting just ended and, as usual, here come the link to our IRC log
http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-03-25-18.32.lo...
and the content from our pad:
Week of March 25, 2019
Discussion: - adjusting meeting time (eu is doing the daylight saving thing the coming weekend) (GeKo: We'll switch to 17:30 UTC as our meeting time; I'll announce that on tbb-dev later this week) - blockers for 8.5 (GeKo: We restructured our `tbb-8.5` tickets so that it is clearly visible what are blockers for the next alpha (`tbb-8.5-must-alpha`) and what are blockers for the stable release (`tbb-8.5-must`)) - Letterboxing (GeKo: We'll get around June to help with that and test on esr60 already)
tjr - investigated getClientRects. The finding indicate that there are active fingerprinting issues from this and similar APIs that leak at least major OS version (win7 vs win10) and some OS settings. I don't *think* it's used by ad network fingerprinting (yet?) though. https://bugzilla.mozilla.org/show_bug.cgi?id=1507879 - Investigated math routines. Confirmed these leak at least major OS version, maybe minor. On Linux it probably leaks distro or system libraries Don't think it leaks hardware information - Investigated chrome:// leak. Confirmed it leaks OS and browser version. Don't think it leaks anything else except maybe language
mcs and brade: Last week: - Reviewed patch and commented in #29790 (Add build option to store profile in HOME directory). - Followed up on Mozilla bug 1434666 (updater failing on Linux — cannot find libraries). (GeKo: nice that rstrong would want to help us. We should take up that offer in case we need it :) Maybe some patch uplifting help or something) - Worked on #27484 (Onboarding: unintuitive not-navigation buttons). - Monitored #28925 (Core Tor: distinguish PT vs proxy for real in bootstrap tracker). This week: - Review patch for #29825 (Intelligently insert the Security Level button) - Finish patch for #27484 (Onboarding: unintuitive not-navigation buttons). - Begin #29768 (Introduce new features to users in Tor Browser).
sysrqb: Last week: Release prep and release (x2) #28329 (more UI changes) Worked on #29238 (prevent crash after update) Briefly looked at #29859 (App crashes when playing video on Twitter) Looked at #29866 ("Request Desktop site" should use Desktop UAS) This week: Continue working on #28329, #29238, #29859 Discuss localization things Look at F-Droid again
boklm: Last week: - Helped with building and publishing new releases - Fixed the resource-timing, user-timing and user-timing-worker tests for #27137 - Fixed #29812 (.mar files for 32-bit Linux are missing for 8.5a9) - Started adding android-x86 to the download page (#29845) This week: - Finish fixing #27137 and disable all currently failing tests - Finish fixing #29845 (Add android-x86 to the download page) - Make some patch for #26907 (Guard against failures during MAR file generation) - Fix #29868 (tor-browser-build fails in container-image-windows-i686 attempting to install package python-future)
GeKo: Last week: - release prep (we got 4!! releases out this week; thanks for everyone who helped, in particular on the weekend) - wrote a patch for #26498 and backported a mozilla patch for android (#29843) - worked on #28622 (Tor Browser branding for Android) - tracked down #29859 (Playing videos on Twitter is not working and freezing the mobile browser) - investigated backporting the JS Poison patch (#29049) - worked on improved authenticode timestamping (#29614) - looked over sponsor 8 final report (draft) and upcoming funding proposal for esr transitioning work This week: - finishing #28622 - fix WebGL related issues (#29246) - try to come up with something for #29859 - reviews
Pili: Last week: - Sponsor 8 report - Preparing for S27 kick off - Google Season of Docs This week: - Infracon - Finish off Sponsor 8 report - S27 Kick Off - Google Season of Docs - start writing some ideas down
pospeselr: Last week: patch for #29825 (fix for upgrade path in #25658, inserts/moves torbutton and security level button, rather than resetting to defaults) begin investigating #27503 (broken screenreaders on win) filed #29868 (python-future no longer exists in jessie-backports) This week: #27503 fun
sisbell: Last week: - Included Android PT Support in TOPL: (thaliproject#86) - Upgrade for Android Q (thaliproject#85) - needed to break apart tor executable directory from config dir due to security changes in Android Q. Updated to tor-android-binary 03.5.8-rc dependency - Fixed bridges API (and pulling of bridges text file from android resources) (thaliproject#78) - Added custom config of torrc for Java TOPL (thailiproject#78) - needed this to keep project in sync with Android changes This Week: - #27609 - integrate latest TOPL changes to tor-android-service - Submit TOPL PR - Fix merge conflict in tor-browser-build Orbot project - Test PT support working in browser - Review changes in Orbot main project to see if we should merge any back over
antonela: Last week: - TB8.5 - #27484 - Onboarding - Done - #29768 - Introducing new features - Duncan uploaded a version, will review this week - Security Setting Tor Browser manual update is ready to go This week: - #28622 - TBA icon - #28329 - Network Settings, Bootstrapping Animation - #29768 - Review - Introducing new features - Debugging TB8.5a9 Security Settings - Prep for IFF, TBA user testing
Georg