[tor-project] Tor Browser team meeting notes, 16 July 2018

Georg Koppen gk at torproject.org
Tue Jul 17 20:12:00 UTC 2018

Hi all!

We had another Tor Browser meeting yesterday. The IRC log can be found at


and here come, as usual, the meeting notes from our pad:

Monday July 16, 2018

     - I think the Sandboxing Meeting is scheduled for next Tuesday
15:00 UTC? (GeKo: Yes)
     - We should think about possible sessions we could offer for the
mexico dev meeting open days; we'll have a talk about Tor Browser 8 then
(please volunteer if you want to do the talking part) but I think we are
a big team with lots of things going on and we could contribute more

         - mcs: some ideas: UX changes in Tor Browser 8, a design
overview (aka “How is Tor Browser different from Firefox?”), sandboxing

          - arthuredelstein: I'd like to talk about browser privacy
testing (For Tor Browser and other browsers with "Tor mode")

     - Tor Browser on Github?

    Last week:
        - reviewed #26355 (Make sure only Windows users on Windows7+ are
trying to use Tor Browser based on ESR60)
        - reviewed #26251 (Adapt macOS snowflake compilation to new
        - made patch for #26569 (Redirect pre-8.0a9 alpha users to a
separate update directory)
        - looked with sisbell at list of things to do to integrate Tor
Browser for Android into tor-browser-build and opened some tickets:
#26693, #26695, #26696, #26697
    This week:
        - on vacation

    Last week:
        Investigated report of proxy-bypass (#21863)
        Investigated Android APK signing key (#26536)
        Discussed and researched some Android localization with Emma
        Helped with BridgeDB things
        Prepared HOPE presentation slides for talking about Tor Browser,
TBA, and Tor on Mobile
        Scheduled Sandboxed Tor Browser meeting on next Tuesday, 24 July
at 15:00 UTC
    This week:
        Helping talk about Tor with high schoolers on Monday
        Talking at HOPE on Friday with other Tor people

     - Worked on #26476 with sukbir a bunch. Currently blocked on
needing to increase the file descriptor ulimit inside the container.
Don't know how.

         - I've tried increasing the ulimit for user account and root on
the host; but it did not propagate into container.

    - We know the issue is --gc-sections, we don't know why it happens
to Tor and not Mozilla; we're investigating that.  (It's not the sandbox
or any Tor patches.)

     - Jacek finished his contract:
         - He got --enable-stylo working:
         - He landed most of his patches into -esr60
         - I have a few more to land for him, plus the build job
         - Not done for mingw-clang: --enable-sandbox, x86, debugging pdbs

    - I need to investigate test failures for the x64 build, and then I
can land that in esr60

    - I am getting fuzzyfox reviewed, and then we could experiment with
it maybe

    Last Week:
    This Week:
        -Deal with my backlog
        -Help with the mobile alpha release as needed
        -Finish investigating Stylo related reproducibility issues on
macOS (#26475)
        -Continue network review (#22176)
        -reminder to do the status: updates at least daily
        -Is there anything anybody needs from me urgently? (igt0: Not
urgent, however I believe #26401 has high priority) (GeKo: Yes, I finish
my comments tomorrow)

    patch for #26456 (HTTP onion sites inheriting HTTPS certs) could use
a review (GeKo: that's on my list for tomorrow, too)
    Last Week (s):

    - found a potential solution for #26540 (pdfjs FPI violations) and
have a patch up

    little janky, people should definitely take a look at it

    - needs to be tweaked for multi-process (ie browser.tabs.autostart =

    - medical stuff

    - took care of a bunch of moving related bs

    This Week:

    - partial vacation in Portland this week, working mornings in cafes

    - fixup #26540 patch

    - #25555 looks like interesting, so I'll grab that one (reimpleent
Optimisitc SOCKS feature)

    Next Week:

    - moving apartments (hopefully) on the 24th, I'm sure there will be
tons of problems to deal with/people to yell at but we'll see

        Last Week:

            - Took a look in the tor browser settings: #26574

            - Fixed a typo in the mobile addon handler: #26704

            - Tested torbutton functionalities on mobile: domain
isolator, dragDropFilter, content-policy

            - meeting about TBA release

        This week:

            - More preparation for TBA release

   Last Week:

            - Patches for:

    #26590 (SVG isn't blocked in Safest security setting with 8.0a9)

    #26603 (remove obsolete http pipelining prefs)

    #26353 (speculative connect violating FPI)

    #26237 (fix ordering of toolbar)

    - Investigated:

    #18598 (disabled WebSpeech by default)

    #16339 (ensure ImageCapture API is disabled)

    - Proposed #26765 (Add Tor Browser indicator where Firefox PB
indicator is)

    - Worked on my HTTP2 patch #14592, in progress

      This week:

    - Keep working on #14952

    - More fingerprinting / ff60esr patches

      Following week:

    - I will be on vacation week July 23 - 27.

    Am I the only one who finds this sandstorm document very hard to
use? Wondering if I'm doing something wrong or if we could switch to an
etherpad. (GeKo: There are more folks that seem to apply workarounds.
Let's resume this discussion once everyone was able to think about it)


    Last Week:

       Got android and build dependencies in build container for RBM build

       Added stretch for containers

    This Week:

       Get Android license acceptance working in build

       Get mach build commands working on container build


    Last Week:

    -  I am still working on #26476 (crash on Windows) with tjr and
#12968 (HEASLR). Picked up #26251 (Snowflake) again.

    - Since these all are blocking currently, is there anything else I
can focus on in the meantime? (GeKo: Yes, #25485 would be helpful)

    This Week:

    - Continue the above and find something else to work on based on
"Last Week"

    - request (about TBA release)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20180717/103cc042/attachment.sig>

More information about the tor-project mailing list