[tor-project] Tor Browser team meeting notes, 23 April

Georg Koppen gk at torproject.org
Thu Apr 25 06:37:00 UTC 2019


Due to Easter we had our weekly meeting on Tuesday this week (same time,
same location, though). The IRC log can be found at


and our pad items are pasted below:

    - tbb-8.5-must tickets and 8.5 release (GeKo: We plan to get the
building for 8.5 started next week)

    Last week:
        - mostly offline, trying to do some vacation
    This week:
        - backlog processing
        - getting back to reviews
        - back to work on Tor Browser 8.5 blockers starting with missing
localization for mobile (#30069)
        - I am still missing self-feedback from some of you (not naming

    Last week:
        - Alpha release
        - TOPL review (#30199, #27609)
        - Reviewed Google Play analytics, opened tickets for reported
        - Opened and began investigating #30239
    This week:
        - Finish investigating and start writing patch for #30239
        - Work on animation for #28329

   Last week:
       - Tried to be offline.
   This week:
       - #25658, what is left here? Anything needed on my side? (GeKo: I
think we are good here for 8.5; we should pick up the missing
site-permissons in May, I think)
       - #28800, still in April? -
https://trac.torproject.org/projects/tor/ticket/28800 (GeKo: no, that's
more for May)
       - #27399, #29955 could we sync on it? (GeKo: yes, let's do that
in the next days)
       - #30000, in progress
       - DRL review, O3 GeKo, could we sync about this objective to be
in the same page? Deadline is Friday (GeKo: sure)

    Last week(s):

    - 24622: Torcrazybutton can't decipher website s3.amazonaws.com

    - 30115: NoScript's XSS popup breaks circuit display in some cases

    - 30171: Always accepting third party cookies seems to break first
party isolation

    - 26607: verify that subpixel accuracy of window scroll properties
does not add fingerprinting risk

    - 26608: investigate <link rel="preload">)

  This week:
      - Follow up 26607
      - More fingerprinting (if there is nothing with more priority)

    26599: investigate CSS masks feature for fingerprinting potential

    26602: investigate whether CSS clip-path adds a fingerprinting risk

    26601: investigate whether SVGGeometryElement introduces a
fingerprinting vector

    26605: investigate window.requestIdleCallback() for possible timing

    [Tom] Looking at bugzilla,
https://bugzilla.mozilla.org/show_bug.cgi?id=467035 and
https://bugzilla.mozilla.org/show_bug.cgi?id=1461454 may be active
fingerprinting vectors I'd suggest reviewing the status of (GeKo: I'll
look into that and file at least tickets if needed)

mcs and brade:
    Past two weeks:
        - #29768 (Introduce new features to users in Tor Browser).
        - #30104 (browser onboarding: 8.5 security level image includes
English text).
        - Posted patch for #29045 (ask tor to leave dormant mode).
        - #30000 (Integrating client-side authorization to onion
services v3).
           - set up and experimented with v2 and v3 onion services that
have client authorization enabled.
        - Helped with triage of incoming tickets.
        - Code reviews.
        - Completed our self-evaluations for the Tor employee/team
feedback process.
        - Took some time off for Easter.
    This week:
        - #30000 (Integrating client-side authorization to onion
services v3)
        - Finalize travel plans for the Stockholm meeting.

  - Sent mail about letterboxing
  - Next step: I'd like to get a Yay or Nay on the proposed solution.
(It's very similar to the current rounding of 200x100) (GeKo: I look
closer at it this week)
     Can people test in Nightly using the pref string, or should I bake
the logic in there so people only have to toggle the pref on?
  - Then try to backport to 60 for TB Alpha testing?

    Past two weeks:
        - helped build 8.5a11, published it and followed comments on the
        - did some cleanup on dist.tpo (#30204)
        - some reviews
        - updated patch for #29981 (Add option to build without using
        - made patch for #30089 (Use apksigner instead of jarsigner)
    This week:
        - Finish fixing #27137 and disable all currently failing tests
        - Make some patch for #26907 (Guard against failures during MAR
file generation)
        - Travel plans for the Stockholm meeting

    Last week:
        - vacation
    This week:
        - Submitted google season of Docs application - ideas reviews
still welcome:
        - S27 roadmapping
        - Need to think about how to deal with orbot tickets (GeKo: I
think we should call a meeting with n8fr8 and nail things down, finally)

    Last weeks:
        - #27503 investigation (widl is at least partially to blame here)
        - filed several bugs with wine devs with min repros
demonstrating invalid tlb generation
            - submitted a patch for one of the issues
        - misc nextcloud admin'y things
            - reviewed the 'Decks' app
    This week:
        - working on widl patches

  Last week:
   - #30162: Tor bootstrap process stuck. Investigated. Confirmed this
is due to previous tor process running. Opened some issues in TOPL
regarding fixes
   - #30272: Opened this issue - startup doesn’t handle loss of
connection like airplane mode
    -#30166: Custom bridge - fixed issue
    - TOPL Pull request approved and merged into their master.
  This Week:
   - Fixes for #30162 - there are a few issues surrounding this to
improved startup
   - #30168 : Cleanup tor-browser-build for TOPL fixes. Specifically fix
Orbot issue #199 - Move resources from orbotservice to main app
   - Do self-review


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20190425/4ebed4bb/attachment.sig>

More information about the tor-project mailing list