[tor-project] Tor Browser team meeting notes, 25 March

Georg Koppen gk at torproject.org
Mon Mar 25 20:51:00 UTC 2019

Hello everyone!

Our weekly Tor Browser meeting just ended and, as usual, here come the
link to our IRC log


and the content from our pad:

Week of March 25, 2019

    - adjusting meeting time (eu is doing the daylight saving thing the
coming weekend) (GeKo: We'll switch to 17:30 UTC as our meeting time;
I'll announce that on tbb-dev later this week)
    - blockers for 8.5 (GeKo: We restructured our `tbb-8.5` tickets  so
that it is clearly visible what are blockers for the next alpha
(`tbb-8.5-must-alpha`) and what are blockers for the stable release
    - Letterboxing (GeKo: We'll get around June to help with that and
test on esr60 already)

 - investigated getClientRects. The finding indicate that there are
active fingerprinting issues
    from this and similar APIs that leak at least major OS version (win7
vs win10) and some OS settings.
    I don't *think* it's used by ad network fingerprinting (yet?) though.
 - Investigated math routines. Confirmed these leak at least major OS
version, maybe minor.
   On Linux it probably leaks distro or system libraries
   Don't think it leaks hardware information
 - Investigated chrome:// leak. Confirmed it leaks OS and browser version.
   Don't think it leaks anything else except maybe language

mcs and brade:
    Last week:
        - Reviewed patch and commented in #29790 (Add build option to
store profile in HOME directory).
        - Followed up on Mozilla bug 1434666 (updater failing on Linux —
cannot find libraries). (GeKo: nice that rstrong would want to help us.
We should take up that offer in case we need it :) Maybe some patch
uplifting help or something)
        - Worked on #27484 (Onboarding: unintuitive not-navigation buttons).
        - Monitored #28925 (Core Tor:  distinguish PT vs proxy for real
in bootstrap tracker).
    This week:
        - Review patch for #29825 (Intelligently insert the Security
Level button)
        - Finish patch for #27484 (Onboarding: unintuitive
not-navigation buttons).
        - Begin #29768 (Introduce new features to users in Tor Browser).

    Last week:
        Release prep and release (x2)
        #28329 (more UI changes)
        Worked on #29238 (prevent crash after update)
        Briefly looked at #29859 (App crashes when playing video on Twitter)
        Looked at #29866 ("Request Desktop site" should use Desktop UAS)
    This week:
        Continue working on #28329, #29238, #29859
        Discuss localization things
        Look at F-Droid again

    Last week:
        - Helped with building and publishing new releases
        - Fixed the resource-timing, user-timing and user-timing-worker
tests for #27137
        - Fixed #29812 (.mar files for 32-bit Linux are missing for 8.5a9)
        - Started adding android-x86 to the download page (#29845)
    This week:
        - Finish fixing #27137 and disable all currently failing tests
        - Finish fixing #29845 (Add android-x86 to the download page)
        - Make some patch for #26907 (Guard against failures during MAR
file generation)
        - Fix #29868 (tor-browser-build fails in
container-image-windows-i686 attempting to install package

    Last week:
        - release prep (we got 4!! releases out this week; thanks for
everyone who helped, in particular on the weekend)
        - wrote a patch for #26498 and backported a mozilla patch for
android (#29843)
        - worked on #28622 (Tor Browser branding for Android)
        - tracked down #29859 (Playing videos on Twitter is not working
and freezing the mobile browser)
        - investigated backporting the JS Poison patch (#29049)
        - worked on improved authenticode timestamping (#29614)
        - looked over sponsor 8 final report (draft) and upcoming
funding proposal for esr transitioning work
    This week:
        - finishing #28622
        - fix WebGL related issues (#29246)
        - try to come up with something for #29859
        - reviews

    Last week:
        - Sponsor 8 report
        - Preparing for S27 kick off
        - Google Season of Docs
    This week:
        - Infracon
        - Finish off Sponsor 8 report
        - S27 Kick Off
        - Google Season of Docs - start writing some ideas down

    Last week:
        patch for #29825 (fix for upgrade path in #25658, inserts/moves
torbutton and security level button, rather than resetting to defaults)
        begin investigating #27503 (broken screenreaders on win)
        filed #29868 (python-future no longer exists in jessie-backports)
    This week:
        #27503 fun

  Last week:
    -  Included Android PT Support in TOPL: (thaliproject#86)
    - Upgrade for Android Q (thaliproject#85) - needed to break apart
tor executable directory from config dir due to security changes in
Android Q. Updated to tor-android-binary 03.5.8-rc dependency
    - Fixed bridges API (and pulling of bridges text file from android
resources) (thaliproject#78)
    - Added custom config of torrc for Java TOPL (thailiproject#78) -
needed this to keep project in sync with Android changes
  This Week:
   - #27609 - integrate latest TOPL changes to tor-android-service
   - Submit TOPL PR
   - Fix merge conflict in tor-browser-build Orbot project
   - Test PT support working in browser
   - Review changes in Orbot main project to see if we should merge any
back over

  Last week:
    - TB8.5
        - #27484 - Onboarding - Done
        - #29768 - Introducing new features - Duncan uploaded a version,
will review this week
        - Security Setting Tor Browser manual update is ready to go
    This week:
    - #28622 - TBA icon
    - #28329 - Network Settings, Bootstrapping Animation
    - #29768 - Review - Introducing new features
    - Debugging TB8.5a9 Security Settings
    - Prep for IFF, TBA user testing


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20190325/421763ff/attachment-0001.sig>

More information about the tor-project mailing list