[tor-reports] July 2014 Report for the Tor Browser Team
Mike Perry
mikeperry at torproject.org
Sat Aug 2 05:01:40 UTC 2014
In July, the Tor Browser team released Tor Browser 3.6.3[1]. This
release featured a Firefox update, as well as updates to the obfsproxy
and FTE pluggable transports. It also featured UI and fingerprinting
fixes for Torbutton[2], and a desktop usability fix for Linux[3].
The first week of July was spent with most of the team at the Tor
Developer meeting in Paris[4]. This meeting allowed us to coordinate
team member responsibilities and schedule our remaining deliverables for
SponsorP. This schedule has been transcribed to our wiki[5].
In terms of other organizational changes and improvements, we have
decided to shift our weekly IRC meetings to Mondays at 18:00 UTC (14:00
EDT)[6]. The meeting format[7] remains the same, but the hope is that
having meetings on Mondays rather than Fridays will help shift the focus
towards planning the coming week, rather than primarily reporting on
what happened during the previous week.
We have also begun tagging our monthly planned tickets in the bug
tracker. Interested parties can obtain an in-depth view of the tickets
we have completed in a given month by viewing a URL similar to:
https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorBrowserTeam201407
Similarly, the currently opened tickets we plan to make progress on
during a given month can be observed with a URL similar to:
https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~TorBrowserTeam201408
All tickets for the month (opened and closed) can be obtained by
omitting the status modifier:
https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201408
We intend to update these tags on a monthly basis during the first IRC
meetings of the month. Tickets should begin to appear in that
TorBrowserTeam201408 tag URL after August 4th.
We also investigated the use of our security token from DigiCert for
signing Windows bundles, and planned some infrastructure deployment to
better support multiple release series and secure codesigning. Digicert
has a proprietary set of tools for code signing Windows from Linux using
this token that we need to experiment with to see if they will work in
our current distributed environment.
In terms of ongoing development on the upcoming 4.0-alpha release
series, we continued our efforts on the Tor Browser auto-updater[8]. We
discovered that the Firefox updater does not support symlinks[9], which
we require for some of our pluggable transports. After this, the
remaining barrier to deploying updates is an update responder
script[10].
Unfortunately, due primarily to intermittent failures with the updated
mingw-64 toolchain that is required for features in 4.0-alpha[11,12], we
have not yet released 4.0-alpha-1 as we had hoped in the previous status
report, but plan to do so in August.
On the Mozilla front, Firefox 31 was released this month, and we've
begun preparing our Linux toolchain for Firefox ESR 31[13,14]. We hope
to begin rebasing our patches as soon as possible.
We also solidified the positions of the Security Slider based on the
input from the iSEC report[15]. Development can begin immediately on
this functionality, but may be delayed until we get a solid start on the
rebase work to support Firefox 31ESR.
Google Summer of Code student Marc Juarez is making good progress on his
project to prototype defenses to Website Traffic Fingerprinting attacks
using the obfsproxy pluggable transport as the base implementation for
his research prototype (called wfpadtools)[16]. We discussed a set of
primitives at the Tor Dev meeting and posted them[17], and Marc is
working towards implementing them.
In August, we hope to have a public blog post summarizing the iSec
report, and enumerating our plans to address the issues contained
therein.
We also hope to release 4.0-alpha-1, expect a pointfix release in the
3.6 series to pick up the log message notifications that detect the
BlackHat attack[18], and plan to continue our testing with Gitian builds
of Firefox 31, and begin rebasing patches. We also hope to finally
solve the remaining issues preventing Windows users from successfully
using Pluggable Transports with HTTP and SOCKS proxies[19].
As stated previously, the tickets from Monday's planning meeting should
be available August 4th or 5th[20].
1. https://blog.torproject.org/blog/tor-browser-363-released
2. https://trac.torproject.org/projects/tor/ticket/9268
3. https://trac.torproject.org/projects/tor/ticket/11102
4. https://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting
5. https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorP#TimelinefromDevMeeting
6. https://lists.torproject.org/pipermail/tbb-dev/2014-August/000100.html
7. https://lists.torproject.org/pipermail/tbb-dev/2014-February/000000.html
8. https://trac.torproject.org/projects/tor/ticket/4234
9. https://trac.torproject.org/projects/tor/ticket/12647
10. https://trac.torproject.org/projects/tor/ticket/12622
11. https://trac.torproject.org/projects/tor/ticket/12391
12. https://trac.torproject.org/projects/tor/ticket/12753
13. https://bugs.torproject.org/12462
14. https://bugs.torproject.org/12743
15. https://trac.torproject.org/projects/tor/ticket/9387#comment:43
16. https://bitbucket.org/mjuarezm/obfsproxy-wfpadtools/
17. https://gitweb.torproject.org/user/mikeperry/torspec.git/blob/refs/heads/multihop-padding-primitives:/proposals/ideas/xxx-multihop-padding-primitives.txt
18. https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
19. https://bugs.torproject.org/12381
20. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201408
--
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20140801/3134d869/attachment-0001.sig>
More information about the tor-reports
mailing list