[tor-reports] April 2014 Report for the Tor Browser Team
Mike Perry
mikeperry at torproject.org
Fri May 2 02:20:55 UTC 2014
In April, the Tor Browser team made three releases: 3.6-beta-2[1],
3.5.4[2], and 3.6[3]. The first two releases included fixes for the
OpenSSL Heartbleed issue[4]. The 3.6 release was triggered by Mozilla's
release of 24.5.0ESR. Mozilla actually tagged the the 24.5.0ESR release
a week in advance, which gave us extra time to prepare the 3.6 series
for a stable release.
The 3.5.4 release only updated OpenSSL.
The 3.6-beta-2 release also featured Turkish bundles[5], enabled some
Javascript hardening options[6], fixed an instance of improper update
notification[7], and improved ease of localization of the about:tor and
bootstrap messages[8,9]. It also fixed a launch error with the FTE
transport on Windows[10]. Due to the OpenSSL heartbleed fiasco, we were
unable to also produce a 4.0-alpha build this month.
The 3.6 release is our first stable release of the combined Pluggable
Transport and standard bundles. It features some usability improvements
to the bridge entry UI[11,12], improved the download warning dialog text
to be more concise and understandable (based on support feedback)[13],
removes a hidden menu item relic from the toggle days[14], and a fix to
prevent the installation path from leaking in certain Javascript
exceptions on Mac OS and Windows[15].
Unfortunately, TBB 3.6 was not without its bumps and snags, so we were
quite lucky to have the extra week notice from Mozilla. It turns out
that HTTPS-Everywhere switched to a new rule distribution format and
build process in its latest stable release (3.5), which occurred
concurrently with the TBB 3.6 release. We fixed an issue in order to
build HTTPS-Everywhere from source for TBB[16], but the new
HTTPS-Everywhere 3.5 is still not reproducible[17]. We had to ship TBB
3.6 with HTTPS-Everywhere 3.4.5 as a result, and will likely have to
bundle the version of the addon built by and downloaded from the EFF,
until such time as it can be made reproducible again.
We also had a regression in the proxy support for TBB 3.6[18]. It turns
out the addition of Pluggable Transports tripped on a bug in tor that
prevented the user from configuring a proxy. We will put out a TBB 3.6.1
as soon as possible to correct this issue.
We made progress investigating a few outstanding issues, including
remaining window resolution issues with certain Mac and Windows desktop
environments[19], a hang on New Identity[20], and a window resizing
issue[21].
On the Mozilla Merge process front, we merged a test to verify against
future proxy bypass by WebSockets[22], which has been a pain point for
us in the past. The Firefox 31ESR merge deadline was also at the end of
the month, so any future patches we merge will not appear for use in TBB
until Firefox 38ESR is released, sometime in February 2015.
Unfortunately, we also learned that HTTPS Certificate Pinning did not
land in time for Firefox 31ESR, so we will need to help Mozilla backport
that patch set to TBB if we want certificate pinning (which we do).
On the QA and testing front, we continued to improve our integration
testing infrastructure and add tests. The testing infrastructure is now
capable of emailing the tor-qa mailinglist directly with build
results[23], as well as watching our build repository for TBB build tags
to indicate candidate builds are ready for testing.
On the security front, we agreed to the project direction and had an
initial kickoff meeting with iSec, for their audit of Firefox and the
Tor Browser Bundle. The overall direction is to determine which features
of Firefox are good candidates for disabling at various points on the
'Security Slider'[24]. Additionally, they may investigate various build
hardening options, such as AddressSanitizer[25] and enabling refcounting
and other assert checks.
On the build process front, we refactored the build process to
explicitly support partial rebuilds, and to pre-build common tools in a
separate stage[26]. We also performed a number of build process code
cleanups and minor fixes[27,28,29,30,31].
On the future Pluggable Transport front, we discussed a promising new
transport by David Fifield called 'meek'[32]. It uses Google AppEngine
in combination with NPN to tunnel Tor traffic over pre-existing Google
domains. It sounds like a good addition to the TBB 3.6 bundles as an
optional PT, however it does add a fair amount to the compressed bundle
size (~4MB). Hopefully we can reduce this overhead somehow and begin
shipping it ASAP.
On the C++ interview process front, 2 of our 3 candidates have
short-term trial contracts and have begun work. One of them has already
had a patch merged, and has another patch pending. The third has most of
a patch written, but still needs a contract for it.
On the community coordination front, we have two promising
student/volunteer projects lined up for the summer. The first is an
official Google Summer of Code project to deploy a Pluggable Transport
to prototype defenses against Website Traffic Fingerprinting[32], and
the second is a research project to deploy a Browser Fingerprinting test
suite to measure the fingerprintability of Tor Browser, and to evaluate
our fingerprinting defenses[33]. We look forward to helping these
projects to succeed.
On the team communication front, due to the EU "Summer Time" change, we
moved our weekly meeting to before the Pluggable Transport meeting on
Fridays at 15:00 UTC.
In May, the first thing we'll be doing is finding some form of fix for
the proxy settings issue in TBB 3.6. This will likely mean a TBB 3.6.1
release early in the month.
We'll also be continuing to coordinate with the iSec team for input into
the Security Slider and other hardening options.
We will also continue our efforts at improving the unified 3.6 bundles,
ideally also adding support for proxied PTs in either 3.6.1 or 3.6.2.
We also received an offer for a code signing certificate from a major
CA. Previously, excessive paperwork, strange liability sign offs, build
process issues, and CA registration requirements have dissuaded us from
obtaining such a certificate ourselves, but hopefully the direct offer
of a donation from a major CA will smooth much of this over. We will be
investigating this offer and feasibility with our build process over the
course of the month.
In terms of ongoing development, we will continue work on the Firefox
updater, restructuring the bundles, and testing this new layout. If
we're lucky, this may result in a 4.0-alpha with a restructured layout,
or at least a few nightlies. We will also include Tor 0.2.5.x-alpha in
this upcoming alpha, to aid in testing of that Tor release.
1. https://blog.torproject.org/blog/tor-browser-36-beta-2-released
2. https://blog.torproject.org/blog/tor-browser-354-released
3. https://blog.torproject.org/blog/tor-browser-36-released
4. https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
5. https://trac.torproject.org/projects/tor/ticket/9010
6. https://trac.torproject.org/projects/tor/ticket/9387#comment:17
7. https://trac.torproject.org/projects/tor/ticket/11242
8. https://trac.torproject.org/projects/tor/ticket/10398
9. https://trac.torproject.org/projects/tor/ticket/9665
10. https://trac.torproject.org/projects/tor/ticket/11286
11. https://trac.torproject.org/projects/tor/ticket/11482
12. https://trac.torproject.org/projects/tor/ticket/11484
13. https://trac.torproject.org/projects/tor/ticket/7439
14. https://trac.torproject.org/projects/tor/ticket/11384
15. https://trac.torproject.org/projects/tor/ticket/9308
16. https://trac.torproject.org/projects/tor/ticket/11556
17. https://trac.torproject.org/projects/tor/ticket/11630
18. https://trac.torproject.org/projects/tor/ticket/11658
19. https://trac.torproject.org/projects/tor/ticket/9268
20. https://trac.torproject.org/projects/tor/ticket/9531
21. https://trac.torproject.org/projects/tor/ticket/9881
22. https://bugzilla.mozilla.org/show_bug.cgi?id=971153
23. https://lists.torproject.org/pipermail/tor-qa/2014-April/000403.html
24. https://trac.torproject.org/projects/tor/ticket/9387
25. https://trac.torproject.org/projects/tor/ticket/10599
26. https://trac.torproject.org/projects/tor/ticket/10120
27. https://trac.torproject.org/projects/tor/ticket/10356
28. https://trac.torproject.org/projects/tor/ticket/11539
29. https://trac.torproject.org/projects/tor/ticket/11459
30. https://trac.torproject.org/projects/tor/ticket/11240
31. https://trac.torproject.org/projects/tor/ticket/11478
32. https://trac.torproject.org/projects/tor/wiki/doc/meek
33. https://lists.torproject.org/pipermail/tor-dev/2014-April/006741.html
34. https://lists.torproject.org/pipermail/tor-dev/2014-April/006722.html
--
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20140502/dede8aa9/attachment.sig>
More information about the tor-reports
mailing list