[tor-reports] July 2015 Report for the Tor Browser Team

Wed Aug 5 22:58:15 UTC 2015

In early July, the Tor Browser team released 4.5.3[1] and 5.0a3[2], and
spent the remainder of the month preparing 5.0a4[3] (our final alpha
before the switch to Firefox 38-ESR on August 11th).

The changes in 4.5.3 and 5.0a3 were covered in our June status report.

The 5.0a4 release features updates to Tor, OpenSSL, HTTPS-Everywhere,
and NoScript. It additionally features an experimental font
fingerprinting defense[4] that ships a complete multilingual set of
fonts (the Google Noto set[5]) in order to reduce the tracking potential
from font-based fingerprinting. Based on initial tests with 5.0a4,
however, we will likely opt to omit this defense from 5.0-stable, as it
still requires more tweaking for proper font rendering, especially on
Linux[6].

The release also featured some additional third party tracking
defenses[7,8,9], as well as some UI improvements[10,11], a site breakage
fix[12], and a crash fix[13]. The 5.0a4 release and the 5.0-stable
release will also download updates automatically in the
background[14,15], before informing the user that an update is
available.

We also attended the HTTP Workshop[16] at the end of the month, to
discuss current state storage issues with HTTP/2, a wishlist for TLS
1.3, and our thoughts on QUIC[17]. The group was overall very welcoming
and appreciative of our concerns, and we're hopeful that bringing our
perspective of privacy and anonymity to this group will be helpful both
for future standards, and for ensuring that we have more eyes than just
ours looking out for statekeeping issues related to the HTTP, TLS, and
transport layer.

The full list of tickets closed by the Tor Browser team in July can be
seen using the TorBrowserTeam201507 tag on our bug tracker[18].

In early August, we will fix the major remaining known issues with
5.0[19] and Firefox 38 for our release of 5.0-stable on August 11th.
Following this release, we will focus on improvements to our
fingerprinting defenses, finish auditing and possibly enabling new
features (such as HTTP/2), and deal with any issues uncovered during the
5.0-stable launch.

The full list of tickets that the Tor Browser team plans to work on in
August can be seen using the TorBrowserTeam201508 tag on our bug
tracker[20].

1. https://blog.torproject.org/blog/tor-browser-453-released
2. https://blog.torproject.org/blog/tor-browser-50a3-released
3. https://blog.torproject.org/blog/tor-browser-50a4-released
4. https://trac.torproject.org/projects/tor/ticket/13313
5. https://en.wikipedia.org/wiki/Noto_fonts
6. https://trac.torproject.org/projects/tor/ticket/16672
7. https://trac.torproject.org/projects/tor/ticket/16429
8. https://trac.torproject.org/projects/tor/ticket/15703
9. https://trac.torproject.org/projects/tor/ticket/16625
10. https://trac.torproject.org/projects/tor/ticket/16268
11. https://trac.torproject.org/projects/tor/ticket/16488
12. https://trac.torproject.org/projects/tor/ticket/16528
13. https://trac.torproject.org/projects/tor/ticket/16495
14. https://trac.torproject.org/projects/tor/ticket/16639
15. https://trac.torproject.org/projects/tor/ticket/16632
16. https://httpworkshop.github.io/
17. https://gitweb.torproject.org/tor-browser-spec.git/plain/position-papers/HTTP3/2015HTTPWorkshop-slides.pdf
18. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201507
19. https://trac.torproject.org/projects/tor/query?keywords=~tbb-5.0&status=!closed
20. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201508

-- 
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20150805/4b48fc8e/attachment.sig>