[tor-reports] January 2015 Report for the Tor Browser Team

Mike Perry mikeperry at torproject.org
Sat Feb 7 03:35:23 UTC 2015

In January, the Tor Browser team released 4.0.3[1] and 4.5-alpha-3[2].

The 4.0.3 release was a point release in the 4.0 stable series, and
updated Firefox to the latest point release on the ESR series. We also
updated NoScript, and the meek pluggable transport to their latest
versions, and included some translation updates for Tor Launcher.

The 4.5-alpha-3 release additionally featured updates to Tor to, as well as improvements to the security slider[3] and
circuit display UI[4]. Importantly, this release also will verify
signatures on the MAR update files for the in-browser updater[5]. This
will prevent compromise of dist.torproject.org from yielding the ability
to distribute malicious updates to our users. We also improved the
Canvas permissions prompt to eliminate warnings during the display of
PDFs, and during use of the Web Developer Console[6]. We also deployed a
fix to re-enable the meek pluggable transport in this series[7], and
merged several patches that allow customization of the browser through
environment variables, for use by external projects and hobbyists that
wish to leverage the Tor Browser in their custom

On the build engineering front, we did some work to move us away from
our current dependency on Ubuntu for building Tor Browser[12]. It should
now be possible to build the Tor browser alpha series from a Debian host
system. Ubuntu virtual machine images are still used for the build
itself, but this should be handled automatically by the build scripts.

We also began our transition away from Erinn Clark's GPG key for
purposes of signing the individual Tor Browser release files. The alpha
series is now signed with a new Tor Browser key, and we intend to
transition to this key for the stable series at the end of February.
The new fingerprint is EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290.

At the end of the month, we performed a triage of browser fingerprinting
tickets, and subdivided the fingerprinting tag into several further
categories. It is our estimation that the most important categories of
issues are under the tags tbb-fingerprinting-resolution[13],
tbb-fingerprinting-time[14], and tbb-fingerprinting-font[15]. These
represent display, time, and font-related fingerprinting issues

The end of January also saw the UX Sprint in Berkeley[16]. This sprint
was structured as a series of 5 individual user studies, where each
volunteer user was instructed to search for, download, and install Tor
Browser, and use it to perform a basic web search, watch a youtube
video, use New Identity, and explore the browser toolbar icons. The
users were also instructed to talk through their thought process and
express any confusion or assumptions they were making about the UI, so
that we could gain further insight into how our users experience our UI.

New tickets that we filed as a result of this sprint were tagged with
uxsprint2015[17]. Additionally, the process of watching users go through
the download, installation, and configuration process caused us to
realize that many so-called "stop points" (where users become confused
and are unable or unwilling to continue using the browser) still remain
in Tor Browser. We have tagged these issues with
tbb-usability-stoppoint[18], and consider the overlap between
tbb-usability-stoppoint and our pre-existing tbb-helpdesk-frequent[19]
tag to be the highest priority usability tickets to solve.

Be on the lookout for a separate blog post describing the UX sprint in
more detail in the coming days.

The full list of tickets closed by the Tor Browser team in January can
be seen using the TorBrowserTeam201501 tag on our bug tracker[20].

In February, we will continue to stabilize 4.5-alpha, and will be
releasing 4.5-alpha-4 and 4.0.4 on February 24th, to coincide with the
upstream point release by Mozilla. We have a great many patches to
review for the alpha release, and as always, these are tagged with this
month's review tag - TorBrowserTeam201502R[21]. If you have a Tor
Browser patch that you want reviewed, please remember to tag it with
this review tag!

We will also be tackling several of the usability tickets highlighted by
the usability sprint.

The full list of tickets that the Tor Browser team plans to work on in
February can be seen using the TorBrowserTeam201502 tag on our bug

1. https://blog.torproject.org/blog/tor-browser-403-released
2. https://blog.torproject.org/blog/tor-browser-45a3-released
3. https://trac.torproject.org/projects/tor/ticket/9387
4. https://trac.torproject.org/projects/tor/ticket/13671
5. https://trac.torproject.org/projects/tor/ticket/13379
6. https://trac.torproject.org/projects/tor/ticket/13439
7. https://trac.torproject.org/projects/tor/ticket/13788
8. https://trac.torproject.org/projects/tor/ticket/14100
9. https://trac.torproject.org/projects/tor/ticket/13079
10. https://trac.torproject.org/projects/tor/ticket/13835
11. https://trac.torproject.org/projects/tor/ticket/14122
12. https://trac.torproject.org/projects/tor/ticket/10125
13. https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting-resolution
14. https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting-time
15. https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting-fonts
16. https://trac.torproject.org/projects/tor/wiki/org/meetings/2015UXsprint
17. https://trac.torproject.org/projects/tor/query?keywords=~uxsprint2015
18. https://trac.torproject.org/projects/tor/query?keywords=~tbb-usability-stoppoint
19. https://trac.torproject.org/projects/tor/query?keywords=~tbb-helpdesk-frequentt&status=!closed
20. https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorBrowserTeam201501
21. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201502R
22. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201502

Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20150206/e2356878/attachment.sig>

More information about the tor-reports mailing list