tor-project June 2017

tor-project@lists.torproject.org

29 participants
36 discussions

OONI Team status report May 2017
by Arturo Filastò 15 Jun '17

15 Jun '17

# OONI Monthly Report: May 2017 The OONI team made steady progress in May 2017. We released the beta version of our probe orchestration and, in collaboration with Sinar Project, we published a new research report on "The State of Internet Censorship in Indonesia". We also updated test lists in collaboration with our partners, and we started organizing OONI's upcoming Partner Gathering. ## Beta release of probe orchestration We made two beta releases of the probe orchestration backend: https://github.com/TheTorProject/proteus/releases/tag/v0.1.0-beta.2. The probe orchestration client code is being integrated inside of v0.7.0 of measurement-kit here: https://github.com/measurement-kit/measurement-kit/pull/1250. This beta version of the backend is currently deployed (https://github.com/TheTorProject/ooni-sysadmin/pull/112) on staging machines and we are in the process of testing it in preparation of including a subset of orchestration inside of the next version of ooniprobe-mobile. The feature-set included in the current beta of the probe orchestration is the following: * Support for clients to register for receiving orchestration messages with a password * Authentication for orchestration clients and administrators * Support for updating metadata of probes via authentication * Support for sending push notifications to iOS (Apple Push Notifications) and Android (Firebase Cloud Messagging) devices * A web interface for administrators that allows them to: - View the currently registered clients - View the currently scheduled jobs - Add new recurrent measurements based on the target probe In the first integration in ooniprobe-mobile we plan to only support probe registration and metadata update. This will allow us to send visibile push notification to send useful information messages to users, but without the full orchestration workflow. ## Research and improvements to reducing fingerprintability of ooniprobe We did a bit of research documenting what we are currently doing to reduce the fingerprintability of ooniprobe and what we could do better. As a result of this research we also added support for randomising the order in which URLs are tested (in ooniprobe desktop) to further reduce the fingerprint an ooniprobe scan has as well as improve the accuracy of measurement: https://github.com/TheTorProject/ooni-probe/pull/758. ## Publication of research report In collaboration with Sinar Project, we published a new research report titled: "The State of Internet Censorship in Indonesia". The full report can be found here: https://ooni.torproject.org/post/indonesia-internet-censorship/ We also published a summary of the report on the Tor blog: https://blog.torproject.org/blog/state-internet-censorship-indonesia ## Updated test lists In May 2017 we added URLs and updated the following test lists in collaboration with partners: * Iran test list: https://github.com/citizenlab/test-lists/pull/161 * Cuba test list: https://github.com/citizenlab/test-lists/pull/170 * Venezuela test list: https://github.com/citizenlab/test-lists/pull/162, https://github.com/citizenlab/test-lists/pull/158 * Egypt test list: https://github.com/citizenlab/test-lists/pull/164 ## Organizing upcoming OONI Partner Gathering We worked on logistics pertaining to the organization of OONI's first Partner Gathering, which will take place on 10th & 11th July 2017 in Toronto. ## Outreach and community engagement ### Events We presented OONI at the following events: CryptoRave (5th & 6th May 2017) We presented OONI and co-facilitated a workshop on test lists ("Listathona") with Coding Rights at CryptoRave. More information can be found here: https://ooni.torproject.org/post/ooni-cryptorave-2017/. Tor Meeting at the Hacker Club Garoa (11th May 2017) Our team member in Brazil also facilitated an OONI session at the Hacker Club Garoa in Sao Paolo (https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/Proje…). Open Source Conference Albania/OSCAL (13th & 14th May 2017) We presented OONI through a 1-hour talk titled: "Free & Open Source Software for a Free & Open Internet". More information can be found here: https://eventyay.com/e/ecc2001a/schedule/ ISC Project Global Workshop (25th & 26th May) We facilitated the following sessions at the ISC Project Global Workshop in Washington D.C: * 90-minute OONI demo * Contributing to test lists & using data from OONI Explorer * Measuring internet blackouts ### Community meeting We hosted our monthly community meeting on https://slack.openobservatory.org/ on 23rd May 2017. As part of the meeting, we discussed filtering techniques for OONI Explorer, as well as methods for tracking internet shutdowns on mobile networks. ### Article We wrote and published an article about ooniprobe for Coding Rights' Antivigilancia newsletter: https://antivigilancia.org/es/2017/05/ooni-descubriendo-la-censura-en-inter… ## Press coverage An article about OONI was published on Motherboard: https://motherboard.vice.com/it/article/come-tracciare-la-censura-di-intern… ## Userbase In May 2017 ooniprobe was run 70,218 times from 1,905 different vantage points across 162 countries around the world. This information can also be found through our stats here: https://measurements.ooni.torproject.org/stats ~ The OONI team.

2 1

GSoC 2017 - Crash Reporter for Tor Browser: Report #1
by Nur-Magomed 14 Jun '17

14 Jun '17

Hi everyone! This is my report #1 for the "Crash Reporter for Tor Browser" project. At the beginning I would like to apologize that I being late and delayed e-mail. # First 2 weeks work was focused on following: 1) Build Tor Browser with Crash Reporter I successfully built Tor Browser with Crash Reporter in, tested crashes and it works fine. Browser repository could be found at GitHub [1]. 2) Make crash reports more anonymous Most of my last work was focused on the analysis of data fields that crashreporter collects. I had discussions in IRC #tor-dev with mentor and also I created wiki-page for the analysis [2]. The next stage is creating final blacklist of fields (according to analysis), that we must not send. If someone has ideas about privacy of data fields [2], please don't hesitate and contact with me or add in wiki-page. # What's next The next week work is focused on Crash Reporter client: > UI - make it easy to understand for user "what's going on" when crash happened; > Deleting reports after crash report is sent. Thanks, Nur-Magomed [1] https://github.com/nmago/tor-browser [2] https://trac.torproject.org/projects/tor/wiki/doc/crashreporter

1 0

Notes from June 8 2017 Vegas team meeting
by Karsten Loesing 12 Jun '17

12 Jun '17

Notes for June 8 2017 meeting: Roger: 0) I encourage everybody to think back to their items last week, and see if they are entirely resolved now or if they need another round of attention. This step is harder than it could be, since the non-public items get erased. 1) I asked Mike to lead the annual report process for Sponsor2 (NSF-RIT). It would be great to get an acknowledgement from Mike. :) 2) NSF-UIC annual report is also due in the coming months. 3) Hiro and I barged into a UX team meeting and gave them a bunch of blog tickets to work on. Our new blog works but is way less usable than the old one. More work remains. 4) The SponsorR summer camp dates have been announced, and I am double booked for most of it. I'm trying to fill out their paperwork and do the other logistics stuff they asked for before I break the bad news to them. 5) Can we send out these vegas mtg notes the day after the meeting, rather than waiting til Monday? Does anybody actually edit their notes after today? Outcome: starting next meeting, we're going to try sending them out on Friday. 6) Let's plan next week to pick up the Montreal invite plan and focus on whatever is critical path from here to sending out save-the-dates. Alison: 1) Colin is taking over GSoC starting Friday. 2) I finished the IMLS grant and am submitting it before I leave for vacation today. 3) Getting last minute edits to membership policy; will send proposal to list after the network team hackfest ends. 5) Continuing work with Global South community members 6) Planning for Tor Meeting -- drafting invites, working on Isa's process suggestions 7) I've asked Colin to put up the support portal q&a on the wiki (per our conversation in this meeting last week). 8) Next week I'll be working more on Global South meeting ideas and organizing more of the support portal answers. I'll also be thinking about promotion for the temporary support wiki. Blog post, tweets? Isabela: 1) Have started with Erin the writing of blog post for Tor Browser dev hiring. Next up will be 2 browser devs and 1 android dev for DRL Mobile project. Will follow up on that with Georg. Then is all SIDA hiring, which I will also follow up with Linda and Alison (and probably hiro to help w/ the web devs job posts). 2) I met with Erin to brainstorm a draft of a public onboarding document for new people. She has a 'non-public' onboarding check list that she uses, we also reviewed her list and made public whatever could be made public. Things that are not public: health care form, w4 form etc. I am adding the content we brainstormed in a wiki page (not done yet), she will review it and then we will share it with the rest of Tor for crowdsourcing intel. Here is the page: https://trac.torproject.org/projects/tor/wiki/org/onboarding (will be linked from front page on trac) 3) Tor Launcher Automation Feature - we had a meeting last Friday. I have to update the brief still, that said, we are closer and closer from defining the feature and we also have a plan on what to implement in relationship to it for sponsor4 deliverables. 4) Bunch of things: montreal schedule proposal meeting, writing core tor sponsor4 may report, getting office space at TW for folks in nyc, organizing wilmington visit next wed etc. 5) will **finish** and share with Shari the user growth strategy update for board meeting will also email this to internal Nick: 1) new releases with security fixes this week (8 release series, ouch) 2) delaware next week. 3) new meeting format persists; Someone else needs to lead next week's. After that, I suggest we discuss whether we like it? [shari will run next week's meeting.] 4) ** Pace of 0.3.x testing remains concerning. [think about discussing at montreal] 5) ** carry forward for next week: sponsor4 status (pending on results from ahf) Brad: 1) All Harvest invites have been sent out and 14 of 20 employees have registered nick asks: who should remind them? brad: email reminders will be sent via Harvest if they haven't registered by end of week. 2) For those who already submitted May time sheets, Sue and/or I will be manually posting that time in Harvest --> feel free to ignore any email notification you may receive 3) Next Board meeting is on Monday, so we are trying to close books by end of today nick asks: what do the rest of us need to do for this? brad: need info outlined in 4) below in order to make sure all revenue is correctly recorded. Some contractor invoices are still missing but we can just book estimates for now. 4) Still need info on milestone status for Sponsors R and Y 5) Time allocation budgets for employees will require significant updates as soon as DRL and/or SIDA grants are awarded. Proposed process for amending time allocation budgets: Roger, Isabela, and Brad create first draft budgets and present to Vegas team for comments; once finalized, updated budgets distributed to employees. Shari: 1) preparing for board meeting 2) traveling to San Francisco next week for EFF board meeting 3) end of next week is DRL meeting in Montreal; David Goulet is going Georg: 1) We finally got Tor Browser 7.0 out. 7.0.1 will follow next week to pick up the Firefox 52.2.0 ESR security update; Cloudflare is still in the process to make sure Tor Browser based on ESR 52 works as the one based on ESR 45 did. This is not done yet. We might want to be aware of that in case users come complaining/folks are asking. 2) Looked over the planned browser dev job posting Mike: 1) Re-read a few Guard related papers for the meeting next week. 2) Fixing issues with Sponsor2 Adaptive Padding work so that Marc Juarez can start to use it. 3) Roger: For the Sponsor2 report, should we wait until PETS? (We can also talk about it next week in person.) Karsten: 1) Put out two metrics-lib releases this week for our last remaining MOSS deliverable. 2) We'll want to write a blog post about the metrics-lib 2.0.0 release in June. We can start drafting something next week. Who can help with that? Tommy? Stephanie? [Answer: Asking Stephanie to help with this next week, copying Tommy.]

1 0

GSoC 2017 - anon-connection-wizard: Report #1
by iry 10 Jun '17

10 Jun '17

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello everyone! The following is my bi-week status report for the anon-connection-wizard project. I apologize for the delay on sending this email (I will send it earlier next time). # Keep up with the development progress of Tor-launcher Since anon-connection-wizard is the python-clone of Tor-launcher, it is a good idea to keep up with the development progress of Tor-launcher. ## irc discussions - - A small discussion related to the anon-connection-wizard happened at #tor-dev on May 30: [0] - - Link to tor launcher automation irc meeting on 06/02/2017: [1] - - June 5th irc meeting log related to anon-connection-wizard: [2] - - BTW, my irc name is: iry ## proposal tickets - - #21951: Tor Launcher improvements and automation [3] - - #22399: Tor launcher third-party censorship circumvention tools support [4] - - #22402: Usablity and accessiblity improvement on the Tor assistant page [5] # Maintain the whonix-setup-wizard - - Once anon-connection-wizard is ready for daily users, whonix-setup-wizard will be replaced. However, before that, it still need some maintenance: [6] # anon-connection-wizard development ## Make a TODO list - - At the beginning of my work, I made a TODO list to track the feature need implementing and bugs need fixing: [7] ## Document how to setup the running environment - - anon-connection-wizard is currently broken in Whonix Stable repository. Therefore, it is helpful for others who want to help test anon-connection-wizard to have a brief instruction on setting up the environment: [8] ## Basic Functions implementation and improvement - - Some of my work have not been pushed to Github yet: [9] ## Discussion on torrc output line related to obfs4 - - Should obfs4 have the “managed” line? : [10] # Next step ## Make setting up the environment easier Making setting up the environment easier will attract more people have a look at the anon-connection-wizard so that the project will receive more feedback. - - Make as many dependencies available as possible: [11] ## Implement other features - - I will keep working on the features and bugs listed in the TODO list Thank you for every tor person's help! iry [0]: http://forums.kkkkkkkkkk63ava6.onion/t/graphical-gui-whonix-setup-wizard - -anon-connection-wizard-technical-discussion/650/250 [1]: http://meetbot.debian.net/tor-project/2017/tor-project.2017-06-02-18.04. log.html [2]: http://forums.kkkkkkkkkk63ava6.onion/t/graphical-gui-whonix-setup-wizard - -anon-connection-wizard-technical-discussion/650/255 [3]: https://trac.torproject.org/projects/tor/ticket/21951 [4]: https://trac.torproject.org/projects/tor/ticket/22399 [5]: https://trac.torproject.org/projects/tor/ticket/22402 [6]: http://phabricator.kkkkkkkkkk63ava6.onion/T684 [7]: http://forums.kkkkkkkkkk63ava6.onion/t/graphical-gui-whonix-setup-wizard - -anon-connection-wizard-technical-discussion/650/229 [8]: http://forums.kkkkkkkkkk63ava6.onion/t/graphical-gui-whonix-setup-wizard - -anon-connection-wizard-technical-discussion/650/232 [9]: https://github.com/irykoon/anon-connection-wizard/commits/master [10]: http://forums.kkkkkkkkkk63ava6.onion/t/should-obfs4-have-the-managed-lin e/3991 [11]: http://forums.kkkkkkkkkk63ava6.onion/t/graphical-gui-whonix-setup-wizard - -anon-connection-wizard-technical-discussion/650/257 -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZO5wcAAoJEKFLTbxtzdU8JFQQAJKLqXAZuPd6VHZh6ZewVMPU PTR5cS1VFi/kY2AaRg5ImPHpSbf4oQViiRq4c2O0BdbozRO3P9gDjDwqyYn1ZfsG 7xJGyzvL7jXZednlwAp3v4D+b3T80hNixVgXAVP+pcYwkMeCZjM1wGLz7WyMFJPZ OfViynDD1bKU6MP5BizFAFpla5VbGCZ8C6QF+E/HyE8+J+5s+Z8boEOrWHNPiP9y 5BoIX541ldRH1U+xe3jf/3137Q1l4/lylm9UikXOB5qCaLgzh51vF7v7qrJDsGiE FmbPnmv0lGRdtmsUBDTjilHMgxhw0K8t80XPq7ATiXnZODL73vuKMuEUKozYNfI+ /qJby1A47J6P3c/vK7Kno5Y6CHNWt6svtM1GKFv8bKB/f2czMgySztkuuU9mOdli jOhS7tSbFz0R81rCNuxbkcjSWZYOjBAxgcIVxu0OC76ELAF5XKldS+BtD/f6rqSS UWe+Ciwaa6yYarqWO9b8fTusiGkHyXHWEjJNJJhJI/gf+F/mDmIWIE+QUxxakObp rts0z2r8Q5lKAiuu5AJtgfBoF17t1VSESYvC+O5Z+H2pDC40bf59yZvnYvy0NnY3 dX3USjyUNEMQK4uSGTAzWuygCRLu1IeZTmd4OkKpO+UWZ+ITEkZL1L+AWY/p/vYx ZDbCIzf4RGc+jhttv0tp =j281 -----END PGP SIGNATURE-----

1 0

GSoC 2017 - unMessage: Report #1
by Felipe Dau 09 Jun '17

09 Jun '17

Hi everyone! This is my report #1 for the unMessage GSoC project. # Pre-coding period Since the project was accepted, my mentors and I started to plan what exactly had to be done for each task and I started to learn the things I would have to know in order to work on each of the tasks we selected. While I was learning I picked a part of each task and implemented them, so that my mentors could see if I was in the right direction. I am going to use bullet lists to briefly describe what I did for each task. More details can be found in their tickets. ## Improve setup script #35 [0] - Improved package metadata and requirements definitions ## Use attrs #34 [1] - Changed a class to use attrs in its attributes and validation ## Add a logger #30 [2] - Created a logger using twisted.logger - Sends logs to a file when using any of the UIs - Displays logs using the stdlib's logger when using the GUI ## Add a test suite #33 [3] - Created the tests module - Added some hypothesis tests for the packet factories - Enabled Travis CI [4] and Codecov [5] integration ## Support file transfer #12 [6] - Created serializable classes for file elements using attrs - Added tests for the serialization - Described how the file elements would be used [7] ## Make functions/methods asynchronous #21 [8] - Made functions/methods involved in sending an element asynchronous # Coding period Since the coding period started, I began to work on the tasks to be delivered for the first evaluation (#35, #34, #12, #30). ## Improve setup script #35 [0] - Added installation instructions to use pip in a virtual environment - Pinned requirements to their latest versions - Finished the task - Created an extra task to automate version and hash pinnings #49 [9] ## Use attrs #34 [1] - Changed most of the existing classes to use attrs ## Add a logger #30 [2] - Implemented a custom stdlib logger to use the file logger's format ## Support file transfer #12 [6] - Started working on the file transfer using the new function/methods that send elements (which are now asynchronous) Most of the code I worked on has been merged to the develop branch [10] and what has not been merged can be found in my fork's [11] branches. I also created a project on GitHub to keep track of the tasks [12]. # What's next The next steps for this first set of tasks is: - Finish changing some of the classes that do not use attrs yet - Continue working on the file transfer to send/receive requests, transfer files and handle some common errors involved in this process - Spread log statements in the code Thanks, -Felipe [0]: https://github.com/AnemoneLabs/unmessage/issues/35 [1]: https://github.com/AnemoneLabs/unmessage/issues/34 [2]: https://github.com/AnemoneLabs/unmessage/issues/30 [3]: https://github.com/AnemoneLabs/unmessage/issues/33 [4]: https://travis-ci.org/AnemoneLabs/unmessage [5]: https://codecov.io/gh/AnemoneLabs/unmessage [6]: https://github.com/AnemoneLabs/unmessage/issues/12 [7]: https://github.com/AnemoneLabs/unmessage/issues/12#issuecomment-304128995 [8]: https://github.com/AnemoneLabs/unmessage/issues/21 [9]: https://github.com/AnemoneLabs/unmessage/issues/49 [10]: https://github.com/AnemoneLabs/unmessage [11]: https://github.com/felipedau/unmessage [12]: https://github.com/AnemoneLabs/unmessage/projects/1

1 0

Community Team May 2017 report
by Alison 08 Jun '17

08 Jun '17

Hello all, Here are the highlights of the Community Team's work in May 2017: May 2017 Community Team report Meeting notes May 2017 ================================================================== https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam#Curre… Support portal ================================================================== We continue to work on creating and editing content for the support portal. Since the website funding is still up in the air, we've decided to put the questions and answers up on a temporary support wiki that users can access in the interim. Localization ================================================================== Phoul made plans for a Localization Lab sometime in June. anadahz translated ansible scripts for automatic Tor relay deployment into Portuguese. Operator support ================================================================== kat5 made a wiki to easily update what tshirts are available for operators: [1] https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/Tshir… Global South ================================================================== we wrote a grant to Lush for Global South outreach funding. We also continued building relationships with community members in Egypt, Pakistan, India, and Kenya. We hope that some of these folks will join us for the Tor Meeting in Montreal this October. anadahz set up two new relays in Brazil: [2] https://atlas.torproject.org/#details/0EBC53D0558E14BEC545DD114D48184793774… [3] https://atlas.torproject.org/#details/45B3C4D398E964DB48736F9EBB6F909B5C573… Some team members organized a Tor meetup at Cryptorave in Brazil, and some of the people who attended that have already joined the tor-south channels. We'd love to build a stronger relationship between Tor and Cryptorave over the next year. Library Freedom Project ================================================================== We held lots of librarian trainings in May, which will probably be our last big training month for a while. We'll instead be focusing on things like updating the website and resources and adding more instructional content. We did a huge amount of work on a big IMLS (Institute of Museum and Library Services) grant which would cover two years of LFP funding. Community governance ================================================================== We sent the membership policy draft to a few Tor folks for review. After the network team hackfest it'll go to tor-project@ for the proposal period. Mirrors ================================================================== Samdney is working on updating the mirror site (#22150). ================================================================== Next up: community team roadmap, more Global South Tor Meeting planning, more questions, answers, and edits to the support portal, ratifying the membership policy. ================================================================== Thanks for reading! Alison -- Alison Macrina Community Team Lead The Tor Project

1 0

SponsorR Status Report May 2017
by George Kadianakis 08 Jun '17

08 Jun '17

Hello, here is the May 2017 report for SponsorR: - Reviewed and merged various prop224 code to 0.3.1: https://trac.torproject.org/projects/tor/ticket/21871 https://trac.torproject.org/projects/tor/ticket/21978 we also merged some spec improvements: https://trac.torproject.org/projects/tor/ticket/22052 - Finalized some more prop224 branches and put them in needs_review: https://trac.torproject.org/projects/tor/ticket/22006 https://trac.torproject.org/projects/tor/ticket/21859 - Published code that implements prop224 client-side descriptor fetching: https://trac.torproject.org/projects/tor/ticket/21403 This is the first step of the client-side implementation and we are currently using it to test the service-side code. Our next move is to implement the client-side introduction logic. - Handled some annoying bugs caused by our already merged-upstream prop224 code: https://trac.torproject.org/projects/tor/ticket/22246 - Accepted a GSoC student who will be working on improving Ahmia this summer: https://lists.torproject.org/pipermail/tor-project/2017-May/001143.html

1 0

Tails report for May 2017
by u 07 Jun '17

07 Jun '17

Find our May 2017 report online here: https://tails.boum.org/news/report_2017_05/ Releases ======== * We've finished testing and releasing Tails 3.0~rc1. * Tails 3.0 is scheduled for June 13th [https://tails.boum.org/contribute/calendar]. Code ==== ## Tails 3.0 We have been focused on the last finishing touches before we deem Tails 3.0 ready for release. Things are looking good so far! ## Reproducible builds Here are some details about our work in April and May on making Tails reproducible. This effort is covered by the Mozilla Open Source Support award (MOSS) that we've received. ### Current status In March we reported [https://tails.boum.org/news/report_2017_03]] that we had finally seen an ISO image build reproducibly on several machines. Since then we kept working on this front. Our automatic upgrades are now reproducible, however, one remaining issue currently blocks us from claiming that our ISO images are too. We are confident that this issue will be solved within a few weeks. ### Reproducible website build In March we've made great progress to get our website build reproducibly. Later on, we realized that ikiwiki resized some images of our website which sometimes contained timestamped metadata, thus making the ISO image build unreproducibly. We have worked around this on our side ([[!tails_ticket 12526]]), and will fix the root cause of the problem in ikiwiki upstream ([[!tails_ticket 12525]]). ### The blocker: fontconfig The cloud which hides the blue skies and the sun in the reproducible builds solar system today, and which is our sole remaining problem to make our ISO image build reproducibly is this: we ship a cache for fonts in Tails. However, this cache is currently not generated in a reproducible manner. In March we tried moving its generation out of the ISO, however, it makes Tails start slower and resulted in too many unreliable test failures. Thus, we decided to move it back into the ISO image and to try and fix the root cause of the problem instead. We filed [[!debbug 863427]], but we already know that our patch is not yet enough to fix the problem, although it greatly reduces the number of differences from 75 to 5 ([[!tails_ticket 12567]]); so we'll keep working on it. ### ISO image and IUKs Our automatic upgrades are now reproducible ([[!tails_ticket 12630]]). When we generate the ISO image using isohybrid, we pass it an ID. We tried setting this ID to `$SOURCE_DATE_EPOCH` which resulted in a reproducible, but non-hybrid, ISO. Thus, we decided to pass a fixed ID instead: [[!tails_ticket 12453]]. ### The bright future Remaining technical issues are tracked on [[!tails_ticket 12608]]. We are working on documenting how to modify our release process to ensure the ISO images we publish are reproducible ([[!tails_ticket 12628]], [[!tails_ticket 12629]]). For those of our users who want to verify their own ISO builds against ours, we'll soon document how to do that ([[!tails_ticket 12630]]). ### Infrastructure See the Infrastructure section below for our work on the infrastructural aspects of this project. Documentation and website ========================= - We have published the Tails Social contract [https://tails.boum.org/contribute/working_together/social_contract]. - We finished updating all our documentation to Tails 3.0, based on Debian Stretch. - We updated our documentation to a new layout of the *Universal USB Installer* for Windows and scaled its screenshots to fix an issue reported by [[!tails_ticket 11527]]. - We updated our documentation of the build system [https://tails.boum.org/contribute/build], as a result of the work on reproducible builds. User experience =============== - We started experimenting with *Piwik* to do web analytics. - We continued redesigning the main window of *Tails Installer* [https://mailman.boum.org/pipermail/tails-ux/2017-May/003374.html]. <a id="infrastructure"></a> Infrastructure ============== - We upgraded some more of our systems to Debian Stretch. - We have started to research Piwik as a candidate for a web analytics platform for our website ([[!tails_ticket 12563]]). - We have continued the efforts to optimize our systems' resources, by playing with different settings of the NUMA balancing ([[!tails_ticket 11179]]). - We have adapted our CI infrastructure to be able to bring back the email notification mechanism for build and test failures, at least for branches which have tickets in a "Ready For QA" state in Redmine ([[!tails_ticket 11355]]). This will be unleashed in June so that we'll be able to gather statistics about false positives in our CI notifications to developers. - Most of our efforts have been focused on upgrading our infrastructure to support reproducible builds, see below. ## Reproducible builds After a long discussion, we [[!tails_ticket 12409 desc="decided"]] not to publish any Vagrant basebox at all: the key argument in favour of this major design change was to remove one huge binary blob from the list of trusted inputs needed for building a Tails ISO image. This will substantially increase the value of Tails ISO images building reproducibly. This decision has a few nice side effects, including: * the properties of the basebox required to build a given state of our code base are entirely encoded in the corresponding Git commit; * changes in the ISO build box definition don't require building and uploading a new basebox. Then we made enough progress to migrate our Continuous Integration platform to the build system used by developers. This is now running in production, not exactly smoothly yet (as explained below), but well enough to keep supporting our development and quality assurance processes. For details, see [[!tails_ticket 11972]], [[!tails_ticket 11979]], [[!tails_ticket 11980]], [[!tails_ticket 11981]], [[!tails_ticket 12017]], and [[!tails_ticket 11006]]. Then we had to deal with a number of issues that we were not in a position to identify before submitting this brand new system to a real-world workload. Some are fixed already ([[!tails_ticket 12530]], [[!tails_ticket 12578]], [[!tails_ticket 12565]], [[!tails_ticket 12541]], [[!tails_ticket 12529]], [[!tails_ticket 12575]], [[!tails_ticket 12606]]). Work is still in progress on some other problems: they are our Continuous Integration engineers' top priority, and should be fully resolved in the next couple of months. Finally, we have [[!tails_ticket 12579 desc="set up"]] automated tests for the reproducibility of our ISO image. Obviously, the results of these tests [are publicly available](https://nightly.tails.boum.org/reproducibly_build_Tails_ISO_test…. Funding ======= - We are still in the process of discussing our proposal with OTF, and reworking it accordingly. - We've submitted a proposal to Lush Digital Fund [https://uk.lush.com/article/introducing-digital-fund]. - We started migrating our European fiscal sponsor from Zwiebelfreunde to CCT, the Center for the Cultivation of Technology [https://techcultivation.org/]. Outreach ======== Past events ----------- * gagz and geb did a presentation and a workshop of Tails at the CPML [http://medias-libres.org] yearly meeting. On-going discussions ==================== - We started to discuss the coordination of Tails 3.0 and Debian Stretch releases [https://mailman.boum.org/pipermail/tails-dev/2017-May/011451.html]. - The news on the update of our build system received a lot of answers [https://mailman.boum.org/pipermail/tails-dev/2017-May/011416.html]. Press and testimonials ====================== * 2016-08-05: A step-by-step guide on how to download, install, and start using Tails, the world's most secure platform [http://www.techrepublic.com/article/getting-started-with-tails-the-encrypte…] by Dan Patterson in TechRepublic. Translation =========== All the website --------------- - de: 59% (2977) strings translated, 5% strings fuzzy, 52% words translated - fa: 43% (2200) strings translated, 9% strings fuzzy, 47% words translated - fr: 87% (4357) strings translated, 1% strings fuzzy, 85% words translated - it: 31% (1585) strings translated, 4% strings fuzzy, 28% words translated - pt: 28% (1443) strings translated, 8% strings fuzzy, 25% words translated Total original words: 52.798 Core pages of the website ------------------------- - de: 82% (1537) strings translated, 10% strings fuzzy, 82% words translated - fa: 37% (695) strings translated, 10% strings fuzzy, 39% words translated - fr: 98% (1843) strings translated, 1% strings fuzzy, 98% words translated - it: 78% (1473) strings translated, 11% strings fuzzy, 78% words translated - pt: 48% (910) strings translated, 13% strings fuzzy, 49% words translated Total original words: 17.079 Metrics ======= * Tails has been started more than 694.165 times this month. This makes 22.392 boots a day on average. * 13.181 downloads of the OpenPGP signature of Tails ISO from our website. * 110 bug reports were received through WhisperBack.

1 0

Tails report for May 2017
by sajolida 06 Jun '17

06 Jun '17

Find our May 2017 report online here: https://tails.boum.org/news/report_2017_05/

1 0

May 2017 report for the metrics team
by Karsten Loesing 06 Jun '17

06 Jun '17

Hello Tor, hello world! Below you'll find the highlights of Tor metrics team work done in May 2017. On behalf of the Tor metrics team, Karsten Added new visualizations of OnionPerf onion server measurements to the Metrics website [1]. [1] https://metrics.torproject.org/torperf.html?start=2017-03-03&end=2017-06-01… Experienced a sustained increase in requests to the Onionoo [2] servers from 800/sec ~4k/sec for almost 1 week, which could finally be handled by increasing the number of front-end servers from 2 to 5 and reducing the TLS RSA key size from 4k to 2k. [2] https://metrics.torproject.org/onionoo.html Released metrics-lib version 1.7.0 [3] which adds support for newly added fields in Torperf/OnionPerf files and extra-info descriptors, streamlines some method names, and fixes a few bugs. [3] https://lists.torproject.org/pipermail/tor-dev/2017-May/012261.html Performed an analysis of adding Laplace noise to directory-request statistics to evaluate whether the resulting statistics would still be sufficient for estimating user numbers, but concluded that this still needs more research. [4] https://trac.torproject.org/projects/tor/wiki/org/teams/MetricsTeam/Obfusca…

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project June 2017