tor-project June 2018

tor-project@lists.torproject.org

26 participants
30 discussions

Notes from the Tor Browser team meeting, 11 June 2018
by Georg Koppen 11 Jun '18

11 Jun '18

Hi all! Our weekly meeting finished just a couple of minutes ago. The chat log can be found at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-06-11-17.59.log… Ans as usual the notes from our pad follow: Monday, June 11, 2018 Discussion: igt0: What is the status of the onboarding for TBA? (GeKo: It's being worked on but has not as a high a prio as the desktop related item as the latter goes live earlier) blockers for alpha release (GeKo: 1) updater issues (#26045) 2) Windows builds 3) new patch for proxy bypass bug) sukhe: Last Week: - Worked on #26203, specifically #26326, #26204, #25837 (ESR 60 Windows build) - Tested Arthur's patch for #26128 (Make security slider work with NoScript for ESR60) This Week: - Try to finish working on the above tickets - Attending Citizen Lab Summer Institute Wed-Fri GeKo: Last Week: - finished MAR signing testing (#26045) - network review (not much progress due to other fires :/) - more code reviews (#26153, #22242, #26233, started with #23247) - helped with the windows changes for esr60, investigated #26329 and developed a patch that still needs testing - begin of the month admin stuff, ticket prioritization for next alpha - helped with getting our macOS nightly builds going (we did it!) - prepared a Firefox chemspill release over the weekend. Thanks for boklm and sukhe stepping up and helping - was afk on 6/6 - asked nick in the vegas team meeting about using 'status:' updates for the browser team, too, and we can go ahead with this plan if we want This week: - work on #26050 and finish remaining MAR signing issues, so that we are good wrt to our update plans - help with getting Windows nightly builds going - network review - look into remaining work with ux-team for first esr60-alpha trying to prioritize things/moving them forward where needed arthuredelstein: Last week: - Wrote a patch for https://trac.torproject.org/26128 (security slider in ESR60) (igt0: is the #26336 related?) - Worked on https://trac.torproject.org/25555 (reimplement optimistic socks) This week: - Mozilla All Hands This week and next week: - Finish a patch for https://trac.torproject.org/25555 (reimplement optimistic socks) - HTTP/2, https://trac.torproject.org/14952 - Other needed alpha/ff60-esr tickets: https://trac.torproject.org/21785, https://trac.torproject.org/26321, https://trac.torproject.org/26322 mcs and brade: Last week: - Filed a Bugzilla bug for #25909 (disable updater telemetry); see https://bugzilla.mozilla.org/show_bug.cgi?id=1466857. Our fix caused some test failures and therefore did not yet make it to mozilla-central, but for now we will wait and see if a Mozilla person picks up the investigation. - Did a review for #26128 (Make security slider work with NoScript for ESR60). - Did a review for #23247 (Communicating security expectations for .onion). - Made progress and added a long comment in #22074 (Review Firefox Developer Docs and Undocumented bugs since FF52esr). This week: - Help with #26045 (Create a new MAR signing key for ESR60). - Review the revised patch for #23247 (Communicating security expectations for .onion). - Continue with #22074 (Review Firefox Developer Docs and Undocumented bugs since FF52esr). igt0: Last Week: - Helped out sysrqb debugging the Orfox crash(#26320) - Started to verify if all tor button modules and components work on mobile to make sure it doesn't depend of the UI elements(#25013) This Week: - Finish #25013 - Make sure we are not forgetting anything for the TBA alpha. boklm: Last week: - reviewed #24632 (Update macOS toolchain for ESR 60) - made patch for #26234 (add update_responses option to specify rewrite rules) - helped build/publish the chemspill releases - Investigated build issue in #12968 (HEASLR) but did not find a solution yet This week: - doing some reviews - continue investigating build issue with #12968 (HEASLR) - fill upstream binutils ticket for #26148 - continue work on some ansible roles for testsuite VMs setup (#26149) tjr - Got x64 Sandbox working Georg

1 0

Notes from June 7 2018 Vegas team meeting
by Karsten Loesing 11 Jun '18

11 Jun '18

Notes for June 7 2018 meeting: Roger: 1) on my near-term todo list: helping isa and hiro figure out a good design for search on the support portal 2) i'll be doing my foci paper reviews this week / this weekend 3) i'm at mozilla all-hands next week Georg: 1) In addition to the Linux nightlies based on ESR 60, we have them for macOS working now, too. The release date for the first alpha based on ESR 60 is still planed to be June 26/27. 2) Where are we with the meek/moat/domain fronting situation? Did Amazon or anyone else signal they seriously want to help us? What are our next steps? [GeKo: We'll coordinate over IRC and get the ball rolling again] 3) Nick: There is interest in the tbb-team to use the "status: " update mechanism as well. Would that work for you? Or should we look for something else? (Go ahead! -Nick) Arturo: 1) Completed OONI Explorer mockups: https://xd.adobe.com/view/5ce42d4b-386e-44dc-679e-f509e9dc1a36-2ad5/ 2) OONI Probe iOS is almost ready for usability testing 3) Pakistan's Media Matters for Democracy published a report on the blocking of a political party site (in the run up to elections) based on OONI data: http://digitalrightsmonitor.pk/generalelections2018-amidst-shrinking-online… 4) Next week Maria and Arturo will be attending the Citizen Lab Summer Institute in Toronto and facilitating OONI workshops Shari: 1) working on job descriptions 2) met with Isa and Roger when they were in town; got lots of assignments ;) 3) working on 2018-2019 budget 4) working on board book for meeting June 20 5) reviewing lots of stuff related to Mexico City 6) reviewing Dark Web materials to prepare for video production 7) submitted MDF grant proposal; several grant proposals in process (including OTF request for full proposal) Nick: 1) Recovering from Seattle travel 2) Network team meeting went pretty well 3) Looking forward to new timesheet process (?) 4) Planning some significant refactoring leading into 0.3.5. isabela: 1) working on PM job description 2) 2nd round of interviews with User Research Coordinator 3) organizing things for Colombia 4) getting sponsor8 NCE request done 5) met with Network Team in Seattle and with Shari 6) helped a bit with MDF grant proposal 7) following up with tasks related to UX Team and Services work 8) next week i will be at Mozilla All Hands 9) met with Cliqz CEO and will continue conversation regarding their private tab experience with Tor; reviewing the Brave beta experience as well. 10) organizing some sponsors reports Steph: 1) Upcoming blog posts: finished working on a post with hiro on fb / tracking / tor browser, published in the next couple days. Also an upcoming post by Colin on the Barcelona PETS meet up, pending final location info. 2) Trying to get a couple corrections on stories about Tor. Got an arstech post updated which inaccurately called out a 0day. Waiting to hear back from TH about a story where they say we “announced” something they pulled from public notes. 3) Preparing for a conf in pittsburgh June 21 4) Will be at All Hands next week in SF 5) Def Con: will submit an AMA for Roger in the crypto village— will look into the process today. will see if we can have some time to just be at a table, talking, handing out materials (can't give goods for donations though) 6) Drafted an internal doc on dark web talking points 7) Connected with a contact in Kenya about upcoming Tor trip

1 0

[TSoP2018] Ahmia status update ~ report #2
by Stelios Barberakis 10 Jun '18

10 Jun '18

Hello all, The last two weeks, I have been working on the following things, in reverse chronological order: * Changing Elasticsearch schema to be compatible with current (6.x) version. Minimum modifications (renaming a field) are needed in order to adjust to future (7.x, 8.x, 9.x) ES versions. The necessary adjustments have been performed to all ahmia projects (ahmia-index, site, crawler) [ a091eb0 <https://github.com/ahmia/ahmia-index/commit/a091eb0807a7659e14dc096701f3fe9…>] [576b94f <https://github.com/ahmia/ahmia-site/commit/576b94f84f3950270a0c5c66f338a56c…>] [2d2cf40 <https://github.com/ahmia/ahmia-crawler/commit/2d2cf4008026c671a8aa4d6f80a2e…> ] * Introduce flexible logging capability controlled by web app's settings (ahmia-site) [63174fd <https://github.com/ahmia/ahmia-site/commit/6e174fddad91b7c5eaccc6eed77b9fbe…>, dcf5e85 <https://github.com/ahmia/ahmia-site/commit/dcf5e85678d744a0993cae5a681e20fb…> ] * introduce django admin support (ahmia-site) [9dd94b4 <https://github.com/ahmia/ahmia-site/commit/9dd94b4a98e5581c5bfdfc9da43713dd…> ] * Slightly improving the code that handles onion adding form for users [ 8af3382 <https://github.com/ahmia/ahmia-site/commit/8af3382636cd87751d710e2ec53dd168…> ] * Updated django tests to match current situation (ahmia-site) [0c13e6c <https://github.com/ahmia/ahmia-site/commit/0c13e6cdac1c22f464a595186d6a9c0d…> ] BR, Stelios -- PGP key: http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xBF6EA91B7CBE3998

2 1

[TSoP2018] Bandwidth scanner status - status report #2
by juga 09 Jun '18

09 Jun '18

Hi, since last report, these has been the tasks i have worked on: Simple Bandwidth Scanner (sbws) [0]: --------------------------------- - add number of failures to relay bandwidth lines (#160, #176) - obtain relay ed25519 master key and add it to relay bandwidth lines (#174) - add logging to a file by default (#183) - use keyserver pool to retrieve gpg key (#185) little-t-tor -------------- - started to work on: bandwidth testing circuits should be allowed to use our guards (#19009) - started to work on: relays should regularly do a larger bandwidth self-test (#22453) - update descriptor on bandwidth changes only when uptime is less than a day (#24104) - report version of bwscanners in votes (#3723) Bandwidth List format specification: -------------------------------------- - add KeyValues counting errors in Bandwidth Line (#26200) - update descriptor on bandwidth changes only when uptime is less than a day (#26301) Tor directory protocl: ------------------------------ - add a bandwidth-file line to votes in dir-spec.txt (#26222) Best, juga [0] https://github.com/pastly/simple-bw-scanner

1 0

May 2018 report for the Tor Browser team
by Georg Koppen 07 Jun '18

07 Jun '18

Hi! We had two Tor Browser releases this month, Tor Browser 7.5.4[1] and 8.0a7[2] picking up Firefox 52.8.0esr which contained a couple of security bug fixes. Apart from that we were able to fully concentrate on the Tor Browser transition to Firefox 60 ESR and on our Tor Browser for Android work. Since May 30 we have Linux nightly builds available which are based on Firefox 60 ESR[3] and we meanwhile finished the transition for macOS as well[4]. That does not only include updating the toolchains to new Firefox requirements but getting our own extensions, Torbutton[5] and Tor Launcher[6], to work the new browser version, too. We worked as well on the network code and new feature audit to make sure we don't miss criticial changes for Tor Browser and patch them if necessary. On the mobile side we were fighting with an unexpected crash bug due to a Firefox patch closing a serious vulnerability.[7] We hope to have this problem resolved soon. Moreover, we made progress on having a first branch based on Firefox 61 ready[8], which will be the base for our first Tor Browser for Android alpha release. The full list of tickets closed by the Tor Browser team in May is accessible using the `TorBrowserTeam201805` keyword in our bug tracker.[9] For June we need to get outstanding build issues for the new Tor Browser for Windows resolved.[10] In parallel work to stabilize the code to be ready for the first alpha based on Firefox 60 ESR is under way, adapted to the new Firefox Photon user interface. If we get all the remaining pieces done in time the first ESR 60-based alpha will be out at the end of this month. For mobile we should have first test builds ready this months and close remaining proxy bypass bugs, if there are any. Additionally, we are working together with the UX team to get the UI adapted to match what we'll ship for desktop. All tickets on our radar for this month can be seen with the `TorBrowserTeam201806` keyword in our bug tracker.[11] Georg [1] https://blog.torproject.org/tor-browser-754-released [2] https://blog.torproject.org/tor-browser-80a7-released [3] https://lists.torproject.org/pipermail/tbb-dev/2018-May/000849.html [4] https://trac.torproject.org/projects/tor/ticket/24632 [5] https://trac.torproject.org/projects/tor/ticket/26100 [6] https://trac.torproject.org/projects/tor/ticket/25750 [7] https://trac.torproject.org/projects/tor/ticket/26320 [8] https://trac.torproject.org/projects/tor/ticket/26233 [9] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… [10] https://trac.torproject.org/projects/tor/ticket/26203 [11] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…

1 0

One job opening and two new hires!
by Erin Wyatt 06 Jun '18

06 Jun '18

Hello, everyone! Here’s a quick hiring update: 1. We’ve (finally) found our Android OS developer, who will be starting later this month!! 2. We’re closing in on finding our amazing magical person for the User Research Coordinator position and will hopefully be making an offer in the next couple weeks! 3. Still accepting applications for the Localization Project Manager, a part-time position. (https://www.torproject.org/about/jobs-localization-projectmanager.html.en) 4. New opening for a Fundraising Director! This one we really need your help with — please apply, forward, share, tweet, whatever! This is such an important job and we’d really like to find someone totally awesome for it, so please help us spread the word. (https://www.torproject.org/about/jobs-fundraising-director.html.en) (PDF attached and plain text pasted below.) Hope you’re all having a great week! :) Cheers, Erin Wyatt HR Manager ewyatt(a)torproject.org GPG Fingerprint: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE Internet Freedom Nonprofit Seeks Experienced Fundraising Director June 5, 2018 The Tor Project, Inc., a 501(c)(3) nonprofit organization that provides technical infrastructure for privacy protection over the internet, is seeking a dynamic, creative, and organized Fundraising Director to help us grow and expand our funding base. The Fundraising Director will be responsible for planning, directing and coordinating all fundraising activities, with an emphasis on diversifying our funding sources. The ideal candidate will have at least five years of leadership experience working in the fundraising department of nonprofit organization. This person must be able to straddle the worlds of technology and fundraising. The Tor Project is funded in part by government research and development contracts, and in part by individual, foundation and corporate donations. The ability to talk about the Tor Project's work to all different types of current and potential donors is essential. This senior level position will report directly to the Executive Director and will be part of the organization's leadership team. The Fundraising Director will set and guide the strategy for all of our fundraising, including increasing contributions from government, foundation, corporate, and individual donors. This is a new, hands-on position for a highly skilled fundraising professional. Responsibilities: • • Work with Tor Project program staff to understand and communicate effectively about the range of our projects and accomplishments. • • Grow a major gifts program, including identification, cultivation, and solicitation of major donors. • • Oversee the flow of our donation system, from initial ask to thank you. • • Oversee grant seeking, including research, proposal writing, and reporting requirements. • • Interact with our current government and foundation program officers, making sure they are receiving necessary reports and keeping them apprised of our work. • • Oversee our annual crowdsourced funding campaign. • • Supervise and collaborate with our grant writer. • • Write and edit grant proposals, grant reports, year-end report, conference one-pagers and other fundraising-specific writing. • • Plan fundraising events, as appropriate. • • Determine appropriate Tor Project booth presence at conferences and events. • • Ensure that the time of the Executive Director is used efficiently for fundraising. Qualifications: • • Demonstrated track record of success in raising major gifts and writing complex proposals for various audiences, including foundations. • • Knowledge and experience in fundraising techniques, particularly major gift fundraising. Must be comfortable making pitches and personally asking people for money. • • Excellent verbal, written, and editing skills, including the ability to produce high quality work quickly and under deadline pressure. • • Ability to develop fundraising budgets and prepare financial reports. • • Comfortable with highly technical topics and ability to explain them clearly and accurately to non-technical audiences. Must embrace the mission of the Tor Project. • • Strong generalist understanding of the basic mechanics of how the internet works, as well as issues related to privacy, security, censorship, and surveillance. • • Excellent computer skills, including familiarity with donation tracking systems. (We use the open source CiviCRM.) • • Experience with, or willingness to learn how to use, communications and collaboration technologies such as PGP, IRC, Jitsi, Signal, WordPress, and etherpads. • • Hard working and highly organized with superior attention to detail. • • Willingness to take responsibility and initiative. • • Highly collaborative, preferably with experience working with and as part of remote teams in different time zones. • • Prior experience working on U.S. government grants and contracts is a plus. • • Willingness to travel to international meetings at least twice a year. • • The successful candidate should be eager to be an inspiring mentor and colleague to the board and staff of the Tor Project. The Tor Project's workforce is smart and committed. Experience working with open source communities and/or a dedication to Internet freedom are added pluses. The Tor Project currently has a paid and contract staff of around 35 developers and operational support staff, plus many thousands of volunteers who contribute to our work. The ideal candidate will be energetic, unflappable and flexible, and will thrive in a highly-technical collaborative environment. This is a full-time, hands-on position, which can be done remotely or in our office in Seattle, WA. Flexible salary, depending on experience. The Tor Project has a competitive benefits package, including a generous PTO policy; 14 paid holidays per year (including the week between Christmas and New Year's, when the office is closed); health, vision, dental, disability, and life insurance paid in full for employee; flexible work schedule; and occasional travel opportunities. To apply, send a cover letter and your resume to hr at torproject dot org with the subject "Fundraising Director." Tell us why you think you're the right person for this job, and please include links to writing samples. No phone calls please! The Tor Project, Inc., is an equal opportunity, affirmative action employer.

1 0

OONI Monthly Report: May 2018
by Maria Xynou 05 Jun '18

05 Jun '18

Hello Tor world, In May 2018, the OONI team established a new partnership, created a fully working prototype of an OONI Probe Windows app, continued to make progress on revamping the OONI Probe mobile apps, and published interviews with community members. Further information is provided in the following report. # Established new partnership We are excited to have formally established a new partnership with Nigeria's Paradigm Initiative! As part of our new partnership, we aim to collaborate on the study of internet censorship in Nigeria through the collection and analysis of OONI Probe network measurements. Social media announcement: https://twitter.com/OpenObservatory/status/993395765665062912 # Created a prototype of an OONI Probe Windows app We reached a fully working prototype of an OONI Probe Windows app! This involved mostly fixing various issues that were Windows-specific and developing workarounds. Below is a partial list of the issues we resolved and worked on: * https://github.com/ooni/probe-cli/commit/a0be45e32313cf0423b3b49ce6b38acecc… * https://github.com/ooni/probe-cli/commit/d15fddc538e3020d758cbfe4fb68e18d91… * https://github.com/ooni/probe-cli/commit/c97217c49e1bfc1500e526bff892388d0e… * https://github.com/ooni/probe-desktop/commit/b5754c9a1405355a5b7d0604c10d88… * https://github.com/ooni/probe-desktop/commit/686591c694102c678edafb73d52033… Moreover, we improved how exceptions are reported back to us by integrating sentry.io into the desktop app. We will likely add support for doing the same in the CLI tool as well. See: https://github.com/ooni/probe-cli/issues/12 # Revamping the OONI Probe mobile apps The iOS version of the revamped OONI Probe mobile app is almost ready! We completed the details screens and OONI Run, and we can start a testing and tweaking phase. The current stable version has been updated to 1.3.2 with the update on measurement-kit, geoip and test lists: * https://github.com/TheTorProject/ooniprobe-ios/pull/178 * https://github.com/TheTorProject/ooniprobe-android/pull/148 We also started refactoring the Android code and researching the required libraries. See: https://github.com/TheTorProject/ooniprobe-android/pull/149/commits # Press coverage OONI received the following press coverage in May 2018: 1. CBC News wrote a story about OONI, discussing the use of OONI Probe and OONI data by researchers and advocates around the world. This article, titled "When governments censor websites and block messaging apps like Telegram, here's where to turn for proof", is available here: http://www.cbc.ca/news/technology/ooni-tor-information-controls-measurement… 2. The Malay Mail reported on the use of OONI data by Malaysian digital rights organization, Sinar Project, in monitoring censorship events during the country's elections and detecting the blocking of an election result site. This news article is available here: https://www.malaymail.com/s/1631677/watchdog-tm-maxis-censored-live-result-… # Community use of OONI data 1. Malaysia's Sinar Project published a report based on OONI data, revealing the blocking of an independent election results website during the country's elections: https://sinarproject.org/en/updates/internet-censorship-monitoring-14th-mal… 2. Kenya's Strathmore University CIPIT published a research report examining intentional internet dusruptions in Africa over the last 5 years. This report cites OONI data: https://blog.cipit.org/wp-content/uploads/2018/05/Report_Intentional-Intern… 3. The "Ranking Transparency of Mobile Service Providers in Russia" report used OONI Probe and cites OONI data: https://roskomsvoboda.org/media/2018/05/RDR-report-EN-1-1.pdf 4. The Berkman Centre published an interview with Sinar Project (our Malaysian partner), which discusses their use of OONI Probe and OONI data as part of their work: https://medium.com/berkman-klein-center/open-without-freedom-8faf1df6e45b 5. OONI is cited in the Global Network Initiative's research report "Disconnected: A human rights-based approach to network disruptions": https://globalnetworkinitiative.org/wp-content/uploads/2018/05/Disconnected… # Community activities ## Publication of community interviews We have started publishing interviews with OONI community members to share their work with the world. In May 2018, we published interviews with the following OONI community members: 1. Moses Karanja: https://ooni.torproject.org/post/ooni-community-interviews-moses-karanja/ 2. Julie Owono: https://ooni.torproject.org/post/ooni-community-interviews-julie-owono/ Over the next months, we'll be filming and publishing more community interviews, which will be made available on our YouTube channel: https://www.youtube.com/channel/UCQhDgj9wBf4_w5bWFvLlq-w ## RightsCon 2018 We joined the internet freedom community at RightsCon (https://www.rightscon.org/), hosted in Toronto by Access Now between 16th-18th May 2018. At RightsCon, we presented OONI and participated in the following sessions: 1. Enforcing Net Neutrality with Evidence Based Policy Making: https://rightscon2018.sched.com/event/EHoY/enforcing-net-neutrality-with-ev… 2. Shedding Light on Internet Blackouts: https://rightscon2018.sched.com/event/EHmS/shedding-light-on-internet-black… 3. Defending Minority Voices on a Censored Internet: https://rightscon2018.sched.com/event/EHmO/defending-minority-voices-on-a-c… 4. When Repressive Authorities #KeepItOn: https://rightscon2018.sched.com/event/EHlH/when-repressive-authorities-keep… We published a blog post to encourage participation at our RightsCon sessions: https://ooni.torproject.org/post/ooni-rightscon-2018/ ## OONI swag By donating to The Tor Project, community members can now get OONI t-shirts and OONI stickers. See: https://donate.torproject.org/pdr ## Updated test lists The following test lists were updated in May based on URLs provided by community members: * KZ: https://github.com/citizenlab/test-lists/pull/348 * PK: https://github.com/citizenlab/test-lists/pull/346 * AO: https://github.com/citizenlab/test-lists/pull/345 * Global: https://github.com/citizenlab/test-lists/pull/347 * IR: https://github.com/citizenlab/test-lists/pull/343 * UG: https://github.com/citizenlab/test-lists/pull/342 # Userbase In May 2018, OONI Probe was run 246,655 times from 4,739 different vantage points in 209 countries around the world. This information can also be found through our stats: https://api.ooni.io/stats ~ The OONI team. -- Maria Xynou Research and Partnerships Coordinator Open Observatory of Network Interference (OONI) https://ooni.torproject.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

Reviving The Discussion: Crowdsourcing some guidelines for what it means to make a web site "Tor-friendly"
by Kevin Gallagher 04 Jun '18

04 Jun '18

Hello everyone, Recently in a Tor UX meeting I brought up the idea of creating a Tor-Friendliness scanner, or a program that evaluates and ranks the "Tor-friendliness" of a web site and provides recommendations to improve. This idea seemed pretty well received by those attending the meeting, so I'd like to get stated on creating this. However, in order to do this I would need to precisely define "Tor-friendliness." That's when this discussion (https://lists.torproject.org/pipermail/tor-project/2018-January/001606.html) was brought to my attention. It seems conversation about this has died down. I would like to revive this conversation and work towards creating an understanding of the definition of being "Tor-friendly." Currently I am reading the Tor Browser Design Document to understand the Tor Browser more fully, and to understand how it works to thwart tracking and fingerprinting, etc. If there are other approaches I should consider to help me understand what "Tor-friendliness" is, please let me know! Otherwise, I would love to hear about what people think constitutes "Tor-friendliness" so I can build a tool that tests for these things. Thanks, Kevin Gallagher -- Kevin Gallagher Ph.D. Candidate Center For Cybersecurity NYU Tandon School of Engineering Key Fingerprint: D02B 25CB 0F7D E276 06C3 BF08 53E4 C50F 8247 4861

5 5

Notes from the Tor Browser team meeting, 4 June 2018
by Georg Koppen 04 Jun '18

04 Jun '18

Hi! We just finished our weekly Tor Browser meeting. The chat log can be found at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-06-04-18.00.log… The notes from our pad are: Monday, June 4, 2018 Discussion: sysrqb: Do we want to use the 'status:' updates during the week like the network team? [GeKo: It seems we like this idea. Need to check with the network team to not mess with their status updates] sysrqb: General question: is there an update/timeline on the new tp.o website? [GeKo: not sure actually] igt0: Last Week: - Updated #1459420 patch (HLS Player doesn't use the centralized Proxy Selector) - Still struggling with the Orfox crash, I also contacted Till from Mozilla (sysrqb: could you give a hand? yes) - Delivered my talk in the JSConfEU about fingerprinting techniques and mitigations. [GeKo: Are there slides/a recording available somewhere?] This Week: - More Orfox debugging - tweak Tor Button to make it work on mobile and initial mobile UI preparation (we need to think about what we can reuse) mcs and brade: Last week: - Reviewed and tested rebased external helper app patch (part of #25543). - Fixed #26235 (Help menu does not open in Tor Browser nightlies based on ESR60). - Started working on #22074 (Review Firefox Developer Docs and Undocumented bugs since FF52esr). This week: - File a Bugzilla bug for #25909 (disable updater telemetry) - Continue with #22074 (Review Firefox Developer Docs and Undocumented bugs since FF52esr). GeKo: Last week: - continued MAR signing key testing - finished macOS patches for new toolchain (including all the other components, not only firefox), nightlies should be available rather soon - made progress on the network review - reviews (#25859, #25650, #26204, #26235) - sent out 1:1 feedback scheduling mails This week: - finish MAR signing testing and come up with a plan for the changes we need for the next update and how we address them (#26050) - network review - more code reviews - help with the windows changes for esr60 - begin of the month admin stuff, ticket prioritization for next alpha - I'll be afk on 6/6 sukhe: Last Week: - Worked on #26204, #25837, #26073, #26216 (in progress), #26205 (in progress). Looked at Windows builds of Firefox 60ESR - Rust build question: what's the purpose of prev_version? Is there a reason we are using the source tar and not the git? I am asking because panic-abort.patch fails to apply for the Windows 32bit build. I am building on top of master with https://github.com/azadi/tor-browser-build-1/tree/bug-26204 and https://gitweb.torproject.org/user/gk/tor-browser-build.git/commit/?h=bug_2… merged [boklm: prev_version is the binary version we use for bootstrapping the build. panic-abort.patch was made on rust 1.25.0 and it seems it will need to be rebased on version 1.26.1.] This week: - Resume #26126, #26205, #26203 (Windows builds) tjr - Ethan, Tim and Gary are back! Had their first couple days. Will sync up with them this week. (Arthur says: yay!) - Expect a Tor/Mozilla sync meeting to get scheduled after all-hands, probably late day Berlin time / early morning USA time - MinGW Work - x64 Sandbox work: https://bugzilla.mozilla.org/show_bug.cgi?id=1461421 - x64 Sandbox with jemalloc: https://bugzilla.mozilla.org/show_bug.cgi?id=1466192 - Jacek will start on mingw-clang sometime soonish in https://bugzilla.mozilla.org/show_bug.cgi?id=mingw-clang and children boklm: Last week: - reviewed #26204, #26249, #9711, #25832, #25894, #25554, #25548, #26195, #26003 - updated #25860 (Clean up OpenSSL's configure options for Windows) This week: - finish reviewing #24632 (Update macOS toolchain for ESR 60) - update HEASLR patch (#12968) and try to inspect the binary to check if we are good - start looking at #26050 and #26234 (update "watershed" for ESR60-based Tor Browser) - fill upstream binutils ticket for #26148 - continue work on some ansible roles for testsuite VMs setup (#26149) pospeselr: Last week: - run without /proc patch uplift updates - seems like #23247 test failures were some intermittent issue with the ESR60 tryserver, rebased agains latest and test failures went away - localization approach of pulling strings from tor-button strings list won't work as is (due to string formatting specifiers) - problem is modifying that first line which either shows: - the various HTTPS and encryption properties (uses string formatters) OR - scary connection not encrypted message (hard coded string) - for onion https connections we would need to throw away the HTTPS info altogether and only display a constant 'onion encryption' message for the 1st line - if anyone has thoughts on this I'm all ears - started work on #26039 (<profiledir>/preferences/extension-overrides.js will not be loaded in ESR 60) - took off Friday (and Monday was Holiday) This week: - finish up #26039 patch sysrqb: - Last week: Monday was US holiday Continued work on TBA patches Looked at Orfox bug Began dogfooding nightly - This week: Rebasing and testting TBA patches on top of Arthur's Tor Browser patches (#26233) Looking at Orfox bug some more arthuredelstein: - Last week: Finished a branch for #26233 (Rebase to Firefox 61) Started work on #14952 (HTTP2 audit and patch) - This week: Try to get a patch for review for #14952 Work on #25555 (optimistic socks) and #26128 (noscript/security slider, possibly in collaboration with sukhe) Georg

1 0

Notes from May 31 2018 Vegas team meeting
by Karsten Loesing 04 Jun '18

04 Jun '18

Notes for May 31 2018 meeting: Georg: 1) First Tor Browser nightlies based on Firefox 60 ESR are out; we work on getting macOS and Windows builds in shape as soon as possible 2) Where are we with the meek/moat/domain fronting situation? Did Amazon or anywhere else signal they seriously want to help us? 3) Mike: What's the state of Goolgle ReCAPTCHA blocking Tor users outright? Are there new results from the measurement side (IIRC I just saw one/two mails weeks ago)V Alison: 1) Returned from Uganda. Antonela and I will be writing up and sharing our report soon. 2) While in Uganda we encountered a bug in Facebook that prevents connections over Tor, even with the onion service. 3) Library Freedom Institute starts next week! You can follow along with our curriculum and see what resources we produce here: https://github.com/alisonLFP/libraryfreedominstitute 4) Next Saturday I'm speaking at the French librarians' conference in La Rochelle, France 5) LFP is signing the contract this week to coordinate the Glass Room Experience in the US 6) Doing lots of Mexico City planning including working on the open days. Meeting with Gus later to talk about hosting a few sessions for new people, including Tor trainings/installation in both English and Spanish, and some other things that can help get people involved. Steph: 1) Newsletter going out today 2) Published a post with Ed at PI 3) Who can help with frontdesk? 4) Answered questions for a journalist Karsten: 1) Finished open reviews and wrapped up tasks worked on by iwakeh. The metrics team will be 1 person only in June before growing back to 2 in July with irl. 2) Put out five releases to switch from Gson to Jackson as JSON library, also as an exercise to hand over CollecTor/Onionoo operation from iwakeh to irl.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project June 2018