tor-project February 2020

tor-project@lists.torproject.org

23 participants
48 discussions

Tails report for January 2020
by sajolida 11 Feb '20

11 Feb '20

https://tails.boum.org/news/report_2020_01/ Releases ======== - Tails 4.2 was released on January 7. - Tails 4.2.2 was released on January 14 (emergency release). - Tails 4.3 is scheduled for February 11. The following changes were introduced in Tails 4.2: - Improvements to automatic upgrades We worked on important improvements to the automatic upgrade feature, which is still one of your major pain points when using Tails: - Until now, if your version of Tails was several months old, you sometimes had to do 2 or more automatic upgrades in a row. For example, to upgrade from Tails 3.12 to Tails 3.16, you first had to upgrade to Tails 3.14. Starting with 4.2, direct automatic upgrades will be available from all prior versions to the latest version. - Until now, you could only do a limited number of automatic upgrades, after which you had to do a much more complicated "manual" upgrade. https://tails.boum.org/doc/upgrade/#manual Starting with 4.2, you will only have to do a manual upgrade between major versions, for example to upgrade to Tails 5.0 in 2021. - We made automatic upgrades use less memory. - We optimized a bit the size of the download when doing automatic upgrades. - We included several command line tools used by SecureDrop users to analyze the metadata of leaked documents on computers that cannot use the Additional Software feature: - PDF Redact Tools to redact and strip metadata from text documents before publishing - Tesseract OCR to convert images containing text into a text document - FFmpeg to record and convert audio and video - Open ~/Persistent/keepassx.kdbx by default when starting KeePassX. If this database does not exist yet, stop pointing to it in the list of recent databases. The following changes were introduced in Tails 4.2: - Update Tor Browser to 9.0.4. This fixes a critical vulnerability in the JavaScript JIT compiler of Firefox and Tor Browser. Mozilla is aware of targeted attacks in the wild abusing this vulnerability. This vulnerability only affects the standard security level of Tor Browser. The safer and safest security levels are not affected. - Avoid a 2-minutes delay when restarting after doing an automatic upgrade. (#17026) Code ==== - We fixed critical regressions that were introduced while improving automatic upgrades. - We started work on making the download of automatic upgrades more robust (#15875). - We fixed the long delay while rebooting after applying an automatic upgrade (#17026). - In order to make the development process a bit smoother: - We now use the tarball with all Tor Browser langpacks (#17400), instead of downloading a complete Tor Browser for every language. - Our build system is now able to cache the website build. Documentation and website ========================= - Göktürk Yüksek improved the dd command in the expert installation scenario to display progress (status=progress) and sync on-the-fly (oflag=direct). - We fixed the display of the output of rsync when doing a backup of the persistent volume. https://tails.boum.org/doc/first_steps/persistence/copy/ Infrastructure ============== - We made progress on our migration to GitLab. - We resumed work on upgrading our CI hardware (#16960). Funding ======= - We added ThinkPenguin as a partner. https://tails.boum.org/partners/ - We teared down the donation campaign. We raised around 100k€ from 2 000 donations. - We were invited to submit a full proposal for the joint grant proposal with Tor and the Guardian Project to the DRL Internet Freedom program. Hot topics on our help desk =========================== - A lot of users are complaining about Seahorse failing to import public keys. (#17183) - A few people reported graphic issues, mostly #16875, but also with Nvidia Turing. (#17155) - Some users are facing issues (#17388, #17430, #17418) with some network adapter since 4.1.1. (#17388, #17430, #17418) Translations ============ All the website --------------- fr: 86% (5293) strings translated, 3% strings fuzzy es: 51% (3134) strings translated, 4% strings fuzzy de: 34% (2143) strings translated, 10% strings fuzzy it: 30% (1852) strings translated, 8% strings fuzzy fa: 27% (1689) strings translated, 10% strings fuzzy pt: 22% (1359) strings translated, 8% strings fuzzy Core pages of the website ------------------------- fr: 93% (1695) strings translated, 4% strings fuzzy es: 90% (1636) strings translated, 2% strings fuzzy de: 64% (1168) strings translated, 16% strings fuzzy it: 60% (1094) strings translated, 18% strings fuzzy pt: 43% (792) strings translated, 14% strings fuzzy fa: 32% (596) strings translated, 14% strings fuzzy Metrics ======= - Tails has been started more than 856 922 times this month. This makes 27 643 boots a day on average. -- sajolida Tails — https://tails.boum.org/ UX · Fundraising · Technical Writing

1 0

Shadow status (Sponsor 38)
by Jim Newsome 10 Feb '20

10 Feb '20

Hi everyone! For those I haven't met yet, I recently joined The Tor Project and will be working on the Shadow <https://shadow.github.io/> simulator for the Sponsor 38 <https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor38> project. On the Tor side I'll be part of the Network team <https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam>. I plan to aim for ~monthly status updates here. So far: * I started two weeks ago, and spent the first couple days having an orientation and kickoff with Rob Jansen (NRL) * I've been doing some work to improve development assurance and velocity <https://github.com/shadow/shadow/milestone/15> o Migrated the documentation from a GitHub wiki into the source repository itself, so that changes can go through the same review process and to help keep it in sync with code changes. [#705 <https://github.com/shadow/shadow/issues/705>] o Added a GitHub workflow to ensure Shadow builds and its tests pass in every pull request and commit to master [#707 <https://github.com/shadow/shadow/pull/707>] o Made progress on fixing compiler warnings so that we can enable -Werror (i.e. prevent new warnings from slipping in unnoticed) [#711 <https://github.com/shadow/shadow/issues/711>] Activities planned in the next ~month: * Continue making development assurance and velocity improvements. * Develop a plan for incrementally migrating Shadow to Rust. We'dlike to get to a state where new code is written in Rust rather than in C. * Start redesigning TCP emulation, with an eye towards modularizing and porting to Rust. * Start working on process-based separation. -Jim

1 0

Job opening: Executive Assistant
by Erin Wyatt 10 Feb '20

10 Feb '20

Hello, everyone! We have a new open position: https://www.torproject.org/about/jobs/executive-assistant/ The job posting is available at the link above, pasted below, and attached as a PDF. Please help us spread the word by sharing, forwarding, tweeting, whatever! :) Thank you all! Have a great week. Cheers, Erin ———————————>8 February 10, 2020 The Tor Project is looking for an Executive Assistant! The Executive Assistant is responsible for providing high-level administrative support to the Executive Director. This position will actively manage the ED’s schedule, handle internal and external executive-level communications, and coordinate special projects and events. This position is full-time and remote; someone in the Eastern time zone strongly preferred. You: · Technology-competent and/or willing and able to learn new tools. Our team coordinates via IRC (the grandparent of Slack), email, Signal messaging app, and bug trackers, etc. · Have an exceptional ability to see ten steps ahead, anticipating and heading off issues before they become problems. · Highly skilled at prioritizing ED’s tasks and effectively communicating changing priorities on a daily basis. · Problem solver! Plans, strategies, and schedules change: You react quickly, are resilient, and take the initiative to find the best alternatives when these changes arise. · Independent: self-directed and able to get the job done; ensure the ED is on track. · Proactive: you take initiative in improving processes; you’re always thinking ahead. Job Duties: · Manage ED’s schedule: schedule meetings, screen for conflicts, and ensure the ED is prepared for important meetings. · Arrange travel, prepare expense reports, and handle other administrative tasks. · Head up the planning and logistics of twice-yearly organization-wide meetings. · Serve as proxy for ED at certain weekly meetings, take notes, and keep track of ED’s action items. · Develop and sustain a high level of professionalism among staff and community members. · Assist the ED with administering the organization’s travel policy: follow up on travel approvals and expenses and help manage the budget. · Assist the ED with reports, presentations, and follow ups with/for major donors and sponsors. Required Skills & Qualifications: · Be personable with strong interpersonal and oral/written communication skills; ability or willingness to learn to use various communication tools and function in an asynchronous work environment. · Uphold a strict level of confidentiality. · Maintain a high level of attention to detail and accuracy. · Ability to manage multiple tasks, re-prioritize on a daily basis, and meet deadlines. · Be highly organized with exceptional planning skills. · Able to work both independently and in a collaborative environment. · Ability to track and monitor travel budget spending at the org level. · Willingness to try new methods, apps, and/or technology. · Take initiative in completing assignments, solving problems, and seeking solutions. · 3 to 5 years’ experience as Executive Assistant or similar roles. · An interest in free and open source software and/or internet freedom is a bonus but not required. To apply: Please email a PDF of your resume/CV, and a cover letter explaining how your qualifications and experience meet the requirements of this job description. Please include your salary requirements and why you want to work at Tor Project. Email should be sent to hr at torproject dot org with "Executive Assistant " in the subject line. No phone calls, please. Other notes: We offer a competitive benefits package, including a generous PTO policy; 14 paid holidays per year (including the week between Christmas and New Year's, when the office is closed); health, vision, dental, disability, and life insurance; flexible work schedule; and occasional travel opportunities. The Tor Project, Inc., is a 501(c)(3) organization headquartered in Seattle with paid staff and contractors of around 40 engineers and operational support people, plus many volunteers all over the world. Tor develops free and open source software for privacy and freedom online, protecting people from tracking, surveillance, and censorship. The Tor Project's mission is to advance human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, support their unrestricted availability and use, and further their scientific and popular understanding. We are committed to creating and maintaining a diverse and safe environment, and we are committed to our Social Contract, Membership Values, and our Code of Conduct. The Tor Project, Inc., is an equal opportunity, affirmative action employer. We strongly encourage everyone to apply to this position without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, or age.

1 0

Network health meeting notes, 10 Feb 2020
by Gaba 10 Feb '20

10 Feb '20

Hi! We just had the weekly network health team meeting. You can read the logs at: ttp://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-02-10-19.01.html The content of the pad (https://pad.riseup.net/p/tor-networkhealth-2020.1-keep) for this meeting was: ------------------------------- ---- 10 February 2020 ------------------------------- Roadmap is done for Q1: https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… Announcement GSoC project: https://community.torproject.org/gsoc/ • Metrics queries for GoodBadIsps page. https://dip.torproject.org/torproject/web/community/issues/72#note_483 Statuses: Geko: AFK Gaba (Feb 10): Last week: * help with sbws's proposal for funding This week: * help with sbws's proposal for funding Gus: This week: * Reviewing community team roadmap and network health team * Submitting EFF Legal FAQ comments to GeKo this week RotationMatrix: This week: * Adding metrics queries to GoodBadIsps page. -- Project Manager: Network, Anti-Censorship and Metrics teams gaba at torproject.org she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

January 2020 report for the UX team
by Antonela Debiasi 10 Feb '20

10 Feb '20

Hello Tor, Onion Services ============== We are on the last bit of making the Tor Browser user experience with onionsites smoother and more intuitive. We've been iterating over the client errors for onionsites and also reaching consistency with the onion identity presence in the URL bar. We were discussing them here: https://trac.torproject.org/projects/tor/ticket/19251 https://trac.torproject.org/projects/tor/ticket/32645 Also, we've been working on deploying memorable names for onionsites. This proof-of-concept will allow end-users to type a readable address at the URL bar like [antonela.tor.onion], and Tor Browser will serve the associated onion service. Users will be able to inspect and copy the original 56-character domain name too. https://trac.torproject.org/projects/tor/ticket/28005 User Research - S9 ================== During December, community members from Colombia and Kenya ran user research over the Tor Browser download process. During January, we worked on reporting their findings. Nah is uploading our reports here: https://dip.torproject.org/torproject/ux/research/tree/master/reports/2019/… S30 === OONI has been working on making Tor vanilla test available to run in all the OONI Probe apps. We've worked on its user interface and reviewing the implementation across platforms. https://github.com/orgs/ooni/projects/3 L10n ==== Emmapeel and the invaluable collaboration of the volunteers made the Tor Browser manual available in lithuanian. Pažiūrėk čia: https://tb-manual.torproject.org/lt She also has been working on documenting the l10n workflow for translators in https://community.torproject.org/localization/ Outreach ======== The Tor Project will host the Tor village during the last days of the Internet Freedom Festival. We are collaborating with the Community Team on setting up the agenda and also managing the invites. If you are interested in joining us in Valencia, stay tuned! Open Team ========= We roadmapped the work for the UX team in 2020. You can sneak peek what we will be hacking on here https://nc.torproject.net/s/CqiqS7NRrfPkmLx If you missed those, January weekly meetings notes are here: https://lists.torproject.org/pipermail/ux/2020-January/000483.html https://lists.torproject.org/pipermail/ux/2020-January/000484.html https://lists.torproject.org/pipermail/ux/2020-January/000485.html https://lists.torproject.org/pipermail/ux/2020-January/000486.html Love and peace, A -- Antonela Debiasi UX Team Lead @antonela E2330A6D1EB5A0C8 https://torproject.org

1 0

Network Team Meeting Notes, 5 February 2020
by Alexander Færøy 10 Feb '20

10 Feb '20

Hello, Here is a short summary of the network team meeting from Wednesday the 5th of February 2020. 1) We started out with roadmap. People were asked to prioritize 0.4.3 tickets. 2) We looked at the 0.4.3 status page. 3) Discussion on next steps for C style work. It was decided that we have a meeting on Wed 12th of February at 23 UTC to discuss this further. 4) Nobody had anything else to discuss. --- end of summary --- You can read the network team meeting log at: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-02-05-22.59.html Below are the contents of our meeting pad: Nick: Week of Jan 27 (planned): - Review all incoming 043 patches on my queue * - Read and answer Mike's big congestion document * - Release 0.4.2 and 0.4.1. (Is a final 0.4.0 called for?) * - More PETS discussion, and artifact review. * - Triage 0.4.3 and assign tickets with ahf. * - Take care of whatever 0.4.3 tickets are assigned to me. - Sketch out Walking Onions work plan. - Answer and discuss pending stuff about C style project. - Time permitting: - Review pending patches for 044 - Make more dirauth options optional (32139) - Stem tracing? (30901) Week of Jan 27 (actual): - Releases for 0.4.2.x and 0.4.1.x - Worked on Clusterfuzz timeout issues (33118) - Worked on a bunch of 043-must/should items; get several of them into needs-review. Lots of analysis here. - Read and suggested edits to Mike's big congestion document. - Follow up on comments about C style - Review and merge patches. - Started working on patches to deprecated options (31180) - Triaged 043 tickets with ahf. - Started a bug-retrospective analysis with teor - Wrapped up paper-related PETS2020 stuff; only artifacts left! - Investigated logs related to directory authority DoS; proposed a compression-based solution. - Opened tickets for two TROVE issues; one low and one medium severity. - Reviewed proposal 312. Week of 2 Feb (planned): - Finish bug retrospective. - Solve as many 043-must/should issues as I can. - Review and merge. - Keep an eye on blog comments about recent stable releases. - Plan for an alpha early next week. - More work on paper with Ian and Chelsea (revisions due 15 Feb) - Review Teor's proposal 313 once it's out - Integrate revisions to prop295 before I forget completely catalyst: week of 01/27 (2020-W05) (planned): - reviews - retrospective 01/29 week of 01/27 (2020-W05) (actual): - retrospective 01/29 - reviewed some more gsod work (#32928, #32929) - debugged some more about why LeakSanitizer seemed to not be working (#33087) week of 02/03 (2020-W06) (planned): - reviews - getting feedback on .github repo stuff (#32335) - feedback cycle stuff week of 02/03 (2020-W06) (actual): - more review of gsod work (#32928, #32929), with nickm's help ahf: Week of 27/1 2020 (planned): - Ticket triage with Nick. - Continue on sponsored work. - Try to read and understand Mike Perry's epic pad. - Read and follow up on Teor's IPv6 propsal(s). - Prepare slides for FOSDEM and travel to FOSDEM (will thus be AFK from IRC on most of Thursday and all of Friday). - Hope to catch up with Juga while in Brussels and hear what they are up to. - Hope to spend some time with ln5 and hack on his key hw/vault idea. - If there is anybody we should meet and talk with at FOSDEM, now is a good time to say so. Week of 27/1 2020 (actually): - Ticket triage. - Tried to wrap my head around Mike's email and Tim's proposals. - Did slides for FOSDEM, went to FOSDEM, spoke at FOSDEM. Went OK. - Met with Juga and Gaba to look at SBWS grant. - Hanged out with Juga who gave me an introduction to the sbws internals and how the tool works. - Spoke with Linus and Peter Stuge about the vault idea. Week of 3/2 2020 (planned): - Work on one of the TROVE's. - Tried to wrap my head around the HS randevouz blog post. - EOM tasks from January. - Some follow ups related to peer review and FOSDEM. asn: Week of 20/01 (actual): - Almost recovered physically. - Took over #32709 from David (Thanks David!) and discussed it with Nick (Thanks Nick!) - Started working on remaining #32709 items. - Various S27 planning moves. Week of 27/01 (planned): - Finalize #32709 so that I can use it for testing OBv3. - Get back to doing reviews etc. Mike: Last week (planned): - Have gaba+isa review role descriptions - Metrics kickoff meeting - Work on explicit congestion notification meta-proposal - File perf-related roadmap tickets - Triage + prioritize circpad, vanguards bugs Last week (actual): - Had gaba+isa review role descriptions; worked on 2020 plan - Metrics kickoff meeting - Worked on explicit congestion notification meta-proposal This week (planned): - Mozilla all hands - Congestion control tor-dev post Maybe dropping due to Mozilla: - File perf-related roadmap tickets - Write mails to researchers re circpad docs + simulator - Triage + prioritize circpad, vanguards bugs dgoulet: Week of Jan 20th (actual): - Reviews and merges and meetings. - Worked on #33018/#33029. - The email world was strong that week. - Logistics for NetDev'14 conference in March. Rob and I were accepted for a talk there. Week of Jan 27th (planned): - Continue into the #33018 and #33029 madness world. - Hopefully make progress on ticket assigned to me on the roadmap. Gaba: Week of January something... (actual) - Roadmap life - Run behind Trac - Sustain OSS and Fosdem - sbws roadmap Week of February 6th (planned) - s55 - reduce scalabiltiy project to fit new requirements - survive a pile of mails - run behind trac again teor: (online first meeting of the month, offline at the usual meeting time) Week of 27 January (planned): Take Time for: - Backports (if needed) - Draft sponsor 55 (relay IPv6) roadmap - Create tickets (once proposals have been reviewed) - Revise Proposal 311: Relay IPv6 Reachability: (please review!) (#24404) https://lists.torproject.org/pipermail/tor-dev/2020-January/014132.html - Draft Proposal 312: Automatic Relay IPv6 Addresses (#33073) - Draft Proposal 313: Relay IPv6 Statistics ? - Update Proposal 306: Client Auto IPv6 Connections ? (#33043) - based on proposals 311 and 312 Roadmap: - (Transitioning between unfunded work / 0.4.3 fixes, and Sponsor 55) Other: - Code Reviews Week of 27 January (actual): Take Time for: - Revise Proposal 311: Relay IPv6 Reachability (#24404) - Draft and Revise Proposal 312: Automatic Relay IPv6 Addresses (#33073) - Backports before releases Roadmap: - #33091 minor change related to Sponsor 55 O1.2 Other: - Added info to #31009 - Use public relay addresses for PTs - Related to Relay Auto IPv6 Address: proposal 312 and ticket #5940 (Sponsor 55) - Added info to #33018 - Dir auths using an unsustainable 400+ mbit/s - Related to Relay Auto IPv6 Address: proposal 312 and ticket #5940 (Sponsor 55) - Added info to #31180 - Remove deprecated options in 0.4.3 - Not actually related to Sponsor 55, but nickm thought that it was - Ticket triage, backport deciding, quick code reviews - Help with minor CI changes (#32455, #33075) - Help with LeakSanitizer bugs (#33087, #31594) Week of 3 February (planned): Take Time for: - Revise Proposal 311: Relay IPv6 Reachability (#24404) - Revise Proposal 312: Automatic Relay IPv6 Addresses (#33073) - Draft Proposal 313: Relay IPv6 Statistics (ticket?) - sbws roadmap review - sbws funding proposal review - Merge proposals 311 and 312, and send out final drafts to tor-dev Roadmap: - Make tickets for roadmap, based on proposals 311 and 312 Other: - Ticket triage, backport deciding, quick code reviews Week of 3 February (actual): Take Time for: - Revise Proposal 311: Relay IPv6 Reachability (#24404) - Revise Proposal 312: Automatic Relay IPv6 Addresses (#33073) - Merge proposals 311 and 312 - Start Drafting Proposal 313: Relay IPv6 Statistics (#33159) - sbws roadmap review - responding to emails and IRC Roadmap: - responding to questions on sponsor 55 tickets - update other tickets based on Sponsor 55 analysis and proposals Other: - Ticket triage, backport deciding, quick code reviews - Opened #33156 for a DoS subsystem IPv6 bug - GSoC potential IPv6 project: update project info based on latest proposals - Security issue analysis Need help with: - Please review Proposal 312: Automatic Relay IPv6 Addresses: (for Sponsor 55) https://lists.torproject.org/pipermail/tor-dev/2020-January/014136.html -- Alexander Færøy

1 0

[release] Onionoo 8.0 will be released on February 20, 2020
by Karsten Loesing 09 Feb '20

09 Feb '20

Hi! We're going to release Onionoo protocol version 7.0 in 11 days from now on February 20, 2020. This protocol version will include a few backward-incompatible changes, all related to graphs: - Include graph history objects even if the time periods they cover are already contained in other graph history objects with shorter time periods and higher data resolutions, - remove "3_days" and "1_week" bandwidth graphs, - change "1_month" bandwidth graph to a data resolution of 24 hours, - add back "1_month" clients graph, and - remove "1_week" uptime and weights graphs. You can find more details on the Onionoo protocol page: https://metrics.torproject.org/onionoo.html If you're using any of these graphs in your Onionoo client and have questions or concerns about this change, please let us know! We might be able to help. And if you need more time to update to the new protocol version, please let us know, too. We typically give a four weeks heads-up for backward-incompatible changes but somehow failed to do so this time. If we don't hear from anyone, we're making the change on/around February 20. On behalf of the Tor metrics team, Karsten

1 0

Notes from Vegas Meeting FEBRUARY 6 2020
by Erin Wyatt 07 Feb '20

07 Feb '20

VEGAS TEAM MEETING NOTES FEBRUARY 6 2019: + NEW BUSINESS Nickm: - Everybody please keep an eye at the unapproved blog comments at https://blog.torproject.org/admin/content/comment/approval . (No discussion needed) GeKo: - Did we actually make progress on deciding what license/copyright line we want to use for code that we write during our job? Resolution: Not yet. It’s in ewyatt’s queue, she’ll follow up. ewyatt: - Nickm question re: feedback process - change review period through January 31? Resolution: Sure, seems fine. ewyatt will send notice by email. anarcat: - Postponed the Storm migration one week (but not more!) migrate your stuff *now* if you haven't done so already, see also https://trac.torproject.org/projects/tor/ticket/32390 - Old data on nc.riseup.net (the old nextcloud instance) should have been destroyed on tuesday, but might still be around if you haven't moved everything yet https://trac.torproject.org/projects/tor/ticket/32391; let me know if you want to hear about the RFC process we are working on gaba: - HELP. We will need gitlab service admins! please please please check with your teams to see who can help with it. That would mean people that could: • have a shell account in the server where gitlab is running • able to start/stop service • able to upgrade the service • troubleshoot any problems with the service • get support from the sysadmin team <-- they will not be alone :) + GENERAL NOTES Georg: 1. Learning a lot at Mozilla's All Hands meeting 2. Network health roadmapping 3. Getting up to speed with bad relay work 4. Getting up to speed with sbws 5. Did we actually make progress on deciding what license/copyright line we want to use for code that we write during our job? Antonela: 1. Met Simply Secure with Gaba in Berlin to kick off the OTF Metrics project. Nina Vizz is going to work on this project. 2. Met Fiona to update her about our work with onions 3. Following up on some conversations around Berlin Allhands 4. Reviewing deliverables of 2019 S9 user research and planning 2020 Q1Q2 roadmapping 5. Writing ux team january report 6. Regular work in S27, following up with Tunde around S30 research, working in S30 OONI related tasks 7. Thinking about onion services, working on DRL community proposal 8. I'll be offline from Feb 13th to Feb 19th Steph 1. Wrote an email to sponsors about Tor's media presence in 2019. Also published as a blog post 2. Inquiries: Interviewed with Tech Round. Talked to a student writing a story about the "dark web." 3. Working with Learning Lab. Answered questions for the writer who is working with us and had a follow up call to help outline the new page they're helping us write. 4. Coordinated Isa's Team Time. 5. Helping out with prep for the upcoming SF events. anarcat 1. adopted sysadmin roadmap in the last TPA meeting, will be migrated to trac tomorrow but for now see https://help.torproject.org/tsa/roadmap/2020/ 2. agreed to use an "RFC" process to decentralize and "asynchronise" decision making in the team, will be formulated formally tomorrow, let me know if you're interested to hear more 3. fixed hardware problems with new ganeti node and finished moving two VMs (including the scary check.tpo) off of an old server, which will be decomissioned after a delay, on tuesday 4. contacted various teams to followup on buster upgrades, need feedback from translation (https://trac.torproject.org/projects/tor/ticket/33110) and metrics about scheduling and planning (https://trac.torproject.org/projects/tor/ticket/33111) - progress followup here https://help.torproject.org/tsa/howto/upgrades/buster/#Per_host_progress 5. postponed the Storm migration one week (but not more!) migrate your stuff *now* if you haven't done so already, see also https://trac.torproject.org/projects/tor/ticket/32390 6. old data on nc.riseup.net (the old nextcloud instance) should have been destroyed on tuesday, but might still be around if you haven't moved everything yet https://trac.torproject.org/projects/tor/ticket/32391 Gaba 1. still roadmapping process for some teams - it will be faster next time 2. trying to figure out how to shutdown svn 3. saying bye bye to storm (for people that asked me about what we are using instead of wekan: we have been migrating to project boards in gitlab. please AMA) 4. requesting old data to get rid from nc.riseup.net 5. fosdem and sustain OSS last week - following up a few things from there 6. grant writing: DRL scalability and NLNET sbws 7. met with simply secure and antonela to kick off their work on the metrics data portal (they will be around irc ux channel and metrics team weekly meetings) 8. HELP. We will need gitlab service admins! please please please check with your teams to see who can help with it. That would mean people that could: • have a shell account in the server where gitlab is running • able to start/stop service • able to upgrade the service • troubleshoot any problems with the service • get support from the sysadmin team <-- they will not be alone :) 9. today listening to Luciana Mocchi https://es.wikipedia.org/wiki/Luciana_Mocchi isabela: 1. Working on follow ups w/ foundations we met in January 2. Organizing SF in March, we will have a week full of meetings and events 3. Working on job descriptions with Erin 4. Did Tea Time at #tor-internal 5. Finalized MDF reports 6. Organizing onionize the web and there is no dark web strategies (together w/ stakeholders) 7. Updating Membership Program proposal sarah: 1. Planning for San Fran and NYC events. 2. Helping with funding proposals/reports. 3. Working with Jon to take over his fundraising tasks. 4. Attended meetup with CiviCRM users. gus: 1. Drafting our Call for Proposals to Tor Village in IFF 2. Organised Tor meetup in FOSDEM, and joining today in Tor Meetup Berlin - https://blog.torproject.org/tor-meetup-berlin-feb2020 3. We published Tor Browser for Android manual - https://tb-manual.torproject.org/mobile-tor/ 4. Outreachy: wrote Cleopatra's feedback. Outreachy internship ends in March. 5. Roadmapping Community Team work. 6. Sponsor9 sync meeting with Antonela and Pili. 7. Working on Legal FAQ 2020 edition. Nick: 1. Home internet is down today; using neighbors' wifi (with permission). I am expecting an ISPtech to show up some time during this meeting or slightly before. If they do, I'll be offline. 2. Everybody please keep an eye at the unapproved blog comments at https://blog.torproject.org/admin/content/comment/approval . (No discussion needed) 3. 0.4.1 and 0.4.2 stable releases came out last week; new 0.4.3 alpha likely next week. 4. Sponsor 55 seems to be going well; teor is off to a good start writing proposals. 5. My schedule for this week and next is about 30% meeting time. Not where it really ought to be :/ Alex: 1. Went to FOSDEM with some Tor folks: - Talked with Gaba and Juga about sbws and juga gave me an intro to all of it. - Spoke about Tor in the decentralized internet and privacy devroom. Room seemed full. [pili: it was the fullest I saw it! :) ] 2. Different smaller meetings with network team folks about ongoing work. 3. Ramping up my sbws understanding to help out there. 4. Working on 0.4.3 stuff right now. Pili: 1. At FOSDEM last weekend • - gaba and I gave a State of the Onion talk in the Internet track. 2. Finished GSoC application form, our list of projects is here: https://community.torproject.org/gsoc • - let me know if you see anything that needs changing/updating 3. Face to face meetings with Gus and Antonela in Brussels to organise roadmaps and S9 work 4. Will start working on DRL proposal with Al soon 5. Attended a really good usability testing workshop in Brussels, have started documenting and creating templates in gitlab for proposing usability tests: https://dip.torproject.org/torproject/ux/research/blob/master/.gitlab/issue… 6. Working on December and January Browser team monthly report 7. Lots of meetings this week... Philipp: 1. Lots of interaction with bridge operators • - Got in touch with all operators from our bridge campaign from last year • - About to send tshirts to our default bridge ops 2. Business as usual with Sponsor 30 and 28; still grant writing for NSF TTP grant 3. More work on docker obfs4 image. Also trying to create an official "torproject" docker organisation, to host our images Erin: 1. Office move done 2. Personnel stuff; Working on job descriptions, plan to get out ASAP 3. Working on catching up with all the things 4. Re: feedback process - change review period through January 31? (nickm question) Karsten: 1. Made more graphs for future scalability and performance experiments (#33076) and the torflow/sbws transition (#33077). Matt: 1. Mozilla All-Hands Last Week 2. Tor Browser releases next week 3. Beginning Tor Browser migration from ESR train to Release train 4. Beginning Android Tor Browser migration

1 0

Three Tor security goals for the network layer
by Roger Dingledine 07 Feb '20

07 Feb '20

Hi folks, I'm meeting with a group of systems professors this week to discuss security at the network layer -- for example, how can backbone routers help make the internet a safer place. I expect many of the professors will talk about routing security, or scalability, or other "systems"-y things -- maybe even including how we need accountability and tracking in order to stop DDoS attacks. I've written up the pitch for three angles that I think are important and might otherwise be absent from the agenda: (1) securing communications metadata (2) preventing browser (application level) tracking (3) resisting blocking (censorship) I've posted the document at https://freehaven.net/~arma/isat2020.pdf and I'm attaching the files here too for posterity. It's two pages -- one page for explaining the problems, one page for "how can we do better?" Feel free to reuse the text for your purposes, like grant proposals, or explaining Tor to people, or whatever else it's useful for. --Roger

4 3

Tor Browser Team: December and January report
by Pili Guerra 07 Feb '20

07 Feb '20

Hi everyone, A very belated happy new year to everyone from the Tor Browser team along with our December 2019 and January 2020 report. We kicked off December with the 9.0.2[1] and 9.5a3[2] releases. These releases are still suffering from build reproducibility issues[3] and we continued our work on fixing these during the month. We also continued working on our automatic nightly builds[4] infrastructure, scripts and keys to enable us to easily provide these in future. Other than that this was a relatively quiet month with much of the team taking a well deserved break and charging their batteries ready for the new year. The full list of tickets closed by the Tor Browser team in December is accessible using the TorBrowserTeam201912[5] keyword in our bug tracker. During January we've been mostly working on our Sponsor 27[6] deliverables to improve the user experience when accessing v3 Onion Services using Tor Browser. This work includes adding capabilities to access onion services which require a client to provide an authorization key[7] as well as informing users about errors[8][9] when accessing an onion service, updating the url bar with indicators that explain and educate users about the characteristics of the onion service[10] they are visiting and making it easier for users to remember v3 onion service names[11]. We have also started exploring the behaviour to redirect to the onion service version of a website when this is advertised using the Alt-Svc[12] and Onion-Location[13] headers. We have also continued working on providing more granular security setings[14], scoped at the website level and have decided on an approach to implement this in Tor Browser. Our work to provide automatic nightly updates is still ongoing and we hope to have some developments in this area very soon. We had three releases in January: 9.0.3[15], 9.0.4[16] and 9.5a4[17] In January we also completed the Tor Browser Team lead role transition with Matt now fully onboarded into this role. We thank Georg for his leadership during the past few years and wish him the best of luck with his new role! The full list of tickets closed by the Tor Browser team in January is accessible using the TorBrowserTeam202001[18] keyword in our bug tracker. All tickets on our radar for February can be seen with the `TorBrowserTeam202002` keyword in our bug tracker.[19] Thanks for reading! Pili [1] https://blog.torproject.org/new-release-tor-browser-902 <https://blog.torproject.org/new-release-tor-browser-902> [2] https://blog.torproject.org/new-release-tor-browser-95a3 <https://blog.torproject.org/new-release-tor-browser-95a3> [3] https://trac.torproject.org/projects/tor/ticket/32053 <https://trac.torproject.org/projects/tor/ticket/32053> [4] https://trac.torproject.org/projects/tor/ticket/18867 <https://trac.torproject.org/projects/tor/ticket/18867> [5] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… <https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB…> [6] https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor27 <https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor27> [7] https://trac.torproject.org/projects/tor/ticket/30000 <https://trac.torproject.org/projects/tor/ticket/30000> [8] https://trac.torproject.org/projects/tor/ticket/30022 <https://trac.torproject.org/projects/tor/ticket/30022> [9] https://trac.torproject.org/projects/tor/ticket/30025 <https://trac.torproject.org/projects/tor/ticket/30025> [10] https://trac.torproject.org/projects/tor/ticket/32645 <https://trac.torproject.org/projects/tor/ticket/32645> [11] https://trac.torproject.org/projects/tor/ticket/30029 <https://trac.torproject.org/projects/tor/ticket/30029> [12] https://trac.torproject.org/projects/tor/ticket/30024 <https://trac.torproject.org/projects/tor/ticket/30024> [13] https://trac.torproject.org/projects/tor/ticket/21952 <https://trac.torproject.org/projects/tor/ticket/21952> [14] https://trac.torproject.org/projects/tor/ticket/30570 <https://trac.torproject.org/projects/tor/ticket/30570> [15] https://blog.torproject.org/new-release-tor-browser-903 <https://blog.torproject.org/new-release-tor-browser-903> [16] https://blog.torproject.org/new-release-tor-browser-904 <https://blog.torproject.org/new-release-tor-browser-904> [17] https://blog.torproject.org/new-release-tor-browser-95a4 <https://blog.torproject.org/new-release-tor-browser-95a4> [18] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB… <https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorB…> [19] https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… <https://trac.torproject.org/projects/tor/query?status=accepted&status=assig…> — Project Manager: Tor Browser, UX and Community teams pili at torproject dot org gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project February 2020