tor-project June 2020

tor-project@lists.torproject.org

19 participants
34 discussions

Re: [tor-project] February - May 2020 User Feedback Report (Nicolei Ocana)
by Nicolei Ocaña 22 Jun '20

22 Jun '20

Georg > Is that essentially Windows-only? No, there were some tickets where users attached screenshots of their prompts - Windows, Mac, and Linux user interface windows. > For the Windows ones, do we know how many of those issues are due to #10416 > (https://gitlab.torproject.org/tpo/core/tor/-/issues/10416)? >From the screenshots that users shared, none alluded to this issue. > What do you mean by "blocking larger media elements by default" There is no logic in Tor > Browser that is blocking media elements depending on their size. Additionally, Tor Browser > should not block anything by default in its standard security mode. I misspoke. I was incorrect in my statement; I should have wrote "NoScript blocks media on security levels Safer and Safest." You are absolutely right on both fronts. Thanks for clarifying these aspects: Tor Browser does not block any media by default; NoScript allows for media in the Standard security level. > So, what is happening in those cases? Do you have an example of a report by chance? So, I'll admit, I was mistaken. To make a long story short - one user took a screenshot of NoScript blocking out its media yet I neglected to pay attention that the user had the Safer security level set. I presumed this occurred by default. After clearing up the confusion, those cases contained Flash-based XSS attempting to show a movie. Below is the example: >> Hi >> Tried to watch this on Tor: >> https://www.brighteon.com/be689f32-5526-4601-a627-48dc4f896cf9 >> And several other videos. but they come up with a red circle with a monster with teeth in >> the middle. An even when I choose one of the responses it still won’t play And another thing is that many Tor users are now having issues to watch YouTube: "Our systems have detected unusual traffic from your computer network. Please try your request again later. Why did this happen? This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service. The block will expire shortly after those requests stop. ..."

1 0

Tor browser meeting notes, 22 June 2020
by Gaba 22 Jun '20

22 Jun '20

Hi! Tor Browser meetings are happening every Monday at 1800UTC on #tor-meeting in irc.oftc.net We had a meeting on June 22nd and here are the logs and notes. Log: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-22-17.59.log… Pad: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/tor… Contents of the pad for today: == Tor Browser meeting pad! == Next meeting is at Monday 29 June 1800 UTC on #tor-meeting on OFTC. June Schedule: * Monday 15 June 18:00 UTC * Monday 22 June 18:00 UTC Release meetings: https://pad.riseup.net/p/tor-browser-release-meeting-keep Tuesday June 23th 18:00 UTC Tuesday July 7th 18:00 UTC (This channel is logged while meetings are in progress.) (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Upcoming Releases and other important dates 2020.06.30: 9.5.1 and 10.0a2 - ESR68.10, ESR78.0 Latest Releases: 2020.05.22: 9.5a13 https://blog.torproject.org/new-release-tor-browser-95a13 2020.06.02: 9.5 Stable https://blog.torproject.org/new-release-tor-browser-95 2020.06.02: 10.0a1 https://blog.torproject.org/new-release-tor-browser-100a1 == Previous notes == (Search the tor-project mailing list archive for older notes.) June 15th - https://lists.torproject.org/pipermail/tor-project/2020-June/002878.html == What project we are working on? == SPONSOR 58 - Tor Browser Security, Performance, & Usability Improvements - soon to be moved to gitlab Parent ticket: https://trac.torproject.org/projects/tor/ticket/33664 Wiki page: https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor58 Timeline: https://nc.torproject.net/s/ow2r6cLgL7Cd9BA == Stuff to do every week == Check reviews not taken! How reviews from last week worked? Any blocker? For S58: https://trac.torproject.org/projects/tor/query?status=needs_review&sponsor=… - soon to be moved to gitlab ------------------------------- ---- 22 June 2020 ------------- ------------------------------- == Announcements [please date] == == Discussion [please date] == Is confirmed the TB release meeting tomorrow June 23rd? - yes (June 22nd) gitlab labels for applications group labels for usability issues https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/4 how reviews in gitlab will happen- using MRs (June 22nd) S58 (June 22nd) blog moderation (June 22nd) Please take a look at dev.tpo content structure and point me what im missing https://gitlab.torproject.org/tpo/web/trac/-/issues/24132#note_2681345 (June 22nd) Needs review https://gitlab.torproject.org/tpo/anti-censorship/trac/-/issues/40004 Log June 22nd: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-22-17.59.log… == Status Updates == Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: - Something you may need help with. ahf: Week of 2020-06-15 (actual): - Lots of Gitlab stuff Week of 2020-06-22: - Back to working on Fenix and Tor integration. boklm: Week of 2020-06-15 (actual): - Made patches to use rootless containers and was able to do builds of Tor Browser for windows-x86_64 and osx-x86_64 (tor-browser-build#23631 and rbm#40001). For some unknown reason the builds based on wheezy are not working. Week of 2020-06-22 (planned): - Add some documentation for rbm#40001 and set the patch as Needs Review - Improve patch for rbm#32272 to handle Ctrl+C Mike: Week of 06/15 (planned): - gecko-dev proxy audit Week of 06/15 (actual): - Looked over previous proxy audit notes for plan - metrics tickets followup - Funding proposal work - Congestion control work for funding proposal (see email) Week of 06/15 (planned): - Wrap up congestion control proposal draft - gecko-dev proxy audit mcs and brade: Week of June 15th (actual): - Created revised patches for: - tor-browser#33851 (Patch out Parental Controls detection and logging). - tor-browser#33998 (stop using XUL <grid> soon). - tor-browser#33848 (Disable Enhanced Tracking Protection). - Spot-checked acat’s 33533+6 branch (the updated ESR78 rebase). - Created a patch for https://bugzilla.mozilla.org/show_bug.cgi?id=1642754 - This is a spin-off of Mozilla bug 1642404 and covers the remainder of tor-browser#28885. - Our fix was merged into mozilla-central \o/ - Provided feedback on anti-censorship/trac#40004 (Sponsor 30 O3.2 UX Flow). - Started to review Firefox release notes and closed bugs for Firefox 75-78. Week of June 22nd (planned): - Continue review of Firefox release notes and closed bugs for Firefox 75-78. - Follow up on https://bugzilla.mozilla.org/show_bug.cgi?id=1642404 (upstreaming of tor-browser#28885). - We are not sure why this has not yet been merged to mozilla-central. sysrqb: Week of 15 June (planned): Really, really finish #33939 Review testsuite patches and merge them so we have a working...testsuite Catch up on current 9.5/10.0a tickets Finally land vpx patch upstream Week of 15 June (actual): Really, really finish #33939 (no) Review testsuite patches and merge them so we have a working...testsuite (no) Catch up on current 9.5/10.0a tickets (no) Finally land vpx patch upstream (small progress, but not complete yet) Followed up on a Mozilla browser fingerprinting bug Helped with some GitLab migration tasks Fallout from OTF and USG changes Tried counting the number of active Tor Browser instances Week of 22 June (planned): Really, really finish #33939 Review testsuite patches and merge them so we have a working...testsuite Catch up on current 9.5/10.0a tickets Finally land vpx patch upstream Review https://gitlab.torproject.org/tpo/anti-censorship/trac/-/issues/40004 Continue tracking OTF/DRL situation Audit GitLab labels Release prep GeKo: Week of June 15 (planned): Gitlab work Finish review of #33533 Work on application-services build Week of June 15 (actual): Gitlab work Review of #33533 (but not finished) Week of 22 June Finish review for #33533 Finish build of application services help with releases were fit Gitlab label situation/workflow Antonela: Week of 2020-06-22: - Review HTTPS-E Names https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40010#n… - Work on S58 tickets TBA UI - Waiting for tbb-dev review in S30 https://gitlab.torproject.org/tpo/anti-censorship/trac/-/issues/40004 acat: Week of 15th June (planned): Possibly address GeKo's feedback on #33533 Finish uplift #32414 (Make Services.search.addEngine obey FPI) Document rebase process for tor-browser-spec Maybe start covering some patches with tests Week of 15th June (actual): Found out uplift #32414 was not needed, as the API is removed in 78. Done #33954: Consider different approach for "2176: Rebrand Firefox to TorBrowser" Picked some fixes for #33533 (esr78 rebase) tor-browser-spec#40001: initial work for Document/improve/automate Tor Browser rebasing process Week of 22 June: Possibly address GeKo's feedback on #33533 Add tests in tor-browser-bundle-testsuite: 40001: Add test for "Communicating security expectations TB patch" 40002: Add test for "Add v3 onion services client authentication prompt" TB patch 40003: Add test for "Implement Onion-Location" TB patch 40004: Add test for "Implement .onion alias urlbar rewrites" TB patch 40005: Add test for "Replace security slider with security level UI" TB patch Rebase #33533 to latest beta and test tor-browser-spec#40001 process -- she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

Network meeting notes, 22nd June 2020
by Gaba 22 Jun '20

22 Jun '20

Hi! Network meetings are happening every Monday at 1700UTC on #tor-meeting in irc.oftc.net We had a meeting on June 22nd and here are the logs and notes. Log: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-22-16.59.log… Pad: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/tor… Contents of the pad for today: == Network meeting pad! == Next meeting is at Monday 29th June 1700 UTC on #tor-meeting on OFTC. June Schedule: * Monday 29 June 17:00 UTC Welcome to our meeting! We meet each month at: Mondays at 1700 UTC On #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == (Search the tor-project mailing list archive for older notes.) 1 June: https://lists.torproject.org/pipermail/tor-project/2020-June/002857.html 8 June: https://lists.torproject.org/pipermail/tor-project/2020-June/002865.html == Stuff to do every week == Let's check and update our roadmap: What's done, and what's coming up? Any change? All the trac tickets for the roadmap are in the team's page: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam <-- This will be moved to Gitlab ASAP S28 & S30 - Continue after October - Ahf S55 - Nickm & dgoulet Non sponsor stuff DoS defenses = Dgoulet + Asn Library Size reduction = Ahf + Dgoulet sbws = Ahf + Juga Check reviewer assignments! How reviews from last week worked? Any blocker? Here are the outstanding reviews, oldest first, including sbws: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… Go over our 0.4.4 status page at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTor… . (If maint-0.4.4 were released as stable tomorrow, what would we regret?) - scheduled to enter feature freeze on Monday June 15th == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases. * Check other's people call for help in their entries. Volunteers need help. Please help them when you are around. Maybe we should have times of day when different people are responders, and expectations of who helps. ------------------------------- ---- 22 June 2020 ------------------------------- == Announcements [please date] == Assigned reviews (Will put on gitlab when gitlab becomes RW again): dgoulet -> #33816 Fill in missing IPv6 addresses in extend cells nickm -> #34065 Make routerset_contains_router() support IPv6 asn -> #34433 Replace clang-format.sh with a faster, better version == Discussion [please date] == [June 22nd] Please take a look! (antonela) in the next 2 weeks -> https://gitlab.torproject.org/tpo/web/trac/-/issues/24132#note_2681345 [Next meeting - June 29th] Sponsor 55 Status - https://pad.riseup.net/p/FaSoXgt5tF0BkWYcG2So === Active Proposed Policies === * Pull Request Guidelines (stalled) === Design proposals under discussion === 315: require more fields in directory documents (still waiting [6/1]) 316: flashflow (asn and nickm are reviewing, should schedule discussion with pastly. [5/18]) 317: dns (under discussion on ML [5/18]) 318: limit protovers (waiting for more commment; needs discussion [6/1]) 319: wide everything (nick replied on ml; waiting for more discussion [6/1]) 320: tap out again - Do we have a consensus to replace this with a "deprecate v2 onion services" proposal? If so, who writes it? [6/1] protover rethinking (teor's email to tor-dev) (nick needs to reply [5/18]) 321: happy families (need feedback [6/1]) 322: dirport linkspec (need feedback [6/1]) == Recommended links == == Updates == Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: - Something you may need help with. PLEASE DO NOT BULK-DELETE THE OLD ENTRIES! Leave the "Planned" parts! Leave the parts for last week and this week! Nick: Week of 15 Jun (planned): - Get chutney actually working with assumereachable disabled (34445 through 34449) - Work on aftermath of gitlab migration. - Work with dgoulet to advance S55 planning. - Get S55 reachability test more advanced. - Release 0.4.4.1-alpha. Week of 15 Jun (actual): - Released 0.4.4.1-alpha - Worked on aftermath of gitlab migration: - Label hacking - checklist hacking - learning curve. - Chutney and S55 hacking: - Chutney relays now actually run self-tests! - Wrote code on #34067 to make ipv6 self-testing get treated as separate flag Week of 22 June (planned): - Go through backlog - Work on misc 0.4.4.x issues - Fix S55 bugs - More gitlab stuff, probably. - catch up on email backlog? ahf: Week of 15/6 planned: - Back to Fenix stuff with Browser Team - Support Gitlab people if we go with that. Week of 15/6 actually: - Lots of Gitlab support. Started the label cleanup. Moved more and more projects over. Week of 22/6 planned: - Trying to minimize myself in the Gitlab stuff for now. - Need to deal with review backlog. - Back to doing Fenix + Tor integration. - Get Tor network extension working on device with TGP sponsorship. asn: Week of 15/06 (planned): - More work on PoW proposal. Fold in David's work on the scheduler and derive results from that. - Hopefully merge #32040. - More reviews & merges. Week of 15/06 (actual): - Published latest version of PoW proposal with lots of revisions: https://lists.torproject.org/pipermail/tor-dev/2020-June/014381.html - Analyzed PoW scheduler results with dgoulet and David ended up finding an epic bug: #40006 - Wrote a patch for guards + metrics: #40001 - Got folded into an online hackathon and have been reviewing code from two participants who implemented two features for OBv3: status socket support and SIGHUP support. - Getting used to gitlab. Week of 22/06 (planned): - More work on PoW proposal: - Folding in more scheduler performance measurement results. - Think of effort estimation and minimum effort. - More OBv3 hackathon grooming. - Reviews & merges jnewsome: Week of June 1 (actual): - Added GH milestones and issues in shadow/shadow - Sent out Tor Project update - Added more thread/interposition APIs in shadow/phantom to support more syscalls. - Did some straceing to identify more syscalls we need for tor Week of June 8 (planned): - Hand off OnionPerf work for now (#33974: update to tgen 1.0) - Identify more syscalls needed to simulate Tor. (use nm/objdump; chutney; src/lib/sandbox) - Figure out (how to avoid implementing) netlink - Check whether we already can interpose Tor's name lookups (via libevent) Week of June 8 (actual): - shadow/phantom: Identified and documented syscalls needed for Tor, based on strace + sandbox config. https://github.com/shadow/shadow/issues/849 - Reviewed PR to add file IO support for shadow/phantom - More review for adding yaml config for shadow/shadow Week of June 15 (planned): - Work out logging from the shim with the new file IO design - Help flesh out support for syscalls and libraries needed to run Tor - Start looking into code-coverage tools (gcov) Week of June 15 (actual): - Fixed logging destination from the shadow/phantom shim - Patched libc from package sources to allow benchmarking for "preload" interposition mechanism without having to reimplement more of libc - A little bit of initial benchmarking of shadow/phantom. (So far much slower, but have some ideas for improvement) - Backported centos 7 fixes for shadow https://github.com/shadow/shadow/pull/851 Week of June 22 (planned): - More profiling of shadow/phantom and start work on optimizations pastly: Week of 18 May (planned): - Finish bones of external FlashFlow repo (python?) to control tor clients that perform FF measurements - Finish bones of little-t tor changes s.t. measurement can be performed - Discuss FlashFlow with network team devs as they have questions c: Week of May 25 (planned): - close up work on #33609 - get started on other s55 tickets, potentially knock out 'easy' ones first and take it from there - update https://trac.torproject.org/projects/tor/wiki/doc/gsoc with my information Week of May 25 (actual): - #33609 ready for review - started hunting down and working on other Sponsor55-can and -must issues - talking in #tor-project about wiki Week of June 1 (actual): - opened and made #34381 ready for review - IPv4 part of #32888 Week of June 8 (planned): - #33598 - IPv6 part of #32888 <-- do you have a ticket for it? Week of June 8 (actual): - #32888 IPv6 PR: https://github.com/torproject/tor/pull/1932 - requested reproducibility info for https://bugs.torproject.org/33598 -- maybe I'll start thread on tor-dev@ since trac is read-only - wrote Outreachy blog post explaining Tor's IPv6 goals Week of June 15 (planned): - during meeting, poke someone about https://github.com/torproject/chutney/pull/66 - chutney work with nickm (#34445 - #34448) - force myself to remain regularly active on tor-dev@ so we can get things done more efficiently :) - in general just check behind myself and others to clean up open issues in need of commentary or review Week of June 15 (actual): - started work on more chutney documention - opened discussions on gitlab about chutney components Week of June 22 (planned): - continue chutney discussion/work - #32888 / work on Address config to support IPv6 dgoulet: Week of 15/06 (actual): - prop312: Worked on #33233. Almost done! Needs clean up but it was way longer than I expected. - Helped the way I could with Gitlab migration - Worked with asn on PoW proposal (technical appendix) - While measuring HS DDoS performance, I found #40006. Week of 22/06 (planned): - Continue on s55 work (prop312) - Reviews and merges. - If time allows, patch for #40006. -- she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

February - May 2020 User Feedback Report
by Nicolei Ocaña 22 Jun '20

22 Jun '20

Hiya Welcome to the User Feedback Report for the months of February to May 2020. Hopefully, everyone is staying safe and socially distant/healthy :) tl;dr: Questions with minimal to no information (other than "Tor Browser won't open," "Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you fix the underlying problem and restart Tor, Tor Browser will not start," and "Gah! Your tab just crashed!") (26 occurrences), video playback questions (14), "Run as administrator" issue [1] (6), letterboxing feature (6), and CAPTCHA loop issue on some websites (5) dominated RT. Reddit is constantly questioning letterboxing and trying to identify the true The Hidden Wiki (there is none). Metrics from Frontdesk queue: in the last month we answered more than 325 requests on Frontdesk queues. We still have a lot of spam that we clean every day. ## Frontdesk highlights a) Tor Browser: Users are unaware of the purpose of Letterboxing. They are under the impression that this is a Tor Browser layout bug. b) Browsing: Users identified the CAPTCHA while browsing with Tor Browser. Some users reported that infinite CAPTCHA loop included trac.torproject.org and sites where users logged into email or bank accounts. b) Browsing: Users remarked not being able to watch YouTube videos on YouTube.com. Users are unaware that NoScript blocks larger media elements by default. For users connecting on Tor Exit nodes blocked by YouTube/Google, we recommended to use <https://invidio.us/> as a workaround. c) Website: Users installed the Windows 64-bit version of the desktop version of the Tor Browser because they presumed by clicking the "Download for Windows" button, their platform would be auto-identified by the website. d) VPN products, fake Tor Browsers and "Tor Browsers": Users are confused which application, both desktop version and mobile, are created by the Tor Project. Users cite issues with "The Tor Browser," confusing us for Tor Browser + Private VPN combinations, the Tor Browser version offered on Tails, or the Tor Browser on iPhones. We had some occurrences of iOS users asking support for their money back because they installed an App that wasn't Tor Browser / Onion Browser. Now, on to the feedback! Scroll further down to see a summary of Reddit posts, some points from Google Play Store reviews, a list of the most common Stack Exchange tags from the month, and a collection of some notable issues and bugs mentioned by users in the past few months. ## Common questions on Frontdesk - Questions regarding Letterboxing: "Last update of my Tor-Browser has an issue, it does not go full screen, well it goes full screen, the browser itself but not the web page, the web pages i open don't fill up the browser and it is annoying." User titled tickets: "Graphical glitches - Tor 9.5" and "How to enable normal screen resolution !?" - Questions involving the CAPTCHA loop - Questions regarding video playback. - Questions regarding donations (can't donate on Tor Browser, follow-up on gifts, etc.) - Questions with the prompt: "Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you fix the underlying problem and restart Tor, Tor Browser will not start." - Question with minimal to no information other than "Tor Browser won't open" (or something similar) - Questions "Where I can download Tor Browser in my language?" and "How can I change the website language?" - Users with "proxy errors" or requesting bridges on countries that are censoring the internet or are blocking Tor. - Questions involving dll files are missing: "I have windows 7 I downloaded TOR with no trouble but when I try to run it a message comes up saying, my computer does not have ms-win.crt 11-1-0.dll. I dont know what that means. Can you help." - Questions explicitly stating that "I cannot download the Tor Browser from <https://www.torproject.org/>" - Questions concerning installing the Windows 32-bit version - Questions regarding using the Onion Browser for iOS Phones - Questions concerning using fake Tor Browsers from App Store not developed or endorsed by The Tor Project ## Most common questions of Reddit (/r/TOR) - Tor exited unexpectedly - Questions regarding using Tor and a VPN - Can my ISP see that I am using Tor? - What's the difference between using Tor Browser, Orbot: Tor for Android, and Tor Browser (Alpha) - Tor blocked everywhere ## TBA Reviews & Feedback on Google Play Store The average review score is 4.3 stars with 38,215 total reviews. Below are some common problems mentioned by users in Google Play reviews: - Can't Can't take screenshots [3] - Browsing speed a bit slow and sluggish - Save Image option doesn't work [7] - How does one ask for a "New Tor Circuit for This Site" on mobile [6] ## Most common stack exchange tags tor-browser-bundle: 15 asked in June configuration: 14 June hidden-services: 9 June anonymity: 7 asked since February security: 7 asked since February relays: 6 asked in June ## Notable bugs, fixes, & issues mentioned by users - #29470 [2] - error message torBrowser-8.0.5-osx6 No Mountable file systems - OPEN - #27987 [3] - Add setting for enabling/disabling flag_secure in Android browser (a.k.a. Mobile screenshot issue ) - OPEN - #25959 [4] - Add uBlock Origin to Tor Browser Bundle - CLOSED - #22089 [5] - Add Decentraleyes to slighten off a bit Exit traffic and work around some CDNs blocking of Tor - OPEN - #25764 [6] - Improve how circuits are displayed to the user on Android - OPEN - #33702 [8] - RSA_get0_d could not be located in the dynamic link library tor.exe - OPEN --- Other user suggestions: - "Great browser, but it would be nice if an update brought a dark theme and the torbutton from the PC version (the little onion button). If some how a tor developer see's this please add those two things for the mobile version and thank you for making a great browser." - "I'd request uBlock Origin to be added to Tor, it's been recommended several times and there's multiple forum posts and Reddit posts about it. Not having it only decreases privacy and security. Also, could you add an option to donate to Tor via bitcoin, seems incredibly inadequate that an organization preaching for privacy and security does not have any means of supporting them through any alt coins." --- Whew! Those were a lot of months to cover! Thanks for reading! Hopefully we go back to these per month :)! ## Annotations 1. https://trac.torproject.org/projects/tor/ticket/33702 2. https://trac.torproject.org/projects/tor/ticket/29470 3. https://trac.torproject.org/projects/tor/ticket/27987 4. https://trac.torproject.org/projects/tor/ticket/25959 5. https://trac.torproject.org/projects/tor/ticket/22089 6. https://trac.torproject.org/projects/tor/ticket/25764 7. https://trac.torproject.org/projects/tor/ticket/31013 8. https://trac.torproject.org/projects/tor/ticket/33702

2 1

Anti-censorship meeting notes, 18 Jun 2020
by Philipp Winter 18 Jun '20

18 Jun '20

Hi all, Here are our meeting minutes: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-18-16.00.html And here is our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday June 18th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress). == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap will go into https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam <-- it will be moved into gitlab * Past meeting notes can be found at: https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors we are working on: * https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor30 <-- it will be moved into gitlab * https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor28 <-- it will be moved into gitlab * Anti-censorship related tickets that we want other teams to fix: * https://pad.riseup.net/p/tor-anti-censorship-tickets-keep == Announcements == * == Discussion == * proposal on how to use gitlab https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/28 == Actions == * == Interesting links == * Ongoing Internet measurement village talks this month: https://ooni.org/post/2020-internet-measurement-village/#schedule * https://wwdaacc20.com/ Worldwide Developers Against Apple Censorship Conference, June 22 == Reading group == * We will discuss Geneva on June 25th * https://censorbib.nymity.ch/#Bock2019a * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. phw: This week (2020-06-18): * Reviewed #31282. * Wrote patch for #29184. * Deployed test branch of BridgeDB-internal metrics and fixed bugs that I discovered. * Worked on #33647. * Familiarising myself with Gitlab. * Wrapped up #33162. * Worked on #34260. Next week: * Wrap up #34260. Help with: * #33647 * #29184 cecylia (cohosh): last updated 2020-06-18 Last week: - getting used to and helping with gitlab migration - reviewed a bunch of snowflake proxy on android code - worked on getting snowflake set up for sponsor 28 test range - updated GetTor releases to Tor Browser 9.5 release - fixed a small typo in the GetTor Gitlab provider links - implemented NAT behaviour discovery at proxies and matching at broker (#34129, #33666) - began trial integration of GetTor with BridgeDb autoresponder code This week: - look at viatsk's work on NAT test suite (#25595) - revisions and hopeful merge/deployment of #34129 - add more stun servers (#30579) - Break up BridgeDB's autoresponder code and do a trial re-implementation of GetTor (#3780) - Follow up on discussions of debian obfs4proxy package - sponsor 28 evaluation prep - translations? Needs help with: juggy : This week: - Dig into the algorithm for how BridgeDB distributes bridges Next week: - Implement audio captchas in moat, figure out how to reduce audio captcha request size - Keep studying BridgeDB to write architectural overview Help with: arlolra: 2020-06-11 Last week: - Next week: - follow ups to #33365 - start on #31201 Help with: - dcf: 2020-06-18 Last week: - provided some feedback on NAT-aware broker rendezvous (#34129) Next week: - share access to the snowflake broker CDN configuration (#30510) Help with: Antonela: 2020-06-18 - brought the TB10.0 proposal to the browser team. They are reviewing it. - reviewed personas with Dunqan this week, we will have a draft for your review by the end of the month agix:2020-06-11 Last week: -Started taking a look at #34318 -(Will be occupied due to university exams till 06-26) Next week: -Work on fixing #34318 Help with: - thymbahutymba: 2020-04-02 Last week: - CI/CD pipeline for multiarch docker images, which has a problem with the apt tor version even though the apt repository have been changed into the Dockerfile. Next week: Help with: HashikD: 2020-04-28 Last week: - Made a code patch for most tickets related to Part A of project. Next week: - Learning about WebSocket and deciding on WebSocket library. Help with:

1 0

Meetrics meeting notes, June 18th 2020
by Gaba 18 Jun '20

18 Jun '20

Hi! Metrics Meetings are happening every Thursday at 15UTC in #tor-meeting in irc.oftc.net Here are the minutes for the meeting of June 18th: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-11-14.59.log… Meeting pad: https://pad.riseup.net/p/tor-metricsteam-2020.1-keep And here is the pad notes: Public pad URL is: https://pad.riseup.net/p/tor-metricsteam-2020.1-keep Weekly meetings, every Thursday at 15 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress). Links: Old Metrics Team wiki page (including roadmap) : https://trac.torproject.org/projects/tor/wiki/org/teams/MetricsTeam << this will be moved to gitlab wiki >> OnionPerf board: https://gitlab.torproject.org/tpo/metrics/onionperf/-/boards Next meeting: Thursday, June 25th, 15 UTC ----------------------------------------------------- Agenda Thursday, June 18th, 15 UTC ----------------------------------------------------- op-??3 instances https://metrics.torproject.org/torperf.html As one option we could change the default file size on m-web from 50 KiB to 5 MiB in order to have timeouts being displayed at all, now that there are no 50 KiB/1 MiB downloads anymore. As another option we could redefine timeout for smaller downloads and hope to see the same distribution there. Needs analysis. Keep op-??2 instances running until we have a plan, most likely until next meeting. GitLab migration proposal on how gitlab will work: https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/29 karsten opens a ticket in https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues to mirror the OnionPerf gitolite code in GitLab Adding documentation ticket (#40001) to current roadmap gaba says this seems okay. Reviews Any blockers, anyone? Log: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-18-14.58.log… -- she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

OONI Monthly Report: May 2020
by Maria Xynou 16 Jun '20

16 Jun '20

Hello, Throughout May 2020, the OONI team worked on the following sprints: * Sprint 12 - Beluga (1st May 2020 - 10th May 2020) * Sprint 13 - Orca (11th May 2020 - 24th May 2020) * Sprint 14 - Ponyo (25th May 2020 - 31st May 2020) Our work can be tracked through the various OONI GitHub repositories: https://github.com/ooni Highlights are shared in this report below. ## OONI Probe desktop app Following the launch of the new OONI Probe desktop app (for Windows and macOS) in April 2020, we made improvements and released OONI Probe Desktop 3.0.1 in May 2020: https://github.com/ooni/probe-desktop/releases/tag/v3.0.1 ## Released OONI Probe Mobile 2.4.0 We released OONI Probe Mobile 2.4.0! * Android: https://github.com/ooni/probe-android/releases/tag/v2.4.0 * iOS: https://github.com/ooni/probe-ios/releases/tag/v2.4.0 Highlights from the latest OONI Probe mobile app release include: * New Dashboard design * New button to run all tests in one go * Improved NDT speed test (i.e. NDT test re-written to increase reliability and measurement accuracy) * Middlebox tests are now grouped with the performance tests * Telegram, NDT, and DASH tests re-written in golang ## Making the OONI Probe apps rely entirely on the golang engine As part of our ongoing efforts to make the OONI Probe apps rely entirely on our golang engine, we: * Implemented the golang framework on iOS: https://github.com/ooni/probe/issues/1166 * Made a series of updates: https://github.com/ooni/probe-engine/issues/551 & https://github.com/ooni/probe-engine/issues/598 ## Add support for configuring push notifications In May 2020, we created an experimental countly plugin for configuring and sending push notifications to users by country (https://github.com/ooni/backend/issues/378). We also deployed a production instance of the countly instance (https://github.com/ooni/backend/issues/379) using their digital ocean droplet. This was tested with the OONI Probe mobile app. Through these activities, it seems that Countly offers all of the necessary features that we require to implement all of our planned activities around push notifications. ## Adding support in OONI Probe for availability testing of the circumvention tools Tor, obfs4proxy, and Psiphon The new Tor and Psiphon tests are available through the recently launched OONI Probe desktop app (https://ooni.org/install/desktop). In May 2020, we worked towards integrating these tests into the OONI Probe mobile app as well, in addition to expanding our methodologies. To this end, we: * Wrote the UI for the Tor test results on mobile: https://github.com/ooni/probe/issues/885 * Wrote the UI for the Psiphon test results on mobile: https://github.com/ooni/probe/issues/884 * Wrote a prototype for a STUN reachability test: https://github.com/ooni/probe-engine/issues/626 * Saved Tor logs to a file: https://github.com/ooni/probe-engine/issues/625 ## Developing OONI Probe orchestration logic that is specific to circumvention tool testing As part of our work on developing OONI Probe orchestration logic that is specific to circumvention tool testing, we added backend support for retrieving Tor bridges from bridges.tpo (https://github.com/ooni/orchestra/pull/88). We also documented the next steps towards deploying and merging the Tor bridgedb orchestra integration in the following ticket: https://github.com/ooni/backend/issues/426 ## Making OONI Probe’s reporting logic more resilient to censorship As part of our ongoing efforts to make OONI Probe’s reporting logic more resilient to censorship, we added support for submitting measurements through the use of circumvention tools. The OONI Probe engine now supports setting an external SOCKS5 proxy, which we tested for performing and submitting measurements. The probe-engine also supports starting an on-demand Psiphon tunnel. Relevant tickets: https://github.com/ooni/probe/issues/888 https://github.com/ooni/probe-engine/issues/509 https://github.com/ooni/probe-engine/issues/543 We also added logic for detecting which circumvention strategy should be used when speaking to backends (https://github.com/ooni/probe/issues/887). More specifically, we: * Added DoH as the primary DNS for the session, with the system resolver as the fallback; * Added fallback support to cloudfronting; * Added support for persistent proxies, like Tor or Psiphon. We also added failover support to probes (https://github.com/ooni/probe-engine/issues/407), enabling us to connect to different collectors and choose the one with the best performance. Finally, we added support for discovering when OONI backend infrastructure is being blocked (https://github.com/ooni/probe/issues/886). ## Analyzing collected censorship circumvention tool test results and integrating them into OONI Explorer and the OONI API Following the release of the new OONI Probe desktop app (which includes the new Tor and Psiphon tests), we have been collecting, analyzing, and openly publishing censorship circumvention tool results on OONI Explorer and the OONI API. In May 2020, we began research on how to present country-level information on OONI Explorer for the Tor test. As part of this activity, we made a CSV dump of all the recent Tor test measurements (https://gist.github.com/hellais/784a8115642d2b47072bfe4e177d1c59). ## Implement beta quality backend logic for prioritising URLs We made progress on testing and developing the URL prioritization backend. Specifically, we worked on improving the performance of the counter tables. See: https://github.com/ooni/backend/issues/411 ## Analyze data to extract website metrics We made progress on backend work required to extract website metrics. Specifically, we experimented a bit more with a different database solution, called ClickHouse. In order to better understand how performant it would be for our use case, we worked on ingesting all OONI data from the metadb into ClickHouse (https://github.com/ooni/backend/issues/410). We also had several discussions on the requirements for the extraction and analysis of website metrics (https://github.com/ooni/backend/issues/419). We added support to the aggregation API (which builds per website aggregate views of the data) to handle the category_code as an axis (https://github.com/ooni/backend/issues/409). This enables us to count the number of blocked sites per category or the number of blocked categories in a given country. We also deployed and further tested the CSV and JSON aggregate endpoints (https://github.com/ooni/backend/issues/402). ## Reprocessing old measurements using the fast-path pipeline Our new fast-path pipeline makes the near real-time analysis and publication of measurements from around the world possible. However, OONI measurements span all the way back to 2012, and many of the older measurements have not been processed by our new fast-path pipeline yet. As part of our ongoing efforts to reprocess older OONI measurements, we added support for parallelising “can” processing in the fast-path pipeline: https://github.com/ooni/backend/issues/392 ## Managing the MaxMindDB license change Over the years we have used the MaxMind GeoIP database (https://www.maxmind.com/en/home), but since they changed their license, we have been working towards creating our own ASN database. This work is documented through the following tickets: https://github.com/ooni/probe-engine/issues/620 https://github.com/ooni/probe-engine/issues/584 https://github.com/ooni/probe-engine/issues/507 ## Published report on the OONI Run usability study findings During May 2020, we completed the OONI Run usability study and collected feedback as part of our research on the limitations of the current OONI Run link format. In May 2020, we carried out 9 interviews (out of 16 interviews overall), through which we were able to collect detailed community feedback on the challenges associated with using the OONI Run platform, as well as suggestions for improvement and feature requests. Following our analysis of information and feedback collected through our survey (https://ooni.typeform.com/to/r9c5ee) and the 16 interviews, we documented community feedback and shared it through a report. This report is available here: https://ooni.org/post/2020-06-09-ooni-run-usability-study-findings/ Our report outlines the objectives, personas, assumptions, and methods of this study. It also shares, in detail, the challenges and suggestions that survey and interview participants shared with us. Based on this feedback, we aim to release an improved version of OONI Run by the end of 2020. ## Improving our server infrastructure As part of our ongoing efforts to improve our server infrastructure, we continued to perform regular maintenance work on our servers, but we also had to deal with a few incidents. Specifically, we: * Cleaned-up the autoclaved files from the data collector, as we were running out of storage space: https://github.com/ooni/backend/issues/407 * Expanded disk on hkgmetadb to account for the growing dataset: https://github.com/ooni/backend/issues/422 * Improved SSH connection handling in our fastpath pipeline, allowing us to be more resilient in handling the retrieval of report files from the collectors: https://github.com/ooni/backend/issues/404 ## Testing and quality assurance We made progress on improving the quality of our software through better testing and quality assurance procedures. Namely, we: * Started using a random host header when not speaking with OONI: https://github.com/ooni/probe-engine/issues/578 * Started using 127.0.0.2 as default resolver IP: https://github.com/measurement-kit/measurement-kit/issues/1884 * Wrote several blog posts about the improvements to the testing engine based on the analysis of measurements: https://github.com/ooni/probe-engine/issues/619 ## Expanding OONI Probe measurement methodologies We published a report which evaluates OONI's new measurement engine within the context of the blocking of Women on Web (www.womenonweb.org) in Spain. This report is available here: https://ooni.org/post/2020-engine-evaluation-spain/ We have been working on expanding our measurement methodologies to detect more forms of website censorship. To this end, we have been working on experimental code that combines OONI's Web Connectivity test with SNI blocking detection methodology (and other techniques). Our aim is to eventually ship a new and improved Web Connectivity test -- as part of the OONI Probe apps -- that also measures SNI based filtering, as part of the broader set of website censorship checks. To evaluate how these experiments work in practice (and if they work as expected), we collaborated with Vasilis Ververis (Magma project) and Spanish hacktivists to measure the blocking of www.womenonweb.org in Spain through the use of these new experimental methodologies. Our report (https://ooni.org/post/2020-engine-evaluation-spain/) describes our experimental implementation for the www.womenonweb.org case and discusses some next steps. ## Published report on the blocking of websites in Myanmar In collaboration with OTF Fellow Phyu Kyaw, we published a report on the recent blocking of 174 domains in Myanmar. This report is available here: https://ooni.org/post/2020-myanmar-blocks-websites-amid-covid19/ In March 2020, authorities in Myanmar directed local ISPs to block "fake news" as part of efforts to tackle disinformation around COVID-19, but an official blocklist hasn't been publicly disclosed. OONI measurements confirm the DNS based blocking of 174 domains in Myanmar, many of which include ethnic media websites. We compared the blocked news outlets with the Myanmar Press Council's "fake news" list, and found that many media sites that aren't in the public "fake news" list are blocked anyway. Our report received press coverage by Deutsche Welle: https://www.dw.com/de/r%C3%BCckschritte-bei-pressefreiheit-in-myanmar/a-535… ## Published report on the blocking of social media in Burundi We published a report on the blocking of social media in Burundi amid its 2020 general election. This report is available here: https://ooni.org/post/2020-burundi-blocks-social-media-amid-election/ OONI measurements collected from Burundi reveal the blocking of 18 social media platforms on 20th May 2020 (election day), including skype.com, youtube.com, whatsapp.com, twitter.com, facebook.com, instagram.com -- among many others. These sites appear to be blocked -- on Econet (AS37336) and Viettel Burundi (AS327799) -- through the use of some form of Deep Packet Inspection (DPI) technology, as the blocking only occurs when we attempt to establish an HTTPS connection (resulting in connection reset errors), as opposed to the IPs being blocked or the DNS queries being interfered with. OONI data also shows the blocking of the WhatsApp and Telegram apps, and suggests that access to Facebook Messenger was blocked too. Interestingly, the blocking of Facebook Messenger on the Lacell Burundi (AS327720) network was implemented on a DNS level by returning an IP address in the DNS answer which is in the “reserved for future use” 240.0.0.0/8 netblock. ## Collaboration with Netalitica Netalitica researchers continued to do great work in reviewing and updating the Citizen Lab test lists (https://github.com/citizenlab/test-lists). In May 2020, we reviewed the updates (made by Netalitica researchers) to the following test lists: * Venezuela: https://github.com/citizenlab/test-lists/pull/634 * Qatar: https://github.com/citizenlab/test-lists/pull/633 We also made the following test list updates: https://github.com/citizenlab/test-lists/pull/623 https://github.com/citizenlab/test-lists/pull/628 https://github.com/citizenlab/test-lists/pull/629 ## Data analysis As part of our partnership with Azerbaijan Internet Watch, we analyzed all OONI measurements collected from Azerbaijan between 1st January 2020 to 31st May 2020 (https://github.com/ooni/ooni.org/issues/506), based on which we produced relevant charts and wrote a report. We also completed data analysis pertaining to a separate research project examining the blocking of LGBTQI websites (https://github.com/ooni/ooni.org/issues/437) in several countries around the world. ## Google Summer of Code (GSoC) student We are excited to have a Google Summer of Code (GSoC) student join our team for the summer of 2020! In May 2020, Krona Emmanuel started his GSoC internship with the OONI team. As part of his 4-month internship, Krona will work on making improvements related to social media sharing on OONI Explorer. Further details about this project are available here: https://community.torproject.org/gsoc/ooni-explorer-findings/ We started off by collaborating with Krona on defining user stories for social media sharing: https://github.com/ooni/explorer/issues/462 ## Mastodon To better reach free software (and digital rights) communities, we started using Mastodon. The OONI Mastodon account is available here: https://mastodon.social/@ooni ## Community use of OONI data ### Blocking of Women on Web in Spain The Magma project -- in collaboration with several Spanish hacktivists -- published a research report documenting the blocking of reproduction rights website womenonweb.org in Spain. Their report (which was supported by the use of OONI Probe and OONI data) is available here: https://blog.magma.lavafeld.org/post/women-on-web-blocking/ ### Blocking of news portal in Venezuela Through the use of OONI Probe and OONI data, VEsinFiltro reported the blocking of a news portal (runrun.es) in Venezuela. See their relevant tweets: https://twitter.com/i/status/1261978668945018880 This was also reported by IPYS Venezuela (who also made use of OONI Probe and OONI data): https://twitter.com/ipysvenezuela/status/1262482417069285383 ## Community activities ### Organizing the online Internet Measurement Village 2020 Before the IFF got canceled in light of the escalating global impact of the COVID-19 pandemic, we had originally planned to organize and host an Internet Measurement Village during the last 2 days of the IFF. While we still hope to organize and host an in-person Internet Measurement Village next year as part of IFF 2021, this year we decided to organize and host a version of this village online. To this end, we spent time throughout May 2020 planning the online Internet Measurement Village 2020, coordinating with other measurement projects and community members, creating the schedule, and trying out various platforms (e.g. to check which streaming solutions to use). The Internet Measurement Village 2020 will be hosted entirely online, and will consist of presentations that are live-streamed on the OONI YouTube channel (https://www.youtube.com/c/OONIorg), enabling anyone from the internet to view the presentations, learn about the projects, and participate in discussions through the live chat. The Internet Measurement Village will take place mostly throughout June 2020, starting on 10th June 2020 and ending on 3rd July 2020. We have published the schedule here: https://ooni.org/post/2020-internet-measurement-village/ ### Clean Insights Symposium Extraordinaire On 12th May 2020, OONI’s Arturo was invited to participate in the Clean Insights Symposium Extraordinaire (a podcast organized by the Guardian Project) to discuss OONI. As part of the podcast, Arturo was asked the following questions: * OONI provides benefits but with risk. How do you communicate these to the people doing the measuring or being measured? How does user experience and consent play a role? * Within an internet freedom and human rights context, are there additional threats and risks to consider? Is measuring itself a crime in some places? * What do you do with the data that OONI collects? How long do you keep it? Is it public or private? Can it cause harm? * Who does OONI benefit and how? Is it just an advocacy tool, or does it have technical impact in the design of other services and apps? The podcast is available here: https://guardianproject.info/podcast/2020/cleaninsights-panel-ooni.html ### OONI Community Meeting On 26th May 2020, we facilitated the monthly OONI Community Meeting on our Slack channel (https://slack.ooni.org/), during which we discussed the following topics: * Brief updates from the OONI team * Update on OONI Run survey outcomes * Improving the SEO of OONI.org * Creating a Censorship Alert System * Investigating DoS attacks against media websites ## Userbase In May 2020, 8,430,917 OONI Probe measurements were collected from 6,199 networks in 211 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on “monthly coverage worldwide”): https://explorer.ooni.org/ ~ The OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

Tor Browser meeting notes, 15 June 2020
by Gaba 15 Jun '20

15 Jun '20

Hi! Tor Browser meetings are happening every Monday at 1800UTC on #tor-meeting in irc.oftc.net We had a meeting on June 15th and here are the logs and notes. Log: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-15-18.02.log… Pad: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/tor… Contents of the pad for today: == Tor Browser meeting pad! == Next meeting is at Monday 15 June 1800 UTC on #tor-meeting on OFTC. June Schedule: * Monday 15 June 18:00 UTC * Monday 22 June 18:00 UTC Release meetings: https://pad.riseup.net/p/tor-browser-release-meeting-keep Tuesday June 23th 18:00 UTC thanks :) Tuesday July 7th 18:00 UTC (This channel is logged while meetings are in progress.) (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Upcoming Releases and other important dates 2020.06.30: 9.5.1 and 10.0a2 - ESR68.10, ESR78.0 Latest Releases: 2020.05.22: 9.5a13 https://blog.torproject.org/new-release-tor-browser-95a13 2020.06.02: 9.5 Stable https://blog.torproject.org/new-release-tor-browser-95 2020.06.02: 10.0a1 https://blog.torproject.org/new-release-tor-browser-100a1 == Previous notes == (Search the tor-project mailing list archive for older notes.) == What project we are working on? == SPONSOR 58 - Tor Browser Security, Performance, & Usability Improvements Parent ticket: https://trac.torproject.org/projects/tor/ticket/33664 Wiki page: https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor58 Timeline: https://nc.torproject.net/s/ow2r6cLgL7Cd9BA == Stuff to do every week == Check reviews not taken! How reviews from last week worked? Any blocker? For S58: https://trac.torproject.org/projects/tor/query?status=needs_review&sponsor=… ------------------------------- ---- 15 June 2020 ------------------------------- == Announcements [please date] == We are in the middle of the transition from trac.torproject.org to gitlab.torproject.org. Trac and Gitlab can not update tickets right now. Wait for mail sent to tor-project@ on Tuesday morning. == Discussion [please date] == (June 15th) s58 Object 2.1 - UX : https://trac.torproject.org/projects/tor/wiki/org/sponsors/Sponsor58 - Anto starts on this in June. Implementation is in obj 2.4 (June 15th) s30 Tor Browser - UX https://trac.torproject.org/projects/tor/ticket/31283 has proposal for improving censorship circumvention UX. TB folks to review it. (June 15th) GitLab migration (two parts) tickets divided into new projects in gitlab workflows Log : http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-15-18.02.log… == Status Updates == Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: - Something you may need help with. sysrqb: Week of 08 June (planned): Tor Browser Nightly build machine Finish "Decide which components of Fenix to rip out, disable, or use" (#33939) Create tickets/plan for S58 O2.1 Week of 08 June (actual): Made progress on #33939 (but did not finish) Created tickets/plan for O2.1 Gitlab migration preparations Some adminy things Week of 15 June (planned): Really, really finish #33939 Review testsuite patches and merge them so we have a working...testsuite Catch up on current 9.5/10.0a tickets Finally land vpx patch upstream Mike: Week of 06/08 (planned): - gecko-dev proxy audit Week of 06/08 (actual): - Review of upstream DNS patch (looks good, I think) - metrics tickets followup - circpad bug fixes Week of 06/15 (planned): - gecko-dev proxy audit mcs and brade: Week of June 8th (actual): - Worked on some tbb-9.5-issues: - #34362 (Improve Onion Service Authentication prompt). - #34369 (Fix learn more link in Onion Auth prompt). - #34370 (Improve identity doorhanger message during failed onion auth). - Did some research for #34366 (onion-location mechanism -> full URL). - Poked upstream bug for #31607 (App menu items stop working). - https://bugzilla.mozilla.org/show_bug.cgi?id=1586061 - Created and posted a minimal extension that demonstrates the bug. - Worked on upstreaming the #28885 patch (notify users update is downloading). - https://bugzilla.mozilla.org/show_bug.cgi?id=1642404 - Added tests and posted a revised patch; waiting on review. - Reported some bugs with Trac -> GitLab migration (fixed by ahf). Week of June 15th (planned): - Follow up on active tickets: - #33851 (Patch out Parental Controls detection and logging). - #33998 (stop using XUL <grid> soon). - #33848 (Disable Enhanced Tracking Protection). - Spot-check acat’s 33533+6 branch (updated ESR78 rebase). - Create a patch for https://bugzilla.mozilla.org/show_bug.cgi?id=1642754 - This is a spin-off of Mozilla bug 1642404 and covers the remainder of #28885. ahf: Last week: - Working with all the teams on Gitlab migration. This week: - Some Gitlab support - Back to getting Tor working in Fenix. GeKo: Last week: -started to split of branches for S58 code and ESR 78 migration -redid toolchain patches to take into account tor-browser-build branching strategy (#34432) -started work on application-services build integration (#34101) -reviewed #33533 up to and including 33533+5 -helped with Gitlab migration of browser tickets This week: -playing with Gitlab and helping further with Gitlab migration -finishing review of #33533 and posting notes -#34432 and #34101 -reviews (we have a bunch of them in our backlog) acat: Last week: Finished rebasing patches to 78 beta (#33533) Addressed review issues for uplifting patch #27604 Reviews This week: Possibly address GeKo's feedback on #33533 Finish uplift #32414 (Make Services.search.addEngine obey FPI) Document rebase process for tor-browser-spec Maybe start covering some patches with tests Jeremy Rand: Week of June 8 (actual): Filed #34399 (Electrum-NMC can't make outgoing connections on Python 3.8+) Submitted patch for #34399 Week of June 15 (planned): Solicit more test reports on Namecoin integration (including from users who were affected by #34399) boklm: Last week: - made some patches for #28396 and #33991 - started looking at doing builds with rootless containers in rbm, and using mmdebstrap to create debian chroots This week: - continue trying to do some builds with rootless containers and mmdebstrap -- she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

Network meeting notes, 15th June 2020
by Gaba 15 Jun '20

15 Jun '20

Hi! Network meetings are happening every Monday at 1700UTC on #tor-meeting in irc.oftc.net We had a meeting on June 15th and here are the logs and notes. Log: http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-06-15-17.00.log… Pad: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/tor… Contents of the pad for today: == Network meeting pad! == Next meeting is at Monday 22 June 1700 UTC on #tor-meeting on OFTC. June Schedule: * Monday 22 June 17:00 UTC Welcome to our meeting! We meet each month at: Mondays at 1700 UTC On #tor-meeting on OFTC. (This channel is logged while meetings are in progress.) (See https://lists.torproject.org/pipermail/tor-project/2017-September/001459.ht… for background.) Want to participate? Awesome! Here's what to do: 1. If you have updates, enter them below, under your name. 2. If you see anything you want to talk about in your updates, put them in boldface! 3. Show up to the IRC meeting and say hi! After each week's meetings, the contents of this pad will be sent to tor-project @ lists.torproject.org. After that is done, the pad can be used for the next week. == Previous notes == (Search the tor-project mailing list archive for older notes.) 1 June: https://lists.torproject.org/pipermail/tor-project/2020-June/002857.html 8 June: https://lists.torproject.org/pipermail/tor-project/2020-June/002865.html == Stuff to do every week == Let's check and update our roadmap: What's done, and what's coming up? Any change? All the trac tickets for the roadmap are in the team's page: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam S28 & S30 - Continue after October - Ahf S55 - Nickm & dgoulet Non sponsor stuff DoS defenses = Dgoulet + Asn Library Size reduction = Ahf + Dgoulet sbws = Ahf + Juga Check reviewer assignments! How reviews from last week worked? Any blocker? Here are the outstanding reviews, oldest first, including sbws: https://trac.torproject.org/projects/tor/query?status=needs_review&componen… Go over our 0.4.4 status page at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTor… . (If maint-0.4.4 were released as stable tomorrow, what would we regret?) - scheduled to enter feature freeze on Monday June 15th == Reminders == * Remember to "/me status: foo" at least once daily. * Remember that our current code reviews should be done by end-of-week. * Make sure you are in touch with everybody with whom you are doing work for the next releases. * Check other's people call for help in their entries. Volunteers need help. Please help them when you are around. Maybe we should have times of day when different people are responders, and expectations of who helps. ------------------------------- ---- 15 June 2020 ------------------------------- == Announcements [please date] == Assigned reviews (Will put on gitlab when gitlab becomes RW again): dgoulet -> #33816 Fill in missing IPv6 addresses in extend cells nickm -> #34065 Make routerset_contains_router() support IPv6 asn -> #34433 Replace clang-format.sh with a faster, better version == Discussion [please date] == * [June 15] We need somebody to take over the fallback list. - dgoulet will ask geko * [Jun 15] Who (besides nickm) will look at Chutney? * [June 15] Gitlab's questions (not ready yet but will be tomorrow) 044 milestone https://gitlab.torproject.org/tpo/core/tor/-/milestones/50 wiki page not transfered yet (all trac wiki is in https://gitlab.torproject.org/legacy/trac/-/wikis/home) roadmap: it will be eventually in https://gitlab.torproject.org/groups/tpo/core/-/boards do all of you have accounts? * [Jun 15] Any needs_revision sutff that c should pick up? === Active Proposed Policies === * Pull Request Guidelines (stalled) === Design proposals under discussion === 315: require more fields in directory documents (still waiting [6/1]) 316: flashflow (asn and nickm are reviewing, should schedule discussion with pastly. [5/18]) 317: dns (under discussion on ML [5/18]) 318: limit protovers (waiting for more commment; needs discussion [6/1]) 319: wide everything (nick replied on ml; waiting for more discussion [6/1]) 320: tap out again - Do we have a consensus to replace this with a "deprecate v2 onion services" proposal? If so, who writes it? [6/1] protover rethinking (teor's email to tor-dev) (nick needs to reply [5/18]) 321: happy families (need feedback [6/1]) 322: dirport linkspec (need feedback [6/1]) == Recommended links == == Updates == Name: Week of XYZ (planned): - What you planned for last week. Week of XYZ (actual): - What you did last week. Week of ABC (planned): - What you're planning to do this week. Help with: - Something you may need help with. PLEASE DO NOT BULK-DELETE THE OLD ENTRIES! Leave the "Planned" parts! Leave the parts for last week and this week! Nick: Week of 8 Jun (planned): - Prepare for 0.4.4 freeze - Merge pending S55 code, and increase my command of the remaining work on O1.1 - Talk with Metrics about S55 stuff? - S69 wrap-up email - Tor-unspecified triage: wow do we need it - Code-formatting hacking. Week of 8 Jun (actual): - Merged teor's S55 work. - S69 wrap-up email - lots of triage discussion - Code-formatting hacking - S55 ipv6 reachability experiments Week of 15 Jun (planned): - Get chutney actually working with assumereachable disabled (34445 through 34449) - Work on aftermath of gitlab migration. - Work with dgoulet to advance S55 planning. - Get S55 reachability test more advanced. - Release 0.4.4.1-alpha. ahf (afk today due to public holiday): Week of 8/6 planned: - Work with the Admin team on Gitlab migration. - As much other things as I can squeze in while waiting for different batch tasks to complete. Focus on Fenix still. Week of 8/6 actually: - Worked with a lot of people on the Gitlab migration. Week of 15/6 planned: - Back to Fenix stuff with Browser Team - Support Gitlab people if we go with that. asn: Week of 08/06 (planned): - Reply on all the recent responses on PoW thread -- lots of work done there. - Publish fix for #32040. - Merge prop#310 patch. Week of 08/06 (actual): - Did a proposal revision on the PoW thread. More work needed here. - Merged #310. - Reviewed and tested padding bugfixes: #30992 and #32040. #30992 got merged, but #32040 needs a bit more tweaking. Week of 15/06 (planned): - More work on PoW proposal. Fold in David's work on the scheduler and derive results from that. - Hopefully merge #32040. - More reviews & merges jnewsome: Week of June 1 (actual): - Added GH milestones and issues in shadow/shadow - Sent out Tor Project update - Added more thread/interposition APIs in shadow/phantom to support more syscalls. - Did some straceing to identify more syscalls we need for tor Week of June 8 (planned): - Hand off OnionPerf work for now (#33974: update to tgen 1.0) - Identify more syscalls needed to simulate Tor. (use nm/objdump; chutney; src/lib/sandbox) - Figure out (how to avoid implementing) netlink - Check whether we already can interpose Tor's name lookups (via libevent) Week of June 8 (actual): - shadow/phantom: Identified and documented syscalls needed for Tor, based on strace + sandbox config. https://github.com/shadow/shadow/issues/849 - Reviewed PR to add file IO support for shadow/phantom - More review for adding yaml config for shadow/shadow Week of June 15 (planned): - Work out logging from the shim with the new file IO design - Help flesh out support for syscalls and libraries needed to run Tor - Start looking into code-coverage tools (gcov) pastly: Week of 18 May (planned): - Finish bones of external FlashFlow repo (python?) to control tor clients that perform FF measurements - Finish bones of little-t tor changes s.t. measurement can be performed - Discuss FlashFlow with network team devs as they have questions c: Week of May 25 (planned): - close up work on #33609 - get started on other s55 tickets, potentially knock out 'easy' ones first and take it from there - update https://trac.torproject.org/projects/tor/wiki/doc/gsoc with my information Week of May 25 (actual): - #33609 ready for review - started hunting down and working on other Sponsor55-can and -must issues - talking in #tor-project about wiki Week of June 1 (actual): - opened and made #34381 ready for review - IPv4 part of #32888 Week of June 8 (planned): - #33598 - IPv6 part of #32888 <-- do you have a ticket for it? Week of June 8 (actual): - #32888 IPv6 PR: https://github.com/torproject/tor/pull/1932 - requested reproducibility info for https://bugs.torproject.org/33598 -- maybe I'll start thread on tor-dev@ since trac is read-only - wrote Outreachy blog post explaining Tor's IPv6 goals Week of June 15 (planned): - during meeting, poke someone about https://github.com/torproject/chutney/pull/66 - chutney work with nickm (#34445 - #34448) - force myself to remain regularly active on tor-dev@ so we can get things done more efficiently :) - in general just check behind myself and others to clean up open issues in need of commentary or review -- she/her are my pronouns GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

Trac to Gitlab Migration Information
by Alexander Færøy 15 Jun '20

15 Jun '20

# tl;dr Trac is retiring; we're moving to gitlab. We wanted to do this in a more elegant way, but we're low on resources, and there are going to be some bumps in the road here. If you use or engage with the Tor bugtracking system or our wiki, this email may be relevant to you. If you don't, you can stop reading now. # Why migrate? We're hoping gitlab will be a good fit because: * Gitlab will allow us to collect our different engineering tools into a single application: Git repository handling, Wiki, Issue tracking, Code reviews, and project management tooling. * Gitlab is well-maintained. * Gitlab will allow us to build a more modern approach to handling CI for our different projects. This is going to happen after the ticket and wiki migration. (Note that we're only planning to install and use the freely licensed version of gitlab. There is an "enterprise" version with additional features, but we prefer to use free software whenever possible.) # What's the plan? On Friday June 12th, we're going to put trac into read-only mode. You'll be able to read trac, but not make any changes to it. That's when we'll start migrating to gitlab. We have been doing a bunch of trial migrations and we may need to do a few more until we get it right. We anticipate that gitlab will be pretty unstable over the weekend. We hope we'll be in a stable position on Tuesday, and our gitlab installation will be open for people to use it. It will be up on https://gitlab.torproject.org This won't be as smooth a process as we would like: we're going to lose some features -- but, no data. In the coming weeks, we're going to try to put extra time aside to fix whatever issues come up. We are migrating tickets and wiki from Trac into Gitlab issues and wiki. We will continue having https://git.torproject.org/ as canonical git server. People will be able to move repos into gitlab whenever they are ok with it. # What will break, and when will you fix it? Most notably, we're going to have an interruption in the ability to open new accounts and new tickets. We _did not_ want to migrate without a solution here; we'll try to have at least a stop-gap solution in place soon, and something better in the future. For now, we're planning for people that want to get a new account please send a mail to <gitlab-admin(a)torproject.org>. We hope to have something else in place once the migration is succesful. We're not going to migrate long-unused accounts. Some wiki pages that contained automated listings of tickets will stop containing those lists: that's a trac feature that gitlab doesn't have. We'll have to adjust our workflows to work around this. In some cases, we can use gitlab milestone pages or projects that do not need a wiki page as a work around. # What will keep working the same as in Trac? We're not going to throw away any ticket data; it'll all be migrated on the new system. We're going to try to keep most old URLs working on systems such as https://bugs.torproject.org/ All existing tickets will keep their current numbers. # How can I... ... report an issue in Tor software? For now, just use one of the mailing lists, if it can't wait till the bugtracker is open again. tor-dev(a)lists.torproject.org is the best mailing list to use for now. ... report an issue in the bugtracker itself? Please hold off till the migration is finished. At that point you can email <gitlab-admin(a)torproject.org>. ... fix a bug? If you have a patch you want to make sure we know about, and it can't wait till the bugtracker is open again, please use one of the mailing lists: tor-dev(a)lists.torproject.org would be best. ... get an account if I'm already an active contributor? Please send a mail to <gitlab-admin(a)torproject.org>. We hope to have something else in place once the migration is successful. All the best, The Gitlab migration folks -- Alexander Færøy

3 5

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project June 2020