The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-07-18T19:59:43Zhttps://gitlab.torproject.org/tpo/ux/research/-/issues/47Create VPN user research plan2022-07-18T19:59:43ZdonutsCreate VPN user research planAt the All Hands on July 28th we presented the following deck with early ideas about the VPN User Research program, to kick-off in Q3 2021:
[all-hands-vpn-ux.pdf](/uploads/2c910ddf5c80cfc222ef574949aa0c21/all-hands-vpn-ux.pdf)
At minim...At the All Hands on July 28th we presented the following deck with early ideas about the VPN User Research program, to kick-off in Q3 2021:
[all-hands-vpn-ux.pdf](/uploads/2c910ddf5c80cfc222ef574949aa0c21/all-hands-vpn-ux.pdf)
At minimum, we need to:
1. Conduct a competitor analysis
2. Determine which Tor Browser design requirements will still meet the needs of VPN users (https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40564)
3. Consider followup questions to our demographics script to gain a deeper understanding of our user-base
4. Dig into use-cases and know what features our users value most from a VPN
5. Test messaging and brand terms
6. Potentially test ideas around fundraising/monetization
Let's begin by pulling together an unstructured list of all the questions we need to ask and group them by subject/relevance, before deciding on the best research and recruitment methods to get answers for each "bucket".
In terms of timelines, I'd like to launch our first study/studies in mid-late August, with an aim to have some preliminary data by September. The full timeline for all research will run until the end of December.
In order to make the reporting as efficient as possible given our tight turnaround times, we should consider closed-ended questions wherever possible.Sponsor 101 - Tor VPN Client for AndroidNahNah2021-08-18https://gitlab.torproject.org/tpo/ux/research/-/issues/23Interview community members about challenges related to pandemic times and ne...2021-12-10T19:42:53ZGabagaba@torproject.orgInterview community members about challenges related to pandemic times and needs.Goal is to evaluate if new scenarios have emerged so we can adapt our training. For needs that are out of the scope from this program we will create a report with recommendations for funders.
- [x] Interview Latam Community
- [x] Interv...Goal is to evaluate if new scenarios have emerged so we can adapt our training. For needs that are out of the scope from this program we will create a report with recommendations for funders.
- [x] Interview Latam Community
- [x] Interview Africa CommunitySponsor 9 - Phase 5 - Usability and Community Intervention on Support for Democracy and Human RightsNahNah2021-08-18https://gitlab.torproject.org/tpo/community/team/-/issues/40Tor Demo Day (August 2021) lineup2021-08-26T17:05:54ZGusTor Demo Day (August 2021) lineupThis ticket is to coordinate the next Tor Demo Day line up, in August 2021.This ticket is to coordinate the next Tor Demo Day line up, in August 2021.GusGus2021-08-25https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/38Parse network-status and bridge-descriptors documents from the bridge authority2021-09-21T14:46:38ZCecylia BocovichParse network-status and bridge-descriptors documents from the bridge authoritySee the [BridgeDB specification](https://gitweb.torproject.org/torspec.git/tree/bridgedb-spec.txt) for a full explanation of how these descriptors are used. Right now rdsys only parses the extrainfo documents, but the network-status docu...See the [BridgeDB specification](https://gitweb.torproject.org/torspec.git/tree/bridgedb-spec.txt) for a full explanation of how these descriptors are used. Right now rdsys only parses the extrainfo documents, but the network-status document is useful for checking the `running` flag, and either the network-status or bridge-descriptors document is necessary to get the bridge IP address and port for vanilla bridges.
- [x] Evaluate https://github.com/NullHypothesis/zoossh to use in rdsysDeploy RDSYS alongside BridgeDBCecylia BocovichCecylia Bocovich2021-08-30https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40519Prepare switch to mozilla922022-05-16T17:28:08ZMatthew FinkelPrepare switch to mozilla92- [ ] # (Rebase tor-browser patches to 92.0bX)
- [ ] tor-browser-build# (Make the list of components updates for switch to mozilla92-based Fenix)
- [ ] tor-browser-build# (Update components for switch to mozilla92-based Fenix)
- [ ] # (R...- [ ] # (Rebase tor-browser patches to 92.0bX)
- [ ] tor-browser-build# (Make the list of components updates for switch to mozilla92-based Fenix)
- [ ] tor-browser-build# (Update components for switch to mozilla92-based Fenix)
- [ ] # (Review developer notes for Firefox 92)
- [ ] # (Review GeckoView Changelog for gv92)
- [ ] # (Review closed mozilla92 bug)
- [ ] tor-browser-spec# (FF92 network audit)
- [ ] tor-browser-bundle-testsuite# (Update tests when switching to Fenix 92)Tor Browser: 11.0 Issues with previous release2021-09-07https://gitlab.torproject.org/tpo/tpa/team/-/issues/40308use milestones to organise large projects from the roadmap2021-09-14T18:09:15Zanarcatuse milestones to organise large projects from the roadmapthe roadmap is quite verbose. we should consider using roadmaps to organise work, either for 2021 or (if we can't find the time), for 2022
i think those projects are particularly relevant for the roadmap thing:
- [ ] email delivery imp...the roadmap is quite verbose. we should consider using roadmaps to organise work, either for 2021 or (if we can't find the time), for 2022
i think those projects are particularly relevant for the roadmap thing:
- [ ] email delivery improvements
- [x] service retirements [jenkins](http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/groups/tpo/-/milestones/27)
- [x] [blog migration](http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/groups/tpo/-/milestones/26)
- [ ] improve communications and monitoring
- [ ] improve sysadmin code base
- [ ] bullseye upgrade (issues to be created)
- [ ] the *next* roadmap setup (#40307 and tickets not yet created)2021-09-07https://gitlab.torproject.org/tpo/tpa/dangerzone-webdav-processor/-/issues/9delete kez-bot user in nextcloud after test period2021-09-10T13:43:54Zanarcatdelete kez-bot user in nextcloud after test periodonce @kez is done with the `kez-bot` user, delete it from nextcloud.once @kez is done with the `kez-bot` user, delete it from nextcloud.anarcatanarcat2021-09-10https://gitlab.torproject.org/tpo/tpa/team/-/issues/19914DMARC causing trouble with Tor lists, From should be munged2022-12-10T03:21:37ZstarlightDMARC causing trouble with Tor lists, From should be mungedTor Project list server does not remove DKIM headers and reliably modifies the Subject: header in such a manner as to produce DKIM validation failures. Beyond adding a prefix which can be anticipated by conscientious senders, spaces are...Tor Project list server does not remove DKIM headers and reliably modifies the Subject: header in such a manner as to produce DKIM validation failures. Beyond adding a prefix which can be anticipated by conscientious senders, spaces are injected at unpredictable offsets. This badly degrades spam-scoring of messages by Google and other ESPs and frequently results in the sending of list messages to spam folders.
My recommendation is that the list server configuration be set to completely strip DKIM headers from forwarded messages.
Possibly if the list server software supports it, a DKIM-signed RFC-7001 Authentication-Results: header might be added though it seems to me the positive effect on spam scoring would be minor, where in comparison not stripping DKIM headers results in a substantial negative impact.anarcatanarcat2021-09-14https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/27Sponsor 28 code drop2021-09-10T23:52:28ZCecylia BocovichSponsor 28 code dropPackage up all the code we've written and upload it in the right place.Package up all the code we've written and upload it in the right place.Sponsor 28: End of phase 2Cecylia BocovichCecylia Bocovich2021-09-15https://gitlab.torproject.org/tpo/core/tor/-/issues/40450Implement Prop#324 Flow Control2021-10-04T14:50:03ZMike PerryImplement Prop#324 Flow ControlThere's enough pieces of Flow Control that need to be done to get it merge-ready that a checklist and ticket seem wise at this point.
Here's stuff I will do:
* [x] Improve monotime checks to export a global monotime status
* [x] Remove ...There's enough pieces of Flow Control that need to be done to get it merge-ready that a checklist and ticket seem wise at this point.
Here's stuff I will do:
* [x] Improve monotime checks to export a global monotime status
* [x] Remove mobile xon/xoff limits
* [x] Advertise the average and max edge conn drain rates in XON (after first XOFF, or if above a "low watermark" queue length)
* [x] Low watermark params to send advisory XON before XOFF
* [x] Send periodic XONs if the drain rate changes significantly
* [x] Perform checks for semantically valid XON/XOFF and call circuit_read_valid_data()
* [x] Turn CELL_QUEUE_HIGHWATER_SIZE (and others?) into consensus params
* [x] Implement ways to restrict when advisory XONs can be sent, to reduce side channels from exits
* [x] Alter half-open edge connection checks to work with XON/XOFF wrt valid data
* [x] Fix edge case where XON/XOFF can arrive after stream close (depends on half-open fix)
* [x] Additional consensus parameter for CircEWMA's EWMA_TICK_LEN and edge ratelimit low/high change
* [x] Preliminary tuning of new consensus params over onion svcs
* [x] Misc XXX's
* [x] Update Prop#324 spec with above
* [x] Debug log removal and other log message cleanups/improvements
* [x] Squash branch for review
Here's stuff @dgoulet can do:
* [x] Preliminary code review
* [x] Rate limit packaging data on edge connection's circuits (or reading on edge source sockets?) to match the advertised rate using token buckets
* [x] Improve oomkiller/circuit closing wrt total edge connection outbuf lengths on circs
* [x] Determine if we can use any kernel info from KIST to improve buffer length calls (there's some XXX's to note where in the flow control code this may help)
* [x] Spotcheck existing oomkiller, KIST, and CircEWMA code to see if we should parameterize or tighten anything else for congestion control generally
* [x] Determine if we should parameterize any other buffer lengths inside channel handling, cell handling, and the circuitmux dragon
* [x] Help me figure out why flow_control_decide_xon() is almost always only called when the outbuf is 0, where the data is going to, and what we should do about it (KIST, ask the socket if it wouldblock?)
* [x] Test out the flow control branch on some rate limited onions for weirdness. Help decide some tuning parameter values.
Cc: @dgouletTor: 0.4.7.x-freezeMike PerryMike Perry2021-09-15https://gitlab.torproject.org/tpo/core/tor/-/issues/40444Connect Prop#324 using ProtoVer and Prop#332 ntor handshake2022-02-22T21:01:38ZMike PerryConnect Prop#324 using ProtoVer and Prop#332 ntor handshakeWe need to write code that enables the congestion control code only if FlowCtrl=2 ProtoVer is present, and the circuit handshake from [Prop 332](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/332-ntor-v3-with-extra-...We need to write code that enables the congestion control code only if FlowCtrl=2 ProtoVer is present, and the circuit handshake from [Prop 332](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/332-ntor-v3-with-extra-data.md) agrees that the consensus says that congestion control is enabled.
Here's a checklist of properties to make sure we hit:
* [x] Congestion control is off by default (cc_alg=0 by default)
* [x] Onion Service Descriptor can list equivalent of FlowCtrl=2 Protover
* [x] Client does not attempt negotiation unless Exit or Onion Service lists FlowCtrl=2 and consensus says cc_alg != 0
* [x] If exit sees cc_alg=0, but it got a negotiation attempt, it replies with a nack, and both endpoints MUST free their congestion control object (to use the old fixed sendme code).
* [x] Negotiate the 'sendme_inc' value to agree using Prop#332 (formerly called cc_circwindow_inc).
* [x] Send 'cc_xon_rate' for future drop cell enforcement of XON/XOFF ratelimits
* [x] One-sided (non-negotiated) bounds limits on consensus parameters wrt each other (See Prop#324 Section 6.5)
See https://gitlab.torproject.org/tpo/core/tor/-/issues/40377 for previous discussions about negotiation.
Cc: @nickm @dgouletTor: 0.4.7.x-freezeMike PerryMike Perry2021-09-15https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/25Update snowflake and obfs5 plugins to use RACE 1.5.02021-09-21T15:11:52ZCecylia BocovichUpdate snowflake and obfs5 plugins to use RACE 1.5.0This should be done by the end of the week that RACE 1.5.0 is released, which is September 14th.This should be done by the end of the week that RACE 1.5.0 is released, which is September 14th.Sponsor 28: End of phase 2Cecylia BocovichCecylia Bocovich2021-09-17https://gitlab.torproject.org/tpo/tpa/team/-/issues/40382TPA-RFC-12: document the triage process, office hours, and more2022-03-28T19:15:33ZanarcatTPA-RFC-12: document the triage process, office hours, and morewe noticed in the last meeting that the triage work is not clearly documented. it would help to have a checklist of things to go through and how we pass that work around.
while we're here, shake up the support policy a bit, see wiki-rep...we noticed in the last meeting that the triage work is not clearly documented. it would help to have a checklist of things to go through and how we pass that work around.
while we're here, shake up the support policy a bit, see wiki-replica!18.anarcatanarcat2021-09-21https://gitlab.torproject.org/tpo/community/support/-/issues/40038Defining with the community moderation policies for discussion forum2021-10-27T16:13:51ZGabagaba@torproject.orgDefining with the community moderation policies for discussion forumLaunch support's Forum and Blog migrationGusGus2021-09-24https://gitlab.torproject.org/tpo/web/support/-/issues/161Defining with the community moderation policies for discussion forum2021-09-20T18:45:22ZGabagaba@torproject.orgDefining with the community moderation policies for discussion forumLaunch support's Forum and Blog migrationGusGus2021-09-24https://gitlab.torproject.org/tpo/tpa/status-site/-/issues/14retire from jenkins2021-09-30T19:29:17Zanarcatretire from jenkinsI will attempt to retire this project from Jenkins/gitolite next week, probably Monday, or Tuesday if I don't find the time.
This is part of the %"Retire Jenkins" roadmap, although it's treated as the first guinea pig for the experiment...I will attempt to retire this project from Jenkins/gitolite next week, probably Monday, or Tuesday if I don't find the time.
This is part of the %"Retire Jenkins" roadmap, although it's treated as the first guinea pig for the experiment in tpo/tpa/team#40364.
The worst that could happen here is that the site would become unavailable for a few hours, or show outdated or corrupted content. In the most likely situation, however, there will be zero downtime and no noticeable change.
The main implication is that the repository on gitolite will become irrelevant: pushes there will not trigger changes on the real website. Jenkins jobs might fail. Eventually, the gitolite repository will be archived and the jenkins jobs will be removed, probably next week as well.
If you have any objections or concerns about this migration, do let me know before the jenkins jobs get pulled. In any case, it's possible to rollback to the current state quite easily.Retire Jenkinsanarcatanarcat2021-09-27https://gitlab.torproject.org/tpo/community/team/-/issues/46Submit Outreachy project (December - March 2022)2021-10-12T18:56:23ZGusSubmit Outreachy project (December - March 2022)### Objectives
1. Identify all possible motivations or values that we can use for gamification [add reference operators gamification projects already built, rob blog post compiling a bunch of papers, and possibly a list of third party pr...### Objectives
1. Identify all possible motivations or values that we can use for gamification [add reference operators gamification projects already built, rob blog post compiling a bunch of papers, and possibly a list of third party projects that have implemented gamification.]
2. Build a classification system to organize them - including highlighting any 'don'ts' for such experience
3. Produce a final report and a blog post summarizing the most interesting findings.
### Outreachy Application Form
Project short title: Mapping values and motivations of the Tor network's relay operators
Long description:
The Community Team at the Tor Project is looking for an intern to help us create the foundation for our gamification project with Tor relay operators.
#### About Tor & the Tor Network
At the Tor Project, we fight for everyone to have private access to an uncensored internet, and the Tor network has become the world's strongest tool for privacy and freedom online.
The Tor network is a decentralized network made up of thousands of nodes (aka "relays") run by volunteers around the world. Here is a list of publicly maintained relays, from the Tor Project Metric's portal: https://metrics.torproject.org/rs.html. But the Tor network is more than just software. It is a labor of love produced by an international community of people devoted to human rights.
The Tor Project aims to engage this dispersed relay operator community in a meaningful and sustainable way. We have begun creating a gamification project that will help us to better acknowledge the value of long-term contributors and encourage new operators to join the network. We aim to create a happy, healthy, a clear and engaging path for all relay operators to volunteer and stay engaged with the Tor network.
#### About the Internship
As part of this internship we're looking for someone to:
- Research about relay operators' motivations, community core values, relay flags, the biggest relay families, and other Tor metrics that can be used for gamification. This research should include all types of relays: Guards, middle nodes, bridges, and exit nodes.
- Learn from the previous gamifications efforts, and use research to imagine how we can improve and create a new gamification project. Previous efforts:
- Relay Awards (2016)
- https://gitlab.torproject.org/gus/relayawards
- https://web.archive.org/web/20161028105701/https://relayawards.com/about.php
- Roster (2015) https://github.com/seansaito/Roster
- mirror: https://gitlab.torproject.org/gus/Roster
- Other references:
- "Tor incentives research roundup: GoldStar, PAR, BRAIDS, LIRA, TEARS, and TorCoin" https://blog.torproject.org/tor-incentives-research-roundup-goldstar-par-braids-lira-tears-and-torcoin
Other examples from other projects or open source communities: https://www.cryptokitties.co/
- Build a classification system to organize the different motivations and values expressed by relay operators, including highlighting any "don'ts" for a potential gamification experience.
- Produce a report analyzing the findings and highlighting the most promising paths to be used as part of the gamification project.
- Build a prototype project brief with suggestions of possible gamification methods with realistic mockups.
- Produce a blog post summarizing the project, including its findings and the project brief.
### Minimum system requirements:
None.
### How can applicants make a contribution to your project?
Applicants should contact the project's mentor for orientation during their first week of the contribution period. The orientation will cover the tasks and communication channels to use during this process.
Applicants should attend the Tor Project's Community Team weekly meetings to introduce themselves, present their progress, and clarify any questions.
During the contribution period, the applicants are expected to complete the following tasks. The tasks must be done in order, as each task builds on the one before it.
### First Task - Complete self-guided education about Tor relays and relay operators community:
Read these documents to learn about the Tor network:
- Types of relays: https://community.torproject.org/relay/types-of-relays/
- https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Criteria-for-rejecting-bad-relays
Visit the Tor Project Metrics portal and view relay search to look up relays: https://metrics.torproject.org/rs.html#search
Check out an example of a relay page to understand the different components of a relay's configuration: https://metrics.torproject.org/rs.html#details/9695DFC35FFEB861329B9F1AB04C46397020CE31
Read messages on the Tor relay mailing list: https://lists.torproject.org/pipermail/tor-relays/. Note: Please do not use this list to interact with relay operators about this project during the contribution period. If you have questions about the project or relay operators, please reach out to your mentor.
### Second Task - Identify opportunities to apply gamification:
Identify a value that could be used to award points to a relay operators in a gamification scenario (for example values, see below). Use your research completed in the first task to choose these values--what do you think would resonate with relay operators?
Try to find examples that match at least two of the following categories:
- value related to 'quality' (e.g. bandwidth that is available)
- value related to 'stability' (e.g. uptime)
- value related to 'diversity' (e.g. operating system)
- value related to 'trust' (e.g. 'myfamily' and 'contact_info' are configured)
### Third Task - Gamify these examples:
Create a spreadsheet using the examples you have identified in the second task, and develop different levels that a relay operator could acheive, as if in a game.
For instance, in a sporting event, you win a bronze medal in third place--but if you work harder, you can earn a silver medal, and if you work even harder you can win first place and a gold medal.
We want to apply this "bronze, silver, gold" concept to different benchmarks a relay operator can achieive with their relay. For example, there could be different badges that a relay operator receives for the uptime of their relay--the longer, the better.
Instructions for how applicants can make contributions during the Outreachy application period.
Make sure to include links to getting started tutorials or documentation, how applicants can find contribution tasks on your project website or issue tracker, who they should ask for tasks, and everything they need to know to get started.
### Intern benefits
Collaborating with the Tor Project will help interns to learn about open source communities, cooperating in open environments, digital safety and security, and of course Tor itself. Interns that are interested can also learn essential frontend skills and develop self-guided initiatives.
Interns will be part of a transparent and open organization structure, where decisions are made collectively. Since we are a small team, every collaboration has a significant impact on our end-users.
(Optional) How will the intern benefit from working with your team on this project? Imagine you're pitching this internship to a promising candidate. What would you say to convince them to apply? For example, what technical and non-technical skills will they learn from working on this project? How will this help them further their career in open source?
Community benefits:
(Optional) How will this internship project benefit the FOSS community that is funding it?
As a nonprofit, the Tor Project relies on volunteers to build our capacity in order to be to do more with limited resources.GusGus2021-09-28https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/34Debug and fix the obfs5 plugin bandwidth cap2021-09-25T00:53:33ZCecylia BocovichDebug and fix the obfs5 plugin bandwidth capDuring the last test event, they discovered the obfs5 has a maximum throughput of 1Mbps. They'd like us to fix this before the end of phase test event.During the last test event, they discovered the obfs5 has a maximum throughput of 1Mbps. They'd like us to fix this before the end of phase test event.Sponsor 28: End of phase 22021-09-28https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/24Test our s28 plugins on a larger scale on AWS2021-09-25T02:32:06ZCecylia BocovichTest our s28 plugins on a larger scale on AWSI'm not actually sure how long this will take because I've never tried it before.I'm not actually sure how long this will take because I've never tried it before.Sponsor 28: End of phase 2Cecylia BocovichCecylia Bocovich2021-09-29https://gitlab.torproject.org/tpo/community/support/-/issues/40039Soft launch of discussion forum for support.torproject.org2021-10-28T09:11:50ZGabagaba@torproject.orgSoft launch of discussion forum for support.torproject.orgSoft launch of the forum (discourse).
- [x] [write down plan on getting to a launch of the forum](/tpo/web/team/-/wikis/Plan-To-Launch-Tor's-Forum)
### For Community and UX teams
* [x] [Write the forum moderation policy](/tpo/web/supp...Soft launch of the forum (discourse).
- [x] [write down plan on getting to a launch of the forum](/tpo/web/team/-/wikis/Plan-To-Launch-Tor's-Forum)
### For Community and UX teams
* [x] [Write the forum moderation policy](/tpo/web/support/-/issues/161)
* [x] [Draft the forum structure. For example: categories, mailing lists (read only), blog comments, user support, localization, etc](/tpo/community/support/-/issues/40026)
* [x] Include Discourse logo on the site footer, like we have for GitHub and other channels [#33](/tpo/web/lego/-/issues/33)
* [x] [Add to Support portal the new forum link and other references](/tpo/web/support/-/issues/250)
* [ ] [Recruit Community moderators](/tpo/web/support/-/issues/249)
* [x] [Forum Mods training](/tpo/community/support/-/issues/40037)
* [x] Coordinate with Comms team: blog post and social media announcement (https://gitlab.torproject.org/tpo/community/team/-/issues/49)
### For TPA
* [x] [Check that everything in our list is working with Discourse](/tpo/tpa/team/-/issues/40183)Launch support's Forum and Blog migrationGabagaba@torproject.orgGabagaba@torproject.org2021-09-30