<strong>2018 September 29 (Saturday)</strong><br><strong>Tor Browser Retrospective (good and bad)</strong><br><br>Good:<br><ul class="bullet"><li>Sukhe's help</li><li>Richard tracking down crasher</li><li>Great contributions from UX team/New design of UI</li><li>Good release announcement in blog post</li><li>Got TBB release out on time</li><li>New onbaoarding</li><li>Circuit display</li><li>about:tor design</li><li>Worked well together as a team (and with other teams)</li><li>Open design approach</li><li>Nightlies are back</li><li>RBM improvements</li><li>HTTP/2 turned on</li><li>Updater/NEW MAR transition went OK</li><li>We were able to fairely quickly ship 8,01 to address critical issues</li></ul>Bad:<br><ul class="bullet"><li>We did not control the release date for desktop 8.0, I didn't feel like I should taka a vacation</li><ul class="bullet"><li>Code freeze date is 7 days before the release date.</li></ul><li>We waited too long to begin with implementation of onboarding</li><li>Too many last minute problems</li><ul class="bullet"><li>NoScript</li><ul class="bullet"><li>Testing might have helped with this.</li></ul><li>bookmarks toolbar went missing</li><li>suggestion: make a list of tests on the wiki. Some can be manual, some can be automated.</li><ul class="bullet"><li>can we hire someone, like SoftVision, or incentivize our volunteers</li></ul><li>following rapid release might help with this</li><li>Georg would like to work more on prioritization</li><li>Do we want more usability testing?</li></ul><li>I needed to knock each stakeholder door to get each task approved: Pili will help with this!</li><li>Tor Browser Android release delay</li><ul class="bullet"><li>partly a result of Google Play account issues (one time issue)</li></ul><li>Need our ESRbuilds sooner</li><ul class="bullet"><li>would be good to distribute rebase</li></ul><li>We need more communications with Mozilla folks</li><li>Tor network still has many timeouts</li><li>Maybe not enough alpha and release candidate testers</li><li>Broken WebGL</li></ul><br><strong>First Party Isolation</strong><br><br><ul class="indent"><li>Apple's Intelligent Tracking Prevention</li><li>Ethan will file a ServiceWorker bug</li></ul><br><strong>Roadmapping</strong><br><ul class="indent"><li>UX related (from Antonela)</li><ul class="bullet"><li>desktop</li><ul class="bullet"><li>Icon (<a href="https://trac.torproject.org/projects/tor/ticket/25702)">https://trac.torproject.org/projects/tor/ticket/25702)</a></li><li>Security Slider (<a href="https://trac.torproject.org/projects/tor/ticket/25658)">https://trac.torproject.org/projects/tor/ticket/25658)</a></li><li>DRL: New Identity, Notifications/warnings, Secure Bookmarks</li><li>Circuit display and onion padlock iteration</li><li>Tor Launcher iteration</li><li>update experience improvements (<a href="https://trac.torproject.org/projects/tor/ticket/25694)">https://trac.torproject.org/projects/tor/ticket/25694)</a></li></ul><li>mobile</li><ul class="bullet"><li>circuit display</li></ul></ul><li>performance:</li><ul class="bullet"><li>optimistics SOCKS</li><li>tor launcher startup (<a href="https://trac.torproject.org/projects/tor/ticket/27476)">https://trac.torproject.org/projects/tor/ticket/27476)</a></li><li>network has timeouts (<a href="https://trac.torproject.org/projects/tor/ticket/21394)">https://trac.torproject.org/projects/tor/ticket/21394)</a></li><li>latency</li></ul><li>tor-launcher</li><li>torbutton</li><li>adblocker -- what about a single switch that lets you turn on a standardized adblocker?</li><li>write a grant proposal for sandboxing</li><li>test infrastructure (nightly build, updater)</li><li>updater feedback to user?</li><li>Goal: Mobile stuff done by end of Q1 2019</li><li>new identity for this site (<a href="/28315">#28315</a>), new identity per search (<a href="/28316">#28316</a>)</li><li>OTF audit for Tor Browser? OTF audit for NoScript?</li><li><br></li><li>Guardian project has $50k to work on showing connectivity/errors to user</li><ul class="bullet"><li>Discussion about integrating Orbot functionality into TBA vs using Orbot as a separate background app</li></ul><li><br></li></ul><br>
<strong>2018 September 28 (Friday)</strong><br><strong>Team Meeting Day 1</strong><br><br>torbutton/torlauncher discussion 11 am<br><ul class="bullet"><li> tor launcher</li><ul class="bullet"><li>configure/control/launcher tor</li><ul class="bullet"><li>network settings dialog</li></ul><li>tor config UI</li><li>localization selection</li><li>dependent on torbutton for config changes</li><li>desktop UI using obsolete API</li><li>need to block network traffic before ready</li><li>brave runs everything in the background</li><li>Android has:</li><ul class="bullet"><li>Orbot</li><ul class="bullet"><li>Talks to control port</li><li>Separate App</li><li>Controller</li><li>Config UI</li><li>Runs in background</li></ul><li>Tor Onion Proxy Library — <a href="https://github.com/thaliproject/Tor_Onion_Proxy_Library">https://github.com/thaliproject/Tor_Onion_Proxy_Library</a></li><ul class="bullet"><li>Nathan suggested we use this.</li><li>Separate AAR library</li><li>Controls tor</li><li>Speaks to the control port</li></ul><li>"Mobile Tor API"</li><ul class="bullet"><li>runs tor in a separate thread instead of a separate process</li><li>doesn't replace control port communication</li><li>Nathan suggests using this with the Tor Proxy Library</li></ul><li>Android IPC</li><ul class="bullet"><li>TCP Socket (short term primary option)</li><li>Unix Domain Socket (short term primary option)</li><li>Android Binder (longer term)</li></ul><li>Architecture would be: TBB --activity--> Orbot UI (java) --> Tor control Port --> Tor</li><li>For a TBA MVP, just startup and show the progress bar</li><li>Next step: look at the tor proxy</li></ul><li>Problems with Tor Launcher</li><ul class="bullet"><li>1. Tor launcher as a separate process</li><li>2. Tor Launcher having a browser-integrated UI</li><li>3. Legacy extensions no longer supported</li></ul><li>Mozilla is working on their own browser launcher thing</li><li>Qt is too big</li><li>Georg: We need to get started with next ESR preparation, but also not messing up the sandboxing</li><li>Usability is an important requirement for future sandboxes</li><li>Firefox 68 ESR first released 2018-07-09 </li><li>Firefox 60 ESR EOL at release 2018-10-22</li><li>Localization files should have a common source of truth (in Transifex)</li><li>Tor Launcher plan (desktop)</li><ul class="bullet"><li>Step 1. Move existing tor-launcher code to tor-browser.git</li><li>Step 2. Work on a tor-launcher replacement that is compatible with sandboxing</li></ul></ul></ul><br><ul class="bullet"><li>torbutton</li><ul class="bullet"><li>tldr: Proposal for integration</li><li>security slider</li><li>control identitty</li><li>circuit display</li><li>about:tor</li><li>circuit isolation</li><li>UI tweaks</li><li>some rebranding</li><li>talks to control port</li><li>noscript "integration"</li><li>Discussing how to integrate torbutton/tor-launcher code into tor-browser.git</li><ul class="bullet"><li>Do we want to have a separate repository for the torbutton functionality?</li></ul><li>Conclusion: We should formalize a proposal.</li><ul class="bullet"><li>1. How to get it into the tor-browser.git repository with a git-submodule</li><li>2. Refactor into cleaner modules</li><li>3. How to change the UI (security slider, onion icon, etc.)</li></ul></ul></ul><br>skillshare<br><ul class="bullet"><li>Richard suggests dashboard : <a href="https://github.com/cyrus-and/gdb-dashboard">https://github.com/cyrus-and/gdb-dashboard</a></li><li>gdb --dashboard</li><li>Georg uses ctags</li><li>searchfox</li><li>Richard uses sublimetext, several people use vim</li><li>Georg asks how to test on different platforms</li><ul class="bullet"><li>Richard uses images on virtualbox</li><li>Microsoft offers some Windows versions for testing code</li><ul class="bullet"><li><a href="https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/">https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/</a></li></ul></ul><li>Sukhbir mentions wekan (trello-like)</li><li>Richard uses cherry-tree (note-taking evernote alternative)</li><li>zim on Linux note-taking</li><li>Richard uses syncthing: backup service <a href="https://syncthing.net/">https://syncthing.net/</a></li><li>Nicolas says rbm works in a vm</li><li><a href="https://tiddlywiki.com/">https://tiddlywiki.com/</a> - can also be quite nice for note taking</li><li>We can hopefully speed up tor-browser-build.git by parallelizing re-bundling for the different locales</li><li>moz-git-tools</li><ul class="bullet"><li>git branch --set-upstream-to gecko-dev/master</li><li>git push-to-try ../mozilla-central-hg-dir/ '-b do -p linux64 -u all -t none'</li></ul><li>git-cinnabar</li><li>arthur asked about making a build series for bisecting -- not sure it's worth it</li><li>Pili: email management workflow for inbox zero in gmail: <a href="https://hirebrianrhea.com/blog/2015/01/27/using-multiple-inboxes-and-keyboard-shortcuts-with-gmail-for-inbox-zero/">https://hirebrianrhea.com/blog/2015/01/27/using-multiple-inboxes-and-keyboard-shortcuts-with-gmail-for-inbox-zero/</a></li><li>Would be great to have a trac replacement!</li></ul><br>team roles and rotation<br><ul class="bullet"><li>building could be rotated</li><li>community hero rotation</li><li>review rotation</li><li>bug triage role</li><li>for info on how the Network Team does this, see <a href="https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRotations#Weeklyroles">https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/TeamRotations#Weeklyroles</a></li></ul><br>testing<br><ul class="bullet"><li>pushing to try server</li><li>suggestion: after each patch, discuss why we should have each </li><li>write up how to push to try</li><li>how is mozilla testing updates?</li><li>should we invest time on fuzzing? Maybe Google's OSS fuzzer?</li></ul><br>standardization:<br><ul class="bullet"><li>how do we do politics in standards bodies?</li><li>browser privacy testing</li><li>Mozilla is a good ally in this. Apple? Brave?</li></ul><br>