Ticket #13341: elements-2014Q3.html

File elements-2014Q3.html, 43.3 KB (added by lunar, 5 years ago)

Pieces of information for the 2014Q3 report, grouped by topic

1<!DOCTYPE html>
4  <meta charset="utf-8">
5  <meta name="generator" content="pandoc">
6  <title></title>
7  <!--[if lt IE 9]>
8    <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
9  <![endif]-->
12<h1 id="tor-instant-messaging-browser-bundle">Tor Instant Messaging Browser Bundle</h1>
13<h2 id="make-experimental-tor-instant-messaging-bundle-builds">Make experimental Tor Instant Messaging Bundle builds</h2>
14<p>We want to make experimental builds of the new Tor Instant Messaging Bundle. These builds shall serve as proof of concept and to invite users to give us feedback early in the process. These bundles will not offer all security properties of the final bundle. We were planning to do this for May 15, but then decided to defer until September 15, because we don't want to release a bundle without some form of OTR support. We made <a href="https://people.torproject.org/~sukhbir/tor-messenger-0.0.1/">bundles</a> for Linux 64 bit, Linux 32 bit, and Mac OS X available on September 30, 2014. Arlo and Sukhbir were working on this task. That concludes this task.</p>
15<p>Source <a href="https://bugs.torproject.org/11174"><code class="url">https://bugs.torproject.org/11174</code></a></p>
16<h2 id="get-instantbird-changes-merged-upstream-that-support-adding-off-the-record-messaging">Get Instantbird changes merged upstream that support adding Off-the-Record messaging</h2>
17<p>Instantbird requires changes to its application programming interface before we can add Off-the-Record messaging support to it. We have been <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=983347#c14">discussing</a> requirements with the Instantbird developers. We were first planning to get our code changes merged into the main Instantbird codebase by May 15, but had to shift this to September 15, because we were blocking on feedback by the Instantbird developers. As of September 15, 2014, the relevant commits (<a href="https://hg.mozilla.org/comm-central/rev/d2a0c6d324fa">1</a>, <a href="https://hg.mozilla.org/users/florian_queze.net/purple/rev/d971cac153ee">2</a>) have been merged upstream.</p>
18<p>Source: <a href="https://bugs.torproject.org/11532"><code class="url">https://bugs.torproject.org/11532</code></a></p>
19<h2 id="submit-instantbird-off-the-record-extension-for-inclusion-upstream">Submit Instantbird Off-the-Record extension for inclusion upstream</h2>
20<p>We want to make our Off-the-Record (OTR) extension part of Instantbird, not just of Tor Messenger. This has the advantage of receiving first-class support by Instantbird people which eases any maintenance burden. We were planning to have this under review by September 15, 2014. This has been <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=954310#c20">submitted</a> for discussions and review on September 30, 2014.</p>
21<p>Source: <a href="https://bugs.torproject.org/12792"><code class="url">https://bugs.torproject.org/12792</code></a></p>
22<h2 id="translate-instantbird-to-arabic">Translate Instantbird to Arabic</h2>
23<p>We contributed Arabic as the first right-to-left language translation to Instantbird. We submitted <a href="https://hg.instantbird.org/l10n/ar/">all relevant translation files</a> upstream by September 29, 2014.</p>
24<p>Source: <a href="https://bugs.torproject.org/12880"><code class="url">https://bugs.torproject.org/12880</code></a></p>
25<h2 id="inventory-of-tweaks-needed-from-instantbird-defaults">Inventory of tweaks needed from Instantbird defaults</h2>
27<pre><code>- I also spent a while investigating the security configuration of
28  Instantbird, building on the work Jake and I did for TorBirdy
29  (Instantbird is a Thunderbird fork.) There is a lot to be done in this
30  area as this constitutes the main part of &quot;securing Instantbird.&quot;</code></pre>
32<p>Ticket: <a href="https://bugs.torproject.org/10946"><code class="url">https://bugs.torproject.org/10946</code></a></p>
33<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-October/000666.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-October/000666.html</code></a></p>
34<h2 id="better-handling-of-tor-from-tor-messenger-and-torbirdy">Better handling of Tor from Tor Messenger and TorBirdy</h2>
36<pre><code>- Also related is the ControlPort support for Tor Messenger. I had
37  started working on this for TorBirdy and I spent some time trying to
38  adapt it for Instantbird but I have not made much progress with this.</code></pre>
40<p>Ticket: <a href="https://bugs.torproject.org/10950"><code class="url">https://bugs.torproject.org/10950</code></a></p>
41<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-October/000666.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-October/000666.html</code></a></p>
42<h2 id="small-fixes-to-libotr">Small fixes to libotr</h2>
44<pre><code> * Wrote and submitted some patches to libotr
45   https://bugs.otr.im/issues/54
46   https://bugs.otr.im/issues/52</code></pre>
48<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-October/000670.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-October/000670.html</code></a></p>
49<h1 id="help-desk-and-documentation-improvement-and-localization">Help Desk and Documentation Improvement and Localization</h1>
50<h2 id="help-desk-activity">Help desk activity</h2>
52<li><a href="https://trac.torproject.org/projects/tor/raw-attachment/ticket/13341/tickets-handled-by-queue-2014Q3.pdf">Tickets handled in 2014Q3</a></li>
53<li><a href="https://trac.torproject.org/projects/tor/raw-attachment/ticket/13341/time-to-reply-2014Q3.pdf">Time to response in 2014Q3</a></li>
56<pre><code>Here&#39;s the help desk chart for July 2014:
58          |   ar |   en |   es |   fa |   fr |   zh | Total | (Rejected)
60  harmony |      |  177 |      |  103 |      |      |   280 |        64
61    jason |      |  151 |      |    2 |      |   72 |   225 |         6
62    lunar |      |   50 |      |      |   36 |      |    86 |        48
63     mttp |      |  212 |      |      |      |      |   212 |         9
64     nima |      |      |      |    1 |      |      |     1 |
65     noel |      |    1 |   48 |      |      |      |    49 |         2
66    phoul |      |  259 |      |      |      |      |   259 |        41
67  sherief |    6 |  272 |      |      |      |      |   278 |        15
68     vmon |      |      |      |   21 |      |      |    21 |
70    Total |    6 | 1122 |   48 |  127 |   36 |   72 |  1411 |       185
71   (Open) |    1 |   25 |    4 |   29 |    1 |    1 |    61 |
73That&#39;s almost 45 tickets resolved each day on average.</code></pre>
75<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000602.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000602.html</code></a></p>
77<pre><code>Here&#39;s the help desk chart for August 2014:
79          |   ar |   en |   es |   fa |   fr |   zh | Total | (Rejected)
81  harmony |      |   24 |      |  196 |      |      |   220 |        14
82    jason |      |  256 |      |    1 |      |   71 |   328 |        52
83    lunar |      |  177 |      |      |   32 |      |   209 |       102
84     mttp |      |  177 |      |      |      |      |   177 |        16
85     nima |      |      |      |   13 |      |      |    13 |         1
86     noel |      |    2 |   54 |      |      |      |    56 |
87    phoul |      |  174 |      |    2 |      |      |   176 |        26
88  sherief |    8 |  255 |      |      |      |      |   263 |        28
89     vmon |      |      |      |    2 |      |      |     2 |
91    Total |    8 | 1065 |   54 |  214 |   32 |   71 |  1444 |       240
92   (Open) |      |   33 |    7 |   27 |    1 |    5 |    73 |
94That&#39;s almost 46 tickets resolved each day on average.</code></pre>
96<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000634.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-September/000634.html</code></a></p>
98<pre><code>Here&#39;s the help desk chart for September 2014:
100          |   ar |   en |   es |   fa |   fr |   zh | Total | (Rejected)
102  harmony |      |   31 |      |  104 |      |      |   135 |        12
103    jason |      |  197 |      |      |      |   87 |   284 |        46
104    lunar |      |  294 |      |      |   31 |      |   325 |       172
105     mttp |      |  140 |      |      |      |      |   140 |         4
106     noel |      |    1 |   48 |      |      |      |    49 |         8
107    phoul |      |  199 |      |      |      |      |   199 |        55
108  sherief |    4 |  262 |      |    1 |      |      |   267 |        57
110    Total |    4 | 1124 |   48 |  105 |   31 |   87 |  1399 |       358
111   (Open) |    2 |   86 |   12 |   22 |    5 |    7 |   134 |
113That&#39;s almost 46 tickets resolved each day on average.
115Several old stalled tickets were chased down and cleaned up.</code></pre>
117<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-October/000657.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-October/000657.html</code></a></p>
118<p>Tickets in Italian, Portugese, and Russian are also answered on a best effort basis.</p>
119<h2 id="examples-of-questions-asked-to-support">Examples of questions asked to support</h2>
121<li><a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000602.html">Help desk report for July 2014</a></li>
122<li><a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000634.html">Help desk report for August 2014</a></li>
123<li><a href="https://lists.torproject.org/pipermail/tor-reports/2014-October/000657.html">Help desk report for September 2014</a></li>
124<li><a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000616.html">Colin's report for July 2014</a></li>
125<li><a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000647.html">Colin's report for August 2014</a></li>
126<li><a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000650.html">Matt's report for August 2014</a></li>
127<li><a href="https://lists.torproject.org/pipermail/tor-reports/2014-October/000656.html">Matt's report for September 2014</a></li>
129<h2 id="new-help-desk-team-member">New help desk team member</h2>
131<pre><code>Welcome harmony to the team!</code></pre>
133<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000602.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000602.html</code></a></p>
134<h2 id="review-of-support-answer-templates">Review of support answer templates</h2>
136<pre><code>A dump of support templates is now committed to a Git repository every
137night. An email is sent to the team when changes so we can review them
138together. The repository is available through:
140    git clone https://people.torproject.org/~lunar/rt-articles.git
142That helped doing a review of all the templates we currently have. We
143made progress but some more work needs to be done on that front.</code></pre>
145<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html</code></a></p>
147<pre><code>Templates can now be seen through:
149    git clone https://people.torproject.org/~lunar/rt-articles.git</code></pre>
151<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000602.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000602.html</code></a></p>
153<pre><code>- Updated a number of articles (templates) on RT.</code></pre>
155<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000616.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000616.html</code></a></p>
156<h2 id="a-calendar-to-better-organize-work-on-the-help-queue">A calendar to better organize work on the help queue</h2>
158<pre><code>There&#39;s now a calendar to know who is available to work on the &#39;help&#39;
161<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-October/000657.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-October/000657.html</code></a></p>
163<pre><code>Helped set up a calendar for who is available to work the &#39;help&#39; queue.
164Wrote a small script to send a weekly reminder to the internal support
165mailing list.</code></pre>
167<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-October/000658.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-October/000658.html</code></a></p>
168<h2 id="security-of-support-archives-and-user-awareness-of-retention-policy">Security of support archives and user awareness of retention policy</h2>
170<pre><code>Started internal discussions on the privacy issues of keeping records of
171all support requests in the Request Tracker database. No conclusions so
172far. (See also #7864 for previous discussions.)</code></pre>
174<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000635.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-September/000635.html</code></a></p>
176<pre><code>A 24 hours maintainance was performed on 2014-09-25. About 20,000 old
177tickets where purged from the RT database. From now on, resolved tickets
178that are more than 100 days will be purged automatically. The purged
179data is currently kept in the form of OpenPGP encrypted SQL dumps.
180Users unknown to the database will now get an email warning them about
181the support data retention policy the first time they write to the
182support. As people in power were not able to give clear answers, the
183message conservatively specify “6 years or more” for the time being.</code></pre>
185<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-October/000657.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-October/000657.html</code></a></p>
187<pre><code>Contributed 14 messages to the thread trying to sort out the situation
188regarding records of support requests. This eventually allowed me to
189shut down Request Tracker for 24 hours, purge tickets from the database,
190fight with the “Scrip” system without logs to add a warning message, and
191write a cronjob to purge tickets older than 100 days and encrypt the
192extracted SQL dump. I&#39;m still bewildered that simple questions like “how
193many records must Tor Project, Inc. keep” and “where are encrypted
194archives going to be stored” are still unanswered.</code></pre>
196<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-October/000658.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-October/000658.html</code></a></p>
197<h2 id="communication-with-tor-browser-team">Communication with Tor Browser team</h2>
199<pre><code>During the dev. meeting, we did have a short conversation with Mike and
200Georg to discuss how the communication flow between the support team and
201the Tor Browser team was going. “So far, so good” to sum it up.</code></pre>
203<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html</code></a></p>
204<h2 id="inclusion-of-volunteers-in-the-support-team">Inclusion of volunteers in the support team</h2>
206<pre><code>There was also a longer session discussing how we could include
207volunteers in the support team. Thanks to David Fifield, good minutes
208are available:
211I still need to write down the formal inclusion process and make sure
212everybody is fine with it.</code></pre>
214<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html</code></a></p>
215<h2 id="webchat-testimony">Webchat testimony</h2>
217<pre><code>We had a very nice experience with the support webchat which, together
218with David Fifield, helped us tweak meek so someone behind a really
219nasty filtering proxy could finally get access to Tor.
220(#12625 &amp; #12626 filled after this experience.)</code></pre>
222<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html</code></a></p>
223<h2 id="research-on-openpgp-support-and-statistics-on-email-providers">Research on OpenPGP support and statistics on email providers</h2>
225<pre><code>Discussed ways to get the help desk an OpenPGP key. Did some research on
226how many users were likely to contact the help desk with email providers
227offering STARTTLS encrypted connections. (#12842)</code></pre>
229<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000635.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-September/000635.html</code></a></p>
230<h2 id="operational-documentation-about-support-request-handling-application">Operational documentation about support request handling application</h2>
232<pre><code>There&#39;s a little bit of operational documentation about RT now:
235<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-October/000658.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-October/000658.html</code></a></p>
236<h2 id="hardware-dispatch">Hardware dispatch</h2>
238<pre><code>Helped the team get some hardware from funds allocated by SponsorO.</code></pre>
240<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html</code></a></p>
241<h2 id="review-of-existing-access-to-the-support-database">Review of existing access to the support database</h2>
243<pre><code>Cleaned up unused accounts from RT.</code></pre>
245<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html</code></a></p>
246<h2 id="improvements-on-webchat">Improvements on webchat</h2>
248<pre><code>- -- Unified all css.
249- -- Fixed the footer&#39;s positioning.</code></pre>
251<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000601.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000601.html</code></a></p>
253<pre><code>* Webchat:
254#12625, #12210</code></pre>
256<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000628.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-September/000628.html</code></a></p>
258<pre><code>- Wrote deployment documentation for pups[1].
260[1]: https://trac.torproject.org/projects/tor/wiki/infrastructure/support.torproject.org#support.tposupport-test.tpodeployment</code></pre>
262<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000647.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-September/000647.html</code></a></p>
264<pre><code>- Worked on Nagios tests for Pups, more on this next month.</code></pre>
266<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000647.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-September/000647.html</code></a></p>
267<h2 id="development-of-the-statistic-gathering-web-application">Development of the statistic gathering web application</h2>
269<pre><code>- -- Dump monthly stats report in a file and reset issues counters .
270- -- View archived reports .
271- -- Replaced the bootstrap&#39;s modal that was used to  view big comments
272with read more/less links
273- -- Converted to a fully 100% client side web app.
274- -- Lots of fixes in general.</code></pre>
276<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000601.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000601.html</code></a></p>
278<pre><code>Done more reviews of Sherief’s code. (#11309)</code></pre>
280<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html</code></a></p>
282<pre><code>++ Rewrote the monthly reporting stats function [2].
283++ Rebased all of my branch to make it easier for Lunar to review  [3].
285[2] https://trac.torproject.org/projects/tor/ticket/11309#comment:13
286[3] https://github.com/SheriefAlaa/projectpups/commits/squash</code></pre>
288<p>Source <a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000628.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-September/000628.html</code></a></p>
290<pre><code>Reviewed Sherief&#39;s work on Pups and statistics.</code></pre>
292<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-October/000658.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-October/000658.html</code></a></p>
294<pre><code>** Mostly rebasing [2] previous commits as a reaction to Lunar&#39;s review [3].</code></pre>
296<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-October/000659.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-October/000659.html</code></a></p>
297<h2 id="training-material">Training material</h2>
298<p>We want to build a curriculum that trainers can use to train others about Tor, the Tor Browser, Tails, and related security technologies. As first step we plan to write a set of curriculum modules that can be turned into presentation slides. Target date is September 15, 2014. Kelley and Colin are working on this task. As of September 25, 2014, this task has been completed and the modules are available.</p>
299<p>Source: <a href="https://bugs.torproject.org/13293"><code class="url">https://bugs.torproject.org/13293</code></a></p>
300<p>We need to create a strategy with how we are going to get learning materials into the hands of as many people as possible. We are currently talking to three organizations about outreach. The result of this task will be a write-up of next steps for reaching out to both trainers and end users. Kelley and Colin are working on this task. The plan is to complete this by September 15, 2014.</p>
301<p><em>Not sure what the current status is.</em></p>
302<p>Source: <a href="https://bugs.torproject.org/12704"><code class="url">https://bugs.torproject.org/12704</code></a></p>
304<pre><code>- Started working on #12704 with Kelley[2].
305- Should have an update on outreach/curriculum-related topics at the end
306of August.</code></pre>
308<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000616.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000616.html</code></a></p>
310<pre><code>- Worked with Kelley on Sponsor O curriculum content development.
311- Started recruiting volunteers interested in assisting with curriculum
313- Started writing beamer templates for Sponsor O slides.</code></pre>
315<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000647.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-September/000647.html</code></a></p>
316<h2 id="web-site-improvements">Web site improvements</h2>
319* Updated torbrowser.wml&#39;s OS X instructions.</code></pre>
321<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000601.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000601.html</code></a></p>
323<pre><code>Added a FAQ entry about outgoing filters for Tor relays.</code></pre>
325<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html</code></a></p>
327<pre><code>## Website work ##
329* Updated the front page calendar 7 times.
330* Removed dead links to the alpha Vidalia bundles.
331* Replaced the words &quot;Tor Browser Bundle&quot; with &quot;Tor Browser&quot; on the
332  download, download-easy, and Tor Browser project pages (#11193).
333* Added gk&#39;s key to the signers page (#12575).
334* Added boklm&#39;s key to the signers page (#11473).
335* Modified 2 FAQs:
336    - &quot;Can I run a Tor relay from my virtual server account?&quot;
337    - &quot;You should let people choose their path length.&quot;
338* Added some instructions on running the Tor Windows installer (#12617).
339* Updated the URL for Homebrew on the Mac installer page (#10141).
340* Replaced outdated information on the torbrowser-details page with
341  links to git changelogs (#12467).</code></pre>
343<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000609.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000609.html</code></a></p>
344<h2 id="tor-and-https-visual">“Tor and HTTPS” visual</h2>
346<pre><code>Merged new translations and fixes of the “Tor and HTTPS” visual.
347We are now at 32 languages. Some translators have been unresponsive
348through emails, and have not bothered to read the comments for
349translators, so a few are unfortunately unusable at the moment.</code></pre>
351<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000603.html</code></a></p>
352<h2 id="translation-coordination">Translation coordination</h2>
354<pre><code>- Met with OTF Transifex hub coordinators to discuss Tor Project
357<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000647.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-September/000647.html</code></a></p>
358<h2 id="bridgedb-translated-in-arabic">BridgeDB translated in Arabic</h2>
360<pre><code>* Translated BridgeDB into Arabic.</code></pre>
362<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000601.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000601.html</code></a></p>
363<h2 id="review-of-tails-arabic-translations">Review of Tails' Arabic translations</h2>
365<pre><code>* Wrote a report about the quality of Tails&#39; Arabic translations [0].
367[0] https://gist.github.com/SheriefAlaa/4ec11cdcac47dbfee7ea</code></pre>
369<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000628.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-September/000628.html</code></a></p>
370<h2 id="bridge-deployement">Bridge deployement</h2>
372<pre><code>- Deployed 2 additional private bridges running fte/obfs3.</code></pre>
374<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000647.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-September/000647.html</code></a></p>
375<h1 id="hidden-service-usability-improvements">Hidden Service Usability Improvements</h1>
376<h2 id="development-of-a-wizard-to-create-hidden-services">Development of a wizard to create hidden services</h2>
377<p>We want to complete a first version of the Stormy script, which is supposed to set up secure hidden services, and get it into the hands of other developers for feedback, particularly on security. This task includes: making adjustments based on previous user feedback; making the script more maintainable long-term; improving the flow of the configuration wizard; setting firewall rules to only allow connections from the Tor network; adjusting the tor configuration file based on requested type of hidden service; and enabling automatic updates for hidden service dependencies. We're aiming for September 15, 2014 for this task. Griffin is going to work on this.</p>
378<p><em>Not sure what the current status is.</em></p>
379<p>Source: <a href="https://bugs.torproject.org/13143"><code class="url">https://bugs.torproject.org/13143</code></a></p>
381<pre><code>  .d8888b.  888
382d88P  Y88b 888
383Y88b.      888
384  &quot;Y888b.   888888 .d88b.  888d888 88888b.d88b.  888  888
385     &quot;Y88b. 888   d88&quot;&quot;88b 888P&quot;   888 &quot;888 &quot;88b 888  888
386       &quot;888 888   888  888 888     888  888  888 888  888
387Y88b  d88P Y88b. Y88..88P 888     888  888  888 Y88b 888
388  &quot;Y8888P&quot;   &quot;Y888 &quot;Y88P&quot;  888     888  888  888  &quot;Y88888
389                                                      888
390                                                 Y8b d88P
391                                                  &quot;Y88P&quot;
393   In late June, work on Stormy began in earnest, as the move away from
394being a personal project into being a formal Tor project changed its
395scope a bit.  As part of this, I sought out a very large variety of
396opinions from both the community and those I see as being
397non-technical/semi-technical end-users.  Stormy is designed as a shell
398script to install necessary components for a Tor hidden service that is
399useful for journalists and activists.
401   At the Paris meeting, I discussed other options for implementation
402with Lunar, Karsten, and ioerror, which included expanding on Onionshare
403(no) and packing the project for Debian.  Packaging for Ubuntu is
404absolutely possible, and while outside the scope of the contract, I&#39;m
405happy to work to package Stormy later this quarter.  Debian Developers
406working on Tor-related projects have thoughtfully offered to have it
407added once finished.  I&#39;d love to have `apt-get install stormy` as a
408realistic option for users who want to set up a hidden service.
410   Seeking additional outside input on Stormy was necessary, but
411ultimately hasn&#39;t changed much in terms of development.  I&#39;ve run
412through initial user tests, which have confirmed that documentation
413needs to be a top priority, as most users won&#39;t have someone to pose
414questions to.  Initial issues are related to connecting to an outside
415server (using PuTTY/commandline) -- all users were able to set up a
416Ghost instance and hidden service unassisted. Which is a pretty big win
417as far as I&#39;m concerned.</code></pre>
419<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-August/000611.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-August/000611.html</code></a></p>
421<pre><code>   Testing continued into early August.  Mid-August, I decided that a
422full rewrite was in order.  The goal of the rewrite is to both improve
423flow and make it easier to maintain.  Stormy is slated to be released
424internally on September 15th, and publicly September 30th.  I also
425agreed to give an interview about the project in September, with the
426goal of minimizing the need for future interviews.  Reporters are scary.</code></pre>
428<p>Source: <a href="https://lists.torproject.org/pipermail/tor-reports/2014-September/000648.html"><code class="url">https://lists.torproject.org/pipermail/tor-reports/2014-September/000648.html</code></a></p>
429<h2 id="defending-against-guard-discovery-attacks-with-layered-rotation-time">Defending against guard discovery attacks with layered rotation time</h2>
431<pre><code>Guard nodes are a key component of a Tor client’s anonymity. Once an
432attacker gains knowledge of which guard node is being used by a
433particular client, putting the guard node under monitoring is likely the
434last step before finding a client’s IP address.
436George Kadianakis has restarted the discussion [12] on how to slow down
437guard discovery of hidden services [13] by exploring the idea of
438“keeping our middle nodes more static”. The idea is to slow down the
439attacks based on repeated circuit destruction by reusing the same
440“middle nodes for 3-4 days instead of choosing new ones for every
441circuit”. Introducing this new behavior will slow down the attack, but
442George asks “are there any serious negative implications?”
444The idea is not new, as Paul Syverson pointed out [14]: “Lasse and I
445suggested and explored the idea of layered guards when we introduced
446guards”. He adds “there are lots of possibilities here”.
448George worries that middle nodes would then “always see your traffic
449coming through your guard (assuming a single guard per client)”. Ian
450Goldberg added [15] “the exit will now know that circuits coming from
451the same middle are more likely to be the same client”. Restricting the
452change to only hidden services and not every client means that it will
453be “easy for an entry guard to learn whether a client has static middle
454nodes or not”.
456As George puts it the latest message in the thread [16]: “As always,
457more research is needed…” Please help!
459  [12]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007122.html
460  [13]: https://bugs.torproject.org/9001
461  [14]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007125.html
462  [15]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007123.html
463  [16]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007126.html</code></pre>
465<p>Source: <a href="https://lists.torproject.org/pipermail/tor-news/2014-July/000054.html"><code class="url">https://lists.torproject.org/pipermail/tor-news/2014-July/000054.html</code></a></p>
466<h2 id="new-mailing-list-to-discuss-tools-based-on-hidden-services">New mailing list to discuss tools based on hidden services</h2>
468<pre><code>Michael Rogers, one of the developers of Briar [21], announced [22] a
469new mailing list [23] for discussing peer-to-peer-based communication
470systems based on Tor hidden services. As Briar and other systems might
471be “running into similar issues”, a shared place to discuss them seemed
474  [21]: https://briarproject.org/
475  [22]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007161.html
476  [23]: https://fulpool.org/cgi-bin/mailman/listinfo/hidden-services</code></pre>
478<p>Source: <a href="https://lists.torproject.org/pipermail/tor-news/2014-July/000055.html"><code class="url">https://lists.torproject.org/pipermail/tor-news/2014-July/000055.html</code></a></p>
479<h2 id="next-generation-hidden-services-and-introduction-points">Next generation Hidden Services and Introduction Points</h2>
481<pre><code>When Tor clients need to connect to a Hidden Service, the first step is
482to create a circuit to its “Introduction Point”. There, the Tor client
483serving the Hidden Service will be waiting through another circuit to
484agree on a “Rendezvous Point” and pursue the communication through
485circuits connecting to this freshly selected Tor node.
487This general design is not subject to any changes in the revision of
488hidden services [4] currently being worked on. But there are still some
489questions left unanswered regarding the best way to select Introduction
490Points. George Kadianakis summarized [5] them as: “How many IPs should
491an HS have? Which relays can be IPs? What’s the lifetime of an IP?”
493For each of these questions, George collected possible answers and
494assessed whether or not they could respond to several attacks identified
495in the past. Anyone interested should help with the research needed and
496join the discussion.
498In the meantime, Michael Rogers is also trying to find ways [6] to
499improve hidden service performance in mobile contexts. One way to do so
500would be to “keep the set of introduction points as stable as possible”.
501However, a naive approach to doing so would ease the job of attackers
502trying to locate a hidden service. The idea would be to always use the
503same guard and middle node for a given introduction point, but this
504might also open the doors to new attacks. Michael suggests experimenting
505with the recently published Java research framework [7] to gain a better
506understanding of the implications.
508  [4]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/224-rend-spec-ng.txt
509  [5]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007335.html
510  [6]: https://fulpool.org/pipermail/hidden-services/2014-August/000019.html
511  [7]: https://github.com/drgowen/tor-research-framework</code></pre>
513<p>Source: <a href="https://lists.torproject.org/pipermail/tor-news/2014-August/000058.html"><code class="url">https://lists.torproject.org/pipermail/tor-news/2014-August/000058.html</code></a></p>
515<pre><code>One missing piece of rend-spec-ng.txt [0] is a section on how HSes
516should pick their Introduction Points (IPs). There are three main
517questions here:
518- How many IPs should an HS have?
519- Which relays can be IPs?
520- What&#39;s the lifetime of an IP?</code></pre>
522<p>Source: <a href="https://lists.torproject.org/pipermail/tor-dev/2014-August/007335.html"><code class="url">https://lists.torproject.org/pipermail/tor-dev/2014-August/007335.html</code></a></p>
523<h2 id="hidden-service-enumeration-and-how-to-prevent-it">Hidden service enumeration and how to prevent it</h2>
525<pre><code>When a Tor user wants to connect to a hidden service, their client makes
526a request over the Tor network to a relay acting as a “hidden service
527directory”, or HSDir. In return, the client receives a hidden service
528“descriptor” containing the information necessary for a connection to be
529made, including the set of Introduction Points that the hidden service
530is currently using [5].
532Hidden services would ideally not be discoverable unless the address is
533public or has been shared directly, but one of the weaknesses of the
534current protocol is that hidden service directories know which services
535they are serving descriptors for; this same shortcoming was an element
536of the “RELAY_EARLY” traffic confirmation attack discovered in July [6].
537Although the full set of descriptors is not published to all directories
538at once — at any given time, six directories are responsible for a
539service’s descriptor [7] — the list is rotated frequently, so it would
540not be hard for an adversary to run a relay stable enough to gain the
541HSDir flag, and harvest hidden service addresses as they are uploaded to
542it in turn.
544Fabio Pietrosanti informed the tor-talk mailing list [8] of an
545experiment designed to detect this enumeration of hidden services: he
546set up thirty new hidden services, keeping their addresses secret, with
547each service running a script to report any attempts at access from
548outside. As the existence of these services was not disclosed to anyone,
549any requests to the service could only come from a client that had
550obtained the address from a directory which had previously held the
551descriptor, possibly “a malicious Tor relay acting as a TorHS directory,
552with Tor’s code modified to dump from the RAM memory the TorHS list,
553then harvest them with an http client/script/crawler”. After
554approximately a month, according to Fabio’s message, a client did indeed
555try to access one of the “honeypot” services.
557Regular readers of Tor Weekly News will know [9] that the hidden service
558protocol is being fully redesigned, and this “next-generation” proposal
559already suggests defenses against this kind of attack [10], but (as
560ever) more eyes are needed. If you’re interested, see George Kadianakis’
561introduction to the issues facing hidden services [11]; those familiar
562with cryptography in C are welcome to review the discussion of this
563particular issue on the bug tracker [12].
565  [5]: https://www.torproject.org/docs/hidden-services
566  [6]: https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
567  [7]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/rend-spec.txt#l496
568  [8]: https://lists.torproject.org/pipermail/tor-talk/2014-September/034751.html
569  [9]: https://lists.torproject.org/pipermail/tor-news/2013-December/000023.html
570 [10]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/224-rend-spec-ng.txt#l571
571 [11]: https://blog.torproject.org/blog/hidden-services-need-some-love
572 [12]: https://bugs.torproject.org/8106</code></pre>
574<p>Source: <a href="https://lists.torproject.org/pipermail/tor-news/2014-September/000063.html"><code class="url">https://lists.torproject.org/pipermail/tor-news/2014-September/000063.html</code></a></p>
575<h2 id="current-state-of-ahmia.fr-a-search-engine-for-hidden-services">Current state of ahmia.fr, a search engine for hidden services</h2>
577<pre><code>Juha Nurmi described [14] the current state of ahmia.fi, the search
578engine for hidden services, following a successful Google Summer of Code
579project. The post includes notes on the design, content statistics, and
580plans for future work.
582 [14]: https://blog.torproject.org/blog/ahmia-search-after-gsoc-development</code></pre>
584<p>Source: <a href="https://lists.torproject.org/pipermail/tor-news/2014-September/000063.html"><code class="url">https://lists.torproject.org/pipermail/tor-news/2014-September/000063.html</code></a></p>
585<h2 id="gather-more-statistics-about-proportion-of-traffic-related-to-hidden-services">Gather more statistics about proportion of traffic related to hidden services</h2>
587<pre><code>As part of the current push to better understand hidden services and
588their use on the Tor network, Roger Dingledine asked [20] relay
589operators who are “comfortable compiling Tor from git” and who “want to
590help investigate what fraction of Tor network load comes from hidden
591service use” to check out the new hs-stats git branch. This version
592“will collect per-thirty-minute statistics about number of circuits and
593number of cells your relay sees that have to do with exiting, with
594hidden services, with circuits where you&#39;re not the final hop, and a
595fourth none-of-the-above category”, which can then be posted to the
596appropriate ticket on the bug tracker [21] or sent to Roger directly.
598 [20]: https://lists.torproject.org/pipermail/tor-relays/2014-September/005352.html
599 [21]: https://bugs.torproject.org/13192</code></pre>
601<p>Source: <a href="https://lists.torproject.org/pipermail/tor-news/2014-October/000065.html"><code class="url">https://lists.torproject.org/pipermail/tor-news/2014-October/000065.html</code></a></p>