Metrics timeline workshop

Led by David Fifield.

The dream behind the metrics timeline is to one day add annotations to Tor Metrics graphs—so when a graph shows a sudden drop in users from Belarus, for example, there will also be an annotation and a link to what we know about the cause. Basically, to put the metrics graphs in context and aid people in interpreting them.

In the metrics timeline workshop, we will work on expanding the coverage of the metrics timeline, in three ways:

  1. Mining other data sources (such as this list of blocking orders from Brazil) for relevant events and transcribing them into the metrics timeline.
  2. Visually examining graphs for apparent anomalies and adding them to the "Unknown" category for later investigation.
  3. Researching the entries in the "Unknown" category to find any possible explanations.

WTF/IRC workshop

Led by Colin Childs (and preferably 1 sysadmin)

The idea behind this workshop is to get as many people as possible connected to IRC in a persistent way. We have a number of people who could benefit from being persistently connected to IRC via screen/irssi or a bouncer. If we made this a "WTF" session (like our mailing list by the same name), we could have more than one "leader" able to assist people with issues they are encountering.

pastly should be a part of this as he has started running a bouncer and 1+ Tor person is using it. Can/should it be hosted on Tor infrastructure? What's expected of him? Should it be scrapped for something better? He has questions like that.

User testing pipeline workshop (Global south, trainers, and activists, please come!)

Led by Linda Lee (and Isabela Bagueros in spirit).

The purpose of this workshop is to start dialogue with people who interact with everyday users, especially users not in North America/Europe. The UX team wants to systematically and regularly get user feedback to improve Tor Browser. But we need trainers and organizational allies to help us. Linda will share her vision about how user testing can be made feasible, and open the discussion to talk about what to test, how often to test, where to test, etc.

Scanning Tor Network

Facilitated by David Stainton and Meejah

  • network partitions
  • very high latency
  • inter relay bandwidth
  • bad exits
  • bad onion service DHT member

Discussion of existing network scanners and future improvements. How to collaborate on development (e.g. currently source code is mostly-seekrit).

Encouraging Tor integration by third parties

(Facilitated by Arthur)

What can be done to make Tor more practical to bundle into existing software maintained by third parties? For example, can we create a "Tor client" build so that the Tor client is small enough to deliver with any app? Should we make it possible to run multiple instance of Tor? What kind of documentation or setup scripts could help? And what can we do to communicate more with companies and organizations that produce third-party software?

Here are some kinds of software we could discuss:

  • Web browsers (e.g., Firefox, Brave, Facebook Mobile, ...)
  • Web servers (Apache, nginx, caddy, ...)
  • Web hosting services
  • Messaging/email apps (Thunderbird, Instantbird, Signal, ...)
  • File sharing/storage
  • Operating systems
  • Cryptocurrency clients (Zcash)
  • Other
  • I (meejah) have integrated Tor support into and

Onions Everywhere


The best way to combat rotten onions is to make many, many more tasty onions! Work as continued on many fronts to develop Onion Hidden Service-based peer-to-peer applications for chat, messaging, file sharing and Internet of Things devices. The good news is that it mostly works today, and will work better with Next-Generation Onion Services. However, there is more work to do related to reachability, usability and scalability, all in the context of portable, battery-powered, mobile network connected devices. We can use this time to talk about Briar Project (out in public beta now: and PhoneyPot (alpha: as two examples of mobile apps that utilize onion-based services.

Onions on Apples

(mtigas, n8fr8)

We'll talk through the work done on the new Onion Browser 2.0 (public beta now: for iOS, and the progress on Tor as an iOS/OSX VPN via the iCepa project ( We'll also touch on the status of Pluggable Transports libraries, and support for Rust and Go cross-compiling.

Tor Latin America

(ilv, gus, vasilis)

The idea is to work in a "communications plan" for Latin America between organizations in the region and the Tor Project. Derechos Digitales got a grant for promoting the use of Tor, the setup of more exit relays, the generation of technical and non-technical content in Spanish (including graphics) amongst other things, and we'd like to do this in collaboration with the Tor people. Some concrete results that will be great to have after the meeting are:

  • Coordination for reviewing the technical content and the graphical material.
  • Steps for creating and maintaining communication channels for the Spanish speaking audience.
  • A plan for promoting the setup of new relays in the region.

It will also be great to continue the discussion about having a Tor meeting in Latin America.

Tor at Defcon



Bandwidth Authorities

teor / Network Team

Tor's relay bandwidth measurement depends on some really old, clunky code. Let's make plans to get it working better. (We might have this session on the team day instead.)

Testing (Core) Tor


We keep finding bugs in Tor - let's try to catch them earlier!

We can:

  • work out what we test well
  • find the gaps in our testing
  • make plans to test better, test early and test often

(We might have this session on the team day instead.)

Future Tor Network Measurements


There are lots of ideas for what we can measure in the Tor network.

Let's catch up on what's happened recently, and make plans for the next year or so:

  • What measurements has Tor added recently?
  • What will Tor measure next?
  • What do we want to be measuring over the next few years?
  • What do we need to do now to make that happen?

OONI / Metrics Interactions


There are several potential ways in which Tor experiences and OONI can be mutually beneficial.

Lets find areas for interaction that both sides are excited about pursuing. Potentially things like:

  • OONI data used to indicate when bridges should be proactively suggested on browser startup
  • Navigation failures can prompt users to run OONI to diagnose the problem
  • Tor metrics / OONI data mashup

Thinking Differently About Funding Tor


Receiving funding from individuals and foundations gives us a lot of freedom to focus on the things that are most important to us, but it requires thinking differently about how we report and manage our time. We're in a transition period right now, and we should talk about what this new funding model means in practical terms for people working on Tor. This isn't a discussion about potential funding sources. It's a discussion about how we need to shift our own thinking about how we describe our work.

Update from the Community Council

Community Council

The Community Council will give an update on what they're working on, including priorities like crafting internal policies and procedures. They'll also take questions from participants and solicit feedback on a stable version of one of their policies.

Writing the Code of Conduct


We'll talk about the current draft of the code of conduct and make additions and changes as needed.

Tor Exit Blocking & CDNs


We're going to talk about the existing research on exit blocking, traffic shaping and content discrimination by CDNs and blocklists. We'll try to formulate strategies (both technological and policy-based) to rectify the situation, and look at novel approaches such as the blind signature captcha bypass addon.

Facebook over Tor - how does it work?

Will Shackleton (Facebook)

I can give a short talk on how Facebook's onion is set up and how it integrates with our CDN and webservers, some of the problems we face that are unique to our Tor hidden service, and how we're improving the reliability and testability of Facebook over Tor.

Tor on a Bus - first steps to disaster planning

led by Shari Steele

I'd like to start the process of identifying the pieces that make up Tor and creating a diagram of what they are, where they are physically located, who is responsible for them, where we might want to build in redundancies, what we're missing, and whatever else we should know. We should have a clear disaster plan in place to protect the Tor code and network, and this is the first step to creating that plan.

Using Tor Styleguide

led by Antonela Debiasi

Why is important to maintain a consistent style across the Tor ecosystem. Resources to build your project following Tor's style guide. Open discussion about the design process and how to improve it.

This year in a region outside five eyes: events, relays & nice stuff

(vasilis, gus)

  • Engaging further with the people (Tor community) around the world (was: global-south) what have we learned
  • Rename global-south :)


(gus, vasilis)

  • Economics of running relays in Brazil (and other countries?):

Average Cost of Tor relay by Country

  • Org Partners that could potentially host Tor relays
  • Monitoring volunteer relays


(vasilis, gus)

Make Torproject website "readable" to non English speakers. What needs to be done for an i18n Torproject website?

  • Guides/docs in *all* languages, when resources in different languages are outdated and not accurate.

Tor blocking

(gus, vasilis)

What to do after a country blocks Tor. Setup bridges campaign? Make localized instructions? Maybe a simple bootstrap guide?

Responsible disclosure for censorship/network blocking incidents by ISPs, network operators and access providers

(vasilis, gus, ?)

The purpose of this session is to discuss how we can encourage ISPs, network operators and access providers to engage in responsible disclosures of "accidental" blocking, court orders, outages, technical failures or regulations to network filtering of internet content, network services or blocking of relays, similar to the vulnerability or bug disclosures of the security industry.

Potential outcomes of this session will be the creation of a template for responsible disclosure suited for network filtering and blocking events among ISPs, network operators and access providers.

A Potential template were we could use to form a draft.

Last modified 2 years ago Last modified on Oct 9, 2017, 12:28:16 PM