2018 September 29 (Saturday)
Tor Browser Retrospective (good and bad)

  • Sukhe's help
  • Richard tracking down crasher
  • Great contributions from UX team/New design of UI
  • Good release announcement in blog post
  • Got TBB release out on time
  • New onbaoarding
  • Circuit display
  • about:tor design
  • Worked well together as a team (and with other teams)
  • Open design approach
  • Nightlies are back
  • RBM improvements
  • HTTP/2 turned on
  • Updater/NEW MAR transition went OK
  • We were able to fairely quickly ship 8,01 to address critical issues
  • We did not control the release date for desktop 8.0, I didn't feel like I should taka a vacation
    • Code freeze date is 7 days before the release date.
  • We waited too long to begin with implementation of onboarding
  • Too many last minute problems
    • NoScript
      • Testing might have helped with this.
    • bookmarks toolbar went missing
    • suggestion: make a list of tests on the wiki. Some can be manual, some can be automated.
      • can we hire someone, like SoftVision, or incentivize our volunteers
    • following rapid release might help with this
    • Georg would like to work more on prioritization
    • Do we want more usability testing?
  • I needed to knock each stakeholder door to get each task approved: Pili will help with this!
  • Tor Browser Android release delay
    • partly a result of Google Play account issues (one time issue)
  • Need our ESRbuilds sooner
    • would be good to distribute rebase
  • We need more communications with Mozilla folks
  • Tor network still has many timeouts
  • Maybe not enough alpha and release candidate testers
  • Broken WebGL

First Party Isolation

  • Apple's Intelligent Tracking Prevention
  • Ethan will file a ServiceWorker bug


2018 September 28 (Friday)
Team Meeting Day 1

torbutton/torlauncher discussion 11 am
  •  tor launcher
    • configure/control/launcher tor
      • network settings dialog
    • tor config UI
    • localization selection
    • dependent on torbutton for config changes
    • desktop UI using obsolete API
    • need to block network traffic before ready
    • brave runs everything in the background
    • Android has:
      • Orbot
        • Talks to control port
        • Separate App
        • Controller
        • Config UI
        • Runs in background
      • Tor Onion Proxy Library —
        • Nathan suggested we use this.
        • Separate AAR library
        • Controls tor
        • Speaks to the control port
      • "Mobile Tor API"
        • runs tor in a separate thread instead of a separate process
        • doesn't replace control port communication
        • Nathan suggests using this with the Tor Proxy Library
      • Android IPC
        • TCP Socket (short term primary option)
        • Unix Domain Socket (short term primary option)
        • Android Binder (longer term)
      • Architecture would be: TBB --activity--> Orbot UI (java) --> Tor control Port --> Tor
      • For a TBA MVP, just startup and show the progress bar
      • Next step: look at the tor proxy
    • Problems with Tor Launcher
      • 1. Tor launcher as a separate process
      • 2. Tor Launcher having a browser-integrated UI
      • 3. Legacy extensions no longer supported
    • Mozilla is working on their own browser launcher thing
    • Qt is too big
    • Georg: We need to get started with next ESR preparation, but also not messing up the sandboxing
    • Usability is an important requirement for future sandboxes
    • Firefox 68 ESR first released 2018-07-09 
    • Firefox 60 ESR EOL at release 2018-10-22
    • Localization files should have a common source of truth (in Transifex)
    • Tor Launcher plan (desktop)
      • Step 1. Move existing tor-launcher code to tor-browser.git
      • Step 2. Work on a tor-launcher replacement that is compatible with sandboxing

  • torbutton
    • tldr: Proposal for integration
    • security slider
    • control identitty
    • circuit display
    • about:tor
    • circuit isolation
    • UI tweaks
    • some rebranding
    • talks to control port
    • noscript "integration"
    • Discussing how to integrate torbutton/tor-launcher code into tor-browser.git
      • Do we want to have a separate repository for the torbutton functionality?
    • Conclusion: We should formalize a proposal.
      • 1. How to get it into the tor-browser.git repository with a git-submodule
      • 2. Refactor into cleaner modules
      • 3. How to change the UI (security slider, onion icon, etc.)


team roles and rotation

  • pushing to try server
  • suggestion: after each patch, discuss why we should have each 
  • write up how to push to try
  • how is mozilla testing updates?
  • should we invest time on fuzzing? Maybe Google's OSS fuzzer?

  • how do we do politics in standards bodies?
  • browser privacy testing
  • Mozilla is a good ally in this. Apple? Brave?

Last modified 2 years ago Last modified on Nov 4, 2018, 11:02:12 PM