wiki:org/meetings/2019Stockholm/Notes/TorBrowserRoadmapping

Sponsors Summary

Sponsor 27

Ends in March-ish next year

Onion Services in October

Alt Services

EC Long Names onion v3

Sponsor 9

Testing Onion Services features from Sponsor 27

Ideally, need nightly working at August, but not feasible

Establish user-feedback loop when adding features, get feedback from users, back and forth, etc

Sponsor 30

Anti-censorship technologies

Automatic bridge selection, pluggable transport

UX mobile, desktop

Tor Launcher work starts in December

Uncertainty:

How much can automate without killing users

Fennec -> Fenix Transition

Outcome from All-Hands:

Mozilla recently released first version of Fenix which is replacing Fennec (Firefox on Android)

3 Month transition period, then kill Fennec

We are using Fennec as our base for Tor Browser

Reducing investment in all their myriad experimental browsers

Transition from Fennec to Fenix in about a year

Some work to be done for Fenix to have feature parity with Fennec

User data migration from Fennec to Fenix is an open question

Fenix is going to have a ~4-week update cycle which we will need to stay in sync with

If we move off the ESR train for desktop we would need to rebase every ~6 weeks

2000-6000 bugs fixed every six weeks whose patches have to be reviewed

Automatic regression testing would have to happen

Moving away from ESR cycle for desktop is better for security since Mozilla devs are on Release, and ESR backports are an afterthought

Potentially less more (?) consistent work on faster train, but who knows

Plan for Progress

How to be fast with Fennix transition?

Start actually investigating after TB 9 is out

How to deal with the signing issue with NoScript?

Problem: NoScript has a 2-week release cycle, so we would need to do TB releases in lock step if we don't rely on the Mozilla Add-On store

integrate NoScript as system addon?

integrate features directly into Firefox?

build+sign NoScript with our own key?

Maybe we could just rip out the core functionality we care about and integrate into Tor Browser directly?

Ad-blocking / Tracking protection for performance reasons?

Integrate the tracking protection for major trackers, bitcoin nonsense?

Could we host our own block-list?

What is Google Safe Browsing protocol?

Perf wins probably bigger on Mobile

Perf improvements marketable for sponsors

Big discussions

  • get away from ESR train
    • How do we rebase our patches faster?
    • evaluation work for
    • 6 weeks between releases
      • evaluating new features and checking there are no security/privacy implications
      • review all changes made
      • ~2000-6000 bugs each time
      • networking code for bugs
      • fingerprinting
      • second cycle of review
      • what's does the process look like?
        • Can Mozilla help? Fingerprinting review
        • preferences rename... transitioning can be painful
  • Start looking at Fenix transition
    • Fenix is not going to be tied to ESR68 train
      • All UI work has to be re-done for Fenix
  • Performance improvements
    • ETP for Firefox
    • Opportunity for a good funding proposal
      • Important for getting more users
  • Can we do some type of automated testing to check for regressions.
  • Do this experiment on mobile only using Fenix
    • What's the cost of moving to the Fenix release cycle?
    • for security purposes it makes sense to switch
  • We need 1 more mobile dev - more involvement
  • Coordinate more with NoScript

Session 2 (Roadmapping)

  • Torbutton
    • Streamline toolbar to remove Torbutton
      • New Identity
      • general settings should contain network settings
        • Antonella will write a proposal for it
        • Richard may be able to work on it in August
        • Tor Launcher
          • what happens when tor is censored and can't bootstrap
          • similar to the security slider move
          • need to get rid of overlay
      • New Identity exposed on toolbar?
        • new new user onboarding item
  • Vacations
    • Richard: 14th - 28th July
    • Georg: 20th - 27th July and 7th - 17th August
    • Alex: whole of Dec
    • Mcs/Brade: Sept 20th - 29th
    • Matt: beginning of September
    • Boklm: a week in July and 10 days in August
  • F-Droid (1) - low hanging
    • half way through
    • best thing we can do
    • is it as important as we think it is? 10 - 20% of users
    • description of repo for Tor Browser is confusing and misleading
  • Fastlane (3)
    • half way through
    • more users here also?
  • Tor Browser users to stable (2) - low hanging
    • they are doing that on their own
  • 64bit support
    • one more release before August

Session 3 (Roadmapping)

  • Apple Notarization Process
    • Requirements
      • ?
    • Investigate
      • How to upgrade signing infrastructure
      • Need timestamping server to be reachable
      • Update macos(10.13) to newer code signing version (?)
        • new signing code for notarization only (?)
      • Does someone else have these same problems?
        • e.g Bitcoin core
      • Signing infra needs to be offline
    • Implement
  • What else do we want to do in November and December?
    • Plan for faster release cycle for Fenix
      • couple of weeks to look at Fenix
      • gives us some time to figure out where Mozilla is with this
      • rebasing patches
      • quicker release cycle/turnaround - what do we need to be more agile (in terms of manpower)
      • Start implementing plan in December
    • Performance improvements?
      • Content Blocking for perf
    • Per site security settings
      • Start in October
  • We need a tor alpha (0.4.2) by end of October for the client auth work
  • BIG Performance Improvements proposal
    • Tor part
    • Tor Browser part
    • etc... which other teams can we get involved
Last modified 5 weeks ago Last modified on Jul 19, 2019, 3:08:35 PM