#tor-meeting log

18:00:04 <GeKo> #startmeeting tor-browser 9/10
18:00:04 <MeetBot> Meeting started Mon Sep 10 18:00:04 2018 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:04 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:00:16 <GeKo> okay, let's get started!
18:00:38 <GeKo> welcome everyone to the newest edition of the weekly tor browser meeting
18:00:55 <sysrqb> :)
18:01:00 <mcs> hi to all
18:01:07 <GeKo> the pad is at https://storm.torproject.org/shared/tHoN4Ii7rLSjPE0OP4gydX4cMGadsXmRQNc-6lwru0N; please fill in your items and mark the things to talk about bold
18:01:09 <wayward> hi all!
18:01:11 <igt0> \o/
18:01:35 <sisbell> hi
18:01:41 <arthuredelstein> hi everyone!
18:01:46 <sysrqb> wayward: hello and welcome
18:02:00 <antonela> o/
18:02:38 <pospeselr> hi hi hi
18:04:20 <GeKo> okay, while woflks are starting with the pad
18:04:54 <GeKo> thanks to all for the last week! we made it and got three new releases out, tor browser 8, 8.5a1 and our first mobile alpha!
18:04:54 * Samdney is watching ...
18:05:14 <GeKo> and while there are a bunch of new bugs it seems nothing explodes into our face :)
18:05:38 <GeKo> so, may plan was that we use this week for fixing 8.0 issues
18:05:59 <GeKo> at least those that are urgent and can be fixed within, say, a wekk
18:06:01 <GeKo> *week
18:06:22 <GeKo> because i think we should then release 8.0.1 next week when boklm is here again
18:06:35 <GeKo> at leas before the mexico meeting
18:07:00 <GeKo> to finish the esr60 transition (we are still not 100% due to the update watershed)
18:07:35 <GeKo> so, i personally am quite happy with the release. two things which annoy me personally, though:
18:08:08 <GeKo> 1) i was not able to add 1 to 1 and missed #27482
18:08:24 <GeKo> which is especially bad as all users need to transition over 8.0 to 8.0.1
18:08:27 <GeKo> :(
18:08:49 <GeKo> 2) we did a bad job at explaining what happend with the new identity option
18:09:15 <GeKo> not sure if we can and should fix this for 8.0.1 but i think we should have done better for 8.0
18:09:46 <GeKo> but apart from that i am quite happy given last minute issues and whatnot
18:10:03 <mcs> I had it on my list to make sure the macOS 10.9 issue was fixed but I ran out of time and forgot to do that testing :(
18:10:25 <GeKo> yeah
18:10:29 <GeKo> so be it :)
18:10:36 <arthuredelstein> I should have thought about the need for onboarding after moving the menu item to the hamburger menu. Sorry it didn't occur to me.
18:10:44 <arthuredelstein> But a good lesson to learn.
18:10:49 <GeKo> okay, let's look at the updates and some moves forward
18:10:55 <GeKo> yes, defintitely
18:11:20 <GeKo> i created https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-8.0-issues over the last days
18:12:06 <GeKo> and it should cover a bunch of issues that got raised and which we should look over
18:12:37 <GeKo> i think i'll tag stuff with tbb-8.0.1-can to mark those items that we could workon for 8.0.1
18:13:04 <GeKo> and then folks (and I) pick that up and start working on them
18:13:17 <GeKo> antonela: do you have any input from the ux side for that?
18:13:43 <GeKo> like do you have stuff that we should prioritize for 8.0.1 that we messaed up in 8.0?
18:13:45 <antonela> i want to work on ux-team issues this week
18:14:20 <antonela> well, onboarding call to actions/navigation
18:15:08 <antonela> is something doable for this week
18:15:27 <GeKo> antonela: could you map that to those tickets marked with tbb-8.0-issues and just add tbb-8.0.1-can?
18:15:33 <antonela> "new identity" feature is listed as something to be discussed during our mexico meeting
18:16:01 <antonela> geko, yes
18:16:21 <GeKo> okay, great
18:16:39 <GeKo> any comments/remarks/counter proposals to that?
18:16:42 <mcs> How much we can do this week for onboarding will depend on whether the changes requested require new code or just changes to how we use the existing code. Sorry that is kind of vague.
18:16:54 <GeKo> yes, that's true
18:17:10 <mcs> We don’t want to make risky changes for 8.0.1.
18:17:38 <antonela> mcs, yes, i'll work on those tickets and then you can estimate what is doable or not
18:18:01 <mcs> antonela: That sounds good. Design what is best and we will provide feedback r.e. implementation.
18:18:18 <antonela> mcs will do, thanks!
18:19:19 <GeKo> okay. sysrqb: igt0: sisbell: antonela: meeting this week about tba-a2?
18:19:52 <GeKo> if so, let's just check after this meeting when would be best
18:20:04 <antonela> yes, better for me this week, the next one i'll be travelling
18:20:08 <igt0> yep, any time works for me.
18:20:10 <sisbell> Sure. I'll be out a couple of hours on Friday but otherwise anytime is good
18:20:18 <sysrqb> (we can use a different keyword than tba-a2, if someone has a better one :) :)
18:20:41 <sysrqb> but this week is good for me
18:20:42 <GeKo> wfm! :)
18:20:54 <GeKo> good, then let's check later
18:21:09 <GeKo> sysrqb: thanks for helping with the rust double-check, much appreciated
18:21:34 <sysrqb> sure thing, you're welcome
18:22:08 <GeKo> okay, wayward: you are up!
18:22:16 <wayward> cool, thanks!
18:22:16 <GeKo> welcome to the meeting!
18:22:25 <wayward> Hi everyone, I'm Maggie, the new User Advocate
18:22:34 <arthuredelstein> hi! welcome!
18:22:37 <wayward> I just want to reach out and let you all know that you can contact me any time!
18:22:50 <sysrqb> wayward: welcome!
18:23:06 <wayward> I've created a new doc to track recent user feedback, you can find it here: https://storm.torproject.org/shared/JwsANJ37_QYZnGa9SCTVIGSjCAWm43Tyd_d3cJe5L9c
18:23:20 <wayward> I have a few questions to ask the team if that's alright
18:24:08 <wayward> first, who should I be in touch with for any questions about usability, expected behavior, etc?
18:25:16 <antonela> hello Maggie :)
18:26:24 <GeKo> wayward: well
18:27:13 <GeKo> i gues that's hard to say without seeing the question but pinging tbb-team on #tor-dev gets it on a lot of dev's radars
18:27:23 <GeKo> i guess just asking in #tor-dev should work as well
18:27:24 <wayward> ok, cool, that works. thanks!
18:27:42 <arthuredelstein> this weekly meeting is also maybe a good time to ask such questions :)
18:27:49 <GeKo> we'll find a good way and folks with specialized knowledge if needed
18:27:52 <GeKo> indeed
18:28:02 <wayward> Second, would it be helpful if I compile a report of big weekly issues, associated trac tickets, and things?
18:28:17 <wayward> Or would sending that out via an email mailing list be too annoying? haha
18:28:25 <antonela> wayward: i pasted a wiki page beside your pad notes which hosted previous efforts to collect user feedback. Might be useful for your work!
18:28:41 <GeKo> wayward: you think we need a weekly update on that?
18:28:44 <wayward> antonela: perfect, thank you! I will be incorporating that for sure
18:28:57 <GeKo> we had a monthly report sent to the tor-project mailing list in the past
18:29:11 <wayward> GeKo: Monthly is fine with me, if that works for you all
18:29:17 <GeKo> which might be a thing we could continue or not
18:29:24 <GeKo> but so far i think that was not that bad
18:29:31 <GeKo> pospeselr: what do you think?
18:29:45 <antonela> wayward: and also, you are welcome to join the ux meeting which happens on Tuesdays at 1400 UTC (tomorrow) just here!
18:29:58 <wayward> antonela: ah thanks, I will be sure to be there!
18:30:02 <pospeselr> yeah the monthly report was useful
18:30:12 <antonela> wayward great :)
18:30:15 <pospeselr> since periodically there would be things on their that wasn't on trac
18:30:15 <wayward> Ok, great! I will figure out how to get that set up :)
18:30:32 <arthuredelstein> wayward: Something I think would be helpful is somewhere we can look to find out what are the most important usability problems reported by users by some definition of "important".
18:30:39 <arthuredelstein> to help us prioritize
18:31:09 <wayward> arthuredelstein: Ooh nice, noted! Does user anger count as a metric for importance? haha
18:31:11 <arthuredelstein> I guess importance is related to number of users complaining and otherwise how bad are the consequences.
18:31:20 <wayward> ah ok cool! I can definitely do that
18:31:22 <GeKo> wayward: partly :)
18:31:32 <arthuredelstein> Yes, anger definitely part of it :)
18:31:53 <wayward> ok, perfect! that's all for me, but please don't hesitate to reach out with questions, suggestions, or anything else
18:32:49 <GeKo> great, thanks!
18:32:53 <arthuredelstein> thanks, wayward! :)
18:33:25 <GeKo> do we have more status updates or anything else which would fit here before we  move on to the discussion?
18:34:52 <GeKo> okay, discussion then
18:35:02 <GeKo> the mexico meeting is coming soon
18:35:33 <GeKo> we have two state of the onion sessions where the application team can present (and should) what it has been workin on during the past half year
18:35:55 <GeKo> one session is at the closed days and one at the open days and they last about 7-8 minutes
18:36:23 <GeKo> we should nail down what we want to talk abuot and who would do the actual talking
18:36:43 <GeKo> i can do the latter but it might be better if others from the team stepped up
18:36:58 <GeKo> so, feel free to volunteer :)
18:37:29 <GeKo> i guess we should strees the collaboration that led to tor browser 8 and how that worked out and what we learned?
18:37:37 <GeKo> and our efforts to get tba out
18:37:52 <GeKo> anything else we should think about?
18:37:56 <mcs> Possible topics: working with Mozilla (uplift, etc.), TB 8 Desktop, what’s next for desktop, TBA news and plans.
18:37:59 <sysrqb> will we have the option of projecting a slide show?
18:38:08 <GeKo> yes, i think so
18:38:16 <mcs> I like the “what we learned” idea.
18:38:41 <GeKo> "We can arrange a projector if you want to display slides."
18:38:44 <GeKo> so, yes
18:39:01 <mcs> A lot of the new things in TB 8 are because of the UX team.
18:39:05 <sysrqb> ah, nice :)
18:39:35 <mcs> (or at least a lot of the visible things)
18:39:35 <sysrqb> yeah, having a visual presentation will be nice
18:39:47 <mcs> +1 for using a few slides but not too many
18:39:53 <GeKo> :)
18:40:10 <sysrqb> i guess i can give or help with the closed session
18:40:12 <pospeselr> +1 on not too many :p
18:40:13 <arthuredelstein> we should coordinate discussing the ux part with antonela
18:40:33 <antonela> yes :) i'll talk about your great work folks!
18:40:33 <sysrqb> but if someone wants to co-present with me, i'm okay with that
18:40:34 <antonela> haha
18:40:38 <wayward> I would also suggest adding spanish translations for as much of the slides as possible
18:40:52 <sysrqb> oh +1
18:40:54 <GeKo> wayward: good point
18:41:31 <arthuredelstein> which day is the open presentation on?
18:41:39 <antonela> wayward: i can help, and also planning to do the one at the open day in spanish too
18:41:51 <wayward> antonela: rad!!
18:41:54 <mcs> Do we know how many minutes we have for our part of the presentation?
18:42:03 <antonela> 5-7 minutes as flexlibris said
18:42:07 <GeKo> let#s look at https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/DailyAgenda
18:42:32 <GeKo> hm, that's only closed days
18:42:39 <arthuredelstein> https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/PublicDays
18:42:55 <GeKo> 10/2
18:42:58 <GeKo> yes
18:42:59 <antonela> https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/PublicDays
18:43:07 <arthuredelstein> Is it State of the Onion?
18:43:13 <GeKo> yes
18:43:19 <GeKo> 12:00-14:00
18:43:25 <GeKo> room 1
18:44:10 <GeKo> so, i'll leave this topic for next week to have something to mull over and then we can decide what to do and who is doing it :)
18:44:42 <GeKo> sysrqb: you are noted for the closed days ;)
18:44:57 <GeKo> okay, the user agent thing
18:45:05 <GeKo> so, to give some background
18:45:26 <GeKo> up to now we spoofed the user agent of tor browser users to be windows
18:46:10 <GeKo> during uplift mozilla realized that that is not going to fly with their usersbase
18:46:34 <GeKo> see: https://bugzilla.mozilla.org/show_bug.cgi?id=1404608
18:47:01 <GeKo> a bunch of reasons got brought up but i think the important one is: it breaks things for users
18:47:26 <GeKo> up to a point where they essentially give up on using the resistfingerprinting mode
18:47:39 <GeKo> which would be for us giving up on using tor browser
18:47:59 <GeKo> and resorting to something that is way worse and probably much more dangerous for them
18:48:12 <GeKo> we did not have data about it in the past
18:48:44 <GeKo> but that#s one of the good things about the uplift, too, we often get it as firefox has a much larger userbase than we
18:49:06 <flexlibris> so now it's just the user's actual user agent?
18:49:25 <pospeselr> yeah the OS is explicitly exposed
18:49:38 <GeKo> so, especially android and macos experiences were broken and users switched the resistfingerprinting mode off
18:49:51 <GeKo> flexlibris: the solution was to hardcode for user agents
18:50:08 <GeKo> one for windows, one for macos, one for linux and bsds and one for android
18:50:22 <flexlibris> got it
18:50:35 <GeKo> so that users differ only on the platform but nothing else (liek minor verson etc.)
18:50:40 <GeKo> *version
18:50:47 <pospeselr> so, how trivial is it it to get the 'real' OS from side channels and not using the UA?
18:51:01 <GeKo> we followed that and users started sreaming at us
18:51:10 <GeKo> and the question is now what to do?
18:51:29 <mcs> I think the current solution is good but we seem to have some annoyed users and some angry users.
18:51:57 <arthuredelstein> While it's not that hard to get the real OS (such as through font detection), it is harder than directly reading the useragent from JS.
18:51:57 <GeKo> pospeselr: it's relatively easy for websites that want to track you
18:52:08 <GeKo> BUT
18:52:15 <GeKo> i think that's not the main issue here
18:52:36 <GeKo> the main issue here is that suddenly the OS is visible in any server log
18:52:54 <pospeselr> would a blog post explicitly showing proof of concepts of getting that info w/o using the UA help to convince users?
18:52:57 <GeKo> which could help narrowing down tot browser users
18:53:03 <GeKo> *tor
18:53:30 <GeKo> and essentially back in time given that this gets stored
18:53:44 <pospeselr> oh right ok
18:53:49 <sysrqb> 1) we can create 4x the traffic and request every resource four times, one with each UAS, but only use the correct response on the client-side
18:54:12 <sysrqb> this is generally a terrible idea
18:55:01 <arthuredelstein> I think a big driver of https://bugzilla.mozilla.org/show_bug.cgi?id=1404608 was the problem with platform-specific shortcut keys
18:55:06 <arthuredelstein> Especially on macOS.
18:55:08 * GeKo waits for sysrqb's 2) and 3)
18:55:18 <sysrqb> 2) ...
18:55:28 <sysrqb> 3) profit? :)
18:55:29 <GeKo> arthuredelstein: yes
18:55:34 <GeKo> lol
18:55:36 <pospeselr> lol perfect
18:55:36 <flexlibris> sysrqb: I was just about to finish that joke lol
18:55:39 <tjr> So something I just realized: The USer Agent header is saved in server logs
18:55:42 <arthuredelstein> So one possible alternative solution is to spoof the macOS shortcut keys.
18:55:51 <sysrqb> :)
18:56:02 <tjr> The platform-specific shortcut keys was probably not using the UA header; but rather what we expose via JS
18:56:16 <arthuredelstein> true
18:56:30 <sysrqb> i was going to mention re-categorizing the UAS as a security problem ad use the security slider, but that dooesn't solve the passive log problem
18:56:32 <tjr> So we could send a constant header but not lie in JS - and see if that solves the one major breakage situation we know of....
18:56:49 <arthuredelstein> the users will stay angry though :)
18:57:06 <GeKo> tjr: good idea
18:57:19 <pospeselr> well, some users are going to be angry regardless
18:57:54 <GeKo> arthuredelstein: i am worried about the server log situation but not as much about the fingerprinting one
18:58:08 <pospeselr> GeKo: +1
18:58:10 <arthuredelstein> tjr: the major breakage situation is google docs, right?
18:58:23 <tjr> that's the big one
18:58:24 <GeKo> i think github got reported as well
18:58:35 <pospeselr> so what if we provided a way to specify the OS to identify as in JS and UA?
18:58:55 <sysrqb> it shouldn't be too difficult finding which JS functions are used for fetching the platform-specific code
18:58:55 <GeKo> at least that's in one of the bugzilla comments linked to
18:59:11 * tjr skims through bugs
18:59:14 <sysrqb> (or if it is all included in the same file and the key shortcuts are decided at runteim)
18:59:29 <arthuredelstein> I guess my question is, if we spoofed the macOS "command" key to act as a "ctrl" key for content, would that break things?
18:59:54 <GeKo> i don't know
19:00:14 <pospeselr> is apple command actually 'alt' everywhere else?
19:00:25 <GeKo> to get the mobile situation in the focus:
19:00:27 <arthuredelstein> pospeselr: it's "ctrl" everywhere else
19:00:35 <sysrqb> but, i guess sending the new UAS s"solved" the problem, so it seems they are releated somehow
19:00:47 <GeKo> it seems to the reason for breaking the experience on mobile was indeed a windows ua
19:00:59 <pospeselr> arthuredelstein: sorry no I meant if you plug in a apple keyboard into a pc what keycode do you getwhen you hit command
19:01:04 <mcs> The JS (navigator.userAgent I think?) vs. request header question is an interesting one.
19:01:30 <tjr> Yea, gdocs and github were two bug ones; but i think we can assume any web property that captures Ctrol+S for Save and so on
19:01:31 <GeKo> so, i am inclined to say, the breakage o mobile is too much and we might need to bite that bullet
19:01:43 <GeKo> at least there
19:01:54 <arthuredelstein> pospeselr: idk. Maybe the windows key? I think alt should be the same.
19:01:54 <sysrqb> yes, i agree with that
19:02:05 <sysrqb> i think we must send an Android-specific header
19:03:21 <sysrqb> hrm. does anyone know what UAS onionbrowser sends?
19:03:55 <sysrqb> it doesn't really matter, due to the various ways onionbrowser can't resist fingerpriting
19:04:00 <sysrqb> but mostly curious
19:04:51 <sysrqb> actually, that's going off-topic.
19:05:05 <GeKo> tjr: i think i like the idea of trying to fix the breakage by faking the javascript property but leaving the UA header uniform
19:05:32 <GeKo> that's worth investigating
19:06:55 <tjr> It should be as simple as editing SPOOFED_UA_OS back to a constant OS in https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/nsRFPService.h
19:07:11 <tjr> As I believe the DOM/JS property comes from SPOOFED_OSCPU
19:07:33 <GeKo> aha!
19:07:56 <GeKo> could anyone using a mac test that and report back?
19:08:17 <GeKo> i.e. if we get away with the breakage in that scenario?
19:10:17 <mcs> Is there a list of sites to test? I know that github and Google docs were mentioned.
19:10:36 <GeKo> that are the two i know of
19:12:07 <mcs> brade and I can do some testing.
19:12:11 <GeKo> okay, let's investigate that for dealing with deskotop ua leakage
19:12:13 <GeKo> thanks!
19:12:23 <GeKo> and make a final decision next week
19:12:46 <GeKo> mcs: i'll update #26146 with our plan
19:12:55 <mcs> sounds good
19:12:59 <GeKo> and we can use that for further discussion
19:13:14 <GeKo> alright, thanks, that's tricky business
19:13:20 <GeKo> anything else for today?
19:14:11 <GeKo> okay, thanks then for the meeting! *baf*
19:14:14 <GeKo> #endmeeting