#tor-meeting log

18:59:37 <sysrqb> #startmeeting Tor Browser meeting 23 November 2020
18:59:37 <MeetBot> Meeting started Mon Nov 23 18:59:37 2020 UTC.  The chair is sysrqb. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:59:37 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:59:44 <sysrqb> welcome, welcome
18:59:53 <sysrqb> pad: https://pad.riseup.net/p/tor-tbb-2020-keep
19:00:41 <Jeremy_Rand_Talos> hello!
19:03:41 <gaba> o/
19:07:11 * sysrqb realises "crypto safety" is "cryptocurrency safety"
19:08:45 <sysrqb> acat: i thanks for reviewing sanketh's MR
19:09:01 <acat> np
19:09:24 <sysrqb> but i'll add a comment asking for changing the commit message to crytocurrency (or something chorter but not "crypto")
19:09:31 <sysrqb> unless you want to include that in your review
19:09:41 * Jeremy_Rand_Talos is one of the rare cryptocurrency devs who enjoys pointing out that crypto means cryptography
19:09:56 <sysrqb> :)
19:10:09 <acat> sysrqb: that
19:10:13 <acat> 's fine
19:10:58 <sysrqb> okay
19:11:01 <acat> i can also add the comment, whatever you prefer
19:11:24 <sysrqb> i would like to maintain one definitoin of "crypto" and not make it context-sentaitive, if we can help it :)
19:11:33 <sysrqb> (in Tor Browser land, at least)
19:11:49 <sanketh> Jeremy_Rand_Talos: haha, I'm a cryptography dev (?) who uses crypto for cryptocurrency. :)
19:12:04 <sysrqb> sanketh: o/
19:12:24 <sysrqb> we can talk about this after the meeting, if needed
19:13:36 <sanketh> (sorry for crashing the meeting.)
19:13:47 <sysrqb> no worries, you are welcome here, too
19:14:00 <sysrqb> i just don't want to side-track the meeting with this specific discussion :)
19:14:18 <sysrqb> acat: did you already begin integrating fenix tests into the testsuite?
19:14:30 <sysrqb> or is that part of the work you are planning this week?
19:14:33 <Jeremy_Rand_Talos> sanketh, I hereby rename a TLS ClientHello as Initial Ciphersuite Offering (ICO), shall we do a hostage exchange?  :)
19:15:17 <sanketh> Jeremy_Rand_Talos: perhaps we should take this to a different channel. :)
19:15:37 <acat> sysrqb: yes, i already begun. i plan to start creating a MR prob. tomorrow starting with changes in Fenix, then tor-browser-build, and then the testsuite
19:15:47 <Jeremy_Rand_Talos> fair enough, I'm done joking around
19:16:05 <sysrqb> acat: okay, so you already having something working?
19:16:07 <acat> basically my idea is that the nightlies also build the test .apk, which can be fetched and then ui tests run
19:16:58 <acat> yes, but unfortunately i did not manage to even get the fenix tests passing for fenix in my machine (only round 75% pass, if i recall correctly)
19:18:09 <acat> so i did not do an effort to fix these for tor-browser, since it's hard to know whether we actually broke them or we need some other environment for these to pass
19:18:40 <sysrqb> yeah. this is good progress though, thanks
19:20:30 <sysrqb> i think building a debug variant in addition to the nightly variant for the nightly build is a reasonable compromise
19:21:22 <acat> ok. yeah, that's another issue, since by default tests are run against the debug build
19:21:56 <sysrqb> i don't know how much of the tests rely on having debuggable archives for the many dependencies we build (mozac, in paricular, i'd guess)
19:22:09 <acat> but building the tests apk also works for beta and release, with some changes
19:22:47 <sysrqb> ah, i see
19:22:56 <sysrqb> i forgot they added a special test variant, too
19:23:25 <acat> i'm not sure there, since right now i'm not sure we check that the debug variant is working
19:23:57 <acat> and also there's always the possibility of sth working in debug but not in release or alpha
19:24:05 <GeKo> yeah
19:24:06 <sysrqb> yep
19:24:17 <acat> but fenix does not run tests for release or beta
19:24:44 <GeKo> really? that's surprising
19:25:04 <GeKo> i though they'd like to know whether their shipping product is exploding or not beforehand
19:25:08 <GeKo> *thought
19:25:57 <acat> *i think*
19:26:03 <acat> i saw some github issue
19:26:09 <acat> https://github.com/mozilla-mobile/fenix/issues/16120
19:26:20 <sysrqb> they may not run tests using the specific release/beta variants
19:26:39 <acat> ok, maybe they do now
19:27:05 <sysrqb> ah, yeah, Android is hard
19:27:21 <sysrqb> "The problem we have is that UI tests run against the debug build type by default, and the debug build type/variant is configured to use GV Nightly."
19:28:21 <acat> the thing is i'm not sure how much of the testing config is in the repo
19:28:23 <sysrqb> okay, so this may be fixed on Fenix beta/nightly now
19:28:52 <sysrqb> all of taskcluster is in the repo, and relies on the gradle config
19:29:01 <sysrqb> i don't know anything about how mozilla are using firebase
19:29:24 <sysrqb> so that could be a different configuration
19:31:10 <acat> well, it's nice if they end up supporting this, our patch will hopefully be smaller
19:31:12 <sysrqb> based on the copmments in that issue, i'm guessing the successful Beta UI test was not using the main fenix branch
19:31:21 <sysrqb> *comment
19:31:32 <sysrqb> acat: yeah
19:32:23 <sysrqb> acat: okay, we don't need to get into all of the details unless you want to discuss anything else specifically
19:32:51 <acat> i'm good
19:32:53 <sysrqb> i'm glad you made progress on this
19:32:56 <sysrqb> cool
19:33:51 <sysrqb> okay
19:33:56 <sysrqb> for the Boards
19:33:58 <sysrqb> https://gitlab.torproject.org/groups/tpo/applications/-/boards
19:34:23 <sysrqb> on Thursday, Gaba and I went through an triaged the placement of many issues
19:34:49 <sysrqb> one area of focus was on S58 tickets
19:35:13 <sysrqb> where we moved tickets with the S58 label into Next, or we deleted the S58 label
19:35:27 <sysrqb> with the intention of finishing S58 within the next month
19:35:56 <sysrqb> meaning any of those items should be near the top of our list now, if they weren't before
19:36:46 <sysrqb> please make sure the boards current reflect the issues/tasks/projects you're working on
19:37:47 <sysrqb> it's possible we made a mistake, so please ensure they look good to you
19:40:08 <sysrqb> and the last item i'd like to discuss is Tor Browser's default search engine config
19:40:50 <sysrqb> https://lists.torproject.org/pipermail/tbb-dev/2020-November/001170.html
19:41:34 <sysrqb> I tihnk many (if not all) of are are aware of the issue with returning to DDG search results after clicking a link
19:41:45 <sysrqb> s/of are/of us/
19:41:49 <antonela> ye
19:42:54 <sysrqb> and this related to tor-browser#40153, as well
19:43:16 <sysrqb> but i wonder if we can justify the current behavior
19:43:33 <sysrqb> i don't remember why we switched the config from GET to POST
19:43:59 <sysrqb> GeKo: do you remember why, and do you think it is useful?
19:44:37 <GeKo> because of GET requests landing in logs
19:44:43 <GeKo> leaking search terms
19:45:13 <GeKo> i find it useful, yes
19:45:22 <acat> there's tor-browser#33878
19:45:31 <GeKo> the question, though, is whether that outweights the costs
19:45:32 <sysrqb> ah, server logs
19:45:35 <GeKo> yes
19:45:52 <sysrqb> okay, that is a decent argument for POST
19:46:15 <acat> which logs?
19:46:16 * Jeremy_Rand_Talos generally concurs that private data should be kept out of GET requests when feasible; too much stuff logs URL's
19:46:28 <sysrqb> tor-browser#33878 is a little different, because that relies on DDG's server config
19:46:48 <sysrqb> because that is how DDG is redirecting requests from ddg.com to html.ddg.com
19:47:18 <sysrqb> maybe we can change that internally in tor browser, when the security level is changed
19:47:18 <acat> ok, server logs, didn't see that sorry
19:47:45 <sysrqb> but that is separate issue
19:47:51 <GeKo> yep
19:48:08 <GeKo> so, it seems we should get ddg to fix their things?
19:48:16 <acat> but why wouldn't ddg log post requests?
19:48:16 <sysrqb> i think one liminting argument for using POST in the browser search config is that ddg use GET in any follow-up queries on their site
19:48:18 <GeKo> or is that plan already discarded?
19:48:31 <sysrqb> but, leaking the first one is not necessary
19:48:57 <sysrqb> GeKo: apparently they are aware of it and don't intend on fixing it
19:49:11 <GeKo> i see
19:49:14 <sysrqb> i'd like to reach out to them and understand why this is a limitation
19:49:27 <sysrqb> but that's one more thing on the list
19:50:08 <Jeremy_Rand_Talos> it's not just server logs, lots of things log URL's more liberally than POST data (e.g. POST gives some defense in depth against referrer leaks)
19:50:11 <sysrqb> Peter found that on https://duckduckgo.com/privacy
19:50:24 <sysrqb> they say:
19:50:25 * antonela we could ask yandex to use POST :p
19:50:28 <sysrqb> "You can turn on POST requests on our settings page, but it has its own issues. POST requests usually break browser back buttons, and they make it impossible for you to easily share your search by copying and pasting it out of your Web browser's address bar."
19:50:48 <GeKo> hm
19:51:04 <sysrqb> obviously the former is more of our concern than the latter
19:51:14 <sysrqb> antonela: heh
19:51:37 <acat> but what does it fix? the query in the referrer? i hope that's not an issue
19:51:47 <acat> "Another way to prevent search leakage is by using something called a POST request, which has the effect of not showing your search in your browser, and, as a consequence, does not send it to other sites."
19:51:54 <antonela> for real, i wonder if asking users to pick a search engine in a onboarding is something we can explore for the future (instead of setting a default)
19:52:26 <sysrqb> acat: don't we strip the query string in the referrer?
19:52:34 <sysrqb> (for cross-origin)
19:53:14 <acat> yeah, so i wonder how this would be sent to other sites without POST
19:53:15 <sysrqb> antonela: we could
19:53:46 <sysrqb> but we should think about how that effects a user's uniqueness
19:54:35 <sysrqb> acat: i think the main concern is the query string landing in DDG's web server logs
19:54:46 <sysrqb> but maybe they are already logging post requests anyway
19:55:05 <sysrqb> and POST vs. GET is not really meaningful in that regard
19:55:33 <acat> yeah, that was my thought
19:55:35 <sysrqb> (logging post request payloads)
19:56:16 <acat> i mean, i don't see that they say that they will not log if it's POST but they will if it's GET
19:57:14 <sysrqb> yeah
19:57:21 <sysrqb> i'll finish opening a ticket about this
19:57:35 <sysrqb> and we can decide how we should proceed
19:57:53 <sysrqb> and feel free to jump into that mail thread, too
19:58:34 <sysrqb> alrighty
19:58:38 <sysrqb> thanks everyone
19:58:43 <sysrqb> have a good week
19:58:47 <sysrqb> #endmeeting