#tor-meeting log

18:00:09 <GeKo> #startmeeting tor browser 9/17
18:00:09 <MeetBot> Meeting started Mon Sep 17 18:00:09 2018 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:09 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:00:29 <GeKo> we have our pad at https://storm.torproject.org/shared/tHoN4Ii7rLSjPE0OP4gydX4cMGadsXmRQNc-6lwru0N
18:00:49 <GeKo> please go over it and mark things as bold in case you want to talk about any of it
18:00:59 <sisbell> hello
18:01:06 <GeKo> it seems we still don't have all of the updates, so let's wait a bit
18:01:09 <arthuredelstein> hi everyone!
18:01:14 <igt0> hi!
18:01:14 <boklm> hi!
18:03:22 * isabela is lurking
18:04:00 * traumschule updated
18:04:16 <GeKo> okay, let's go
18:04:48 <GeKo> this week, i think, we'll get out bugfix releases to address a bunch of issues in 8.0 and the alpha
18:05:03 <GeKo> i try to be extra conservative this time *cough*
18:05:22 <GeKo> as we don't have much time to get yet another release out before mexico
18:05:53 <GeKo> i plan to tag the stable and the alpha tomorrow my time and get the stable build going first
18:06:02 <GeKo> and hopefully we get both out on thursday
18:06:16 <boklm> tomorrow evening?
18:06:34 <GeKo> morning
18:06:36 <boklm> ok
18:06:52 <arthuredelstein> so in principle we could submit more patches today?
18:07:00 <GeKo> yes, please
18:07:15 <arthuredelstein> ok! :)
18:07:35 <GeKo> we might but more into the alpha, though depending on complexity etc.
18:08:17 <GeKo> mcs: it would be good to give the 8.0 -> 8.0.1 update another round of update testing to make sure we are good
18:08:45 <GeKo> (we'll actually really test the updater bug we found in 8.0a10 that way)
18:09:06 <GeKo> and it's the final transition in the update watershed
18:09:31 <mcs> GeKo: OK. When do you estimate that you will have signed mar files ready?
18:09:33 <GeKo> so, for 8.0.1 there are still some tbb-8.0.1-can tickets
18:09:40 <GeKo> mcs: wed your working time
18:09:49 <mcs> OK
18:10:18 <GeKo> does all of this sound reasonable? or do we need to tweak that plan?
18:10:41 <boklm> that sounds good to me
18:10:51 <mcs> It seems reasonable.
18:10:54 <pospeselr> sounds reasonable
18:11:04 <GeKo> mcs: pospeselr: arthuredelstein: i need some help for reviewing my tickets
18:11:15 <GeKo> otherwise i might not be able to merge them tomorrow
18:11:26 <pospeselr> can prioritize that for today
18:11:43 <GeKo> they are tagged with GeorgKoppen201809 and in needs_review
18:12:01 <GeKo> thanks
18:12:16 <arthuredelstein> will do
18:12:43 <GeKo> okay, what else do we have...
18:13:26 <GeKo> arthuredelstein: you are up
18:13:52 <arthuredelstein> OK, so my question is about #27175
18:14:02 <arthuredelstein> Do we want to allow users to preserve their per-site NoScript settings?
18:14:30 <pospeselr> so the settings not being first-party isolated means what exactly?
18:14:31 <arthuredelstein> It's bad for privacy both on disk and leaking history across sites
18:14:37 <pospeselr> does that mean websites can query no scrip tinfo?
18:14:40 <arthuredelstein> But it's inconvenient for some users
18:15:00 <arthuredelstein> pospeselr: Yes, and that's true even if we don't allow per-site NoScript settings to be saved between sessions.
18:15:13 <arthuredelstein> Within a session, NoScript per-site settings already leak across first party
18:15:21 <pospeselr> oh wow ok
18:15:29 <arthuredelstein> But that's probably a separate question
18:15:33 <pospeselr> right
18:16:04 <arthuredelstein> It's easy to turn on saving per-site settings -- we just stop applying the slider settings at every startup.
18:16:13 <arthuredelstein> Just apply it on the first startup and when the user changes the slider setting
18:16:50 <mcs> (trac is still slow) Is this a regression compared to Tor Browser 7.5.x?
18:17:17 <arthuredelstein> mcs: good question. Actually I'm not sure
18:17:26 <GeKo> it worked on 7.5.x
18:17:35 <GeKo> at least to the many complaints we got
18:17:46 <pospeselr> What are the consequences for preserving these settings? Attackers with physical access has evidence of visiting certain sites that have special settings persisted? Or would all visited websites get an entry?
18:17:47 <arthuredelstein> Funny, I had a feeling per-site settings did not get saved in 7.5.x
18:18:20 <arthuredelstein> pospeselr: Just certain sites with special settings, but not only attackers with physical access.
18:18:37 <GeKo> pospeselr: websites could find out your whitelist by including stuff from other domains
18:18:54 <pospeselr> so yeah, that sounds like a non-starter
18:18:57 <arthuredelstein> And not just for one session (as now) but for all sessions (because of saving)
18:18:58 <pospeselr> imho
18:18:58 <GeKo> depending on how elaborate that is it could be a good means for tracking you across sites
18:19:53 <GeKo> what is our solution to exceptions in general?
18:20:10 <GeKo> would we be okay once they are keyed to the first party domain?
18:20:32 <arthuredelstein> If they are keyed to the first party domain, then the problem is restricted to disk hygiene only.
18:20:42 <mcs> My opnion is we should not enable this by default until keyed by first party, but maybe provide a footgun (hidden pref) for people who really want to do this.
18:24:10 <GeKo> i wonder what the use cases for that are
18:24:32 <arthuredelstein> mcs: That's definitely doable. I guess I'm not too enthusiastic about footguns (they tend to go off like Chekhov's gun :P)
18:24:33 <pospeselr> i don't think this should be enabled by default, even if it is first party keyed (a footgun might be a useful compromise for certain users)
18:24:42 <GeKo> "there are sites i trust and for which it is  okay to have js enabled while all the others have to be off"?
18:24:53 <pospeselr> on account of the disk hygiene issue
18:25:33 <mcs> GeKo: I think that is the main use case.. only enable JS when absolutely needed but remember for that setting for some sites that are frequently used.
18:26:26 <mcs> The footgun makes me nervous too but there is no easy workaround, right?
18:26:33 <arthuredelstein> YouTube is a common use case I think.
18:27:21 <GeKo> okay, let's try the footgun approach while we think more about it in mexico
18:27:48 <GeKo> we can then take the bigger picture about our security feature redesign into account
18:28:00 <GeKo> and maybe we come to a better solution
18:28:16 <arthuredelstein> One alternative I brought up a few times in the past is to make our "safer" security level less strict for HTTPS sites. That would make YouTube work without any user intervention. But we can discuss in Mexico.
18:29:02 <GeKo> yes, but i fear the user group complaining about the exceptions not saved is not a group that would be happy with that move
18:29:58 <arthuredelstein> hm, that's interesting
18:30:15 <arthuredelstein> anyway I will implement the footgun thing today (default disabled) and we can revisit
18:30:26 <GeKo> sounds good
18:30:52 <arthuredelstein> thanks everyone
18:31:11 <GeKo> do we have anything else for the updates part of the meeting?
18:31:11 <traumschule> it's maybe a bit too far fledged but if TB implements site specific rules already something like about:domains or similar would be neat
18:31:44 <GeKo> traumschule: what do you mean?
18:32:17 <traumschule> i thought a about a settings page to adjust these rule for the different feature filter mode
18:33:14 <traumschule> (s hangs) that could prevent uers from fiddling with other plugins. but one sec later it sounds like a bad idea because of anonymity
18:33:25 <sysrqb> back.
18:33:29 <GeKo> o/
18:34:04 <GeKo> traumschule: i think i still fail to see the benefits :)
18:34:36 * traumschule was referring to <+arthuredelstein> One alternative I brought up a few times in the past is to make our "safer" security level less strict for HTTPS sites. That would make YouTube work without any user
18:34:53 <GeKo> i see
18:35:05 <arthuredelstein> traumschule: In that case it would be https-wide, not applied to specific domains
18:35:22 <traumschule> ok, taking it back then :)
18:35:25 <arthuredelstein> We already have some https-specific settings at "Safer" level
18:35:31 <GeKo> okay, let's move on to the discussion part
18:35:43 <GeKo> going backwards: next meeting
18:35:53 <GeKo> i plan to be off next monday and tuesday
18:36:05 <GeKo> so what about we meeton 9/28 again?
18:36:23 <GeKo> then we'll have a whole day to discuss all sorts of things :)
18:37:05 <boklm> it sounds good to me
18:37:16 <sysrqb> good for me :)
18:37:26 <arthuredelstein> looking forward to it :)
18:37:32 <mcs> sounds good; looking forward to seeing people in person (but maybe not looking forward to a day-long meeting ;)
18:37:40 * sysrqb can't believe the meeting starts end of next week
18:38:03 <pospeselr> mcs: same :)
18:38:04 <sysrqb> err,  no, two weeks from now, hehh
18:38:16 * pospeselr quickly re-checks itinerary
18:38:25 <sysrqb> oh, no, it is next week.
18:38:29 <GeKo> yeah!
18:38:44 <GeKo> just one week left :)
18:38:55 <pospeselr> man time flies when you're having fun
18:39:09 <GeKo> okay, that's settled then
18:39:18 <GeKo> session for the team meeting day
18:39:33 <GeKo> we have some slots
18:39:57 <GeKo> i added a tor browser 8 retrospective meeting
18:40:00 <igt0> Do we have an agenda for the 28th day meeeting?
18:40:19 <GeKo> igt0: not yet. my plan was to hammer that down in the first 15-20 minutes
18:40:33 * arthuredelstein cancels 9/24 TBB meeting on Tor Project Calendar
18:40:44 <GeKo> but i am open for suggestions
18:41:06 <GeKo> i guees we should all brainstorm ourselves what we feel is important for that day
18:41:16 <GeKo> and then it will go even faster
18:42:24 <GeKo> right now i think we could have a mix of technical and non-technical topics
18:42:35 <GeKo> like tor browser team retrospective
18:42:41 <GeKo> the skillshare
18:42:48 <pospeselr> (woo)
18:42:57 <GeKo> tackling the hard questions about moving tba forward
18:43:08 <GeKo> and what that means for redoing torbutton/tor launcher
18:43:15 <GeKo> thinking about sandboxing
18:43:31 <GeKo> that's the stuff that just pops up in my mind
18:43:39 <sysrqb> so many interesting topics :)
18:43:52 <GeKo> yes! and i bet all of you can easily find 5 more
18:44:30 <GeKo> i think we can defer some of that to the 29th where two sessions are still tbd
18:44:53 <GeKo> probably those topics that might benefit from potential input outside of the tor browser team
18:45:03 <GeKo> or maybe we start with such a session on 28th
18:45:08 <GeKo> and continue on 29th :)
18:45:27 <GeKo> dunno
18:45:39 <GeKo> we'll definitely have a final roadmapping session on 29th
18:45:57 <GeKo> even though i hope we can get at least a rough outline ready on 28th
18:46:19 <GeKo> ("just" taking the stuff into account that comes from other teams on 29th)
18:47:53 <GeKo> so, should we leave the remaining 2 tbd sessions as placeholder for stuff we think is important after meeting on 28th?
18:48:20 <GeKo> or do we already have a important topic that must go into one of the remaining slots?
18:48:23 <GeKo> *an
18:48:46 <GeKo> isabela: ping
18:49:28 <GeKo> i wonder whether we already have our new pm on the 28th available
18:49:32 <igt0> about the slots we have few TBB topics in the same time. :/
18:49:58 <GeKo> what do you mean?
18:50:28 <igt0> e.g. october 1:  Integrating Tor into other browsers and Tor uplift roadmap for 2018
18:50:30 <igt0> are in the same time
18:50:43 <GeKo> ah, that
18:50:57 <GeKo> i guess we could ask flexlibris is we could shuffle stuff around
18:51:14 <arthuredelstein> those two sessions are very closely related
18:51:25 <GeKo> could be!
18:51:30 <GeKo> but not necessarily
18:51:42 <arthuredelstein> I mean in the sense that Firefox is "another browser" :)
18:51:52 <igt0> the Tor Browser sandboxing and Browser privacy testing are also in the same time.
18:52:18 <arthuredelstein> yes :( I will try to move the browser privacy testing because I definitely want to be at the sandboxing discussion
18:52:55 <GeKo> okay, then our final topic state of the onion talks
18:53:03 <GeKo> we have two as i said.
18:53:17 <GeKo> sysrqb: you would do the first one? did i hear that right? :)
18:53:28 <sysrqb> yes
18:53:36 <GeKo> great
18:53:41 <GeKo> who wants to do the other one?
18:53:54 <GeKo> (if no one, then i'll do it)
18:54:37 <GeKo> (although, that's not a good solution)
18:54:43 <arthuredelstein> Is that on Oct 2?
18:55:15 <GeKo> yes
18:55:25 <GeKo> 12:00-14:00
18:55:33 <arthuredelstein> unfortunately I'm missing that day
18:55:51 <GeKo> :(
18:56:10 <GeKo> sysrqb: okay, then let's do it
18:56:11 <arthuredelstein> if sysrqb wants to do the second one I can help with the first :)
18:56:21 <GeKo> aha!
18:56:24 <arthuredelstein> but also happy if you two have it covered
18:56:58 <sysrqb> ha. i suppose we can switch it :)
18:57:34 <sysrqb> but i'm okay with either
18:57:35 <GeKo> hm, am i seeing that right that the presention on the 2nd should be in spanish? :)
18:57:46 <GeKo> you better should be sure before signing up :)
18:58:08 <GeKo> flexlibris: ^
18:58:40 <GeKo> okay, i think we can figure that out
18:58:44 * sysrqb is not qualified for that :)
18:58:45 <sysrqb> maybe presentation with spanish translation?
18:58:58 <GeKo> i guess so
18:59:57 <mcs> If we have slides, maybe someone can translate those for us ahead of time.
19:00:08 <GeKo> alright, let's have arthur/sysrqb doing the talking
19:00:30 <GeKo> arthuredelstein: sysrqb: work on some content during the week?
19:00:39 <GeKo> (like this week?)
19:00:45 <sysrqb> sure
19:00:46 <arthuredelstein> sure!
19:00:53 <GeKo> and then get that distilled into some slides
19:00:55 <GeKo> okay
19:01:00 <GeKo> great
19:01:04 <GeKo> anything else for today?
19:02:55 <GeKo> okay, thanks all then and save travels to mexico! *baf*
19:02:57 <GeKo> #endmeeting