18:00:09 <GeKo> #startmeeting tor browser 9/17 18:00:09 <MeetBot> Meeting started Mon Sep 17 18:00:09 2018 UTC. The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:00:09 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 18:00:29 <GeKo> we have our pad at https://storm.torproject.org/shared/tHoN4Ii7rLSjPE0OP4gydX4cMGadsXmRQNc-6lwru0N 18:00:49 <GeKo> please go over it and mark things as bold in case you want to talk about any of it 18:00:59 <sisbell> hello 18:01:06 <GeKo> it seems we still don't have all of the updates, so let's wait a bit 18:01:09 <arthuredelstein> hi everyone! 18:01:14 <igt0> hi! 18:01:14 <boklm> hi! 18:03:22 * isabela is lurking 18:04:00 * traumschule updated 18:04:16 <GeKo> okay, let's go 18:04:48 <GeKo> this week, i think, we'll get out bugfix releases to address a bunch of issues in 8.0 and the alpha 18:05:03 <GeKo> i try to be extra conservative this time *cough* 18:05:22 <GeKo> as we don't have much time to get yet another release out before mexico 18:05:53 <GeKo> i plan to tag the stable and the alpha tomorrow my time and get the stable build going first 18:06:02 <GeKo> and hopefully we get both out on thursday 18:06:16 <boklm> tomorrow evening? 18:06:34 <GeKo> morning 18:06:36 <boklm> ok 18:06:52 <arthuredelstein> so in principle we could submit more patches today? 18:07:00 <GeKo> yes, please 18:07:15 <arthuredelstein> ok! :) 18:07:35 <GeKo> we might but more into the alpha, though depending on complexity etc. 18:08:17 <GeKo> mcs: it would be good to give the 8.0 -> 8.0.1 update another round of update testing to make sure we are good 18:08:45 <GeKo> (we'll actually really test the updater bug we found in 8.0a10 that way) 18:09:06 <GeKo> and it's the final transition in the update watershed 18:09:31 <mcs> GeKo: OK. When do you estimate that you will have signed mar files ready? 18:09:33 <GeKo> so, for 8.0.1 there are still some tbb-8.0.1-can tickets 18:09:40 <GeKo> mcs: wed your working time 18:09:49 <mcs> OK 18:10:18 <GeKo> does all of this sound reasonable? or do we need to tweak that plan? 18:10:41 <boklm> that sounds good to me 18:10:51 <mcs> It seems reasonable. 18:10:54 <pospeselr> sounds reasonable 18:11:04 <GeKo> mcs: pospeselr: arthuredelstein: i need some help for reviewing my tickets 18:11:15 <GeKo> otherwise i might not be able to merge them tomorrow 18:11:26 <pospeselr> can prioritize that for today 18:11:43 <GeKo> they are tagged with GeorgKoppen201809 and in needs_review 18:12:01 <GeKo> thanks 18:12:16 <arthuredelstein> will do 18:12:43 <GeKo> okay, what else do we have... 18:13:26 <GeKo> arthuredelstein: you are up 18:13:52 <arthuredelstein> OK, so my question is about #27175 18:14:02 <arthuredelstein> Do we want to allow users to preserve their per-site NoScript settings? 18:14:30 <pospeselr> so the settings not being first-party isolated means what exactly? 18:14:31 <arthuredelstein> It's bad for privacy both on disk and leaking history across sites 18:14:37 <pospeselr> does that mean websites can query no scrip tinfo? 18:14:40 <arthuredelstein> But it's inconvenient for some users 18:15:00 <arthuredelstein> pospeselr: Yes, and that's true even if we don't allow per-site NoScript settings to be saved between sessions. 18:15:13 <arthuredelstein> Within a session, NoScript per-site settings already leak across first party 18:15:21 <pospeselr> oh wow ok 18:15:29 <arthuredelstein> But that's probably a separate question 18:15:33 <pospeselr> right 18:16:04 <arthuredelstein> It's easy to turn on saving per-site settings -- we just stop applying the slider settings at every startup. 18:16:13 <arthuredelstein> Just apply it on the first startup and when the user changes the slider setting 18:16:50 <mcs> (trac is still slow) Is this a regression compared to Tor Browser 7.5.x? 18:17:17 <arthuredelstein> mcs: good question. Actually I'm not sure 18:17:26 <GeKo> it worked on 7.5.x 18:17:35 <GeKo> at least to the many complaints we got 18:17:46 <pospeselr> What are the consequences for preserving these settings? Attackers with physical access has evidence of visiting certain sites that have special settings persisted? Or would all visited websites get an entry? 18:17:47 <arthuredelstein> Funny, I had a feeling per-site settings did not get saved in 7.5.x 18:18:20 <arthuredelstein> pospeselr: Just certain sites with special settings, but not only attackers with physical access. 18:18:37 <GeKo> pospeselr: websites could find out your whitelist by including stuff from other domains 18:18:54 <pospeselr> so yeah, that sounds like a non-starter 18:18:57 <arthuredelstein> And not just for one session (as now) but for all sessions (because of saving) 18:18:58 <pospeselr> imho 18:18:58 <GeKo> depending on how elaborate that is it could be a good means for tracking you across sites 18:19:53 <GeKo> what is our solution to exceptions in general? 18:20:10 <GeKo> would we be okay once they are keyed to the first party domain? 18:20:32 <arthuredelstein> If they are keyed to the first party domain, then the problem is restricted to disk hygiene only. 18:20:42 <mcs> My opnion is we should not enable this by default until keyed by first party, but maybe provide a footgun (hidden pref) for people who really want to do this. 18:24:10 <GeKo> i wonder what the use cases for that are 18:24:32 <arthuredelstein> mcs: That's definitely doable. I guess I'm not too enthusiastic about footguns (they tend to go off like Chekhov's gun :P) 18:24:33 <pospeselr> i don't think this should be enabled by default, even if it is first party keyed (a footgun might be a useful compromise for certain users) 18:24:42 <GeKo> "there are sites i trust and for which it is okay to have js enabled while all the others have to be off"? 18:24:53 <pospeselr> on account of the disk hygiene issue 18:25:33 <mcs> GeKo: I think that is the main use case.. only enable JS when absolutely needed but remember for that setting for some sites that are frequently used. 18:26:26 <mcs> The footgun makes me nervous too but there is no easy workaround, right? 18:26:33 <arthuredelstein> YouTube is a common use case I think. 18:27:21 <GeKo> okay, let's try the footgun approach while we think more about it in mexico 18:27:48 <GeKo> we can then take the bigger picture about our security feature redesign into account 18:28:00 <GeKo> and maybe we come to a better solution 18:28:16 <arthuredelstein> One alternative I brought up a few times in the past is to make our "safer" security level less strict for HTTPS sites. That would make YouTube work without any user intervention. But we can discuss in Mexico. 18:29:02 <GeKo> yes, but i fear the user group complaining about the exceptions not saved is not a group that would be happy with that move 18:29:58 <arthuredelstein> hm, that's interesting 18:30:15 <arthuredelstein> anyway I will implement the footgun thing today (default disabled) and we can revisit 18:30:26 <GeKo> sounds good 18:30:52 <arthuredelstein> thanks everyone 18:31:11 <GeKo> do we have anything else for the updates part of the meeting? 18:31:11 <traumschule> it's maybe a bit too far fledged but if TB implements site specific rules already something like about:domains or similar would be neat 18:31:44 <GeKo> traumschule: what do you mean? 18:32:17 <traumschule> i thought a about a settings page to adjust these rule for the different feature filter mode 18:33:14 <traumschule> (s hangs) that could prevent uers from fiddling with other plugins. but one sec later it sounds like a bad idea because of anonymity 18:33:25 <sysrqb> back. 18:33:29 <GeKo> o/ 18:34:04 <GeKo> traumschule: i think i still fail to see the benefits :) 18:34:36 * traumschule was referring to <+arthuredelstein> One alternative I brought up a few times in the past is to make our "safer" security level less strict for HTTPS sites. That would make YouTube work without any user 18:34:53 <GeKo> i see 18:35:05 <arthuredelstein> traumschule: In that case it would be https-wide, not applied to specific domains 18:35:22 <traumschule> ok, taking it back then :) 18:35:25 <arthuredelstein> We already have some https-specific settings at "Safer" level 18:35:31 <GeKo> okay, let's move on to the discussion part 18:35:43 <GeKo> going backwards: next meeting 18:35:53 <GeKo> i plan to be off next monday and tuesday 18:36:05 <GeKo> so what about we meeton 9/28 again? 18:36:23 <GeKo> then we'll have a whole day to discuss all sorts of things :) 18:37:05 <boklm> it sounds good to me 18:37:16 <sysrqb> good for me :) 18:37:26 <arthuredelstein> looking forward to it :) 18:37:32 <mcs> sounds good; looking forward to seeing people in person (but maybe not looking forward to a day-long meeting ;) 18:37:40 * sysrqb can't believe the meeting starts end of next week 18:38:03 <pospeselr> mcs: same :) 18:38:04 <sysrqb> err, no, two weeks from now, hehh 18:38:16 * pospeselr quickly re-checks itinerary 18:38:25 <sysrqb> oh, no, it is next week. 18:38:29 <GeKo> yeah! 18:38:44 <GeKo> just one week left :) 18:38:55 <pospeselr> man time flies when you're having fun 18:39:09 <GeKo> okay, that's settled then 18:39:18 <GeKo> session for the team meeting day 18:39:33 <GeKo> we have some slots 18:39:57 <GeKo> i added a tor browser 8 retrospective meeting 18:40:00 <igt0> Do we have an agenda for the 28th day meeeting? 18:40:19 <GeKo> igt0: not yet. my plan was to hammer that down in the first 15-20 minutes 18:40:33 * arthuredelstein cancels 9/24 TBB meeting on Tor Project Calendar 18:40:44 <GeKo> but i am open for suggestions 18:41:06 <GeKo> i guees we should all brainstorm ourselves what we feel is important for that day 18:41:16 <GeKo> and then it will go even faster 18:42:24 <GeKo> right now i think we could have a mix of technical and non-technical topics 18:42:35 <GeKo> like tor browser team retrospective 18:42:41 <GeKo> the skillshare 18:42:48 <pospeselr> (woo) 18:42:57 <GeKo> tackling the hard questions about moving tba forward 18:43:08 <GeKo> and what that means for redoing torbutton/tor launcher 18:43:15 <GeKo> thinking about sandboxing 18:43:31 <GeKo> that's the stuff that just pops up in my mind 18:43:39 <sysrqb> so many interesting topics :) 18:43:52 <GeKo> yes! and i bet all of you can easily find 5 more 18:44:30 <GeKo> i think we can defer some of that to the 29th where two sessions are still tbd 18:44:53 <GeKo> probably those topics that might benefit from potential input outside of the tor browser team 18:45:03 <GeKo> or maybe we start with such a session on 28th 18:45:08 <GeKo> and continue on 29th :) 18:45:27 <GeKo> dunno 18:45:39 <GeKo> we'll definitely have a final roadmapping session on 29th 18:45:57 <GeKo> even though i hope we can get at least a rough outline ready on 28th 18:46:19 <GeKo> ("just" taking the stuff into account that comes from other teams on 29th) 18:47:53 <GeKo> so, should we leave the remaining 2 tbd sessions as placeholder for stuff we think is important after meeting on 28th? 18:48:20 <GeKo> or do we already have a important topic that must go into one of the remaining slots? 18:48:23 <GeKo> *an 18:48:46 <GeKo> isabela: ping 18:49:28 <GeKo> i wonder whether we already have our new pm on the 28th available 18:49:32 <igt0> about the slots we have few TBB topics in the same time. :/ 18:49:58 <GeKo> what do you mean? 18:50:28 <igt0> e.g. october 1: Integrating Tor into other browsers and Tor uplift roadmap for 2018 18:50:30 <igt0> are in the same time 18:50:43 <GeKo> ah, that 18:50:57 <GeKo> i guess we could ask flexlibris is we could shuffle stuff around 18:51:14 <arthuredelstein> those two sessions are very closely related 18:51:25 <GeKo> could be! 18:51:30 <GeKo> but not necessarily 18:51:42 <arthuredelstein> I mean in the sense that Firefox is "another browser" :) 18:51:52 <igt0> the Tor Browser sandboxing and Browser privacy testing are also in the same time. 18:52:18 <arthuredelstein> yes :( I will try to move the browser privacy testing because I definitely want to be at the sandboxing discussion 18:52:55 <GeKo> okay, then our final topic state of the onion talks 18:53:03 <GeKo> we have two as i said. 18:53:17 <GeKo> sysrqb: you would do the first one? did i hear that right? :) 18:53:28 <sysrqb> yes 18:53:36 <GeKo> great 18:53:41 <GeKo> who wants to do the other one? 18:53:54 <GeKo> (if no one, then i'll do it) 18:54:37 <GeKo> (although, that's not a good solution) 18:54:43 <arthuredelstein> Is that on Oct 2? 18:55:15 <GeKo> yes 18:55:25 <GeKo> 12:00-14:00 18:55:33 <arthuredelstein> unfortunately I'm missing that day 18:55:51 <GeKo> :( 18:56:10 <GeKo> sysrqb: okay, then let's do it 18:56:11 <arthuredelstein> if sysrqb wants to do the second one I can help with the first :) 18:56:21 <GeKo> aha! 18:56:24 <arthuredelstein> but also happy if you two have it covered 18:56:58 <sysrqb> ha. i suppose we can switch it :) 18:57:34 <sysrqb> but i'm okay with either 18:57:35 <GeKo> hm, am i seeing that right that the presention on the 2nd should be in spanish? :) 18:57:46 <GeKo> you better should be sure before signing up :) 18:58:08 <GeKo> flexlibris: ^ 18:58:40 <GeKo> okay, i think we can figure that out 18:58:44 * sysrqb is not qualified for that :) 18:58:45 <sysrqb> maybe presentation with spanish translation? 18:58:58 <GeKo> i guess so 18:59:57 <mcs> If we have slides, maybe someone can translate those for us ahead of time. 19:00:08 <GeKo> alright, let's have arthur/sysrqb doing the talking 19:00:30 <GeKo> arthuredelstein: sysrqb: work on some content during the week? 19:00:39 <GeKo> (like this week?) 19:00:45 <sysrqb> sure 19:00:46 <arthuredelstein> sure! 19:00:53 <GeKo> and then get that distilled into some slides 19:00:55 <GeKo> okay 19:01:00 <GeKo> great 19:01:04 <GeKo> anything else for today? 19:02:55 <GeKo> okay, thanks all then and save travels to mexico! *baf* 19:02:57 <GeKo> #endmeeting