#tor-meeting log

19:00:00 <GeKo> #startmeeting last tor browser meeting 2018
19:00:00 <MeetBot> Meeting started Mon Dec 17 19:00:00 2018 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:00 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:00:12 <GeKo> okay, let's get this going
19:00:48 <GeKo> our meeting pad is at https://storm.torproject.org/shared/tHoN4Ii7rLSjPE0OP4gydX4cMGadsXmRQNc-6lwru0N
19:00:54 <sisbell> hi
19:01:02 <GeKo> please enter your items and mark those you want to talk about bold
19:01:49 <pili> hi everyone
19:03:11 <GeKo> okay, igt0 is out today
19:03:28 <GeKo> it seems no one has any hightlighted items?
19:03:52 <GeKo> anything last minute to add for the status update part?
19:04:21 <antonela> hello
19:04:29 <GeKo> o/
19:04:59 <arthuredelstein> hi everyone! :) I have a question which I can ask at the discussion part. I will add it there
19:05:11 <sysrqb> hi arthuredelstein !
19:05:14 <sysrqb> :)
19:05:27 <GeKo> hi!
19:05:41 <GeKo> arthuredelstein: while you are here... :)
19:06:21 <GeKo> that reminds me to ask you about the particular fix for #27601
19:06:40 <GeKo> do you know which of your permissions patch parts is fixing that issue?
19:06:57 <arthuredelstein> I can look into that. Adding it to my todo list
19:07:01 <GeKo> i thought about just backporting that part on top of our permission fpi patches
19:07:06 <arthuredelstein> yes, it's a good idea
19:07:13 <GeKo> that would be neat, thanks
19:07:28 <GeKo> okay, discussion time then
19:07:40 <GeKo> arthuredelstein: you are up
19:08:41 <arthuredelstein> I tried to summarize our question in the document
19:08:58 <arthuredelstein> Basically, should the Tor Uplift team work on this, or does Tor prefer the status quo?
19:09:06 <GeKo> the item that got added to richard's status update?
19:09:25 <arthuredelstein> oh, sound like what I wrote didn't sync
19:09:26 <arthuredelstein> Just a sec
19:09:46 <antonela> classic storm
19:09:54 <sysrqb> i was written under Richard's line, instead of under Discussion
19:09:55 <GeKo> thunderstorm
19:10:22 <arthuredelstein> Oh, I forgot to write my name
19:10:32 <arthuredelstein> classic me
19:10:45 <arthuredelstein> can you see it now?
19:11:05 <arthuredelstein> Here is the text:     Tim Huang has been looking at spoofing the macOS command key as "control" so that we could spoof useragent in JS. His preliminary observation is that it fixes google docs. Is that something that Tor thinks is a good idea to work on and would be interested in using? Or what would help in making this decision?
19:11:08 <GeKo> aha, yyes
19:11:53 <GeKo> yes, the current thing we ship is a workaround that tries to balance the usability and privacy side
19:12:01 <arthuredelstein> right
19:12:14 <GeKo> if we can win on both parts the this sounds like a good idea to me
19:12:29 <arthuredelstein> I suppose part of the deciding factor is whether this spoofing fix would break or fix more websites
19:12:35 <GeKo> yes
19:12:56 <arthuredelstein> the value is only partial because of course we aren't really spoofing the OS in javascript
19:13:05 <arthuredelstein> fonts for example make OS spoofing very hard
19:13:34 <GeKo> yes, but i think it raises the bar quite a bit which seems like a good thing
19:13:35 <sysrqb> do we know if there are any uses of 'control' by some websites javascript?
19:13:50 <GeKo> especially if it comes with a no cost for the usability side
19:13:56 <sysrqb> (Mac's have a control key, too, right?)
19:14:06 <arthuredelstein> true
19:14:33 <arthuredelstein> The main two examples I know about are google drive and github
19:14:41 <arthuredelstein> that use modifier keys
19:14:58 <GeKo> i only know those two as well
19:15:09 <sysrqb> yeah, sorry, i meant looking for control when the site identifies the computer as a Mac
19:15:23 <arthuredelstein> sysrqb: makes sense. It's a good question
19:15:23 <sysrqb> Windows/Linux are a different situation :)
19:15:58 <arthuredelstein> OK, so it's already useful to know that the answer is "possibly interested" rather than "not interested" :)
19:16:21 <sysrqb> i heard about breakage on Google Docs, and Github, so I guess if those are the two largest poin-points, then solving that would be a win
19:16:25 <GeKo> well, i'd say "definitely interested" :)
19:16:29 <mcs> I think the idea of spoofing Cmd as Ctrl is an interesting one, but as people have said it is difficult to know what else that might breakk.
19:16:34 <sysrqb> *pain
19:17:02 <sysrqb> can mozilla test this on the Alexa top-1M :)
19:17:18 <antonela> :)
19:17:35 <arthuredelstein> Exciting idea :)
19:18:02 <antonela> alexa top10 is fair enough
19:18:10 <arthuredelstein> OK, thanks everyone! So if you have further thoughts about this please let me know by email or IRC :)
19:18:47 <sysrqb> cool, thanks arthur
19:19:47 <GeKo> okay, do we have anything else for discussion?
19:20:02 <GeKo> i guess the next meeting slot is prettey obvious
19:20:39 <GeKo> it's 01/07 2019
19:20:55 <GeKo> same time and same place as at the end of 2018
19:21:36 <GeKo> then i guess this leaves me to thank everyone for the work done in 2018
19:22:04 <GeKo> we accomplished a lot. we got another esr transition more or less smoothly done
19:22:15 <mcs> It has been a productive year. Thanks for your leadership!
19:22:25 <GeKo> and got our mobile tor browser on its way
19:22:30 <GeKo> thx :)
19:23:14 <GeKo> so, i hope you'll have the chance to do as many un-computery things over the holidays and find some time to rest and contemplate things
19:23:20 <GeKo> thanks all! *baf*
19:23:25 <GeKo> #endmeeting