19:00:00 <GeKo> #startmeeting last tor browser meeting 2018 19:00:00 <MeetBot> Meeting started Mon Dec 17 19:00:00 2018 UTC. The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:00:00 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 19:00:12 <GeKo> okay, let's get this going 19:00:48 <GeKo> our meeting pad is at https://storm.torproject.org/shared/tHoN4Ii7rLSjPE0OP4gydX4cMGadsXmRQNc-6lwru0N 19:00:54 <sisbell> hi 19:01:02 <GeKo> please enter your items and mark those you want to talk about bold 19:01:49 <pili> hi everyone 19:03:11 <GeKo> okay, igt0 is out today 19:03:28 <GeKo> it seems no one has any hightlighted items? 19:03:52 <GeKo> anything last minute to add for the status update part? 19:04:21 <antonela> hello 19:04:29 <GeKo> o/ 19:04:59 <arthuredelstein> hi everyone! :) I have a question which I can ask at the discussion part. I will add it there 19:05:11 <sysrqb> hi arthuredelstein ! 19:05:14 <sysrqb> :) 19:05:27 <GeKo> hi! 19:05:41 <GeKo> arthuredelstein: while you are here... :) 19:06:21 <GeKo> that reminds me to ask you about the particular fix for #27601 19:06:40 <GeKo> do you know which of your permissions patch parts is fixing that issue? 19:06:57 <arthuredelstein> I can look into that. Adding it to my todo list 19:07:01 <GeKo> i thought about just backporting that part on top of our permission fpi patches 19:07:06 <arthuredelstein> yes, it's a good idea 19:07:13 <GeKo> that would be neat, thanks 19:07:28 <GeKo> okay, discussion time then 19:07:40 <GeKo> arthuredelstein: you are up 19:08:41 <arthuredelstein> I tried to summarize our question in the document 19:08:58 <arthuredelstein> Basically, should the Tor Uplift team work on this, or does Tor prefer the status quo? 19:09:06 <GeKo> the item that got added to richard's status update? 19:09:25 <arthuredelstein> oh, sound like what I wrote didn't sync 19:09:26 <arthuredelstein> Just a sec 19:09:46 <antonela> classic storm 19:09:54 <sysrqb> i was written under Richard's line, instead of under Discussion 19:09:55 <GeKo> thunderstorm 19:10:22 <arthuredelstein> Oh, I forgot to write my name 19:10:32 <arthuredelstein> classic me 19:10:45 <arthuredelstein> can you see it now? 19:11:05 <arthuredelstein> Here is the text: Tim Huang has been looking at spoofing the macOS command key as "control" so that we could spoof useragent in JS. His preliminary observation is that it fixes google docs. Is that something that Tor thinks is a good idea to work on and would be interested in using? Or what would help in making this decision? 19:11:08 <GeKo> aha, yyes 19:11:53 <GeKo> yes, the current thing we ship is a workaround that tries to balance the usability and privacy side 19:12:01 <arthuredelstein> right 19:12:14 <GeKo> if we can win on both parts the this sounds like a good idea to me 19:12:29 <arthuredelstein> I suppose part of the deciding factor is whether this spoofing fix would break or fix more websites 19:12:35 <GeKo> yes 19:12:56 <arthuredelstein> the value is only partial because of course we aren't really spoofing the OS in javascript 19:13:05 <arthuredelstein> fonts for example make OS spoofing very hard 19:13:34 <GeKo> yes, but i think it raises the bar quite a bit which seems like a good thing 19:13:35 <sysrqb> do we know if there are any uses of 'control' by some websites javascript? 19:13:50 <GeKo> especially if it comes with a no cost for the usability side 19:13:56 <sysrqb> (Mac's have a control key, too, right?) 19:14:06 <arthuredelstein> true 19:14:33 <arthuredelstein> The main two examples I know about are google drive and github 19:14:41 <arthuredelstein> that use modifier keys 19:14:58 <GeKo> i only know those two as well 19:15:09 <sysrqb> yeah, sorry, i meant looking for control when the site identifies the computer as a Mac 19:15:23 <arthuredelstein> sysrqb: makes sense. It's a good question 19:15:23 <sysrqb> Windows/Linux are a different situation :) 19:15:58 <arthuredelstein> OK, so it's already useful to know that the answer is "possibly interested" rather than "not interested" :) 19:16:21 <sysrqb> i heard about breakage on Google Docs, and Github, so I guess if those are the two largest poin-points, then solving that would be a win 19:16:25 <GeKo> well, i'd say "definitely interested" :) 19:16:29 <mcs> I think the idea of spoofing Cmd as Ctrl is an interesting one, but as people have said it is difficult to know what else that might breakk. 19:16:34 <sysrqb> *pain 19:17:02 <sysrqb> can mozilla test this on the Alexa top-1M :) 19:17:18 <antonela> :) 19:17:35 <arthuredelstein> Exciting idea :) 19:18:02 <antonela> alexa top10 is fair enough 19:18:10 <arthuredelstein> OK, thanks everyone! So if you have further thoughts about this please let me know by email or IRC :) 19:18:47 <sysrqb> cool, thanks arthur 19:19:47 <GeKo> okay, do we have anything else for discussion? 19:20:02 <GeKo> i guess the next meeting slot is prettey obvious 19:20:39 <GeKo> it's 01/07 2019 19:20:55 <GeKo> same time and same place as at the end of 2018 19:21:36 <GeKo> then i guess this leaves me to thank everyone for the work done in 2018 19:22:04 <GeKo> we accomplished a lot. we got another esr transition more or less smoothly done 19:22:15 <mcs> It has been a productive year. Thanks for your leadership! 19:22:25 <GeKo> and got our mobile tor browser on its way 19:22:30 <GeKo> thx :) 19:23:14 <GeKo> so, i hope you'll have the chance to do as many un-computery things over the holidays and find some time to rest and contemplate things 19:23:20 <GeKo> thanks all! *baf* 19:23:25 <GeKo> #endmeeting