#tor-meeting log

18:58:24 <pili> #startmeeting tor-browser-vision 03/01
18:58:24 <MeetBot> Meeting started Fri Mar  1 18:58:24 2019 UTC.  The chair is pili. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:58:24 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:58:27 <sysrqb> \o\
18:58:46 <pospeselr> #agreed
18:58:57 <pili> Hi everyone, thanks for making the time to attend this meeting :)
18:59:20 <pili> Last time we concentrated on really big long term things
18:59:58 <pili> This time it would be good to think about what we want to achieve during 2019
19:00:09 <pili> And next year also
19:01:15 <pili> This could be what we want to be working on or also what state we want Tor Browser to be in
19:01:38 <pili> Who wants to start? :)
19:02:08 <tjr|emailifneeded> mingw-clang and esr68 are necessities I think...
19:02:09 <pili> (Virtual beer for the first idea)
19:02:42 <pospeselr> I think one thing that's sorely needed that I've discovered from my work on #25658 (security level redesign) is that we have a lot of 'fit and finish' type things to take care of
19:02:46 <sstevenson> isabela: your email with the background was very helpful!
19:02:49 <mcs> A stable TBA release (should be soon, right?)
19:03:04 <pospeselr> mismatched colors, about:preference settings that shouldn't be visible, that sort of thing
19:03:12 <mcs> pospeselr: We never seem to find enough time for polish
19:03:19 <pili> mcs: we hope! :)
19:03:22 <isabela> sstevenson: tx
19:03:30 <GeKo> soooooooooon
19:03:39 <antonela> pospeselr, yes! lets fix all the things
19:03:55 <pili> So, are we being too ambitious?
19:03:57 <pospeselr> things you don't really notice until you have to actually look at the UI for awhile :p
19:04:34 <pili> What would it take for us to feel like something is done-done?
19:04:46 * antonela saw that pixel icon since the zero day
19:05:19 <antonela> pili, nothing is done-done, but we can improve on each iteration. Features for example will improve based on testing.
19:05:34 <pospeselr> it needs to feel like a cohesive product, rather than a conglomeration of disparate parts
19:05:46 <pospeselr> the new circuit display is a huge improvement for instance
19:06:09 <pili> antonela: yes, we iterate as we go and that’s perfectly fine
19:06:10 <pospeselr> killing thesecurity slider and moving it to about:preferences will be another
19:07:10 <antonela> walking through user journeys and discover more appropriate ways to display warnings, will be next
19:07:23 <pospeselr> woo
19:07:56 <mcs> During the 2nd half of 2019 or so, it would be good to think about adding more automation for config, e.g., #29590 and the desktop counterpart tickets.
19:08:04 <antonela> mcs +1
19:08:43 <mcs> maybe think about small steps we can take soon that will lead to bigger steps later.
19:10:04 <sysrqb> i think a large problem is we're hacking on firefox so it better meets our needs, while also adding new features and UI/UX improvements so Tor Browser mets our needs, on the whole
19:10:25 <sysrqb> so i'm not sure if there will eer be enough time for something to be done-done
19:10:34 <sysrqb> *ever
19:10:36 <tjr|emailifneeded> I think it would be cool to think about what we can do for better and more usable fingerprinting resistance. Letterboxing, maybe deploying something for canvas like software rendering, and an incremental redirect protection
19:10:39 <mcs> another item to throw into the discussion: sandboxing analysis / planning was also on our roadmap.
19:10:44 <pospeselr> yeah, and we'll always be playing catchup with the esr releases as they change things
19:11:12 <pili> Mcs yes about sand boxing
19:11:21 <pospeselr> yeah sandboxing
19:11:42 <sysrqb> yeah,"soon" :)
19:12:19 <pili> We need to find a good finder for it
19:12:25 <pili> Funder
19:12:44 <GeKo> mcs: although if we want to do smoething a la yawning's stuf
19:12:45 <GeKo> f
19:12:54 <GeKo> it most likely means a new position
19:13:11 <GeKo> so, this is probably not relevant to the browser work at hand
19:13:21 <GeKo> even though it might influence each other
19:13:26 <mcs> GeKo: Fair enough. Funding is definitely an issue.
19:13:36 <GeKo> s/it/both/
19:14:09 <mcs> There are some interdependencies with other teams for 2019 too, e.g., some browser work needs to be done related to PTs and censorship circumvention. Snowflake and friends.
19:17:07 <sysrqb> where''s a good outcome from this discussion?
19:17:17 <sysrqb> err, *what's
19:17:25 <sysrqb> or helpful outcome, maybe
19:18:17 <GeKo> i think a picture where we are in 2 years
19:18:25 <GeKo> or where we want to be
19:18:51 <pili> sysrqb: also I get ideas to come up with a number of “strands” that we can weave into different funding narratives
19:18:52 <GeKo> do we want to be still on the esr train in 2 years?
19:19:11 <sysrqb> okay, i'll throw out that we should be working with other organizations, in addition to Mozilla, within the next two years :)
19:19:14 <GeKo> (who say "no" has to do all the work :D )
19:19:25 <isabela> GeKo: lol
19:19:36 <GeKo> *says
19:19:49 <pili> sysrqb: which other organizations are you thinking of?
19:19:55 <GeKo> what does "working with" mean?
19:19:58 <isabela> GeKo: but that is a good question
19:20:06 <isabela> GeKo: esr train one
19:20:14 <GeKo> yeah, and a tough one
19:20:23 <sysrqb> maybe Apple? Maybe Chromium? i'm not entirely sure
19:20:38 <sysrqb> but putting all out eggs in the Mozilla basket seems risky
19:21:24 <pospeselr> sysrqb: tentatively agree
19:21:35 <pospeselr> Apple seems like a better option between them and Google
19:21:40 <sysrqb> especially if we actually want other browsers providing a private browser mode based on our design doc
19:21:58 <sysrqb> i wouldn't rule out Chromium, the open source side
19:22:13 <sysrqb> Chrome, specifically, i'm less optimistic about
19:22:26 <mcs> I am not sure if the other browser projects are open enough for us to be able to work with them effectively.
19:22:48 <antonela> well, brave is doing it, maybe being more closer?
19:22:49 <sysrqb> maybe, but have we tried?
19:22:50 <pili> and I imagine it could be a lot of work just to get to the same stage we are at now
19:23:01 <mcs> (e.g., how independent of Google is Chromium? I don’t know)
19:23:35 <GeKo> sysrqb: where do you see the risk at mozilla's side?
19:23:36 <sysrqb> pili: yes, but i don't think they'll start implementing somethign comparable unless we give them a little push
19:23:45 <sysrqb> and try getting involved and advocating for it
19:23:48 <GeKo> _especially_ compared to chrome and apple's stuff
19:23:56 <sysrqb> GeKo: either they change their mind
19:24:13 <sysrqb> GeKo: or in two years we haven't made any progress compared with now
19:24:13 <pili> sysrqb: so it's more to get them to raise their game? ;)
19:24:34 <sysrqb> pili: yeah
19:24:36 <GeKo> progress in what regard?
19:24:50 <sysrqb> progress in them shipping a tor mode
19:25:01 <sysrqb> or, even shipping tor in the background
19:25:05 <sysrqb> whatever that means
19:25:21 <sysrqb> (for telemetry or updates pings, etc)
19:25:35 <gaba> the ideal situation would be things like brave does that work on including tor themselves in the browser and work with us on what they need for that
19:25:43 <sysrqb> i'm not sure we should assume they will follow through on this plan
19:25:52 <arma1> sysrqb: it does seem like apple is doing a lot of great work on anti-fingerprinting stuff, and we don't talk to them much. do we even know who they are?
19:26:09 <sysrqb> arma1: they sure are, and i don't think we do
19:26:15 <sysrqb> maybe GeKo has a contact? or tjr?
19:26:26 <sysrqb> but i don't think we communicate with them, in general
19:26:27 <GeKo> i have written an email to to john wilander who implemented their anti-tracking stuff
19:26:27 <arma1> i assume moz has contacts
19:26:32 <arthuredelstein> I can maybe discuss some contacts offline
19:26:32 <tjr|emailifneeded> What is the goal in working with another browser? To try to replicate some percentage of TB (like Brave has done) or to promote things like antifingerprinting/fpi?
19:26:35 <GeKo> (e.g. the redirect handling)
19:26:41 <GeKo> and did not get anything back
19:27:19 <arma1> one goal of expanding to other browsers is indeed to promote changing the whole ecosystem. that is, to get everybody using our goals and priorities from tor browser.
19:27:22 <sysrqb> tjr|emailifneeded: i'd say to start talking advocating some feature parity
19:27:42 <sysrqb> and maybe discussing how we can work toward similar goals
19:27:50 <arthuredelstein> From discussions at Mozilla and other folks, my feeling is that the biggest bottleneck to using Tor the network is performance and bandwidth
19:28:00 <arma1> a secondary goal would be to reduce the barriers to being able to jump to another browser if we end up needing to
19:28:00 <GeKo> yes
19:28:06 <GeKo> and that's being worked on
19:28:10 <tjr|emailifneeded> Anyone larger than Mozilla and you're going to run into the same "The tor network can't handle our load"concerns
19:28:31 <arthuredelstein> That depends on the application though
19:28:55 <arthuredelstein> There are some applications for the Tor network that wouldn't require as much bandwidth
19:29:30 <sysrqb> i don't tihnk we, as a organization and with the current funding, can handle supporting multiple applications right niow
19:29:33 <sysrqb> *now
19:29:48 <pili> sysrqb: definitely not :)
19:29:58 <sysrqb> and i'm not sure that's such a smart idea for the next two years
19:30:02 <pili> but I like the idea of networking and sharing ideas
19:30:07 <pili> and making contacts
19:30:16 <pili> and slowly "converting" people
19:30:22 <sysrqb> yeah :)
19:30:29 <pili> while we carry on doing our thing with Tor Browser
19:30:39 <sysrqb> i think we're in  isolated right now, and we wonly really talk with mozilla people
19:30:51 <sysrqb> *we're isolated
19:31:02 <sysrqb> *don't really
19:31:11 <sysrqb> err, only really
19:31:18 <tjr|emailifneeded> do westill talk with Brave?
19:31:24 <antonela> and the only brave person is on the network team side, we could be closer to product people too
19:31:36 <sysrqb> we do, a little
19:31:49 <sysrqb> and i own them a follow up email on something
19:31:55 <sysrqb> *owe
19:32:02 <isabela> sysrqb: uhh that is true
19:32:08 <isabela> went very down on my list
19:32:17 <antonela> https://github.com/brave/brave-browser/labels/feature%2Ftor
19:32:42 <sysrqb> isabela: yeah
19:32:56 <sysrqb> but i think we can work with other browsers more, if we want to have more of an impact
19:33:40 <gaba> and for sure the priorites are working on the Tor network to improve performance and bandwith to be able to get it integrated in other browsers
19:34:02 <sysrqb> this may help us in general, if we ever get involved in the standardization stuff
19:34:16 <pili> so, to summarise, we want to keep developing based on ESR, and at the same time keep up relationships with Brave and Cliqz as well as establishing new relationships with other Browser vendors
19:34:36 <antonela> opera? safari?
19:34:43 <sysrqb> pili: that sounds reasonable :)
19:34:49 <isabela> is a balance of priorities tho
19:34:51 <isabela> and capacity
19:34:52 <isabela> :)
19:34:57 <GeKo> pili: the latter has always been on my list but got down on the prio list
19:34:57 <sysrqb> for sure
19:35:03 <GeKo> isabela: exactly
19:35:05 <pili> and in order for that to be an effective conversation we should make way on the  network performance improvements
19:35:06 <isabela> because we need to do that while doing our thing on our browser
19:35:18 <tjr|emailifneeded> have we considered if there are other, non-browser clients that have a comelling use case for integrated tor? wget or curl or some other commonly scripted tool that would provide users with good anonymity?
19:35:30 <tjr|emailifneeded> An MTA?
19:35:31 <pili> the "good news" is that this sort of thing doesn't necessarily need to take up developers time
19:35:58 <pili> but yes, everyone's time is limited and there are other priorities
19:36:11 <sysrqb> tjr|emailifneeded: yes, but i think this is maybe another discussion, too
19:36:27 <isabela> i wonder about what is already in the oven
19:36:38 <isabela> and what would the next batch after that look like
19:36:48 <sysrqb> for example, i'm increasingly becoming convinced that applications sharing a single tor client is better than every application bundling their own
19:37:04 <sysrqb> but that's not really possible right now (easily)
19:37:14 <isabela> for instance, onion services proposal, anti censorship proposal, current ux changes we are doing or is in the next in line to do -> after all that what would be next
19:37:17 <sysrqb> and i hesitate pushing this idea without a solution
19:37:42 <pili> isabela: sandboxing? :D
19:37:57 <isabela> well, folks mentioned that involved hiring
19:38:36 <pili> yup, true
19:38:43 <isabela> idk i wonder - if our prototype to fix onion names works
19:38:46 <isabela> will we go for it?
19:39:10 <GeKo> we'll test it out i think
19:39:11 <isabela> after fixing notificatiosn, do we want to make a list of things to polish?
19:39:19 <GeKo> in the sense hat we ship alpha release with it at least
19:39:37 <GeKo> *releases
19:39:48 <antonela> new identity review, ephimerous sessions in tba and desktop
19:40:03 <isabela> anti-censorship work we wrote about incorporating ooni data as a feedback to users if they cant connect to tor
19:40:11 <GeKo> what is "ephimerous sessions"?
19:40:11 <pili> dare I say encrypted bookmarks? :)
19:40:12 <isabela> where do we want to take tor launcher to?
19:40:12 <antonela> we have alt-onion in OTF, that is part of this/next year work
19:40:16 <isabela> pili: lol
19:40:34 <isabela> GeKo: yeah
19:41:07 <antonela> isabela: is part of what mcs named at the start, review bootstraping, we are doing a bit in TBA, we have an ongoing discussion triggered by Briar
19:41:15 <isabela> yeah
19:41:27 <antonela> GeKo, yeah, i can pitch you later haha
19:41:37 <sysrqb> there is a next-step after that, how we make bootstrappign trasparent
19:41:41 <sysrqb> *transparent
19:41:50 <antonela> yes
19:41:55 <isabela> lets organize these steps and where we want to get
19:42:02 <sysrqb> without putting the user at risk
19:42:32 <GeKo> oh, and there is all the tracking and fingerprinting resistance work we are currently not doing because due to other stuff
19:42:49 <GeKo> and which we might want to do because that's been the reason for tor browser's existence
19:43:04 <isabela> just that? :P
19:43:04 <isabela> hehe
19:43:05 <sysrqb> yeah, tjr mentioned some of that earlier
19:43:07 <isabela> i am kidding
19:43:14 <isabela> we should list that too
19:43:25 <GeKo> i'd be happy if it were just that, yes :)
19:43:37 <isabela> hehe
19:43:48 <antonela> something that could be useful is plan releases based on which features/improvements we are going to release, so we have 8.5 now, 9 later, 9.5 later later and we know what we are going to do on each release, incrementally
19:44:21 <alsmith> that would be very helpful for funding requests
19:44:29 <isabela> if we could break down what we are calling fingerprint work into tasks or steps or something, same w/ boostrapping stuff
19:44:32 <sysrqb> that may be a good discussion during the next in-person meeting(?)
19:44:36 <antonela> yes we could
19:44:52 <sysrqb> roadmapping :)
19:45:01 <pili> ;)
19:45:04 * ailanthus lurks supportively :) +1 to not putting all eggs in Mozilla basket. What are their longterm intentions w/ us?
19:45:10 <GeKo> isabela: look at tbb-fingerprinting tickets and start work from the highest prio
19:45:19 <isabela> that list of steps is what folks on fundraising can use to make sure proposals are align w/ it
19:45:31 <GeKo> or maybe step 0
19:45:38 <isabela> yeah
19:45:49 <GeKo> finally assess all the new fingerprinting vectors that came with esr53 and esr60
19:45:53 <GeKo> *52
19:46:10 <GeKo> and put them at the proper prio
19:46:35 <sysrqb> (and soon esr68)
19:46:42 <GeKo> yes
19:47:02 <GeKo> that's our core stuff we have neglected to do in the past months
19:47:35 <tjr|emailifneeded> I'll throw out a new/crazy idea: user safety work against malicious exit nodes. Block executable downloads over HTTP; do some work on bypassed SSL warnings (maybe some perspectives-style cert consistency checking); even let users block HTTP entirely.
19:47:54 <tjr|emailifneeded> (Detecting when bitcoin addresses are copied on an insecure page)
19:48:17 <pili> so my idea after this meeting is to go through all these comments again and attempt to put a number of "projects" together based on all the different discussions we've had
19:48:27 <pili> we've got 10 minutes left, is there anything we're forgetting?
19:48:34 <pospeselr> I've got to bounce, glhf y'all
19:48:39 <sysrqb> o/
19:48:40 <GeKo> o/
19:48:40 <antonela> o/
19:48:47 <tjr|emailifneeded> o/
19:49:35 <isabela> o/
19:49:52 <isabela> pili: your idea sounds good
19:50:07 <sysrqb> i've debated looking at the ticket about enabling Safe Browsing
19:50:22 <pili> yup, then I'll share it with the list again and we can refine if necessary
19:50:36 <tjr|emailifneeded> Actually, the more I think about that last idea the more I like it. I'm going to try and write a proposal (hah) but to get the idea out right away: on the 'bypass a self-sign certificate' warning page, we don't let the user bypass the warning until we confirm over a separate tor circuit that the same self-signed cert is presented.
19:50:36 <sysrqb> that's something firefox and Chrome already provide, but we discable because it may not be safe
19:51:33 <sysrqb> tjr|emailifneeded: yeah, i like that. mike thought about something like that with multi-path confirmation some years ago, too
19:51:47 <sysrqb> i think there may be an existing prop for consensus download (?)
19:51:55 <sysrqb> i don't complete remember
19:52:21 <sysrqb> pili: thanks :)
19:53:22 <pili> what else? )
19:53:24 <pili> :)
19:53:52 <isabela> i guess
19:54:02 <isabela> the dev meeting sessions ideas
19:54:05 <isabela> like longer vision
19:54:17 <isabela> take notes on those
19:54:22 <pili> sure, I can extract those as well
19:54:24 <isabela> for when we are building our schedule
19:55:36 <pili> ok
19:55:51 <pili> any other final words?
19:56:20 <isabela> thanks for organizing it pili o/
19:56:26 <GeKo> +1
19:56:35 <sysrqb> +1
19:56:43 <antonela> yess, thanks pili
19:56:53 <pili> cool, I'll take that as a no more to discuss :)
19:57:01 <pili> thanks everyone for your ideas and your feedback
19:57:21 <mcs> You’re welcome. It is good to spend some time on this stuff.
19:57:40 <pili> and with that, I'll end the meeting :)
19:57:43 <pili> #endmeeting