15:00:31 <sysrqb> #startmeeting Tor Browser weekly meeting  17 May 2021
15:00:31 <MeetBot> Meeting started Mon May 17 15:00:31 2021 UTC.  The chair is sysrqb. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:31 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:00:46 <sysrqb> Pad: https://pad.riseup.net/p/tor-tbb-keep
15:01:10 <Jeremy_Rand_Talos> Hello!
15:01:10 <antonela> hello!
15:01:41 <boklm> hi
15:02:50 <dunqan> o/
15:07:26 <sysrqb> pospeselr: boklm: we need to begin reviewing the closed Mozilla tickets for 89.
15:07:33 <sysrqb> can either of you start looking at them this week?
15:07:38 <sysrqb> or should I ask GeKo for some help?
15:09:35 <pospeselr> higher priority than the v2 onion deprecation warning page?
15:11:26 <boklm> I think I can help reviewing part of them
15:12:52 <sysrqb> pospeselr: yeah, about similar priority
15:13:16 <sysrqb> boklm: thanks
15:13:49 <boklm> maybe we can split the list of tickets, so we don't all look at the same?
15:13:50 <pospeselr> alright, I'd rather finish up the v2 work before switching to something else, but I can switch to it once i'm done there
15:13:53 <sysrqb> we can divide the list of tickets
15:13:56 <pospeselr> boklm: yeah perfect
15:14:00 <sysrqb> boklm: yeah, that was my thought, too
15:14:32 <sysrqb> I'll split it into three groups today
15:14:39 <boklm> ok
15:14:46 <pospeselr> perfect :)
15:15:16 <sysrqb> pospeselr: i know context switching is terrible :/
15:15:42 <sysrqb> i'll try to look over tickets for 30-60 minutes each days, at least
15:15:57 <sysrqb> better than straight 6 hours
15:17:42 <sysrqb> antonela: i'm worried we don't have enough time for completing all of the v2 deprecation changes
15:17:54 <sysrqb> without delaying a release, or working overtime
15:18:06 <antonela> sad
15:18:07 <pospeselr> #same
15:18:15 <antonela> we can delay the entire plan
15:18:17 <sysrqb> can we divide it into two parts?
15:18:26 <sysrqb> part 1 will be done this week
15:18:43 <sysrqb> and part 2 we (maybe) backport in three or four weeks?
15:18:53 <antonela> what do you think we can do in each part?
15:19:11 <antonela> https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40410
15:19:16 <antonela> #1
15:19:32 <antonela> and the warning per site at the next alpha
15:20:29 <sysrqb> pospeselr: how much time do you think you need for the warning page?
15:21:34 <pospeselr> i can imagine getting it done this week, the big blocker was resolved last week (adding the new error condition)
15:21:56 <pospeselr> at this point it *should* just be styling a new onion error page, adding the new strings
15:22:15 <pospeselr> and some logic for the dismiss/continue button
15:22:35 <pospeselr> but i suspect there will be unforeseen complications
15:22:43 <sysrqb> i'd like tor-browser#40410 and tor-browser#40416 (without changing security icon?) in 10.5
15:23:06 <sysrqb> and then we finish tor-browser#40416 and tor-browser#40415 in June
15:23:17 <pospeselr> 40410 is just updating aboutTor.xhtml in torbutton so easy peasy
15:23:27 <sysrqb> yeah
15:23:39 <antonela> (you can even use the same style we had at the survey)
15:24:33 <pospeselr> 40416 warning page is what i've been working on, the icon part should be a small change to identity-icon.js/css to alter the icon
15:24:50 <pospeselr> (there's no logic there right, we always show the warning icon regardless of the user dismissing the error page?)
15:25:11 <sysrqb> only if it's a v2 addres
15:25:13 <sysrqb> s
15:25:26 <sysrqb> but yes, i think that's true
15:25:32 <pospeselr> i think y'all can expect a review with the warning page friday/saturday time frame
15:25:45 <pospeselr> and identity icon changes the nextish day
15:27:08 <sysrqb> okay
15:27:31 <sysrqb> i won't block the next alpha version on #40415
15:27:46 <antonela> sounds good for me
15:27:47 <sysrqb> and #40416 wasn't useful in Alpha, anyway
15:28:42 <sysrqb> our plan was only internally dogfooding #40415
15:29:20 <sysrqb> so the next alpha will be Fenix 89 and tor-browser#27476
15:31:07 <antonela> we are planning emailing tor-qa and tor-globalsouth with the next alpha, we are discussing the feedback collection here https://gitlab.torproject.org/tpo/ux/research/-/issues/41
15:31:15 <antonela> (if you have comments, feel free!)
15:31:16 <sysrqb> pospeselr: if I have enough time, i'll take tor-browser#40410 and prep patches for desktop and android
15:31:31 <pospeselr> sysrqb: that'd be great
15:33:41 <sysrqb> okay
15:34:07 <sysrqb> next item is SchemeFlood.
15:34:15 <sysrqb> I don't have much to discuss here
15:34:46 <sysrqb> but I don't think want to ignore it
15:34:51 <antonela> very nice article, very sad disclosure
15:35:11 <sysrqb> yeah
15:35:32 <sysrqb> Mozilla have some plans for addressing/fixing it
15:35:36 <sysrqb> but not soon
15:36:06 * pospeselr reading
15:36:19 <GeKo> how do our plans look like?
15:36:33 <sysrqb> do any of you have any the target applications installed?
15:36:36 <GeKo> given that this is more severe for us than mozilla
15:36:47 <sysrqb> i can't reproduce locally because I don't have any of them installed
15:37:09 <GeKo> it seems woswos as able to reproduce
15:37:12 * boklm doesn't have either
15:37:12 <sysrqb> GeKo: I think we can flip a pref, but it needs testing
15:37:21 <GeKo> *was
15:37:32 <sysrqb> GeKo: ah ha, okay, that is good to know
15:37:34 <GeKo> great
15:37:45 <GeKo> i think he commented on the ticket?
15:37:47 <antonela> sysrqb: what do you mean by apps? it took everything from my computer, spotify, adobe, and more
15:38:07 <sysrqb> antonela: okay, i'll ask you to try changing a pref in about:config
15:38:09 <woswos> yes, I was able to reproduce multiple times
15:38:14 <sysrqb> and then rerun the test
15:38:31 <antonela> sounds good
15:38:35 <sysrqb> good, i'll ping you in #tor-dev after this meeting
15:38:37 <woswos> I can add more details to the ticket if needed
15:39:08 <hackerncoder> Seems youre talking about schemeflooding? If so I can reproduce it on TB
15:39:14 <woswos> yes
15:39:50 <pospeselr> what's the mechanism here? does the 'do you want to open this file' dialog block the page js? how is that browser chrome detected?
15:40:21 <sysrqb> pospeselr: if the app is installed, then the browser asks if the app should be opened/used
15:40:35 <sysrqb> if the app is not installed then the opener gets an error page
15:40:45 <sysrqb> and the opening page can dtect the difference
15:40:50 <pospeselr> ah
15:40:53 <pospeselr> oh dear
15:41:05 <sysrqb> yeah, pretty much.
15:41:08 <antonela> savage
15:41:32 <pospeselr> seems like we should disable/hide behind rfp the custom scheme logic
15:41:44 <Jeremy_Rand_Talos> So it's nominally 32 bits of fingerprinting, but do we know how skewed those bits are?
15:41:46 <sysrqb> Tor Browser tried to defend against this, but they found a way of bypassing it
15:41:54 <Jeremy_Rand_Talos> I imagine a lot of users have the same fingerprint
15:42:18 <sysrqb> Jeremy_Rand_Talos: very, and that makes it more powerful
15:42:22 <pospeselr> presumably most all tails users have the same fingerprint
15:42:53 <sysrqb> and there are significantly more bits available than 32. you can probe as many applications as you want
15:43:07 <sysrqb> but, for Tor Browser, you need interaction from the user
15:43:16 <boklm> maybe we can disable all protocols except http?
15:43:23 <sysrqb> hence the "captcha" they show (for Tor Browser)
15:43:26 <pospeselr> yeah you just need a list of all apps that register a custom scheme
15:43:56 <sysrqb> boklm: there's a pre-defined "safelist" which the browser handles
15:44:11 <Jeremy_Rand_Talos> ok yeah, so the 32 bit figure is just an implementation limitation in the current PoC
15:44:11 <sysrqb> i think we can use that
15:44:27 <sysrqb> and i *think*flipping a pref gives us that behavior
15:44:33 <boklm> ok
15:44:43 <sysrqb> Jeremy_Rand_Talos: yeah - although their implementation only probed 24 apps
15:44:52 <sysrqb> so I'm not sure where the 32 bits came from
15:45:19 <sysrqb> that part seemed a little confused, from what i understood
15:46:02 <pospeselr> apps can technically have multiple schemes registered
15:46:10 <pospeselr> :shrug:
15:46:33 * Jeremy_Rand_Talos wishes it were more common for users to isolate their browser activities in a dedicated VM, which would presumably prevent this class of attacks
15:46:38 <sysrqb> yeah
15:47:42 <sysrqb> okay, hopefully there's an easy fix for this, and we'll include it in the next Alpha, too
15:48:27 <GeKo> sounds good
15:49:53 <sysrqb> pospeselr: sorry to be a pain, but can you open a new MR for tor-browser!133?
15:50:13 <sysrqb> having a MR for the new branch will make everything cleaner
15:50:22 <pospeselr> yeah easy peasy
15:50:25 <sysrqb> thanks
15:51:44 <sysrqb> pospeselr: you're afk tomorrow, but you're around the rest of the week?
15:53:09 <pospeselr> yep!
15:53:28 <sysrqb> k
15:53:54 <sysrqb> boklm: do you feel comfortable reviewing the rebased fenix branch with resolved merge conflicts, or should I ask someone else to review it?
15:54:17 <sysrqb> i know it's not something you usually do
15:56:11 <boklm> I think it depends on the kind of conflicts/changes that are done, but I can look at it
15:56:44 <sysrqb> okay, thanks, i'll assign you, and we can ask GeKo for help, if that's needed
15:56:52 <GeKo> wfm
15:57:14 <sysrqb> thanks
15:57:32 <sysrqb> alright, i think that finishes this meeting
15:57:52 <sysrqb> thanks for coming, everyone
15:57:59 <sysrqb> #endmeeting