#tor-meeting log

15:59:03 <donuts> #startmeeting UX Team Weekly Meeting, 2022-08-23
15:59:03 <MeetBot> Meeting started Tue Aug 23 15:59:03 2022 UTC.  The chair is donuts. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:59:03 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:59:07 <donuts> hello hello hello
15:59:08 <championquizzer> hello! o/
15:59:10 <nicob> hi o/
15:59:20 <donuts> welcome to this week's UX team meeting
15:59:31 <donuts> please add anything you'd like to discuss today to the agenda: https://pad.riseup.net/p/tor-ux-team-2022-keep
16:00:04 <nah> o/
16:00:48 <donuts> quick announcement: a UK (Ukranian) language bundle should be available for the next Tor Browser Alpha
16:01:01 <donuts> i.e. 12.0a2
16:01:13 <donuts> it also may be the first Alpha to be based on the FF 102 ESR
16:01:33 <donuts> 🎉
16:01:39 <championquizzer> awesome
16:02:06 <donuts> comms are going to do some tweets to a. celebrate, and b. recruit some ukranian-speaking Alpha testers
16:02:24 <championquizzer> and UK will eventually be in Stable TB 12, right?
16:02:33 <donuts> the Alpha release is currently scheduled for Sept 6th, although as always these dates are liable to shift a little
16:02:40 <donuts> championquizzer: correct! that's the plan :)
16:02:45 <championquizzer> nice!
16:03:00 <donuts> oh and it'll be available on both desktop and mobile, obviously
16:03:28 <donuts> okay please feel free to add your updates to the pad
16:03:44 <donuts> and remember to review the status of any tickets assigned to you on the team kanban: https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&label_name[]=UX%20Team
16:03:44 <nah> great news!
16:06:41 <donuts> all done?
16:06:46 <nah> done
16:06:47 <nicob> yep!
16:06:55 <donuts> wait
16:07:05 <donuts> championquizzer isn't ready yet 😅
16:07:29 <championquizzer> yep, i don't have many things to discuss :)
16:08:01 <donuts> cool I think this'll be a quick one then
16:08:18 <donuts> I'm a little sidetracked today taking a look at tor-browser#41112
16:09:22 <donuts> the tl;dr is that a new potential attack was demonstrated in a paper presented at USENIX that affects all browsers
16:10:32 <donuts> it's extremely targeted and relies on the attacker knowing one or multiple of the target's social media accounts
16:10:41 <nicob> yikes
16:10:53 <donuts> however Tor Browser was reasonably resistant to some of the methods listed in the paper, and afaik Safest users are immune
16:11:27 <donuts> in any case, a new feature has been deployed to NoScript to block authentication cookies being read by third party domains (I think that's what it does anyway)
16:11:49 <donuts> and we'll soon be integrating that feature into Tor Browser using native UX patterns
16:11:51 <championquizzer> we had a discussion on the forum about this as well https://forum.torproject.net/t/tor-browser-can-leak-your-identity-through-side-channel-attack/4005
16:12:01 <donuts> yes! same issue
16:12:27 <donuts> there have been some reports about confusion regarding NoScript's warning however, and general fatigue with the frequency it appears
16:12:41 <donuts> you can see it here, for example: https://noscript.net/usage/#crosstab-identity-leak-protection
16:13:18 <donuts> after discussing with the browser devs, I think we'll use a pattern similar to that when Firefox blocks popups in Tor Browser instead – which is less intrusive
16:14:18 <championquizzer> sounds good
16:14:27 * donuts is uploading a screenshot...
16:15:29 <donuts> the reason I'm bringing it up is that: 1. if users are confused, championquizzer may get a bunch of "what does this mean?" emails, and 2. we could consider testing the new version too
16:16:01 <donuts> https://share.riseup.net/#fLxVRdwc3W2RPgEqahlASA
16:16:03 <donuts> here we go
16:16:25 <donuts> experimenting with a couple of strings atm
16:16:47 <donuts> also we didn't have this banner in our UI library before, but we do now :D
16:16:54 <nicob> \o/
16:16:56 <nah> that looks so much better than a big warning
16:16:59 <nicob> totally
16:17:15 <donuts> we could reuse the same pattern for non-blocking bootstrapping errors too maybe
16:17:29 <donuts> "Tor Browser is taking a while to connect..." etc
16:17:43 <championquizzer> aha neat!
16:17:58 <nah> yep! agreed
16:18:38 <donuts> championquizzer: do lmk if you get any feedback/questions about noscript's warning in the meantime :)
16:18:55 <championquizzer> sure. thanks, donuts
16:19:05 <donuts> thanks all!
16:19:24 <donuts> okay that's everything for this week then I guess
16:19:36 <nah> i'll start some testing on tor browser for s30 today
16:19:43 <donuts> I'm pleased to say that Android has been getting some TLC by the applications devs recently
16:20:00 <nah> and be attentive if i see something that can feedback about it too
16:20:01 <donuts> oh nah, that's great!
16:20:06 <nicob> yaaay
16:20:22 <championquizzer> very nice. on that one quick thing about android
16:20:28 <nah> nice! about android :)
16:20:58 <championquizzer> i'm afraid i am seeing a couple of user reports of a variation of this bug
16:21:01 <championquizzer> https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40536
16:21:26 <championquizzer> i have reached out to the users for some more information and am waiting for a response..
16:21:33 <championquizzer> will file a bug report after that
16:21:43 <donuts> okay sounds good, ty championquizzer
16:22:09 <championquizzer> basically, it seems some users seem to launch TBA -> Tor bootstraps -> loads a webpage -> boom, the proxy error
16:22:15 <championquizzer> in a few mins
16:22:44 <championquizzer> (this is what I understand although can't reproduce the bug myself. hence, more info required :)
16:23:18 * donuts is rereading the ticket...
16:23:34 <donuts> hrm okay I'll try testing it too
16:23:42 <donuts> btw championquizzer, I believe a very fancy galaxy device was ordered last week for testing :)
16:24:06 <donuts> it may already be in a certain browser dev's possession already, idk
16:24:08 <championquizzer> very nice
16:24:16 <donuts> most expensive bug ever lol
16:24:30 <nah> haha nice, is it the s22?
16:24:34 <championquizzer> hah
16:24:40 <donuts> yeah, it was the S22 Ultra that was ordered I believe
16:25:11 <donuts> there was some concern about whether fixing it for the S22 would also fix it for the Ultra, or something
16:25:34 <donuts> anyway I'm going to go warm up my Android and see if I can reproduce this
16:25:36 <nah> makes sense
16:25:52 <championquizzer> sounds very nice. lmk if I can be helpful in reaching out to users and get some feedback / anything else
16:26:08 <donuts> thanks championquizzer! i'm sure there'll be an update in the ticket soon
16:26:25 <donuts> okay, are we all good?
16:26:28 <championquizzer> nice
16:26:32 <championquizzer> thanks all! o/
16:27:18 <donuts> have a good week everyone!
16:27:20 <donuts> #endmeeting