15:00:31 <sysrqb> #startmeeting Tor Browser weekly meeting 17 May 2021 15:00:31 <MeetBot> Meeting started Mon May 17 15:00:31 2021 UTC. The chair is sysrqb. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:31 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 15:00:46 <sysrqb> Pad: https://pad.riseup.net/p/tor-tbb-keep 15:01:10 <Jeremy_Rand_Talos> Hello! 15:01:10 <antonela> hello! 15:01:41 <boklm> hi 15:02:50 <dunqan> o/ 15:07:26 <sysrqb> pospeselr: boklm: we need to begin reviewing the closed Mozilla tickets for 89. 15:07:33 <sysrqb> can either of you start looking at them this week? 15:07:38 <sysrqb> or should I ask GeKo for some help? 15:09:35 <pospeselr> higher priority than the v2 onion deprecation warning page? 15:11:26 <boklm> I think I can help reviewing part of them 15:12:52 <sysrqb> pospeselr: yeah, about similar priority 15:13:16 <sysrqb> boklm: thanks 15:13:49 <boklm> maybe we can split the list of tickets, so we don't all look at the same? 15:13:50 <pospeselr> alright, I'd rather finish up the v2 work before switching to something else, but I can switch to it once i'm done there 15:13:53 <sysrqb> we can divide the list of tickets 15:13:56 <pospeselr> boklm: yeah perfect 15:14:00 <sysrqb> boklm: yeah, that was my thought, too 15:14:32 <sysrqb> I'll split it into three groups today 15:14:39 <boklm> ok 15:14:46 <pospeselr> perfect :) 15:15:16 <sysrqb> pospeselr: i know context switching is terrible :/ 15:15:42 <sysrqb> i'll try to look over tickets for 30-60 minutes each days, at least 15:15:57 <sysrqb> better than straight 6 hours 15:17:42 <sysrqb> antonela: i'm worried we don't have enough time for completing all of the v2 deprecation changes 15:17:54 <sysrqb> without delaying a release, or working overtime 15:18:06 <antonela> sad 15:18:07 <pospeselr> #same 15:18:15 <antonela> we can delay the entire plan 15:18:17 <sysrqb> can we divide it into two parts? 15:18:26 <sysrqb> part 1 will be done this week 15:18:43 <sysrqb> and part 2 we (maybe) backport in three or four weeks? 15:18:53 <antonela> what do you think we can do in each part? 15:19:11 <antonela> https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40410 15:19:16 <antonela> #1 15:19:32 <antonela> and the warning per site at the next alpha 15:20:29 <sysrqb> pospeselr: how much time do you think you need for the warning page? 15:21:34 <pospeselr> i can imagine getting it done this week, the big blocker was resolved last week (adding the new error condition) 15:21:56 <pospeselr> at this point it *should* just be styling a new onion error page, adding the new strings 15:22:15 <pospeselr> and some logic for the dismiss/continue button 15:22:35 <pospeselr> but i suspect there will be unforeseen complications 15:22:43 <sysrqb> i'd like tor-browser#40410 and tor-browser#40416 (without changing security icon?) in 10.5 15:23:06 <sysrqb> and then we finish tor-browser#40416 and tor-browser#40415 in June 15:23:17 <pospeselr> 40410 is just updating aboutTor.xhtml in torbutton so easy peasy 15:23:27 <sysrqb> yeah 15:23:39 <antonela> (you can even use the same style we had at the survey) 15:24:33 <pospeselr> 40416 warning page is what i've been working on, the icon part should be a small change to identity-icon.js/css to alter the icon 15:24:50 <pospeselr> (there's no logic there right, we always show the warning icon regardless of the user dismissing the error page?) 15:25:11 <sysrqb> only if it's a v2 addres 15:25:13 <sysrqb> s 15:25:26 <sysrqb> but yes, i think that's true 15:25:32 <pospeselr> i think y'all can expect a review with the warning page friday/saturday time frame 15:25:45 <pospeselr> and identity icon changes the nextish day 15:27:08 <sysrqb> okay 15:27:31 <sysrqb> i won't block the next alpha version on #40415 15:27:46 <antonela> sounds good for me 15:27:47 <sysrqb> and #40416 wasn't useful in Alpha, anyway 15:28:42 <sysrqb> our plan was only internally dogfooding #40415 15:29:20 <sysrqb> so the next alpha will be Fenix 89 and tor-browser#27476 15:31:07 <antonela> we are planning emailing tor-qa and tor-globalsouth with the next alpha, we are discussing the feedback collection here https://gitlab.torproject.org/tpo/ux/research/-/issues/41 15:31:15 <antonela> (if you have comments, feel free!) 15:31:16 <sysrqb> pospeselr: if I have enough time, i'll take tor-browser#40410 and prep patches for desktop and android 15:31:31 <pospeselr> sysrqb: that'd be great 15:33:41 <sysrqb> okay 15:34:07 <sysrqb> next item is SchemeFlood. 15:34:15 <sysrqb> I don't have much to discuss here 15:34:46 <sysrqb> but I don't think want to ignore it 15:34:51 <antonela> very nice article, very sad disclosure 15:35:11 <sysrqb> yeah 15:35:32 <sysrqb> Mozilla have some plans for addressing/fixing it 15:35:36 <sysrqb> but not soon 15:36:06 * pospeselr reading 15:36:19 <GeKo> how do our plans look like? 15:36:33 <sysrqb> do any of you have any the target applications installed? 15:36:36 <GeKo> given that this is more severe for us than mozilla 15:36:47 <sysrqb> i can't reproduce locally because I don't have any of them installed 15:37:09 <GeKo> it seems woswos as able to reproduce 15:37:12 * boklm doesn't have either 15:37:12 <sysrqb> GeKo: I think we can flip a pref, but it needs testing 15:37:21 <GeKo> *was 15:37:32 <sysrqb> GeKo: ah ha, okay, that is good to know 15:37:34 <GeKo> great 15:37:45 <GeKo> i think he commented on the ticket? 15:37:47 <antonela> sysrqb: what do you mean by apps? it took everything from my computer, spotify, adobe, and more 15:38:07 <sysrqb> antonela: okay, i'll ask you to try changing a pref in about:config 15:38:09 <woswos> yes, I was able to reproduce multiple times 15:38:14 <sysrqb> and then rerun the test 15:38:31 <antonela> sounds good 15:38:35 <sysrqb> good, i'll ping you in #tor-dev after this meeting 15:38:37 <woswos> I can add more details to the ticket if needed 15:39:08 <hackerncoder> Seems youre talking about schemeflooding? If so I can reproduce it on TB 15:39:14 <woswos> yes 15:39:50 <pospeselr> what's the mechanism here? does the 'do you want to open this file' dialog block the page js? how is that browser chrome detected? 15:40:21 <sysrqb> pospeselr: if the app is installed, then the browser asks if the app should be opened/used 15:40:35 <sysrqb> if the app is not installed then the opener gets an error page 15:40:45 <sysrqb> and the opening page can dtect the difference 15:40:50 <pospeselr> ah 15:40:53 <pospeselr> oh dear 15:41:05 <sysrqb> yeah, pretty much. 15:41:08 <antonela> savage 15:41:32 <pospeselr> seems like we should disable/hide behind rfp the custom scheme logic 15:41:44 <Jeremy_Rand_Talos> So it's nominally 32 bits of fingerprinting, but do we know how skewed those bits are? 15:41:46 <sysrqb> Tor Browser tried to defend against this, but they found a way of bypassing it 15:41:54 <Jeremy_Rand_Talos> I imagine a lot of users have the same fingerprint 15:42:18 <sysrqb> Jeremy_Rand_Talos: very, and that makes it more powerful 15:42:22 <pospeselr> presumably most all tails users have the same fingerprint 15:42:53 <sysrqb> and there are significantly more bits available than 32. you can probe as many applications as you want 15:43:07 <sysrqb> but, for Tor Browser, you need interaction from the user 15:43:16 <boklm> maybe we can disable all protocols except http? 15:43:23 <sysrqb> hence the "captcha" they show (for Tor Browser) 15:43:26 <pospeselr> yeah you just need a list of all apps that register a custom scheme 15:43:56 <sysrqb> boklm: there's a pre-defined "safelist" which the browser handles 15:44:11 <Jeremy_Rand_Talos> ok yeah, so the 32 bit figure is just an implementation limitation in the current PoC 15:44:11 <sysrqb> i think we can use that 15:44:27 <sysrqb> and i *think*flipping a pref gives us that behavior 15:44:33 <boklm> ok 15:44:43 <sysrqb> Jeremy_Rand_Talos: yeah - although their implementation only probed 24 apps 15:44:52 <sysrqb> so I'm not sure where the 32 bits came from 15:45:19 <sysrqb> that part seemed a little confused, from what i understood 15:46:02 <pospeselr> apps can technically have multiple schemes registered 15:46:10 <pospeselr> :shrug: 15:46:33 * Jeremy_Rand_Talos wishes it were more common for users to isolate their browser activities in a dedicated VM, which would presumably prevent this class of attacks 15:46:38 <sysrqb> yeah 15:47:42 <sysrqb> okay, hopefully there's an easy fix for this, and we'll include it in the next Alpha, too 15:48:27 <GeKo> sounds good 15:49:53 <sysrqb> pospeselr: sorry to be a pain, but can you open a new MR for tor-browser!133? 15:50:13 <sysrqb> having a MR for the new branch will make everything cleaner 15:50:22 <pospeselr> yeah easy peasy 15:50:25 <sysrqb> thanks 15:51:44 <sysrqb> pospeselr: you're afk tomorrow, but you're around the rest of the week? 15:53:09 <pospeselr> yep! 15:53:28 <sysrqb> k 15:53:54 <sysrqb> boklm: do you feel comfortable reviewing the rebased fenix branch with resolved merge conflicts, or should I ask someone else to review it? 15:54:17 <sysrqb> i know it's not something you usually do 15:56:11 <boklm> I think it depends on the kind of conflicts/changes that are done, but I can look at it 15:56:44 <sysrqb> okay, thanks, i'll assign you, and we can ask GeKo for help, if that's needed 15:56:52 <GeKo> wfm 15:57:14 <sysrqb> thanks 15:57:32 <sysrqb> alright, i think that finishes this meeting 15:57:52 <sysrqb> thanks for coming, everyone 15:57:59 <sysrqb> #endmeeting