15:59:03 #startmeeting UX Team Weekly Meeting, 2022-08-23 15:59:03 Meeting started Tue Aug 23 15:59:03 2022 UTC. The chair is donuts. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:59:03 Useful Commands: #action #agreed #help #info #idea #link #topic. 15:59:07 hello hello hello 15:59:08 hello! o/ 15:59:10 hi o/ 15:59:20 welcome to this week's UX team meeting 15:59:31 please add anything you'd like to discuss today to the agenda: https://pad.riseup.net/p/tor-ux-team-2022-keep 16:00:04 o/ 16:00:48 quick announcement: a UK (Ukranian) language bundle should be available for the next Tor Browser Alpha 16:01:01 i.e. 12.0a2 16:01:13 it also may be the first Alpha to be based on the FF 102 ESR 16:01:33 🎉 16:01:39 awesome 16:02:06 comms are going to do some tweets to a. celebrate, and b. recruit some ukranian-speaking Alpha testers 16:02:24 and UK will eventually be in Stable TB 12, right? 16:02:33 the Alpha release is currently scheduled for Sept 6th, although as always these dates are liable to shift a little 16:02:40 championquizzer: correct! that's the plan :) 16:02:45 nice! 16:03:00 oh and it'll be available on both desktop and mobile, obviously 16:03:28 okay please feel free to add your updates to the pad 16:03:44 and remember to review the status of any tickets assigned to you on the team kanban: https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&label_name[]=UX%20Team 16:03:44 great news! 16:06:41 all done? 16:06:46 done 16:06:47 yep! 16:06:55 wait 16:07:05 championquizzer isn't ready yet 😅 16:07:29 yep, i don't have many things to discuss :) 16:08:01 cool I think this'll be a quick one then 16:08:18 I'm a little sidetracked today taking a look at tor-browser#41112 16:09:22 the tl;dr is that a new potential attack was demonstrated in a paper presented at USENIX that affects all browsers 16:10:32 it's extremely targeted and relies on the attacker knowing one or multiple of the target's social media accounts 16:10:41 yikes 16:10:53 however Tor Browser was reasonably resistant to some of the methods listed in the paper, and afaik Safest users are immune 16:11:27 in any case, a new feature has been deployed to NoScript to block authentication cookies being read by third party domains (I think that's what it does anyway) 16:11:49 and we'll soon be integrating that feature into Tor Browser using native UX patterns 16:11:51 we had a discussion on the forum about this as well https://forum.torproject.net/t/tor-browser-can-leak-your-identity-through-side-channel-attack/4005 16:12:01 yes! same issue 16:12:27 there have been some reports about confusion regarding NoScript's warning however, and general fatigue with the frequency it appears 16:12:41 you can see it here, for example: https://noscript.net/usage/#crosstab-identity-leak-protection 16:13:18 after discussing with the browser devs, I think we'll use a pattern similar to that when Firefox blocks popups in Tor Browser instead – which is less intrusive 16:14:18 sounds good 16:14:27 * donuts is uploading a screenshot... 16:15:29 the reason I'm bringing it up is that: 1. if users are confused, championquizzer may get a bunch of "what does this mean?" emails, and 2. we could consider testing the new version too 16:16:01 https://share.riseup.net/#fLxVRdwc3W2RPgEqahlASA 16:16:03 here we go 16:16:25 experimenting with a couple of strings atm 16:16:47 also we didn't have this banner in our UI library before, but we do now :D 16:16:54 \o/ 16:16:56 that looks so much better than a big warning 16:16:59 totally 16:17:15 we could reuse the same pattern for non-blocking bootstrapping errors too maybe 16:17:29 "Tor Browser is taking a while to connect..." etc 16:17:43 aha neat! 16:17:58 yep! agreed 16:18:38 championquizzer: do lmk if you get any feedback/questions about noscript's warning in the meantime :) 16:18:55 sure. thanks, donuts 16:19:05 thanks all! 16:19:24 okay that's everything for this week then I guess 16:19:36 i'll start some testing on tor browser for s30 today 16:19:43 I'm pleased to say that Android has been getting some TLC by the applications devs recently 16:20:00 and be attentive if i see something that can feedback about it too 16:20:01 oh nah, that's great! 16:20:06 yaaay 16:20:22 very nice. on that one quick thing about android 16:20:28 nice! about android :) 16:20:58 i'm afraid i am seeing a couple of user reports of a variation of this bug 16:21:01 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40536 16:21:26 i have reached out to the users for some more information and am waiting for a response.. 16:21:33 will file a bug report after that 16:21:43 okay sounds good, ty championquizzer 16:22:09 basically, it seems some users seem to launch TBA -> Tor bootstraps -> loads a webpage -> boom, the proxy error 16:22:15 in a few mins 16:22:44 (this is what I understand although can't reproduce the bug myself. hence, more info required :) 16:23:18 * donuts is rereading the ticket... 16:23:34 hrm okay I'll try testing it too 16:23:42 btw championquizzer, I believe a very fancy galaxy device was ordered last week for testing :) 16:24:06 it may already be in a certain browser dev's possession already, idk 16:24:08 very nice 16:24:16 most expensive bug ever lol 16:24:30 haha nice, is it the s22? 16:24:34 hah 16:24:40 yeah, it was the S22 Ultra that was ordered I believe 16:25:11 there was some concern about whether fixing it for the S22 would also fix it for the Ultra, or something 16:25:34 anyway I'm going to go warm up my Android and see if I can reproduce this 16:25:36 makes sense 16:25:52 sounds very nice. lmk if I can be helpful in reaching out to users and get some feedback / anything else 16:26:08 thanks championquizzer! i'm sure there'll be an update in the ticket soon 16:26:25 okay, are we all good? 16:26:28 nice 16:26:32 thanks all! o/ 16:27:18 have a good week everyone! 16:27:20 #endmeeting