In January, the Tor Browser team released 4.0.3[1] and 4.5-alpha-3[2]. The 4.0.3 release was a point release in the 4.0 stable series, and updated Firefox to the latest point release on the ESR series. We also updated NoScript, and the meek pluggable transport to their latest versions, and included some translation updates for Tor Launcher.
The 4.5-alpha-3 release additionally featured updates to Tor to 0.2.6.2-alpha, as well as improvements to the security slider[3] and circuit display UI[4]. Importantly, this release also will verify signatures on the MAR update files for the in-browser updater[5]. This will prevent compromise of dist.torproject.org from yielding the ability to distribute malicious updates to our users. We also improved the Canvas permissions prompt to eliminate warnings during the display of PDFs, and during use of the Web Developer Console[6]. We also deployed a fix to re-enable the meek pluggable transport in this series[7], and merged several patches that allow customization of the browser through environment variables, for use by external projects and hobbyists that wish to leverage the Tor Browser in their custom environments[8,9,10,11]. On the build engineering front, we did some work to move us away from our current dependency on Ubuntu for building Tor Browser[12]. It should now be possible to build the Tor browser alpha series from a Debian host system. Ubuntu virtual machine images are still used for the build itself, but this should be handled automatically by the build scripts. We also began our transition away from Erinn Clark's GPG key for purposes of signing the individual Tor Browser release files. The alpha series is now signed with a new Tor Browser key, and we intend to transition to this key for the stable series at the end of February. The new fingerprint is EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290. At the end of the month, we performed a triage of browser fingerprinting tickets, and subdivided the fingerprinting tag into several further categories. It is our estimation that the most important categories of issues are under the tags tbb-fingerprinting-resolution[13], tbb-fingerprinting-time[14], and tbb-fingerprinting-font[15]. These represent display, time, and font-related fingerprinting issues respectively. The end of January also saw the UX Sprint in Berkeley[16]. This sprint was structured as a series of 5 individual user studies, where each volunteer user was instructed to search for, download, and install Tor Browser, and use it to perform a basic web search, watch a youtube video, use New Identity, and explore the browser toolbar icons. The users were also instructed to talk through their thought process and express any confusion or assumptions they were making about the UI, so that we could gain further insight into how our users experience our UI. New tickets that we filed as a result of this sprint were tagged with uxsprint2015[17]. Additionally, the process of watching users go through the download, installation, and configuration process caused us to realize that many so-called "stop points" (where users become confused and are unable or unwilling to continue using the browser) still remain in Tor Browser. We have tagged these issues with tbb-usability-stoppoint[18], and consider the overlap between tbb-usability-stoppoint and our pre-existing tbb-helpdesk-frequent[19] tag to be the highest priority usability tickets to solve. Be on the lookout for a separate blog post describing the UX sprint in more detail in the coming days. The full list of tickets closed by the Tor Browser team in January can be seen using the TorBrowserTeam201501 tag on our bug tracker[20]. In February, we will continue to stabilize 4.5-alpha, and will be releasing 4.5-alpha-4 and 4.0.4 on February 24th, to coincide with the upstream point release by Mozilla. We have a great many patches to review for the alpha release, and as always, these are tagged with this month's review tag - TorBrowserTeam201502R[21]. If you have a Tor Browser patch that you want reviewed, please remember to tag it with this review tag! We will also be tackling several of the usability tickets highlighted by the usability sprint. The full list of tickets that the Tor Browser team plans to work on in February can be seen using the TorBrowserTeam201502 tag on our bug tracker[22]. 1. https://blog.torproject.org/blog/tor-browser-403-released 2. https://blog.torproject.org/blog/tor-browser-45a3-released 3. https://trac.torproject.org/projects/tor/ticket/9387 4. https://trac.torproject.org/projects/tor/ticket/13671 5. https://trac.torproject.org/projects/tor/ticket/13379 6. https://trac.torproject.org/projects/tor/ticket/13439 7. https://trac.torproject.org/projects/tor/ticket/13788 8. https://trac.torproject.org/projects/tor/ticket/14100 9. https://trac.torproject.org/projects/tor/ticket/13079 10. https://trac.torproject.org/projects/tor/ticket/13835 11. https://trac.torproject.org/projects/tor/ticket/14122 12. https://trac.torproject.org/projects/tor/ticket/10125 13. https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting-resolution 14. https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting-time 15. https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting-fonts 16. https://trac.torproject.org/projects/tor/wiki/org/meetings/2015UXsprint 17. https://trac.torproject.org/projects/tor/query?keywords=~uxsprint2015 18. https://trac.torproject.org/projects/tor/query?keywords=~tbb-usability-stoppoint 19. https://trac.torproject.org/projects/tor/query?keywords=~tbb-helpdesk-frequentt&status=!closed 20. https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorBrowserTeam201501 21. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201502R 22. https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201502 -- Mike Perry
signature.asc
Description: Digital signature
_______________________________________________ tor-reports mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports
