[tor-reports] Griffin's March and February
Griffin Boyce
griffin at cryptolab.net
Wed Apr 1 21:56:54 UTC 2015
__ _
/ _| | |
| |_ ___| |__ _ __ _ _ __ _ _ __ _ _
| _/ _ \ '_ \| '__| | | |/ _` | '__| | | |
| || __/ |_) | | | |_| | (_| | | | |_| |
|_| \___|_.__/|_| \__,_|\__,_|_| \__, |
__/ |
|___/
In February, I spent a good deal of time on personal matters, but also
took time to present on Guard Exhaustion (adversarial forced guard node
rotation) at the DC Area Privacy and Security Seminar (DCAPS). The
response was very positive and the slides are available online [3].
Future work in this area will focus on how to present this information
(signs that an adversary may be trying to induce them to use a faulty
guard node) in a way that is meaningful to users. I also continued
working on a content analysis project that had promising initial
results.
SATORI (February)
For February, I focused on building a solid base for Satori's future
development. This includes setting up work agreements with Jonah
Sheridan and beginning the design process. Jonah and I planned out
development for Satori for the coming months, as well as outlining what
we see as the needs of users. To that end, we've been working on design
for documentation to include and what information users need to know to
boost the learning process. We also wireframed the new desktop
application prototype and I have been using those as the basis for the
new apps' flow. The whiteboards used during these discussions are
available in the github repository[1,2], along with the the wireframes
themselves.
At the end of February, the desktop and mobile versions were nearing
the prototype phase, and my hope is that Satori for Android will be in
beta by the end of this week. Automation of application update
notifications was completed, with additional automation work slated for
March.
Relevant commits for February:
https://github.com/glamrock/Satori/commit/6a736ce6c6762daa9d8d55ab4cabd276a875aaf3
https://github.com/glamrock/Satori/commit/4e2f1e5e73ddb56a914d4f6af6cb591face754a7
https://github.com/glamrock/Satori/commit/0f5103acdfff4e5609c54ef501840d65da736050
STORMY (February)
Stormy's development was delayed while awaiting contract renewal.
Once signed, I began working with someone to create a GUI for Stormy to
make setting up hidden services even easier.
TAILS (February)
Began working with Kim on the full documentation rewrite. Reached out
to individual translators and got the ball rolling with them. The
documentation is currently around 30 pages, which is rather a lot to
translate into 15 languages.
[1]
https://raw.githubusercontent.com/glamrock/Satori/master/desktop/jonah1.jpg
[2]
https://raw.githubusercontent.com/glamrock/Satori/master/desktop/jonah2.jpg
[3] https://github.com/saint/dcaps-winter2015
,---. ,---. ____ .-------. _______ .---. .---.
| \ / | .' __ `. | _ _ \ / __ \ | | |_ _|
| , \/ , |/ ' \ \| ( ' ) | | ,_/ \__) | | ( ' )
| |\_ /| ||___| / ||(_ o _) / ,-./ ) | '-(_{;}_)
| _( )_/ | | _.-` || (_,_).' __ \ '_ '`) | (_,_)
| (_ o _) | |.' _ || |\ \ | | > (_) ) __ | _ _--. |
| (_,_) | || _( )_ || | \ `' /( . .-'_/ )|( ' ) | |
| | | |\ (_ o _) /| | \ / `-'`-' / (_{;}_)| |
'--' '--' '.(_,_).' ''-' `'-' `._____.' '(_,_) '---'
In March, a paper on I co-authored with Paul Syverson was accepted to
the Web 2.0 Privacy and Security workshop.
VALENCIA
I began the month by travelling to Valencia, Spain for the
Circumvention Tech Festival. While there, I:
- discussed ongoing Stormy work with Karsten and Isabela
- presented a talk for end-users on expanding their knowledge of
security apps
- presented a demo of Satori and Cupcake
- discussed design choices and user needs in Stormy and Satori with
trainers who have extensive experience
- showed off some early research on automated content analysis of
redacted documents, which I hope to present later in the year
SATORI
Satori for desktop now recognizes 1793 pieces of software. I am also
reaching out to trainers to find out what other software they think the
app should be recognizing. Currently, it only recognizes
somewhat-recent versions of Tor Browser and Tails. I expect to expand
this in April to cover the most common circumvention software and all of
the applications that Satori redistributes.
Alpha for Android and Windows is now complete and in user testing.
Focus for now is to implement mobile design changes in response to
trainer feedback. Next I will aim for feature parity between Chrome,
Desktop, and Android to improve usability and reduce user confusion.
Currently the Chrome version doesn't recognize software by sha256sum.
Peer-to-peer downloads are also likely to be available in Chrome before
Android or Windows as it's surprisingly straightforward in javascript.
The alpha application represents a basic demo and contains the core
functionality (downloads, sotware verification, and sha256sum
generation). Presented to trainers in the community to get feedback.
The Guides section is hidden as they need to be written.
Thoughts on future Satori features:
I've designed new features (such as easy-to-use GPG signature
verification) that would require more time, more people, and more
funding. As such, I'm currently looking at my options for additional
funding[5] and cooperative agreements that would help make it happen.
For Windows, adding GPG functionality would also increase the size by at
least 4mb as I'd have to bundle in GPG4win. Creating a new GPG
implementation is... not likely, to say the least. That way lies
dragons. For Linux, adding these functions would be more
straightforward, but still require more time/people/funding. I expect
to come to a conclusion in April.
Relevant github commits:
https://github.com/glamrock/Satori/commit/f2474046344953d1ca1c6e81205d1ca2043f771b
https://github.com/glamrock/Satori/commit/527a53716d153f37cbf47514f17f0a1e2d06b99b
https://github.com/glamrock/Satori/commit/f34ba56c945282e1dc80cdd0e5159591d7aa9829
https://github.com/glamrock/Satori/commit/94462099dd564153acc89b09853968c4a5a060e0
https://github.com/glamrock/Satori/commit/63527518ab8e3386e3ff56b91934421a1af66cbe
https://github.com/glamrock/Satori/commit/24b061bf1f8e237bc4c5dd277e894def6d595bab
STORMY
The GUI is in alpha and available on github for developer testing
*only* [4]. Please do not use it. Personal cloud feature (Cozy) still
needs to be coded.
TAILS
Kim did an initial edit of Tails documentation, and I am in the
process of making additional updates and changes. Activists offered use
of their guides written in Arabic, much to my delight. Negotiations
with other activists and translators are ongoing. The new Tails
documentation is likely to be translated into Farsi, Chinese, German,
and Dutch by late April. Currently investigating the use of Sikuli to
create automated screenshots of the Tor Browser in 15 languages.
Work on the Chrome ISO verifier is paused, awaiting the design of the
Firefox version. This code comes from the Satori codebase, but with a
different design and without downloads/bridges/guides/P2P.
[4] https://github.com/glamrock/Stormy
[5] Currently, work on Satori is being generously sponsored by the Open
Technology Fund.
--
“Sometimes the questions are complicated and the answers are simple.”
― Dr. Seuss
More information about the tor-reports
mailing list