20220624 Strategy Meeting

[Michael McMahon]

Strategy meeting notes

Attendees: Libor Polčák, kjerabeck, Giorgio Maone, Zoë Kooyman, Greg 
Farough, and Michael McMahon

Looking forward Upcoming grants 3-5 years

We finished the NLnet grant so we are looking elsewhere.

Ministry of Education in Czech Republic has a grant between 
organizations between CR and US.  The deadline for this grant is in 
July.  Org in CR receives somes funds and the other organization would 
not receive funds at the moment.  The FSF and Giorgio would need to seek 
funding elsewhere or together.

This planning would still help grant planning for other more immediate 
funding such as from individuals, other grants including NLnet.

Other grants include:

- Grant opportunity covering UI and i18n: 
https://www.iri.org/work-with-iri/procurement-opportunities/
More exactly 
https://www.iri.org/wp-content/uploads/2022/06/RFP-CENTER2022TECHDEM02o-Technical-Initiatives.pdf

- https://www.opentech.fund/funds/internet-freedom-fund/ More 
inforrmation: https://guide.opentech.fund/faq, 
https://www.opentech.fund/labs/sua-lab/, 
https://www.opentech.fund/about/values-principles/

- NLNet https://nlnet.nl/news/2022/20220601-call.html

Where we are now discussion

Brainstorming future topics

https://pagure.io/JShelter/webextension/issues?status=Open&tags=enhancement&close_status=

Research topic: Does it makes sense to run all counter-measures in Brave 
or Firefox?  Turning off redundant measures should take up less system 
resources.

Testing security of farbling: 
https://pagure.io/JShelter/webextension/issue/68 is a part of this concept.

Recent discussion with Tor Browser devs exactly about this approach vs 
Tor's "make all users equal" one, and the lack of research on 
effectivity and/or exploitability :) So absolutely a must!

Reevaluating the sensor findings.

Let's focus this grant on the more ambitious long-term academic research 
objectives, and in parallel try to secure other sources of funding for 
the actual implementation and testing parts.

Rough estimate for leaky form project 6 to 9 months.  This could be a 
part of this grant or an indirect outcome from research stemming from 
this grant.

Spidering/crawling of the web, testing how JShelter performs, and 
testing live fingerprinting in the wild. Programming a robot with 
selenium to visit the index page, parse what it sees (contact, 
ecommerce, news, etc.). Check if JShelter operates correctly on a 
variety of pages. Study the APIs that are called. Learn what kind of 
APIs are there. Compare the APIs that are called without uBlock Origin 
and with uBlock Origin to show APIs that are typically unnecessary or 
typical of fingerprinting. Use machine learning techniques to analyze 
the data for interesting results.

Opt-in telemetry for community based research.

Pointing out complementary extensions could boost the argument for 
cooperation with the US including LibreJS.

We should see how we can make the functionalities of these extensions as 
complementary to one another as possible.

Community engagement issue for site compatibility: 
https://pagure.io/JShelter/webextension/issue/20

There's no reason for a newspaper site or a social network to precisely 
track mouse movements, for instance, other than collect data about hot 
attention spots. (you must allow exception for painting apps or games, 
for instance)

External funding separate from the CR grant required for these topics:

- Short term immediate need: By March next year JShelter (and every 
other webextension) must have been transitioned to Manifest V3, which is 
a big project in itself.

- i18n

- Making the test pages from JShelter developer tools into general 
privacy advocacy tools usable by the general public.

Maybe opening a meta bug tracking all the possible funding streams 
connected to the development topics?

Next steps discussion