The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-08-23T13:18:03Zhttps://gitlab.torproject.org/tpo/network-health/metrics/collector/-/issues/40002CollecTor should archive sanitised bridgestrap results2021-08-23T13:18:03ZirlCollecTor should archive sanitised bridgestrap resultsTo monitor the health of bridges in the network over time, and also to support providing better information to bridge operators via Onionoo/Relay Search, CollecTor should archive sanitised bridgestrap results.
c.f. https://gitlab.torpro...To monitor the health of bridges in the network over time, and also to support providing better information to bridge operators via Onionoo/Relay Search, CollecTor should archive sanitised bridgestrap results.
c.f. https://gitlab.torproject.org/tpo/metrics/relay-search/-/issues/40003irlirl2021-07-31https://gitlab.torproject.org/tpo/team/-/issues/56Set roadmap for Q3 2022 for anti-censorship team2022-07-20T23:56:37ZGabagaba@torproject.orgSet roadmap for Q3 2022 for anti-censorship teamLast roadmap in https://gitlab.torproject.org/tpo/anti-censorship/team#q2
- [x] Review work done in Q2.
- [x] Set roadmap for Q3.
- [x] Update kanban board for Q3.
- [ ] @meskio reviews Q3 kanban board with the team. https://gitlab.torp...Last roadmap in https://gitlab.torproject.org/tpo/anti-censorship/team#q2
- [x] Review work done in Q2.
- [x] Set roadmap for Q3.
- [x] Update kanban board for Q3.
- [ ] @meskio reviews Q3 kanban board with the team. https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards?label_name[]=Q3
Notes will be in https://pad.riseup.net/p/anti-censorship-roadmap-keep
/cc @meskiomeskiomeskio@torproject.orgmeskiomeskio@torproject.org2022-07-01https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40125Update Landing Page (snowflake.torproject.org)2023-03-15T14:48:30ZsereneUpdate Landing Page (snowflake.torproject.org)We've had feedback that the snowflake.torproject.org landing page has been somewhat confusing / unclear. Many users are unsure whether to install the Snowflake Browser Extension, or run Tor Browser. (eg. Many users in Russia have install...We've had feedback that the snowflake.torproject.org landing page has been somewhat confusing / unclear. Many users are unsure whether to install the Snowflake Browser Extension, or run Tor Browser. (eg. Many users in Russia have installed the extension instead, being proxies instead of clients!)
I threw together a draft of an [updated landing page](https://serene.cx/snowflake-torproject-org-draft/ ) by slightly modifying the [current one](https://snowflake.torproject.org/).
To be improved further, but it's an idea:
![Screen_Shot_2022-04-11_at_18.16.33](/uploads/dccb730fb60564a0b9a4cf26a946a223/Screen_Shot_2022-04-11_at_18.16.33.png)
- I think the Tor Browser screenshot also needs to be updated.
- I have another idea, which I'll include in a separate ticket.
- Is this managed / on a separate host from main torproject.org?
This Snowflake landing page can be the very first place people see, so we should make it much more clear & helpful for the users. Let me know next steps @gus @gaba :)meskiomeskio@torproject.orgmeskiomeskio@torproject.org2022-09-30https://gitlab.torproject.org/tpo/tpa/team/-/issues/41046Deploy the bridge scanner2023-03-10T08:15:28ZjugaDeploy the bridge scannerWe need to deploy [onbasca](https://gitlab.torproject.org/tpo/network-health/onbasca), a bridge scanner that communicates with rdsys via Web and might replace bridgestrap in the future (https://gitlab.torproject.org/tpo/anti-censorship/r...We need to deploy [onbasca](https://gitlab.torproject.org/tpo/network-health/onbasca), a bridge scanner that communicates with rdsys via Web and might replace bridgestrap in the future (https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/150). It needs python, other python packages and postgres.
If deployed in a different vm as polyanthum, we might need to create a tunnel because atm there's no any authentication mechanism.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2023-02-15https://gitlab.torproject.org/tpo/tpa/team/-/issues/41297A staging server for rdsys2023-12-12T18:59:16Zmeskiomeskio@torproject.orgA staging server for rdsysWe want to set up a staging server of rdsys, that will be automatically deployed on each commit from the CI. We'll need a new VM for it. Many things will be similar to polyanthium, but we might not need separation of services by users (i...We want to set up a staging server of rdsys, that will be automatically deployed on each commit from the CI. We'll need a new VM for it. Many things will be similar to polyanthium, but we might not need separation of services by users (it might be easier to deploy if we have everything in one user).
We will not need much disk space, CPU or RAM, whatever are the defaults you use now a days will be enough for us.
What we need there:
* [ ] ~~an account that we can ssh automatically from the CI to setup everything.~~ let's postpone this
* [x] We'll also need everybody from anti-censorship to be able to sudo into that account.
* [x] an email account that can send and receive emails over imap and smtp. Maybe gettor-tst@torproject.org?
* [x] a web server with:
* [x] https://bridges-tst.torproject.org proxing to http://localhost:7200
* [x] https://bridges-tst.torproject.org/moat proxing to http://localhost:7500/moat
* [x] https://bridges-tst.torproject.org/status proxing to http://localhost:7100/status
* [x] prometheus exporters to be exposed, I don't think we'll connect them to the prometheus server, but will be useful to be able to reach them for tests:
* [x] backend bridges-tst.torproject.org:7100/metrics
* [x] telegram bridges-tst.torproject.org:7600/metrics
* [x] gettor-distributor bridges-tst.torproject.org:7700/metrics
* [x] gettor-updater bridges-tst.torproject.org:7800/metrics
I don't have a strong opinion for port numbers, the domain names and the email address, I'm just putting some proposals here but I'm happy to adapt to what you think makes sense.anarcatanarcat2023-09-17https://gitlab.torproject.org/tpo/applications/vpn/-/issues/143Convert "Add new bridges" dialog into a full-screen dialog2024-03-05T17:32:20ZdonutsConvert "Add new bridges" dialog into a full-screen dialogThe previous dialog we designed is a little claustrophobic. The text area is quite narrow, and the dialog awkwardly grows in height when new lines are entered. We could improve on this by switching to a full-screen dialog as described he...The previous dialog we designed is a little claustrophobic. The text area is quite narrow, and the dialog awkwardly grows in height when new lines are entered. We could improve on this by switching to a full-screen dialog as described here: https://m3.material.io/components/dialogs/guidelines
The Figma file can be found here: [Figma / Tor VPN for Android](https://www.figma.com/file/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?type=design&node-id=4395%3A1618&mode=design&t=QaXRFt9BKyClRF4p-1)VPN pre-alpha 07https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42436Allow for multiple configured (front, reflector) domain fronting pairs in Moa...2024-03-06T18:39:12ZCecylia BocovichAllow for multiple configured (front, reflector) domain fronting pairs in Moat moduleIt's happened twice now that the domain fronting settings for Moat have stopped working:
- [when `cdn.sstatic.net` moved to CloudFlare](https://lists.torproject.org/pipermail/anti-censorship-team/2023-September/000314.html)
- [when Fastl...It's happened twice now that the domain fronting settings for Moat have stopped working:
- [when `cdn.sstatic.net` moved to CloudFlare](https://lists.torproject.org/pipermail/anti-censorship-team/2023-September/000314.html)
- [when Fastly stopped supporting domain fronting and `foursquare.com` renewed its cert](https://github.com/net4people/bbs/issues/309)
When Moat stops working, it leaves us scrambling to find new front domains, the update process requires a new release, and it can be difficult for users to receive updates or connect if Connection Assist is unreachable. It's also difficult to choose a single front domain that will work in almost every place. Even though Connect Assist allows us offer country-specific circumvention settings, we have only a single setting for using Connect Assist itself.
Ideally, we could provide multiple (front, reflector) pairs, and iterate through them until a working pair is found. That pair can be saved for future use until it stops working and the module will re-iterate through the list until a new pair is found.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42429Android Connection Assist Non-Portriat-Phone Sizes Design2024-02-29T00:51:27ZclairehurstAndroid Connection Assist Non-Portriat-Phone Sizes DesignFor tor-browser#41188 we have portrait designs, but don't have landscape (and other non-protrait-phone) designs. How do we want the landscape (and other non-portriat-phone sizes) to look for connection assist? I was messing with trying t...For tor-browser#41188 we have portrait designs, but don't have landscape (and other non-protrait-phone) designs. How do we want the landscape (and other non-portriat-phone sizes) to look for connection assist? I was messing with trying to make it look better and have some references. I made the buttons have a max width, brought the toggle closer to the text, and reduced the spacing for the text so that it fits better horizontally (otherwise views start overlapping on certain screens with enough going on)
Mock Native Landscape
![Mock_Native_Landscape](/uploads/b2f313b9b51ae7a0499b3bfde3d917a7/Mock_Native_Landscape.png)
Current HTML Landscape
![HTML_Landscape](/uploads/6fa173af6b86fa10d8c1db5e072c27da/HTML_Landscape.png)
Mock Tablet
![Mock_Tablet](/uploads/bfc51dbdad8bfc6b6d60ea768e3dfb86/Mock_Tablet.png)
Mock Foldable
![Mock_Foldable](/uploads/38eb8f5c11b61ee47fd8e2c1db3d81be/Mock_Foldable.png)
Current Native Portrait
![Native_Portrait](/uploads/384005393822624e481d9a2e60a3935f/Native_Portrait.png){width=25%}donutsdonutshttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/58Better Invitation Encoding2024-03-01T11:43:41ZonyinyangBetter Invitation EncodingThe Lox invitation endpoint currently returns a string of bytes formatted like:
```
{"invite":92,149,13,240,159,9,236,1,141,15,246,61,49,4,53,142,229,56,160,137,155,86,127,166,223,8,80,114,117,17,210,3,2,0,0,0,5,36,19,41,86,145,241,114...The Lox invitation endpoint currently returns a string of bytes formatted like:
```
{"invite":92,149,13,240,159,9,236,1,141,15,246,61,49,4,53,142,229,56,160,137,155,86,127,166,223,8,80,114,117,17,210,3,2,0,0,0,5,36,19,41,86,145,241,114,93,58,10,118,162,141,183,53,200,168,179,108,34,222,21,15,252,195,121,92,185,187,78,126,17,67,153,113,32,87,109,232,90,104,27,162,141,83,26,121,195,47,249,109,50,104,220,136,183,111,7,8,93,53,3,12}
```
This is probably not ideal for a user to paste into the browser, though maybe it is fine?
We should check with the ux team to see if they have suggestions for a better user experience and consider changing this (and the interface) to accept a more user-friendly invite.Lox Ready for Open Testing Callonyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/57Create a detailed workflow for investigating and responding to blocked Lox br...2024-02-26T17:32:10ZonyinyangCreate a detailed workflow for investigating and responding to blocked Lox bridgesThough automating the detection of blocked bridges has been a [long term goal](https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40035), discussed [here](https://gitlab.torproject.org/tpo/anti-censorship/rdsy...Though automating the detection of blocked bridges has been a [long term goal](https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40035), discussed [here](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/112) as well, we should have a detailed workflow for how we will handle getting reports of blocked bridges, how often we will manually update bridge statuses for Lox bridges and who will be responsible for these updates during our test deployment.Lox Ready for Open Testing Callonyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/56Increase the Lox Bridge Pool2024-02-28T11:06:12ZonyinyangIncrease the Lox Bridge PoolFor testing purposes, we spun up a few bridges to add to the Lox bridge pool. Before we release Lox for open testing, we should add some more. We decided it would make sense to increase the bridge pool to 10 bridges and do some internal ...For testing purposes, we spun up a few bridges to add to the Lox bridge pool. Before we release Lox for open testing, we should add some more. We decided it would make sense to increase the bridge pool to 10 bridges and do some internal testing with that number first before releasing to the wider communityLox Ready for Open Testing Callmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/ux/research/-/issues/135Plan user research to test Lox2024-02-21T11:06:10ZdonutsPlan user research to test LoxLox is going to exist in Tor Browser Alpha for an extended period, e.g. 2025 at minimum, before it reaches stable. Although we have no definitive plans for its continued development yet, I've created this issue as a place we can begin co...Lox is going to exist in Tor Browser Alpha for an extended period, e.g. 2025 at minimum, before it reaches stable. Although we have no definitive plans for its continued development yet, I've created this issue as a place we can begin collecting questions while the first phase of work is still fresh in our minds.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42413Review Lox UI wording2024-02-22T14:41:16ZhenryReview Lox UI wording/cc @jag and @donuts
In https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42036 we added some new strings, and this issue is just to review them.
The new strings are all [here](https://gitlab.torproject.org/tpo/appli.../cc @jag and @donuts
In https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42036 we added some new strings, and this issue is just to review them.
The new strings are all [here](https://gitlab.torproject.org/tpo/applications/tor-browser/-/blob/0efa3dd93339e7f996070d5170b4fddf5fc11b60/browser/locales/en-US/browser/tor-browser.ftl#L48-300) if you want to review them all, but only a few stand out for me.
Some deviated from the mockups as we learnt more about how Lox actually functions.
The overview:
> With a bridge pass, the bridge bot will send you new bridges when your bridges get blocked. If your bridges don’t get blocked, you’ll unlock invites that let you share bridges with trusted contacts.
After "days until you unlock", we show
> Invites for your trusted contacts
the first time the user will gain invites. And if the user already has invites, we change it to
> More invites for your trusted contacts
Note, the reason we no longer included "+N invites for your trusted contacts" was because the "+N" calculation is non-intuitive: the user doesn't actually gain a fixed number of new invites per level, instead whenever their level changes their remaining invites get reset. In particular, remaining invites at the current level are ignored. When you level up, the next level will reset to a higher number than whatever you have now, so will will gain some amount. When you level down, you can either have more or less remaining invites, depending on how many you used up before.
For the same reason, whenever the user levels up past level 1 ("bridge pass has been upgraded") or levels down ("blocked bridges have been replaced") or some mixture of both, we always show how many remaining invites they have:
> You now have { $numInvites } remaining invites for your trusted contacts
I.e. instead of the "+N" from the mockup, we just give a notice of what the new number is, which may be more or less than when the user last looked.
We also have two strings that refer to "bridge pass server":
> Connecting to bridge pass server…
and
> Unable to connect to bridge pass server.
Should these be "bridge bot" instead of "bridge pass server" to be consistent? I assumed that "bridge bot" in the other strings already referred to the Lox authority (plus Tor Browser's interaction with it).donutsdonutshttps://gitlab.torproject.org/tpo/applications/vpn/-/issues/140Convert the bridge bot into a wizard2024-03-22T14:20:28ZdonutsConvert the bridge bot into a wizardWe decided to convert the previous bridge bot designs from a chatbot into a simple wizard instead.
The Figma file can be found here: [Figma / Tor VPN for Android](https://www.figma.com/file/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?typ...We decided to convert the previous bridge bot designs from a chatbot into a simple wizard instead.
The Figma file can be found here: [Figma / Tor VPN for Android](https://www.figma.com/file/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?type=design&node-id=4515%3A4799&mode=design&t=y0K62dcCkhHHjU9x-1)
Please note it contains two versions:
- a basic, one-button version, which we're intending to build for the MVP.
- a more complex two-button version, which includes an extra button to look up location settings from the [circumvention.json](https://gitlab.torproject.org/tpo/anti-censorship/rdsys-admin/-/blob/main/conf/circumvention.json).
The second, two-button version may be ignored for this iteration of the app.
The middle-screen includes a standard MD3 linear progress indicator. Documentation for this component can be found here: https://m3.material.io/components/progress-indicators/overview
As it's effectively more of a spinner than a true progress indicator, please follow the animation guidelines for the indeterminate version demo'd here (which I've approximated in static-format in Figma): https://m3.material.io/components/progress-indicators/guidelinesVPN pre-alpha 06cybertacybertahttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41508Export rdsys based HTTPS distributor as HTTPS service at rdsys-test-01 with a...2024-02-01T14:02:40ZshelikhooExport rdsys based HTTPS distributor as HTTPS service at rdsys-test-01 with an non-production domain nameI would like to request exporting service hosted at `http://127.0.0.1:7200` at rdsys-test-01 as a https website with an non-production domain name.
Ideally, it should sanitize and supply `X-Forwarded-For` to reflect client IP address.
...I would like to request exporting service hosted at `http://127.0.0.1:7200` at rdsys-test-01 as a https website with an non-production domain name.
Ideally, it should sanitize and supply `X-Forwarded-For` to reflect client IP address.
See also: https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/191 as a part of S150.anarcatanarcathttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/45Document the Lox Distributor API for client requests and server responses2024-01-22T15:04:26ZonyinyangDocument the Lox Distributor API for client requests and server responsesonyinyangonyinyanghttps://gitlab.torproject.org/tpo/ux/team/-/issues/87Project idea: Split circumvention settings into "easy" and "advanced" views2023-12-08T20:33:09ZdonutsProject idea: Split circumvention settings into "easy" and "advanced" viewsTor's circumvention settings are becoming increasingly complex due to the censorship arms race. While features like Connection Assist were originally envisioned as a way to spare users from manually configuration their circumvention sett...Tor's circumvention settings are becoming increasingly complex due to the censorship arms race. While features like Connection Assist were originally envisioned as a way to spare users from manually configuration their circumvention settings entirely, the reality is that users subjected to particularly heavy censorship often need to dive into these settings anyway.
Current routes to circumvent censorship include:
- Connection Assist
- Built-in bridges, including:
- Obfs4
- Snowflake
- Meek
- Bridges requested from rdsys
- User added bridges, distributed by:
- Telegram
- Email
- Web
In the near future, these options may be further expanded by the addition of:
- Lox bridges
- New pluggable transports, i.g. Webtunnel and Conjure
- Incorporating Orbot's "Ask Tor" feature
As such, there may be some benefit in splitting our circumvention settings into "easy" and "advanced" views, to prevent users from becoming completely overwhelmed by the sheer volume of routes. The "easy" view could include simple options like built-in bridges, alongside semi-automated options powered by the circumvention API (e.g. Connection Assist or Ask Tor), whereas the "advanced" view would contain options that provide for more manual configuration.https://gitlab.torproject.org/tpo/tpa/team/-/issues/41434rdsys-test-01: expose moat API2024-01-19T18:08:15Zmeskiomeskio@torproject.orgrdsys-test-01: expose moat APII have two issues to reach the moat API from outride rdsys-test-01:
bridges-test.torproject.org points to 116.202.120.184, while rdsys-test-01.torproject.org is 204.8.99.152. Can we configure bridges-test.torproject.org to be a CNAME of...I have two issues to reach the moat API from outride rdsys-test-01:
bridges-test.torproject.org points to 116.202.120.184, while rdsys-test-01.torproject.org is 204.8.99.152. Can we configure bridges-test.torproject.org to be a CNAME of rdsys-test-01.torproject.org?
In rdsys-test-01 I can reach the moat API:
```bash
rdsys@rdsys-test-01:~$ curl http://127.0.0.1:7500/moat/circumvention/defaults |jq
{
"settings": [
{
...
```
But from outside not:
```
❯ curl https://rdsys-test-01.torproject.org/moat/cicumvention/defaults
<a href="/cicumvention/defaults">Moved Permanently</a>.
```
Not sure who produces that response, but I don't think is the rdsys-moat service. In a fast look at the nginx config it looks right, but I guess I'm missing something there.https://gitlab.torproject.org/tpo/applications/vpn/-/issues/119Review strings used on "Bridges" page for length and consistency2024-03-26T22:58:47ZkwadronautReview strings used on "Bridges" page for length and consistencyThe wording is pretty long:
> **Enter bridge address**
>
> Add a bridge provided by a trusted organization or someone you know
![image](/uploads/6eed6b060be49262539f5064c635907b/image.png)
Maybe we can get something shorter, suggestio...The wording is pretty long:
> **Enter bridge address**
>
> Add a bridge provided by a trusted organization or someone you know
![image](/uploads/6eed6b060be49262539f5064c635907b/image.png)
Maybe we can get something shorter, suggestions:
- Add a bridge from a trusted organization or person
- Add a trusted bridge
- Enter a bridge from a trusted sourceVPN pre-alpha 06donutsdonutshttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/38Update Lox Distributor Config file to request Lox type2023-11-09T03:49:09ZonyinyangUpdate Lox Distributor Config file to request Lox typeThis should work in tandem with an update to `rdsys` that partitions bridges in to a `lox` type. This will only require an update to the test config file in the lox-distributor repo but this issue is mostly a reminder to update once a `l...This should work in tandem with an update to `rdsys` that partitions bridges in to a `lox` type. This will only require an update to the test config file in the lox-distributor repo but this issue is mostly a reminder to update once a `lox` type exists.onyinyangonyinyang