The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-06-10T21:10:10Zhttps://gitlab.torproject.org/tpo/web/donate-static/-/issues/19BTCPay form on cryptocurrency page behaviour2021-06-10T21:10:10ZHiroBTCPay form on cryptocurrency page behaviourThe btcpayserver offer an onion address.
If you visit https://donate.torproject.org/cryptocurrency you will find a donate form that will take you to bbtcpay.torproject.net to make a donation in bitcoin.
Btc.torproject.net also offers a...The btcpayserver offer an onion address.
If you visit https://donate.torproject.org/cryptocurrency you will find a donate form that will take you to bbtcpay.torproject.net to make a donation in bitcoin.
Btc.torproject.net also offers a .onion that is advertised via the onion-location header.
Up to now if a user was accession the .onion of donate.tpo, if they clicked on the donate form for btcpayserver, they would first go to btcpay.tp.net and then the would be able to go to the onion if the wanted.
Now this is the flow:
- If a user use any browser to access the page they will see the form that use btcpay.torproject.net
- If a user is accessing the website via the .onion they will see the form that use the .onion address of btcpay.tp.n
- If a user doesn't use js they will see both forms.https://gitlab.torproject.org/tpo/core/tor/-/issues/40748Change the default of relays per IP address to 42023-05-31T13:11:24ZGeorg KoppenChange the default of relays per IP address to 4Over in #40744 we started allowing 4 relays per IP address via the `AuthDirMaxServersPerAddr` option. I think we should raise the current default, which is 2, accordingly and then update all the specs affected. We might even need a new p...Over in #40744 we started allowing 4 relays per IP address via the `AuthDirMaxServersPerAddr` option. I think we should raise the current default, which is 2, accordingly and then update all the specs affected. We might even need a new proposal for that (including following the whole proposal process)?Tor: 0.4.8.x-freezehttps://gitlab.torproject.org/tpo/web/community/-/issues/275some subtitles are not being translated in relay/setup/bridge/ but they are t...2022-06-16T20:36:57Zemmapeelsome subtitles are not being translated in relay/setup/bridge/ but they are translated in transifexIf you see the different cards for operating systems at https://tor-www@review.torproject.net/tpo/web/community/l10n/ru/relay/setup/bridge/ you can see that
FreeBSD, NetBSD, OpenBSD, DragonFlyBSD and Windows subtitles are not translated...If you see the different cards for operating systems at https://tor-www@review.torproject.net/tpo/web/community/l10n/ru/relay/setup/bridge/ you can see that
FreeBSD, NetBSD, OpenBSD, DragonFlyBSD and Windows subtitles are not translated.
But the translation in transifex is complete. The same happens in all languages.https://gitlab.torproject.org/tpo/network-health/metrics/onionperf/-/issues/40001Improve documentation to make it more useful to developers and researchers2022-02-08T12:50:45ZKarsten LoesingImprove documentation to make it more useful to developers and researchersI'd like to improve our documentation to make it more useful to developers and researchers. My current plan is:
* [x] Write an outline what needs to be covered in the documentation
* [x] Make a list of existing documentation in this rep...I'd like to improve our documentation to make it more useful to developers and researchers. My current plan is:
* [x] Write an outline what needs to be covered in the documentation
* [x] Make a list of existing documentation in this repository, on the wiki, and maybe other places
* [x] Start putting everything together in a single place
I'm creating this ticket to track my progress in doing so and also in learning early from others what else I should be paying attention to.OnionPerf: Scalability, Performance, Establishing Basline Metricshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40259Inform users in Tor Browser of which settings are best for them based on thei...2022-04-04T17:11:17ZArturo FilastòInform users in Tor Browser of which settings are best for them based on their countryTor Browser Launcher would, for countries where we know Tor to either work for sure or not work for sure, advise users on whether to use a bridge or not.
This does open the question of "How does Tor Launcher know the country of the user...Tor Browser Launcher would, for countries where we know Tor to either work for sure or not work for sure, advise users on whether to use a bridge or not.
This does open the question of "How does Tor Launcher know the country of the user"?
I think this is at the end of the day a UX question, that can have various ways of doing it. For example you can have the user input their country (but that is maybe a bit sketchy from the users perspective) or you could show them a list of countries where tor is known to work OK and a list of where it's known to not work.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetrichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40658s96 mega-dev issue on torconnect feature2022-04-15T20:50:21Zrichards96 mega-dev issue on torconnect featureAn issue to track the entire update to the torconnect feature
### Links:
- Design Doc: https://docs.google.com/document/d/16NVqOvIOdy26vvH7P94D1kXmXoppKTRmv4T--fMfHjg/edit
- User-flow figma: https://www.figma.com/file/yApSDTlsppvH8w250...An issue to track the entire update to the torconnect feature
### Links:
- Design Doc: https://docs.google.com/document/d/16NVqOvIOdy26vvH7P94D1kXmXoppKTRmv4T--fMfHjg/edit
- User-flow figma: https://www.figma.com/file/yApSDTlsppvH8w2508zV8k/about%3Atorconnect-User-Flows?node-id=84%3A516
- More User-flow figma: https://www.figma.com/file/Vsh1aPOZGneDX4Zp27mjsK/Sponsor-30?node-id=531%3A2047
- New Moat APIs: https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40025#note_2753073
- Querying new Moat API in tor-browser: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40645
### Todo:
- [x] Handle Moat errors properly:
- https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/blob/main/bridgedb/distributors/moat/server.py#L648
- https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/blob/main/bridgedb/distributors/moat/server.py#L226
```
<meskio> now you can get two different error codes: 400 and 406
<meskio> 406 is for when it can't find the country for the given IP
<meskio> 400 is for malformed requests, for example see:
```
- [x] implement new moat APIs and replace existing consumers with new moat module (#40645)
- [x] Update the about:torconnect state machine to facilitate the userflow in the above linked figma (#40662)
- @duncan: what do we do when no settings are available for the user's location? we could either go with a fallback (obfs4?) or leave it to the user
- [ ] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40707
- [x] Update the about:torconnect frontend page to match additional UI flows (#40773)
- [x] Update about:preferences page to match new UI designs (#40774)
User Testing from nah: https://www.figma.com/proto/Vsh1aPOZGneDX4Zp27mjsK/Sponsor-30?page-id=531%3A2047&node-id=717%3A3003&viewport=241%2C48%2C0.08&scaling=min-zoom&starting-point-node-id=717%3A3003&show-proto-sidebar=1
Ping @duncan @meskioTor Browser 11.5richardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40467Remove build-sunet-a from tools/ansible2022-07-21T07:31:11ZboklmRemove build-sunet-a from tools/ansibleIn `tools/ansible` we have some ansible scripts we used to setup build-sunet-a. We can remove them as this host will be retired (tpo/tpa/team#40691).In `tools/ansible` we have some ansible scripts we used to setup build-sunet-a. We can remove them as this host will be retired (tpo/tpa/team#40691).boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40804Tor Browser's new obfs4proxy client has compatibility issues with old obfs4pr...2022-11-22T13:00:04ZatariTor Browser's new obfs4proxy client has compatibility issues with old obfs4proxy bridges<!--
* Use this issue template for reporting a new bug.
-->
### Summary
When starting TB 11.0.6 on Linux with self-defined bridges at bootstrapping following messages show up in log multiple times:
[WARN] Proxy Client: unable to connec...<!--
* Use this issue template for reporting a new bug.
-->
### Summary
When starting TB 11.0.6 on Linux with self-defined bridges at bootstrapping following messages show up in log multiple times:
[WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with [omitted] ID=[omitted] RSA_ID=[omitted] (“general SOCKS server failure”)
Bridges work after bootstrapping. Warnings irritate anyhow.
### Steps to reproduce:
Set some bridge-lines in TB config and restart the browser
### What is the current bug behavior?
Tor Logs show these warnings multiple times:
[WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with [omitted] ID=[omitted] RSA_ID=[omitted] (“general SOCKS server failure”)
### What is the expected behavior?
No warning like in the builds before
### Environment
Tor Browser 11.0.6 downloaded via auto-update | Linux Debian
Started with ~/tor-browser_en-US/Browser/start-tor-browser
### Relevant logs and/or screenshots
Multiple times:
[WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with [omitted] ID=[omitted] RSA_ID=[omitted] (“general SOCKS server failure”)https://gitlab.torproject.org/tpo/applications/android-components/-/issues/34324Must Audit Components for ESR91 Tor Browser2022-06-27T21:07:56ZMatthew FinkelMust Audit Components for ESR91 Tor BrowserComponents we must audit.
- [ ] [Audit mozilla_browser_icons](android-components#34323)
- [ ] [Audit mozilla_browser_state](android-components#34325)
- [ ] [Audit mozilla_browser_storage_sync](android-components#34326)
- [ ] [Audi...Components we must audit.
- [ ] [Audit mozilla_browser_icons](android-components#34323)
- [ ] [Audit mozilla_browser_state](android-components#34325)
- [ ] [Audit mozilla_browser_storage_sync](android-components#34326)
- [ ] [Audit mozilla_concept_sync](android-components#34327)
- [ ] [Audit mozilla_feature_qr](android-components#34328)
- [ ] [Audit mozilla_feature_app_links](android-components#34329)
- [ ] [Audit mozilla_feature_intent](android-components#34330)
- [ ] [Audit mozilla_feature_share](android-components#34331)
- [ ] [Audit mozilla_feature_accounts_push](android-components#34332)
- [ ] [Audit mozilla_feature_pwa](android-components#34333)
- [ ] [Audit mozilla_feature_webcompat](android-components#34334)
- [ ] [Audit mozilla_service_sync_logins](android-components#34335)
- [ ] [Audit mozilla_service_firefox_accounts](android-components#34336)
- [ ] [Audit mozilla_service_location](android-components#34337)
- [ ] [Audit mozilla_support_migration](android-components#34339)
- [ ] [Audit mozilla_lib_push_firebase](android-components#34340)
- [ ] [Audit mozilla_lib_dataprotect](android-components#34341)
- [ ] [Audit androidx_biometric](android-components#34342)
See:
https://gitlab.torproject.org/tpo/applications/fenix/-/issues/33939#note_2605622Tor Browser: 11.0 Issues with previous releasehttps://gitlab.torproject.org/tpo/operations/team/-/issues/3Claim torproject.com HNS domain2023-01-17T18:59:16ZGusClaim torproject.com HNS domainRecently we've learned that we could claim the `torproject.com` domain on Handshake (HNS) blockchain and we will get 1,195,341 HNS (or USD 304k at the moment). Other projects already claimed their domains, for example, [Brave](https://hn...Recently we've learned that we could claim the `torproject.com` domain on Handshake (HNS) blockchain and we will get 1,195,341 HNS (or USD 304k at the moment). Other projects already claimed their domains, for example, [Brave](https://hnscan.com/tx/e641b6dc9d6664990a10da46c2b9437ab72dd508348d56ec973f6781f6ab54f3) and [Riseup](https://hnscan.com/name/riseup). After clamming the domain, it will take 30 days to move the funds from HNS wallet.
Here's a step by step how to do that: https://gist.github.com/tynes/230f715c9710a089ee190b28585b6596.
Micah Anderson offered his help.al smithal smithhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/19914DMARC causing trouble with Tor lists, From should be munged2022-12-10T03:21:37ZstarlightDMARC causing trouble with Tor lists, From should be mungedTor Project list server does not remove DKIM headers and reliably modifies the Subject: header in such a manner as to produce DKIM validation failures. Beyond adding a prefix which can be anticipated by conscientious senders, spaces are...Tor Project list server does not remove DKIM headers and reliably modifies the Subject: header in such a manner as to produce DKIM validation failures. Beyond adding a prefix which can be anticipated by conscientious senders, spaces are injected at unpredictable offsets. This badly degrades spam-scoring of messages by Google and other ESPs and frequently results in the sending of list messages to spam folders.
My recommendation is that the list server configuration be set to completely strip DKIM headers from forwarded messages.
Possibly if the list server software supports it, a DKIM-signed RFC-7001 Authentication-Results: header might be added though it seems to me the positive effect on spam scoring would be minor, where in comparison not stripping DKIM headers results in a substantial negative impact.anarcatanarcat2021-09-14https://gitlab.torproject.org/tpo/tpa/nextcloud/-/issues/16Changing timezone for events stopped working2022-11-07T19:14:42ZGabagaba@torproject.orgChanging timezone for events stopped workingHey!
I used to change the timezone for events in the nextcloud calendar because otherwise people would get a notification email with the meeting's time in my timezone and they would get very confused. BUT after last nextcloud upgrade I ...Hey!
I used to change the timezone for events in the nextcloud calendar because otherwise people would get a notification email with the meeting's time in my timezone and they would get very confused. BUT after last nextcloud upgrade I can not change the timezone of the event. When I click the 'world button' nothing happens.
This is the bug in nextcloud: https://github.com/nextcloud/calendar/issues/4630https://gitlab.torproject.org/tpo/community/relays/-/issues/68-- withdrawn --2023-06-15T10:39:18Znusenu-- withdrawn --will be replaced by a new ticketwill be replaced by a new tickethttps://gitlab.torproject.org/tpo/community/l10n/-/issues/40057recreate graphics in svg to offer up for translation2022-10-26T20:41:06Zemmapeelrecreate graphics in svg to offer up for translationthe graph at https://community.torproject.org/training/resources/all-about-tor/#/0/11 , which is located at https://community.torproject.org/static/images/training/slides/all-about-tor/tor-browser-features.png, should be recreated on svg...the graph at https://community.torproject.org/training/resources/all-about-tor/#/0/11 , which is located at https://community.torproject.org/static/images/training/slides/all-about-tor/tor-browser-features.png, should be recreated on svg format or in some way be translated for the other locales of the page.
Same with the graph at https://community.torproject.org/training/resources/all-about-tor/#/0/7
the first graph is:
![tor-browser-features](/uploads/ec46350e3cda8656103dc96f616e002f/tor-browser-features.png)
and the second (added to ticket on Feb. 17) is:
![how-tor-relays-work](/uploads/48e17c684d8e73ede77d97dbc839757f/how-tor-relays-work.png)emmapeelemmapeelhttps://gitlab.torproject.org/tpo/community/relays/-/issues/57Document relay community governance processes2024-02-06T12:34:59ZGabagaba@torproject.orgDocument relay community governance processesThis is activity O2.4 for [sponsor 112](https://gitlab.torproject.org/groups/tpo/-/milestones/44#tab-issues):
Document relay community governance processes. In this activity, we will publish public-facing documentation on what enforceme...This is activity O2.4 for [sponsor 112](https://gitlab.torproject.org/groups/tpo/-/milestones/44#tab-issues):
Document relay community governance processes. In this activity, we will publish public-facing documentation on what enforcement mechanisms were considered, why the ones that were selected were chosen, and why the ones that were not implemented but were considered as possible candidates, were eventually rejected. The audience for these documents will be future technology projects that utilize the similar volunteer-run infrastructure and may be able to benefit from the insights Tor obtained during this process.Georg KoppenGeorg Koppen2024-03-04https://gitlab.torproject.org/tpo/tpa/schleuder/-/issues/40005Please refresh sysrqb's pgp key2022-05-25T18:37:41ZMatthew FinkelPlease refresh sysrqb's pgp keyRelated to team#40317
thank youRelated to team#40317
thank youDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40100load warnings on gnt-fsn: migrate some VMs to gnt-chi?2022-10-04T15:03:38Zanarcatload warnings on gnt-fsn: migrate some VMs to gnt-chi?in the last week, we've had a few warnings from nagios about load being two high in the gnt-fsn cluster, particularly on fsn-node-0[12]:
```
2020-11-12 13:57:05 <nsa> tor-nagios: [fsn-node-01] load is WARNING: WARNING - load average: 27...in the last week, we've had a few warnings from nagios about load being two high in the gnt-fsn cluster, particularly on fsn-node-0[12]:
```
2020-11-12 13:57:05 <nsa> tor-nagios: [fsn-node-01] load is WARNING: WARNING - load average: 27.93, 28.07, 22.95
2020-11-12 14:57:03 <nsa> tor-nagios: [fsn-node-01] load is OK: OK - load average: 23.70, 24.29, 25.25
2020-11-12 16:22:08 <nsa> tor-nagios: [fsn-node-01] load is WARNING: WARNING - load average: 42.81, 38.54, 35.18
2020-11-17 12:31:05 <nsa> tor-nagios: [fsn-node-01] load is WARNING: WARNING - load average: 23.08, 38.64, 37.58
2020-11-17 13:46:05 <nsa> tor-nagios: [fsn-node-01] load is OK: OK - load average: 26.70, 27.10, 25.82
2020-11-17 14:11:05 <nsa> tor-nagios: [fsn-node-01] load is WARNING: WARNING - load average: 25.37, 25.99, 27.78
2020-11-18 03:50:04 <nsa> tor-nagios: [fsn-node-01] load is WARNING: WARNING - load average: 30.22, 34.05, 30.19
2020-11-18 04:49:59 <nsa> tor-nagios: [fsn-node-01] load is OK: OK - load average: 26.40, 22.63, 23.75
2020-11-18 05:15:04 <nsa> tor-nagios: [fsn-node-01] load is WARNING: WARNING - load average: 23.39, 28.03, 28.51
2020-11-18 08:00:09 <nsa> tor-nagios: [fsn-node-01] load is OK: OK - load average: 2.99, 9.16, 18.38
2020-11-19 04:06:12 <nsa> tor-nagios: [fsn-node-02] load is WARNING: WARNING - load average: 38.44, 35.68, 30.18
2020-11-19 04:21:12 <nsa> tor-nagios: [fsn-node-02] load is OK: OK - load average: 11.93, 15.21, 20.84
```
It might be worth trying to figure out what, exactly, in there is causing those load spikes (see grafana or related nagios warnings) and move some of that stuff to the other ganeti cluster.
machines to move:
* [ ] onionoo-backend-02.torproject.org (maybe get the new metrics service admins to rebuild one of those from scratch?)
* [ ] onionoo-frontend-02.torproject.org (rebuild from scratch?)
* [x] build-x86-12.torproject.org (we already have build-x86-11.torproject.org - maybe rebuild from scratch too?) - moved to #40135
those instances will require extra storage, <del>so blocked on #40131</del> (update: iSCSI cluster working well enough for those to start):
* [x] tb-build-02 - redundant with tb-build-01 (rebuild from scratch?) #40198
* [x] web-fsn-02 - same with web-fsn-01 (although maybe just retire and rebuild as web-chi-03?) moved to #40193
`tb-build-02` would be particularly nice to migrate, as i suspect it's causing load warnings on `fsn-node-03` right now.anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40806gitlabCI jobs cannot find host gitlab.torproject.org and are failing2022-07-19T18:54:27ZemmapeelgitlabCI jobs cannot find host gitlab.torproject.org and are failingsome jobs, for ex.
https://gitlab.torproject.org/tpo/translation/-/jobs/146229
https://gitlab.torproject.org/tpo/web/manual/-/jobs/146185
https://gitlab.torproject.org/tpo/onion-services/sponsor123-landing-page/-/jobs/146168/
are fai...some jobs, for ex.
https://gitlab.torproject.org/tpo/translation/-/jobs/146229
https://gitlab.torproject.org/tpo/web/manual/-/jobs/146185
https://gitlab.torproject.org/tpo/onion-services/sponsor123-landing-page/-/jobs/146168/
are failing with a message of **Could not resolve host: gitlab.torproject.org**
lavamind has said 'those are the new runners'Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40618create a new static-master-chi server in the gnt-chi cluster2022-05-16T18:27:29Zanarcatcreate a new static-master-chi server in the gnt-chi clusterin tpo/tpa/ci-templates#8 we have identified issues with the performance of the review apps (and possibly all static shim) deployments. but diagnostics are pretty hard because the master server is getting *hammered* by many other deploym...in tpo/tpa/ci-templates#8 we have identified issues with the performance of the review apps (and possibly all static shim) deployments. but diagnostics are pretty hard because the master server is getting *hammered* by many other deployments, namely dist.tpo and tbb-nightlies, which take up a lot of IO and make it harder to see what's going on.
create a new master in the gnt-chi cluster, called `static-master-chi-02.torproject.org`, which will process, for now, only the review apps static site. this will involve following the new-machine procedure:
https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/new-machine
you will likely need to follow the "new ganeti instance" procedure, there's an example for the gnt-chi cluster here:
https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/ganeti#other-examples
depending on disk requirements (something similar to the current static-master-fsn box), you might need to create the VM with disks in the SAN, which is documented one section below:
https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/ganeti#iscsi-integration
that should get you a "basic" box with nothing configured. then you'll need to configure it as a static master. that procedure is undocumented. we have a procedure for configuring a *mirror* which could serve as inspiration:
https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/static-component/#installation
the procedure should end up documented above of course. my guess is that you *won't* need to install apache (which is only needed on mirrors). you might need to add some `allowedGroups` in LDAP (check the current master for an example), and will definitely need a class in puppet, although I'm not sure the `gets triggered` hack is necessary, because it's just a master and won't be active until it's added into `modules/roles/misc/static-components.yaml`.
do let me know if you have any concerns or questions about the master procedure. i don't believe I have performed it myself: @weasel did the last deploy, but i should be familiar enough with the setup to find out what's missing, if anything.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40438gitlab job timeout while pending2021-12-02T20:53:13ZJim Newsomegitlab job timeout while pendingJob [39945](https://gitlab.torproject.org/jnewsome/sponsor-61-sims/-/jobs/39945) timed out while waiting to run, after ~24h. I have the job timeout set to [72h](https://gitlab.torproject.org/jnewsome/sponsor-61-sims/-/commit/d14971c53e8e...Job [39945](https://gitlab.torproject.org/jnewsome/sponsor-61-sims/-/jobs/39945) timed out while waiting to run, after ~24h. I have the job timeout set to [72h](https://gitlab.torproject.org/jnewsome/sponsor-61-sims/-/commit/d14971c53e8eaa85d2b205c9bfc8e60a7d1f62b5), so I'm not sure what's going on.
For context - now that I'm running multiple trials of relatively large simulations, I'm running them sequentially as separate jobs instead of trying to run them in parallel in a single job.
![timeout](/uploads/ca12b456002470385757305245c8a6ff/timeout.png)anarcatanarcat