The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-04-25T15:36:50Zhttps://gitlab.torproject.org/tpo/core/arti/-/issues/546Arti should provide a SOCKS proxy as a library2023-04-25T15:36:50ZIan Jacksoniwj@torproject.orgArti should provide a SOCKS proxy as a libraryCurrently we only provide our SOCKS functionality as unstable experimental APIs in the `arti` library crate.
We ought to provide this functionality as a proper API.Currently we only provide our SOCKS functionality as unstable experimental APIs in the `arti` library crate.
We ought to provide this functionality as a proper API.Arti: Feature parity with the C implementationIan Jacksoniwj@torproject.orgIan Jacksoniwj@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/463Client-side backend code for UDP support2023-06-01T20:14:20ZNick MathewsonClient-side backend code for UDP support@dgoulet is interested in writing a client-side backend code to allow programmatic access to the UDP-over-tor protocol as specified in [proposal 339](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/339-udp-over-tor.m...@dgoulet is interested in writing a client-side backend code to allow programmatic access to the UDP-over-tor protocol as specified in [proposal 339](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/339-udp-over-tor.md).
Here are, roughly, the steps you'd need:
* [x] We need to be able to send and receive the new messages. Add parsing and encoding support for the new relay message types in `tor-cell::relay::msg`.
* [ ] We need to be able to tell which exits support UDP. Add parsing support for the new exit policy types for microdescriptors in `tor-netdoc::doc::microdesc`.
* [ ] Here's the core: we need a type corresponding to a datagram stream, that can send and receive UDP messags. Add new `DatagramStream` type for UDP messages in `tor-proto`. They should re-use `tor_proto::stream::raw::{StreamReader,StreamWriter}` under the hood. Probably they should share code with `tor_proto::stream::data`; it would be good to avoid code duplication when possible.
* [ ] We'll need a way to create these streams! Make a new function like `begin_data_stream` on `tor_proto::ClientCirc` to begin a datagram stream.
* [ ] The circuit manager will need to know how to tell which exits it can use for UDP. Add a new variants or new fields in `tor_circmgr::usage::{TargetCircUsage,SupportedCircUsage}` to handle requesting a circuit whose exit needs to support UDP. Maybe the right way to do this is by adding a new boolean and a new set of constructors to `TargetPort`?
* [ ] We'll need a way to make these streams correctly from `arti_client`. That might take the form of a new `connect_udp` and `connect_udp_with_prefs` function pair, similar to the existing `connect` and `connect_with_prefs` in `TorClient`. We'll want to avoid code duplication with those functions.
General notes:
* At every point we should keep test coverage as high as we can!
* The new UDP functions in high-level crates should probably be `#[cfg(feature="experimental-api`)] for now.
* It's probably a good idea to do a separate MR for each stage listed above.
* If any of the existing code doesn't make sense, just ask! It's probably badly documented or badly explained, and we should fix that.Sponsor 101 - Tor VPN Client for AndroidDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/applications/vpn/-/issues/1Define a Threat Model2023-11-24T11:58:28ZMatthew FinkelDefine a Threat ModelAs a reference, [Tor Browser's design document](https://2019.www.torproject.org/projects/torbrowser/design/) describes which threats/attacks are considered in-scope. A VPN (or VPN-like service) has different strengths and weaknesses, the...As a reference, [Tor Browser's design document](https://2019.www.torproject.org/projects/torbrowser/design/) describes which threats/attacks are considered in-scope. A VPN (or VPN-like service) has different strengths and weaknesses, therefore we must define those and evaluate reasonable expectations.
Some initial questions:
- When are the VPN's protections applicable?
- What are reasonable expectaions when the service is disabled?
- What are reasonable expectations when the service is enabled?
- Which use cases can we reasonably support? (e.g., under which circumstances can we fail-closed: device is rebooted or app crashes?)
- What properties does an application's connection gain/have when routed through this service?Sponsor 101 - Tor VPN Client for Androidmicahmicah@torproject.orgmicahmicah@torproject.org2024-01-29https://gitlab.torproject.org/tpo/tpa/team/-/issues/41217retire cupani2024-03-26T20:48:47Zanarcatretire cupaniOnce all lagacy Git repositories have been migrated to GitLab (#41215), retire cupani.Once all lagacy Git repositories have been migrated to GitLab (#41215), retire cupani.legacy Git infrastructure retirement (TPA-RFC-36)anarcatanarcat2024-04-24https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/82Create an Onionprobe release on new tags2024-03-27T21:44:40ZSilvio RhattoCreate an Onionprobe release on new tagsCreate a [GitLab release](https://docs.gitlab.com/ee/user/project/releases/) automatically [when a tag is pushed to the repo](https://docs.gitlab.com/ee/user/project/releases/release_cicd_examples.html#create-a-release-when-a-git-tag-is-...Create a [GitLab release](https://docs.gitlab.com/ee/user/project/releases/) automatically [when a tag is pushed to the repo](https://docs.gitlab.com/ee/user/project/releases/release_cicd_examples.html#create-a-release-when-a-git-tag-is-created).Onionprobe 1.2.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/issues/5Vendorize Onion MkDocs2024-03-27T21:47:27ZSilvio RhattoVendorize Onion MkDocsVendorize [Onion MkDocs](https://gitlab.torproject.org/rhatto/onion-mkdocs), so it's easier to retrieve updates.Vendorize [Onion MkDocs](https://gitlab.torproject.org/rhatto/onion-mkdocs), so it's easier to retrieve updates.Oniongroove 0.1.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/80Enhanced Grafana dashboard2024-03-27T21:45:05ZSilvio RhattoEnhanced Grafana dashboardEnhance the sample [exportable](https://grafana.com/docs/grafana/latest/dashboards/export-import/) Grafana Dashboard for Onion Services monitoring, including:
* [ ] Lists of expiring X.509 certificates (next days/weeks/month/quarter; cu...Enhance the sample [exportable](https://grafana.com/docs/grafana/latest/dashboards/export-import/) Grafana Dashboard for Onion Services monitoring, including:
* [ ] Lists of expiring X.509 certificates (next days/weeks/month/quarter; current quarter; etc).
* [ ] Enhanced metrics from tpo/onion-services/onionprobe#78.Onionprobe 1.2.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/issues/4Oniongroove 0.1.0 release planning2024-03-27T21:47:14ZSilvio RhattoOniongroove 0.1.0 release planningPlan the [0.0.1 release](https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/milestones/1).Plan the [0.0.1 release](https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/milestones/1).Oniongroove 0.1.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/issues/3Oniongroove prototype2024-03-28T12:56:29ZSilvio RhattoOniongroove prototypeWrite an early prototype/proof of concept for Oniongroove.Write an early prototype/proof of concept for Oniongroove.Oniongroove 0.1.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/78Enhanced metrics for Onion Service descriptors2024-03-27T21:44:54ZSilvio RhattoEnhanced metrics for Onion Service descriptorsImplement additional metrics for Onion Service descriptors.
That need:
* A better way to parse descriptors would enable many other metrics.
* Some patches sent upstream to Stem.
Some fields that could get measurements:
* From the out...Implement additional metrics for Onion Service descriptors.
That need:
* A better way to parse descriptors would enable many other metrics.
* Some patches sent upstream to Stem.
Some fields that could get measurements:
* From the outer descriptor wrapper:
* [ ] "descriptor-lifetime".
* [ ] "revision-counter".
* From the first layer of encryption:
* [ ] "[caa-critical](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/343-rend-caa.txt)".
* From the second layer of encryption:
* [ ] "single-onion-service".
* [ ] "pow-params": an indirect way to measure DoS for PoW-enabled
services (by measuring the PoW settings in the descriptor),
which depends on tpo/core/tor#40634 to be implemented.
* [ ] "[caa](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/343-rend-caa.txt)".
Other measurements:
* [ ] Metrics for the descriptor and inner layer sizes.Onionprobe 1.2.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/issues/2Oniongroove threat model2024-03-27T21:47:21ZSilvio RhattoOniongroove threat modelWrite initial version of [Oniongroove](https://gitlab.torproject.org/rhatto/oniongroove) threat model, including:
* [ ] Consider the scenario where someone run more than a single Onionbalance
"frontend" with the same address but w...Write initial version of [Oniongroove](https://gitlab.torproject.org/rhatto/oniongroove) threat model, including:
* [ ] Consider the scenario where someone run more than a single Onionbalance
"frontend" with the same address but with different backends and uploading
descriptors at different times. Would this:
* Impact the Tor network negativelly?
* Improve load balancing?
* Be an acceptable frontend failover?Oniongroove 0.1.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/issues/1Oniongroove deployment research2024-03-27T21:47:32ZSilvio RhattoOniongroove deployment researchResearch on all relevant deployment technologies (DevOps) for Onion Services: build a first matrix of technologies, recipes and strategies, incorporating it into the specs (onion-support#40).Research on all relevant deployment technologies (DevOps) for Onion Services: build a first matrix of technologies, recipes and strategies, incorporating it into the specs (onion-support#40).Oniongroove 0.1.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/64Exit codes should reflect reality2024-03-27T21:44:24ZgeorgExit codes should reflect realityIt seems, onionprobe exits with `0` aka success in any case, while it should probably exit with `> 0` if things go wrong:
```
~ onionprobe -e test.onion; echo $? ...It seems, onionprobe exits with `0` aka success in any case, while it should probably exit with `> 0` if things go wrong:
```
~ onionprobe -e test.onion; echo $?
2022-07-23 12:52:30,170 INFO: Starting Onionprobe version 1.0.0...
2022-07-23 12:52:30,170 INFO: Initializing Tor process...
2022-07-23 12:52:32,145 INFO: Onionprobe is initialized. Hit Ctrl-C to interrupt it.
2022-07-23 12:52:32,145 INFO: Processing test.onion...
2022-07-23 12:52:32,145 ERROR: Invalid onion service address set for test.onion: test.onion
2022-07-23 12:52:32,146 INFO: Error while receiving a control message (SocketClosed): received exception "read of closed file"
2022-07-23 12:52:32,146 INFO: Error while receiving a control message (SocketClosed): received exception "peek of closed file"
2022-07-23 12:52:32,146 INFO: Error while receiving a control message (SocketClosed): received exception "peek of closed file"
2022-07-23 12:52:32,146 INFO: Error while receiving a control message (SocketClosed): received exception "peek of closed file"
2022-07-23 12:52:32,146 INFO: Error while receiving a control message (SocketClosed): received exception "peek of closed file"
2022-07-23 12:52:32,146 INFO: Error while receiving a control message (SocketClosed): received exception "peek of closed file"
0
```Onionprobe 1.2.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/applications/vpn/-/issues/146Convert typography to use Inter instead of Figtree or Roboto2024-03-05T19:40:15ZdonutsConvert typography to use Inter instead of Figtree or RobotoIn the most recent iteration of the designs, we're using [MD3's default type scale](https://m3.material.io/styles/typography/type-scale-tokens) set in Inter instead of Roboto:
- [Inter on Google Fonts](https://fonts.google.com/specimen/...In the most recent iteration of the designs, we're using [MD3's default type scale](https://m3.material.io/styles/typography/type-scale-tokens) set in Inter instead of Roboto:
- [Inter on Google Fonts](https://fonts.google.com/specimen/Inter)
- [Inter on GitHub](https://github.com/rsms/inter)
This is different from earlier versions of the designs, which were set in [Figtree](https://fonts.google.com/specimen/Figtree). Since then we've adopted stricter requirements for a UI font, such as better latin coverage and compatibility with Cyrillic scripts. We also wish to use Inter as our corporate body font too, so everything matches nicely.
For reference, the styles used in the app are:
<details><summary>Show styles</summary>
**Headline** / Large
- Font: Inter
- Weight: 400
- Size: 32
- Line height: 40
- Letter spacing: 0
**Headline** / Medium
- Font: Inter
- Weight: 400
- Size: 28
- Line height: 36
- Letter spacing: 0
**Headline** / Small
- Font: Inter
- Weight: 400
- Size: 24
- Line height: 32
- Letter spacing: 0
**Title** / Large
- Font: Inter
- Weight: 500
- Size: 22
- Line height: 28
- Letter spacing: 0
**Title** / Medium
- Font: Inter
- Weight: 500
- Size: 16
- Line height: 24
- Letter spacing: 0
**Title** / Small
- Font: Inter
- Weight: 500
- Size: 14
- Line height: 20
- Letter spacing: 0
**Body** / Large
- Font: Inter
- Weight: 400
- Size: 16
- Line height: 24
- Letter spacing: 0
**Body** / Medium
- Font: Inter
- Weight: 400
- Size: 14
- Line height: 20
- Letter spacing: 0
**Body** / Small
- Font: Inter
- Weight: 400
- Size: 12
- Line height: 16
- Letter spacing: 0
**Label** / Large
- Font: Inter
- Weight: 600
- Size: 14
- Line height: 20
- Letter spacing: 0
**Label** / Medium
- Font: Inter
- Weight: 600
- Size: 12
- Line height: 16
- Letter spacing: 0
**Label** / Small
- Font: Inter
- Weight: 600
- Size: 11
- Line height: 16
- Letter spacing: 0
</details>
All text within the app should use one of these styles. Although the styles, sizes and line heights all match to MD3's type scale – note that the weights are different for selected styles ("Title / Large" and all "Label" styles), and letter spacing is always "0".VPN pre-alpha 07https://gitlab.torproject.org/tpo/applications/vpn/-/issues/145Fix the connection bar animation2024-03-27T17:36:16ZdonutsFix the connection bar animationThe connection bar is intended to animate like so: [Figma / Tor VPN for Android](https://www.figma.com/proto/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?page-id=4280%3A1524&type=design&node-id=4621-6088&viewport=-2084%2C233%2C0.65&t=O5WUU...The connection bar is intended to animate like so: [Figma / Tor VPN for Android](https://www.figma.com/proto/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?page-id=4280%3A1524&type=design&node-id=4621-6088&viewport=-2084%2C233%2C0.65&t=O5WUUZ62ub2lXys1-1&scaling=min-zoom&starting-point-node-id=4621%3A6088&mode=design)
At the moment it appears to be doing something different. However it should match the same color transition/animation as Tor Browser's connection bar – but remain fixed at 100% of the device's width.VPN pre-alpha 07https://gitlab.torproject.org/tpo/applications/vpn/-/issues/144Add "General" and "About" sections to Configure2024-03-07T00:04:57ZdonutsAdd "General" and "About" sections to ConfigureThere are additional Configure screens in the Figma file that haven't been built yet – "General", which contains sections for the app icon and notifications, and "About".
The Figma file can be found here: [Figma / Tor VPN for Android](h...There are additional Configure screens in the Figma file that haven't been built yet – "General", which contains sections for the app icon and notifications, and "About".
The Figma file can be found here: [Figma / Tor VPN for Android](https://www.figma.com/file/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?type=design&node-id=4280%3A1524&mode=design&t=QaXRFt9BKyClRF4p-1)VPN pre-alpha 07https://gitlab.torproject.org/tpo/applications/vpn/-/issues/143Convert "Add new bridges" dialog into a full-screen dialog2024-03-05T17:32:20ZdonutsConvert "Add new bridges" dialog into a full-screen dialogThe previous dialog we designed is a little claustrophobic. The text area is quite narrow, and the dialog awkwardly grows in height when new lines are entered. We could improve on this by switching to a full-screen dialog as described he...The previous dialog we designed is a little claustrophobic. The text area is quite narrow, and the dialog awkwardly grows in height when new lines are entered. We could improve on this by switching to a full-screen dialog as described here: https://m3.material.io/components/dialogs/guidelines
The Figma file can be found here: [Figma / Tor VPN for Android](https://www.figma.com/file/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?type=design&node-id=4395%3A1618&mode=design&t=QaXRFt9BKyClRF4p-1)VPN pre-alpha 07https://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/issues/45Reset the lektorproject file after building2024-03-27T21:42:54ZKezReset the lektorproject file after buildingCertain environment variables will make `scripts/build` alter the onion-launchpad.lektorproject file, which can cause issues with future builds. The build script should copy the original lektorproject file to /tmp, and restore it after t...Certain environment variables will make `scripts/build` alter the onion-launchpad.lektorproject file, which can cause issues with future builds. The build script should copy the original lektorproject file to /tmp, and restore it after the build.Onion Launchpad - 2024.Q2Silvio RhattoSilvio Rhatto2024-04-30https://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/issues/32Live demo2024-03-27T21:42:43ZSilvio RhattoLive demo* [x] Set a [live demo at Tor's GitLab Pages][] using CI/CD.
* [x] Include the link in the docs.
* [x] Set a dummy `LEKTOR_SERVICE_URL` (from an address that cannot exist, and thus is unavailable).
* [ ] Request an Onion Service for [TPO...* [x] Set a [live demo at Tor's GitLab Pages][] using CI/CD.
* [x] Include the link in the docs.
* [x] Set a dummy `LEKTOR_SERVICE_URL` (from an address that cannot exist, and thus is unavailable).
* [ ] Request an Onion Service for [TPO's GitLab Pages][]. ~~This needs an issue in [TPA's queue][].~~ See tpo/tpa/team#40379.
* [ ] Set `LEKTOR_ONION_URL` pointing to the Onion Launchpad address that uses TPO GitLab Page's Onion Service.
[live demo at Tor's GitLab Pages]: https://tpo.pages.torproject.net/onion-services/onion-launchpad/
[TPO's GitLab Pages]: https://tpo.pages.torproject.net
[TPA's queue]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/Onion Launchpad - 2024.Q2Silvio RhattoSilvio Rhatto2024-04-30https://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/issues/24Deployment documentation for the Landing Page2024-03-27T21:42:12ZSilvio RhattoDeployment documentation for the Landing Page* [x] Include deployment documentation in the Landing Page's [README.md](https://gitlab.torproject.org/tpo/onion-services/sponsor123-landing-page/-/blob/main/README.md) and/or `docs/` folder.
* [ ] Document the simpler procedure (user fo...* [x] Include deployment documentation in the Landing Page's [README.md](https://gitlab.torproject.org/tpo/onion-services/sponsor123-landing-page/-/blob/main/README.md) and/or `docs/` folder.
* [ ] Document the simpler procedure (user forks Onion Launchpad's mirror on GitLab or GitHub, then configure and trigger a build).
* [ ] Document logo filename convention for automatic translations.
* [ ] Include a screenshot.
* [ ] Explain that it's useful both as a censorship circumvention tool
and as a landing portal for onion-only sites that needs to include
documentation for their users about how to get access.Onion Launchpad - 2024.Q2Silvio RhattoSilvio Rhatto2024-04-30