The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-03-04T08:42:02Zhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40340Add a mechanism to retest the client NAT type2024-03-04T08:42:02ZCecylia BocovichAdd a mechanism to retest the client NAT typeWhile we do periodically retest the NAT type of proxies, a client's NAT type is only checked once on startup. The result is that if, after the initial check, a client's network conditions change, they may have difficulty connecting to pr...While we do periodically retest the NAT type of proxies, a client's NAT type is only checked once on startup. The result is that if, after the initial check, a client's network conditions change, they may have difficulty connecting to proxies in their pool. Since client usage of snowflake is much more time-sensitive than proxies, the trigger for a retest could be a threshold of a certain number of failed Datachannel attempts.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42429Android Connection Assist Non-Portriat-Phone Sizes Design2024-02-29T00:51:27ZclairehurstAndroid Connection Assist Non-Portriat-Phone Sizes DesignFor tor-browser#41188 we have portrait designs, but don't have landscape (and other non-protrait-phone) designs. How do we want the landscape (and other non-portriat-phone sizes) to look for connection assist? I was messing with trying t...For tor-browser#41188 we have portrait designs, but don't have landscape (and other non-protrait-phone) designs. How do we want the landscape (and other non-portriat-phone sizes) to look for connection assist? I was messing with trying to make it look better and have some references. I made the buttons have a max width, brought the toggle closer to the text, and reduced the spacing for the text so that it fits better horizontally (otherwise views start overlapping on certain screens with enough going on)
Mock Native Landscape
![Mock_Native_Landscape](/uploads/b2f313b9b51ae7a0499b3bfde3d917a7/Mock_Native_Landscape.png)
Current HTML Landscape
![HTML_Landscape](/uploads/6fa173af6b86fa10d8c1db5e072c27da/HTML_Landscape.png)
Mock Tablet
![Mock_Tablet](/uploads/bfc51dbdad8bfc6b6d60ea768e3dfb86/Mock_Tablet.png)
Mock Foldable
![Mock_Foldable](/uploads/38eb8f5c11b61ee47fd8e2c1db3d81be/Mock_Foldable.png)
Current Native Portrait
![Native_Portrait](/uploads/384005393822624e481d9a2e60a3935f/Native_Portrait.png){width=25%}donutsdonutshttps://gitlab.torproject.org/tpo/community/support/-/issues/40145Update support documentation for Tor Browser 13.5 release2024-02-27T03:19:59Zebanamebanam@torproject.orgUpdate support documentation for Tor Browser 13.5 releaseUpdate articles on RT and text modules on cdr.link with the Tor Browser 13.5 release.
related: https://gitlab.torproject.org/tpo/web/manual/-/issues/155
/cc @nina @gusUpdate articles on RT and text modules on cdr.link with the Tor Browser 13.5 release.
related: https://gitlab.torproject.org/tpo/web/manual/-/issues/155
/cc @nina @gusebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/web/manual/-/issues/155Update Tor Browser User Manual for the Tor Browser 13.5 release2024-03-18T17:24:36Zebanamebanam@torproject.orgUpdate Tor Browser User Manual for the Tor Browser 13.5 releaseTor Browser tickets for Tor Browser stable 13.5: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/?label_name%5B%5D=13.5%20stableTor Browser tickets for Tor Browser stable 13.5: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/?label_name%5B%5D=13.5%20stableebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/issues/16Transition away from deprecated python distutils2024-03-05T13:57:46Zmicahmicah@torproject.orgTransition away from deprecated python distutilsIn Python 3.10 and 3.11, distutils has been formally marked as deprecated. Code that imports distutils will no longer work from Python 3.12.
Please prepare for this deprecation and migrate away from the Python distutils module.
See-Als...In Python 3.10 and 3.11, distutils has been formally marked as deprecated. Code that imports distutils will no longer work from Python 3.12.
Please prepare for this deprecation and migrate away from the Python distutils module.
See-Also: https://peps.python.org/pep-0632https://gitlab.torproject.org/tpo/web/tpo/-/issues/420Press mentions for 2022 - 2023 needed on website2024-03-12T00:32:37ZemmapeelPress mentions for 2022 - 2023 needed on websiteOur [Press](https://www.torproject.org/press/) page shows articles up until 2021-12-29.Our [Press](https://www.torproject.org/press/) page shows articles up until 2021-12-29.pavelpavel2024-03-31https://gitlab.torproject.org/tpo/core/arti/-/issues/1292Add service config for enabling client authorization ("restricted mode")2024-03-05T14:43:22Zgabi-250Add service config for enabling client authorization ("restricted mode")* [ ] Choose a name for the `enabled` option, and decide what values it
should take (`BoolOrAuto` may not be the right type for it
* [ ] Implement the service configuration for configuring "restricted" mode
with static `authorize...* [ ] Choose a name for the `enabled` option, and decide what values it
should take (`BoolOrAuto` may not be the right type for it
* [ ] Implement the service configuration for configuring "restricted" mode
with static `authorized_clients`:
```toml
[onion_service."allium-cepa".restricted_mode]
# TODO: The naming and values of this field are provisional
enabled = auto | on | off
[onion_service."allium-cepa".restricted_mode.authorized_clients.static]
alice = "descriptor:x25519:PU63REQUH4PP464E2Y7AVQ35HBB5DXDH5XEUVUNP3KCPNOXZGIBA"
bob = "descriptor:x25519:B5ZQGTPERMMUDA6VC63LHJUF5IHPOKJMUK26LY2XKSF7VG52AESQ"
# Alternatively, you can specify a directory of authorized clients.
# Each authorized client is represented by an .auth file, as specified
# under CLIENT AUTHORIZATION in tor(1).
#
# [onion_service."allium-cepa".restricted_mode.authorized_clients]
# path = "/etc/allium/authorized_clients"
```Arti: Feature parity with the C implementationgabi-250gabi-250https://gitlab.torproject.org/tpo/core/arti/-/issues/1291Support encoding the public part of client auth keys in C Tor format2024-02-21T15:36:36Zgabi-250Support encoding the public part of client auth keys in C Tor formatArti: Feature parity with the C implementationgabi-250gabi-250https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42418TorBrowser leave trace on the Windows Event Log by default and there is no wa...2024-03-05T13:50:25ZcypherpunksTorBrowser leave trace on the Windows Event Log by default and there is no way to stop this!To be clear, Mozilla Firefox does same thing.
Steps.
1. Launch Tor Browser latest
2. Open "eventvwr.ms" (The event viewer of Windows)
3. Open "Windows Logs/Application"
You'll see tons of:
```
The description for Event ID 5 from sourc...To be clear, Mozilla Firefox does same thing.
Steps.
1. Launch Tor Browser latest
2. Open "eventvwr.ms" (The event viewer of Windows)
3. Open "Windows Logs/Application"
You'll see tons of:
```
The description for Event ID 5 from source Tor Browser Launcher cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
```https://gitlab.torproject.org/tpo/web/lego/-/issues/63upstream lektor-i18n patches2024-02-20T20:04:13Zanarcatupstream lektor-i18n patchesour lektor-i18n-plugin package has diverged from upstream. submit the patches back upstream in the form of a nice PR and offer collaboration.our lektor-i18n-plugin package has diverged from upstream. submit the patches back upstream in the form of a nice PR and offer collaboration.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/1288RPC: Safe connection method on windows2024-02-24T18:29:44ZNick MathewsonRPC: Safe connection method on windowsOn Unix, we can use AF_UNIX sockets to make sure that we've got a request from an authorized user. But on Windows, we don't have the equivalent. We shoul build some other authentication mechanism (SSL? Disk Cookie? Windows named pipes)...On Unix, we can use AF_UNIX sockets to make sure that we've got a request from an authorized user. But on Windows, we don't have the equivalent. We shoul build some other authentication mechanism (SSL? Disk Cookie? Windows named pipes) before we ship RPC.https://gitlab.torproject.org/tpo/core/arti/-/issues/1286Double-check implementation for SRV disaster fallback values2024-02-20T17:15:11ZNick MathewsonDouble-check implementation for SRV disaster fallback valuesWe do have a check for our disaster_srv calculation (in `tor_netdir::hsdir_params::test::disaster)`, and its value does seem to match up with the C tor implementation's test value in (`test_hs_common.c:test_disaster_srv()`).
But we shou...We do have a check for our disaster_srv calculation (in `tor_netdir::hsdir_params::test::disaster)`, and its value does seem to match up with the C tor implementation's test value in (`test_hs_common.c:test_disaster_srv()`).
But we should create higher level disaster SRV tests, to make sure that we actually build the same ring that C tor does.
We suspect that this could be related to a bug encountered on a day with the authorities failed to negotiate an SRV (‽).Nick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/arti/-/issues/1284Clients should identify services by nickname, not hsid2024-02-21T15:36:38Zgabi-250Clients should identify services by nickname, not hsid * [ ] Add a client-side `ClientSideFooHsNickname` type. Pick a name for it
(it should be distinguishable from the service-side `HsNickname`), define
its charset and decide what limit to impose on its length
* [ ] Add a `Clie... * [ ] Add a client-side `ClientSideFooHsNickname` type. Pick a name for it
(it should be distinguishable from the service-side `HsNickname`), define
its charset and decide what limit to impose on its length
* [ ] Add a `ClientSideFooHsNickname` to the client key specifiers, and make
clients error if there is more than one nickname for any given HsIdArti: Feature parity with the C implementationgabi-250gabi-250https://gitlab.torproject.org/tpo/core/arti/-/issues/1281Implement the arti hsc prepare-stealth-mode-key subcommand2024-02-21T15:36:37Zgabi-250Implement the arti hsc prepare-stealth-mode-key subcommandSee the proposal in https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1987#note_2996998
* [ ] Pick a name for the subcommand (`prepare-restricted-mode-key`? `prepare-shielded-mode-key`?)
* [ ] Implement the subcommand:
``...See the proposal in https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1987#note_2996998
* [ ] Pick a name for the subcommand (`prepare-restricted-mode-key`? `prepare-shielded-mode-key`?)
* [ ] Implement the subcommand:
```
arti hsc prepare-stealth-mode-key
--hs[-]nick[name] ... # no default, option has shorter convenience aliases
[ --config arti.toml ] # default is default arti.toml
[ --keystore ... ] # default is `default`; no client nicknames yet
[ --output FOO.auth ] # default is <hs-nickname>.auth, use `-` for stdout
[ --overwrite ] # overwrites any existing output file; default is to refuse
[ --generate=no|yes|if-needed ] # if-needed is the default; otherwise, can error
```
This depends on #1283, #1284 and #1291Arti: Feature parity with the C implementationgabi-250gabi-250https://gitlab.torproject.org/tpo/community/l10n/-/issues/40133Separate translation contributions per person in the commits, just in case2024-02-13T13:27:07ZemmapeelSeparate translation contributions per person in the commits, just in caseWatching the video at https://fosdem.org/2024/schedule/event/fosdem-2024-1906-lessons-learnt-as-a-translation-contributor-the-past-4-years/ I think I need to change the configuration of our components in weblate.
To save space, and bec...Watching the video at https://fosdem.org/2024/schedule/event/fosdem-2024-1906-lessons-learnt-as-a-translation-contributor-the-past-4-years/ I think I need to change the configuration of our components in weblate.
To save space, and because I can see this information in weblate if I need it, I was squashing translators contributions in weblate all together in one commit. But if a translator would want to remove its contributions, it will be a very difficult thing to do. So it is better to separate the contributions and have one commit per person.emmapeelemmapeelhttps://gitlab.torproject.org/tpo/core/arti/-/issues/1273Implement vanguard pool persistence2024-02-21T17:48:29Zgabi-250Implement vanguard pool persistenceThe pools will likely be stored in the state dir.
This is a prerequisite to implementing vanguards-fullThe pools will likely be stored in the state dir.
This is a prerequisite to implementing vanguards-fullArti: Guard discovery researchgabi-250gabi-250https://gitlab.torproject.org/tpo/core/arti/-/issues/1272Add vanguard configuration options2024-03-26T14:59:04Zgabi-250Add vanguard configuration optionsWe have a few options here:
* have a single, global configuration option the says whether to use
vanguards-lite, or vanguards-full. This would apply to all HS
circuits (to both client and service circuits)
* have separate con...We have a few options here:
* have a single, global configuration option the says whether to use
vanguards-lite, or vanguards-full. This would apply to all HS
circuits (to both client and service circuits)
* have separate configuration options for clients and services (the
service vanguard config would be per-service). This would enable us
to configure clients and services, as well as different services
running in the same arti instance, independently from each other
(I'm not sure whether this is useful though).
We might also want to add config options for overriding the
`guard-hs-l2-number`, `guard-hs-l2-lifetime-min`, `guard-hs-l2-lifetime-max`
consensus parameters, so perhaps we need a proper `VanguardsConfig` (rather than a
simple `vanguards: auto|lite|full` option)
```toml
[onion_services."allium-cepa".vanguards]
kind = "lite"
l2_guard_num = 5
# TODO: there are no consensus params for the l3 guards
l3_guard_num = 15
...
```Arti: Guard discovery researchgabi-250gabi-250https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42406Betterboxing's gradient is visible in new pages2024-02-20T14:38:00ZPier Angelo VendrameBetterboxing's gradient is visible in new pagesI think it's a little bit strange to see the gradient for some time while loading new pages, or under certain other conditions.
![screencapture](/uploads/b30950cd64f8a3c46d97377a7aa04604/screencapture.mp4)
What do you think @jag?I think it's a little bit strange to see the gradient for some time while loading new pages, or under certain other conditions.
![screencapture](/uploads/b30950cd64f8a3c46d97377a7aa04604/screencapture.mp4)
What do you think @jag?https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/266Mullvad Browser should also have a gradient in letterboxing2024-02-20T14:40:14ZPier Angelo VendrameMullvad Browser should also have a gradient in letterboxingThe letterboxing gradient of Tor Browser makes some pages much nicer than Mullvad Browser.
E.g., look at this example on GitHub
<details><summary>Screenshot</summary>
![Screenshot_from_2024-02-12_15-30-53](/uploads/e4cfd802058d23f7230...The letterboxing gradient of Tor Browser makes some pages much nicer than Mullvad Browser.
E.g., look at this example on GitHub
<details><summary>Screenshot</summary>
![Screenshot_from_2024-02-12_15-30-53](/uploads/e4cfd802058d23f72306de444f5b1e3d/Screenshot_from_2024-02-12_15-30-53.png)
</details>
It's particularly a problem with sites that have some dark header, especially if close to the letterbox background.https://gitlab.torproject.org/tpo/team/-/issues/257Find a third party consultant for privacy assessment2024-02-07T15:31:41ZGabagaba@torproject.orgFind a third party consultant for privacy assessmentFor the project "Sponsor 112" we need to "Conduct a privacy impact assessment of monitoring tools with an external party.". This assessment needs to start in July 2024. The first step is to find a consultant to run the assessment.
`O1.4...For the project "Sponsor 112" we need to "Conduct a privacy impact assessment of monitoring tools with an external party.". This assessment needs to start in July 2024. The first step is to find a consultant to run the assessment.
`O1.4: Conduct a privacy impact assessment of monitoring tools with an external party. In this activity, we will engage a third party to conduct a privacy impact assessment of the tools developed in this Objective. The goal of this assessment is to investigate whether or not these tools impact the privacy of relay operators and to ensure that these tools are working in the most rights preserving ways possible. Should issues be discovered in this assessment, we will take recommended action to remedy them. This assessment will include both public- and internal-facing components of these tools. We will make a redacted, summarized, and/or plain language version of this report public.`Gabagaba@torproject.orgGabagaba@torproject.org2024-05-13