The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-11-14T17:56:49Zhttps://gitlab.torproject.org/tpo/core/tor-ci-reproducible/-/issues/6GPG_CMD env variable2022-11-14T17:56:49ZDavid Gouletdgoulet@torproject.orgGPG_CMD env variableFor the Qubes user out there, they use a wrapper around GPG so we need a variable that allows the user to point on where is the GPG binary to use for signing.For the Qubes user out there, they use a wrapper around GPG so we need a variable that allows the user to point on where is the GPG binary to use for signing.https://gitlab.torproject.org/tpo/core/tor-ci-reproducible/-/issues/5Wipe build/ before starting script2022-11-14T17:56:43ZDavid Gouletdgoulet@torproject.orgWipe build/ before starting scriptWe need to wipe `build/` in the `build.sh` script before starting else when it lingers, we get bad results.We need to wipe `build/` in the `build.sh` script before starting else when it lingers, we get bad results.https://gitlab.torproject.org/tpo/core/arti/-/issues/408CLI: unify, streamline, and refactor listener code2022-12-18T21:03:06ZNick MathewsonCLI: unify, streamline, and refactor listener codeRight now we have two kinds of listeners: DNS and SOCKS. We should consider simplifying the logic that creates them a lot.
Some goals are:
* [ ] Eliminate duplicate code.
* [ ] Allow multiple listener ports of the same type.
* [ ...Right now we have two kinds of listeners: DNS and SOCKS. We should consider simplifying the logic that creates them a lot.
Some goals are:
* [ ] Eliminate duplicate code.
* [ ] Allow multiple listener ports of the same type.
* [ ] Allow listening on non-localhost addresses
* [ ] Fail with an error if the port binding fails for some reason other than "we don't support that address family."Arti 1.0.0: Ready for production useIan Jacksoniwj@torproject.orgIan Jacksoniwj@torproject.orghttps://gitlab.torproject.org/tpo/onion-services/oniongroove/-/issues/1Oniongroove deployment research2024-03-27T21:47:32ZSilvio RhattoOniongroove deployment researchResearch on all relevant deployment technologies (DevOps) for Onion Services: build a first matrix of technologies, recipes and strategies, incorporating it into the specs (onion-support#40).Research on all relevant deployment technologies (DevOps) for Onion Services: build a first matrix of technologies, recipes and strategies, incorporating it into the specs (onion-support#40).Oniongroove 0.1.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/issues/2Oniongroove threat model2024-03-27T21:47:21ZSilvio RhattoOniongroove threat modelWrite initial version of [Oniongroove](https://gitlab.torproject.org/rhatto/oniongroove) threat model, including:
* [ ] Consider the scenario where someone run more than a single Onionbalance
"frontend" with the same address but w...Write initial version of [Oniongroove](https://gitlab.torproject.org/rhatto/oniongroove) threat model, including:
* [ ] Consider the scenario where someone run more than a single Onionbalance
"frontend" with the same address but with different backends and uploading
descriptors at different times. Would this:
* Impact the Tor network negativelly?
* Improve load balancing?
* Be an acceptable frontend failover?Oniongroove 0.1.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/92remove private material from the config2023-12-21T17:12:38Zmeskiomeskio@torproject.orgremove private material from the configSo we can keep the config in [rdsys-admin](https://gitlab.torproject.org/tpo/anti-censorship/rdsys-admin).
Right now there are api tokens, smtp passwords, auth tokens, generator seeds, ... Does it make sense to have a second `secrets.js...So we can keep the config in [rdsys-admin](https://gitlab.torproject.org/tpo/anti-censorship/rdsys-admin).
Right now there are api tokens, smtp passwords, auth tokens, generator seeds, ... Does it make sense to have a second `secrets.json` file for that kind of content? There are secrets for the backend, distributors or updaters, does it make sense to mix all of them in the same file?meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/363Support for binding low ports, then dropping privileges2022-12-18T21:03:06ZNick MathewsonSupport for binding low ports, then dropping privilegesWe should have support for dropping our bind-low-port privileges (possibly with a setuid, possibly with a nicer os-specific mechanism) after using them.
Tangentially related to #331.We should have support for dropping our bind-low-port privileges (possibly with a setuid, possibly with a nicer os-specific mechanism) after using them.
Tangentially related to #331.Arti 1.0.0: Ready for production useIan Jacksoniwj@torproject.orgIan Jacksoniwj@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/362Integration support for systemd and similar systems2022-10-20T21:11:27ZNick MathewsonIntegration support for systemd and similar systems@diziet says this won't be too hard. Some stuff we might want:
* watchdog support
* letting the launcher know when we're bootstrapped
* socket-based activation.
We should make sure we work systemd and with the most popular non-syst...@diziet says this won't be too hard. Some stuff we might want:
* watchdog support
* letting the launcher know when we're bootstrapped
* socket-based activation.
We should make sure we work systemd and with the most popular non-systemd launcher system, so as to improve our odds of working everywhere else too.Arti 1.0.0: Ready for production useIan Jacksoniwj@torproject.orgIan Jacksoniwj@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40100Performance modelling of Snowflake2024-02-27T18:25:37ZCecylia BocovichPerformance modelling of SnowflakeAs a followup to previous discussions on Snowflake performance, the purpose of this issue is to track work on modelling and measuring the impact of Snowflake improvements on network performance. This work will be primarily done with the ...As a followup to previous discussions on Snowflake performance, the purpose of this issue is to track work on modelling and measuring the impact of Snowflake improvements on network performance. This work will be primarily done with the [Shadow](https://shadow.github.io/) network simulation tool. This tool can measure the impact that changes to Snowflake can have on the throughput of traffic for clients, as well as resource consumption of the broker and bridge.
Snowflake shadow simulation scripts can be found at https://gitlab.torproject.org/cohosh/snowflake-simulation
There are a few tasks to complete before we are ready to conduct performance experiments:
- [ ] Help Shadow developers debug outstanding issues with go network code
- [ ] Improve the Snowflake network model to accurately reflect the network conditions faced by both snowflake clients and proxy volunteers
- [ ] Improve the output format of test results so they can be easily interpreted
Once these pieces are in place, I plan to conduct the following experiments:
- [ ] Tune turbotunnel parameters by experimenting with the space of probable configurations (#40026)
- [ ] Splitting traffic across multiple snowflake proxies (#25723)
- [ ] The impact of geographic location of proxies on client performance (#31661)
Shadow simulations do have some limitations. We have also deployed onionperf instances to measure real-world Snowflake performance. If evidence for performance improvements is compelling enough, we can measure the impact of the change in deployment from these locations.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/applications/vpn/-/issues/1Define a Threat Model2023-11-24T11:58:28ZMatthew FinkelDefine a Threat ModelAs a reference, [Tor Browser's design document](https://2019.www.torproject.org/projects/torbrowser/design/) describes which threats/attacks are considered in-scope. A VPN (or VPN-like service) has different strengths and weaknesses, the...As a reference, [Tor Browser's design document](https://2019.www.torproject.org/projects/torbrowser/design/) describes which threats/attacks are considered in-scope. A VPN (or VPN-like service) has different strengths and weaknesses, therefore we must define those and evaluate reasonable expectations.
Some initial questions:
- When are the VPN's protections applicable?
- What are reasonable expectaions when the service is disabled?
- What are reasonable expectations when the service is enabled?
- Which use cases can we reasonably support? (e.g., under which circumstances can we fail-closed: device is rebooted or app crashes?)
- What properties does an application's connection gain/have when routed through this service?Sponsor 101 - Tor VPN Client for Androidmicahmicah@torproject.orgmicahmicah@torproject.org2024-01-29https://gitlab.torproject.org/tpo/ux/team/-/issues/73Deprecate UX mailing list2024-01-29T20:09:51ZdonutsDeprecate UX mailing listGiven the conversation about deprecating tor-talk happening in https://gitlab.torproject.org/tpo/community/support/-/issues/40057, I'd like to get @tpo/ux's opinion on doing the same to the UX mailing list sooner rather than later – for ...Given the conversation about deprecating tor-talk happening in https://gitlab.torproject.org/tpo/community/support/-/issues/40057, I'd like to get @tpo/ux's opinion on doing the same to the UX mailing list sooner rather than later – for the following reasons:
- The UX mailing list doesn't get much engagement at all
- Whereas there are a lot of strong opinions about UX on the forum, and better visibility for UX/Applications-related topics
- I also frequently forget the UX mailing list exists, and it's more or less just become an archive for team-meeting minutes
In short: the forum is now a far more attractive avenue for community engagement and volunteer recruitment.
If we do decide to go ahead and deprecate the UX mailing list, we could follow the same plan of action outlined for tor-talk above.
Let me know what you think!https://gitlab.torproject.org/tpo/core/arti/-/issues/289initial_predicted_ports and handling during reconfigure2022-08-11T14:26:52ZIan Jacksoniwj@torproject.orginitial_predicted_ports and handling during reconfigureCurrently (if the docs are to be believed) an attempt to change this field on reload causes an error.
IMO this is wrong. Fields that genuinely affect only the startup ought to be freely changeable. Otherwise you might change the on-di...Currently (if the docs are to be believed) an attempt to change this field on reload causes an error.
IMO this is wrong. Fields that genuinely affect only the startup ought to be freely changeable. Otherwise you might change the on-disk config file intending to have this change at next restart, and then find that you cannot make other config changes.
However, ISTM that for this specific field, there is a more fundamental problem. This parameter is used for preemptive circuit constrution. Declaring a new set of ports for which we want to now preemptively build circuits seems like a meaningful thing to do at runtime. So, the parameter has the wrong semantics (and the wrong name).
Combining, during reload, a new set of configured ports with the ones discovered during runtime, is left as an exercise to the implementor. I think any plausible algorithm will do.
I am *not* tagging this as an API break, because we need to be able to evolve the config file without breaking changes. See also #285.Arti 1.0.0: Ready for production useIan Jacksoniwj@torproject.orgIan Jacksoniwj@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/72Some bridges don't have a valid status page2024-03-06T16:41:13ZCecylia BocovichSome bridges don't have a valid status page@gk found a bridge that doesn't have a valid status page, but it does show up in the extra info files that rdsys is using.
Relay search page: https://metrics.torproject.org/rs.html#details/47D7B70C2E411A941348AF2132D41BC4554FDD25
bridg...@gk found a bridge that doesn't have a valid status page, but it does show up in the extra info files that rdsys is using.
Relay search page: https://metrics.torproject.org/rs.html#details/47D7B70C2E411A941348AF2132D41BC4554FDD25
bridgestrap status page: https://bridges.torproject.org/status?id=47D7B70C2E411A941348AF2132D41BC4554FDD25
I've verified the bridge is in the extrainfo file. So rdsys seems to be throwing it out for some reason? If the bridge doesn't work, it should show up as dysfunctional but still be saved as a valid resource.meskiomeskio@torproject.orgmeskiomeskio@torproject.org2024-07-31https://gitlab.torproject.org/tpo/core/tor-ci-release/-/issues/2Use "shellcheck -euo pipefail" in all scripts.2022-11-14T18:20:42ZNick MathewsonUse "shellcheck -euo pipefail" in all scripts.To avoid shell scripting errors, we want the script to exit when things go badly. The usual incantation is `set -euo pipefail`, meaning:
* `-e`: exit on first failed command
* `-u`: treat unset variables as failures
* `-o pipefail`: t...To avoid shell scripting errors, we want the script to exit when things go badly. The usual incantation is `set -euo pipefail`, meaning:
* `-e`: exit on first failed command
* `-u`: treat unset variables as failures
* `-o pipefail`: treat pipelines as failed if any command in them fails.https://gitlab.torproject.org/tpo/core/arti/-/issues/177Recover from corrupted state or cache on startup.2023-06-13T17:50:00ZNick MathewsonRecover from corrupted state or cache on startup.When we start up, if we can't load our persistent state, we'll currently exit with an error. That's not good user experience: instead we should maybe move aside any broken/unreadable state files? Or perhaps we should ignore them and no...When we start up, if we can't load our persistent state, we'll currently exit with an error. That's not good user experience: instead we should maybe move aside any broken/unreadable state files? Or perhaps we should ignore them and not use persistent state? There are multiple possibilities here, and it's not obvious which is best.Arti 1.0.0: Ready for production usehttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/33Meek-azure deprecation plan2023-11-14T15:49:44ZGusMeek-azure deprecation planAs meek-azure domain fronting days are [counted](https://www.microsoft.com/security/blog/2021/03/26/securing-our-approach-to-domain-fronting-within-azure/), I'm opening this ticket to draft a deprecation plan:
1. Remove 'meek-azure' opt...As meek-azure domain fronting days are [counted](https://www.microsoft.com/security/blog/2021/03/26/securing-our-approach-to-domain-fronting-within-azure/), I'm opening this ticket to draft a deprecation plan:
1. Remove 'meek-azure' option from Tor Browser for Android and Desktop built-in bridges (cc: Tor Browser Devs).
2. Update Tor user support docs (tpo/web/support and tpo/web/manual).
3. Help users to migrate to secret bridges and/or Snowflake.
4. Since Chinese users rely on meek-azure, we should announce this change on Tor Comms (Twitter, Mastodon) and community channels (IFF mattermost, Tor mailing lists, OONI channel). It would be nice to have the content translated in zh-CN.
5. I don't think Guardian Project is shipping Orbot with meek-azure anymore, but we should ping Nathan.
6. Finally, shutdown meek-azure bridge.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/network-health/team/-/issues/100Go over metrics docs and replace references to gitweb with those to Gitlab an...2024-03-27T09:44:42ZGeorg KoppenGo over metrics docs and replace references to gitweb with those to Gitlab and move missing code if neededWe see Gitlab as the canonical place for metrics code nowadays, yet at least a bunch of docs still point to Gitweb (and it's not clear whether there are still code bases git.tpo-only).
We should go over our code and docs to make sure Gi...We see Gitlab as the canonical place for metrics code nowadays, yet at least a bunch of docs still point to Gitweb (and it's not clear whether there are still code bases git.tpo-only).
We should go over our code and docs to make sure Gitlab is indeed seen by all of that as the True Location.
/cc @hiro @irlGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40029[Turkmenistan] Number of directly connecting users is going down2024-03-05T18:48:39ZGus[Turkmenistan] Number of directly connecting users is going downThe current number of Tor users in TM is going down since July 2021. I'm creating this ticket to investigate what's happening and ask volunteers to run emma.
![Screenshot_2021-08-10_Users___Tor_Metrics](/uploads/84cb05ae72314320d73bad18...The current number of Tor users in TM is going down since July 2021. I'm creating this ticket to investigate what's happening and ask volunteers to run emma.
![Screenshot_2021-08-10_Users___Tor_Metrics](/uploads/84cb05ae72314320d73bad184aeb15f4/Screenshot_2021-08-10_Users___Tor_Metrics.png)
https://metrics.torproject.org/userstats-relay-country.html?start=2021-05-12&end=2021-08-10&country=tm&events=offshelikhooshelikhoohttps://gitlab.torproject.org/tpo/web/manual/-/issues/99Update known issues page - Tor Browser desktop and mobile2024-01-30T13:40:21ZGusUpdate known issues page - Tor Browser desktop and mobileAccording to the [blog post](https://blog.torproject.org/new-release-tor-browser-105), here's a list of known issues that we need to update the Tor Browser Manual:
### Desktop
- tpo/applications/tor-browser#40497
- tpo/applications/tor...According to the [blog post](https://blog.torproject.org/new-release-tor-browser-105), here's a list of known issues that we need to update the Tor Browser Manual:
### Desktop
- tpo/applications/tor-browser#40497
- tpo/applications/tor-browser#40242
- tpo/applications/tor-browser#40506
- tpo/applications/tor-browser#40510
https://tb-manual.torproject.org/known-issues/
### Mobile
- tpo/applications/fenix#40176
- tpo/applications/fenix#40110
- tpo/applications/fenix#40172
- tpo/applications/fenix#40174
- tpo/applications/fenix#40103
- tpo/applications/fenix#40115
- tpo/applications/fenix#40324
https://tb-manual.torproject.org/mobile-tor/ebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/40422[CircuitPadding] circpad_add_matching_machines() should be called when a cir...2023-06-09T13:26:45ZJaym[CircuitPadding] circpad_add_matching_machines() should be called when a circuit has opened.### Summary
The circuit padding framework supports negotiating padding upon various events. Among them, CIRCPAD_CIRC_OPENED states that a given padding machine should be applied to a circuit when a circuit has opened.
However, no code ...### Summary
The circuit padding framework supports negotiating padding upon various events. Among them, CIRCPAD_CIRC_OPENED states that a given padding machine should be applied to a circuit when a circuit has opened.
However, no code seems to trigger this mechanism. When a circuit has built, the function circpad_machine_event_circ_built() is called and checks whether some machine may be removed/added to the circuit. However, at this stage of the circuit building process, the circuit has built but is not marked as open yet.
### Bug
If some machine uses `client_machine->conditions.apply_state_mask = CIRCPAD_CIRC_OPENED;` the machine would only be applied when another event than a circ building/opening triggers the function circpad_add_matching_machines() (e.g., ap conn links a stream, or the circ purpose changes from general to something else).
### What is the expected behavior?
When circuituse.c calls circuit_has_opened(), it should also call the circpad module; e.g., a new function circpad_machine_event_circ_opened() that checks for adding machine to the circuit.
### Environment
Running a version forked from 0.4.5.7
### Relevant logs and/or screenshots
Contains some logs showing a call to circpad_machine_event_circ_built() while the circuit is still marked as building. Also contains custom logs:
```Jun 30 11:23:50.000 [info] circuit_finish_handshake(): Finished building circuit hop:
Jun 30 11:23:50.000 [info] internal (high-uptime) circ (length 3, last hop test000a): $22BA781A60C0CBB7FFAEA8858128427F67F60038(open) $7684DE04DCBB44538554E2CD1D14CDF836D5AF4D(open) $C7ADB1DBCE99F0B2ED2812B1953E4986EE9846DB(open)
Jun 30 11:23:50.000 [debug] dispatch_send_msg_unchecked(): Queued: ocirc_cevent (<gid=7 evtype=2 reason=0 onehop=0>) from or, on ocirc.
Jun 30 11:23:50.000 [debug] dispatcher_run_msg_cbs(): Delivering: ocirc_cevent (<gid=7 evtype=2 reason=0 onehop=0>) from or, on ocirc:
Jun 30 11:23:50.000 [debug] dispatcher_run_msg_cbs(): Delivering to btrack.
Jun 30 11:23:50.000 [debug] btc_cevent_rcvr(): CIRC gid=7 evtype=2 reason=0 onehop=0
Jun 30 11:23:50.000 [debug] circuit_build_times_add_time(): Adding circuit build time 43
Jun 30 11:23:50.000 [debug] circpad_machine_conditions_apply(): Checking circuit purpose, 5
Jun 30 11:23:50.000 [debug] circpad_machine_conditions_apply(): Checking condition state mask 21 vs condition: 2
Jun 30 11:23:50.000 [debug] circpad_machine_conditions_apply(): Checking circuit purpose, 5
Jun 30 11:23:50.000 [debug] circpad_machine_conditions_apply(): Checking circuit purpose, 5
Jun 30 11:23:50.000 [debug] circpad_machine_event_circ_built(): Circpad module event circ built -- circ state: 0
Jun 30 11:23:50.000 [debug] circpad_machine_conditions_apply(): Checking circuit purpose, 5
Jun 30 11:23:50.000 [debug] circpad_machine_conditions_apply(): Checking condition state mask 21 vs condition: 2
Jun 30 11:23:50.000 [debug] circpad_machine_conditions_apply(): Checking circuit purpose, 5
Jun 30 11:23:50.000 [debug] circpad_machine_conditions_apply(): Checking circuit purpose, 5
Jun 30 11:23:50.000 [debug] invoke_plugin_operation_or_default(): Plugin found for caller calling a plugin in the circpad module when a circuit has built
Jun 30 11:23:50.000 [info] circpad_dropmark_activate_when_built(): Looks like the client_dropmark_def machine does not exist over this circuit
Jun 30 11:23:50.000 [debug] plugin_run(): Plugin execution returned -2147483648
Jun 30 11:23:50.000 [debug] plugin_run(): vm error message: (null)
Jun 30 11:23:50.000 [info] entry_guards_note_guard_success(): Recorded success for primary confirmed guard test002r ($22BA781A60C0CBB7FFAEA8858128427F67F60038)
Jun 30 11:23:50.000 [debug] dispatch_send_msg_unchecked(): Queued: ocirc_state (<gid=7 state=4 onehop=0>) from or, on ocirc.
Jun 30 11:23:50.000 [debug] dispatcher_run_msg_cbs(): Delivering: ocirc_state (<gid=7 state=4 onehop=0>) from or, on ocirc:
Jun 30 11:23:50.000 [debug] dispatcher_run_msg_cbs(): Delivering to btrack.
Jun 30 11:23:50.000 [debug] btc_state_rcvr(): CIRC gid=7 state=4 onehop=0
Jun 30 11:23:50.000 [info] circuit_build_no_more_hops(): circuit built!
Jun 30 11:23:50.000 [info] pathbias_count_build_success(): Got success count 3.000000/3.000000 for guard test002r ($22BA781A60C0CBB7FFAEA8858128427F67F60038)
Jun 30 11:23:50.000 [debug] circuit_has_opened(): calling circuit_has_opened()
```
### Possible fixes
Add a new function circpad_machine_event_circ_opened() called from circuituse.c when the circuit has opened.Tor: 0.4.8.x-freezeMike PerryMike Perry