The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-10-20T21:12:53Zhttps://gitlab.torproject.org/tpo/core/arti/-/issues/559add CI test which searches logs for sensitive data2022-10-20T21:12:53ZIan Jacksoniwj@torproject.orgadd CI test which searches logs for sensitive dataWe should add a test to the CI that greps the integration test logs for as many of the things mentioned in `doc/Safelogging.md` as we can.
We can use the existing logs, which run with a high verbosity level, and filter them (post-hoc, i...We should add a test to the CI that greps the integration test logs for as many of the things mentioned in `doc/Safelogging.md` as we can.
We can use the existing logs, which run with a high verbosity level, and filter them (post-hoc, in an ad-hoc way) for severity.Ian Jacksoniwj@torproject.orgIan Jacksoniwj@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/558EST_INTRO_DOS_EXT: parameter validation2024-02-22T15:00:06ZIan Jacksoniwj@torproject.orgEST_INTRO_DOS_EXT: parameter validationIn torspec#167 torspec!88 we propose to tighten up the parsing of this cell.
FTR this is the currently behaviour in Arti (since !648):
1. We do not check that `rate <= burst`; probably this ought to be checked in `EstIntroExtDoS::new` ...In torspec#167 torspec!88 we propose to tighten up the parsing of this cell.
FTR this is the currently behaviour in Arti (since !648):
1. We do not check that `rate <= burst`; probably this ought to be checked in `EstIntroExtDoS::new` and also on cell parsing (the `Readable` impl)
2. We accept repeated parameters, taking the last.
3. We accept invalid parameters, discarding them (and using consensus default).
4. We do not check parameter ordering when deserialising.
The current state of torpsec!88 would imply changing 1-3 and leaving 4 as it is.Arti: Onion Service SecurityIan Jacksoniwj@torproject.orgIan Jacksoniwj@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/554Move channel padding logic into the channel reactor2023-02-27T12:00:17ZetaMove channel padding logic into the channel reactorAs part of the discussions on arti!657, we agreed to move some of the channel padding logic back into the channel reactor. This ticket tracks that work (and mostly exists so I don't forget to actually do that refactor).As part of the discussions on arti!657, we agreed to move some of the channel padding logic back into the channel reactor. This ticket tracks that work (and mostly exists so I don't forget to actually do that refactor).https://gitlab.torproject.org/tpo/onion-services/sauteed-onions/web/-/issues/2Link HotFOCI talk2022-08-23T18:10:33ZRasmus Dahlbergrasmus@rgdd.seLink HotFOCI talkLink @syverson's HotFOCI talk somewhere. Let's defer until we know if there
will be any official upload from HotFOCI, otherwise fix that ourselves.Link @syverson's HotFOCI talk somewhere. Let's defer until we know if there
will be any official upload from HotFOCI, otherwise fix that ourselves.https://gitlab.torproject.org/tpo/onion-services/sauteed-onions/web/-/issues/1Update search example images2022-08-17T21:10:59ZRasmus Dahlbergrasmus@rgdd.seUpdate search example imagesIt would be nice to show screenshots of using api.sauteed-onions.org. If
we do, I'm not sure if our crt.sh example should be kept, moved, or removed.
(Something that's nice about the crt.sh example is that it shows what happens
in deta...It would be nice to show screenshots of using api.sauteed-onions.org. If
we do, I'm not sure if our crt.sh example should be kept, moved, or removed.
(Something that's nice about the crt.sh example is that it shows what happens
in detail; whereas api.sauteed-onions.org has a UX that hides details.)https://gitlab.torproject.org/tpo/onion-services/sauteed-onions/monitor/-/issues/1Verify that downloaded entries are in a consistent Merkle tree2022-08-17T21:10:36ZRasmus Dahlbergrasmus@rgdd.seVerify that downloaded entries are in a consistent Merkle treeIn addition to downloading all log entries we should also verify that they are included in a consistent Merkle tree.In addition to downloading all log entries we should also verify that they are included in a consistent Merkle tree.Rasmus Dahlbergrasmus@rgdd.seRasmus Dahlbergrasmus@rgdd.sehttps://gitlab.torproject.org/tpo/core/arti/-/issues/540Feedback on developer experience using Onion Services2023-10-10T16:15:13ZGabagaba@torproject.orgFeedback on developer experience using Onion ServicesCreating a ticket from feedback we received on the use of Onion Services in an application that connect users through it. This is something to consider for when we start working on OS in Arti.
> This is part of the first time user exper...Creating a ticket from feedback we received on the use of Onion Services in an application that connect users through it. This is something to consider for when we start working on OS in Arti.
> This is part of the first time user experience for us, where users enter an onion address and then attempt to connect to it, so it ends up being a big deal. It also makes demos difficult if there's a chance that this step could take a minute or more.
>
> Things that could help in order of importance:
>
> 1. Being really fast (< 10 seconds? < 3 seconds?)
> 2. Being bounded (99.9% of the time connecting in < 1 minute) since this would let us show meaningful progress based on the worst case.
> 3. Some sense of progress that we could relay to the user, if there is a way to provide this.
> 4. Knowing, on the host side, when an onion address is "ready" to receive incoming connections.
> 5. Some built in mechanism for timeout/retry so that we don't have to guess what the best mechanism would be ourselves. (We've noticed that sometimes it's better to try a fresh connection than to simply wait.)
>
> The only other thing we care about is very high reliability for onion services overall.Arti: Onion service supporthttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41087Onion Services show broken padlock instead of Secure Onion icon in the URL ba...2023-11-06T23:36:20ZrichardOnion Services show broken padlock instead of Secure Onion icon in the URL bar on AndroidDan BallardDan Ballardhttps://gitlab.torproject.org/tpo/web/lego/-/issues/50Use `mailto:gettor@...?body=...` links wherever the gettor email is mentioned2024-02-22T15:39:24ZWofWcawofwca@protonmail.comUse `mailto:gettor@...?body=...` links wherever the gettor email is mentionedExample link:
<mailto:gettor@torproject.org?body=windows%20en_US>
If you click this link, this will tell the handler to prefill the body with `windows en_US`. Maybe could also add something else, like a comment about "replace `windows`...Example link:
<mailto:gettor@torproject.org?body=windows%20en_US>
If you click this link, this will tell the handler to prefill the body with `windows en_US`. Maybe could also add something else, like a comment about "replace `windows` with `linux` if you need to, and `en_US` with the name of your locale <a link to locales list>".
For example, on gettor.torproject.org we could generate such a link, instead of just giving verbal instructions. Also we could add "OS" and "locale" `<select>`s and change the link based on that, and try to detect the locale and OS for default values.
Also there needs to be a "copy" button as currently in Chromium and Gecko it appears that if you right-click and copy the link, it only copies the email address.
This should allow to share such a link more easily as you don't have to add instructions along with email address.
We could also add such links to the response emails as well (e.g. if the user did not specify the OS) - maybe make a table with OS as columns, language as rows and links as cells.
But I shall warn that removing the instructions and only relying on such links is probably not good because they don't always do what I described. For example, if you set Chromium as the `mailto` link handler, and do not set up any handler websites inside the browser, clicking such link will do nothing.
I don't know where else this email is mentioned, maybe this can help https://gitlab.torproject.org/tpo/anti-censorship/gettor-project/gettor/-/issues/87
And I'm not sure if this is the right place for this issue, maybe https://gitlab.torproject.org/tpo/anti-censorship/gettor-project is more appropriate, feel free to move it.
Related: https://gitlab.torproject.org/tpo/anti-censorship/gettor-project/gettor/-/issues/64Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2024-03-31https://gitlab.torproject.org/tpo/network-health/metrics/collector/-/issues/40029Clean up torperf archive and stop archiving "new" data2024-03-21T17:14:43ZGeorg KoppenClean up torperf archive and stop archiving "new" dataTorperf is long gone but we are still archiving "new" data, see: https://metrics.torproject.org/collector/archive/torperf/. We should stop that and remove the "archives" from 2020-06 on (inclusive).Torperf is long gone but we are still archiving "new" data, see: https://metrics.torproject.org/collector/archive/torperf/. We should stop that and remove the "archives" from 2020-06 on (inclusive).HiroHirohttps://gitlab.torproject.org/tpo/web/community/-/issues/280add information about contacting new relay operators in the requirements2023-04-05T19:00:27Zemmapeeladd information about contacting new relay operators in the requirementsThere was a thread the other day in reddit about tor project wanting to contact a new relay operator that added lots of relays to the network in a very short time.
The whole thread was about why the tor project wanted to do a video call...There was a thread the other day in reddit about tor project wanting to contact a new relay operator that added lots of relays to the network in a very short time.
The whole thread was about why the tor project wanted to do a video call and how bad that was.
We should maybe add some information about this to https://community.torproject.org/relay/relays-requirements/
We can also mention starting an asociation as a good way to preserve the anonimity of individuals, while still keeping certain accountability to benefit the netwrok.
One good phrase about this issue is:
```
Remember that running a relay is an act of transparency
(even though being a Tor user is an act of privacy),
because the way to strengthen trust in relays is by having a stronger community
Be sure to set your ContactInfo to a working email address in case we need to reach you
```
which is part of the sysadmin101 howto gman999 did for the relay operators.GusGushttps://gitlab.torproject.org/tpo/community/training/-/issues/49[Training] Prepare training and outreach material on Internet shutdowns2024-03-06T13:47:48Zraya[Training] Prepare training and outreach material on Internet shutdownsThe idea here is to start creating material that is not centered around the technology but is framed around a use case.
In this case, the slides would talk about Internet censorship and shutdowns more generally:
- Defining Internet shut...The idea here is to start creating material that is not centered around the technology but is framed around a use case.
In this case, the slides would talk about Internet censorship and shutdowns more generally:
- Defining Internet shutdowns (based on #KeepItOn's newest [working definition](https://rightscon.summit.tc/t/2022/events/revising-our-working-definition-of-shutdowns-9rPraKJSSZo5gU6wRnMrY9))
- Outlining the different types of Internet censorship
- Measuring network interference (with OONI)
Where drafts are being written:
- Training slides structure: https://pad.riseup.net/p/tor-internet-shutdowns-prepare
- Outreach material structure: https://pad.riseup.net/p/tor-internet-shutdown-outreach
- https://docs.google.com/presentation/d/1L4yTldEaIaoUDS7JmRJ8x2G-jOPfJ_g5Hek-SH530B4/edit
Note: once material is completed and reviewed, translate it into markdown for Reveal JS.rayarayahttps://gitlab.torproject.org/tpo/web/community/-/issues/272Redesign the main menu on mobile devices2023-05-02T17:00:27ZGusRedesign the main menu on mobile devicesThe main menu on mobile devices is taking up a good part of the page and it's also covering up the internal menus.
![community portal main menu](/uploads/bceaf486dcd9892900e1036fdfe2e36a/community-portal-menu.jpeg)The main menu on mobile devices is taking up a good part of the page and it's also covering up the internal menus.
![community portal main menu](/uploads/bceaf486dcd9892900e1036fdfe2e36a/community-portal-menu.jpeg)https://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/71Module to spread the use of Onion-Location header2022-04-07T22:20:08ZSilvio RhattoModule to spread the use of Onion-Location headerIs there a way to make easy the setting up of the [Onion-Location header](https://community.torproject.org/onion-services/advanced/onion-location/)?
Right now it's just a single line of code to be added either in the webserver/proxy or ...Is there a way to make easy the setting up of the [Onion-Location header](https://community.torproject.org/onion-services/advanced/onion-location/)?
Right now it's just a single line of code to be added either in the webserver/proxy or in the website HTML, but could it be done easier?
Could a tool be built to make this task even simpler?https://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/69Tool to manage Onion Service auth keys2023-10-20T16:17:37ZSilvio RhattoTool to manage Onion Service auth keysModule to create Onion Services authorization keys, given that [the current instructions](https://community.torproject.org/onion-services/advanced/client-auth/) are not very handy to follow. Some tool/library could automate this manageme...Module to create Onion Services authorization keys, given that [the current instructions](https://community.torproject.org/onion-services/advanced/client-auth/) are not very handy to follow. Some tool/library could automate this management in the server side.
Thanks @gus for the idea :-)https://gitlab.torproject.org/tpo/core/tor-ci-reproducible/-/issues/6GPG_CMD env variable2022-11-14T17:56:49ZDavid Gouletdgoulet@torproject.orgGPG_CMD env variableFor the Qubes user out there, they use a wrapper around GPG so we need a variable that allows the user to point on where is the GPG binary to use for signing.For the Qubes user out there, they use a wrapper around GPG so we need a variable that allows the user to point on where is the GPG binary to use for signing.https://gitlab.torproject.org/tpo/core/tor-ci-reproducible/-/issues/5Wipe build/ before starting script2022-11-14T17:56:43ZDavid Gouletdgoulet@torproject.orgWipe build/ before starting scriptWe need to wipe `build/` in the `build.sh` script before starting else when it lingers, we get bad results.We need to wipe `build/` in the `build.sh` script before starting else when it lingers, we get bad results.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40029[Turkmenistan] Number of directly connecting users is going down2024-03-05T18:48:39ZGus[Turkmenistan] Number of directly connecting users is going downThe current number of Tor users in TM is going down since July 2021. I'm creating this ticket to investigate what's happening and ask volunteers to run emma.
![Screenshot_2021-08-10_Users___Tor_Metrics](/uploads/84cb05ae72314320d73bad18...The current number of Tor users in TM is going down since July 2021. I'm creating this ticket to investigate what's happening and ask volunteers to run emma.
![Screenshot_2021-08-10_Users___Tor_Metrics](/uploads/84cb05ae72314320d73bad184aeb15f4/Screenshot_2021-08-10_Users___Tor_Metrics.png)
https://metrics.torproject.org/userstats-relay-country.html?start=2021-05-12&end=2021-08-10&country=tm&events=offshelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/92remove private material from the config2023-12-21T17:12:38Zmeskiomeskio@torproject.orgremove private material from the configSo we can keep the config in [rdsys-admin](https://gitlab.torproject.org/tpo/anti-censorship/rdsys-admin).
Right now there are api tokens, smtp passwords, auth tokens, generator seeds, ... Does it make sense to have a second `secrets.js...So we can keep the config in [rdsys-admin](https://gitlab.torproject.org/tpo/anti-censorship/rdsys-admin).
Right now there are api tokens, smtp passwords, auth tokens, generator seeds, ... Does it make sense to have a second `secrets.json` file for that kind of content? There are secrets for the backend, distributors or updaters, does it make sense to mix all of them in the same file?meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40100Performance modelling of Snowflake2024-02-27T18:25:37ZCecylia BocovichPerformance modelling of SnowflakeAs a followup to previous discussions on Snowflake performance, the purpose of this issue is to track work on modelling and measuring the impact of Snowflake improvements on network performance. This work will be primarily done with the ...As a followup to previous discussions on Snowflake performance, the purpose of this issue is to track work on modelling and measuring the impact of Snowflake improvements on network performance. This work will be primarily done with the [Shadow](https://shadow.github.io/) network simulation tool. This tool can measure the impact that changes to Snowflake can have on the throughput of traffic for clients, as well as resource consumption of the broker and bridge.
Snowflake shadow simulation scripts can be found at https://gitlab.torproject.org/cohosh/snowflake-simulation
There are a few tasks to complete before we are ready to conduct performance experiments:
- [ ] Help Shadow developers debug outstanding issues with go network code
- [ ] Improve the Snowflake network model to accurately reflect the network conditions faced by both snowflake clients and proxy volunteers
- [ ] Improve the output format of test results so they can be easily interpreted
Once these pieces are in place, I plan to conduct the following experiments:
- [ ] Tune turbotunnel parameters by experimenting with the space of probable configurations (#40026)
- [ ] Splitting traffic across multiple snowflake proxies (#25723)
- [ ] The impact of geographic location of proxies on client performance (#31661)
Shadow simulations do have some limitations. We have also deployed onionperf instances to measure real-world Snowflake performance. If evidence for performance improvements is compelling enough, we can measure the impact of the change in deployment from these locations.Cecylia BocovichCecylia Bocovich