The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-08-30T12:29:24Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/40846Expired signing key2023-08-30T12:29:24ZAndreasExpired signing keyThe key referenced at https://gitlab.torproject.org/tpo/core/tor/-/blame/main/README.md#L44, and used for signing the tor-0.4.8.4 tag, is expired since Aug 23.The key referenced at https://gitlab.torproject.org/tpo/core/tor/-/blame/main/README.md#L44, and used for signing the tor-0.4.8.4 tag, is expired since Aug 23.David Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/1016Remove webpki transitive dependency somehow.2023-12-07T12:16:52ZNick MathewsonRemove webpki transitive dependency somehow.Because of https://rustsec.org/advisories/RUSTSEC-2023-0052 , we want to get rid of the transitive `webpki` dependency from `tls-api` in `arti-hyper`. The `webpki` crate is unmaintained; the `rustls-webpki` crate is apparently what is r...Because of https://rustsec.org/advisories/RUSTSEC-2023-0052 , we want to get rid of the transitive `webpki` dependency from `tls-api` in `arti-hyper`. The `webpki` crate is unmaintained; the `rustls-webpki` crate is apparently what is recommended instead.
I've opened an issue in `tls-api` as https://github.com/stepancheg/rust-tls-api/issues/45.
But also see #509 and https://github.com/stepancheg/rust-tls-api/issues/44. I suspect `tls-api` may be unmaintained?https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/229uBO doesn't apply cosmetic filters unless added via picker and only for the s...2024-03-05T14:56:58ZThorinuBO doesn't apply cosmetic filters unless added via picker and only for the sessionat least for images (from https://github.com/mullvad/mullvad-browser/issues/127 )
STR
add cosmetic filters, save/apply
```
||www.google.com/images/branding/googlelogo/*x/googlelogo_light_color_272x92dp.png$image
||www.google.com/images/...at least for images (from https://github.com/mullvad/mullvad-browser/issues/127 )
STR
add cosmetic filters, save/apply
```
||www.google.com/images/branding/googlelogo/*x/googlelogo_light_color_272x92dp.png$image
||www.google.com/images/branding/googlelogo/*x/googlelogo_color_272x92dp.png$image
```
visit google.com .. image loads
now add the filter from the picker (doesn't matter if it adds a duplicate entry), the image is removed. open a new tab, close the current google tab, open google, image is blocked.
restart, check filters (they are there), load google .. image is not blocked
note: can't reproduce the issue on ESR102 starting PB mode, or any FF releaseshttps://gitlab.torproject.org/tpo/applications/vpn/-/issues/109Leak Canary reports ConnectionFragment.binding as having a distinct leak2023-09-07T21:25:43Zmicahmicah@torproject.orgLeak Canary reports ConnectionFragment.binding as having a distinct leakUsing the 425e2e1d version of the vpn, on a google pixel 4a(5g), running calyxOS. I get often a LeakCanary reporting a problem.
This is the leak trace that I printed to Logcat, I am not sure which pieces are useful to share, but I can p...Using the 425e2e1d version of the vpn, on a google pixel 4a(5g), running calyxOS. I get often a LeakCanary reporting a problem.
This is the leak trace that I printed to Logcat, I am not sure which pieces are useful to share, but I can provide more:
```
08-11 11:14:04.988 22504 22535 D LeakCanary: LeakCanary is running and ready to detect memory leaks.
08-11 11:20:59.863 22504 22504 D LeakCanary:
08-11 11:20:59.863 22504 22504 D LeakCanary: ┬───
08-11 11:20:59.863 22504 22504 D LeakCanary: │ GC Root: System class
08-11 11:20:59.863 22504 22504 D LeakCanary: │
08-11 11:20:59.863 22504 22504 D LeakCanary: ├─ android.app.ActivityThread class
08-11 11:20:59.863 22504 22504 D LeakCanary: │ Leaking: NO (MainActivity↓ is not leaking and a class is never leaking)
08-11 11:20:59.863 22504 22504 D LeakCanary: │ ↓ static ActivityThread.sCurrentActivityThread
08-11 11:20:59.863 22504 22504 D LeakCanary: ├─ android.app.ActivityThread instance
08-11 11:20:59.863 22504 22504 D LeakCanary: │ Leaking: NO (MainActivity↓ is not leaking)
08-11 11:20:59.863 22504 22504 D LeakCanary: │ mInitialApplication instance of org.torproject.vpn.TorApplication
08-11 11:20:59.863 22504 22504 D LeakCanary: │ mSystemContext instance of android.app.ContextImpl
08-11 11:20:59.863 22504 22504 D LeakCanary: │ ↓ ActivityThread.mActivities
08-11 11:20:59.863 22504 22504 D LeakCanary: ├─ android.util.ArrayMap instance
08-11 11:20:59.863 22504 22504 D LeakCanary: │ Leaking: NO (MainActivity↓ is not leaking)
08-11 11:20:59.863 22504 22504 D LeakCanary: │ ↓ ArrayMap.mArray
08-11 11:20:59.863 22504 22504 D LeakCanary: ├─ java.lang.Object[] array
08-11 11:20:59.863 22504 22504 D LeakCanary: │ Leaking: NO (MainActivity↓ is not leaking)
08-11 11:20:59.863 22504 22504 D LeakCanary: │ ↓ Object[1]
08-11 11:20:59.863 22504 22504 D LeakCanary: ├─ android.app.ActivityThread$ActivityClientRecord instance
08-11 11:20:59.863 22504 22504 D LeakCanary: │ Leaking: NO (MainActivity↓ is not leaking)
08-11 11:20:59.863 22504 22504 D LeakCanary: │ activity instance of org.torproject.vpn.MainActivity with mDestroyed = false
08-11 11:20:59.863 22504 22504 D LeakCanary: │ ↓ ActivityThread$ActivityClientRecord.activity
08-11 11:20:59.863 22504 22504 D LeakCanary: ├─ org.torproject.vpn.MainActivity instance
08-11 11:20:59.863 22504 22504 D LeakCanary: │ Leaking: NO (ConnectionFragment↓ is not leaking and Activity#mDestroyed is false)
08-11 11:20:59.863 22504 22504 D LeakCanary: │ mApplication instance of org.torproject.vpn.TorApplication
08-11 11:20:59.863 22504 22504 D LeakCanary: │ mBase instance of androidx.appcompat.view.ContextThemeWrapper
08-11 11:20:59.863 22504 22504 D LeakCanary: │ ↓ ComponentActivity.mOnConfigurationChangedListeners
08-11 11:20:59.863 22504 22504 D LeakCanary: ├─ java.util.concurrent.CopyOnWriteArrayList instance
08-11 11:20:59.863 22504 22504 D LeakCanary: │ Leaking: NO (ConnectionFragment↓ is not leaking)
08-11 11:20:59.863 22504 22504 D LeakCanary: │ ↓ CopyOnWriteArrayList[5]
08-11 11:20:59.863 22504 22504 D LeakCanary: ├─ androidx.fragment.app.FragmentManager$$ExternalSyntheticLambda0 instance
08-11 11:20:59.863 22504 22504 D LeakCanary: │ Leaking: NO (ConnectionFragment↓ is not leaking)
08-11 11:20:59.863 22504 22504 D LeakCanary: │ ↓ FragmentManager$$ExternalSyntheticLambda0.f$0
08-11 11:20:59.863 22504 22504 D LeakCanary: ├─ androidx.fragment.app.FragmentManagerImpl instance
08-11 11:20:59.863 22504 22504 D LeakCanary: │ Leaking: NO (ConnectionFragment↓ is not leaking)
08-11 11:20:59.863 22504 22504 D LeakCanary: │ ↓ FragmentManager.mParent
08-11 11:20:59.863 22504 22504 D LeakCanary: ├─ org.torproject.vpn.ui.connectionsettings.ConnectionFragment instance
08-11 11:20:59.863 22504 22504 D LeakCanary: │ Leaking: NO (Fragment#mFragmentManager is not null)
08-11 11:20:59.863 22504 22504 D LeakCanary: │ Fragment.mTag=a2ad2df2-7ab9-468b-87c5-c4f7355dccb2
08-11 11:20:59.863 22504 22504 D LeakCanary: │ ↓ ConnectionFragment.binding
08-11 11:20:59.863 22504 22504 D LeakCanary: │ ~~~~~~~
08-11 11:20:59.863 22504 22504 D LeakCanary: ├─ org.torproject.vpn.databinding.FragmentConnectionsettingsBindingImpl instance
08-11 11:20:59.863 22504 22504 D LeakCanary: │ Leaking: UNKNOWN
08-11 11:20:59.863 22504 22504 D LeakCanary: │ Retaining 464.4 kB in 4226 objects
08-11 11:20:59.863 22504 22504 D LeakCanary: │ ↓ ViewDataBinding.mRoot
08-11 11:20:59.863 22504 22504 D LeakCanary: │ ~~~~~
08-11 11:20:59.863 22504 22504 D LeakCanary: ╰→ androidx.coordinatorlayout.widget.CoordinatorLayout instance
08-11 11:20:59.863 22504 22504 D LeakCanary: Leaking: YES (ObjectWatcher was watching this because org.torproject.vpn.ui.connectionsettings.ConnectionFragment
08-11 11:20:59.863 22504 22504 D LeakCanary: received Fragment#onDestroyView() callback (references to its views should be cleared to prevent leaks))
08-11 11:20:59.863 22504 22504 D LeakCanary: Retaining 2.7 kB in 71 objects
08-11 11:20:59.863 22504 22504 D LeakCanary: key = 67f37547-40c5-44fc-a4de-cac3c33512f6
08-11 11:20:59.863 22504 22504 D LeakCanary: watchDurationMillis = 31085
08-11 11:20:59.863 22504 22504 D LeakCanary: retainedDurationMillis = 26083
08-11 11:20:59.863 22504 22504 D LeakCanary: View not part of a window view hierarchy
08-11 11:20:59.863 22504 22504 D LeakCanary: View.mAttachInfo is null (view detached)
08-11 11:20:59.863 22504 22504 D LeakCanary: View.mWindowAttachCount = 1
08-11 11:20:59.863 22504 22504 D LeakCanary: mContext instance of org.torproject.vpn.MainActivity with mDestroyed = false
08-11 11:20:59.863 22504 22504 D LeakCanary:
08-11 11:20:59.863 22504 22504 D LeakCanary: METADATA
08-11 11:20:59.863 22504 22504 D LeakCanary:
08-11 11:20:59.863 22504 22504 D LeakCanary: Build.VERSION.SDK_INT: 33
08-11 11:20:59.863 22504 22504 D LeakCanary: Build.MANUFACTURER: Google
08-11 11:20:59.863 22504 22504 D LeakCanary: LeakCanary version: 2.9.1
08-11 11:20:59.863 22504 22504 D LeakCanary: App process name: org.torproject.vpn
08-11 11:20:59.863 22504 22504 D LeakCanary: Class count: 25281
08-11 11:20:59.863 22504 22504 D LeakCanary: Instance count: 191621
08-11 11:20:59.863 22504 22504 D LeakCanary: Primitive array count: 129463
08-11 11:20:59.863 22504 22504 D LeakCanary: Object array count: 24642
08-11 11:20:59.863 22504 22504 D LeakCanary: Thread count: 29
08-11 11:20:59.863 22504 22504 D LeakCanary: Heap total bytes: 26478243
08-11 11:20:59.863 22504 22504 D LeakCanary: Bitmap count: 1
08-11 11:20:59.863 22504 22504 D LeakCanary: Bitmap total bytes: 222481
08-11 11:20:59.863 22504 22504 D LeakCanary: Large bitmap count: 0
08-11 11:20:59.863 22504 22504 D LeakCanary: Large bitmap total bytes: 0
08-11 11:20:59.863 22504 22504 D LeakCanary: Stats: LruCache[maxSize=3000,hits=115115,misses=192140,hitRate=37%]
08-11 11:20:59.863 22504 22504 D LeakCanary: RandomAccess[bytes=9849438,reads=192140,travel=93180964532,range=31716041,size=39433354]
08-11 11:20:59.863 22504 22504 D LeakCanary: Analysis duration: 9444 ms
```VPN pre-alpha 03cybertacybertahttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/issues/25pass the client IP to tor for country usage stadistics2023-09-21T15:18:26Zmeskiomeskio@torproject.orgpass the client IP to tor for country usage stadisticsThe webtunnel server should use the `X-Real-IP` or another header to get the client IP address and pass it to the tor process so it can produce country based usage statistics.The webtunnel server should use the `X-Real-IP` or another header to get the client IP address and pass it to the tor process so it can produce country based usage statistics.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetshelikhooshelikhoohttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41975Downloads warning text too narrow in 13.0 alpha2023-10-03T13:28:21ZdonutsDownloads warning text too narrow in 13.0 alphaSomething odd is going on with the width of the downloads warning description in the downloads wingpanel:
<img src="/uploads/6acb35f78c2e973d26c916feb844d6eb/downloads-warning-13-0_2x.png" width=508px />Something odd is going on with the width of the downloads warning description in the downloads wingpanel:
<img src="/uploads/6acb35f78c2e973d26c916feb844d6eb/downloads-warning-13-0_2x.png" width=508px />https://gitlab.torproject.org/tpo/applications/vpn/-/issues/107Manually create screenshots for translations2023-10-06T21:25:29ZcybertaManually create screenshots for translationsTo help with the translation efforts we should provide some screenshots of the diffent views.
according to the conversation with @emmapeel (https://gitlab.torproject.org/tpo/applications/vpn/-/issues/60#note_2922351), visual context sho...To help with the translation efforts we should provide some screenshots of the diffent views.
according to the conversation with @emmapeel (https://gitlab.torproject.org/tpo/applications/vpn/-/issues/60#note_2922351), visual context should be given especially for small strings, containing variables as they are hard to understand.VPN pre-alpha 03kwadronautkwadronauthttps://gitlab.torproject.org/tpo/core/arti/-/issues/990Upgrade to async_executors 0.7.0, or refactor not to use it.2023-09-29T13:55:57ZNick MathewsonUpgrade to async_executors 0.7.0, or refactor not to use it.We use the `async_exectors` crate as part of our implementation for `tor-rtcompat`. There is a new version, 0.7.0, that breaks compatibility in a couple of places.
We should decide whether we want to port to the new one, or whether we ...We use the `async_exectors` crate as part of our implementation for `tor-rtcompat`. There is a new version, 0.7.0, that breaks compatibility in a couple of places.
We should decide whether we want to port to the new one, or whether we just want to write our own minimal wrappers for those few parts of `async_std` and `tokio` that we do not already wrap.https://gitlab.torproject.org/tpo/applications/vpn/-/issues/104Action Buttons not correctly centered2023-09-11T16:38:39ZcybertaAction Buttons not correctly centeredAfter switching the bottom tabs, the action buttons are not centered anymore
| before switching bottom tabs | after switching bottom tabs (tab on `Configure` and back to `Connect`) |
| ------ | ------ |
| ![buttons_correct](/uploads/b9a...After switching the bottom tabs, the action buttons are not centered anymore
| before switching bottom tabs | after switching bottom tabs (tab on `Configure` and back to `Connect`) |
| ------ | ------ |
| ![buttons_correct](/uploads/b9acc8067c216ade6d9e8666445b6a63/buttons_correct.png){width=30%} | ![buttons](/uploads/3e6cea84843aae167fe172c058dfbdea/buttons.png){width=30%} |VPN pre-alpha 03ankitgusai19ankitgusai19https://gitlab.torproject.org/tpo/core/arti/-/issues/987Implement convert_ed25519_to_curve25519_public2023-11-27T10:20:52ZrichardImplement convert_ed25519_to_curve25519_publicBackground: https://github.com/blueprint-freespeech/gosling/issues/81
So as part of the Gosling identity handshake, I verify the client actually controls the private x25519 key associated with the provided public x25519 client auth key....Background: https://github.com/blueprint-freespeech/gosling/issues/81
So as part of the Gosling identity handshake, I verify the client actually controls the private x25519 key associated with the provided public x25519 client auth key. The current implementation converts the provided public x25519 key+signbit pair to an ed25519 public key and verifies a cryptographic signature made with the associated ed25519 private key derived from the client's x25519 private client auth key.
The x25519 -> ed25510 conversion is implementation-specific to arti's particular tor-llcrypto crate and isn't generally/concretely specified. So we would instead like to just communicate in terms of an ed25519 keypair and do the relevant 1-to-1 ed25519 -> x25519 conversion where needed, rather than the underspecified 1-to-2 x25519 -> ed25519 conversion.
`ed25519_to_curve25519_private` has been implemented as part of !1297 but I still need `ed25519_to_curve25519_public` to make the relevant protocol changes.
Thanks!
/cc @gabi-250 @nickmhttps://gitlab.torproject.org/tpo/applications/vpn/-/issues/103Better flag drawables2023-09-11T22:22:08ZcybertaBetter flag drawablesCurrently we're relying on https://github.com/blongho/worldCountry (MIT Licenced) for the country flag icons. Some flags are broken though, cmp. https://gitlab.torproject.org/tpo/applications/vpn/-/merge_requests/56#note_2926257) and we ...Currently we're relying on https://github.com/blongho/worldCountry (MIT Licenced) for the country flag icons. Some flags are broken though, cmp. https://gitlab.torproject.org/tpo/applications/vpn/-/merge_requests/56#note_2926257) and we may want different vector graphics.
This issue exists as a reminder to research for alternatives. @donuts if you've any proposals, please let me know.VPN pre-alpha 03cybertacybertahttps://gitlab.torproject.org/tpo/core/onionmasq/-/issues/64Error handling UX reminder2024-01-18T16:23:38ZetaError handling UX reminderI need to write up something in tpo/applications/vpn about how to handle connection failures (with logs); this is a reminder ticket to do that :pI need to write up something in tpo/applications/vpn about how to handle connection failures (with logs); this is a reminder ticket to do that :pVPN pre-alpha 05etaetahttps://gitlab.torproject.org/tpo/core/arti/-/issues/985Construct NetDir with geoip support2023-11-15T19:08:08ZJanosch GräfConstruct NetDir with geoip supportI wanted to get the country codes from `Relay`, but noticed that they're never set. `tor-netdir` has a `geoip` feature that gives `PartialNetDir` a `new_with_geoip` method. This method is never called currently.
Changes needed to use `P...I wanted to get the country codes from `Relay`, but noticed that they're never set. `tor-netdir` has a `geoip` feature that gives `PartialNetDir` a `new_with_geoip` method. This method is never called currently.
Changes needed to use `PartialNetDir::new_with_geoip`:
- add `geoip` feature to `arti_client`. This is not strictly needed, but is how I imagine one enables geoip support in general.
- add `geoip` feature and optional dependency on `tor-geoip` to `tor-dirmgr`.
- add `geoip_db: Arc<GeoipDb>` to `DirMgr`.
- in `DirMgr::from_config`: get `GeoipDb::from_embedded` and put it into `DirMgr`. We could also pass in the `GeoipDb` from further up the graph. I'm not sure about this.
- add `geoip_db` field to `GetConsensusState` and add it to the constructor.
- add `geoip_db` to `GetCertsState`
- add `geoip_db` to `GetMicrodescsState`. This is needed for `GetMicrodescsState::reset`.
- pass `geoip_db` to `GetMicrodescsState::new`
- this is the call-site of `PartialNetDir::new_with_geoip`
- adding an argument here triggers clippy's warning that the method has to many arguments.
I have working code (only clippy fails) [here](https://gitlab.torproject.org/sw1tch/arti/-/commit/b0d83949923002536cccdab729304ebbf46299a3)
So my main questions are:
1. How do we make clippy happy with the method with too many arguments. Note that 2 arguments in that signature are behind a feature flag.
2. Should we pass the `GeoipDb` to the dirmgr from further up. If so, how?
3. Should we pass `Option<Arc<GeoipDb>>` instead (so it can be disabled at runtime).Arti: Feature parity with the C implementationhttps://gitlab.torproject.org/tpo/core/arti/-/issues/981Low-level configuration support for onion services2023-10-31T16:14:24ZNick MathewsonLow-level configuration support for onion servicesWe'll need code in tor-hsservice to handle the configuration of a single onion service. This should only include the parts that tor-hsservice needs to do itself, and not things like key managers and state managers that are handled by ot...We'll need code in tor-hsservice to handle the configuration of a single onion service. This should only include the parts that tor-hsservice needs to do itself, and not things like key managers and state managers that are handled by other code that calls into tor-hsservice. Some of the possible values that might go here are outlined in `doc/dev/notes/onion-service-notes.md`
Part of #698Ian Jacksoniwj@torproject.orgIan Jacksoniwj@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/978Implement connections and orchestration among lower-level onion service pieces2023-10-31T16:14:13ZNick MathewsonImplement connections and orchestration among lower-level onion service piecesOnce we have the parts described in `doc/dev/notes/hssvc-ipt-algorithms.md` implemented, we will need to hook them all up and make sure that they can actually run an onion service.
Part of #697.Once we have the parts described in `doc/dev/notes/hssvc-ipt-algorithms.md` implemented, we will need to hook them all up and make sure that they can actually run an onion service.
Part of #697.https://gitlab.torproject.org/tpo/core/arti/-/issues/977Implement hsdir publisher2023-08-25T18:01:05ZNick MathewsonImplement hsdir publisherWe'll need a piece of code to encode and upload a new onion service descriptor as appropriate.
Part of #697.We'll need a piece of code to encode and upload a new onion service descriptor as appropriate.
Part of #697.gabi-250gabi-250https://gitlab.torproject.org/tpo/core/arti/-/issues/968Onion services: connect-to-local-port functionality2023-10-31T16:13:22ZNick MathewsonOnion services: connect-to-local-port functionalityAs part of our high-level support in #700, we'll want to support the same functionality C tor has of allowing incoming connections to some port on an onion service to get mapped to connections to some TCP or AF_UNIX port.As part of our high-level support in #700, we'll want to support the same functionality C tor has of allowing incoming connections to some port on an onion service to get mapped to connections to some TCP or AF_UNIX port.https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/26Add a license to the project2023-08-02T14:41:50Zmeskiomeskio@torproject.orgAdd a license to the projectlox-library and lox-wasm have MIT license, but it looks like the rest of the crates don't have any license. We could make all the project be MIT license.lox-library and lox-wasm have MIT license, but it looks like the rest of the crates don't have any license. We could make all the project be MIT license.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetonyinyangonyinyanghttps://gitlab.torproject.org/tpo/core/onionmasq/-/issues/62get list of available exit nodes2023-08-04T11:56:13Zcybertaget list of available exit nodesIn order to improve the current exit node [selection implementation](https://gitlab.torproject.org/tpo/applications/vpn/-/issues/38) (cmp. https://gitlab.torproject.org/tpo/applications/vpn/-/merge_requests/56), it would be nice to have ...In order to improve the current exit node [selection implementation](https://gitlab.torproject.org/tpo/applications/vpn/-/issues/38) (cmp. https://gitlab.torproject.org/tpo/applications/vpn/-/merge_requests/56), it would be nice to have an API to receive a list of available tor exit nodes. That way the country selection list could be restricted to those countries that have actual exit nodes.https://gitlab.torproject.org/tpo/applications/vpn/-/issues/102improve list item replacement animation2023-09-11T22:33:00Zcybertaimprove list item replacement animationfollow-up of https://gitlab.torproject.org/tpo/applications/vpn/-/merge_requests/51: in the app routing detail screen, which contains an expandable list of cicuits involved, especially the collapsing animation looks a little bit odd, sin...follow-up of https://gitlab.torproject.org/tpo/applications/vpn/-/merge_requests/51: in the app routing detail screen, which contains an expandable list of cicuits involved, especially the collapsing animation looks a little bit odd, since it uses Android's default animation for that case. While collapsing, the rounded corners of the bottom of the list item should remain visible.
![animation_circuit](/uploads/f0a392899df74efe83212f88bf6f8cc9/animation_circuit.webm)VPN pre-alpha 03cybertacyberta