The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-11-08T19:10:20Zhttps://gitlab.torproject.org/tpo/core/torspec/-/issues/73Write a proposal to send UDP traffic over Tor2023-11-08T19:10:20ZNick MathewsonWrite a proposal to send UDP traffic over TorNote that this is not for Tor-over-UDP; it's for UDP-over-Tor.Note that this is not for Tor-over-UDP; it's for UDP-over-Tor.Sponsor 101 - Tor VPN Client for AndroidNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/web/team/-/issues/14protect branches on production websites2021-11-08T18:14:02Zanarcatprotect branches on production websitesi noticed i was able to push to the default branch on tb-manual on gitlab. now that we migrated to gitolite, we should protect those branches so that a proper review process is enforced before pushing.
/cc @emmapeel @kez @lavamindi noticed i was able to push to the default branch on tb-manual on gitlab. now that we migrated to gitolite, we should protect those branches so that a proper review process is enforced before pushing.
/cc @emmapeel @kez @lavamindRetire Jenkinshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40658s96 mega-dev issue on torconnect feature2022-04-15T20:50:21Zrichards96 mega-dev issue on torconnect featureAn issue to track the entire update to the torconnect feature
### Links:
- Design Doc: https://docs.google.com/document/d/16NVqOvIOdy26vvH7P94D1kXmXoppKTRmv4T--fMfHjg/edit
- User-flow figma: https://www.figma.com/file/yApSDTlsppvH8w250...An issue to track the entire update to the torconnect feature
### Links:
- Design Doc: https://docs.google.com/document/d/16NVqOvIOdy26vvH7P94D1kXmXoppKTRmv4T--fMfHjg/edit
- User-flow figma: https://www.figma.com/file/yApSDTlsppvH8w2508zV8k/about%3Atorconnect-User-Flows?node-id=84%3A516
- More User-flow figma: https://www.figma.com/file/Vsh1aPOZGneDX4Zp27mjsK/Sponsor-30?node-id=531%3A2047
- New Moat APIs: https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40025#note_2753073
- Querying new Moat API in tor-browser: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40645
### Todo:
- [x] Handle Moat errors properly:
- https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/blob/main/bridgedb/distributors/moat/server.py#L648
- https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/blob/main/bridgedb/distributors/moat/server.py#L226
```
<meskio> now you can get two different error codes: 400 and 406
<meskio> 406 is for when it can't find the country for the given IP
<meskio> 400 is for malformed requests, for example see:
```
- [x] implement new moat APIs and replace existing consumers with new moat module (#40645)
- [x] Update the about:torconnect state machine to facilitate the userflow in the above linked figma (#40662)
- @duncan: what do we do when no settings are available for the user's location? we could either go with a fallback (obfs4?) or leave it to the user
- [ ] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40707
- [x] Update the about:torconnect frontend page to match additional UI flows (#40773)
- [x] Update about:preferences page to match new UI designs (#40774)
User Testing from nah: https://www.figma.com/proto/Vsh1aPOZGneDX4Zp27mjsK/Sponsor-30?page-id=531%3A2047&node-id=717%3A3003&viewport=241%2C48%2C0.08&scaling=min-zoom&starting-point-node-id=717%3A3003&show-proto-sidebar=1
Ping @duncan @meskioTor Browser 11.5richardrichardhttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40030update geoip db2022-02-14T18:16:28Zmeskiomeskio@torproject.orgupdate geoip dbBridgeDB uses maxminddb to get a mapping between IPs and countries, but this DB is not updated anymore. We should use the tor-geoipdb, which will be kept updated.
BridgeDB implements it's own [parser for the maxminddb](https://gitlab.to...BridgeDB uses maxminddb to get a mapping between IPs and countries, but this DB is not updated anymore. We should use the tor-geoipdb, which will be kept updated.
BridgeDB implements it's own [parser for the maxminddb](https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/blob/main/bridgedb/geo.py), we'll need to update it to the tor-geoipdb format.
For some context on the tor move away of maxminddb: https://gitlab.torproject.org/tpo/core/tor/-/issues/40224Sponsor 30 - Objective 2.455abhilash55abhilashhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40399update the budget for 2021-20222021-10-19T17:34:29Zanarcatupdate the budget for 2021-2022totally forgot about this, but we have a budget. it's currently in "Budget Sysadmin.xls" in the sysadmin share, but I think it should be folded inside the Tor VM spreadsheet to (a) get more visibility and (b) get some automatic calculati...totally forgot about this, but we have a budget. it's currently in "Budget Sysadmin.xls" in the sysadmin share, but I think it should be folded inside the Tor VM spreadsheet to (a) get more visibility and (b) get some automatic calculations done, because the latter spreadsheet already has the per-server cost.
we need to:
- [x] merge the budget and Tor VM Hosts.xlsx spreadsheets so that we have all numbers in one place
- [x] ask sue for up to date numbers on our "income" (how much money we have to spend), "expenses" (how much we're spending, particularly in Riseup and Hetzner, but basically eveyrthing)
- [x] update spreadsheet based on sue's numbers
- [x] ~~establish what our emergency buffer is~~ it's basically: just ask for approval
- [ ] plan for expansion in the next year (this needs coordination with the roadmap work, see tpo/tpa/team#40307 and others)establish the 2022 roadmapanarcatanarcathttps://gitlab.torproject.org/tpo/web/donate-static/-/issues/45donate-static vanilla js rewrite2023-03-17T21:24:29ZKezdonate-static vanilla js rewriteThis is a ticket that should've been written around a month ago, but I didn't think to do it then, so I'm writing it now!
The [donate.tpo frontend](https://gitlab.torproject.org/tpo/web/donate-static) is currently written in a mix of re...This is a ticket that should've been written around a month ago, but I didn't think to do it then, so I'm writing it now!
The [donate.tpo frontend](https://gitlab.torproject.org/tpo/web/donate-static) is currently written in a mix of react and lektor (mostly react). Since nobody at TPI knows react very well, we want to rewrite it in vanilla javascript to make it easier for us to maintain, and hopefully allow us to reuse some of the loogic for the upcoming donate.tpo rewrite (#29).
## Plan
Here are the steps I've taken and plan to take to move to vanilla javascript (in no particular order):
- [x] Move all the JSON configuration from settings.js to lektor databags
- [x] Move the countries.json and regions.json files to lektor databags, re-structured to make working with them a bit more pythonic
- [x] Write a script to regenerate the countries.json/regions.json databags from the existing json files
- [x] Scaffold a new `tor-donate-js/` npm project with [esbuild](https://github.com/evanw/esbuild), [eslint](https://eslint.org), and [jsdoc](https://jsdoc.app/)
- [x] Render the cryptocurrency page statically with lektor, with a small amount of javascript to add an event listener to the anonymous donation checkbox, and copy-to-clipboard support for the wallet addresses (defined in `tor-donate-js/src/cryptocurrency.js`)
- [x] Move as many of the react components as possible to jinja2 macros and statically render them with lektor
- [x] Rewrite the donate-form.html template to use the jinja macros and render the donation form statically
- [x] Rewrite the donate form validation logic, interactivity/reactivity, and submit handlers in a vanilla es6 class (eslint and esbuild are using es2021)
- [x] Event handler reactivity:
- [x] Donation frequency selection buttons
- [x] Donation amount buttons
- [x] Other donation amount text box
- [x] No perk checkbox
- [x] Perk selection tiles
- [x] Donation method selection button
- [x] Credit card fields
- [x] Donation amount label
- [x] Gift selection label
- [x] Form field validation
- [x] Stripe API submit handler
- [x] Paypal API submit handler
- [x] Render Paypal buttons
- [x] Paypal button callback functions
- [x] onApprove
- [x] onCancel
- [x] createBillingAgreement
- ~~[ ] createOrder~~
- [x] Implement the giving form class on the donation pages
- [x] Main donation page (the index page)
- [x] Monthly giving page
- [x] Champions of privacy page
- [x] There are a few TODOs (mostly relating to form validation) that need to be cleaned up
- [x] jsdoc comments on all classes, methods, and top-level functions
- [x] Documentation describing the new JS architecture, with a guide to editing, and the build system/contribution process
- [x] Set up translations/l10n in lektor
- [x] Set up a staging site for my fork
The rewrite is mostly finished. I don't have a timeframe for when it should be complete; Paypal, Stripe, and the reactivity each took a bit longer than I expected. I'm hoping to have this done within the next week or so.
## Motivations for the new build system (esbuild, eslint, jsdoc)
esbuild is a fairly new tool, so I want to explain why I chose that instead of parcel, webpack, or rollup.
The main reason is simplicity. Other bundlers I've used usually require a fiarly complex configuration file, and tend to be slow and come with a lot of dependencies. esbuild is a single native binary with no dependencies, and works with a simple cli configuration.
jsdoc was added because the main issue I had with the react site was the complexity and lack of documentation. eslint is used for linting, and also to enforce jsdoc comments.Redesign donate.torproject.orghttps://gitlab.torproject.org/tpo/web/support/-/issues/249Recruit community moderators2021-09-04T17:01:57ZGabagaba@torproject.orgRecruit community moderatorsWe need to get a small group of volunteers to moderate the forum. This ticket will track the call for moderators.We need to get a small group of volunteers to moderate the forum. This ticket will track the call for moderators.Launch support's Forum and Blog migration2021-09-30https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40564[meta] Evaluate if Tor Browser is meeting the needs of our users2022-01-31T16:54:17ZMatthew Finkel[meta] Evaluate if Tor Browser is meeting the needs of our usersTor Browser has many goals as defined in the [Design document](https://2019.www.torproject.org/projects/torbrowser/design/), but we should take a step backward and look at the larger picture of whether these goals are actually important ...Tor Browser has many goals as defined in the [Design document](https://2019.www.torproject.org/projects/torbrowser/design/), but we should take a step backward and look at the larger picture of whether these goals are actually important for the [people](https://community.torproject.org/user-research/persona/) we are trying to protect.
We should be able to justify our general design requirements through the needs of our users, instead of defining the strictest-possible private browser design and then applying that to all of the use cases. Indeed, this should influence tor-browser-spec#25021.
cc @duncan @nahTor Browser: 11.0 Issues with previous releasehttps://gitlab.torproject.org/tpo/applications/team/-/issues/4Migrate "Tor-Friendly Applications Best Practices" from legacy wiki2021-12-03T15:08:24ZJeremyRandMigrate "Tor-Friendly Applications Best Practices" from legacy wikiCan we migrate the [Tor-Friendly Applications Best Practices](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/Tor_friendly_applications_best_practices) from the Legacy wiki to the Applications Team wiki? I have some improvements I...Can we migrate the [Tor-Friendly Applications Best Practices](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/Tor_friendly_applications_best_practices) from the Legacy wiki to the Applications Team wiki? I have some improvements I would like to suggest for the document, which are presumably blocked by migrating it to a non-legacy wiki.Gabagaba@torproject.orgGabagaba@torproject.orghttps://gitlab.torproject.org/tpo/web/manual/-/issues/99Update known issues page - Tor Browser desktop and mobile2024-01-30T13:40:21ZGusUpdate known issues page - Tor Browser desktop and mobileAccording to the [blog post](https://blog.torproject.org/new-release-tor-browser-105), here's a list of known issues that we need to update the Tor Browser Manual:
### Desktop
- tpo/applications/tor-browser#40497
- tpo/applications/tor...According to the [blog post](https://blog.torproject.org/new-release-tor-browser-105), here's a list of known issues that we need to update the Tor Browser Manual:
### Desktop
- tpo/applications/tor-browser#40497
- tpo/applications/tor-browser#40242
- tpo/applications/tor-browser#40506
- tpo/applications/tor-browser#40510
https://tb-manual.torproject.org/known-issues/
### Mobile
- tpo/applications/fenix#40176
- tpo/applications/fenix#40110
- tpo/applications/fenix#40172
- tpo/applications/fenix#40174
- tpo/applications/fenix#40103
- tpo/applications/fenix#40115
- tpo/applications/fenix#40324
https://tb-manual.torproject.org/mobile-tor/ebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/142Add a function to answer "when did we last get incoming network activity".2021-07-13T17:20:05ZNick MathewsonAdd a function to answer "when did we last get incoming network activity".We need this for circuit-build-timeout logic in #57.
We should only record a circuit as having timed out when we have had incoming network activity since the time when it was launched.We need this for circuit-build-timeout logic in #57.
We should only record a circuit as having timed out when we have had incoming network activity since the time when it was launched.Arti 0.0.1 release: basic anonymityNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/web/community/-/issues/203Add instructions to set up a snowflake standalone proxy to community pages2021-05-17T19:36:35ZCecylia BocovichAdd instructions to set up a snowflake standalone proxy to community pagesWe discussed improving the instructions for setting up and running a Go standalone proxy for Snowflake in https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40031
We'd like to run a campaign to get...We discussed improving the instructions for setting up and running a Go standalone proxy for Snowflake in https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40031
We'd like to run a campaign to get more standalone snowflakes in the hopes of getting a higher ratio of unrestricted NATs at some point and this is a prerequisite for that.
Is it possible to create a page linked from https://community.torproject.org/relay/setup/ with detailed instructions (not sure if that's the best place since they aren't relays exactly).GusGushttps://gitlab.torproject.org/tpo/core/arti/-/issues/95Have more experienced Rust programmers read our code2022-02-24T21:07:53ZNick MathewsonHave more experienced Rust programmers read our codeArti is my first production project in Rust; none of us at Tor currently have done a Rust project of this size before. Before we can say that Arti is production ready, we should seek some experienced Rust programmers and ask them to loo...Arti is my first production project in Rust; none of us at Tor currently have done a Rust project of this size before. Before we can say that Arti is production ready, we should seek some experienced Rust programmers and ask them to look through our code for general quality issues.
If you're reading this because you're new to Arti and you don't know so much about Tor: no need to worry! Just poke around in the codebase, find a random file, and start asking yourself: does this look like good rust? What about the other things that use it? Is there a way to make it better?Arti 1.0.0: Ready for production usehttps://gitlab.torproject.org/tpo/core/tor/-/issues/40198Ensure that Tor builds on MacOS for ARM2022-11-21T02:25:11ZAlexander Færøyahf@torproject.orgEnsure that Tor builds on MacOS for ARMWith the arrival of the new MacOS release for ARM, we should make sure that Tor builds for the MacOS ARM target. It should be possible to cross-compile Tor from MacOS on x86-64 to ARM.
Best way to get this running right now is via the b...With the arrival of the new MacOS release for ARM, we should make sure that Tor builds for the MacOS ARM target. It should be possible to cross-compile Tor from MacOS on x86-64 to ARM.
Best way to get this running right now is via the build-system of Tor.framework.
Benjamin from the Guardian Project says that Tor.framework currently does not work for the cross-compile target for MacOS ARM.Alexander Færøyahf@torproject.orgAlexander Færøyahf@torproject.orghttps://gitlab.torproject.org/tpo/web/donate-static/-/issues/12Fix footer links in inner pages2021-06-21T12:26:21ZAntonelaantonela@torproject.orgFix footer links in inner pageshttps://donate.torproject.org/ inner pages footer links (Donor FAQ (current), Donor Privacy Policy) are going to a 404.
For example, you can reproduce clicking footer links in
https://donate.torproject.org/donor-faq/https://donate.torproject.org/ inner pages footer links (Donor FAQ (current), Donor Privacy Policy) are going to a 404.
For example, you can reproduce clicking footer links in
https://donate.torproject.org/donor-faq/Redesign donate.torproject.orghttps://gitlab.torproject.org/tpo/network-health/sbws/-/issues/40022Sbws should pin exits (or Single Onions) that have larger windows/congestion ...2022-07-06T08:29:04ZMike PerrySbws should pin exits (or Single Onions) that have larger windows/congestion controlSbws is not assigning stream ratios above ~2.2 to any relays right now. This means that it is not measuring any relays as faster than 2.2 times than the network average stream capacity. This is impacting spare capacity load balancing of ...Sbws is not assigning stream ratios above ~2.2 to any relays right now. This means that it is not measuring any relays as faster than 2.2 times than the network average stream capacity. This is impacting spare capacity load balancing of fast relays.
The reason for this is because of tor's current 1000 cell circuit window and 500 cell stream window. These windows impose a speed limit on sbws stream tests that is dependent on latency. It both means that we will currently measure relays with less latency to the sbws exit(s) as faster, as well as be unable to measure their full spare capacity.
If we run a custom exit with a larger congestion window and stream window, then we will be able to measure relays with more spare capacity than current. We could then pin sbws to use only that exit.
Longer term, we should pin sbws to only use exits that have upgraded to support https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/324-rtt-congestion-control.txtsbws: 1.5.x-finaljugajugahttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40170Decide how we should notify users that their OS won't be supported in the nea...2021-12-07T10:14:55ZMatthew FinkelDecide how we should notify users that their OS won't be supported in the near futureImmediately, we have:
- [x] #40049
- [x] #40136
We'll have more in the future, so we could create a more general plan now.Immediately, we have:
- [x] #40049
- [x] #40136
We'll have more in the future, so we could create a more general plan now.Tor Browser: 11.0 Issues with previous releasehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40027Publish Fenix-based testing versions on Google Play2020-11-19T18:10:29ZMatthew FinkelPublish Fenix-based testing versions on Google PlayWe can use Google Play's testing channels (internal/alpha/beta) for releasing "preview" and incremental builds of Fenix-based Tor Browser.We can use Google Play's testing channels (internal/alpha/beta) for releasing "preview" and incremental builds of Fenix-based Tor Browser.2020-08-11https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/24Create a solution for missing /duplicate #NNNN2020-07-09T08:51:06ZGeorg KoppenCreate a solution for missing /duplicate #NNNNWe are not hip enough with our Gitlab Community Edition to be allowed to
use the `/duplicate #NNNN` functionality. However, having that would be
very desirable.
The workflow for us for closing duplicates in Trac was:
1) Closing a ticke...We are not hip enough with our Gitlab Community Edition to be allowed to
use the `/duplicate #NNNN` functionality. However, having that would be
very desirable.
The workflow for us for closing duplicates in Trac was:
1) Closing a ticket $foo as duplicate mentioning which ticket $bar it
was a duplicate of.
2) Going to ticket $bar and adding all the folks being Cc'ed to or the
reporter of ticket $foo to ticket $bar's Cc list.
3) Mentioning in a comment to ticket $bar that ticket $foo was a duplicate.
Ideally, we would get 2) and 3) automatically once we do 1).
I've not a good handle yet on what is possible with Gitlab, but I am
willing to help with that issue, I think. @ahf had some ideas to start
with, though, IIRC.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40005Review advice on VPN use during onboarding2022-03-21T20:08:35ZAntonelaantonela@torproject.orgReview advice on VPN use during onboardingMany first-time users are attempting to configure VPNs on Tor Browser, some of whom mistakenly believe VPN usage is critical to protecting their privacy.
This ticket is to review the existing onboarding flow as an education opportunity ...Many first-time users are attempting to configure VPNs on Tor Browser, some of whom mistakenly believe VPN usage is critical to protecting their privacy.
This ticket is to review the existing onboarding flow as an education opportunity and amend as required to provide up to date advice on VPN use.
Consider this as a reference ticket to: https://gitlab.torproject.org/legacy/trac/-/issues/30514