The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-03-28T15:46:20Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42316TorConnect might restore old settings that were changed from the preferences2024-03-28T15:46:20ZPier Angelo VendrameTorConnect might restore old settings that were changed from the preferencesIn TorConnect we get a copy of the original settings (`this.originalSettings = TorSettings.getSettings();`) only once before trying all the settings we've received from Moat (and we bootstrap for each settings set, so the browser might t...In TorConnect we get a copy of the original settings (`this.originalSettings = TorSettings.getSettings();`) only once before trying all the settings we've received from Moat (and we bootstrap for each settings set, so the browser might take a long time to do stuff).
If the user changes settings, and we failed to bootstrap, we restore the settings we had before, which might be surprising.
So, we should check if the settings we're about to overwrite when we restore the old settings.
As a sequence of events:
1. TorConnect backup configuration A before contacting Moat
2. TorConnect sets the config B it received from Moat
3. While the bootstrap is happening, the user changes settings, producing config C
4. The boostrap fails: TorConnect restores config A!
Also, since we might receive many configuration sets, we might also apply config D, E, F and so on and possibly replace settings from configuration C.
On Android this cannot happen because going to settings stops the bootstrap, and we intend to keep this behavior at least for starters, when implementing the connection assist there.
However, on desktop is more difficult, because we have tabs.
Therefore, we might do something else, e.g., disable all the settings while we're bootstrapping, and display a message bar telling something like "The bootstrap is going on. Cancel it to unlock the settings".
## Design estimate:
* Complexity: medium (3 days)
* Figure out the appropriate solution. Should we prevent people from accessing the Settings on desktop just like on Android? Or do we create a warning for people that their settings might be overwritten?
* Create designs that solve the issue.
* Uncertainty level: moderate (1.5)
* I imagine trying to figure out which solution we should apply and how we apply it can take time.
* Total: 3-4.5 dayshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42192Correctly round new windows when bookmarks toolbar is set to "Only Show on Ne...2024-03-28T15:26:58ZdonutsCorrectly round new windows when bookmarks toolbar is set to "Only Show on New Tab"This has happened at least twice to me, but I have no idea how to reproduce it.
On first launch, the viewport in Tor Browser 13.0 is 900px high and unletterboxed. After a period of several days, an additional 30px appears to get added t...This has happened at least twice to me, but I have no idea how to reproduce it.
On first launch, the viewport in Tor Browser 13.0 is 900px high and unletterboxed. After a period of several days, an additional 30px appears to get added to the height of the overall window, increasing the viewport to 930px and triggering letterboxing.
Note: this is not due to changes in the height of the browser chrome eating into the viewport (e.g. the bookmarks bar being on or off), as the height of the entire window has increased by 30px.
Tor Browser will then reliably reopen itself at the new dimensions even when quit and relaunched. Wiping the TorBrowser-Data file from macOS' Application Support folder seems to reset the browser back to its original dimensions, however.
<details><summary>Show screenshot</summary>
![letterboxing-error](/uploads/a23e2bbbad31b4a4d0ac2d6a33f1c445/letterboxing-error.png)
</details>ma1ma1https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/issues/3Oniongroove prototype2024-03-28T12:56:29ZSilvio RhattoOniongroove prototypeWrite an early prototype/proof of concept for Oniongroove.Write an early prototype/proof of concept for Oniongroove.Oniongroove 0.1.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/issues/1Oniongroove deployment research2024-03-27T21:47:32ZSilvio RhattoOniongroove deployment researchResearch on all relevant deployment technologies (DevOps) for Onion Services: build a first matrix of technologies, recipes and strategies, incorporating it into the specs (onion-support#40).Research on all relevant deployment technologies (DevOps) for Onion Services: build a first matrix of technologies, recipes and strategies, incorporating it into the specs (onion-support#40).Oniongroove 0.1.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/issues/5Vendorize Onion MkDocs2024-03-27T21:47:27ZSilvio RhattoVendorize Onion MkDocsVendorize [Onion MkDocs](https://gitlab.torproject.org/rhatto/onion-mkdocs), so it's easier to retrieve updates.Vendorize [Onion MkDocs](https://gitlab.torproject.org/rhatto/onion-mkdocs), so it's easier to retrieve updates.Oniongroove 0.1.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/issues/2Oniongroove threat model2024-03-27T21:47:21ZSilvio RhattoOniongroove threat modelWrite initial version of [Oniongroove](https://gitlab.torproject.org/rhatto/oniongroove) threat model, including:
* [ ] Consider the scenario where someone run more than a single Onionbalance
"frontend" with the same address but w...Write initial version of [Oniongroove](https://gitlab.torproject.org/rhatto/oniongroove) threat model, including:
* [ ] Consider the scenario where someone run more than a single Onionbalance
"frontend" with the same address but with different backends and uploading
descriptors at different times. Would this:
* Impact the Tor network negativelly?
* Improve load balancing?
* Be an acceptable frontend failover?Oniongroove 0.1.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/issues/4Oniongroove 0.1.0 release planning2024-03-27T21:47:14ZSilvio RhattoOniongroove 0.1.0 release planningPlan the [0.0.1 release](https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/milestones/1).Plan the [0.0.1 release](https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/milestones/1).Oniongroove 0.1.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/80Enhanced Grafana dashboard2024-03-27T21:45:05ZSilvio RhattoEnhanced Grafana dashboardEnhance the sample [exportable](https://grafana.com/docs/grafana/latest/dashboards/export-import/) Grafana Dashboard for Onion Services monitoring, including:
* [ ] Lists of expiring X.509 certificates (next days/weeks/month/quarter; cu...Enhance the sample [exportable](https://grafana.com/docs/grafana/latest/dashboards/export-import/) Grafana Dashboard for Onion Services monitoring, including:
* [ ] Lists of expiring X.509 certificates (next days/weeks/month/quarter; current quarter; etc).
* [ ] Enhanced metrics from tpo/onion-services/onionprobe#78.Onionprobe 1.2.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/78Enhanced metrics for Onion Service descriptors2024-03-27T21:44:54ZSilvio RhattoEnhanced metrics for Onion Service descriptorsImplement additional metrics for Onion Service descriptors.
That need:
* A better way to parse descriptors would enable many other metrics.
* Some patches sent upstream to Stem.
Some fields that could get measurements:
* From the out...Implement additional metrics for Onion Service descriptors.
That need:
* A better way to parse descriptors would enable many other metrics.
* Some patches sent upstream to Stem.
Some fields that could get measurements:
* From the outer descriptor wrapper:
* [ ] "descriptor-lifetime".
* [ ] "revision-counter".
* From the first layer of encryption:
* [ ] "[caa-critical](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/343-rend-caa.txt)".
* From the second layer of encryption:
* [ ] "single-onion-service".
* [ ] "pow-params": an indirect way to measure DoS for PoW-enabled
services (by measuring the PoW settings in the descriptor),
which depends on tpo/core/tor#40634 to be implemented.
* [ ] "[caa](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/343-rend-caa.txt)".
Other measurements:
* [ ] Metrics for the descriptor and inner layer sizes.Onionprobe 1.2.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/82Create an Onionprobe release on new tags2024-03-27T21:44:40ZSilvio RhattoCreate an Onionprobe release on new tagsCreate a [GitLab release](https://docs.gitlab.com/ee/user/project/releases/) automatically [when a tag is pushed to the repo](https://docs.gitlab.com/ee/user/project/releases/release_cicd_examples.html#create-a-release-when-a-git-tag-is-...Create a [GitLab release](https://docs.gitlab.com/ee/user/project/releases/) automatically [when a tag is pushed to the repo](https://docs.gitlab.com/ee/user/project/releases/release_cicd_examples.html#create-a-release-when-a-git-tag-is-created).Onionprobe 1.2.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/64Exit codes should reflect reality2024-03-27T21:44:24ZgeorgExit codes should reflect realityIt seems, onionprobe exits with `0` aka success in any case, while it should probably exit with `> 0` if things go wrong:
```
~ onionprobe -e test.onion; echo $? ...It seems, onionprobe exits with `0` aka success in any case, while it should probably exit with `> 0` if things go wrong:
```
~ onionprobe -e test.onion; echo $?
2022-07-23 12:52:30,170 INFO: Starting Onionprobe version 1.0.0...
2022-07-23 12:52:30,170 INFO: Initializing Tor process...
2022-07-23 12:52:32,145 INFO: Onionprobe is initialized. Hit Ctrl-C to interrupt it.
2022-07-23 12:52:32,145 INFO: Processing test.onion...
2022-07-23 12:52:32,145 ERROR: Invalid onion service address set for test.onion: test.onion
2022-07-23 12:52:32,146 INFO: Error while receiving a control message (SocketClosed): received exception "read of closed file"
2022-07-23 12:52:32,146 INFO: Error while receiving a control message (SocketClosed): received exception "peek of closed file"
2022-07-23 12:52:32,146 INFO: Error while receiving a control message (SocketClosed): received exception "peek of closed file"
2022-07-23 12:52:32,146 INFO: Error while receiving a control message (SocketClosed): received exception "peek of closed file"
2022-07-23 12:52:32,146 INFO: Error while receiving a control message (SocketClosed): received exception "peek of closed file"
2022-07-23 12:52:32,146 INFO: Error while receiving a control message (SocketClosed): received exception "peek of closed file"
0
```Onionprobe 1.2.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/issues/45Reset the lektorproject file after building2024-03-27T21:42:54ZKezReset the lektorproject file after buildingCertain environment variables will make `scripts/build` alter the onion-launchpad.lektorproject file, which can cause issues with future builds. The build script should copy the original lektorproject file to /tmp, and restore it after t...Certain environment variables will make `scripts/build` alter the onion-launchpad.lektorproject file, which can cause issues with future builds. The build script should copy the original lektorproject file to /tmp, and restore it after the build.Onion Launchpad - 2024.Q2Silvio RhattoSilvio Rhatto2024-04-30https://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/issues/32Live demo2024-03-27T21:42:43ZSilvio RhattoLive demo* [x] Set a [live demo at Tor's GitLab Pages][] using CI/CD.
* [x] Include the link in the docs.
* [x] Set a dummy `LEKTOR_SERVICE_URL` (from an address that cannot exist, and thus is unavailable).
* [ ] Request an Onion Service for [TPO...* [x] Set a [live demo at Tor's GitLab Pages][] using CI/CD.
* [x] Include the link in the docs.
* [x] Set a dummy `LEKTOR_SERVICE_URL` (from an address that cannot exist, and thus is unavailable).
* [ ] Request an Onion Service for [TPO's GitLab Pages][]. ~~This needs an issue in [TPA's queue][].~~ See tpo/tpa/team#40379.
* [ ] Set `LEKTOR_ONION_URL` pointing to the Onion Launchpad address that uses TPO GitLab Page's Onion Service.
[live demo at Tor's GitLab Pages]: https://tpo.pages.torproject.net/onion-services/onion-launchpad/
[TPO's GitLab Pages]: https://tpo.pages.torproject.net
[TPA's queue]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/Onion Launchpad - 2024.Q2Silvio RhattoSilvio Rhatto2024-04-30https://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/issues/24Deployment documentation for the Landing Page2024-03-27T21:42:12ZSilvio RhattoDeployment documentation for the Landing Page* [x] Include deployment documentation in the Landing Page's [README.md](https://gitlab.torproject.org/tpo/onion-services/sponsor123-landing-page/-/blob/main/README.md) and/or `docs/` folder.
* [ ] Document the simpler procedure (user fo...* [x] Include deployment documentation in the Landing Page's [README.md](https://gitlab.torproject.org/tpo/onion-services/sponsor123-landing-page/-/blob/main/README.md) and/or `docs/` folder.
* [ ] Document the simpler procedure (user forks Onion Launchpad's mirror on GitLab or GitHub, then configure and trigger a build).
* [ ] Document logo filename convention for automatic translations.
* [ ] Include a screenshot.
* [ ] Explain that it's useful both as a censorship circumvention tool
and as a landing portal for onion-only sites that needs to include
documentation for their users about how to get access.Onion Launchpad - 2024.Q2Silvio RhattoSilvio Rhatto2024-04-30https://gitlab.torproject.org/tpo/applications/vpn/-/issues/145Fix the connection bar animation2024-03-27T17:36:16ZdonutsFix the connection bar animationThe connection bar is intended to animate like so: [Figma / Tor VPN for Android](https://www.figma.com/proto/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?page-id=4280%3A1524&type=design&node-id=4621-6088&viewport=-2084%2C233%2C0.65&t=O5WUU...The connection bar is intended to animate like so: [Figma / Tor VPN for Android](https://www.figma.com/proto/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?page-id=4280%3A1524&type=design&node-id=4621-6088&viewport=-2084%2C233%2C0.65&t=O5WUUZ62ub2lXys1-1&scaling=min-zoom&starting-point-node-id=4621%3A6088&mode=design)
At the moment it appears to be doing something different. However it should match the same color transition/animation as Tor Browser's connection bar – but remain fixed at 100% of the device's width.VPN pre-alpha 07https://gitlab.torproject.org/tpo/core/onionmasq/-/issues/66implement Connectivity Handler2024-03-27T17:31:21Zcybertaimplement Connectivity HandlerAndroid offers the possibility to receive events on network connectivity changes. In order to improve onionmasq's handling of missing or flaky underlying network connectivity, we should make use if Androids ConnectivityManagerCompat to d...Android offers the possibility to receive events on network connectivity changes. In order to improve onionmasq's handling of missing or flaky underlying network connectivity, we should make use if Androids ConnectivityManagerCompat to determine if the phone has any working internet connection. Additionally we should pass that information via the JNI to the rust part of Onionmasq.VPN pre-alpha 06Micah Elizabeth ScottMicah Elizabeth Scotthttps://gitlab.torproject.org/tpo/core/onionmasq/-/issues/73Deal with failures to bootstrap more gracefully / introduce a timeout2024-03-27T17:31:10ZetaDeal with failures to bootstrap more gracefully / introduce a timeout@kwadronaut raises the example of seeing 'connecting' forever when trying to use snowflake (or another unsupported PT). We should definitely fail faster in this sort of case, given we'll be getting failures to build circuits etc. (in fac...@kwadronaut raises the example of seeing 'connecting' forever when trying to use snowflake (or another unsupported PT). We should definitely fail faster in this sort of case, given we'll be getting failures to build circuits etc. (in fact this is an arti bug), and we should probably have some form of overall timeout.VPN pre-alpha 06Micah Elizabeth ScottMicah Elizabeth Scotthttps://gitlab.torproject.org/tpo/core/onionmasq/-/issues/41Figure out how to handle complex DNS queries2024-03-27T17:27:57ZetaFigure out how to handle complex DNS queriesThis was raised in the meeting as part of the VPN app's proposal: what if e.g. an XMPP app wants to make an SRV query? Currently this would just fail, and the Tor network doesn't actually support this kind of DNS query.
Should we perhap...This was raised in the meeting as part of the VPN app's proposal: what if e.g. an XMPP app wants to make an SRV query? Currently this would just fail, and the Tor network doesn't actually support this kind of DNS query.
Should we perhaps use some random DoH / DoT server to forward only those types of query which we can't do?VPN pre-alpha 06https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41541Update builtin bridges from Circumvention Settings API2024-03-27T15:25:34Zmeskiomeskio@torproject.orgUpdate builtin bridges from Circumvention Settings APIRight now to update the builtin bridges we need to make a Tor Browser release, it would be nice if TB automatically updates them using [Circumvention Settings API](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/m...Right now to update the builtin bridges we need to make a Tor Browser release, it would be nice if TB automatically updates them using [Circumvention Settings API](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/moat.md#circumventionbuiltin).
There are two concerns I have about it:
* Users will not be happy with TB making a call to an external API without giving some consent about it.
* We don't want to make easier for censors to notice you are using Tor because of that.
I think it makes sense to update when we do other connections to moat (Connect Assist, captcha bridges, ...), I assume user has already consent to do a request to the API on those cases and having an extra connection over the domain fronting should not make it more noticeable than it already is. We could store when was the last time we had updated them, and don't update them is they are fresh (maybe 24h is a good freshness).
An extra that would be nice is to ask the user if they want to refresh the builtin bridges when they click on Settings to *Select a Built-In Bridge*. I think we should only ask if bridges hasn't being refreshed for a while (maybe 7days). The confirmation popup could have a check box with 'remember that option' or something like that, so the following times they enable builtin bridges we refresh or not without asking (if the bridges hasn't being refreshed in 7days).Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetma1ma1https://gitlab.torproject.org/tpo/ux/design/-/issues/61Draw new illustration set2024-03-27T14:34:40ZdonutsDraw new illustration setDuring the hackweek, @nicob worked on a prototype for a new illustration style:
![new-illustration-style](/uploads/5e7358be99ff09fcd647a6389eacbf25/new-illustration-style.png)
And it looks great!
The next steps are to:
0. Maybe docum...During the hackweek, @nicob worked on a prototype for a new illustration style:
![new-illustration-style](/uploads/5e7358be99ff09fcd647a6389eacbf25/new-illustration-style.png)
And it looks great!
The next steps are to:
0. Maybe document the basic rules for the style? I attempted to describe it here: [Figma / design-dot / Pages](https://www.figma.com/file/nIpahk0b9VMaeEnubiO33g/design-dot?type=design&node-id=291%3A10068&mode=design&t=fHze76LK0jCQsL6Y-1)
1. Create and agree on a list of themes to illustrate for the base set
2. Draw the illustrations!design-dot MVPnicobnicob2024-03-28