The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-01-18T18:34:04Zhttps://gitlab.torproject.org/tpo/web/community/-/issues/302Please update content/apt/tor-deb-repo/contents.lr2023-01-18T18:34:04ZslrslrPlease update content/apt/tor-deb-repo/contents.lrHello,
https://community.torproject.org/relay/setup/bridge/debian-ubuntu/
contains insufficient commands to add repository.
I have tried to suggest modification, but it failed with message "Someone edited the file the same time you di...Hello,
https://community.torproject.org/relay/setup/bridge/debian-ubuntu/
contains insufficient commands to add repository.
I have tried to suggest modification, but it failed with message "Someone edited the file the same time you did." which is most certainly false.
[Here is new text to use please](https://bin.disroot.org/?fd2ae5d82b34dcf3#CBozMfZ856QRqAEvoD3ZGcBqTjSoakuN3jK8Qy64t9wm).
Edit this for me please.
I also wanted to mention that at https://community.torproject.org/relay/setup/bridge/debian-ubuntu/ is line:
`On Debian, the latest version obfs4proxy package is available in stable-backports.`
Which is questionable because backports is not default repository on stable Debian and you have not linked to the tutorial on how to install it ( https://backports.debian.org/Instructions/#index2h2 / https://wiki.debian.org/Backports#Using_the_command_line ) yet stable version of the Debian already have it in main repository:
`Get:1 http://ftp.debian.org/debian bullseye/main amd64 obfs4proxy amd64 0.0.8-1+b6 [1758 kB]`
So maybe consider editing that line regarding backports. I have installed from main: apt install obfs4proxyhttps://gitlab.torproject.org/tpo/web/support/-/issues/305Onion Services glossary entry misses features2023-01-18T18:33:19ZemmapeelOnion Services glossary entry misses featuresIt seems the list of advantages of Onion Services over ordinary services on the non-private web got lost at some point in the Glossary, as the text ends like this:
`Onion services offer advantages over ordinary services on the non-priva...It seems the list of advantages of Onion Services over ordinary services on the non-private web got lost at some point in the Glossary, as the text ends like this:
`Onion services offer advantages over ordinary services on the non-private web, including:`
We should add the advantages back, maybe recovering them from the trac glossary.
Ref> https://support.torproject.org/glossary/onion-services/
Reported by translator Kate_, thanks!https://gitlab.torproject.org/tpo/web/community/-/issues/256[Relays] Create an OpenSuse relay page2023-01-18T18:32:14ZGus[Relays] Create an OpenSuse relay pageWe already have instructions for running a bridge in OpenSuse. We should create a page for running a relay: https://community.torproject.org/relay/setup/guard/
https://community.torproject.org/relay/setup/bridge/opensuse/We already have instructions for running a bridge in OpenSuse. We should create a page for running a relay: https://community.torproject.org/relay/setup/guard/
https://community.torproject.org/relay/setup/bridge/opensuse/https://gitlab.torproject.org/tpo/web/support/-/issues/268Add new entry about Tor mailing lists2023-01-18T18:32:02ZGusAdd new entry about Tor mailing listsAs we have a bunch of mailing lists, it would be nice to have a page with a list of our mailing lists and a description.
We have an old trac entry:
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/emailLists
But it would be great ...As we have a bunch of mailing lists, it would be nice to have a page with a list of our mailing lists and a description.
We have an old trac entry:
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/emailLists
But it would be great to list only public and maintained lists.https://gitlab.torproject.org/tpo/web/community/-/issues/257[relays] Change 'centos-rhel' link2023-01-18T18:27:20ZGus[relays] Change 'centos-rhel' linkGeKo noted that this URL don't mention OpenSuse and so people can't end up missing the OpenSuse instructions: https://community.torproject.org/relay/setup/guard/centos-rhel/updates/
We should change this URL to guard/rpm/updates or guar...GeKo noted that this URL don't mention OpenSuse and so people can't end up missing the OpenSuse instructions: https://community.torproject.org/relay/setup/guard/centos-rhel/updates/
We should change this URL to guard/rpm/updates or guard/centos-rhel-opensuse/updates.GusGushttps://gitlab.torproject.org/tpo/web/donate-static/-/issues/100Improve *or* clarify ability of non-U.S. donors to make tax-deductible donations2023-01-18T18:22:33Zal smithImprove *or* clarify ability of non-U.S. donors to make tax-deductible donationsRight now, it's difficult for non-U.S. donors to make donations, much less tax-deductible donations, to the Tor Project, for a variety of reasons. I imagine some can be fixed and some are limitations. I'm documenting them here to conside...Right now, it's difficult for non-U.S. donors to make donations, much less tax-deductible donations, to the Tor Project, for a variety of reasons. I imagine some can be fixed and some are limitations. I'm documenting them here to consider during our re-write/re-build process.
- People don't have 'international cards' that allow them to make donations other than in their currency or in their country.
- People who want to donate live in areas where money transfers are strictly limited under the control of the government and where donating is either totally prohibited or would get them in trouble
- People who want to donate live in places that have been sanctioned by the EU or the U.S., thus cannot make a donation
- People want to make donations from countries where we are not recognized as a charitable organization, so they cannot get tax-deductible donationsal smithal smithhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40092Improve docs on network_mode: host (and network in general)2023-01-18T16:18:15ZchmacImprove docs on network_mode: host (and network in general)When I found this repo, the example line `network_mode: host` jumped out at me as suspicious. I looked up the docs and figured that it's probably because snowflake requires lots of ports or so. I figured that my trust in the tor project ...When I found this repo, the example line `network_mode: host` jumped out at me as suspicious. I looked up the docs and figured that it's probably because snowflake requires lots of ports or so. I figured that my trust in the tor project is pretty high, and so I'm running a snowflake node.
But, I'm not really sure what network conditions it needs. Does it expect that `network_mode: host` means it's running on a host which has a publicly accessible IP? Does it needs ports on that host's firewall open?
The idea behind this issue is to improve the docs in this area so that snowflake hosts like myself can figure out what network conditions are required for snowflake to work. For example, I have no idea if my node is actually functional right now, I also have no idea how to test it.
Some example questions we could aim to answer:
- What ports does snowflake run on?
- Does snowflake need to be run on a machine with a public IP?
- Does snowflake run properly if behind a NAT?
- Does snowflake require specific ports to be opened in the system firewall?
- How can a server admin test if snowflake is properly configured and working?
As an add on, it would be great to see answers to questions like these:
- How much bandwidth can one expect snowflake to use?
- Does it make sense to add any kind of limits?
- If so, how would that be done?
- Are there any security considerations to running a snowflake server?
- What sort of system resources (CPU, memory) does snowflake use?
- Does it make sense to check on this periodically for memory leaks, etc?
- How can one be notified when updates are published to the docker image?
- Is there a security mailing list where one could be notified of any security issues that require urgent update of the snowflake server?
Finally, thanks for making the tor network more resilient, snowflake looks to be an awesome improvement for people in locations with internet censorship, and thanks for working on tor in general, it's a phenomenal resource supporting the human experience.https://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/40020Onionoo protocol spec should be an api-doc2023-01-17T14:13:52ZHiroOnionoo protocol spec should be an api-docIt would be nice if onionoo protocol spec could be more like an api doc with actual methods examples and return code snippets.
Ex: https://petstore.swagger.io/#/pet/findPetsByStatusIt would be nice if onionoo protocol spec could be more like an api doc with actual methods examples and return code snippets.
Ex: https://petstore.swagger.io/#/pet/findPetsByStatushttps://gitlab.torproject.org/tpo/web/community/-/issues/286Move bridge post-install info to "Technical Setup"2023-01-11T16:38:28ZGhost UserMove bridge post-install info to "Technical Setup"<!-- This template is a great use for issues that are feature::additions or technical tasks for larger issues.-->
### Proposal
<!-- Use this section to explain the proposal and how it will work. It can be helpful to add technical detai...<!-- This template is a great use for issues that are feature::additions or technical tasks for larger issues.-->
### Proposal
<!-- Use this section to explain the proposal and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. -->
The relay post-install info is located at [/relay/setup/post-install/](https://community.torproject.org/relay/setup/post-install/), but the bridge post-install info is mixed in between the operating systems at [/relay/setup/bridge/post-install/](https://community.torproject.org/relay/setup/bridge/post-install/).
I suggest moving the bridge post-install page next to the relay post-install page at [/relay/setup/](https://community.torproject.org/relay/setup/).
What needs to be done:
- Move /relay/setup/post-install/ to /relay/setup/relay-post-install/
- Move /relay/setup/bridge/post-install/ to /relay/setup/bridge-post-install/
- Update all links to the new destination of /relay/setup/post-install/
- Update all links to the new destination of /relay/setup/bridge/post-install/
- Change the title of /relay/setup/bridge-post-install/contents.lr to "Bridge Post-install"
- Change the key of /relay/setup/bridge-post-install/contents.lr to "4"
- Change the key of /relay/setup/post-install/contents.lr from "4" to "5"
- Change the key of /relay/setup/snowflake/contents.lr from "5" to "6"
I could work on this.https://gitlab.torproject.org/tpo/core/arti/-/issues/645Android guide should be more explicit on why feature=static is required, and ...2023-01-10T19:00:58Ztrinity-1686aAndroid guide should be more explicit on why feature=static is required, and what it solves> First add the subcrates of arti you want to use to the [dependencies] section. You'll have to add features=["static"] to crates that support this feature (at the moment tor-rtcompat, tor-dirmgr and arti-client): otherwise they will fai...> First add the subcrates of arti you want to use to the [dependencies] section. You'll have to add features=["static"] to crates that support this feature (at the moment tor-rtcompat, tor-dirmgr and arti-client): otherwise they will fail either to compile or to run.
People are having issues compiling openssl. Following the above statement is enough to fix the issue, but people pointed to the guide just search for "openssl" and find nothing, so they assume there is no answer there when there actually is.
The error they get instead is quiet cryptic:
```
error: failed to run custom build command for `openssl-sys v0.9.76`
Caused by:
process didn't exit successfully: `/project-name/target/debug/build/openssl-sys-1f2017401b9375aa/build-script-main` (exit status: 101)
--- stdout
cargo:rustc-cfg=const_fn
cargo:rustc-cfg=openssl
cargo:rerun-if-env-changed=ARMV7_LINUX_ANDROIDEABI_OPENSSL_LIB_DIR
ARMV7_LINUX_ANDROIDEABI_OPENSSL_LIB_DIR unset
cargo:rerun-if-env-changed=OPENSSL_LIB_DIR
OPENSSL_LIB_DIR unset
cargo:rerun-if-env-changed=ARMV7_LINUX_ANDROIDEABI_OPENSSL_INCLUDE_DIR
ARMV7_LINUX_ANDROIDEABI_OPENSSL_INCLUDE_DIR unset
cargo:rerun-if-env-changed=OPENSSL_INCLUDE_DIR
OPENSSL_INCLUDE_DIR unset
cargo:rerun-if-env-changed=ARMV7_LINUX_ANDROIDEABI_OPENSSL_DIR
ARMV7_LINUX_ANDROIDEABI_OPENSSL_DIR unset
cargo:rerun-if-env-changed=OPENSSL_DIR
OPENSSL_DIR unset
cargo:rerun-if-env-changed=OPENSSL_NO_PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG_ALLOW_CROSS_armv7-linux-androideabi
cargo:rerun-if-env-changed=PKG_CONFIG_ALLOW_CROSS_armv7_linux_androideabi
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG_ALLOW_CROSS
cargo:rerun-if-env-changed=PKG_CONFIG_ALLOW_CROSS
cargo:rerun-if-env-changed=PKG_CONFIG_armv7-linux-androideabi
cargo:rerun-if-env-changed=PKG_CONFIG_armv7_linux_androideabi
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_armv7-linux-androideabi
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_armv7_linux_androideabi
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG_SYSROOT_DIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR
run pkg_config fail: "pkg-config has not been configured to support cross-compilation.\n\nInstall a sysroot for the target platform and configure it via\nPKG_CONFIG_SYSROOT_DIR and PKG_CONFIG_PATH, or install a\ncross-compiling wrapper for pkg-config and set it via\nPKG_CONFIG environment variable."
--- stderr
thread 'main' panicked at '
Could not find directory of OpenSSL installation, and this `-sys` crate cannot
proceed without this knowledge. If OpenSSL is installed and this crate had
trouble finding it, you can set the `OPENSSL_DIR` environment variable for the
compilation process.
Make sure you also have the development packages of openssl installed.
For example, `libssl-dev` on Ubuntu or `openssl-devel` on Fedora.
If you're in a situation where you think the directory *should* be found
automatically, please open a bug at https://github.com/sfackler/rust-openssl
and include information about your system as well as this message.
$HOST = x86_64-unknown-linux-gnu
$TARGET = armv7-linux-androideabi
openssl-sys = 0.9.76
', /home/user/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-sys-0.9.76/build/find_normal.rs:191:5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
```https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/40047Make human summary of Tor Browser design doc2023-01-09T17:43:32ZMike PerryMake human summary of Tor Browser design docWe should create a brief human-readable summary of the privacy properties of TBB, based on the Design Requirements.
We should probably include this in the short user manual, or on the download page, or both.
See also https://lists.torp...We should create a brief human-readable summary of the privacy properties of TBB, based on the Design Requirements.
We should probably include this in the short user manual, or on the download page, or both.
See also https://lists.torproject.org/pipermail/tor-talk/2012-January/022899.html.https://gitlab.torproject.org/tpo/core/torspec/-/issues/178Document auditing setups for testers to use2023-01-05T18:15:16ZMike PerryDocument auditing setups for testers to useWe've got a TBB AppArmor profile at https://trac.torproject.org/projects/tor/wiki/doc/AppArmorForTBB. On legacy/trac#5741, some dude named unknown posted iptables rules that log violations. I hear there is also an OSX Seatbelt policy flo...We've got a TBB AppArmor profile at https://trac.torproject.org/projects/tor/wiki/doc/AppArmorForTBB. On legacy/trac#5741, some dude named unknown posted iptables rules that log violations. I hear there is also an OSX Seatbelt policy floating around somewhere that may also be useful.
We should create a meta document, or perhaps just describe on https://trac.torproject.org/projects/tor/wiki/doc/build/BuildSignoff how to use these things to test for disk leaks, proxy issues, oddities, and other violations.https://gitlab.torproject.org/tpo/core/torspec/-/issues/177Create Style Guides2023-01-05T18:14:59ZMatthew FinkelCreate Style GuidesFollowing legacy/trac#26184, we should document our coding style preferences. We should consider documenting all Tor Browser-related projects.Following legacy/trac#26184, we should document our coding style preferences. We should consider documenting all Tor Browser-related projects.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20811Should users be able to set Tor Browser as their default browser?2023-01-05T17:04:13ZRoger DingledineShould users be able to set Tor Browser as their default browser?A really common user request lately has been how to set up Tor Browser as their default browser, e.g. when they click on urls in their email in thunderbird.
I'm under the impression that the current Tor Browser team answer is "don't do ...A really common user request lately has been how to set up Tor Browser as their default browser, e.g. when they click on urls in their email in thunderbird.
I'm under the impression that the current Tor Browser team answer is "don't do that, it's dangerous". Is that right? If so we should write it down explicitly, along with some intuitions for why it's dangerous so people will understand why.
And if not, we should write up some heuristics or hints or guides or something for how to do it most safely.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15797Add some explanation of certificate storage being disabled2023-01-05T16:57:13ZTracAdd some explanation of certificate storage being disabledIn Tor Browser 4.0.8 (windows) I was unable to import certificates until I changed preference security.nocertdb to false (legacy/trac#13366). I tried the directions in legacy/trac#13353 but disabling private browsing mode didn't work to...In Tor Browser 4.0.8 (windows) I was unable to import certificates until I changed preference security.nocertdb to false (legacy/trac#13366). I tried the directions in legacy/trac#13353 but disabling private browsing mode didn't work to enable the certificate storage.
There is no warning that certificate storage is disabled. When you add a certificate nothing happens. Also when you view a site with an unrecognized certificate the 'Confirm Security Exception' button does nothing. Please consider making some changes to add a message box "This feature will not work with the current settings because foo. To enable this feature do bar."
Thanks
**Trac**:
**Username**: supermariohttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15690Document how other extensions should ask to isolate their streams2023-01-05T15:50:05ZRoger DingledineDocument how other extensions should ask to isolate their streamsI'm talking to a Firefox extension developer who is installing his extension into Tor Browser and giving the resulting bundle to his users.
His extension makes network requests, and it occurred to me that the new per-tab stream isolatio...I'm talking to a Firefox extension developer who is installing his extension into Tor Browser and giving the resulting bundle to his users.
His extension makes network requests, and it occurred to me that the new per-tab stream isolation feature in Tor Browser probably lumps the requests from his extension into the catch-all circuit.
Is there a URL I can send him to that explains how his extension should set its socks username/password (or whatever it needs to do) to request its own isolation from Tor?https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40578Add README to Tor Browser2023-01-05T14:22:24ZtraumschuleAdd README to Tor BrowserI am struck that there is none.
```
tor-browser8.5a1$ find |grep -i readme
./Browser/TorBrowser/Docs/Obfsproxy/README
./Browser/TorBrowser/Docs/fteproxy/README.md
./Browser/TorBrowser/Docs/meek/README
./Browser/TorBrowser/Docs/libfte/RE...I am struck that there is none.
```
tor-browser8.5a1$ find |grep -i readme
./Browser/TorBrowser/Docs/Obfsproxy/README
./Browser/TorBrowser/Docs/fteproxy/README.md
./Browser/TorBrowser/Docs/meek/README
./Browser/TorBrowser/Docs/libfte/README.md
./Browser/TorBrowser/Docs/snowflake/README.md
```https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/33013Add file listing the main rules for tor-browser-build rbm files2023-01-05T14:20:33ZboklmAdd file listing the main rules for tor-browser-build rbm filesWe should add a file listing the main rules to follow when making changes to tor-browser-build.
legacy/trac#33012 is one example, but there are probably others.We should add a file listing the main rules to follow when making changes to tor-browser-build.
legacy/trac#33012 is one example, but there are probably others.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/32416Add some documentation about building go libraries/programs with build_go_lib2023-01-05T14:16:24ZboklmAdd some documentation about building go libraries/programs with build_go_libAs `build_go_lib` template is getting more complex, we should add some documentation about how to use it, probably into 'README.HACKING'.As `build_go_lib` template is getting more complex, we should add some documentation about how to use it, probably into 'README.HACKING'.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40559Add Tor Browser-specific licenses in about:license2023-01-05T13:54:25ZMatthew FinkelAdd Tor Browser-specific licenses in about:licenseThis idea came out of legacy/trac#33771 and legacy/trac#33772. GeKo mentioned that we don't need to ship a specific license for NSS because it is covered by `about:license`, and we could use `about:license` for the additional licenses we...This idea came out of legacy/trac#33771 and legacy/trac#33772. GeKo mentioned that we don't need to ship a specific license for NSS because it is covered by `about:license`, and we could use `about:license` for the additional licenses we must ship, as well. Currently those Tor Browser-specific licenses are controlled by tor-browser-build and they are included as text files at build-time. Extending `about:license` is a good idea.
The main disadvantage I see is downstream projects who take a tor browser package and re-use all of the tor parts but they don't use the browser. We could achieve this by continuing with adding licenses in text files and then patching them into tor-browser's `toolkit/content/license.html` at build time. I'm not very excited about the additional complexity this would require, though.