The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-11-12T20:12:23Zhttps://gitlab.torproject.org/tpo/web/support/-/issues/90Improve verifying signatures instructions, especially on Windows2023-11-12T20:12:23ZHiroImprove verifying signatures instructions, especially on WindowsFrom: https://trac.torproject.org/projects/tor/ticket/33529
The instructions on verifying signatures at https://support.torproject.org/tbb/how-to-verify-signature/ should be clearer and more concise.
A frontdesk email reads:
"In orde...From: https://trac.torproject.org/projects/tor/ticket/33529
The instructions on verifying signatures at https://support.torproject.org/tbb/how-to-verify-signature/ should be clearer and more concise.
A frontdesk email reads:
"In order to verify the integrity of the Tor browser installation file, you recommend downloading GPG4win, but then your instructions for Windows say to use a command line command that is not included with that package, and there are no instructions on how to use the GUI to verify the package (or which GUI to use, since there are at least two included in GPG4win).
https://support.torproject.org/tbb/how-to-verify-signature/
Trying to import the asc file into Kleopatra or the GNU Privacy Assistant results in a message saying that 0 certificates were imported, or no keys were found.
What's more, there is a confusing reference to the " Tor Browser Developers signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290)". Is this the key I'm supposed to be using for verification? This doesn't appear to be a PGP public key.
There's also a statement that suggests that the PGP public key file is automatically downloaded with the installation package, but it's not. "Each file on our download page is accompanied by a file with the same name as the package and the extension ".asc"." The download page does not show file names, and using the download link on the download page only downloads the exe file."https://gitlab.torproject.org/tpo/web/support/-/issues/178Support Portal: How to Access an Onion Service2023-11-13T05:06:00ZSehrish AslamSupport Portal: How to Access an Onion ServiceNote: Came across a user asking for help on Reddit on "How to setup .onion website".
On [Support Portal](https://support.torproject.org/) under [Onion Services](https://support.torproject.org/onionservices/) two important titles must b...Note: Came across a user asking for help on Reddit on "How to setup .onion website".
On [Support Portal](https://support.torproject.org/) under [Onion Services](https://support.torproject.org/onionservices/) two important titles must be added.
1. How To Access an Onion Service with a brief introduction and link to [HOW TO ACCESS AN ONION SERVICE](https://tb-manual.torproject.org/onion-services/)
2. How to Configure Onion Services for Tor with link to [How to Configure Onion Services for Tor](https://2019.www.torproject.org/docs/tor-onion-service.html.en)
IMHO, in order to make website UX/UI friendly links must be added so users find required information without any trouble. Although there is a separate page under [User Manual](https://tb-manual.torproject.org/about/) about [Onion Services](https://tb-manual.torproject.org/onion-services/) but I believe these two must be linked together.
Additionally, [Onion Services](https://support.torproject.org/glossary/) entry in Glossary must also include link to detailed description on [Onion Services](https://tb-manual.torproject.org/onion-services/)
@gus if you approve these suggestion I can work on this.https://gitlab.torproject.org/tpo/web/support/-/issues/181Add to FAQ section "Is it worth upgrading my Tor Relay"2023-11-13T05:22:53ZBurnleydevAdd to FAQ section "Is it worth upgrading my Tor Relay"Saw this question **"Is it worth upgrading my Tor Relay"** on reddit.com/r/Tor. It's worth adding it to the FAQ section to help others.Saw this question **"Is it worth upgrading my Tor Relay"** on reddit.com/r/Tor. It's worth adding it to the FAQ section to help others.https://gitlab.torproject.org/tpo/web/support/-/issues/209Suggest troubleshooting tips for Tor Browser for Android2021-12-06T17:48:30ZMoseSuggest troubleshooting tips for Tor Browser for AndroidI'd like to suggest some simple and easy tips for Android users to debug crashes and other Tor Browser issues without too much fuss. Often when an app crashes, the only information the user is given is a message like "Tor Browser has sto...I'd like to suggest some simple and easy tips for Android users to debug crashes and other Tor Browser issues without too much fuss. Often when an app crashes, the only information the user is given is a message like "Tor Browser has stopped." These tips are intended to help users provide more detailed bug reports. This is in reference to https://blog.torproject.org/comment/291677#comment-291677
Another commenter suggested adding a section about Android to the support page ["How do I view Tor Browser message log?"](http://rzuwtpc4wb3xdzrj3yeajsvm3fkq4vbeubm2tdxaqruzzzgs5dwemlad.onion/tbb/tbb-21/index.html). Additionally, the [feedback template](http://rzuwtpc4wb3xdzrj3yeajsvm3fkq4vbeubm2tdxaqruzzzgs5dwemlad.onion/misc/bug-or-feedback/index.html) should probably link to that page to make it easier to find. However this information may fit better under [Tor Mobile](http://rzuwtpc4wb3xdzrj3yeajsvm3fkq4vbeubm2tdxaqruzzzgs5dwemlad.onion/tormobile/). If we had this information on a support page somewhere, developers could easily point users to it when they report a crash or ask for help (see for example this [comment](https://blog.torproject.org/comment/291586#comment-291586)).
### Tips
#### Scoop
There is an app available on f-droid known as [Scoop](https://f-droid.org/en/packages/taco.scoop/) which monitors the Android syslog and displays a notification when it detects an app crash. It also captures a stack trace of the app that crashed, which users can copy and include with a bug report. I've had success using it with a number of apps including Tor Browser.
Scoop's UI is easy to use, however initial setup does require use of a terminal app or adb, as described in the [instructions](https://web.archive.org/web/20210427172207/https://github.com/TacoTheDank/Scoop/wiki). It does not require root.
#### Logcat
The Lineage OS project has a [tutorial](https://web.archive.org/web/20210604125212/https://wiki.lineageos.org/how-to/logcat) on using logcat. This method requires root and either adb or a terminal. There are GUI apps for viewing logcat as well (however these also require root).
#### Other ideas (more research and testing needed)
##### Browser console
- Is there a way to open the browser console in Fenix?
- Probably accessible via remote debugging (see below) regardless
##### Mozilla developer tools (remote debugging)
- Tor Browser for Android has an option in the settings UI to enable USB debugging, although I haven't tried it.
- You must enable USB debugging on the device in Android developer settings menu as well as Fenix/TB4A settings. Does not require root. Does not require adb or android tools on desktop, only Firefox or Tor Browser on desktop.
- ```about:debugging``` cannot be opened in Tor Browser for Android, and there is no UI option for WiFi debugging.
- Probably limited to high-level issues, e.g. sites not displaying properly. Unsure of its usefulness in diagnosing crashes.
- Might be too involved for the average user just wanting to report a bug.
- See https://discourse.mozilla.org/t/is-android-debugging-still-working/51681/2https://gitlab.torproject.org/tpo/web/support/-/issues/207Answer the Tor + VPN question better2023-11-08T02:30:16ZemmapeelAnswer the Tor + VPN question betterAt https://support.torproject.org/faq/faq-5/ we have a link to https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN which should be replaced as trac is not longer updated.At https://support.torproject.org/faq/faq-5/ we have a link to https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN which should be replaced as trac is not longer updated.https://gitlab.torproject.org/tpo/web/support/-/issues/94[Tor Browser 9.5][Onion services] Update URL bar onion indicators2021-08-23T16:29:33ZGus[Tor Browser 9.5][Onion services] Update URL bar onion indicatorsIn the next release, Tor Browser 9.5 will change Onion indicators in URL bar, check this ticket for more reference:
https://trac.torproject.org/projects/tor/ticket/32645
We will need to update the [documentation in support portal](http...In the next release, Tor Browser 9.5 will change Onion indicators in URL bar, check this ticket for more reference:
https://trac.torproject.org/projects/tor/ticket/32645
We will need to update the [documentation in support portal](https://support.torproject.org/onionservices/onionservices-5/) - Onion-services-5 - to reflect this change.
This modification is already available in [Tor Browser Alpha](https://www.torproject.org/download/alpha/)https://gitlab.torproject.org/tpo/web/support/-/issues/98Add Mailing List information2020-11-18T15:29:25ZemmapeelAdd Mailing List informationWe don't have mailing list information, neither on the Contact section of tpo, not in the ['Get in touch'](https://support.torproject.org/get-in-touch/) section in the support portal.
We should decide a place for it, there is some infor...We don't have mailing list information, neither on the Contact section of tpo, not in the ['Get in touch'](https://support.torproject.org/get-in-touch/) section in the support portal.
We should decide a place for it, there is some information at
https://2019.www.torproject.org/docs/documentation#MailingLists
But it should be updated.GusGushttps://gitlab.torproject.org/tpo/web/community/-/issues/144[Onion services] Add Systemli ansible onion2020-12-08T17:21:35ZGus[Onion services] Add Systemli ansible onionWe should add to Advanced section Systemli's ansible onion:
https://galaxy.ansible.com/systemli/onionWe should add to Advanced section Systemli's ansible onion:
https://galaxy.ansible.com/systemli/onionSponsor 84: Onion Guideshttps://gitlab.torproject.org/tpo/web/community/-/issues/143Create onion services talking points for advocates2021-08-23T16:31:49ZGusCreate onion services talking points for advocatesWe should make advocating for supporting tor/onion services easier, so people can point to a document when trying to convince web developers and website owners.
In Riseup's Hosting Onion Services docs there are some arguments and we can...We should make advocating for supporting tor/onion services easier, so people can point to a document when trying to convince web developers and website owners.
In Riseup's Hosting Onion Services docs there are some arguments and we can incorporate that to our main documentation:
http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion/en/security/network-security/tor/onionservices-best-practicesSponsor 84: Onion GuidesGusGus2020-09-28https://gitlab.torproject.org/tpo/web/community/-/issues/139[Onion services] Improve how to setup your onion service with unix domain soc...2020-11-23T20:32:47ZGus[Onion services] Improve how to setup your onion service with unix domain socketsIn this section we should recommend and explain how to use unix domain sockets:
http://3gldbgtv5e4god56.onion/onion-services/setup/In this section we should recommend and explain how to use unix domain sockets:
http://3gldbgtv5e4god56.onion/onion-services/setup/https://gitlab.torproject.org/tpo/core/tor/-/issues/40459Bridge-Relay HOWTO wiki update for distros with apparmor, escalade log level ...2022-10-24T20:47:43Zs7rBridge-Relay HOWTO wiki update for distros with apparmor, escalade log level when transport plugin process is killedThe bridge howto wiki instructions we currently have will not apply in Debian Buster or Bullseye (because of apparmor, and I assume the effect is the same on any distro with apparmor enabled).
Basically, the package Tor from deb.torproj...The bridge howto wiki instructions we currently have will not apply in Debian Buster or Bullseye (because of apparmor, and I assume the effect is the same on any distro with apparmor enabled).
Basically, the package Tor from deb.torproject.org comes with apparmor settings in `/etc/apparmor.d/abstractions/tor` that includes `/usr/bin/obfs4proxy Pix,` , but in case obfs4proxy executable is installed at a different path, it won't work:
audit[2994]: AVC apparmor="DENIED" operation="exec" profile="system_tor" name="/usr/local/bin/obfs4proxy" pid=2994 comm="tor" requested_mask="x" denied_mask="x" fsuid=107 ouid=0
kernel: audit: type=1400 audit(1630685584.124:19): apparmor="DENIED" operation="exec" profile="system_tor" name="/usr/local/bin/obfs4proxy" pid=2994 comm="tor" requested_mask="x" denied_mask="x" >
Also, Tor will not complain about it in the log if set to default `notice` level. If you switch to `info` :
[info] process_exec(): Starting new process: /usr/local/bin/obfs4proxy
[info] launch_managed_proxy(): Managed proxy at '/usr/local/bin/obfs4proxy' has spawned with PID '1856'.
These should be set to `warn` level I guess?
The simple fix is to edit `/etc/apparmor.d/abstractions/tor` and add/edit the obfs4proxy path if different from `/usr/bin/obfs4proxy` (which is the default) and reload apparmor service. We should add this extra step in the bridge relay wiki howto and explain that it is necessary if the pluggable transport is installed in a different path than `/usr/bin/$transport` in addition to the libcap2-bin step and `NoNewPrivileges=no` step in `tor@default.service` and `tor@.service`.https://gitlab.torproject.org/tpo/core/torspec/-/issues/7Authorization types for v3 onion service have to be clarified in documentation2022-04-21T16:40:01ZTracAuthorization types for v3 onion service have to be clarified in documentationProblem 1. Official [[https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt|spec]] mentions stealth auth:
> [TODO: Also specify stealth client authorization.].
However, stealth auth is only used for v2 onion services. It sh...Problem 1. Official [[https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt|spec]] mentions stealth auth:
> [TODO: Also specify stealth client authorization.].
However, stealth auth is only used for v2 onion services. It should be fixed.
----
Problem 2. According to teor's [[https://trac.torproject.org/projects/tor/ticket/20700#comment:23|comment]] the following auth types were planned: 'descriptor', 'intro', and 'standard'. However, only 'descriptor' type is documented by spec (man page for tor alpha refers to spec for details). Other auth types are not documented at all, though spec gives a strong impression that 'descriptor' is only one of possible authentication types.
If tor project already has some understanding of these future planned auth types, they must be described at least in tickets. If it is not the case, somewhere (e.g. in man page which now refers to spec) we should write that 'descriptor' is the only auth type which will be supported in foreseeable future.
**Trac**:
**Username**: geoiphttps://gitlab.torproject.org/tpo/web/community/-/issues/117[Onion Services] How to launch a site w/ onionshare2021-08-23T16:31:49ZGus[Onion Services] How to launch a site w/ onionshareIn onionshare you can launch a static website. It would be nice to have this how to in onion services section.In onionshare you can launch a static website. It would be nice to have this how to in onion services section.Sponsor 84: Onion Guideshttps://gitlab.torproject.org/tpo/web/support/-/issues/115Update "How to report bug or feedback" and remove Trac2020-08-27T16:32:19ZGusUpdate "How to report bug or feedback" and remove TracSince we're moving from Trac, we will need to update our documentation to explain how to report bug or give feedback.
http://4bflp2c4tnynnbes.onion/misc/bug-or-feedback/Since we're moving from Trac, we will need to update our documentation to explain how to report bug or give feedback.
http://4bflp2c4tnynnbes.onion/misc/bug-or-feedback/https://gitlab.torproject.org/tpo/web/support/-/issues/116[Operators] New question - What happens if an ISP blocks some Tor dir auths?2023-11-22T13:04:18ZGus[Operators] New question - What happens if an ISP blocks some Tor dir auths? What happens if an ISP blocks all/some Tor directory authorities? a. As a relay operator: Can I setup a relay on this ISP? b. As a user: Can I connect to Tor (and hope fallback dirs will work)? What happens if an ISP blocks all/some Tor directory authorities? a. As a relay operator: Can I setup a relay on this ISP? b. As a user: Can I connect to Tor (and hope fallback dirs will work)?https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/5767Document auditing setups for testers to use2023-01-05T16:56:22ZMike PerryDocument auditing setups for testers to useWe've got a TBB AppArmor profile at https://trac.torproject.org/projects/tor/wiki/doc/AppArmorForTBB. On legacy/trac#5741, some dude named unknown posted iptables rules that log violations. I hear there is also an OSX Seatbelt policy flo...We've got a TBB AppArmor profile at https://trac.torproject.org/projects/tor/wiki/doc/AppArmorForTBB. On legacy/trac#5741, some dude named unknown posted iptables rules that log violations. I hear there is also an OSX Seatbelt policy floating around somewhere that may also be useful.
We should create a meta document, or perhaps just describe on https://trac.torproject.org/projects/tor/wiki/doc/build/BuildSignoff how to use these things to test for disk leaks, proxy issues, oddities, and other violations.https://gitlab.torproject.org/tpo/applications/team/-/issues/18Document auditing setups for testers to use2023-01-05T18:15:17ZMike PerryDocument auditing setups for testers to useWe've got a TBB AppArmor profile at https://trac.torproject.org/projects/tor/wiki/doc/AppArmorForTBB. On legacy/trac#5741, some dude named unknown posted iptables rules that log violations. I hear there is also an OSX Seatbelt policy flo...We've got a TBB AppArmor profile at https://trac.torproject.org/projects/tor/wiki/doc/AppArmorForTBB. On legacy/trac#5741, some dude named unknown posted iptables rules that log violations. I hear there is also an OSX Seatbelt policy floating around somewhere that may also be useful.
We should create a meta document, or perhaps just describe on https://trac.torproject.org/projects/tor/wiki/doc/build/BuildSignoff how to use these things to test for disk leaks, proxy issues, oddities, and other violations.https://gitlab.torproject.org/tpo/core/torspec/-/issues/178Document auditing setups for testers to use2023-01-05T18:15:16ZMike PerryDocument auditing setups for testers to useWe've got a TBB AppArmor profile at https://trac.torproject.org/projects/tor/wiki/doc/AppArmorForTBB. On legacy/trac#5741, some dude named unknown posted iptables rules that log violations. I hear there is also an OSX Seatbelt policy flo...We've got a TBB AppArmor profile at https://trac.torproject.org/projects/tor/wiki/doc/AppArmorForTBB. On legacy/trac#5741, some dude named unknown posted iptables rules that log violations. I hear there is also an OSX Seatbelt policy floating around somewhere that may also be useful.
We should create a meta document, or perhaps just describe on https://trac.torproject.org/projects/tor/wiki/doc/build/BuildSignoff how to use these things to test for disk leaks, proxy issues, oddities, and other violations.https://gitlab.torproject.org/tpo/web/support/-/issues/117Remove offensive terminology2020-10-09T15:20:14ZGusRemove offensive terminologyI've found some "whitelist" and "blacklist" in our support docs, and we should replace that with a better terminology. See:
https://tools.ietf.org/id/draft-knodel-terminology-00.html#rfc.section.1.2I've found some "whitelist" and "blacklist" in our support docs, and we should replace that with a better terminology. See:
https://tools.ietf.org/id/draft-knodel-terminology-00.html#rfc.section.1.2GusGushttps://gitlab.torproject.org/tpo/web/community/-/issues/136[Onion Services] How to use eotk2020-11-23T20:31:11ZGus[Onion Services] How to use eotkWrite a guide on how to use EOTK to onionize your own website.Write a guide on how to use EOTK to onionize your own website.Sponsor 84: Onion Guides