The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-01-18T18:32:14Zhttps://gitlab.torproject.org/tpo/web/community/-/issues/256[Relays] Create an OpenSuse relay page2023-01-18T18:32:14ZGus[Relays] Create an OpenSuse relay pageWe already have instructions for running a bridge in OpenSuse. We should create a page for running a relay: https://community.torproject.org/relay/setup/guard/
https://community.torproject.org/relay/setup/bridge/opensuse/We already have instructions for running a bridge in OpenSuse. We should create a page for running a relay: https://community.torproject.org/relay/setup/guard/
https://community.torproject.org/relay/setup/bridge/opensuse/https://gitlab.torproject.org/tpo/web/support/-/issues/288Add Onion-Location to the glossary2023-11-06T21:18:57ZemmapeelAdd Onion-Location to the glossaryThere for sure are more updates needed, but I think at least this term, spelled maybe as 'Onion Location', has a place in the Glossary.
My idea is to have a brief introduction with links to deeper docs.
Anyone wants to volunteer a defi...There for sure are more updates needed, but I think at least this term, spelled maybe as 'Onion Location', has a place in the Glossary.
My idea is to have a brief introduction with links to deeper docs.
Anyone wants to volunteer a definition?https://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/30Build a comprehensible Onion Service checklist/documentation2024-03-21T11:55:56ZSilvio RhattoBuild a comprehensible Onion Service checklist/documentation# Tasks
* [x] Create a wiki page for a public Onion Service checklist/documentation.
Done as [Service-Checklist][].
* [x] Move part (if not all) of this documentation to the the [Onion Service
"portal"][], to the [upcoming D...# Tasks
* [x] Create a wiki page for a public Onion Service checklist/documentation.
Done as [Service-Checklist][].
* [x] Move part (if not all) of this documentation to the the [Onion Service
"portal"][], to the [upcoming Developer Portal][], to separate page, or to
the [ecosystem docs web checklist][]. Moved to the latter.
* [ ] Write a comprehensible and public Onion Service checklist/documentation.
* [ ] Split or tag items as "must have", "nice to have", "could have" or something
in the line of the [MoSCoW method][].
[Service-Checklist]: https://gitlab.torproject.org/tpo/onion-services/onion-support/-/wikis/Documentation/Service-Checklist
[upcoming Developer Portal]: https://gitlab.torproject.org/groups/tpo/-/milestones/23
[Onion Service "portal"]: https://community.torproject.org/onion-services
[ecosystem docs web checklist]: https://gitlab.torproject.org/tpo/onion-services/portal/-/blob/main/docs/apps/web/checklist.md
[MoSCoW method]: https://en.wikipedia.org/wiki/MoSCoW_method
# Contents
Documentation might including topics like:
* [ ] Setting up:
* [ ] Example with [Apache](https://httpd.apache.org) (and remark about UNIX sockets not being supported).
* [ ] Example with [NGINX](https://www.nginx.com/) (TCP and UNIX sockets).
* [ ] Example with [lighttpd](https://www.lighttpd.net) (and note about UNIX sockets support).
* [ ] Example with [Caddy](https://caddyserver.com/) (does it support UNIX sockets?).
* [ ] Best practices:
* [ ] The slightly outdated but very good [Riseup documentation about Hosting Onion Services](https://help.riseup.net/en/security/network-security/tor/onionservices-best-practices).
* [ ] Relay security checklist (if exists), since the Onion Service checklist could be built atop of more general checklists about running a Tor node (but with the warning that no relay should run along the Onion Service instance).
* [ ] See existing and legacy docs like the [legacy OperationalSecurity page](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/OperationalSecurity).
* [ ] Making sure the system clock is synchronized.
* [ ] Setup the Onion Location header (for sites accessible also from outside the Tor network).
* [ ] Encrypted backup of .onion keys.
* [ ] Consider **NOT** to use single mode/non-anonymous Onion Services
(`HiddenServiceSingleHopMode` and `HiddenServiceNonAnonymousMode`) if
distinct sites are hosted in the same provider/virtual machine and if relating
each other is a concern. Like, suppose many distinct sites have their onions at
the same place. Using single mode would mean it's easy to determine that these
sites have their .onions hosted in the same location. By default
`HiddenServiceSingleHopMode` and `HiddenServiceNonAnonymousMode` are not set,
but depending on the tooling used to deploy this might not be the case.
* [Where to put the onion service webserver socket](https://gitlab.torproject.org/tpo/web/community/-/issues/180).
* [ ] Optional/Advanced:
* [ ] Load balancing:
* [ ] Introduction (reusing part of the existing [Onionspray](https://tpo.pages.torproject.net/onion-services/onionspray/) documentation about load balancing: [introduction](https://tpo.pages.torproject.net/onion-services/onionspray/guides/balance/) and [topologies](https://tpo.pages.torproject.net/onion-services/onionspray/guides/balance/topologies/)).
* [ ] Setting up [Onionbalance](https://gitlab.torproject.org/tpo/onion-services/onionbalance):
* [ ] Consider that using Onionbalance is also a measure for protecting the
main Onion Service keys, as compromised backends would not expose the
main keys. Check upcoming [security analysis](https://gitlab.torproject.org/tpo/onion-services/onionbalance/-/issues/25) for details.
* [ ] Configure [Vanguards](https://github.com/mikeperry-tor/vanguards) on each backend.
* [ ] Vanity address generation (using [mkp224o](https://github.com/cathugger/mkp224o) or other compatible tools)?
* [ ] Setup HTTPS with valid x509 certificates (and automatic HTTP -> HTTPS
connection upgrade, like with automatic HTTP-to-HTTPS redirection and/or
the HSTS header).
* [ ] Setup Onion Names (HTTPS Everywhere patch, or [whatever is on it's place](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40458#note_2777495)).
* [ ] Onion v3 auth (current unsupported by Onionbalance, [see tpo/core/onionbalance#5](https://gitlab.torproject.org/tpo/core/onionbalance/-/issues/5)).
* [ ] [Alt-Svc Header](https://blog.cloudflare.com/cloudflare-onion-service/) (as an alternative or compliment to the `Onion-Location` header).
* [ ] Performance:
* [ ] Assets: consider to provide image, video and other assets optimally
compressed to alleviate bandwidth comsumption in the Onion Service. While
this is a general recommendation for any site, this can be of special
importance for Onion Services. It might be worth checking browser support for
storage-efficient formats (see tpo/applications/tor-browser#41664 for a
discussion example).
* [ ] Risk analysis:
* [ ] De-anonymization:
* [ ] [This great analysis from Vanguards](https://github.com/mikeperry-tor/vanguards/blob/master/README_SECURITY.md).
* [ ] Detecting/correlating online/offline patterns.
* [ ] Server fingerprinting.
* [ ] Metrics:
* [ ] Using the MetricsPort (and/or a web panel):
* [ ] Locally (as usually recommended).
* [ ] Or through an [authenticated
.onion](https://community.torproject.org/onion-services/advanced/client-auth/)
to enable remote monitoring? Which plugin could be used by Prometheus to fetch
data from such a service? [Example Prometheus
configuration](https://github.com/prometheus/blackbox_exporter/issues/264).https://gitlab.torproject.org/tpo/network-health/onbasca/-/issues/84Document number of threads configuration depending on the machine available b...2022-03-03T11:41:08ZjugaDocument number of threads configuration depending on the machine available bandwidthFor instance, how many threads can we have when the machine available bandwidth is 100Mbps or 1Gbps.
Based on what we talked in https://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsNetworkTeam/Notes/SBWSRoadmap#QuestionsFor instance, how many threads can we have when the machine available bandwidth is 100Mbps or 1Gbps.
Based on what we talked in https://trac.torproject.org/projects/tor/wiki/org/meetings/2019BrusselsNetworkTeam/Notes/SBWSRoadmap#Questionsonbasca: 1.1https://gitlab.torproject.org/tpo/web/community/-/issues/255[slides] text overflows out of the slide2022-05-06T01:39:43Zemmapeel[slides] text overflows out of the slideThe text on the presentation overflows very easily, and does not let you read the last phrase.
See for example:
![overflow.cleaned](/uploads/3aef8e2a1cbad8da0706b153efc3accb/overflow.cleaned.png)The text on the presentation overflows very easily, and does not let you read the last phrase.
See for example:
![overflow.cleaned](/uploads/3aef8e2a1cbad8da0706b153efc3accb/overflow.cleaned.png)https://gitlab.torproject.org/tpo/web/support/-/issues/287[Censorship] Point to the 'snowflake' tag (on Tor forum) in the entry 'What i...2022-04-25T17:49:28Zchampionquizzerchampionquizzer@torproject.org[Censorship] Point to the 'snowflake' tag (on Tor forum) in the entry 'What is Snowflake'Since we have some quality posts on the forum now, we are experimenting sorting articles on the forum with specific [tags](https://meta.discourse.org/t/a-comprehensive-guide-to-discourse-tags/121041). We have now created one for '[snowfl...Since we have some quality posts on the forum now, we are experimenting sorting articles on the forum with specific [tags](https://meta.discourse.org/t/a-comprehensive-guide-to-discourse-tags/121041). We have now created one for '[snowflake](https://forum.torproject.net/tag/snowflake
)' and I believe we can point users to that from the Support FAQGusGushttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40102Several devices on the same network ?2022-03-01T15:55:27ZcypherpunksSeveral devices on the same network ?Hi !
I got in touch with you once with that question :
- Is it possible to install Snowflake on all the devices connected to the same local network ? (Ex : On a family, on 2 PCs)
Your answer :
- Mmm, it's not recommended.
My request :
...Hi !
I got in touch with you once with that question :
- Is it possible to install Snowflake on all the devices connected to the same local network ? (Ex : On a family, on 2 PCs)
Your answer :
- Mmm, it's not recommended.
My request :
- To know if your answer is still relevant
- Whatever, can you write in the Wiki/website FAQ, etc. ?
Thank you ! Tons of love. :) ♥https://gitlab.torproject.org/tpo/network-health/onbasca/-/issues/51Update license and copyright2023-09-21T10:34:49ZGeorg KoppenUpdate license and copyrightWe should think about which license we actually want for onbasca (in particular as it borrows ideas/code from sbws) and update the copyright notice, too. It should include at least TPI in addition to @juga.We should think about which license we actually want for onbasca (in particular as it borrows ideas/code from sbws) and update the copyright notice, too. It should include at least TPI in addition to @juga.onbasca: 1.0jugajugahttps://gitlab.torproject.org/tpo/web/community/-/issues/253Update Windows guide to include Windows Firewall2022-02-15T19:29:19ZemmapeelUpdate Windows guide to include Windows Firewall[As reported by lokodlare in our forum](https://forum.torproject.net/t/high-speed-relays-on-windows-not-great-not-terrible/2056) we should include information about Windows Firewall on our Windows instructions at https://community.torpro...[As reported by lokodlare in our forum](https://forum.torproject.net/t/high-speed-relays-on-windows-not-great-not-terrible/2056) we should include information about Windows Firewall on our Windows instructions at https://community.torproject.org/relay/setup/guard/windows/, because our guide _"sadly omits to even mention Windows’ integrated Firewall. Windows Firewall is enabled by default in all more recent versions of Windows (for good reason!) and you will need to create new rules for your tor relay(s) or bridge(s) to be reachable from the outside"_.https://gitlab.torproject.org/tpo/web/community/-/issues/250snowflake: add debian package as installation method2022-08-03T01:37:40Ztxt.filesnowflake: add debian package as installation method<!--
* Use this issue template for suggesting new docs or updates to existing docs.
-->
### Problem to solve
<!-- Include the following detail as necessary:
-->
* On debian its a good idea to use the package manager instead of docker/a...<!--
* Use this issue template for suggesting new docs or updates to existing docs.
-->
### Problem to solve
<!-- Include the following detail as necessary:
-->
* On debian its a good idea to use the package manager instead of docker/ansible/self-compilation
* debian has a snowflake-proxy package
### Further details
<!--
* Include use cases, benefits, and/or goals for this work.
* If adding content: What audience is it intended for? (What roles and scenarios?)
-->
* https://packages.debian.org/search?keywords=snowflake%2Dproxy
### Proposal
<!-- Further specifics for how can we solve the problem. -->
Add installation via debian packages to `content/relay/setup/snowflake/standalone/contents.lr`.
### Who can address the issue
<!-- What if any special expertise is required to resolve this issue? -->
Anyperson able to write text.
### Other links/references
<!-- E.g. related Tor issues/MRs -->https://gitlab.torproject.org/tpo/web/support/-/issues/286Add David's key2022-02-22T13:23:52ZbmwiedemannAdd David's keydistribution packagers need to know who is authorized to sign tarballs
because tor is quite important software to users.
With the release of 0.4.6.10, the signing changed, so please update gpg fingerprints on support.torproject.orgdistribution packagers need to know who is authorized to sign tarballs
because tor is quite important software to users.
With the release of 0.4.6.10, the signing changed, so please update gpg fingerprints on support.torproject.orgGusGushttps://gitlab.torproject.org/tpo/community/l10n/-/issues/40057recreate graphics in svg to offer up for translation2022-10-26T20:41:06Zemmapeelrecreate graphics in svg to offer up for translationthe graph at https://community.torproject.org/training/resources/all-about-tor/#/0/11 , which is located at https://community.torproject.org/static/images/training/slides/all-about-tor/tor-browser-features.png, should be recreated on svg...the graph at https://community.torproject.org/training/resources/all-about-tor/#/0/11 , which is located at https://community.torproject.org/static/images/training/slides/all-about-tor/tor-browser-features.png, should be recreated on svg format or in some way be translated for the other locales of the page.
Same with the graph at https://community.torproject.org/training/resources/all-about-tor/#/0/7
the first graph is:
![tor-browser-features](/uploads/ec46350e3cda8656103dc96f616e002f/tor-browser-features.png)
and the second (added to ticket on Feb. 17) is:
![how-tor-relays-work](/uploads/48e17c684d8e73ede77d97dbc839757f/how-tor-relays-work.png)emmapeelemmapeelhttps://gitlab.torproject.org/tpo/ux/team/-/issues/75Evaluate if Tor Browser is meeting the needs of our users2023-06-28T16:20:08ZMatthew FinkelEvaluate if Tor Browser is meeting the needs of our usersTor Browser has many goals as defined in the [Design document](https://2019.www.torproject.org/projects/torbrowser/design/), but we should take a step backward and look at the larger picture of whether these goals are actually important ...Tor Browser has many goals as defined in the [Design document](https://2019.www.torproject.org/projects/torbrowser/design/), but we should take a step backward and look at the larger picture of whether these goals are actually important for the [people](https://community.torproject.org/user-research/persona/) we are trying to protect.
We should be able to justify our general design requirements through the needs of our users, instead of defining the strictest-possible private browser design and then applying that to all of the use cases. Indeed, this should influence tpo/applications/tor-browser-spec#25021.https://gitlab.torproject.org/tpo/community/support/-/issues/40061Define a process to evaluate docs mirrors availability in China2022-10-26T20:47:50ZGusDefine a process to evaluate docs mirrors availability in ChinaAs part of S96 work, we want to track if/when a Tor documentation mirror is blocked in China, so we can advertise a new one.As part of S96 work, we want to track if/when a Tor documentation mirror is blocked in China, so we can advertise a new one.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & TibetGusGushttps://gitlab.torproject.org/tpo/network-health/team/-/issues/170Add a section about prefered way to distribute packages at Python Guidelines2022-02-28T14:17:59ZjugaAdd a section about prefered way to distribute packages at Python GuidelinesAs commented at https://gitlab.torproject.org/tpo/network-health/sbws/-/issues/28759#note_2772472 we thought it might be useful to have an small section about distributing Python packages at https://gitlab.torproject.org/tpo/network-heal...As commented at https://gitlab.torproject.org/tpo/network-health/sbws/-/issues/28759#note_2772472 we thought it might be useful to have an small section about distributing Python packages at https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Python-guidelines.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40421Expand/revise android build docs2022-12-22T10:54:03ZaguestuserExpand/revise android build docs
# context
- this build workflow has several layers with lots of moving parts, some stale docs, and non-obvious gotchas could use some documentation to make it easier/faster to avoid/fix mistakes
- we could also (IMHO) use some common kn...
# context
- this build workflow has several layers with lots of moving parts, some stale docs, and non-obvious gotchas could use some documentation to make it easier/faster to avoid/fix mistakes
- we could also (IMHO) use some common knowledge of steps we take during builds (gleaned from discussion in tor-browser#40784 and tor-browser-build#40418) to communicate more smoothly about our work
# tasks
- [ ] expand `/docs/how-to-create-gradle-dependencies-list.txt` to include more explicit pointers of when manual overrides for `git_url` and `git_target` are needed in step (1), and how copying/renaming `gradle-dependencies.txt` works in step (3)
- [ ] add `/docs/how-to-run-android-build` to capture all steps for generating and publishing a build for a new in a TODO-list-like formathttps://gitlab.torproject.org/tpo/web/support/-/issues/285unify tor installation per platform2024-03-28T00:29:36Znyxnorunify tor installation per platform<!--
* Use this issue template for suggesting new docs or updates to existing docs.
-->
### Problem to solve
<!-- Include the following detail as necessary:
-->
* What feature(s) affected?
* What docs or doc section affected? Include ...<!--
* Use this issue template for suggesting new docs or updates to existing docs.
-->
### Problem to solve
<!-- Include the following detail as necessary:
-->
* What feature(s) affected?
* What docs or doc section affected? Include links or paths.
* Is there a problem with a specific document, or a feature/process that's not addressed sufficiently in docs?
* Any other ideas or requests?
There is not unified tor installation per package manager. One can find for OpenBSD on the `relay/setup/guard` and `relay/setup/bridge`, in which the instructions differ.
### Further details
<!--
* Include use cases, benefits, and/or goals for this work.
* If adding content: What audience is it intended for? (What roles and scenarios?)
-->
* https://community.torproject.org/relay/setup/guard/openbsd/
* https://community.torproject.org/relay/setup/bridge/openbsd/
### Proposal
<!-- Further specifics for how can we solve the problem. -->
My proposal is to maintain a tor/installation or any other name to instruct on ho to install tor per platform. The relay/setup guides will refer to this documentation and them they will slim down to just contain information about how to configure the wanted relay type.
### Who can address the issue
<!-- What if any special expertise is required to resolve this issue? -->
@gus if possible, create a page https://community.torproject.org/tor/pkg-manager or something like it.ebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40043Document the new censorship-circumvention APIs2022-04-20T11:36:40ZrichardDocument the new censorship-circumvention APIsWe need a centralized place we can point developers to for directions on consuming the new (and old) Moat APIs.We need a centralized place we can point developers to for directions on consuming the new (and old) Moat APIs.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetmeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/web/community/-/issues/244Install instructions don't seem to be correct for bridge relay on new ubuntu ...2022-02-22T12:47:22Zmiketwenty1Install instructions don't seem to be correct for bridge relay on new ubuntu instance 20.04I've gone through the guide here:
https://community.torproject.org/relay/setup/bridge/debian-ubuntu/
When I hit this step:
`systemctl enable --now tor@default`
I'll get this:
```
The unit files have no installation config (WantedBy=, R...I've gone through the guide here:
https://community.torproject.org/relay/setup/bridge/debian-ubuntu/
When I hit this step:
`systemctl enable --now tor@default`
I'll get this:
```
The unit files have no installation config (WantedBy=, RequiredBy=, Also=,
Alias= settings in the [Install] section, and DefaultInstance= for template
units). This means they are not meant to be enabled using systemctl.
Possible reasons for having this kind of units are:
• A unit may be statically enabled by being symlinked from another unit's
.wants/ or .requires/ directory.
• A unit's purpose may be to act as a helper for some other unit which has
a requirement dependency on it.
• A unit may be started when needed via activation (socket, path, timer,
D-Bus, udev, scripted systemctl call, ...).
• In case of template units, the unit is meant to be enabled with some
instance name specified.
Job for tor@default.service failed because the control process exited with error code.
See "systemctl status tor@default.service" and "journalctl -xe" for details.
```
I'm using a generic Ubuntu 20.04 instance on EC2/AWS.
Indeed the error message seems correct. It seems I need to manually edit:
`/lib/systemd/system/tor@default.service` which is missing the [Install] section at the bottom.
After adding:
```
[Install]
WantedBy=multi-user.target
```
To the bottom of `tor@default.service` unit file, it fixes the issue of me running, `systemctl enable --now tor@default`.
But my main question is, should this unit file be manually updated? or is the install doc missing a step? or is something else going wrong?
Thanks!https://gitlab.torproject.org/tpo/ux/research/-/issues/59Create page that answers common questions about independent user research2023-12-08T18:56:47ZNahCreate page that answers common questions about independent user researchFrom time to time, independent User Researchers (some academics, some funded by other orgs) contact us to help them share their call for participation, either through e-mail, mailings lists or using Tor's social media.
It would be good ...From time to time, independent User Researchers (some academics, some funded by other orgs) contact us to help them share their call for participation, either through e-mail, mailings lists or using Tor's social media.
It would be good to have a topic on our User Research page explaining which mailing lists are better to recruit participants, and how to have your social media quoted by Tor communication channels.