The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-10-11T23:39:49Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/25248DoS mitgation: improve documentation2022-10-11T23:39:49ZcypherpunksDoS mitgation: improve documentation(some reason for opening this is: a relay operator seemed confused and started to modify the source instead of using these torrc settings)
https://lists.torproject.org/pipermail/tor-relays/2018-February/014503.html
building on top of le...(some reason for opening this is: a relay operator seemed confused and started to modify the source instead of using these torrc settings)
https://lists.torproject.org/pipermail/tor-relays/2018-February/014503.html
building on top of legacy/trac#25236
Lets add a high level overview of available DoS mitigations at the beginning of the section next to "The following options are useful only for a public relay. They control the Denial of Service mitigation subsystem."
as you did in the changelog already before going into the specific settings.
We could start by using a copy from your changelog:
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.3.2-alpha#n8
something like:
"
Tor has 3 build-in mitigation options that can be individually enabled/disabled and fine-tuned, but by default Tor directory authorities will define reasonable values for relays and no explicit configuration is required to make use of these protections.
The mitigations are:
* First: if a single client address makes too many concurrent connections (~~>100~~ "too many" is configurable via XXX), hang up on further connections.
* Second: if a
single client IP address (v4 and v6 or does it just work with IPv4?) makes circuits too quickly (more than 3 per
second, with an allowed burst of 90) while also having too many
connections open (3), refuse new create cells for the next while
(1-2 hours).
* Third: if a client asks to establish a rendezvous
point to you directly, ignore the request. These defenses can be
manually controlled by new torrc options, but relays will also
take guidance from consensus parameters, so there's no need to
configure anything manually.
"
instead of the static values add the config options in brackets.
https://www.torproject.org/docs/tor-manual-dev.html.en#DoSCircuitCreationEnabled
Does not say what 0 and 1 means. Maybe use the same wording as you use for most other boolean settings:
"If this option is set to 1, ...
* The section "DENIAL OF SERVICE MITIGATION OPTIONS" refers to the consensus
for default values, lets tell the operator how to find the current consensus values so he has actually some information where they can say "that value is to low for me my system is idle" or "oh that is not defined in consensus" -> legacy/trac#25236
will these values show on https://consensus-health.torprojec.org?Tor: 0.3.3.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/25236dos: Document torrc default values in the man page when not in the consensus2022-10-11T23:39:48ZDavid Gouletdgoulet@torproject.orgdos: Document torrc default values in the man page when not in the consensusFrom:
https://trac.torproject.org/projects/tor/ticket/24902#comment:68From:
https://trac.torproject.org/projects/tor/ticket/24902#comment:68Tor: 0.3.3.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/33894make (retroactive) proposal for DoS subsystem2022-10-11T23:39:35ZRoger Dingledinemake (retroactive) proposal for DoS subsystemIn legacy/trac#24902, dgoulet speaks of a ddos-design.txt document.
But there is no actual proposal for the overall DoS subsystem.
If we have the document around, and we just never published it, this is a great chance to notice, clean ...In legacy/trac#24902, dgoulet speaks of a ddos-design.txt document.
But there is no actual proposal for the overall DoS subsystem.
If we have the document around, and we just never published it, this is a great chance to notice, clean it up a bit, and call it proposal three-hundred-and-something. (And then maybe turn some of it into one of the spec files if that makes sense, but, one step at a time here. :)
Motivated by this month's tor-dev thread where all we have to show for the DoS subsystem design is a trac ticket number and a changelog entry.https://gitlab.torproject.org/tpo/web/manual/-/issues/129Add @getbridgesbot instructions2022-10-06T14:13:46ZGusAdd @getbridgesbot instructions
Update this page: https://tb-manual.torproject.org/bridges/
And add:
Sending "/bridges" to the dedicated Telegram channel @GetBridgesBot and then adding the bridge address received manually via copy and paste in Tor Browser: Settings ...
Update this page: https://tb-manual.torproject.org/bridges/
And add:
Sending "/bridges" to the dedicated Telegram channel @GetBridgesBot and then adding the bridge address received manually via copy and paste in Tor Browser: Settings > Connection > Bridges > Enter a bridge address you already knowchampionquizzerchampionquizzer@torproject.orgchampionquizzerchampionquizzer@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40037Rebase the branch used for our nightly builds to 78.1.0esr2022-10-04T19:36:46ZGeorg KoppenRebase the branch used for our nightly builds to 78.1.0esrMight be worth having an extra issue tracking the rebase of our esr78 branches until we move on to our "normal" workflow.Might be worth having an extra issue tracking the rebase of our esr78 branches until we move on to our "normal" workflow.Tor Browser: 10.0https://gitlab.torproject.org/tpo/community/l10n/-/issues/40064update docs with new user requirement for previews2022-10-03T09:35:53Zemmapeelupdate docs with new user requirement for previewsnow you need to add a user and an empty password to see the language previews.
i need to document this.now you need to add a user and an empty password to see the language previews.
i need to document this.emmapeelemmapeelhttps://gitlab.torproject.org/tpo/community/l10n/-/issues/40065add screenshots to transifex for new Tor Browser UI2022-09-29T15:47:43Zemmapeeladd screenshots to transifex for new Tor Browser UIthere are many changes for the next release, and new strings to translate.
- [x] pieroV has already given me the screenshots
- [ ] i need to add them to transifex and
- [ ] map all the stringsthere are many changes for the next release, and new strings to translate.
- [x] pieroV has already given me the screenshots
- [ ] i need to add them to transifex and
- [ ] map all the stringsemmapeelemmapeelhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27317document that setting RelayBandwidthRate changes RelayBandwidthBurst2022-09-28T22:11:28ZTracdocument that setting RelayBandwidthRate changes RelayBandwidthBurstwhen setting RelayBandwidthRate I didn't expect that will also change
RelayBandwidthBurst (default: 0 according to the manpage)
I only realized it after connecting to the relay via Nyx. Nyx showed that
RelayBandwidthBurst is at the sa...when setting RelayBandwidthRate I didn't expect that will also change
RelayBandwidthBurst (default: 0 according to the manpage)
I only realized it after connecting to the relay via Nyx. Nyx showed that
RelayBandwidthBurst is at the same value as RelayBandwidthRate,
even though RelayBandwidthBurst does not appear in the torrc file
**Trac**:
**Username**: a_phttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/36Lockscreen, screensaver disabled while a proxy session is active2022-09-28T21:30:47ZpromeneurLockscreen, screensaver disabled while a proxy session is activeopenSUSE 15.3
Chrome 96
snowflake 0.5.4
When someone uses snowflake and uses webrtc protocol
then
my PC lokscreen and screensaver are disabled.
It's normal if I use webrtc but not if someone uses webrtc via snowflake.openSUSE 15.3
Chrome 96
snowflake 0.5.4
When someone uses snowflake and uses webrtc protocol
then
my PC lokscreen and screensaver are disabled.
It's normal if I use webrtc but not if someone uses webrtc via snowflake.https://gitlab.torproject.org/tpo/network-health/team/-/issues/254Document metrics dashboards in our wiki2022-09-27T14:23:09ZGeorg KoppenDocument metrics dashboards in our wikiThanks mostly to @hiro's work we have a bunch of dashboards with useful data now. However, given that a lot of them have grown out of experimentation with the tooling and data there is a certain amount of "mushrooming" visible, which mak...Thanks mostly to @hiro's work we have a bunch of dashboards with useful data now. However, given that a lot of them have grown out of experimentation with the tooling and data there is a certain amount of "mushrooming" visible, which makes it hard to keep track of the important and useful dashboards. (Right now, I am fighting with a bunch of bookmarks in my browser for that, often forgetting where and whether we have data X visualized)
We should create something like metrics/dashboards in our wiki where we list our useful (could be experimental as well!) dashboards, explaining what they provide with links to them and to the scripts "sustaining" those dashboards.HiroHirohttps://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/99General policy on how the Onion Support team should respond to Onionprobe alerts2022-09-27T09:49:18ZSilvio RhattoGeneral policy on how the Onion Support team should respond to Onionprobe alertsWrite a small quick policy in what to do when an incident happen and are detected/notified by Onionprobe, including:
* Inform the interested parties (like Sponsors and/or users) of the issue, if needed.
* Check agreement when/where admi...Write a small quick policy in what to do when an incident happen and are detected/notified by Onionprobe, including:
* Inform the interested parties (like Sponsors and/or users) of the issue, if needed.
* Check agreement when/where admins allow to be notified.
* Then check if admins online (or on shift) can work on it (depends on agreed channels and current time):
* Ping on IRC.
* Ping on email.
* Ping on Signal.
* Ping on X.
This policy should be available at the Onion Support wiki.Sponsor 123: Tor Secure Access Package for USAGM [First Phase]Silvio RhattoSilvio Rhatto2022-08-31https://gitlab.torproject.org/tpo/network-health/team/-/issues/5We should look over all our bad relay scanners we have and document them2022-09-19T06:26:34ZGeorg KoppenWe should look over all our bad relay scanners we have and document themGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/40018Go over metrics-lib website and fix content/outdated links2022-09-05T16:56:14ZGeorg KoppenGo over metrics-lib website and fix content/outdated linksI was reading up on `metrics-lib` and encountered e.g. a bunch of links we should update on https://metrics.torproject.org/metrics-lib.html (like releases still pointing to DescripTor (https://dist.torproject.org/descriptor/?C=M;O=D=) et...I was reading up on `metrics-lib` and encountered e.g. a bunch of links we should update on https://metrics.torproject.org/metrics-lib.html (like releases still pointing to DescripTor (https://dist.torproject.org/descriptor/?C=M;O=D=) etc.).https://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/40044Update BridgeDB's Bridge Pool Assignments documentation2022-09-05T16:56:14ZGeorg KoppenUpdate BridgeDB's Bridge Pool Assignments documentationLooking over a recent bridge pool assignment file one can see:
```
005fd4d7decbb250055b861579e6fdc79ad17bee email transport=obfs4 ip=4 blocklist=ru
00782946f4c54ce1d028f21e541ef8440ecaa0ee settings ip=4 blocklist=ru
00a4295a8477453d6afe1...Looking over a recent bridge pool assignment file one can see:
```
005fd4d7decbb250055b861579e6fdc79ad17bee email transport=obfs4 ip=4 blocklist=ru
00782946f4c54ce1d028f21e541ef8440ecaa0ee settings ip=4 blocklist=ru
00a4295a8477453d6afe1ca4c2f19e3708e63fc4 email ip=4
00afd5ca2f89305b89171450cf34f247858f14e8 settings transport=obfs4 ip=4 blocklist=ru
00e1ae6cb75e47e363e6aef9f67a49c0e854fde7 moat transport=obfs4 ip=4
00e6f1d633d4e29db31f43d1e6e3e928e5c1810d moat transport=obfs4 ip=4 blocklist=ru
0110a6cf41a07637808fff79c0783ff37462b525 email ip=4 blocklist=ru
01292375ae04f41e7453d8e85df446c22a8d7101 settings ip=4 port=443 blocklist=ru
01341c9b4bc01b3a11e80a645a0bde45db02f04b moat transport=obfs4 ip=4
01436ef5b118fd95004a75f4616a6094d4aa4748 moat transport=obfs4 ip=4
0145c4524211a250519864627e4ae31eecccd39f moat transport=obfs4 ip=4
01520c1bb2c46bf0f54969b71217be04c1f8eb58 telegram transport=obfs4 ip=4 port=443
```
. However, our website does not know anything about `settings` or `telegram` or `ip` or `blocklist` or `transport` etc.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41249In tor-android-services, document where the code we imported comes from2022-09-01T23:00:00ZboklmIn tor-android-services, document where the code we imported comes fromIn `tor-android-service`, we have commit tor-android-service@36f9873ff075253f4c1c9e394c91031fd4ba9d4a which is adding a bunch of code:
https://gitweb.torproject.org/tor-android-service.git/commit/?id=36f9873ff075253f4c1c9e394c91031fd4ba9...In `tor-android-service`, we have commit tor-android-service@36f9873ff075253f4c1c9e394c91031fd4ba9d4a which is adding a bunch of code:
https://gitweb.torproject.org/tor-android-service.git/commit/?id=36f9873ff075253f4c1c9e394c91031fd4ba9d4a
However it seems that this code has been taken from various other places, but there is no indication of where.
Ideally we would have kept history of the projects we imported code from (for example with `git filter-branch`), or just used sub-modules if we did not modify them. But since we didn't do that, I think we should at least put somewhere the information about where all the code we include comes from.
For example the `jsocksAndroid` directory seems to be imported from https://github.com/guardianproject/jsocks or maybe https://github.com/ravn/jsocks, but there is no indication of that, or which commit was used. The directory `service/` looks similar to https://github.com/guardianproject/orbot/tree/master/orbotservice, but there is no indication that it was imported from there, or which commit was used.
I am also wondering why we have both `jsocksAndroid/` and `external/jsocks/`.
We also have a `LICENSE` file containing the Apache License, but it is unclear to what it applies since this is neither the license of Orbot of jsocks.https://gitlab.torproject.org/tpo/core/tor/-/issues/13694Ship with native build instructions for windows2022-09-01T21:32:18ZNick MathewsonShip with native build instructions for windowsIn legacy/trac#4520, we removed our mingw native compilation instructions, since they were out-of-date, and out-of-sync with our actual process. We should replace them with something better.
It's not likely to be our exact build proces...In legacy/trac#4520, we removed our mingw native compilation instructions, since they were out-of-date, and out-of-sync with our actual process. We should replace them with something better.
It's not likely to be our exact build process, though: our own binaries are cross-compiled using gitian in order to achieve reproducible builds. We should link to that, but also include a cleaned-up version for people who want to work natively on Windows.https://gitlab.torproject.org/tpo/core/tor/-/issues/13461Point to Tor.framework in contrib, for iOS and macOS2022-09-01T21:32:17ZteorPoint to Tor.framework in contrib, for iOS and macOS~~I've created an OS X Xcode project in Xcode 6.1, and I'm happy to share it with the community.
I'll post the branch as soon as I've added the changes file.~~
We should point to Tor.framework instead:
https://trac.torproject.org/proje...~~I've created an OS X Xcode project in Xcode 6.1, and I'm happy to share it with the community.
I'll post the branch as soon as I've added the changes file.~~
We should point to Tor.framework instead:
https://trac.torproject.org/projects/tor/ticket/13461#comment:30https://gitlab.torproject.org/tpo/core/tor/-/issues/29802Document the v3 onion service key files in the tor man page2022-09-01T21:29:27ZteorDocument the v3 onion service key files in the tor man pageThe tor man page is missing the names of the key files for v3 onion services.The tor man page is missing the names of the key files for v3 onion services.https://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/100Write an Onion Service survival guide2022-08-31T21:49:04ZSilvio RhattoWrite an Onion Service survival guideNeed to start working on a survival guide for S123, something like [the one from the Anti-Censorship Team](https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Guides/BridgeDB-Survival-Guide). Topics to cover:
* [x] D...Need to start working on a survival guide for S123, something like [the one from the Anti-Censorship Team](https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Guides/BridgeDB-Survival-Guide). Topics to cover:
* [x] Diagnosing an error given by Onionprobe monitoring (and how to read Onionprobe reports).
* [x] Troubleshooting EOTK.
* [x] Other useful guidance.
This guide should be available at the Onion Support wiki and also be sent upstream via merge requests (like for EOTK-specific instructions).Sponsor 123: Tor Secure Access Package for USAGM [First Phase]Silvio RhattoSilvio Rhatto2022-08-31https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/128Broken link on help page2022-08-30T21:03:58ZStefani BanerianBroken link on help pagepage
https://gitlab.torproject.org/help/gitlab-basics/start-using-git#merge-a-branch-with-default-branch
has a broken link, right under the code section.
https://gitlab.torproject.org/help/user/project/merge_requests/ gives a '404'page
https://gitlab.torproject.org/help/gitlab-basics/start-using-git#merge-a-branch-with-default-branch
has a broken link, right under the code section.
https://gitlab.torproject.org/help/user/project/merge_requests/ gives a '404'anarcatanarcat