The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-05-17T09:29:00Zhttps://gitlab.torproject.org/tpo/network-health/team/-/issues/11Write up a page explaining criteria for rejecting bad relays2021-05-17T09:29:00ZGeorg KoppenWrite up a page explaining criteria for rejecting bad relaysOur community and the network health team itself (and, of course, other stake holders like the directory authorities) would benefit from having some guidelines on what we think criteria for bad-relays are.
We should write that up and pr...Our community and the network health team itself (and, of course, other stake holders like the directory authorities) would benefit from having some guidelines on what we think criteria for bad-relays are.
We should write that up and probably point at least tor-internal to it for wider feedback, so everyone is on the same page.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/web/support/-/issues/146Update debian repository instructions2021-09-08T15:56:28ZGusUpdate debian repository instructionsFrom Frontdesk:
https://support.torproject.org/apt/#apt-1
As well as the 'deb.torproject.org-keyring' package to use the signing key in a more secure manner. the problem is that "apt-key add -" saves the key to
/etc/apt/trusted.gpg.d/,...From Frontdesk:
https://support.torproject.org/apt/#apt-1
As well as the 'deb.torproject.org-keyring' package to use the signing key in a more secure manner. the problem is that "apt-key add -" saves the key to
/etc/apt/trusted.gpg.d/, and apt tries all the keys stored there to verify signatures of all repos.
third party repos should use /usr/share/keyrings/ for (non-ASCII-armored) keyrings and explicitly pin their repo to their own keyring, e.g.
deb [arch=amd64 signed-by=/usr/share/keyrings/tor_keyring.gpg] https://...
more on this can be found here:
https://wiki.debian.org/DebianRepository/UseThirdPartyGusGushttps://gitlab.torproject.org/tpo/web/community/-/issues/173Typo lins -> lines2020-12-14T21:59:27ZGusTypo lins -> linesA translator reported:
> "You can simply add it next to the first ORPort lins in your torrc file."
I guess, the word "lins" in the original text is actually "lines".A translator reported:
> "You can simply add it next to the first ORPort lins in your torrc file."
I guess, the word "lins" in the original text is actually "lines".GusGushttps://gitlab.torproject.org/tpo/web/community/-/issues/170Instructions on Fedora relay guide looks incomplete (step 2 and 3)2021-04-08T21:38:31ZGusInstructions on Fedora relay guide looks incomplete (step 2 and 3)
```
2. # 3. Add the following to /etc/yum.repos.d/tor.repo and then install the tor package.
```
http://3gldbgtv5e4god56.onion/relay/setup/guard/fedora/
```
2. # 3. Add the following to /etc/yum.repos.d/tor.repo and then install the tor package.
```
http://3gldbgtv5e4god56.onion/relay/setup/guard/fedora/GusGushttps://gitlab.torproject.org/tpo/web/community/-/issues/169Relay guide has openbsd section for guard but not for exit2022-05-18T20:32:21ZRoger DingledineRelay guide has openbsd section for guard but not for exitLet's say I want to point an openbsd operator to a guide on setting up their exit relay.
I go to https://community.torproject.org/ and click on "relay operations" which leads me to https://community.torproject.org/relay/
I guess that m...Let's say I want to point an openbsd operator to a guide on setting up their exit relay.
I go to https://community.torproject.org/ and click on "relay operations" which leads me to https://community.torproject.org/relay/
I guess that maybe 'technical setup' is what I want, so I click on it, and now I'm at https://community.torproject.org/relay/setup/
Since I'm setting up an exit relay, I click on exit relay, which takes me to https://community.torproject.org/relay/setup/exit/
On this page, there are FreeBSD instructions, but nothing about OpenBSD.
Now, there *is* an OpenBSD section on https://community.torproject.org/relay/setup/guard/ but I'm never going to find it since I'm not setting up an entry/middle node.
I wonder if we should have an "index by operating system" and an "index by type of relay" and then people can choose whichever entry point to our guide they want.https://gitlab.torproject.org/tpo/web/support/-/issues/142Create a guide to help web site owners mitigate abuse from Tor without blocki...2022-03-01T18:41:57ZJim NewsomeCreate a guide to help web site owners mitigate abuse from Tor without blocking non-abusive Tor usersSpecifically we need something that a blocked Tor user can point a site/service owner to. Today the most discoverable version of this on the main site is https://support.torproject.org/#censorship-2, which essentially boils down to just ...Specifically we need something that a blocked Tor user can point a site/service owner to. Today the most discoverable version of this on the main site is https://support.torproject.org/#censorship-2, which essentially boils down to just asking the owner to not block Tor out of altruism, without offering any technical detail or support.
Ideally such a page would help the owner determine how they're blocking Tor users in the first place (CDN configuration? Firewall? Website plugin?), and help them understand what their alternatives are.
As a first pass, such alternatives might include:
1) If the traffic isn't known to actually be causing harm, just don't block it. This may be the right solution if the exit node(s) were being blocked based on volume of traffic rather than any actual problem that traffic was causing. If there's a per-IP-address rate limit, consider raising it for known exit nodes.
2) Slowing down abusive Tor users by blocking Tor circuits, e.g. using CloudFlare's onion integration or
https://github.com/alecmuffett/eotk.
3) PrivacyPass or other proof-of-work per browser rather than per IP address.
4) Application-level mitigations.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40234Create wiki entry for developing mobile Tor Browser with Android Studio2022-11-30T16:20:22ZGeorg KoppenCreate wiki entry for developing mobile Tor Browser with Android StudioIt would be helpful for potential contributors to get some guidance on
how to set up an Andriod Studio build and hack environment for all
things needed for mobile Tor Browser development.It would be helpful for potential contributors to get some guidance on
how to set up an Andriod Studio build and hack environment for all
things needed for mobile Tor Browser development.https://gitlab.torproject.org/tpo/network-health/exitmap/-/issues/6Fix and document exitmap related bad relay tests2024-01-17T09:19:34ZGeorg KoppenFix and document exitmap related bad relay testsThis ticket is a placeholder for going over other exitmap related tests (for `checktest.py` see legacy/trac#33663) and document them while we are at it.This ticket is a placeholder for going over other exitmap related tests (for `checktest.py` see legacy/trac#33663) and document them while we are at it.https://gitlab.torproject.org/tpo/network-health/team/-/issues/5We should look over all our bad relay scanners we have and document them2022-09-19T06:26:34ZGeorg KoppenWe should look over all our bad relay scanners we have and document themGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/web/community/-/issues/167[Relay Operations][Getting Help] Add hyperlinks to IRC channel (OFTC webchat)...2021-04-08T20:19:54Zchampionquizzerchampionquizzer@torproject.org[Relay Operations][Getting Help] Add hyperlinks to IRC channel (OFTC webchat) and mailing-list archive1. In this sentence- *You can also get help by joining the IRC channel #tor-relays* on the ['Getting Help' page](https://community.torproject.org/relay/getting-help/), we must redirect the user to #tor-relays IRC channel on OFTC webchat ...1. In this sentence- *You can also get help by joining the IRC channel #tor-relays* on the ['Getting Help' page](https://community.torproject.org/relay/getting-help/), we must redirect the user to #tor-relays IRC channel on OFTC webchat i.e. https://webchat.oftc.net/?channels=tor-relays (to maintain consistency throughout our docs).
2. In this sentence- *Make sure to check out the archives!*, we must hyper link the *archives* to the tor-relays mailing-list archives here: https://lists.torproject.org/pipermail/tor-relays/championquizzerchampionquizzer@torproject.orgchampionquizzerchampionquizzer@torproject.orghttps://gitlab.torproject.org/tpo/network-health/doctor/-/issues/40007Add maintenance instructions @atagar collected and shared2022-02-28T14:57:55ZGeorg KoppenAdd maintenance instructions @atagar collected and sharedIt would be good to have a README or something explaining how `doctor` is maintained and how a hand-off is supposed to look like.It would be good to have a README or something explaining how `doctor` is maintained and how a hand-off is supposed to look like.https://gitlab.torproject.org/tpo/web/support/-/issues/140[Connecting to Tor] Add the command line option to view logs2020-12-28T16:43:02Zchampionquizzerchampionquizzer@torproject.org[Connecting to Tor] Add the command line option to view logsAn user reported on the #tor IRC channel that they couldn't launch the Tor Browser and couldn't obtain the logs either. Currently, we direct users to two ways of getting the Tor logs in the ['Connecting to Tor'](https://support.torprojec...An user reported on the #tor IRC channel that they couldn't launch the Tor Browser and couldn't obtain the logs either. Currently, we direct users to two ways of getting the Tor logs in the ['Connecting to Tor'](https://support.torproject.org/connecting/#connecting-2) support page, i.e. with the option to 'copy Tor log to Clipboard' or to navigate through the hamburger menu within the browser. We should add the option of launching the Tor Browser in terminal with the verbose flag, i.e. `./start-tor-browser.desktop --verbose` to get the logs right in the terminal (this is what helped the user to diagnose the problem in this case).championquizzerchampionquizzer@torproject.orgchampionquizzerchampionquizzer@torproject.orghttps://gitlab.torproject.org/tpo/web/community/-/issues/164I think that is a part of the relay guide that we can improve (teor)2022-01-20T19:11:28ZcypherpunksI think that is a part of the relay guide that we can improve (teor)https://lists.torproject.org/pipermail/tor-relays/2018-June/015527.html
```
I think that is a part of the relay guide that we can improve:
Relays exist so that clients can use the network.
Consensus flags exist so that clients can use ...https://lists.torproject.org/pipermail/tor-relays/2018-June/015527.html
```
I think that is a part of the relay guide that we can improve:
Relays exist so that clients can use the network.
Consensus flags exist so that clients can use the network efficiently.
Bandwidth weights are assigned so that clients can use the network efficiently.
```https://gitlab.torproject.org/tpo/web/community/-/issues/162Document pkg-config is required to compile tor with --enable-systemd on debian2022-01-20T19:11:28ZtraumschuleDocument pkg-config is required to compile tor with --enable-systemd on debianI was missing this detail to compile tor on debian with `--enable-systemd`.
This information is missing in the FAQs too:
https://support.torproject.org/
https://www.torproject.org/docs/faq#comp-install
Improving the error message to me...I was missing this detail to compile tor on debian with `--enable-systemd`.
This information is missing in the FAQs too:
https://support.torproject.org/
https://www.torproject.org/docs/faq#comp-install
Improving the error message to mention pkg-config would be nice:
> ./configure --enable-lzma=yes --enable-zstd=yes --disable-asciidoc --disable-unittests --enable-systemd=yes --prefix=/usr
{{{
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether make supports nested variables... (cached) yes
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking minix/config.h usability... no
checking minix/config.h presence... no
checking for minix/config.h... no
checking whether it is safe to define __EXTENSIONS__... yes
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking for pkg-config... no
checking for SYSTEMD... no
configure: Okay, checking for systemd a different way...
checking for SYSTEMD... no
configure: error: Explicitly requested systemd support, but systemd not found
}}}
```
$ dpkg -l|grep systemd
ii dbus-user-session 1.10.26-0+deb9u1 all simple interprocess messaging system (systemd --user integration)
ii gnome-logs 3.22.1-2 i386 viewer for the systemd journal.
ii libpam-systemd:i386 232-25+deb9u6 i386 system and service manager - PAM module
ii libsystemd-dev:i386 232-25+deb9u6 i386 systemd utility library - development files
ii libsystemd0:i386 232-25+deb9u6 i386 systemd utility library
ii systemd 232-25+deb9u6 i386 system and service manager
ii systemd-sysv 232-25+deb9u6 i386 system and service manager - SysV links
```
This was documented in 2015 (legacy/trac#16164):
> /configure --build=s390x-linux-gnu --prefix=/usr --includedir=\${prefix}/include --mandir=\${prefix}/share/man --infodir=\${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-silent-rules --libexecdir=\${prefix}/lib/tor --disable-maintainer-mode --disable-dependency-tracking --enable-systemd --prefix=/usr --mandir=\${prefix}/share/man --infodir=\${prefix}/share/info --localstatedir=/var --sysconfdir=/etc --disable-silent-rules --enable-gcc-warnings-advisory
> configure: WARNING: unrecognized options: --disable-maintainer-mode
> ...
> configure: error: Package requirements (systemd >= 209) were not met:
> No package 'systemd' found
> Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix.
> Alternatively, you may set the environment variables SYSTEMD209_CFLAGS and SYSTEMD209_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.
Trying current [build options](https://buildd.debian.org/status/fetch.php?pkg=tor&arch=i386&ver=0.3.4.9-7&stamp=1544209067&raw=0) at home also fails when pkg-config isn't present:
> ./configure --build=i686-linux-gnu --prefix=/usr --includedir=/usr/include --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc --localstatedir=/var --disable-silent-rules --libdir=/usr/lib/i386-linux-gnu --libexecdir=/usr/lib/i386-linux-gnu --disable-maintainer-mode --disable-dependency-tracking --enable-systemd --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --localstatedir=/var --sysconfdir=/etc --disable-silent-rules --enable-gcc-warnings-advisory
> configure: WARNING: unrecognized options: --disable-maintainer-mode
> ...
> checking for pkg-config... no
> checking for SYSTEMD... no
> configure: Okay, checking for systemd a different way...
> checking for SYSTEMD... no
> configure: error: Explicitly requested systemd support, but systemd not found
This ought to be common knowledge and it should be documented therefor.
Background: I was overwriting /usr/bin/tor with a compiled version without systemd support and experienced an undocumented in /usr/share/doc/tor systemd feature that lead to a restart loop (legacy/trac#28410).https://gitlab.torproject.org/tpo/web/support/-/issues/133Removed space before and after slash (/)2020-11-18T19:40:55ZGoodness ChrisugariRemoved space before and after slash (/)Space before or after a slash should be avoided, they can be used that way when quoting a poem in which case the slash indicates a line break. They should be removed since the slash is used to indicate the word "or" here.Space before or after a slash should be avoided, they can be used that way when quoting a poem in which case the slash indicates a line break. They should be removed since the slash is used to indicate the word "or" here.GusGushttps://gitlab.torproject.org/tpo/web/manual/-/issues/50Updating section is outdated2020-10-16T02:07:57ZIamhafsahUpdating section is outdatedThis phrase is outdated:"Tor Browser will prompt you to update the software once a new version has been released: **the Torbutton icon will display a yellow triangle, and you may see a written update indicator when Tor Browser opens**."This phrase is outdated:"Tor Browser will prompt you to update the software once a new version has been released: **the Torbutton icon will display a yellow triangle, and you may see a written update indicator when Tor Browser opens**."https://gitlab.torproject.org/tpo/web/support/-/issues/123Update gpg output on "How to verify Tor Browser signature"2020-10-16T02:38:07ZGusUpdate gpg output on "How to verify Tor Browser signature"
https://support.torproject.org/tbb/how-to-verify-signature/
`$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org`
```
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org...
https://support.torproject.org/tbb/how-to-verify-signature/
`$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org`
```
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" 2 new signatures
gpg: Total number processed: 1
gpg: new signatures: 2
pub rsa4096 2014-12-15 [C] [expires: 2025-07-21]
EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid [ unknown] Tor Browser Developers (signing key) <torbrowser@torproject.org>
sub rsa4096 2018-05-26 [S] [expires: 2020-12-19]
```https://gitlab.torproject.org/tpo/web/manual/-/issues/49Update Tor Browser for Android user manual docs2020-12-16T18:03:49ZGusUpdate Tor Browser for Android user manual docsAround October 13, a new Tor Browser for Android will be released and we will need to update screenshots and documentation.Around October 13, a new Tor Browser for Android will be released and we will need to update screenshots and documentation.championquizzerchampionquizzer@torproject.orgchampionquizzerchampionquizzer@torproject.orghttps://gitlab.torproject.org/tpo/core/torspec/-/issues/31Audit list of network parameters for completeness2021-09-16T14:40:39ZNick MathewsonAudit list of network parameters for completeness`dir-spec` has a big list of network parameters, but is it complete? No, it's missing at least ExtendByEd25519. What else might it be missing? We should find out.`dir-spec` has a big list of network parameters, but is it complete? No, it's missing at least ExtendByEd25519. What else might it be missing? We should find out.Nick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/web/support/-/issues/122Update pluggable transports link to tb-manual2020-10-09T14:19:46ZGusUpdate pluggable transports link to tb-manualIn this support entry:
"Several countries, including China and Iran, have found ways to detect and block connections to Tor bridges. Obfsproxy bridges address this by adding another layer of obfuscation. Setting up an obfsproxy bridge re...In this support entry:
"Several countries, including China and Iran, have found ways to detect and block connections to Tor bridges. Obfsproxy bridges address this by adding another layer of obfuscation. Setting up an obfsproxy bridge requires an additional software package and additional configurations. See our page on pluggable transports for more info."
https://support.torproject.org/censorship/censorship-7/
We need to change the link to tb-manual pluggable transports section.