The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-09-30T13:25:26Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/28275hs-v3: Rotate intro points and close RP circuits when removing client auth se...2021-09-30T13:25:26ZDavid Gouletdgoulet@torproject.orghs-v3: Rotate intro points and close RP circuits when removing client auth service sideOn the service side (only), when a client authorization is removed and then tor is HUP, right now the service notices that and re-upload a new descriptor containing that new auth.
However, the into points are most likely kept as is (if ...On the service side (only), when a client authorization is removed and then tor is HUP, right now the service notices that and re-upload a new descriptor containing that new auth.
However, the into points are most likely kept as is (if no normal rotation happened during re-build) which means that a revoked client can still access the service with their cached descriptor because the intro points are still valid...
Furthermore, the RP circuits for that client aren't closed.
Security wise, that is not ideal to have a "not really revoked client" ;). Fortunately, only applies to 0.3.5.1-alpha and onward so no need for a TROVE.Tor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/28560hs: Mention in the manpage that Sandbox and adding a service with the control...2021-09-30T13:25:26ZDavid Gouletdgoulet@torproject.orghs: Mention in the manpage that Sandbox and adding a service with the control port failsFrom legacy/trac#16106.
We can't tell the sandbox about a new `HiddenServiceDir` at runtime so this will always fail until we get a better sandbox system.
For now, we should at least document it in the manpage.From legacy/trac#16106.
We can't tell the sandbox about a new `HiddenServiceDir` at runtime so this will always fail until we get a better sandbox system.
For now, we should at least document it in the manpage.Tor: 0.4.0.x-finalrl1987rl1987https://gitlab.torproject.org/tpo/core/tor/-/issues/31812http URL's in docs/comments should be https2021-07-22T16:19:25ZJeremyRandhttp URL's in docs/comments should be httpsThe documentation and comments in Tor's repo have quite a few http URL's that should be changed to https. Patch incoming shortly for this.The documentation and comments in Tor's repo have quite a few http URL's that should be changed to https. Patch incoming shortly for this.Tor: 0.4.4.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/web/community/-/issues/164I think that is a part of the relay guide that we can improve (teor)2022-01-20T19:11:28ZcypherpunksI think that is a part of the relay guide that we can improve (teor)https://lists.torproject.org/pipermail/tor-relays/2018-June/015527.html
```
I think that is a part of the relay guide that we can improve:
Relays exist so that clients can use the network.
Consensus flags exist so that clients can use ...https://lists.torproject.org/pipermail/tor-relays/2018-June/015527.html
```
I think that is a part of the relay guide that we can improve:
Relays exist so that clients can use the network.
Consensus flags exist so that clients can use the network efficiently.
Bandwidth weights are assigned so that clients can use the network efficiently.
```https://gitlab.torproject.org/tpo/core/tor/-/issues/20035Identify client-specific options that work with hidden services2021-07-22T16:23:16ZteorIdentify client-specific options that work with hidden servicesMany of the "client-specific" options in the tor manual page work with Hidden Services.
Others, such as Socks/Trans/NATD/DNSPort, do not.
It would be great to split up the client-only section into those options that truly only work for...Many of the "client-specific" options in the tor manual page work with Hidden Services.
Others, such as Socks/Trans/NATD/DNSPort, do not.
It would be great to split up the client-only section into those options that truly only work for clients, and those that also affect the behaviour of hidden services (and bridge relays, and relays, and authorities).
For example, when a bridge relay builds an anonymous 3-hop path to submit its descriptor, it is likely affected by all the client options that affect node selection. (Unless we specifically disable them for servers.)
And a hidden service's paths are affected by these same options.Tor: unspecifiedhttps://gitlab.torproject.org/tpo/core/tor/-/issues/32691Image broken in 'src-ref' documentation2022-02-07T19:38:32ZoparaImage broken in 'src-ref' documentationFor example if you visit https://src-ref.docs.torproject.org/tor/dataflow.html, the "structure hierarchy for connection types" image is missing (the img tag has a 404). There are possibly other missing images as well, but I can't find th...For example if you visit https://src-ref.docs.torproject.org/tor/dataflow.html, the "structure hierarchy for connection types" image is missing (the img tag has a 404). There are possibly other missing images as well, but I can't find the markdown files to check (there were the original versions, then they were moved to the tor git repo and edited iirc, but now they're gone).
There's also another image missing on the same page, but has no <img> tag (compare the top of the https://people.torproject.org/~nickm/tor-auto/internal/02-dataflow.html and https://src-ref.docs.torproject.org/tor/dataflow.html pages). But it may have been removed on purpose.https://gitlab.torproject.org/tpo/web/donate-static/-/issues/100Improve *or* clarify ability of non-U.S. donors to make tax-deductible donations2023-01-18T18:22:33Zal smithImprove *or* clarify ability of non-U.S. donors to make tax-deductible donationsRight now, it's difficult for non-U.S. donors to make donations, much less tax-deductible donations, to the Tor Project, for a variety of reasons. I imagine some can be fixed and some are limitations. I'm documenting them here to conside...Right now, it's difficult for non-U.S. donors to make donations, much less tax-deductible donations, to the Tor Project, for a variety of reasons. I imagine some can be fixed and some are limitations. I'm documenting them here to consider during our re-write/re-build process.
- People don't have 'international cards' that allow them to make donations other than in their currency or in their country.
- People who want to donate live in areas where money transfers are strictly limited under the control of the government and where donating is either totally prohibited or would get them in trouble
- People who want to donate live in places that have been sanctioned by the EU or the U.S., thus cannot make a donation
- People want to make donations from countries where we are not recognized as a charitable organization, so they cannot get tax-deductible donationsal smithal smithhttps://gitlab.torproject.org/tpo/community/l10n/-/issues/40126Improve Access Keys documentation: explain difference to shortcuts2024-01-24T21:11:50ZemmapeelImprove Access Keys documentation: explain difference to shortcutsWe already have some documentation about Access Keys: https://gitlab.torproject.org/tpo/community/l10n/-/wikis/Localization-for-translators#access-keys
But it needs to be improved.
We need to differentiate Access Keys, that are a way t...We already have some documentation about Access Keys: https://gitlab.torproject.org/tpo/community/l10n/-/wikis/Localization-for-translators#access-keys
But it needs to be improved.
We need to differentiate Access Keys, that are a way to navigate menus, from keyboard shortcuts.
One difference: Shortcuts are the same for all locales, Access Keys depend on the locale.
ref: https://hosted.weblate.org/translate/tor/tor-browser/tb-newidentityproperties/ru/?checksum=73b4988ed95a84d9#commentshttps://gitlab.torproject.org/tpo/core/tor/-/issues/23635improve AccountingStart manual entry2021-07-22T16:22:26Zcypherpunksimprove AccountingStart manual entrybackground:
relay operator question:
https://lists.torproject.org/pipermail/tor-relays/2017-September/013068.html
Teor eplained it very well here, this should go into the manual page.
https://lists.torproject.org/pipermail/tor-relays/20...background:
relay operator question:
https://lists.torproject.org/pipermail/tor-relays/2017-September/013068.html
Teor eplained it very well here, this should go into the manual page.
https://lists.torproject.org/pipermail/tor-relays/2015-May/006956.htmlTor: 0.3.3.x-finalhttps://gitlab.torproject.org/tpo/onion-services/onionspray/-/issues/17Improve and cleanup the documentation2024-01-17T21:30:01ZSilvio RhattoImprove and cleanup the documentation# Tasks
* [x] Improve and cleanup the documentation.
# Time estimation
* Complexity: very small (0.5 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)# Tasks
* [x] Improve and cleanup the documentation.
# Time estimation
* Complexity: very small (0.5 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)Onionspray 1.6.0Silvio RhattoSilvio Rhatto2024-01-31https://gitlab.torproject.org/tpo/anti-censorship/gettor-project/OnionSproutsBot/-/issues/58Improve and correct the text answering "What is Tor?"2023-12-14T08:50:00Zebanamebanam@torproject.orgImprove and correct the text answering "What is Tor?"We should improve the text answering "What is Tor?"
This is what we have right now:
![ima_2bcbb33.jpeg](/uploads/4edbba53c49ae6a336a19626b1bd1ddc/ima_2bcbb33.jpeg){width=242 height=267}
relevant file: https://gitlab.torproject.org/tpo...We should improve the text answering "What is Tor?"
This is what we have right now:
![ima_2bcbb33.jpeg](/uploads/4edbba53c49ae6a336a19626b1bd1ddc/ima_2bcbb33.jpeg){width=242 height=267}
relevant file: https://gitlab.torproject.org/tpo/anti-censorship/gettor-project/OnionSproutsBot/-/blob/main/OnionSproutsBot/plugins/dialogue.py#L102https://gitlab.torproject.org/tpo/web/support/-/issues/246Improve and update HTTP or SOCKS Proxy documentation2021-10-07T12:57:16ZemmapeelImprove and update HTTP or SOCKS Proxy documentationIn https://support.torproject.org/tbb/tbb-47/ we are giving too much information, and we are not providing simple instructions for users. We should:
- [x] Remove mentions of HTTPAuthenticator that is deprecated in favor of the HTTPS fla...In https://support.torproject.org/tbb/tbb-47/ we are giving too much information, and we are not providing simple instructions for users. We should:
- [x] Remove mentions of HTTPAuthenticator that is deprecated in favor of the HTTPS flavor
- [ ] Add a code snippet as an example on how to connect to a proxy with authentication
- [x] Maybe link to https://2019.www.torproject.org/docs/tor-manual.html.en#HTTPSProxyAuthenticator
- [ ] Make everything simpler to understandhttps://gitlab.torproject.org/tpo/core/tor/-/issues/18720Improve comments on connection_t address2021-07-22T16:23:44ZteorImprove comments on connection_t addressIn legacy/trac#18460, we discovered that the comments on connection_t's address field were unhelpful.
Once I have the bug number, I'll post a patch to those comments.In legacy/trac#18460, we discovered that the comments on connection_t's address field were unhelpful.
Once I have the bug number, I'll post a patch to those comments.Tor: 0.2.9.x-finalteorteorhttps://gitlab.torproject.org/tpo/core/tor/-/issues/31078improve docs for config var abstraction2021-11-06T13:27:41ZTaylor Yuimprove docs for config var abstractionIn ticket:30864#comment:11, I commented on some vagueness in the code comments that made it difficult for me to understand some of what's going on.
We should revise those comments to use improved terminology to help other developers und...In ticket:30864#comment:11, I commented on some vagueness in the code comments that made it difficult for me to understand some of what's going on.
We should revise those comments to use improved terminology to help other developers understand what's going on. This might need to wait until the other refactoring on that branch is done.Tor: 0.4.7.x-freezeNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40092Improve docs on network_mode: host (and network in general)2023-01-18T16:18:15ZchmacImprove docs on network_mode: host (and network in general)When I found this repo, the example line `network_mode: host` jumped out at me as suspicious. I looked up the docs and figured that it's probably because snowflake requires lots of ports or so. I figured that my trust in the tor project ...When I found this repo, the example line `network_mode: host` jumped out at me as suspicious. I looked up the docs and figured that it's probably because snowflake requires lots of ports or so. I figured that my trust in the tor project is pretty high, and so I'm running a snowflake node.
But, I'm not really sure what network conditions it needs. Does it expect that `network_mode: host` means it's running on a host which has a publicly accessible IP? Does it needs ports on that host's firewall open?
The idea behind this issue is to improve the docs in this area so that snowflake hosts like myself can figure out what network conditions are required for snowflake to work. For example, I have no idea if my node is actually functional right now, I also have no idea how to test it.
Some example questions we could aim to answer:
- What ports does snowflake run on?
- Does snowflake need to be run on a machine with a public IP?
- Does snowflake run properly if behind a NAT?
- Does snowflake require specific ports to be opened in the system firewall?
- How can a server admin test if snowflake is properly configured and working?
As an add on, it would be great to see answers to questions like these:
- How much bandwidth can one expect snowflake to use?
- Does it make sense to add any kind of limits?
- If so, how would that be done?
- Are there any security considerations to running a snowflake server?
- What sort of system resources (CPU, memory) does snowflake use?
- Does it make sense to check on this periodically for memory leaks, etc?
- How can one be notified when updates are published to the docker image?
- Is there a security mailing list where one could be notified of any security issues that require urgent update of the snowflake server?
Finally, thanks for making the tor network more resilient, snowflake looks to be an awesome improvement for people in locations with internet censorship, and thanks for working on tor in general, it's a phenomenal resource supporting the human experience.https://gitlab.torproject.org/tpo/anti-censorship/docker-snowflake-proxy/-/issues/6Improve docs on network_mode: host (and network in general)2022-03-24T13:55:51ZchmacImprove docs on network_mode: host (and network in general)When I found this repo, the example line `network_mode: host` jumped out at me as suspicious. I looked up the docs and figured that it's probably because snowflake requires lots of ports or so. I figured that my trust in the tor project ...When I found this repo, the example line `network_mode: host` jumped out at me as suspicious. I looked up the docs and figured that it's probably because snowflake requires lots of ports or so. I figured that my trust in the tor project is pretty high, and so I'm running a snowflake node.
But, I'm not really sure what network conditions it needs. Does it expect that `network_mode: host` means it's running on a host which has a publicly accessible IP? Does it needs ports on that host's firewall open?
The idea behind this issue is to improve the docs in this area so that snowflake hosts like myself can figure out what network conditions are required for snowflake to work. For example, I have no idea if my node is actually functional right now, I also have no idea how to test it.
Some example questions we could aim to answer:
- What ports does snowflake run on?
- Does snowflake need to be run on a machine with a public IP?
- Does snowflake run properly if behind a NAT?
- Does snowflake require specific ports to be opened in the system firewall?
- How can a server admin test if snowflake is properly configured and working?
As an add on, it would be great to see answers to questions like these:
- How much bandwidth can one expect snowflake to use?
- Does it make sense to add any kind of limits?
- If so, how would that be done?
- Are there any security considerations to running a snowflake server?
- What sort of system resources (CPU, memory) does snowflake use?
- Does it make sense to check on this periodically for memory leaks, etc?
- How can one be notified when updates are published to the docker image?
- Is there a security mailing list where one could be notified of any security issues that require urgent update of the snowflake server?
Finally, thanks for making the tor network more resilient, snowflake looks to be an awesome improvement for people in locations with internet censorship, and thanks for working on tor in general, it's a phenomenal resource supporting the human experience.https://gitlab.torproject.org/tpo/core/arti/-/issues/399Improve documentation and examples in `arti-client`2023-03-28T21:11:07ZNick MathewsonImprove documentation and examples in `arti-client`*(This is a placeholder ticket, made so that people can find it when they search for things to do under the ~"First Contribution" label.)*
Try to write a program using `arti`. (The interface in the `arti-client` crate is the place to s...*(This is a placeholder ticket, made so that people can find it when they search for things to do under the ~"First Contribution" label.)*
Try to write a program using `arti`. (The interface in the `arti-client` crate is the place to start.)
As you do this, you'll probably find that the documentation didn't explain something you wanted to know, or didn't explain it very well. After you figure out the issue (either by asking us, or reading the code), why not contribute a patch to improve the documentation?
----
Also, it's a good convention for all Rust code to have rustdoc examples for how to use it. These examples can be at the function level, the module level, or the type level. Right now, a lot of our crates are missing those. (`arti-client` is most important, but examples everywhere are welcome.)
When writing examples, please make sure that the example actually shows people how they would would _want_ to use the code, and what happens when they do.Arti: Feature parity with the C implementationhttps://gitlab.torproject.org/tpo/core/tor/-/issues/22818Improve documentation for building Tor with Rust2021-07-22T16:22:39ZChelsea KomloImprove documentation for building Tor with RustWe have documentation that has thus far been a work in progress at https://trac.torproject.org/projects/tor/wiki/RustInTor and https://trac.torproject.org/projects/tor/wiki/RustInTor/Hacking
However, we should create a doc/HACKING/RustI...We have documentation that has thus far been a work in progress at https://trac.torproject.org/projects/tor/wiki/RustInTor and https://trac.torproject.org/projects/tor/wiki/RustInTor/Hacking
However, we should create a doc/HACKING/RustInTor.md with basic information to get people started, as it isn't obvious to look at the above wiki pages. Also, there is still missing information, such as which dependencies are necessary if someone chooses to build using a specified local directory for Rust dependencies.
For example, we should have:
1. Which dependencies are needed if someone wants to build using local Rust dependencies.
2. Basic information about how to build and run tests
3. Links to wiki pages that are still a work in progressTor: 0.3.2.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/30455Improve documentation for chutney warnings in "make test-network-all"2021-07-22T16:19:43ZNick MathewsonImprove documentation for chutney warnings in "make test-network-all"It appears that in fb32c522320430f, we added a second call to test-network.sh inside our test-network-all loop. Now the code looks like this:
```
for f in $$flavors; do \
$(SHELL) $(top_srcdir)/test-driver --test-name $$f --log-file...It appears that in fb32c522320430f, we added a second call to test-network.sh inside our test-network-all loop. Now the code looks like this:
```
for f in $$flavors; do \
$(SHELL) $(top_srcdir)/test-driver --test-name $$f --log-file $(TEST_NETWORK_ALL_LOG_DIR)/$$f.log --trs-file $(TEST_NETWORK_ALL_LOG_DIR)/$$f.trs $(TEST_NETWORK_ALL_DRIVER_FLAGS) $(top_srcdir)/src/test/test-network.sh --flavor $$f $(TEST_NETWORK_FLAGS); \
$(top_srcdir)/src/test/test-network.sh $(TEST_NETWORK_WARNING_FLAGS); \
done; \
```
I might be wrong, but it looks to me like we're calling test-network.sh twice in each loop: once through `test-driver`, and once directly.
I'm not going to work on this till teor is back, though, since there are dragons here that I do not understand.Tor: 0.4.2.x-finalteorteorhttps://gitlab.torproject.org/tpo/core/tor/-/issues/23739improve documentation on how we use gcov2021-07-22T16:22:27ZTaylor Yuimprove documentation on how we use gcovTicket legacy/trac#16792 (0.2.9.1-alpha) introduced some automation for excluding lines from filtered gcov output. We should document the prefixes it uses to mark excluded lines. There should also be information about how to read the g...Ticket legacy/trac#16792 (0.2.9.1-alpha) introduced some automation for excluding lines from filtered gcov output. We should document the prefixes it uses to mark excluded lines. There should also be information about how to read the gcov-diff files, which are processed to remove line numbers, among other things. We should also refer to the gcc documentation for gcov at https://gcc.gnu.org/onlinedocs/gcc/Invoking-Gcov.htmlTor: 0.3.2.x-finalTaylor YuTaylor Yu