The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-03-27T09:44:42Zhttps://gitlab.torproject.org/tpo/network-health/team/-/issues/100Go over metrics docs and replace references to gitweb with those to Gitlab an...2024-03-27T09:44:42ZGeorg KoppenGo over metrics docs and replace references to gitweb with those to Gitlab and move missing code if neededWe see Gitlab as the canonical place for metrics code nowadays, yet at least a bunch of docs still point to Gitweb (and it's not clear whether there are still code bases git.tpo-only).
We should go over our code and docs to make sure Gi...We see Gitlab as the canonical place for metrics code nowadays, yet at least a bunch of docs still point to Gitweb (and it's not clear whether there are still code bases git.tpo-only).
We should go over our code and docs to make sure Gitlab is indeed seen by all of that as the True Location.
/cc @hiro @irlGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/web/support/-/issues/242[lektor] software latest version macros for documentation to be always updated2023-12-04T12:25:03Zemmapeel[lektor] software latest version macros for documentation to be always updatedWhile writing docs we have some strings that change in each release. Having some sort of macro will help documentation stay updated and the editors will have more time to improve other things.
### Latest versions for software
One nice ...While writing docs we have some strings that change in each release. Having some sort of macro will help documentation stay updated and the editors will have more time to improve other things.
### Latest versions for software
One nice macro should give, in a string, the last Tor Browser version, for example in the string: `tor-browser-linux64-10.0.14_zh-CN.tar.xz` it will be `10.0.14`.
So, we could write 'download Tor Browser i.e. tor-browser-linux64-[!latest_tbb]_zh-CN.tar.xz' or 'Are you using the current Tor Browser ([!latest_tbb])?'.
The most clever thing will be to take this information from the corresponding databags (https://gitweb.torproject.org/project/web/tpo.git/tree/databags/ ) so we dont risk to become outdated, and we dont add more tasks to the release process.https://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/40020Onionoo protocol spec should be an api-doc2023-01-17T14:13:52ZHiroOnionoo protocol spec should be an api-docIt would be nice if onionoo protocol spec could be more like an api doc with actual methods examples and return code snippets.
Ex: https://petstore.swagger.io/#/pet/findPetsByStatusIt would be nice if onionoo protocol spec could be more like an api doc with actual methods examples and return code snippets.
Ex: https://petstore.swagger.io/#/pet/findPetsByStatushttps://gitlab.torproject.org/tpo/ux/research/-/issues/115Evaluate if Tor Browser is meeting the needs of our users2023-06-28T16:20:06ZMatthew FinkelEvaluate if Tor Browser is meeting the needs of our usersTor Browser has many goals as defined in the [Design document](https://2019.www.torproject.org/projects/torbrowser/design/), but we should take a step backward and look at the larger picture of whether these goals are actually important ...Tor Browser has many goals as defined in the [Design document](https://2019.www.torproject.org/projects/torbrowser/design/), but we should take a step backward and look at the larger picture of whether these goals are actually important for the [people](https://community.torproject.org/user-research/persona/) we are trying to protect.
We should be able to justify our general design requirements through the needs of our users, instead of defining the strictest-possible private browser design and then applying that to all of the use cases. Indeed, this should influence tpo/applications/tor-browser-spec#25021.https://gitlab.torproject.org/tpo/ux/research/-/issues/44Add a persona who rejects modern web technology2023-08-08T18:55:19ZMatthew FinkelAdd a persona who rejects modern web technologyI would like to capture the persona that wishes for the web as it existed in 1999. They don't want any of the new, dynamic features available in other web browsers and they only want HTML rendering without being tracked. They reject the ...I would like to capture the persona that wishes for the web as it existed in 1999. They don't want any of the new, dynamic features available in other web browsers and they only want HTML rendering without being tracked. They reject the assumption of other browsers that "more is better" and they want a browser that is less complicated and only does what they want.https://gitlab.torproject.org/tpo/web/support/-/issues/239Explain why tracking software is still in Tor Browser Android2023-11-06T21:26:12ZcypherpunksExplain why tracking software is still in Tor Browser AndroidExplain why tracking software is still present in Tor Browser for Android (and desktop?) and link to proof that they are disabled, or get rid of them. Trackers at present are Mozilla Telemetry, Google Firebase Analytics, and Adjust Audie...Explain why tracking software is still present in Tor Browser for Android (and desktop?) and link to proof that they are disabled, or get rid of them. Trackers at present are Mozilla Telemetry, Google Firebase Analytics, and Adjust Audience Builder, and in the past included LeanPlum. Write the answer as a support FAQ -> [Tor Mobile](https://support.torproject.org/tormobile/), and link to the FAQ from the app stores: Google Play [stable](https://play.google.com/store/apps/details?id=org.torproject.torbrowser), [alpha](https://play.google.com/store/apps/details?id=org.torproject.torbrowser_alpha), [F-Droid](https://github.com/guardianproject/fdroid-repo/blob/master/fdroid/repo/index.xml) (search for "org.torproject.torbrowser"), etc.
Reports and answers from the Tor Blog in reverse chronological order:
2021-06-11 - https://blog.torproject.org/comment/291953#comment-291953
2021-03-02 - https://blog.torproject.org/comment/291288#comment-291288
2021-02-13 - https://blog.torproject.org/comment/291156#comment-291156
2020-11-09 - https://blog.torproject.org/comment/290238#comment-290238
2020-10-09 - https://blog.torproject.org/comment/289836#comment-289836
2019-11-12 - https://blog.torproject.org/comment/285436#comment-285436
2019-10-23 - https://blog.torproject.org/comment/284653#comment-284653https://gitlab.torproject.org/tpo/web/manual/-/issues/99Update known issues page - Tor Browser desktop and mobile2024-01-30T13:40:21ZGusUpdate known issues page - Tor Browser desktop and mobileAccording to the [blog post](https://blog.torproject.org/new-release-tor-browser-105), here's a list of known issues that we need to update the Tor Browser Manual:
### Desktop
- tpo/applications/tor-browser#40497
- tpo/applications/tor...According to the [blog post](https://blog.torproject.org/new-release-tor-browser-105), here's a list of known issues that we need to update the Tor Browser Manual:
### Desktop
- tpo/applications/tor-browser#40497
- tpo/applications/tor-browser#40242
- tpo/applications/tor-browser#40506
- tpo/applications/tor-browser#40510
https://tb-manual.torproject.org/known-issues/
### Mobile
- tpo/applications/fenix#40176
- tpo/applications/fenix#40110
- tpo/applications/fenix#40172
- tpo/applications/fenix#40174
- tpo/applications/fenix#40103
- tpo/applications/fenix#40115
- tpo/applications/fenix#40324
https://tb-manual.torproject.org/mobile-tor/ebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/network-health/team/-/issues/77Create custom sidebar for wiki2022-02-28T14:18:38ZGeorg KoppenCreate custom sidebar for wikiAfter the metrics projects got moved, a bunch of pages got added to our wiki so that not all available pages are visible on the sidebar anymore. We should create a custom sidebar so that the most important ones are shown again while the ...After the metrics projects got moved, a bunch of pages got added to our wiki so that not all available pages are visible on the sidebar anymore. We should create a custom sidebar so that the most important ones are shown again while the remaining ones are visible via the "View All Pages" button. Currently, the metrics legacy wiki pages take up space on the sidebar, which is unfortunate.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/core/arti/-/issues/133How-to documentation for getting existing programs to use Arti2022-03-01T17:27:13ZNick MathewsonHow-to documentation for getting existing programs to use ArtiWe should write some simple example programs, and some how-to documentation, showing how to use our tor-client API to .
Probably these examples should include something trivial like netcat, and something more applied, like using some po...We should write some simple example programs, and some how-to documentation, showing how to use our tor-client API to .
Probably these examples should include something trivial like netcat, and something more applied, like using some popular libraries over arti connections.Arti 1.0.0: Ready for production usehttps://gitlab.torproject.org/tpo/web/support/-/issues/232Add "You should send padding so it's more secure."2023-11-13T18:18:29ZGusAdd "You should send padding so it's more secure."We have some new proposals and discussion, we should update this answer:
Like all anonymous communication networks that are fast enough for web browsing, Tor is vulnerable to statistical "traffic confirmation" attacks, where the advers...We have some new proposals and discussion, we should update this answer:
Like all anonymous communication networks that are fast enough for web browsing, Tor is vulnerable to statistical "traffic confirmation" attacks, where the adversary watches traffic at both ends of a circuit and confirms their guess that those endpoints are communicating. It would be really nice if we could use cover traffic to confuse this attack. But there are three problems here:
Cover traffic is really expensive. And *every* user needs to be doing it. This adds up to a lot of extra bandwidth cost for our volunteer operators, and they're already pushed to the limit.
You'd need to always be sending traffic, meaning you'd need to always be online. Otherwise, you'd need to be sending end-to-end cover traffic -- not just to the first hop, but all the way to your final destination -- to prevent the adversary from correlating presence of traffic at the destination to times when you're online. What does it mean to send cover traffic to -- and from -- a web server? That is not supported in most protocols.
Even if you *could* send full end-to-end padding between all users and all destinations all the time, you're *still* vulnerable to active attacks that block the padding for a short time at one end and look for patterns later in the path.
In short, for a system like Tor that aims to be fast, we don't see any use for padding, and it would definitely be a serious usability problem. We hope that one day somebody will prove us wrong, but we are not optimistic.
We did however since implement netflow padding to collapse netflow records for improved security. Now padding is sent between a client's Tor connection and its guard bidirectionally at a random interval that we control from the consensus, with a default of 4 to 14 seconds if the connection is idle. This has the goal of stymying some of the potential traffic analysis attacks out there -- website fingerprinting, end-to-end correlation, and the things in between.
For details see the blog post by the Tor network team, the announcement on the tor-dev mailinglist or read further publications on padding.
https://2019.www.torproject.org/docs/faq.html.en#SendPaddinghttps://gitlab.torproject.org/tpo/web/support/-/issues/229Add "You should split each connection over many paths"2023-11-12T01:26:32ZGusAdd "You should split each connection over many paths"The answer should mention Network Team new research about traffic congestion.
https://2019.www.torproject.org/docs/faq.html.en#SplitEachConnection
We don't currently think this is a good idea. You see, the attacks we're worried about a...The answer should mention Network Team new research about traffic congestion.
https://2019.www.torproject.org/docs/faq.html.en#SplitEachConnection
We don't currently think this is a good idea. You see, the attacks we're worried about are at the endpoints: the adversary watches Alice (or the first hop in the path) and Bob (or the last hop in the path) and learns that they are communicating.
If we make the assumption that timing attacks work well on even a few packets end-to-end, then having *more* possible ways for the adversary to observe the connection seems to hurt anonymity, not help it.
Now, it's possible that we could make ourselves more resistant to end-to-end attacks with a little bit of padding and by making each circuit send and receive a fixed number of cells. This approach is more well-understood in the context of high-latency systems. See e.g. Message Splitting Against the Partial Adversary by Andrei Serjantov and Steven J. Murdoch.
But since we don't currently understand what network and padding parameters, if any, could provide increased end-to-end security, our current strategy is to minimize the number of places that the adversary could possibly see.https://gitlab.torproject.org/tpo/web/support/-/issues/224Add "Does Tor resist "remote physical device fingerprinting"?"2023-11-12T01:32:02ZGusAdd "Does Tor resist "remote physical device fingerprinting"?"We need to update this answer.
---
Yes, we resist all of these attacks as far as we know.
These attacks come from examining characteristics of the IP headers or TCP headers and looking for information leaks based on individual hardware...We need to update this answer.
---
Yes, we resist all of these attacks as far as we know.
These attacks come from examining characteristics of the IP headers or TCP headers and looking for information leaks based on individual hardware signatures. One example is the Oakland 2005 paper that lets you learn if two packet streams originated from the same hardware, but only if you can see the original TCP timestamps.
Tor transports TCP streams, not IP packets, so we end up automatically scrubbing a lot of the potential information leaks. Because Tor relays use their own (new) IP and TCP headers at each hop, this information isn't relayed from hop to hop. Of course, this also means that we're limited in the protocols we can transport (only correctly-formed TCP, not all IP like ZKS's Freedom network could) -- but maybe that's a good thing at this stage.
https://2019.www.torproject.org/docs/faq.html.en#RemotePhysicalDeviceFingerprintinghttps://gitlab.torproject.org/tpo/web/support/-/issues/211Add question "Why are v3 onion addresses so long?"2023-11-10T00:05:28ZGusAdd question "Why are v3 onion addresses so long?"
```
Since v3 onion services contain full public keys, they are secure against enumeration attacks. Also, the length makes the keys secure against collision attacks.
The v2 protocol has the following issues that v3 keys solve:
An adver...
```
Since v3 onion services contain full public keys, they are secure against enumeration attacks. Also, the length makes the keys secure against collision attacks.
The v2 protocol has the following issues that v3 keys solve:
An adversary who runs a relay on the Tor network can slowly learn a list of all the v2 onion services, via the v2 HSDir system.
An adversary who can factor 1024-bit RSA keys can impersonate a v2 onion service.
An adversary who can generate around 2^40 RSA keys can expect to generate two that correspond to the same onion address (a collision attack).
(There are other attacks against the v2 protocol as well that aren’t related to the keys.)
We'd like to keep using shorter addresses, but we can’t build a secure protocol that way.
```https://gitlab.torproject.org/tpo/network-health/team/-/issues/67Update status-site wiki pages related to recent network-experiments changes2022-02-28T14:17:59ZGeorg KoppenUpdate status-site wiki pages related to recent network-experiments changesI should
1. fix errors in the current doc I found while testing my patches
2. add content related specifically to our network experiment changes
3. add content about the emerging review/merge policy (see: https://gitlab.torproject.org/tp...I should
1. fix errors in the current doc I found while testing my patches
2. add content related specifically to our network experiment changes
3. add content about the emerging review/merge policy (see: https://gitlab.torproject.org/tpo/tpa/status-site/-/merge_requests/8#note_2739184)Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/web/support/-/issues/209Suggest troubleshooting tips for Tor Browser for Android2021-12-06T17:48:30ZMoseSuggest troubleshooting tips for Tor Browser for AndroidI'd like to suggest some simple and easy tips for Android users to debug crashes and other Tor Browser issues without too much fuss. Often when an app crashes, the only information the user is given is a message like "Tor Browser has sto...I'd like to suggest some simple and easy tips for Android users to debug crashes and other Tor Browser issues without too much fuss. Often when an app crashes, the only information the user is given is a message like "Tor Browser has stopped." These tips are intended to help users provide more detailed bug reports. This is in reference to https://blog.torproject.org/comment/291677#comment-291677
Another commenter suggested adding a section about Android to the support page ["How do I view Tor Browser message log?"](http://rzuwtpc4wb3xdzrj3yeajsvm3fkq4vbeubm2tdxaqruzzzgs5dwemlad.onion/tbb/tbb-21/index.html). Additionally, the [feedback template](http://rzuwtpc4wb3xdzrj3yeajsvm3fkq4vbeubm2tdxaqruzzzgs5dwemlad.onion/misc/bug-or-feedback/index.html) should probably link to that page to make it easier to find. However this information may fit better under [Tor Mobile](http://rzuwtpc4wb3xdzrj3yeajsvm3fkq4vbeubm2tdxaqruzzzgs5dwemlad.onion/tormobile/). If we had this information on a support page somewhere, developers could easily point users to it when they report a crash or ask for help (see for example this [comment](https://blog.torproject.org/comment/291586#comment-291586)).
### Tips
#### Scoop
There is an app available on f-droid known as [Scoop](https://f-droid.org/en/packages/taco.scoop/) which monitors the Android syslog and displays a notification when it detects an app crash. It also captures a stack trace of the app that crashed, which users can copy and include with a bug report. I've had success using it with a number of apps including Tor Browser.
Scoop's UI is easy to use, however initial setup does require use of a terminal app or adb, as described in the [instructions](https://web.archive.org/web/20210427172207/https://github.com/TacoTheDank/Scoop/wiki). It does not require root.
#### Logcat
The Lineage OS project has a [tutorial](https://web.archive.org/web/20210604125212/https://wiki.lineageos.org/how-to/logcat) on using logcat. This method requires root and either adb or a terminal. There are GUI apps for viewing logcat as well (however these also require root).
#### Other ideas (more research and testing needed)
##### Browser console
- Is there a way to open the browser console in Fenix?
- Probably accessible via remote debugging (see below) regardless
##### Mozilla developer tools (remote debugging)
- Tor Browser for Android has an option in the settings UI to enable USB debugging, although I haven't tried it.
- You must enable USB debugging on the device in Android developer settings menu as well as Fenix/TB4A settings. Does not require root. Does not require adb or android tools on desktop, only Firefox or Tor Browser on desktop.
- ```about:debugging``` cannot be opened in Tor Browser for Android, and there is no UI option for WiFi debugging.
- Probably limited to high-level issues, e.g. sites not displaying properly. Unsure of its usefulness in diagnosing crashes.
- Might be too involved for the average user just wanting to report a bug.
- See https://discourse.mozilla.org/t/is-android-debugging-still-working/51681/2https://gitlab.torproject.org/tpo/network-health/onbasca/-/issues/14Update all docs2023-11-13T16:21:44ZjugaUpdate all docsonbasca: 1.0jugajugahttps://gitlab.torproject.org/tpo/network-health/onbasca/-/issues/6Add docstrings2023-03-17T11:19:27ZjugaAdd docstringsonbasca: 1.0https://gitlab.torproject.org/tpo/network-health/team/-/issues/57Set up a template for and write instructions about how to "register" network ...2022-02-28T14:17:56ZGeorg KoppenSet up a template for and write instructions about how to "register" network experimentsExperiments on the Tor network are getting popular and we start collecting them on our status page as one way of informing users/operators about them. We should write a template for that and general instructions on what to do to get this...Experiments on the Tor network are getting popular and we start collecting them on our status page as one way of informing users/operators about them. We should write a template for that and general instructions on what to do to get this going smoothly.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/network-health/team/-/issues/54Clarify our policy on secrecy vs. transparency2024-03-05T15:25:44ZGeorg KoppenClarify our policy on secrecy vs. transparencyWe have a bunch of areas in bad-relay land where we opted for (partial) secrecy compared to our default transparency (e.g. when listing [the rejected fingerprints](https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Rejected-fi...We have a bunch of areas in bad-relay land where we opted for (partial) secrecy compared to our default transparency (e.g. when listing [the rejected fingerprints](https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Rejected-fingerprints-found-in-attacks) per month in our wiki or when developing scanners or parts of them in private repo).
We'd benefit from written down the general policy on secrecy vs. transparency that explains how we drew and draw the line in different network-health areas (such as those two above).https://gitlab.torproject.org/tpo/network-health/team/-/issues/53Rewrite non-malicious bad relay criteria to take non-exit nodes into account2023-06-14T16:57:20ZGeorg KoppenRewrite non-malicious bad relay criteria to take non-exit nodes into accountRight now we [focus](https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Criteria-for-rejecting-bad-relays#misconfigured-exit-relays) our non-malicious bad relay criteria on exit relays.
However,
```
Any other criteria that wo...Right now we [focus](https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Criteria-for-rejecting-bad-relays#misconfigured-exit-relays) our non-malicious bad relay criteria on exit relays.
However,
```
Any other criteria that would give a safe but not fully functional experience for Tor users
```
clearly applies to non-exit nodes, too. Thus, we should rewrite the respective section taking both relay types into account.Georg KoppenGeorg Koppen