The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-08-12T22:28:01Zhttps://gitlab.torproject.org/tpo/web/tpo/-/issues/320download page contains outdated information about https-everywhere2022-08-12T22:28:01Ztrinity-1686adownload page contains outdated information about https-everywherehttps://www.torproject.org/download/ says
> Tor Browser already comes with HTTPS Everywhere
This is no longer true since the release of [Tor Browser 11.5](https://blog.torproject.org/new-release-tor-browser-115/), where it was replaced...https://www.torproject.org/download/ says
> Tor Browser already comes with HTTPS Everywhere
This is no longer true since the release of [Tor Browser 11.5](https://blog.torproject.org/new-release-tor-browser-115/), where it was replaced by Firefox "HTTPS-Only" modeGusGushttps://gitlab.torproject.org/tpo/core/arti/-/issues/531tor-proto: Add a head comment explaining the conceptual division between tor-...2022-08-11T13:50:13ZNick Mathewsontor-proto: Add a head comment explaining the conceptual division between tor-proto and higher layersThe `tor-proto` crate should explain that `tor-proto` is a function-only implementation of pieces of the Tor protocols: it does not understand what circuits and channels are getting used for, only _how they should behave_.
This distinct...The `tor-proto` crate should explain that `tor-proto` is a function-only implementation of pieces of the Tor protocols: it does not understand what circuits and channels are getting used for, only _how they should behave_.
This distinction is important to avoid the antipattern where we get single flags (e.g. "This is an exit circuit") that have a complicated set of consequences (e.g. "Exit-ness influences the padding times, the queue timeouts, the cell scheduling priority, . All of those modules work by inspecting the exit-ness flag.") We're trying to prevent this antipattern by making it so the non-behavioral information is kept out of the code that implements the behavior.
So I should document that.Nick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/community/l10n/-/issues/40081Update documentation for the translator community2023-01-11T16:09:19ZGabagaba@torproject.orgUpdate documentation for the translator communityOnce migration to Weblate is complete, update the documentation for translators.Once migration to Weblate is complete, update the documentation for translators.Sponsor 9 - Phase 6 - Usability and Community Intervention on Support for Democracy and Human Rightsemmapeelemmapeelhttps://gitlab.torproject.org/tpo/web/support/-/issues/308[Apt] Update instructions on "Can I use APT over Tor?"2022-07-26T19:34:25ZGus[Apt] Update instructions on "Can I use APT over Tor?"- [x] tor nightly repository was renamed to `tor-nightly-main-<distribution>`
- [x] Fix the instructions GPG key instruction- [x] tor nightly repository was renamed to `tor-nightly-main-<distribution>`
- [x] Fix the instructions GPG key instructionGusGushttps://gitlab.torproject.org/tpo/web/manual/-/issues/127Add MetricsPort to the glossary2022-07-08T11:58:28ZemmapeelAdd MetricsPort to the glossaryWe should add to the glossary some more terms, and translator dfiguera has found MetricsPort.
Maybe there are more.We should add to the glossary some more terms, and translator dfiguera has found MetricsPort.
Maybe there are more.https://gitlab.torproject.org/tpo/network-health/metrics/exonerator/-/issues/40001Add ops instructions to restart or fix the server2022-08-15T09:40:03ZHiroAdd ops instructions to restart or fix the serverExonerator has been OOM-ing quite a bit lately and we have noticed we are missing ops instructions on how to restart and "fix" it if there are issues.
These should be added to the wiki.Exonerator has been OOM-ing quite a bit lately and we have noticed we are missing ops instructions on how to restart and "fix" it if there are issues.
These should be added to the wiki.HiroHirohttps://gitlab.torproject.org/tpo/web/lego/-/issues/48Add the lektor-markdown-highlighter plugin2022-08-02T22:28:57ZKezAdd the lektor-markdown-highlighter pluginOn IRC @gus suggested adding highlighting to markdown code blocks. Lektor has the [lektor-markdown-highlighter](https://github.com/lektor/lektor-markdown-highlighter) plugin that enables syntax highlighting in markdown code blocks, and p...On IRC @gus suggested adding highlighting to markdown code blocks. Lektor has the [lektor-markdown-highlighter](https://github.com/lektor/lektor-markdown-highlighter) plugin that enables syntax highlighting in markdown code blocks, and provides a `get_pygments_stylesheet()` macro for generating a pygments CSS file.
We haven't stopped symlinking the entire `lego/packages` directory (per TPA RFC 30), but enabling this plugin on every site won't have any effects unless the `get_pygments_stylesheet()` macro is used.
- [x] build a source distribution from the 0.3.2 tag (commit b4425dc)
- [x] verify the code in the source distribution is safe
- [x] add to legohttps://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/40058Mention onionperf "a" instances using guards2022-07-08T11:42:23ZGeorg KoppenMention onionperf "a" instances using guardshttps://metrics.torproject.org/onionperf-buildtimes.html says "We disable Entry Guards in the Tor client configuration used by OnionPerf, to ensure a new guard is selected for each circuit we measure." However, that's not true for the "a...https://metrics.torproject.org/onionperf-buildtimes.html says "We disable Entry Guards in the Tor client configuration used by OnionPerf, to ensure a new guard is selected for each circuit we measure." However, that's not true for the "a" instances which do use entry guards and rotate them every 12h. We should update the text on the website accordingly.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/web/community/-/issues/279add slides for sysadmin101 workshop2023-01-11T16:09:19Zemmapeeladd slides for sysadmin101 workshopthe workshop for sysadmin skills was a success, and we can add the slides to the community
portal so they get translated and can be used to do more presentations.the workshop for sysadmin skills was a success, and we can add the slides to the community
portal so they get translated and can be used to do more presentations.GeorgeGeorgehttps://gitlab.torproject.org/tpo/web/manual/-/issues/125Should we keep flash player plugin in "PLUGINS, ADD-ONS AND JAVASCRIPT"?2023-07-13T14:06:28ZcypherpunksShould we keep flash player plugin in "PLUGINS, ADD-ONS AND JAVASCRIPT"?Page "PLUGINS, ADD-ONS AND JAVASCRIPT" says about Flash Player. Should it really be mentioned now, when Flash Player is deprecated, stopped working and nobody is using it?Page "PLUGINS, ADD-ONS AND JAVASCRIPT" says about Flash Player. Should it really be mentioned now, when Flash Player is deprecated, stopped working and nobody is using it?GusGushttps://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/40053metrics/collector.html has broken torperf link2022-06-23T15:54:09ZRoger Dingledinemetrics/collector.html has broken torperf linkFrom https://metrics.torproject.org/torperf.html click on "reproduce"
which leads you to
https://metrics.torproject.org/reproducible-metrics.html#performance
Then click on "Obtain OnionPerf/Torperf measurement results from CollecTor."...From https://metrics.torproject.org/torperf.html click on "reproduce"
which leads you to
https://metrics.torproject.org/reproducible-metrics.html#performance
Then click on "Obtain OnionPerf/Torperf measurement results from CollecTor."
which leads you to
https://metrics.torproject.org/collector.html#type-torperf
then click on "> recent"
which leads you to
https://metrics.torproject.org/collector/recent/torperf/
which says "Error
Oops! Something went wrong here! We encountered a 404 Not Found when processing your request!"
Similarly, https://metrics.torproject.org/collector/archive/torperf/ looks strangely empty starting in mid 2020.
Thanks!Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/web/support/-/issues/303Add new terms to the glossary wrt TB 11.5 release2022-08-01T18:58:01Zchampionquizzerchampionquizzer@torproject.orgAdd new terms to the glossary wrt TB 11.5 releaseWe should add these new terms that we are introducing with the TB 11.5 release to the [glossary](https://support.torproject.org/glossary/):
1. Connection Assist
2. Connection Test
3. Bridge-moji
..and also this term:
1. Quickstart ...We should add these new terms that we are introducing with the TB 11.5 release to the [glossary](https://support.torproject.org/glossary/):
1. Connection Assist
2. Connection Test
3. Bridge-moji
..and also this term:
1. Quickstart (checking it allows Tor Browser to connect automatically)championquizzerchampionquizzer@torproject.orgchampionquizzerchampionquizzer@torproject.orghttps://gitlab.torproject.org/tpo/web/community/-/issues/277Questionable DNSSEC usefulness2022-06-03T23:30:16ZcypherpunksQuestionable DNSSEC usefulnessAt page https://community.torproject.org/relay/setup/exit/#dns-on-exit-relays there is a recommendation to use DNSSEC-validating local resolver.
But does it help anything?
If validation fails, resolver will SERVFAIL and either OS will t...At page https://community.torproject.org/relay/setup/exit/#dns-on-exit-relays there is a recommendation to use DNSSEC-validating local resolver.
But does it help anything?
If validation fails, resolver will SERVFAIL and either OS will try fallback one (likely not validating) or exit will return error to client and client will retry on another circuit.https://gitlab.torproject.org/tpo/community/support/-/issues/40082Update links to the Telegram Bots (Support, GetBridges) across our support pl...2022-05-24T17:40:47Zchampionquizzerchampionquizzer@torproject.orgUpdate links to the Telegram Bots (Support, GetBridges) across our support platformsTelegram has changed the url of the bots (i.e https://t.me/@GetBridgesBot --> https://t.me/GetBridgesBot) and we need to accordingly update our documentation on RT, cdr.link, Forum and elsewhere. (Thanks to a translator and @emmapeel for...Telegram has changed the url of the bots (i.e https://t.me/@GetBridgesBot --> https://t.me/GetBridgesBot) and we need to accordingly update our documentation on RT, cdr.link, Forum and elsewhere. (Thanks to a translator and @emmapeel for spotting this!)
/cc @nina
Related: https://gitlab.torproject.org/tpo/web/support/-/merge_requests/110championquizzerchampionquizzer@torproject.orgchampionquizzerchampionquizzer@torproject.orghttps://gitlab.torproject.org/tpo/web/community/-/issues/273[Snowflake] Update the standalone instructions2022-08-18T15:17:12ZGus[Snowflake] Update the standalone instructionsFrom https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40125
If I may I'd point out that the NAT behaviour tool page linked at https://community.torproject.org/relay/setup/snowflake/standalone/ ne...From https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40125
If I may I'd point out that the NAT behaviour tool page linked at https://community.torproject.org/relay/setup/snowflake/standalone/ needs updating as well. Currently the syntax uses 'go get' which is deprecated in favour of 'go install'. I only had success with "go install github.com/pion/stun/cmd/stun-nat-behaviour@latest".Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibethttps://gitlab.torproject.org/tpo/web/tpo/-/issues/299Should Contact page point to Matrix rooms?2022-07-01T04:45:13ZJim NewsomeShould Contact page point to Matrix rooms?https://www.torproject.org/contact/ still only mentions IRC. AFAICT the only pointer to our matrix rooms is from the blog post https://blog.torproject.org/entering-the-matrix/https://www.torproject.org/contact/ still only mentions IRC. AFAICT the only pointer to our matrix rooms is from the blog post https://blog.torproject.org/entering-the-matrix/https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/40030FF97 Audit2022-11-01T21:23:44ZrichardFF97 Audit# General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java...# General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
## Firefox: https://github.com/mozilla/gecko-dev.git
- Start: `e6b83e1727b7e9a6847e6e15bdb935d9937099e4` ( `FIREFOX_RELEASE_97_BASE` )
- End: `82764d45153d175f4686ead7aac977810fe1fd1b` ( `FIREFOX_RELEASE_98_BASE` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
**OR**
### foreach PROBLEMATIC_HASH:
#### $(PROBLEMATIC_HASH)
- Summary
- Review Result: (SAFE|BAD)
---
## Application Services: https://github.com/mozilla/application-services.git
- Start: `df53ad867be7d79899e05797533cd624f1eeb2a2` ( `v90.0.1` )
- End: `17942945873cdb8be56a9316d3cb8a611b3ef321` ( `v91.1.0` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Android Components: https://github.com/mozilla-mobile/android-components.git
- Start: `604152ef532c33d8fc2412fd6d21cf29e9764c51` ( `v97.0.0` )
- End: `0465a6f809adafd5429c230e890e7f4911f0070e` ( `v97.0.13` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Fenix: https://github.com/mozilla-mobile/fenix.git
- Start: `84d4a07c0067f7c51757b157c79658a891870d95` ( `v97.0.0-beta.1` )
- End: `16042ab2a16a64c9c94c8c01ea93578062415ac5` ( `releases_v97.0.0` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Ticket Review ##
### Review List
#### 97 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=97%20Branch&order=priority%2Cbug_severity&limit=0
- https://bugzilla.mozilla.org/show_bug.cgi?id=1741428 @richard https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41130
- https://bugzilla.mozilla.org/show_bug.cgi?id=1738983 @pierov https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41131
- https://bugzilla.mozilla.org/show_bug.cgi?id=1432983 @pierov https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41132
- https://bugzilla.mozilla.org/show_bug.cgi?id=1745092 @boklm https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41133
Nothing of interest (manual inspection)
**OR** (foreach)**
### foreach PROBLEMATIC_TICKET:
#### $(PROBLEMATIC_TICKET)
- Summary
- Review Result: (SAFE|BAD)
## Regression/Prior Vuln Review ##
Review proxy bypass bugs; check for new vectors to look for:
- https://gitlab.torproject.org/groups/tpo/applications/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Proxy%20Bypass
- Look for new features like these. Especially external app launch vectors
## Export
- [ ] Export Report and save to `tor-browser-spec/audits`Sponsor 131 - Phase 3 - Major ESR 102 Migrationrichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/40029FF95 Audit2022-11-02T20:48:15ZrichardFF95 Audit# General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java...# General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
## Firefox: https://github.com/mozilla/gecko-dev.git
- Start: `6c9b6e1483551f220cd409e4e584349bc74a8231` ( `FIREFOX_RELEASE_95_BASE` )
- End: `6a277ae5bdf6554793cd0da292a9c9ea804b4ed9` ( `FIREFOX_RELEASE_96_BASE` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
---
## Application Services: https://github.com/mozilla/application-services.git
- Start: `df1a47fde89f49201b1e839f960e8f16eb95a55d` ( `v87.1.0` )
- End: `5ceeb43598871a7d8550acc574a6a3fb93803ad7` ( `v87.3.0` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Android Components: https://github.com/mozilla-mobile/android-components.git
- Start: `ef09fecd91dfcbffb85d9f4907b76cc9e5a0b70e` ( `v95.0.0` )
- End: `93066a8f082fa2db3d38d361d0a538c438d2e1b8` ( `v95.0.15` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Fenix: https://github.com/mozilla-mobile/fenix.git
- Start: `9ab24a371b2dd51d18dab2f7f49facc6d2fd56ad` ( `v95.0.0-beta.1` )
- End: `d01642a0b1e3819cd2802b42a8a6aae43eb5ff12` ( `releases_v95.0.0` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Ticket Review ##
### Review List
#### 95 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=95%20Branch&order=priority%2Cbug_severity&limit=0
- https://bugzilla.mozilla.org/show_bug.cgi?id=1732792 : @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41125
- https://bugzilla.mozilla.org/show_bug.cgi?id=1734262 : @ma1 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41126
- https://bugzilla.mozilla.org/show_bug.cgi?id=1726524 : @henry https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41127
- https://bugzilla.mozilla.org/show_bug.cgi?id=1734331 : @boklm https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41128
### foreach PROBLEMATIC_TICKET:
#### $(PROBLEMATIC_TICKET)
- Summary
- Review Result: (SAFE|BAD)
## Regression/Prior Vuln Review ##
Review proxy bypass bugs; check for new vectors to look for:
- https://gitlab.torproject.org/groups/tpo/applications/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Proxy%20Bypass
- Look for new features like these. Especially external app launch vectors
## Export
- [x] Export Report and save to `tor-browser-spec/audits`Sponsor 131 - Phase 3 - Major ESR 102 Migrationrichardrichardhttps://gitlab.torproject.org/tpo/web/community/-/issues/271Vanity Addresses documentation2022-08-09T18:23:24ZSilvio RhattoVanity Addresses documentationCreate an "Vanity Addresses" page at the [Onion Services advanced docs](https://community.torproject.org/onion-services/advanced/).
It might be populated by the [Onionmine's README.md explanation](https://gitlab.torproject.org/tpo/onion...Create an "Vanity Addresses" page at the [Onion Services advanced docs](https://community.torproject.org/onion-services/advanced/).
It might be populated by the [Onionmine's README.md explanation](https://gitlab.torproject.org/tpo/onion-services/onionmine/-/commit/e59d1e00a41fd28caf7c59980078a1f6cbf547ed) about vanity addresses.Silvio RhattoSilvio Rhattohttps://gitlab.torproject.org/tpo/web/manual/-/issues/121Updating instructions are not related to the images shown2023-06-20T14:34:19ZemmapeelUpdating instructions are not related to the images shownReported by translator Kate_, thanks!
In the [Updating](https://tb-manual.torproject.org/updating/) section of the manual, we say:
`When you are prompted to update Tor Browser, click on hamburger menu (main menu), then select “Restart...Reported by translator Kate_, thanks!
In the [Updating](https://tb-manual.torproject.org/updating/) section of the manual, we say:
`When you are prompted to update Tor Browser, click on hamburger menu (main menu), then select “Restart to update Tor browser”.`
But the images before and after that sentence do not clearly show where it is that you need to click, and there is no 'Restart to update Tor Browser' shown:
![image-not-related](/uploads/cc9af16453fd8d598073e254d3851124/image-not-related.png)
We should change the screenshot, or maybe the text, to reflect the present situation.championquizzerchampionquizzer@torproject.orgchampionquizzerchampionquizzer@torproject.org