The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-05-09T17:32:05Zhttps://gitlab.torproject.org/tpo/onion-services/cebollitas/-/issues/9Add screenshots in the documentation2023-05-09T17:32:05ZSilvio RhattoAdd screenshots in the documentationAdd screenshots in the documentation.Add screenshots in the documentation.https://gitlab.torproject.org/tpo/onion-services/cebollitas/-/issues/10GitLab pages with l10n plugin2023-05-09T17:32:05ZSilvio RhattoGitLab pages with l10n pluginSetup GitLab pages with l10n plugin and using [onion-mkdocs](https://rhatto.pages.torproject.net/onion-mkdocs/).Setup GitLab pages with l10n plugin and using [onion-mkdocs](https://rhatto.pages.torproject.net/onion-mkdocs/).https://gitlab.torproject.org/tpo/onion-services/cebollitas/-/issues/14Reference the project in the upcoming Tor Development Portal2023-05-09T17:32:05ZSilvio RhattoReference the project in the upcoming Tor Development PortalReference the project in the upcoming [Tor Development Portal](https://gitlab.torproject.org/tpo/web/dev/-/issues/6).Reference the project in the upcoming [Tor Development Portal](https://gitlab.torproject.org/tpo/web/dev/-/issues/6).https://gitlab.torproject.org/tpo/web/community/-/issues/193Past GSOC projects don't appear, but there is an empty section for them.2023-04-22T07:32:26ZemmapeelPast GSOC projects don't appear, but there is an empty section for them.at the bottom of https://community.torproject.org/gsoc/ there is a section only consisting of:
Past Projects
Here are some successful projects which have been implemented in the past by Google Summer of Code and Outreachy participants
...at the bottom of https://community.torproject.org/gsoc/ there is a section only consisting of:
Past Projects
Here are some successful projects which have been implemented in the past by Google Summer of Code and Outreachy participants
But the past projects are not there anymore.https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/8Create and document our commit workflow2023-04-11T18:29:51ZCecylia BocovichCreate and document our commit workflowAt the moment, each project has been maintained slightly differently, but with the branch changes we're taking the opportunity to document and consolidate our workflows on each of these projects. They don't all need to be handled the sam...At the moment, each project has been maintained slightly differently, but with the branch changes we're taking the opportunity to document and consolidate our workflows on each of these projects. They don't all need to be handled the same, but we should definitely document the different workflows and point out projects that have exceptions. This workflow should include the following:
- which repositories to push to and where our mirrors are pointing
- do we introduce merge commits or do we rebase branches before merging?
- do we use the gitlab interface or merge things locally?
- how many reviews do we need and who maintains/has access to which repository?
- we had some discussion over on #7 about signing commits
- which projects have releases and what is the release workflow?
This is generally a good idea, and something we should work into our workflow. Let's use this ticket to document a proposal for different workflows. Again, some repositories for our team are maintained by people outside TPI so the focus should be on documentation and best practices, not necessarily in making everything the same.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/5Write documentation on how it is working2023-04-11T18:29:41ZGabagaba@torproject.orgWrite documentation on how it is workingAdd documentation on how it is working, the design, architecture and anything we need for it to be running (including survival guide).
- [ ] bridge survival guide
- [ ] point of contact for conjure station
- [ ] brief summary of archite...Add documentation on how it is working, the design, architecture and anything we need for it to be running (including survival guide).
- [ ] bridge survival guide
- [ ] point of contact for conjure station
- [ ] brief summary of architectureCecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/web/community/-/issues/280add information about contacting new relay operators in the requirements2023-04-05T19:00:27Zemmapeeladd information about contacting new relay operators in the requirementsThere was a thread the other day in reddit about tor project wanting to contact a new relay operator that added lots of relays to the network in a very short time.
The whole thread was about why the tor project wanted to do a video call...There was a thread the other day in reddit about tor project wanting to contact a new relay operator that added lots of relays to the network in a very short time.
The whole thread was about why the tor project wanted to do a video call and how bad that was.
We should maybe add some information about this to https://community.torproject.org/relay/relays-requirements/
We can also mention starting an asociation as a good way to preserve the anonimity of individuals, while still keeping certain accountability to benefit the netwrok.
One good phrase about this issue is:
```
Remember that running a relay is an act of transparency
(even though being a Tor user is an act of privacy),
because the way to strengthen trust in relays is by having a stronger community
Be sure to set your ContactInfo to a working email address in case we need to reach you
```
which is part of the sysadmin101 howto gman999 did for the relay operators.GusGushttps://gitlab.torproject.org/tpo/core/tor/-/issues/40328Man tor - Refactoring - Creation of a new `BANDWIDTH MANAGEMENT OPTIONS` section2023-04-03T16:43:38ZcypherpunksMan tor - Refactoring - Creation of a new `BANDWIDTH MANAGEMENT OPTIONS` sectionA total of 11 options (see the list below) should go in a new section named `BANDWIDTH MANAGEMENT OPTIONS`. This would reduce the amount of time spent scrolling around in the man tor page and make finding options more intuitive instead o...A total of 11 options (see the list below) should go in a new section named `BANDWIDTH MANAGEMENT OPTIONS`. This would reduce the amount of time spent scrolling around in the man tor page and make finding options more intuitive instead of having to remember the spreaded locations were bandwidth options are sometimes located.\\
We could also take this opportunity to change the location of the warning about how bandwidth-limiting options are managed. This warning is located at the end of the description of the option `BandwidthRate`. We could move the warning to the description of the newly created `BANDWIDTH MANAGEMENT OPTIONS` section, or at least, in the `THE CONFIGURATION FILE FORMAT` section.\\
Also, like it is said in description of the option `AccountingMax`:\
>>>
Note that (as also described in the Bandwidth section) Tor uses powers of two [...]
>>>
This "Bandwidth section" does not really exist, but now it will if this issue is approuved. The non-existing "Bandwidth section" seems to refer to the description of the option `BandwidthRate`.\\
I will make the neccessary changes in the man tor page and only show you the final result. You will just need to accept it or tell me what need more tweaking.\\
List of options that will need to move to the newly created one:\
>>>
GENERAL OPTIONS:\
- BandwidthBurst
- BandwidthRate
- CountPrivateBandwidth
- MaxAdvertisedBandwidth
- PerConnBWBurst
- PerConnBWRate
- RelayBandwidthBurst
- RelayBandwidthRate\
SERVER OPTIONS:\
- AccountingMax
- AccountingRule
- AccountingStart
>>>
The newly created section will look something like that:\
>>>
**BANDWIDTH MANAGEMENT OPTIONS**\
Description : The end of the description of the options `BandwidthRate` about size unit format.\\
- AccountingMax
- AccountingRule
- AccountingStart
- BandwidthBurst
- BandwidthRate
- CountPrivateBandwidth
- MaxAdvertisedBandwidth
- PerConnBWBurst
- PerConnBWRate
- RelayBandwidthBurst
- RelayBandwidthRate
>>>\
On an unrelated note to this issue:\
I try to use the functionalities of `GitLab Flavord Markdown` in my previous 2 issues, but that did not really goes has I expected, so sorry for the ugly formating of all my previous issues. I'm learning. I hope this issue look a bit better :)https://gitlab.torproject.org/tpo/core/tor/-/issues/40327Man tor - Refactoring - Creation of a `LOGS OPTIONS` section2023-04-03T16:42:53ZcypherpunksMan tor - Refactoring - Creation of a `LOGS OPTIONS` sectionA total of 13 options (see the list below) are all only related to logs. We should create a new section named `LOGS OPTIONS` and all put them there instead of leaving them in the `GENERAL OPTIONS` and `SERVER OPTIONS` sections.
This wou...A total of 13 options (see the list below) are all only related to logs. We should create a new section named `LOGS OPTIONS` and all put them there instead of leaving them in the `GENERAL OPTIONS` and `SERVER OPTIONS` sections.
This would reduce the amount of scrolling in the man tor page and make finding options more intuitive instead of having to remember the weird location that options descriptions are sometimes located. If this issue is approuved, I will make the necessary changes in the man tor page and only show you the final result. You will only need to accept it or tell me what need more tweaking.
Here is the list of affected options :
>>>
**GENERAL OPTIONS**
Log (x4)
LogMessageDomains
LogTimeGranularity
MaxUnparseableDescSizeToLog
ProtocolWarnings
SafeLogging
SyslogIdentityTag
TruncateLogFile
**SERVER OPTIONS**
HeartbeatPeriod
MainloopStats
>>>
The new `LOGS OPTIONS` section will look something like that :
>>>
**LOGS OPTIONS**
Description of LOGS OPTION : Do we really need it ? It is self-explanatory.
HeartbeatPeriod
Log (x4)
LogMessageDomains
LogTimeGranularity
MainloopStats
MaxUnparseableDescSizeToLog
ProtocolWarnings
SafeLogging
SyslogIdentityTag
TruncateLogFile
>>>https://gitlab.torproject.org/tpo/core/tor/-/issues/40340Man tor - Option `ClientTransportPlugin` should move from `GENERAL OPTIONS` t...2023-04-03T16:38:12ZcypherpunksMan tor - Option `ClientTransportPlugin` should move from `GENERAL OPTIONS` to `CLIENT OPTIONS`For tor-0.4.6.0-alpha-dev.
ChangeLog :
```
o Documentation (man tor):
- Move option `ClientTransportPlugin` from `GENERAL OPTIONS` to `CLIENT OPTIONS`. Closes issue #40XXX
```
Output of `git diff HEAD` :
```
diff --git a/doc/...For tor-0.4.6.0-alpha-dev.
ChangeLog :
```
o Documentation (man tor):
- Move option `ClientTransportPlugin` from `GENERAL OPTIONS` to `CLIENT OPTIONS`. Closes issue #40XXX
```
Output of `git diff HEAD` :
```
diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt
index f5dd1ec..308bf2d 100644
--- a/doc/man/tor.1.txt
+++ b/doc/man/tor.1.txt
@@ -334,20 +334,6 @@ forward slash (/) in the configuration file and on the command line.
as a float value. This is an advanced option; you generally shouldn't have
to mess with it. (Default: -1)
-[[ClientTransportPlugin]] **ClientTransportPlugin** __transport__ socks4|socks5 __IP__:__PORT__::
-**ClientTransportPlugin** __transport__ exec __path-to-binary__ [options]::
- In its first form, when set along with a corresponding Bridge line, the Tor
- client forwards its traffic to a SOCKS-speaking proxy on "IP:PORT".
- (IPv4 addresses should written as-is; IPv6 addresses should be wrapped in
- square brackets.) It's the
- duty of that proxy to properly forward the traffic to the bridge. +
- +
- In its second form, when set along with a corresponding Bridge line, the Tor
- client launches the pluggable transport proxy executable in
- __path-to-binary__ using __options__ as its command-line options, and
- forwards its traffic to it. It's the duty of that proxy to properly forward
- the traffic to the bridge. (Default: none)
-
[[ConnLimit]] **ConnLimit** __NUM__::
The minimum number of file descriptors that must be available to the Tor
process before it will start. Tor will ask the OS for as many file
@@ -1178,6 +1164,21 @@ The following options are useful only for clients (that is, if
controller request). If true, multicast DNS hostnames for machines on the
local network (of the form *.local) are also rejected. (Default: 1)
+[[ClientTransportPlugin1]] **ClientTransportPlugin** __transport__ socks4|socks5 __IP__:__PORT__ +
+
+[[ClientTransportPlugin2]] **ClientTransportPlugin** __transport__ exec __path-to-binary__ [options]::
+ In its first form, when set along with a corresponding Bridge line, the Tor
+ client forwards its traffic to a SOCKS-speaking proxy on "IP:PORT".
+ (IPv4 addresses should written as-is; IPv6 addresses should be wrapped in
+ square brackets.) It's the
+ duty of that proxy to properly forward the traffic to the bridge. +
+ +
+ In its second form, when set along with a corresponding Bridge line, the Tor
+ client launches the pluggable transport proxy executable in
+ __path-to-binary__ using __options__ as its command-line options, and
+ forwards its traffic to it. It's the duty of that proxy to properly forward
+ the traffic to the bridge. (Default: none)
+
[[ClientUseIPv4]] **ClientUseIPv4** **0**|**1**::
If this option is set to 0, Tor will avoid connecting to directory servers
and entry nodes over IPv4. Note that clients with an IPv4
```Tor: 0.4.8.x-freezeAlexander Færøyahf@torproject.orgAlexander Færøyahf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40128Give standalone snowflakes guidance on how best to set up their nat2023-03-31T16:56:08ZRoger DingledineGive standalone snowflakes guidance on how best to set up their natAccording to our current broker stats (https://snowflake-broker.torproject.net/debug), we have
```
current snowflakes available: 3021
standalone proxies: 2589
browser proxies: 5
webext proxies: 250
unknown proxies: 177
NAT Types avai...According to our current broker stats (https://snowflake-broker.torproject.net/debug), we have
```
current snowflakes available: 3021
standalone proxies: 2589
browser proxies: 5
webext proxies: 250
unknown proxies: 177
NAT Types available:
restricted: 2512
unrestricted: 386
unknown: 123
```
i.e. most of the snowflakes that we're giving out seem to be standalone ones as opposed to browser extension ones, and also most of the ones we have available to us are behind restricted nat.
It seems to me that the standalone ones are probably in a better position to be behind the good kind of nat (or no nat at all). But does our docker image impose the bad kind of nat on them by default? How come so many standalone proxies are behind restricted nat?
More generally: is there useful guidance we can give people, on setting themselves up with the right kind of nat, presuming they're on a VPS or otherwise on a 'real' internet connection?shelikhooshelikhoohttps://gitlab.torproject.org/tpo/core/arti/-/issues/399Improve documentation and examples in `arti-client`2023-03-28T21:11:07ZNick MathewsonImprove documentation and examples in `arti-client`*(This is a placeholder ticket, made so that people can find it when they search for things to do under the ~"First Contribution" label.)*
Try to write a program using `arti`. (The interface in the `arti-client` crate is the place to s...*(This is a placeholder ticket, made so that people can find it when they search for things to do under the ~"First Contribution" label.)*
Try to write a program using `arti`. (The interface in the `arti-client` crate is the place to start.)
As you do this, you'll probably find that the documentation didn't explain something you wanted to know, or didn't explain it very well. After you figure out the issue (either by asking us, or reading the code), why not contribute a patch to improve the documentation?
----
Also, it's a good convention for all Rust code to have rustdoc examples for how to use it. These examples can be at the function level, the module level, or the type level. Right now, a lot of our crates are missing those. (`arti-client` is most important, but examples everywhere are welcome.)
When writing examples, please make sure that the example actually shows people how they would would _want_ to use the code, and what happens when they do.Arti: Feature parity with the C implementationhttps://gitlab.torproject.org/tpo/network-health/onbasca/-/issues/6Add docstrings2023-03-17T11:19:27ZjugaAdd docstringsonbasca: 1.0https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40256Standalone Snowflake proxy for Microsoft Windows2023-03-07T14:55:51ZRahim RollinsStandalone Snowflake proxy for Microsoft Windows> If you would like to run a command-line version of the Snowflake proxy on your **desktop** or server, see our guide for running a Snowflake standalone proxy.
[The "Standalone Snowflake proxy" page](https://community.torproject.org/rel...> If you would like to run a command-line version of the Snowflake proxy on your **desktop** or server, see our guide for running a Snowflake standalone proxy.
[The "Standalone Snowflake proxy" page](https://community.torproject.org/relay/setup/snowflake/standalone/) provides instructions for installing and configuring the CLI version of Snowflake proxy on Debian, Fedora, Arch Linux, FreeBSD and Ubuntu. However, most users (working on Windows) would be able to help other users bypass censorship without having to keep the browser running. Now this possibility is impossible for them. At least for such volunteers there is not even an instruction, unlike users of the operating systems listed above.https://gitlab.torproject.org/tpo/network-health/metrics/onionperf/-/issues/40058Create Onionperf release template2023-03-03T08:35:33ZGeorg KoppenCreate Onionperf release templateWe had some back and forth during the last release (1.1) which indicates that we could benefit from some release template/check list. That list could contain (among other things) steps like:
1. Bump versions in all places (TODO: spell th...We had some back and forth during the last release (1.1) which indicates that we could benefit from some release template/check list. That list could contain (among other things) steps like:
1. Bump versions in all places (TODO: spell that one out) on `dev`
2. Add changelog entries
3. merge `dev` into `master`
4. tag a release, sign it, and push the taghttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41421about:manual semantic and accessibility problems2023-02-10T23:45:48Zhenryabout:manual semantic and accessibility problemsI didn't look through all the "about:manual" pages, but I noticed a few semantic and accessibility issues which I imagine are common to most pages. A few of these issues would apply to https://tb-manual.torproject.org/ as well https://gi...I didn't look through all the "about:manual" pages, but I noticed a few semantic and accessibility issues which I imagine are common to most pages. A few of these issues would apply to https://tb-manual.torproject.org/ as well https://gitlab.torproject.org/tpo/web/manual/-/issues/132.
1. The top page "about:manual" uses `<h3>` for the "Topics" heading even though it is the top-most heading.
2. The list of links in "about:manual" uses `<li><h4><a></a></h4><p></p></li>`. Using both `<li>`, `<h4>` and `<a>` for the heading makes this noisier than necessary on a screen reader. Plus, this page is less "headings with paragraphs" and more a navigation page.
3. The sub-pages start with a `<h2>` heading, rather than `<h1>`.
4. The `<nav>` element at the top of the page could perhaps use `<ul>` to separate the links. The "»" symbol should be visual only.
5. The alt text for `<img>` elements are not very descriptive of the image. A lot of these are screenshots, but don't describe themselves as screenshots.
6. Some of the text is geared towards users who can see the screenshots.
An example for point 6 would be in the "about:manual#running-tor-browser" page. We have
> ## CONFIGURE
>
> Tor Browser will take you through a series of configuration options.
>
> The Connection Assist informs you about the state of your Internet connection and your connection to the Tor network.
>
> [image]
>
> [image]
>
> The first checkbox is 'Quickstart'. If selected, every time you open Tor Browser, it will try to connect with your previous network settings.
There's no indication that this "configure" is in the settings page, or that "Connection" and "Quickstart" are sections of this page. Using good alt text would help a little, but making the text clearer would help clarify things for all users. Generally, you want something that you could directly read over the phone to help someone on the other end.
Moreover, the use of "Connection Assist" is confusing because the section just before is called "CONNECTION ASSIST", which is something else.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/community/relays/-/issues/59Add instructions for relay tuning2023-02-01T20:34:50ZGeorg KoppenAdd instructions for relay tuningWe have a bunch of instructions about what to do in case of [overload](https://support.torproject.org/relay-operators/#relay-operators_relay-bridge-overloaded) but we lack a somewhat related set of tips and tricks to tune relays (e.g. co...We have a bunch of instructions about what to do in case of [overload](https://support.torproject.org/relay-operators/#relay-operators_relay-bridge-overloaded) but we lack a somewhat related set of tips and tricks to tune relays (e.g. conntrack table adjustments), in particular as that might help with fending off attacks in the future.
There got tweaks collected [previously](https://torservers.net/exit-relay-setup/#high-bandwidth-tweaks-100-mbps) and some might still be buried on random Trac tickets...
/cc @micahhttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/68document how to test the bridgedb service from the outside2023-01-24T18:56:41Zanarcatdocument how to test the bridgedb service from the outsideas TPA, we sometimes have to look into this service and try to figure out "hey, did we break anything here?"
in our [service list](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service) for bridgedb, there's a link to the [bridgedb...as TPA, we sometimes have to look into this service and try to figure out "hey, did we break anything here?"
in our [service list](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service) for bridgedb, there's a link to the [bridgedb survival guide](https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Guides/BridgeDB-Survival-Guide) as the documentation portal. because that page doesn't follow the [service template](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/template), it doesn't have a "monitoring and testing" which should document:
```
<!-- describe how this service is monitored and how it can be tested -->
<!-- after major changes like IP address changes or upgrades. describe -->
<!-- CI, test suites, linting, how security issues and upgrades are -->
<!-- tracked -->
```
typically, I try to test the service with this command:
```
mail -s test -r anarcat@example.com -- bridges@bridges-test.torproject.org < /dev/null
```
... if i want to relay to my local DKIM-signing. if i just want to send mail directly, i have also tried:
```
swaks -t bridges@bridges-test.torproject.org -s bridges.torproject.org -f anarcat@torproject.org
```
so it would be great to have that documented somewhere.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/40004Write 'survival guide' for keeping metrics website up2023-01-23T14:53:51ZRoger DingledineWrite 'survival guide' for keeping metrics website upopara pointed out today that metrics.torproject.org was returning 503's.
I logged in to the server, saw that the server and apache were working fine, found a proxypass stanza in the apache config, noticed that there was a /home/metrics/...opara pointed out today that metrics.torproject.org was returning 503's.
I logged in to the server, saw that the server and apache were working fine, found a proxypass stanza in the apache config, noticed that there was a /home/metrics/, and looked through the end of /home/metrics/.bash_history to make some guesses about what to run to get things working again. It seems to be back and working (I did a "sudo -s -H -u metrics" because I saw karsten had run that, and then "./start-web.sh" and eventually decided to background it when it never exited.)
It would be great to make a 'survival guide' wiki page for it, like<br>
https://gitlab.torproject.org/tpo/metrics/team/-/wikis/Survival-Guides/Exit-Scanner
And then link to it from tpo/tpa/team#40045 so we can use it next time.
Thanks!https://gitlab.torproject.org/tpo/network-health/metrics/onionperf/-/issues/34231Document and maybe improve how we're mapping TGen transfers to Tor streams/ci...2023-01-23T14:48:54ZKarsten LoesingDocument and maybe improve how we're mapping TGen transfers to Tor streams/circuitsOnionPerf uses TGen to make transfers using a local Tor client. OnionPerf also uses Stem to connect to the Tor client's control port and register for control events.
This ticket is about documenting how we can map TGen transfers to Tor ...OnionPerf uses TGen to make transfers using a local Tor client. OnionPerf also uses Stem to connect to the Tor client's control port and register for control events.
This ticket is about documenting how we can map TGen transfers to Tor streams and circuits. OnionPerf did this to produce the .tpf output format (which we just killed in legacy/trac#34141). But we'll also need this functionality to implement legacy/trac#34218 or legacy/trac#33260.
Here's what we're doing in [metrics-lib](https://gitweb.torproject.org/metrics-lib.git/tree/src/main/java/org/torproject/descriptor/onionperf/OnionPerfAnalysisConverter.java#n121) right now to map transfers and streams:
- Index Tor circuits by their circuit ID.
- Index Tor streams by their source port; if there are two or more streams with the same source port, remember them all.
- Go through TGen transfers one by one. For each, extract the local source port.
- Go through Tor streams with the same source port and check if transfer end and stream end happened within 150 seconds.
- If there's a match, look up the corresponding circuit by circuit ID.
Note that OnionPerf took a simpler approach for producing .tpf files by remembering just one stream by source port and not applying that 150 seconds heuristic. The result was that some mappings were wrong. The approach taken by metrics-lib leads to a few missing mappings (probably as many as OnionPerf had), and apparently no wrong mappings.
Is there a way to have an exact mapping that doesn't require a heuristic? And is there a way to do it without having to wait for transfer and stream to end?Ana CusturaAna Custura