The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-03-11T21:39:34Zhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40960Document our privacy-preserving webserver log setup for the world2024-03-11T21:39:34ZRoger DingledineDocument our privacy-preserving webserver log setup for the worldWe use a novel log format for our webservers, which makes sure we don't collect the IP addresses of our visitors, and doesn't record the precise timestamp of the visits, yet still produces a format compatible with various log parsing too...We use a novel log format for our webservers, which makes sure we don't collect the IP addresses of our visitors, and doesn't record the precise timestamp of the visits, yet still produces a format compatible with various log parsing tools.
Everybody in the world should be doing this.
We should document what we do and how and why, and tell the world so everybody else can do it too.
Apparently Debian uses the same approach we do, so we have some adoption already, but much more remains!
See
http://seclists.org/nmap-announce/2004/16
for some of our original motivation.
And see
http://lists.spi-inc.org/pipermail/spi-general/2016-December/003645.html
for a summary of what we do currently.
We should also invite/encourage people to find bugs in our set-up. It can always get better!
And lastly, a blog post like this will be really useful to point to when we start doing analysis and graphs and metrics and stuff.https://gitlab.torproject.org/tpo/tpa/team/-/issues/40421enhance incident response procedures2024-02-13T16:04:39Zanarcatenhance incident response procedurestoday we had an ... interesting situation with the puppet infrastructure. while we have actually recovered pretty well, all things considered, it would be important to enhance our response to such situation so that they are less stressfu...today we had an ... interesting situation with the puppet infrastructure. while we have actually recovered pretty well, all things considered, it would be important to enhance our response to such situation so that they are less stressful and why not, even more "fun", if i can be so daring.
some background reading:
* [Got game? Secrets of great incident management](https://bitfieldconsulting.com/blog/got-game-secrets-of-great-incident-management)
* [pager duty incident response documentation](https://response.pagerduty.com/)
some ideas:
* have an issue template for incidents (so, in git, which requires a git repository here, but maybe it's finally time to merge the wiki repo here anyways), available offline
* run simulations/games
* have post-mortem templates, here's the [pager duty template](https://response.pagerduty.com/after/post_mortem_template/)
* gitlab has some [incident management primitives](https://docs.gitlab.com/ee/operations/incident_management/) including aforementioned "[incidents](https://docs.gitlab.com/ee/operations/incident_management/incidents.html)" (which are really just issues)...
* ... but also [integrations](https://docs.gitlab.com/ee/operations/incident_management/integrations.html) which is especially interesting considering they have *native* Prometheus integration, which might require switching from nagios to prometheus (#29864)
anyways, the core idea here is:
1. have incident roles (note-taker, driver, comms, etc)
2. incident and post-mortem templates
3. run gameshttps://gitlab.torproject.org/tpo/tpa/team/-/issues/33733How do home directories work?2021-09-15T18:41:58ZirlHow do home directories work?There seems to be little consistency here, which isn't what I expect from an orchestrated process, so I'm maybe missing something.
Each service has a directory in /srv/{service}.torproject.org/ and then sometimes there is a home directo...There seems to be little consistency here, which isn't what I expect from an orchestrated process, so I'm maybe missing something.
Each service has a directory in /srv/{service}.torproject.org/ and then sometimes there is a home directory, which is sometimes linked in some way to /home/{service}. When there are multiple users for a service, they can share the same /srv directory but then have inconsistent naming of home directories.
Is there some documentation I can read to make sense of this?
Context: I'm putting together our Ansible roles (legacy/trac#33715) that should replicate what TPA will give us when we move things to a TPA host after we're convinced it's ready for deployment and we know what the specs will be, but I'm having trouble generalising even from just the Onionoo and Exit Scanner setups.
I'd like to be able to set some variables, like what usernames exist, what groups exist, and what paths will exist and should be used for stuff, and then let this role set that up. The service specific (e.g. Onionoo or Exit Scanner) roles will then run equally on our AWS dev instances and the production TPA instance.anarcatanarcathttps://gitlab.torproject.org/tpo/web/manual/-/issues/158Update instructions about using built-in bridges in Tor Browser2024-03-18T18:04:33Zebanamebanam@torproject.orgUpdate instructions about using built-in bridges in Tor Browserhttps://tb-manual.torproject.org/circumvention/
The UX has changed a bit. Let's review and update this section about using built-in bridges with Tor Browser.
> USING PLUGGABLE TRANSPORTS
>
> To use a pluggable transport, click "Configu...https://tb-manual.torproject.org/circumvention/
The UX has changed a bit. Let's review and update this section about using built-in bridges with Tor Browser.
> USING PLUGGABLE TRANSPORTS
>
> To use a pluggable transport, click "Configure Connection" when starting Tor Browser for the first time. Under the "Bridges" section, locate the option "Choose from one of Tor Browser's built-in bridges" and click on "Select a Built-In Bridge" option. From the menu, select whichever pluggable transport you'd like to use.
>
> Once you've selected the pluggable transport, scroll up and click "Connect" to save your settings.
>
> Or, if you have Tor Browser running, click on "Settings" in the hamburger menu (≡) and then on "Connection" in the sidebar. Under the "Bridges" section, locate the option "Choose from one of Tor Browser's built-in bridges" and click on "Select a Built-In Bridge" option. Choose whichever pluggable transport you'd like to use from the menu. Your settings will automatically be saved once you close the tab.
/cc @nina @emmapeelebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/web/support/-/issues/358Add Letterboxing to the glossary2024-03-18T16:11:22ZemmapeelAdd Letterboxing to the glossaryWe need to add Letterboxing to the glossary, as it is a new term that we use on the documentation.We need to add Letterboxing to the glossary, as it is a new term that we use on the documentation.https://gitlab.torproject.org/tpo/web/manual/-/issues/157Add entry about letterboxing (about:manual#letterboxing)2024-03-12T20:36:03Zma1Add entry about letterboxing (about:manual#letterboxing)We're implementing a `Learn more` link in the new user-facing letteboxing preferences (tpo/applications/tor-browser#41916) and we need some content to be referenced by about:manual#letterboxing :)
@donuts' [comment](https://gitlab.torp...We're implementing a `Learn more` link in the new user-facing letteboxing preferences (tpo/applications/tor-browser#41916) and we need some content to be referenced by about:manual#letterboxing :)
@donuts' [comment](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32324#note_2876483):
> It's on support-dot, but possibly not the manual?
> https://support.torproject.org/tbb/maximized-torbrowser-window/ebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/onion-services/ecosystem/-/issues/6README update with maintenance instructions2024-02-29T12:45:41ZSilvio RhattoREADME update with maintenance instructions# Tasks
* [ ] Add into the [README](README.md):
* [ ] Onion Services doc conventions, including:
* Use the navigation format from the [mkdocs-awesome-pages-plugin][].
* Have `README.md` or `index.md` listed as the "Intro" page...# Tasks
* [ ] Add into the [README](README.md):
* [ ] Onion Services doc conventions, including:
* Use the navigation format from the [mkdocs-awesome-pages-plugin][].
* Have `README.md` or `index.md` listed as the "Intro" page.
* Have a link to the repository in the README/index page.
* [ ] How to contribute with new docs:
* Open an issue request or pull request for an evaluation/integration.
* [ ] How to integrate your existing docs:
* Need to be Onion Service related.
* Setup Onion MkDocs.
* Adopt the Onion Services doc conventions.
* Adhere to the Community Team docs guidelines.
* Open an issue request or pull request for an evaluation/integration.
[mkdocs-awesome-pages-plugin]: https://github.com/lukasgeiter/mkdocs-awesome-pages-plugin
# Time estimation
* Complexity: very small (0.5 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)https://gitlab.torproject.org/tpo/onion-services/ecosystem/-/issues/5Slides generation2024-02-27T18:58:24ZSilvio RhattoSlides generation# Description
Some projects have [Onion TeX Slim][]-generated slides that could be built as part of this repository CI/CD.
[Onion TeX Slim]: https://gitlab.torproject.org/tpo/community/onion-tex-slim
# Tasks
* [ ] Create a convention...# Description
Some projects have [Onion TeX Slim][]-generated slides that could be built as part of this repository CI/CD.
[Onion TeX Slim]: https://gitlab.torproject.org/tpo/community/onion-tex-slim
# Tasks
* [ ] Create a convention for [Onion TeX Slim][] slides among Onion Service documentation (folder location etc).
* [ ] Implement a CI/CD action to generate all slides, including then in the generated documentation.
# Time estimation
* Complexity: small (1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)https://gitlab.torproject.org/tpo/web/snowflake/-/issues/9unify volunteer instructions from support entry onto snowflake website2024-02-27T14:24:07ZRoger Dingledineunify volunteer instructions from support entry onto snowflake websiteWe have this support entry: <br>
https://support.torproject.org/censorship/how-to-help-running-snowflake/
which tells people to install the Firefox or Chrome extension, or load the embed in a page. It doesn't mention the Edge extension ...We have this support entry: <br>
https://support.torproject.org/censorship/how-to-help-running-snowflake/
which tells people to install the Firefox or Chrome extension, or load the embed in a page. It doesn't mention the Edge extension or the standalone proxy.
Rather than trying to keep both sets of instructions in sync, I think we should put the instructions on the snowflake.torproject.org page, and point to them from a much slimmer support entry.
To achieve this goal, there are currently two things that the support entry says that the snowflake.torproject.org website does not:
* You need to enable WebRTC in your browser, to usefully run the extension or to usefully load the embed. (If we could reliably have the extension or the embed page report that your WebRTC is missing and you need to fix that, then we could get away with not saying it on the webpage. So, feel free to do that instead if it is easier, but I am suspecting it is not easier. :)
* "Due to censorship of VPN servers in some countries, we kindly ask you to not run a snowflake proxy while connected to a VPN" as advised by @cohosh at https://forum.torproject.org/t/running-a-snowflake-proxy-behind-a-vpn-consequences-for-tor-users/2047/4 and then recorded by gus at https://gitlab.torproject.org/tpo/web/support/-/issues/296. Feel free also to change your mind about the "not on a VPN please" advice.
Once we have these two items either make their way onto the snowflake.torproject.org proxy instructions or have you tell us you don't intend to, then we should be all ready to remove the (redundant, already not as correct) text from the support entry.
Thanks!https://gitlab.torproject.org/tpo/onion-services/ecosystem/-/issues/2Add Onionbalance documentation2024-02-28T12:23:04ZSilvio RhattoAdd Onionbalance documentation# Tasks
* [ ] Add the Onionbalance documentation once it's [converted to Onion MkDocs][].
[converted to Onion MkDocs]: tpo/onion-services/onionbalance#28
# Time estimation
* Complexity: negligible (0.1 day)
* Uncertainty: low (x1.1)
...# Tasks
* [ ] Add the Onionbalance documentation once it's [converted to Onion MkDocs][].
[converted to Onion MkDocs]: tpo/onion-services/onionbalance#28
# Time estimation
* Complexity: negligible (0.1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)Silvio RhattoSilvio Rhatto2024-03-28https://gitlab.torproject.org/tpo/onion-services/ecosystem/-/issues/1Hosting location for the Onion Services Ecosystem Documentation2024-03-18T18:46:11ZSilvio RhattoHosting location for the Onion Services Ecosystem Documentation# Motivation
As mentioned in the [previous issue][] about getting domains for some Onion Services projects, we're looking for
* Shorter URLs for some Onion Services related projects, pointing to their GitLab Pages.
* Aggregate Onion Se...# Motivation
As mentioned in the [previous issue][] about getting domains for some Onion Services projects, we're looking for
* Shorter URLs for some Onion Services related projects, pointing to their GitLab Pages.
* Aggregate Onion Services documentation in a single, searchable place.
That made us create the [Onion Services Ecosystem Documentation][], but it still has a not very friendly URL.
[previous issue]: tpo/onion-services/onion-support#202
[Onion Services Ecosystem Documentation]: https://tpo.pages.torproject.net/onion-services/ecosystem
# Tasks
* [x] Ping some people to get feedback (ahf, gaba, micah?).
* [x] Determine a better canonical URL location for the [Onion Services Ecosystem Documentation][]:
* [x] Project/repository name: `tpo/onion-services/ecosystem`.
* [x] Canonical URL: `https://community.torproject.org/onion-services/ecosystem`.
* [x] Rename the project from `portal` to `ecosystem`.
* [ ] [Ask TPA](https://gitlab.torproject.org/tpo/tpa/team/-/issues/new) to help with setting up this deployment.
* [ ] Proceed with the CI/deployment changes to make the [Onion Services Ecosystem Documentation][] accessible through this URL.
* [ ] Link the [Onion Services Ecosystem Documentation] in the [Onion Services section of the Community Portal](https://community.torproject.org/onion-services/).
* [ ] Once the portal is deployed, updated the "Onionize any website" link in
the Community Portal, pointing to the oficcial Onionspray documentation
URL within the Onion Services Ecosystem Portal (tpo/web/community#337).
* [ ] Update references in Onion Services projects, pointing to the new official/canonical documentation location (like on `README.md` files etc).
* [ ] Add banner in the community portal, at the [Onion Services page](https://community.torproject.org/onion-services/).
* [ ] Consider to release the portal as part of the [Onion Services 20th Years Anniversary (2024 edition)](https://gitlab.torproject.org/tpo/onion-services/onionplan/-/issues/14#note_2933136).
* [~] Bonus: Onion Services endpoint and Onion-Location set (if not already available). This will be available already when the docs are available through `community.torproject.org`.
# Time estimation
* Complexity: small (1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)
/cc @gusSilvio RhattoSilvio Rhatto2024-03-28https://gitlab.torproject.org/tpo/onion-services/onionbalance/-/issues/30Create a development/release workflow2024-02-20T18:00:43ZSilvio RhattoCreate a development/release workflowCreate a development and release workflow, including sending a message to the `tor-announce` mailing list.
Existing workflows that can be used as a base:
* [Development - Onionprobe](https://tpo.pages.torproject.net/onion-services/onio...Create a development and release workflow, including sending a message to the `tor-announce` mailing list.
Existing workflows that can be used as a base:
* [Development - Onionprobe](https://tpo.pages.torproject.net/onion-services/onionprobe/development/)
* [Development workflow - Onionspray](https://tpo.pages.torproject.net/onion-services/onionspray/guides/development/)Onionbalance 0.2.3https://gitlab.torproject.org/tpo/onion-services/onionbalance/-/issues/29Document about multiple MasterOnionAddress entries2024-02-20T17:58:20ZSilvio RhattoDocument about multiple MasterOnionAddress entriesDocument that multiple `MasterOnionAddress` lines are supported in the
`ob_config` file, so each backend service can work for multiple frontend
addresses.Document that multiple `MasterOnionAddress` lines are supported in the
`ob_config` file, so each backend service can work for multiple frontend
addresses.Onionbalance 0.2.3https://gitlab.torproject.org/tpo/onion-services/onionbalance/-/issues/28Migrate Onionbalance documentation to Onion MkDocs2024-02-22T22:19:20ZSilvio RhattoMigrate Onionbalance documentation to Onion MkDocsMigrate Onionbalance documentation from [Sphinx](https://www.sphinx-doc.org) to [Onion MkDocs][].
[Onion Mkdocs]: https://gitlab.torproject.org/tpo/web/onion-mkdocs/Migrate Onionbalance documentation from [Sphinx](https://www.sphinx-doc.org) to [Onion MkDocs][].
[Onion Mkdocs]: https://gitlab.torproject.org/tpo/web/onion-mkdocs/Onionbalance 0.2.3https://gitlab.torproject.org/tpo/onion-services/onionspray/-/issues/44Example configuration with Onionspray defaults2024-03-13T12:01:53ZSilvio RhattoExample configuration with Onionspray defaults# Description
It would be helpful for users if a canonical example configuration file had all/only Onionspray defaults.
# Tasks
* [ ] Create a `default.tconf` with just the default configuration, and
explanatory comments. Explai...# Description
It would be helpful for users if a canonical example configuration file had all/only Onionspray defaults.
# Tasks
* [ ] Create a `default.tconf` with just the default configuration, and
explanatory comments. Explain in the `example.tconf` that it's an example
that does not necessariliy has the default paramters. Or just rename
the `example.tconf` to `default.tconf`. Or something like that.
* [ ] Update the documentation accordingly.
# Time estimation
* Complexity: negligible (0.1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)Onionspray 1.7.0https://gitlab.torproject.org/tpo/community/policies/-/issues/19Document relay community governance processes2024-03-11T15:35:43ZGabagaba@torproject.orgDocument relay community governance processesThis is activity O2.4 for [sponsor 112](https://gitlab.torproject.org/groups/tpo/-/milestones/44#tab-issues):
Document relay community governance processes. In this activity, we will publish public-facing documentation on what enforceme...This is activity O2.4 for [sponsor 112](https://gitlab.torproject.org/groups/tpo/-/milestones/44#tab-issues):
Document relay community governance processes. In this activity, we will publish public-facing documentation on what enforcement mechanisms were considered, why the ones that were selected were chosen, and why the ones that were not implemented but were considered as possible candidates, were eventually rejected. The audience for these documents will be future technology projects that utilize the similar volunteer-run infrastructure and may be able to benefit from the insights Tor obtained during this process.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/web/community/-/issues/339Update links at the Vanity Addresses page2024-02-28T12:22:43ZSilvio RhattoUpdate links at the Vanity Addresses page# Description
[Vanity Addresses page](https://community.torproject.org/onion-services/advanced/vanity-addresses/) needs updated links/references.
Specifically, these references are outdated:
* [eotk/docs.d/TIPS-FOR-MINING-ONIONS.md at...# Description
[Vanity Addresses page](https://community.torproject.org/onion-services/advanced/vanity-addresses/) needs updated links/references.
Specifically, these references are outdated:
* [eotk/docs.d/TIPS-FOR-MINING-ONIONS.md at master · alecmuffett/eotk](https://github.com/alecmuffett/eotk/blob/master/docs.d/TIPS-FOR-MINING-ONIONS.md)
* [Onion Services UX Proposals · Wiki · The Tor Project / Onion Services / Onion Support · GitLab](https://gitlab.torproject.org/tpo/onion-services/onion-support/-/wikis/Documentation/Onion-Services-UX-Proposals)
And can be replaced by:
* [Mining Onion Service keys - Onionspray](https://tpo.pages.torproject.net/onion-services/onionspray/guides/mining/)
* [Usability intro - The Onion Plan](https://tpo.pages.torproject.net/onion-services/onionplan/proposals/usability/)
A reference to [Onionmine](https://gitlab.torproject.org/tpo/onion-services/onionmine/) would also be informative.
# Tasks
* [ ] Replace the oudated references with the newer ones.
* [ ] Add a reference to Onionmine.
# Time estimation
* Complexity: negligible (0.1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)Silvio RhattoSilvio Rhatto2024-03-28https://gitlab.torproject.org/tpo/onion-services/onionspray/-/issues/37Documentation macros2024-02-29T19:10:44ZSilvio RhattoDocumentation macros# Tasks
* [ ] Setup the [MkDocs Macros plugin].
* [ ] Create macros to reuse some content (like the installation example using Debian bookworm).
[MkDocs Macros plugin]: https://mkdocs-macros-plugin.readthedocs.io/en/latest/
# Time est...# Tasks
* [ ] Setup the [MkDocs Macros plugin].
* [ ] Create macros to reuse some content (like the installation example using Debian bookworm).
[MkDocs Macros plugin]: https://mkdocs-macros-plugin.readthedocs.io/en/latest/
# Time estimation
* Complexity: negligible (0.1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)Onionspray 1.7.0Silvio RhattoSilvio Rhatto2024-06-27https://gitlab.torproject.org/tpo/onion-services/onionspray/-/issues/36Documentation: terminology2024-02-29T19:10:44ZSilvio RhattoDocumentation: terminology# Tasks
* [x] Create a quick introductory terminology on the Onionspray elements: repository, installation, server, project, site etc.
* [ ] Review the documentation to make sure it's consistent with the terminology.
# Time estimation
...# Tasks
* [x] Create a quick introductory terminology on the Onionspray elements: repository, installation, server, project, site etc.
* [ ] Review the documentation to make sure it's consistent with the terminology.
# Time estimation
* Complexity: negligible (0.1 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)Onionspray 1.7.0Silvio RhattoSilvio Rhatto2024-06-27https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41064Update tools/signing/README and add a tools/signing/machines-setup/README2024-01-18T15:05:06ZboklmUpdate tools/signing/README and add a tools/signing/machines-setup/READMEWe should update `tools/signing/README` for latest changes, and also
point to the issue templates for usage information.
We should also create `tools/signing/machines-setup/README` to document
how the setup of the signing machines is done.We should update `tools/signing/README` for latest changes, and also
point to the issue templates for usage information.
We should also create `tools/signing/machines-setup/README` to document
how the setup of the signing machines is done.boklmboklm