The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-10-03T18:38:55Zhttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/10Populate wiki with documentation2023-10-03T18:38:55ZCecylia BocovichPopulate wiki with documentationLet's use this overview project as a way to aggregate issues and documentation since Lox is made of many different pieces. A good start would be:
- There's some high level docs written up at https://gitlab.torproject.org/cohosh/lox/-/wi...Let's use this overview project as a way to aggregate issues and documentation since Lox is made of many different pieces. A good start would be:
- There's some high level docs written up at https://gitlab.torproject.org/cohosh/lox/-/wikis/Lox-Overview that should be moved here and also checked to see if they are accurate
- @onyinyang made some cool graphics at https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/116#note_2884107Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetonyinyangonyinyanghttps://gitlab.torproject.org/tpo/web/support/-/issues/320Add an FAQ like "anybody can run a relay, including NSA/governments/big data ...2023-11-07T13:31:21ZPier Angelo VendrameAdd an FAQ like "anybody can run a relay, including NSA/governments/big data companies/etc. Isn't this bad?"We often receive that question in several places, like #tor-project, but also on Reddit and other places.
We should add an official FAQ to definitely answer that question, so that we can just link it whenever we are asked again.
The ol...We often receive that question in several places, like #tor-project, but also on Reddit and other places.
We should add an official FAQ to definitely answer that question, so that we can just link it whenever we are asked again.
The old site had https://2019.www.torproject.org/docs/faq#CanExitNodesEavesdrop.ebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/community/support/-/issues/40093Provide a recommended set of iptables/nftables rules to help in case of DoS a...2023-07-14T15:15:42ZGeorg KoppenProvide a recommended set of iptables/nftables rules to help in case of DoS attacksA bunch of DoS attacks are essentially ongoing since June 2022 and we discussed a bunch of potential solution to improve things for our users. One thing folks started to experiment with is trying to come up with good iptables rules to he...A bunch of DoS attacks are essentially ongoing since June 2022 and we discussed a bunch of potential solution to improve things for our users. One thing folks started to experiment with is trying to come up with good iptables rules to help fighting ongoing attacks.
This ticket is for collecting all the information we gathered so far and coming up with some rules we can recommend to our relay operators (and updating our support guidelines accordingly).https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40128Give standalone snowflakes guidance on how best to set up their nat2023-03-31T16:56:08ZRoger DingledineGive standalone snowflakes guidance on how best to set up their natAccording to our current broker stats (https://snowflake-broker.torproject.net/debug), we have
```
current snowflakes available: 3021
standalone proxies: 2589
browser proxies: 5
webext proxies: 250
unknown proxies: 177
NAT Types avai...According to our current broker stats (https://snowflake-broker.torproject.net/debug), we have
```
current snowflakes available: 3021
standalone proxies: 2589
browser proxies: 5
webext proxies: 250
unknown proxies: 177
NAT Types available:
restricted: 2512
unrestricted: 386
unknown: 123
```
i.e. most of the snowflakes that we're giving out seem to be standalone ones as opposed to browser extension ones, and also most of the ones we have available to us are behind restricted nat.
It seems to me that the standalone ones are probably in a better position to be behind the good kind of nat (or no nat at all). But does our docker image impose the bad kind of nat on them by default? How come so many standalone proxies are behind restricted nat?
More generally: is there useful guidance we can give people, on setting themselves up with the right kind of nat, presuming they're on a VPS or otherwise on a 'real' internet connection?shelikhooshelikhoohttps://gitlab.torproject.org/tpo/ux/research/-/issues/40Add a persona who uses a public computer2023-08-08T18:55:10ZcypherpunksAdd a persona who uses a public computerFrom the blog:
https://blog.torproject.org/comment/291342#comment-291342
https://blog.torproject.org/comment/291422#comment-291422
> [The commenter] then said, "this could be a problem in a public computer, when many persons want to use...From the blog:
https://blog.torproject.org/comment/291342#comment-291342
https://blog.torproject.org/comment/291422#comment-291422
> [The commenter] then said, "this could be a problem in a public computer, when many persons want to use same account." It sounds like a kiosk or an Internet café. That is an interesting new persona to study, Community Team!! (to Gus, et al.) Usually though, public computers are configured for a guest account and/or to automatically log out after a period of time and delete the guest account's files.
It could be any shared device. A neighbor's laptop, phone, etc. If the device is public, then it isn't managed by a neighbor but by an administrator.
I guess this issue should be moved to tpo/ux/research. I wrote it in tpo/web/community because cypherpunks such as myself are not allowed to post in ux/research.https://gitlab.torproject.org/tpo/web/support/-/issues/358Add Letterboxing to the glossary2024-03-25T15:27:33ZemmapeelAdd Letterboxing to the glossaryWe need to add Letterboxing to the glossary, as it is a new term that we use on the documentation.We need to add Letterboxing to the glossary, as it is a new term that we use on the documentation.ebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/1222Add central documentation for our filesystem layout2024-02-01T15:43:34ZNick MathewsonAdd central documentation for our filesystem layoutSomewhere in doc/dev, we should document all the files that we create or look at.
This will include:
* `tor-keymgr` stuff, possibly by reference
* All state files
* All onion-service-related files
* All cache files
* All locks...Somewhere in doc/dev, we should document all the files that we create or look at.
This will include:
* `tor-keymgr` stuff, possibly by reference
* All state files
* All onion-service-related files
* All cache files
* All locks
* All configuration files
This should replace `crates/tor-hsservice/src/state_dir.md` (cc @diziet)https://gitlab.torproject.org/tpo/tpa/team/-/issues/41456monitor technical debt and legacy2024-03-27T15:29:42Zanarcatmonitor technical debt and legacyI often say that we have a huge technical debt in TPA, and that we keep needing to close things down and document and so on.
But we do not have hard data on this. After reading [Managing Technical Debt](https://jacobian.org/2023/dec/20/...I often say that we have a huge technical debt in TPA, and that we keep needing to close things down and document and so on.
But we do not have hard data on this. After reading [Managing Technical Debt](https://jacobian.org/2023/dec/20/tech-debt/), I realized we should at least keep track of metrics about this. What's interesting about that article is it says we shouldn't necessarily set *targets*, but keeping track of metrics would be a good start.
He specifically [suggests DORA metrics](https://jacobian.org/2022/jun/17/dora-metrics/), but I'm not sure it's the best match for us. Here's what I think we should monitor:
* tickets
* "lead time" (time between when a ticket enters backlog/next/doing and closing)
* start using the ~"Technical Debt" ticket and measure ticket counts
* general per-queue ticket counts (already done in monthly reports, put in prometheus, see https://gitlab.torproject.org/tpo/tpa/team/-/issues/40591)
* incidents:
* "lead time" is specially important here: how long do tickets get opened in incidents? might also be a measure of MTTR (mean time to recovery)
* "change failure rate": measure how many incidents are caused by deployment failures
* documentation: systematically measure how many services we have and how well they are documented (this is partially done, by hand, in the `service.md` wiki page, but could be somehow automated)
* untracked package counts: use anarcat's [puppet-package-check](https://gitlab.com/anarcat/scripts/-/blob/main/puppet-package-check?ref_type=heads) to generate metrics on how many packages are *not* managed by puppet, per host, as a rough estimate of the "puppetization ratio"
* unit test coverage: across all our software projects (or maybe per project?), what is the coverage of unit tests? (requires CI and extraction of those numbers in an exporter)
* out of date systems: how long does it take to update the fleet, and how long do we live on LTS? (at least partly tracked in Prometheus now, but not retained long enough to have good metrics, see also #40330)
The end result here is a small set of metrics that describe the current state of affairs, and its evolution over time. It will allow us to more easily realize when we're in trouble (e.g. https://gitlab.torproject.org/tpo/tpa/team/-/issues/41411) and evaluate how much effort we should put into this.
It might be more effective to have those metrics beyond the "one year" mark. Ticket counts, for example, are kept forever in the minutes, and that's a good thing, so we should consider expanding the storage retention here (#40330).
One thing Kaplan-Moss advises is to set time apart to deal with technical debt, he advises 10%. He also says we shouldn't set "sprints" to deal with technical debt, but I disagree with that: I have found that Debian upgrades are working well with sprints and wonder to what else we could extend the practice. On the other hand, the docs hack week wasn't a clear success for us, so maybe he's at least partly right in some aspects.cleanup and publish the sysadmin codebaseanarcatanarcathttps://gitlab.torproject.org/tpo/web/support/-/issues/336Add a FAQ on how users can check their version of Tor Browser on all platforms2024-03-28T15:24:28Zebanamebanam@torproject.orgAdd a FAQ on how users can check their version of Tor Browser on all platformsAs part of our user support work and for troubleshooting in general, we fairly regularly ask users about the version of Tor Browser they are using. I think we should add some steps on how users can check their version of Tor Browser.
Fo...As part of our user support work and for troubleshooting in general, we fairly regularly ask users about the version of Tor Browser they are using. I think we should add some steps on how users can check their version of Tor Browser.
For Tor Browser on desktop we can create a entry in https://support.torproject.org/tbb/
and for Tor Browser for Android in https://support.torproject.org/tormobile/
/cc @ninaebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/ux/research/-/issues/115Evaluate if Tor Browser is meeting the needs of our users2023-06-28T16:20:06ZMatthew FinkelEvaluate if Tor Browser is meeting the needs of our usersTor Browser has many goals as defined in the [Design document](https://2019.www.torproject.org/projects/torbrowser/design/), but we should take a step backward and look at the larger picture of whether these goals are actually important ...Tor Browser has many goals as defined in the [Design document](https://2019.www.torproject.org/projects/torbrowser/design/), but we should take a step backward and look at the larger picture of whether these goals are actually important for the [people](https://community.torproject.org/user-research/persona/) we are trying to protect.
We should be able to justify our general design requirements through the needs of our users, instead of defining the strictest-possible private browser design and then applying that to all of the use cases. Indeed, this should influence tpo/applications/tor-browser-spec#25021.https://gitlab.torproject.org/tpo/network-health/metrics/descriptorParser/-/issues/44Review when a bridge is labeled as online or offline2023-10-09T11:24:01ZHiroReview when a bridge is labeled as online or offlineWe currently use both bridgestrap tests and online/offline flag from the bridge authority to mark when a bridge is online or offline.
We might have to review all the rules that we are currently using and document them. If necessary we ...We currently use both bridgestrap tests and online/offline flag from the bridge authority to mark when a bridge is online or offline.
We might have to review all the rules that we are currently using and document them. If necessary we should check if we can change these rules.
@meskio do we have any other test that we are currently performing for bridges besides bridgestrap?https://gitlab.torproject.org/tpo/web/community/-/issues/315[Onion Services] Add other popular and well maintained tools2023-11-01T12:51:00ZGus[Onion Services] Add other popular and well maintained toolsLet's add some popular and well maintained onion services tools here: https://community.torproject.org/onion-services/#tools
- CWTCH: https://tryquiet.org/
- Quiet: https://tryquiet.org/
- Ricochet-refresh: https://www.ricochetrefresh.net/Let's add some popular and well maintained onion services tools here: https://community.torproject.org/onion-services/#tools
- CWTCH: https://tryquiet.org/
- Quiet: https://tryquiet.org/
- Ricochet-refresh: https://www.ricochetrefresh.net/https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40256Standalone Snowflake proxy for Microsoft Windows2023-03-07T14:55:51ZRahim RollinsStandalone Snowflake proxy for Microsoft Windows> If you would like to run a command-line version of the Snowflake proxy on your **desktop** or server, see our guide for running a Snowflake standalone proxy.
[The "Standalone Snowflake proxy" page](https://community.torproject.org/rel...> If you would like to run a command-line version of the Snowflake proxy on your **desktop** or server, see our guide for running a Snowflake standalone proxy.
[The "Standalone Snowflake proxy" page](https://community.torproject.org/relay/setup/snowflake/standalone/) provides instructions for installing and configuring the CLI version of Snowflake proxy on Debian, Fedora, Arch Linux, FreeBSD and Ubuntu. However, most users (working on Windows) would be able to help other users bypass censorship without having to keep the browser running. Now this possibility is impossible for them. At least for such volunteers there is not even an instruction, unlike users of the operating systems listed above.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41421about:manual semantic and accessibility problems2023-02-10T23:45:48Zhenryabout:manual semantic and accessibility problemsI didn't look through all the "about:manual" pages, but I noticed a few semantic and accessibility issues which I imagine are common to most pages. A few of these issues would apply to https://tb-manual.torproject.org/ as well https://gi...I didn't look through all the "about:manual" pages, but I noticed a few semantic and accessibility issues which I imagine are common to most pages. A few of these issues would apply to https://tb-manual.torproject.org/ as well https://gitlab.torproject.org/tpo/web/manual/-/issues/132.
1. The top page "about:manual" uses `<h3>` for the "Topics" heading even though it is the top-most heading.
2. The list of links in "about:manual" uses `<li><h4><a></a></h4><p></p></li>`. Using both `<li>`, `<h4>` and `<a>` for the heading makes this noisier than necessary on a screen reader. Plus, this page is less "headings with paragraphs" and more a navigation page.
3. The sub-pages start with a `<h2>` heading, rather than `<h1>`.
4. The `<nav>` element at the top of the page could perhaps use `<ul>` to separate the links. The "»" symbol should be visual only.
5. The alt text for `<img>` elements are not very descriptive of the image. A lot of these are screenshots, but don't describe themselves as screenshots.
6. Some of the text is geared towards users who can see the screenshots.
An example for point 6 would be in the "about:manual#running-tor-browser" page. We have
> ## CONFIGURE
>
> Tor Browser will take you through a series of configuration options.
>
> The Connection Assist informs you about the state of your Internet connection and your connection to the Tor network.
>
> [image]
>
> [image]
>
> The first checkbox is 'Quickstart'. If selected, every time you open Tor Browser, it will try to connect with your previous network settings.
There's no indication that this "configure" is in the settings page, or that "Connection" and "Quickstart" are sections of this page. Using good alt text would help a little, but making the text clearer would help clarify things for all users. Generally, you want something that you could directly read over the phone to help someone on the other end.
Moreover, the use of "Connection Assist" is confusing because the section just before is called "CONNECTION ASSIST", which is something else.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/web/community/-/issues/293[Training] Consider merging 'Best Practices' and the checklist sections2023-05-11T18:29:50Zemmapeel[Training] Consider merging 'Best Practices' and the checklist sectionsThe [best practices](https://community.torproject.org/training/best-practices/) and the [checklist](https://community.torproject.org/training/checklist/) training sections have both similar content.
Maybe we should merge them, especiall...The [best practices](https://community.torproject.org/training/best-practices/) and the [checklist](https://community.torproject.org/training/checklist/) training sections have both similar content.
Maybe we should merge them, especially the parts of 'best practices' that have a checklist format for before and after the training.
Working pad: https://pad.riseup.net/p/tor-merge-best-practices-checklistrayarayahttps://gitlab.torproject.org/tpo/web/community/-/issues/286Move bridge post-install info to "Technical Setup"2023-01-11T16:38:28ZGhost UserMove bridge post-install info to "Technical Setup"<!-- This template is a great use for issues that are feature::additions or technical tasks for larger issues.-->
### Proposal
<!-- Use this section to explain the proposal and how it will work. It can be helpful to add technical detai...<!-- This template is a great use for issues that are feature::additions or technical tasks for larger issues.-->
### Proposal
<!-- Use this section to explain the proposal and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. -->
The relay post-install info is located at [/relay/setup/post-install/](https://community.torproject.org/relay/setup/post-install/), but the bridge post-install info is mixed in between the operating systems at [/relay/setup/bridge/post-install/](https://community.torproject.org/relay/setup/bridge/post-install/).
I suggest moving the bridge post-install page next to the relay post-install page at [/relay/setup/](https://community.torproject.org/relay/setup/).
What needs to be done:
- Move /relay/setup/post-install/ to /relay/setup/relay-post-install/
- Move /relay/setup/bridge/post-install/ to /relay/setup/bridge-post-install/
- Update all links to the new destination of /relay/setup/post-install/
- Update all links to the new destination of /relay/setup/bridge/post-install/
- Change the title of /relay/setup/bridge-post-install/contents.lr to "Bridge Post-install"
- Change the key of /relay/setup/bridge-post-install/contents.lr to "4"
- Change the key of /relay/setup/post-install/contents.lr from "4" to "5"
- Change the key of /relay/setup/snowflake/contents.lr from "5" to "6"
I could work on this.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/5Write documentation on how it is working2023-04-11T18:29:41ZGabagaba@torproject.orgWrite documentation on how it is workingAdd documentation on how it is working, the design, architecture and anything we need for it to be running (including survival guide).
- [ ] bridge survival guide
- [ ] point of contact for conjure station
- [ ] brief summary of archite...Add documentation on how it is working, the design, architecture and anything we need for it to be running (including survival guide).
- [ ] bridge survival guide
- [ ] point of contact for conjure station
- [ ] brief summary of architectureCecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/88Onion Services terminology - second iteration2023-11-03T22:34:58ZSilvio RhattoOnion Services terminology - second iteration[The first iteration](https://gitlab.torproject.org/tpo/web/community/-/issues/60) dealt with the references to Onion Services and onion sites.
Here I propose a discussion (or just ask if that's already settled) about how to refer to ot...[The first iteration](https://gitlab.torproject.org/tpo/web/community/-/issues/60) dealt with the references to Onion Services and onion sites.
Here I propose a discussion (or just ask if that's already settled) about how to refer to other Onion Services elements, such as:
1. [ ] How to refer to Onion Service keys? Shall we also support ".onion keys" and ".onion
descriptors", to explicitly indicate that we're telling about something bound to an
Onion Service address?
2. [ ] How to refer to the what some call the "clearnet", i.e, the one not accessed
via Tor. Vanilla internet? Regular internet?
3. [ ] How to refer to an Onion Service that isn't accessible via the "regular
internet"? "Pure-onion Service"? "Onion-only Service?"
4. [ ] Document references on the "there is not Dark Web" topic.
5. [x] Include definition of "censorship resistance": content cannot be removed
from the internet; whereas bridges offers censorship circumvention
(allows users to connect to the Tor network). This need to be explained during
presentations and documents. Otherwise people will confuse Onion Services
with another kind of bridges.
Please feel free to include more questions or to ignore this if I'm being to exaggerated in proposing this :)https://gitlab.torproject.org/tpo/web/community/-/issues/270Document Onion Services subdomain support for HTTP(S)2023-11-23T15:37:47ZSilvio RhattoDocument Onion Services subdomain support for HTTP(S)Currently there are a few references about the subdomain support for Onion Service sites (i.e. Onion Services using HTTP or HTTPS).
* [ ] Write a section about how to handle subdomains under the [Advanced Settings](https://community.tor...Currently there are a few references about the subdomain support for Onion Service sites (i.e. Onion Services using HTTP or HTTPS).
* [ ] Write a section about how to handle subdomains under the [Advanced Settings](https://community.torproject.org/onion-services/advanced/) page.
* [ ] Enhance best practices documentation by pointing that Operators shall protect their configuration against subdomain testing, which can reveal server location in case of a misconfiguration, like a `$random_string.$onion_domain.onion` being not catched by an Apache `ServerAlias *.$onion_domain` and being directed to a default server page which identifiable information. That should be also included in [the checklist](https://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/30) as well.https://gitlab.torproject.org/tpo/core/arti/-/issues/399Improve documentation and examples in `arti-client`2023-03-28T21:11:07ZNick MathewsonImprove documentation and examples in `arti-client`*(This is a placeholder ticket, made so that people can find it when they search for things to do under the ~"First Contribution" label.)*
Try to write a program using `arti`. (The interface in the `arti-client` crate is the place to s...*(This is a placeholder ticket, made so that people can find it when they search for things to do under the ~"First Contribution" label.)*
Try to write a program using `arti`. (The interface in the `arti-client` crate is the place to start.)
As you do this, you'll probably find that the documentation didn't explain something you wanted to know, or didn't explain it very well. After you figure out the issue (either by asking us, or reading the code), why not contribute a patch to improve the documentation?
----
Also, it's a good convention for all Rust code to have rustdoc examples for how to use it. These examples can be at the function level, the module level, or the type level. Right now, a lot of our crates are missing those. (`arti-client` is most important, but examples everywhere are welcome.)
When writing examples, please make sure that the example actually shows people how they would would _want_ to use the code, and what happens when they do.Arti: Feature parity with the C implementation