The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-01-18T17:04:55Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40588Review closed mozilla91 bug2022-01-18T17:04:55ZMatthew FinkelReview closed mozilla91 bughttps://bugzilla.mozilla.org/buglist.cgi?product=Core&query_format=advanced&resolution=FIXED&target_milestone=91%20Branch&order=priority%2Cbug_severity&limit=0https://bugzilla.mozilla.org/buglist.cgi?product=Core&query_format=advanced&resolution=FIXED&target_milestone=91%20Branch&order=priority%2Cbug_severity&limit=0Tor Browser: 11.0 Issues with previous releaseGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40564[meta] Evaluate if Tor Browser is meeting the needs of our users2022-01-31T16:54:17ZMatthew Finkel[meta] Evaluate if Tor Browser is meeting the needs of our usersTor Browser has many goals as defined in the [Design document](https://2019.www.torproject.org/projects/torbrowser/design/), but we should take a step backward and look at the larger picture of whether these goals are actually important ...Tor Browser has many goals as defined in the [Design document](https://2019.www.torproject.org/projects/torbrowser/design/), but we should take a step backward and look at the larger picture of whether these goals are actually important for the [people](https://community.torproject.org/user-research/persona/) we are trying to protect.
We should be able to justify our general design requirements through the needs of our users, instead of defining the strictest-possible private browser design and then applying that to all of the use cases. Indeed, this should influence tor-browser-spec#25021.
cc @duncan @nahTor Browser: 11.0 Issues with previous releasehttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40336Delete snowflake config option2021-11-05T14:19:54ZMatthew FinkelDelete snowflake config optionIn 196038d20c439bb9544fce0d937b0a3d5209e069 we deleted all of the snowflake config pieces. I should've done it on master before forking `maint-10.5`. Let's make the same change on `master`.In 196038d20c439bb9544fce0d937b0a3d5209e069 we deleted all of the snowflake config pieces. I should've done it on master before forking `maint-10.5`. Let's make the same change on `master`.Tor Browser: 11.0 Issues with previous releaseboklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40515Review closed mozilla90 bug2022-01-19T16:24:17ZMatthew FinkelReview closed mozilla90 bugTor Browser: 11.0 Issues with previous releaseGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40487UX fixes for ESR91 Tor Browser2021-10-13T12:31:14ZrichardUX fixes for ESR91 Tor BrowserA parent ticket to keep track of all the UX breakage we'll need to take care of in ESR91 based Tor Browser:
- updated icons (new builtin icons are all have thin lines now):
identity-block onions, security settings icons, new identity, t...A parent ticket to keep track of all the UX breakage we'll need to take care of in ESR91 based Tor Browser:
- updated icons (new builtin icons are all have thin lines now):
identity-block onions, security settings icons, new identity, thinner
onion icon branding
- circuit display will probably break/need tweaks
- security level door-hanger may need to be tweaked/restyled
- probably fixes in about:torconnect and the v2 onion warning page (both
depend on about:neterror)
- possibly fixes in about:preferences#tor (tor logs, bridges dialogs)Tor Browser: 11.0 Issues with previous releaserichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40461Rebase 11.0 patches onto 912021-12-07T09:58:32ZMatthew FinkelRebase 11.0 patches onto 91We need to rebase our 10.5 series patches onto Firefox/Mozilla 91.We need to rebase our 10.5 series patches onto Firefox/Mozilla 91.Tor Browser: 11.0 Issues with previous releasehttps://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/40015FF79-81 network audit2022-01-31T07:23:15ZMatthew FinkelFF79-81 network auditLet's look at:
- [x] Gecko/GeckoView
- tor-browser@56ab7e2d173accfa5cde46659c7b801c8dab2a3e until tor-browser@cb11d5556759bd5bf174fbac719f51b2f02e2f0b
- [x] Fenix
- fenix@b54949e58f9fda3698ada3e64b9f4337177d84f0 until fenix@b54949e58...Let's look at:
- [x] Gecko/GeckoView
- tor-browser@56ab7e2d173accfa5cde46659c7b801c8dab2a3e until tor-browser@cb11d5556759bd5bf174fbac719f51b2f02e2f0b
- [x] Fenix
- fenix@b54949e58f9fda3698ada3e64b9f4337177d84f0 until fenix@b54949e58f9fda3698ada3e64b9f4337177d84f0
-Tor Browser: 11.0 Issues with previous releaseGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40222Bump GCC version for Linux builds to 10.3.02021-10-06T22:22:33ZGeorg KoppenBump GCC version for Linux builds to 10.3.0When switching to Firefox 86 (see: #40168), compiling our ASan build with GCC 9.3.0 results in
```
18:56.43 {standard input}: Assembler messages:
18:56.84 {standard input}:2051862: Warning: end of file not at end of a line; newline inser...When switching to Firefox 86 (see: #40168), compiling our ASan build with GCC 9.3.0 results in
```
18:56.43 {standard input}: Assembler messages:
18:56.84 {standard input}:2051862: Warning: end of file not at end of a line; newline inserted
18:56.84 {standard input}:2052290: Warning: Unary operator - ignored because bad operand follows
18:56.84 {standard input}:2052290: Error: missing or invalid displacement expression `-'
18:56.84 {standard input}: Error: open CFI at the end of file; missing .cfi_endproc directive
18:57.25 g++.real: fatal error: Killed signal terminated program cc1plus
18:57.25 compilation terminated.
18:57.32 /var/tmp/build/firefox-89324d7a4cef/config/rules.mk:674: recipe for target 'UnifiedBindings22.o' failed
18:57.32 make[4]: *** [UnifiedBindings22.o] Error 1
```
Bumping GCC to the latest stable solves this issue. (And it is a good thing anyway when doing the switch away from ESR)Tor Browser: 11.0 Issues with previous releasehttps://gitlab.torproject.org/tpo/applications/tor-browser-bundle-testsuite/-/issues/40013Implement fetching and running Tor Browser instrumented tests for Android2022-09-01T22:28:48ZAlex CatarineuImplement fetching and running Tor Browser instrumented tests for AndroidWe should fetch the Tor Browser nightly + instrumented tests apks, run them, and email the results report.We should fetch the Tor Browser nightly + instrumented tests apks, run them, and email the results report.Tor Browser: 11.0 Issues with previous releaseaguestuseraguestuserhttps://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/25021Update Tor Browser spec2024-03-20T23:28:07ZGeorg KoppenUpdate Tor Browser specTor Browser 11.0 is coming out soon. We should update our design document to cover all the new issues that are showing up in it. Highlights are
1) Switch to rbm/tor-browser-build
2) The security slider copy update
...
The update should...Tor Browser 11.0 is coming out soon. We should update our design document to cover all the new issues that are showing up in it. Highlights are
1) Switch to rbm/tor-browser-build
2) The security slider copy update
...
The update should cover the current goals and state of the browser, and fold in all the 8.0, 8.5, 9.0, 9.5, 10.0, and 10.5 changes.Tor Browser: 11.0 Issues with previous releaserichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21740Make sure Mozilla's own emoji font on Windows/Linux does not interfere with o...2022-08-04T10:08:12ZGeorg KoppenMake sure Mozilla's own emoji font on Windows/Linux does not interfere with our font fingerprinting defenseMozilla ships an own emoji font to Windows and Linux users (https://bugzilla.mozilla.org/show_bug.cgi?id=1231701). We should make sure that does not interfere with our font fingerprinting defense.Mozilla ships an own emoji font to Windows and Linux users (https://bugzilla.mozilla.org/show_bug.cgi?id=1231701). We should make sure that does not interfere with our font fingerprinting defense.Tor Browser: 11.0 Issues with previous releasePier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40050Change the 'select all' button for a 'copy all' when giving the bridges2022-08-17T19:29:57ZemmapeelChange the 'select all' button for a 'copy all' when giving the bridgesThis change has been suggested by a translator.
It will be even more comfortable to have the bridges copied when clicking the button, than just selected and then you have to do the copying. Lets save users a step, and copy the bridges f...This change has been suggested by a translator.
It will be even more comfortable to have the bridges copied when clicking the button, than just selected and then you have to do the copying. Lets save users a step, and copy the bridges for them:
![copyall](/uploads/1745238b654be298dfa507734a4352bd/copyall.png)Sponsor 30 - Objective 2.2https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40774Update about:preferences page to match new UI designs2022-04-12T21:37:10ZrichardUpdate about:preferences page to match new UI designs- UI Figma: https://www.figma.com/file/Vsh1aPOZGneDX4Zp27mjsK/torconnect?node-id=531%3A2047
This ticket tracks the changes to about:preferences UX- UI Figma: https://www.figma.com/file/Vsh1aPOZGneDX4Zp27mjsK/torconnect?node-id=531%3A2047
This ticket tracks the changes to about:preferences UXSponsor 30 - Objective 3.3Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40568about:preference has a "Tor" tab, but confusingly, some Tor settings aren't u...2022-03-29T16:08:41ZRoger Dingledineabout:preference has a "Tor" tab, but confusingly, some Tor settings aren't under that tabI wanted to change my "automatically follow the OnionLocation header" setting in Tor Browser, so I went to about:preferences and clicked on the Tor tab and looked around and didn't find it. Then I typed 'onion' into the preferences searc...I wanted to change my "automatically follow the OnionLocation header" setting in Tor Browser, so I went to about:preferences and clicked on the Tor tab and looked around and didn't find it. Then I typed 'onion' into the preferences search bar, and there *is* a setting for changing it. After some more hunting, I found it hidden in the "Privacy & Security" tab. That's weird, since there is a tab named "Tor" which is where I would expect to find the Tor things.
Does that mean we should rename the Tor tab to something more specific, so I don't assume that all the Tor-Browser-specific settings will be found there?
(Discovered because we just had a user on #tor who had the same confusion).Sponsor 30 - Objective 3.3donutsdonutshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40556Tor Network Settings button feedback2022-01-19T16:54:03ZcypherpunksTor Network Settings button feedbackOn `about:torconnect`, the button labeled, "Tor Network Settings," should be a hyperlink to "Tor Network Preferences". Hyperlinks display content. Buttons perform a command. It should say "Preferences" instead of "Settings" to keep jargo...On `about:torconnect`, the button labeled, "Tor Network Settings," should be a hyperlink to "Tor Network Preferences". Hyperlinks display content. Buttons perform a command. It should say "Preferences" instead of "Settings" to keep jargon consistent and identical to the label of the menu item and its pages. Consider prepending the gear icon of the Preferences menu item to the hyperlink.
If you want a button, its label should start with an imperative command word like "Configure", and since this widget opens a panel that lists multiple preferences, the label on a button should end with an ellipsis like "Save As..." or in this case "Configure Tor Preferences..." Or if you want minimalism, you could reduce it to a button with just the gear icon, but new users might not understand what the icon means if there isn't text. The color of the button could be more contrasted against the background for visual accessibility.Sponsor 30 - Objective 3.3donutsdonutshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40477Implementing Tor Browser quickstart's proposal on automatically detecting cen...2021-10-04T13:31:43ZGabagaba@torproject.orgImplementing Tor Browser quickstart's proposal on automatically detecting censorship for censored users (proposal 106)We want to suggest which bridges to use based on where the user is connecting from (improving the user flow for users requesting bridges). For this we are implementing the 'detecting censorship' part of the quickstart UX proposal https:...We want to suggest which bridges to use based on where the user is connecting from (improving the user flow for users requesting bridges). For this we are implementing the 'detecting censorship' part of the quickstart UX proposal https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/blob/master/proposals/106-quickstart.txt
## Problems
1. how to know where the user is connecting from? What explicit consent is required from users before attempting automation of country detection and/or performing connections?
solution a: show the user a list of countries and they select which ones to get bridges for. What explicit consent is required from users before attempting automation of country detection and/or performing connections?
2. what do we show if the user still can not connect with the suggested bridges?
3. how to get an accurate list of bridges that work in each country?
# Scope of Work
- Unify vocabulary in the interface and user manuals. Attach the name "bridge" to any intermediate node that allows users to reach the network. <-- need ticket
- Inform users in Tor Launcher of which settings are best for them based on their country
- [ ] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40259
- [ ] https://gitlab.torproject.org/tpo/community/outreach/-/issues/28531
- [ ] https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/34
- Make it easier to add a bridge in network settings https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/14638. @antonela Can you clarify what you are proposing here?
# User Flow
"The user opens the Tor Browser and automatically connects. If interference is detected, then an explainer error page appears, and a Use a Bridge is offered."
Interesting information on how Briar is approaching it: https://lists.torproject.org/pipermail/tor-dev/2019-February/013708.html
/cc @meskio @richard @antonela @dunqanSponsor 30 - Objective 3.3richardrichardhttps://gitlab.torproject.org/tpo/ux/research/-/issues/41Connecting Tor - User Research Plan2022-08-11T18:12:29ZAntonelaantonela@torproject.orgConnecting Tor - User Research Plan## Goals
We worked on improving the Tor Bootstrapping UX by embedding Tor Launcher UI in Tor Browser. We are not detecting censorship yet nor suggesting Bridges automatically; users who need it will still configuring Network Settings ma...## Goals
We worked on improving the Tor Bootstrapping UX by embedding Tor Launcher UI in Tor Browser. We are not detecting censorship yet nor suggesting Bridges automatically; users who need it will still configuring Network Settings manually.
The goal of this research is:
`Understand users pain points with this new user flow`
`Inform the next iteration of this flow which will include censorship detection and automatic bridge suggestion`
`Collect bugs reporting`
## Audience
We want to collect feedback from regular users, in regular and censored context.
### Recruitment
- [x] Tor QA
- [x] Global South?
## Related Proposals & Tickets
https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/102-integrate-tor-launcher-into-tor-browser.txt
https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/ideas/xxx-quickstart.txt
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27476
## Methodology
<!-- Explain whether the tests will be co-located or remote, moderated or unmoderated, and who will attend the sessions (e.g a moderator and a note-taker) -->
We are calling for testing Tor Browser Alpha 10.5a17 to the selected user groups. We encourage users to open a ticket in GitLab with an account anonymously or reply to the email directly to the ux team reps.
### Description
## Report Findings
TBD
## AttachmentsSponsor 30 - Objective 3.3NahNahhttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40006Most bridges don't have a transport type2021-03-02T15:43:03ZCecylia BocovichMost bridges don't have a transport typeLooking at the recent bridge [pool assignment stats](https://metrics.torproject.org/collector.html#bridge-pool-assignments), the vast majority of bridges aren't reporting a transport type.
```
$ grep "obfs4" Downloads/2021-02-07-23-30-2...Looking at the recent bridge [pool assignment stats](https://metrics.torproject.org/collector.html#bridge-pool-assignments), the vast majority of bridges aren't reporting a transport type.
```
$ grep "obfs4" Downloads/2021-02-07-23-30-26 | wc -l
181
$ wc -l Downloads/2021-02-07-23-30-26
1547 Downloads/2021-02-07-23-30-26
```
I noticed this when I used the advance options to try requesting an obfs4 bridge with IPv6 and got a message saying there were no bridges in that ring. If I set transport type to `none` I get a vanilla bridge but no obfs4 bridges. I asked @phw about this the other day and he said that almost all of our bridges should be obfs4. If that's the case, there seems to be a bug somewhere.Sponsor 30 - Objective 2.2Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/community/outreach/-/issues/40005Ask volunteers to run emma in countries that are likely to block Tor2021-06-17T14:50:45ZPhilipp Winterphw@torproject.orgAsk volunteers to run emma in countries that are likely to block TorThe [Censored Planet paper](https://censorbib.nymity.ch/pdf/Raman2020c.pdf) recently got published. Appendix B.1 talks about blocking of our default bridges:
> Tor bridges are also blocked aggressively in Tanzania (seven bridges blocked)...The [Censored Planet paper](https://censorbib.nymity.ch/pdf/Raman2020c.pdf) recently got published. Appendix B.1 talks about blocking of our default bridges:
> Tor bridges are also blocked aggressively in Tanzania (seven bridges blocked), Venezuela (five bridges blocked) and Ukraine (five bridges blocked)
It would be helpful to find volunteers in Tanzania, Venezuela, and Ukraine to confirm these incidents.Sponsor 30 - Objective 2.2GusGushttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/34322Make BridgeDB's web interface look like torproject.org2022-08-24T15:20:18ZPhilipp Winterphw@torproject.orgMake BridgeDB's web interface look like torproject.orgBridgeDB's web interface at bridges.torproject.org uses bootstrap, with its own look and feel. We should make it look like torproject.org. Antonela suggested that this may be as simple as loading torproject.org's CSS on top of the existi...BridgeDB's web interface at bridges.torproject.org uses bootstrap, with its own look and feel. We should make it look like torproject.org. Antonela suggested that this may be as simple as loading torproject.org's CSS on top of the existing CSS files.Sponsor 30 - Objective 2.2meskiomeskio@torproject.orgmeskiomeskio@torproject.org