The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-09-14T14:03:42Zhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41119brainstorm ideas for TPA in-person meeting2023-09-14T14:03:42Zanarcatbrainstorm ideas for TPA in-person meetingwe'll have the chance to meet in person with a bunch of people, we should use it. we'll share "THE BAR" space with the ops team, but we can welcome other folks in our session as well.
Once settled, we should throw the results in https:/...we'll have the chance to meet in person with a bunch of people, we should use it. we'll share "THE BAR" space with the ops team, but we can welcome other folks in our session as well.
Once settled, we should throw the results in https://nc.torproject.net/f/458264 (or the wiki? see also https://gitlab.torproject.org/tpo/team/-/wikis//2023-Tor-Meeting-Costa-Rica-Wiki#schedule)
I suggest we proceed by making one comment here per idea, and :+1: the ones we like, asynchronously.
/cc @gaba @lavamind @kezanarcatanarcat2023-04-14https://gitlab.torproject.org/tpo/tpa/team/-/issues/41111retire web-bhs-* servers2023-05-03T14:55:26Zanarcatretire web-bhs-* serversnow that we have new mirrors in the new Ganeti cluster (gnt-dal, #41106), we should (soon) be able to retire the web-bhs-* mirrors.
This must *not* done before I approve of it, and absolutely not before Monday April 3rd.
1. [x] announ...now that we have new mirrors in the new Ganeti cluster (gnt-dal, #41106), we should (soon) be able to retire the web-bhs-* mirrors.
This must *not* done before I approve of it, and absolutely not before Monday April 3rd.
1. [x] announcement (N/A)
2. [x] nagios
3. [x] retire the host in fabric
4. [x] remove from LDAP with `ldapvi`
5. [x] power-grep
6. [x] remove from tor-passwords
7. [x] remove from DNSwl (N/A)
8. [x] remove from docs
9. [x] remove from reverse DNS
10. [x] cancel servers with OVHJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2023-04-14https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41714“Show Fewer Bridges” button missing from refactored remove all bridges UI2023-05-01T12:53:10Zdonuts“Show Fewer Bridges” button missing from refactored remove all bridges UIWhen the full list of bridges has been revealed, “Show All Bridges” should now be replaced with a button labeled “Show Fewer Bridges” that collapses the list again.
See the [Figma file](https://www.figma.com/file/RS584DcR4emXrw1F8g3l5x/...When the full list of bridges has been revealed, “Show All Bridges” should now be replaced with a button labeled “Show Fewer Bridges” that collapses the list again.
See the [Figma file](https://www.figma.com/file/RS584DcR4emXrw1F8g3l5x/Tor-Browser-12.5?node-id=1%3A2&t=i8S80oGAMzN828LD-1) for ref. Thanks!Sponsor 30 - Objective 3.7Dan BallardDan Ballard2023-04-17https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41713“Remove All Bridges” button only appears after hitting “Show All Bridges"2023-05-01T12:53:10Zdonuts“Remove All Bridges” button only appears after hitting “Show All Bridges"In https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41085 we updated the “Remove All Bridges” UI so that the button is permanently visible, rather than being revealed after hitting the “Show All Bridges” button.
Howev...In https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41085 we updated the “Remove All Bridges” UI so that the button is permanently visible, rather than being revealed after hitting the “Show All Bridges” button.
However it looks like the button is still hidden until all bridges are revealed. Can we get that updated please?Sponsor 30 - Objective 3.7Dan BallardDan Ballard2023-04-17https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41617Improve the UX of the built-in bridges dialog2023-06-05T13:56:18ZdonutsImprove the UX of the built-in bridges dialogWe've observed that users often find it difficult to differentiate between Tor Browser's various bridge options, tend to choose a built-in bridge option at random (see: https://gitlab.torproject.org/tpo/ux/research/-/issues/100), and hav...We've observed that users often find it difficult to differentiate between Tor Browser's various bridge options, tend to choose a built-in bridge option at random (see: https://gitlab.torproject.org/tpo/ux/research/-/issues/100), and have trouble figuring out how to connect afterwards (see: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41060).
In response, we're proposing:
- [x] Updating the “Bridges” section description on `about:preferences#connection` to include the word “securely”.
- [x] Updating the title and description of the built-in bridges dialog
- [x] Updating the individual descriptions that accompany each of the built-in bridge options
- [ ] Fixing the size and styling of the dialog and its constituent elements to make it more consistent with Firefox
- [x] Replacing the `OK` button with a `Connect` button when not connected
- [ ] Adding a `✔ Connected` flag to indicate with built-in bridge option Tor Browser is currently using
The Figma file is ready for dev handoff here: [Figma link](https://www.figma.com/file/RS584DcR4emXrw1F8g3l5x/Tor-Browser-12.5?node-id=62%3A10116&t=41hhHGHnJTkIHnmo-1)
These fixes will be ran through additional usability testing in March/April as part of ~"Sponsor 30" before they reach stable in 12.5.Sponsor 30 - Objective 3.7Dan BallardDan Ballard2023-04-17https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41600Some users have difficulty finding the circuit display2023-10-11T12:10:02ZdonutsSome users have difficulty finding the circuit displayIn recent usability testing conducted for ~"Sponsor 30" @nah discovered that:
> During this study, **participant 3** pointed that they never used the `New Circuit` because they didn't know where it was. And as most browsers use the padl...In recent usability testing conducted for ~"Sponsor 30" @nah discovered that:
> During this study, **participant 3** pointed that they never used the `New Circuit` because they didn't know where it was. And as most browsers use the padlock to show website certificate, so they would never look for it there. They suggested to change the icon for the `New Circuit`, to make it more visible.(https://gitlab.torproject.org/tpo/ux/research/-/issues/91#note_2840558)
This has also been reported by an independent user researcher here: https://gitlab.torproject.org/tpo/ux/research/-/issues/34
And came up during user interviews for ~"Sponsor 101" too: https://gitlab.torproject.org/tpo/ux/research/-/issues/70
If possible, I'd like to explore potential fixes for this issue in time for the usability testing scheduled in March/April.Sponsor 30 - Objective 3.5henryhenry2023-04-17https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41085Refactor the UI to remove all bridges2023-05-01T12:53:10ZdonutsRefactor the UI to remove all bridgesIn #40782 we introduced the concept of bridge cards. As part of that work, we provided a means to remove all bridge cards using a red button positioned below the bridge stack:
- [remove-all-bridges](/uploads/3c9cf520633386ed07bc35ee6341...In #40782 we introduced the concept of bridge cards. As part of that work, we provided a means to remove all bridge cards using a red button positioned below the bridge stack:
- [remove-all-bridges](/uploads/3c9cf520633386ed07bc35ee63418704/remove-all-bridges.png)
However it shares the same position as the "Show all bridges" button, which was terrible UX on my part. We should consider improving this.Sponsor 30 - Objective 3.5Dan BallardDan Ballard2023-04-17https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41038Update "Click to Copy" button label in circuit display2023-04-04T15:29:45ZdonutsUpdate "Click to Copy" button label in circuit displayApparently the circuit display has a button to click to copy the URL, that appears when you hover over it (which is news to me!):
<img src="/uploads/fe519f445175dba65088b0cfa3430ba4/circuit-display-nyt.png" alt="circuit-display-nyt" wid...Apparently the circuit display has a button to click to copy the URL, that appears when you hover over it (which is news to me!):
<img src="/uploads/fe519f445175dba65088b0cfa3430ba4/circuit-display-nyt.png" alt="circuit-display-nyt" width="50%">
I'm guessing this is a legacy feature carried across from torbutton, since it's trivial enough to copy the URL from the address bar itself? In any case, we should avoid "Click..." commands in our microcopy and update the label to something like `Copy Address` instead.Sponsor 30 - Objective 3.5henryhenry2023-04-17https://gitlab.torproject.org/tpo/team/-/issues/146Start organizing the RJ session in CR - send mail to mailing list about it2023-04-20T18:17:00ZGabagaba@torproject.orgStart organizing the RJ session in CR - send mail to mailing list about it2023-04-20https://gitlab.torproject.org/tpo/web/donate-neo/-/issues/1add crypto wallet addresses2023-03-24T19:16:22ZKezadd crypto wallet addressescontext donate-static#111
we need to add the crypto wallet addresses to donate-neo. i think the best way to handle this is to add a `CRYPTO_WALLET_ADDRESSES: dict[str, str]` setting to settings.py. we don't change the addresses, so we d...context donate-static#111
we need to add the crypto wallet addresses to donate-neo. i think the best way to handle this is to add a `CRYPTO_WALLET_ADDRESSES: dict[str, str]` setting to settings.py. we don't change the addresses, so we don't need to store them in the database or expose them in the admin interface.2023-04-30https://gitlab.torproject.org/tpo/tpa/team/-/issues/41154reconsider Firefox key pinning for *.torproject.org domains2023-05-16T19:09:14Zanarcatreconsider Firefox key pinning for *.torproject.org domainsFirefox wrote security@torproject.org to ask us whether or not we want to continue the public key pinning program they have. We have 14 days to respond with, and I quote:
> - The list of domains and/or subdomains you believe are pinned...Firefox wrote security@torproject.org to ask us whether or not we want to continue the public key pinning program they have. We have 14 days to respond with, and I quote:
> - The list of domains and/or subdomains you believe are pinned.
> - The list of public keys / certificates you believe your domains are pinned to.
Honestly, I'm not absolutely sure what this is about. @ma1 said that we can find the pins with this GitLab search:
https://gitlab.torproject.org/search?search=kPinset_tor&nav_source=navbar&project_id=472&group_id=477&search_code=true&repository_ref=tor-browser-102.10.0esr-12.5-1
That would seem to say the answer is:
| domain | cert |
|--------------------------|----------------------------|
| `blog.torproject.org` | "lots" |
| `bridges.torproject.org` | `kISRG_Root_X1Fingerprint` |
| `check.torproject.org` | "lots" |
| `dist.torproject.org` | "lots" |
| `torproject.org` | "lots" |
| `www.torproject.org` | "lots" |
The "lots" cert is a rather [long list of certs](https://gitlab.torproject.org/tpo/applications/tor-browser/-/blob/tor-browser-102.10.0esr-12.5-1/security/manager/ssl/StaticHPKPins.h#L438):
```
static const char* const kPinset_tor_Data[] = {
kGOOGLE_PIN_R4LetsEncryptFingerprint,
kTor3Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kLet_s_Encrypt_Authority_X3Fingerprint,
kTor1Fingerprint,
kGOOGLE_PIN_R3LetsEncryptFingerprint,
kGOOGLE_PIN_RapidSSLFingerprint,
kLet_s_Encrypt_Authority_X4Fingerprint,
kTor2Fingerprint,
};
```
That looks like:
* DigiCert
* Let's Encrypt R3
* Let's Encrypt R4
* Let's Encrypt X4
* Rapid SSL
* some tor-specific fingerprints (!?)
The latter is:
```
/* Tor1 */
static const char kTor1Fingerprint[] =
"bYz9JTDk89X3qu3fgswG+lBQso5vI0N1f0Rx4go4nLo=";
/* Tor2 */
static const char kTor2Fingerprint[] =
"xXCxhTdn7uxXneJSbQCqoAvuW3ZtQl2pDVTf2sewS8w=";
/* Tor3 */
static const char kTor3Fingerprint[] =
"CleC1qwUR8JPgH1nXvSe2VHxDe5/KfNs96EusbfSOfo=";
```
not sure what those represent at all.
The CAs in use that I am aware of are documented in [this TPA page](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/tls/#certificate-authorities-in-use-at-tor), excerpt:
> * [Let's Encrypt](https://letsencrypt.org): automatically issues certificates for most websites and domains, managed by TPA
> * [Globalsign](https://globalsign.com): used by the [Fastly](https://www.fastly.com/) CDN used to distributed TBB updates
> * [Digicert](https://www.digicert.com/): used by other teams to sign software releases for Windows
> * [Harica](https://harica.gr): used for HTTPS on the donate.tpo onion service
> * [howto/Puppet](/tpo/tpa/team/-/wikis/howto/Puppet): our configuration management infrastructure has its own X.509 certificate authority which allows "Puppet agents" to authenticate and verify the "Puppet Master", see [our documentation](/tpo/tpa/team/-/wikis/howto/puppet) and [upstream documentation](https://puppet.com/docs/puppet/latest/ssl_certificates.html) for details
> * [howto/ldap](/tpo/tpa/team/-/wikis/howto/ldap): our OpenLDAP server uses a custom self-signed x.509 certificate authority that is distributed to clients via Puppet, see [the documentation](/tpo/tpa/team/-/wikis/howto/ldap#server-certificate-renewal) for instructions to renew this certificate manually
> * internal "auto-ca": all nodes in Puppet get their own X.509 certificate signed by a standalone, self-signed X.509 certificate, documented below. it is used for backups (Bacula) and mail deliver (Postfix)
Of those, I think the first 4 are relevant to this case. It seems like Harica and Globalsign are not in the pin list provided to Firefox, interestingly.
So what should we do with this?
It seems to me we should add GlobalSign to the list for stuff that's served over Fastly at least. We should keep Digicert, and remove RapidSSL. Not sure what to do about Harica, because that's for onion services... Also not sure what to do about those three standalone fingerprints.
Thoughts?
/cc @micah @ma1anarcatanarcat2023-05-16https://gitlab.torproject.org/tpo/tpa/team/-/issues/41135dal-rescue-01 deployment2023-05-17T19:15:47Zanarcatdal-rescue-01 deploymentdal-rescue-01 has been setup (#41058) and is ready for deployment at the datacenter. coordinate with quintex to operate the following deployment procedure:
1. [x] ship dal-rescue-01 to the datacenter by TPA
2. [x] dal-rescue-01 delivere...dal-rescue-01 has been setup (#41058) and is ready for deployment at the datacenter. coordinate with quintex to operate the following deployment procedure:
1. [x] ship dal-rescue-01 to the datacenter by TPA
2. [x] dal-rescue-01 delivered to Quintex
1. [x] agree on a plan with quintex
3. [x] dal-rescue-01 online, connected to the three VLANs by Quintex
4. [x] access to dal-rescue-01 confirmed by TPA
5. [x] change the IP address of each OOB interface, one by one:
1. [x] dal-node-03
1. [x] dal-node-02
1. [x] dal-node-01
2. [x] chi-node-14
1. [x] dal-sw-01
6. [x] Quintex disconnects the OOB switch from the VPN network, now completely isolated behind dal-rescue-01
7. [x] do one final round of testing
8. [x] one last dal-rescue-01 reboottrusted high performance cluster (gnt-dal migration)anarcatanarcat2023-05-16https://gitlab.torproject.org/tpo/web/manual/-/issues/144Add Kiswahili translation2023-05-22T06:54:00ZemmapeelAdd Kiswahili translationWe are almost ready to release the Kiswahili translation.
We only need to fix some strings, and the review.We are almost ready to release the Kiswahili translation.
We only need to fix some strings, and the review.Sponsor 134: Localizing Tor tools and documentation into Arabic, Chinese, and Swahiliemmapeelemmapeel2023-05-22https://gitlab.torproject.org/tpo/applications/vpn/-/issues/84Design the user interface for v2 of the VPN pre-alpha2023-06-20T20:49:19ZdonutsDesign the user interface for v2 of the VPN pre-alphaThe planned feature-set for the next version can be found here: https://gitlab.torproject.org/tpo/applications/vpn/-/milestones/2
These will need to be incorporated into the following Figma file for developer handoff before the start of...The planned feature-set for the next version can be found here: https://gitlab.torproject.org/tpo/applications/vpn/-/milestones/2
These will need to be incorporated into the following Figma file for developer handoff before the start of the next cycle: [Tor VPN | Pre-alpha 01](https://www.figma.com/file/sjNWeIOpb0BckjmxApXd5m/Tor-VPN?type=design&node-id=2014%3A5269&t=OcqQPKKwfsItpIpR-1)VPN pre-alpha 02donutsdonuts2023-05-24https://gitlab.torproject.org/tpo/applications/vpn/-/issues/81Test all the features included in v01 of the VPN pre-alpha2023-06-06T19:19:56ZGabagaba@torproject.orgTest all the features included in v01 of the VPN pre-alphaWe need to test all the features implemented in this pre-alpha release of the Tor VPN. The instructions to test them are:
1. Download and install the pre-alpha APK on your Android device. The instructions for it are at https://gitlab.to...We need to test all the features implemented in this pre-alpha release of the Tor VPN. The instructions to test them are:
1. Download and install the pre-alpha APK on your Android device. The instructions for it are at https://gitlab.torproject.org/tpo/applications/vpn/-/blob/main/README.md#torvpn
2. Go feature by feature and test that it works as described in the feature’s issue in GitLab. The features that we have to test for this version are:
| Feature | When... | I want to... | So I can... |
| ------ | ------ | ------ | ------ |
| **[Killswitch](tpo/applications/vpn#23)** | my connection to Tor drops out | immediately block all traffic from my device, with the option to override if desired | avoid compromosing my privacy by allowing apps to fallback to a regular Internet connection[**1**] |
| **[Route all traffic over Tor](tpo/applications/vpn#23)** | apps on my device send traffic over the Internet | easily require all traffic from my device to go over Tor | ensure my privacy isn’t compromised by traffic being sent in the clear |
| **[Quickstart](tpo/applications/vpn#24)** | I restart my device | connect to Tor automatically | browse safely in the event that I forget to connect, or traffic is sent from my device before I can do so manually |
| **[Proxy bypass prevention](tpo/applications/vpn#27)** | an app is set to be routed through Tor | prevent any traffic leaking in the clear | preserve my privacy and anonymity[*] |
| **[Application isolation](tpo/applications/vpn#25)** | I’m routing multiple apps through Tor at the same time | ensure that each app uses different circuit | prevent my activity from one app being linked to another |
| **[Per-app permissions (blocked)](tpo/applications/vpn#27)** | only certain apps are blocked in my location | be able to choose which apps I do and don’t route over Tor | unblock certain apps without slowing my connection or running into issues with others |
| **[Bootstrapping](tpo/applications/vpn#39)** | the Tor app is in the process of connecting to Tor | see its progress as it connects | know that it’s working and hasn’t stalled |
| **[Per-app permissions (slow)](tpo/applications/vpn#27)** | an app or service blocks or is too slow over Tor | exempt that app’s traffic from being routed through Tor | use that app without needing to turn Tor routing off for my entire device |
| **[Connection error](tpo/applications/vpn#42)** | my Tor connection has been interrupted | receive a warning that I’m no longer connected to Tor | understand how to remedy the issue and reconnect |
| **[Data usage chart](tpo/applications/vpn#44)** | I’m connected to and routing my device’s apps over Tor | see a chart of my up/down data over time | feel reassured my traffic is being successfully routed through Tor, and monitor my data usage |
| **[View Tor logs](tpo/applications/vpn#50)** | I’ve encountered an issue or wish to verify a process happened as expected | be able to view the Tor logs | debug the issue, and forward the logs to others who can help if appropriate |
3. Submit bugs into https://gitlab.torproject.org/tpo/applications/vpn/-/issues/ . Each issue needs to have:
- include which Android version you are testing it in
- include information on how to reproduce the bug and what it should happen instead
- label “BUG”
- link it to the issue of the feature you are testing (if there is one)
- add it to the milestone related to the release (in this case https://gitlab.torproject.org/tpo/applications/vpn/-/milestones/1#tab-issues )
@tpo/applications please spend some time in the next week testing the VPN pre-alpha.VPN pre-alpha 01Gabagaba@torproject.orgGabagaba@torproject.org2023-05-24https://gitlab.torproject.org/tpo/web/newsletter/-/issues/35May 2023 Newsletter2023-05-29T18:46:25ZpavelMay 2023 NewsletterJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2023-05-28https://gitlab.torproject.org/tpo/tpa/team/-/issues/41109migrate CiviCRM machines to gnt-dal2023-05-30T12:48:42Zanarcatmigrate CiviCRM machines to gnt-dalthe crm-int-01 machine is having load/performance issues (e.g. https://gitlab.torproject.org/tpo/web/civicrm/-/issues/97 and others). let's see if we can alleviate that by moving it to the new gnt-dal cluster.
i believe that should also...the crm-int-01 machine is having load/performance issues (e.g. https://gitlab.torproject.org/tpo/web/civicrm/-/issues/97 and others). let's see if we can alleviate that by moving it to the new gnt-dal cluster.
i believe that should also involve moving the crm-ext-01 machine, since it's closely related.
@lavamind do you think we have everything ready in Puppet to enable migrations between gnt-fsn and gnt-dal? would you be interested in performing such migration, to see if my documentation works okay?
ETA i gave @mathieu in the other ticket is "one-two weeks".trusted high performance cluster (gnt-dal migration)Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2023-05-28https://gitlab.torproject.org/tpo/web/donate/-/issues/6Revise the Tor Donor FAQ2023-06-28T18:54:12ZmattlavRevise the Tor Donor FAQIt's time to revise the Tor Donor FAQ, AKA the [Tor Donating FAQ](https://donate.torproject.org/donor-faq/). I dumped the whole text into [a Google Doc](https://docs.google.com/document/d/18UsK9Jd6vAHfAN4P3yRqhCCYU9t0ZaP76IXWUyUczw8/edit...It's time to revise the Tor Donor FAQ, AKA the [Tor Donating FAQ](https://donate.torproject.org/donor-faq/). I dumped the whole text into [a Google Doc](https://docs.google.com/document/d/18UsK9Jd6vAHfAN4P3yRqhCCYU9t0ZaP76IXWUyUczw8/edit?usp=sharing) for editing, and left some comments.
Al suggest setting a deadline for this task - I'm going to propose that we should be able to knock this out by June, no problem.mattlavmattlav2023-05-31https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40066BridgeDB requires outdated packages with known CVEs2023-10-12T14:24:01Zmeskiomeskio@torproject.orgBridgeDB requires outdated packages with known CVEsSelected vulnerable packages:
* Twisted 21.7.0
* Mechanize 0.4.5
* Pillow 8.2.0
* Werkzeug 2.2.2Selected vulnerable packages:
* Twisted 21.7.0
* Mechanize 0.4.5
* Pillow 8.2.0
* Werkzeug 2.2.2meskiomeskio@torproject.orgmeskiomeskio@torproject.org2023-05-31https://gitlab.torproject.org/tpo/ux/research/-/issues/106Collect User Feedback during trainings in Brazil, Mexico and Ecuador2023-01-08T21:06:53ZNahCollect User Feedback during trainings in Brazil, Mexico and EcuadorThis a ticket to record user feedback to report indicators during trainings in Q4/2022 and Q1/2023.This a ticket to record user feedback to report indicators during trainings in Q4/2022 and Q1/2023.Sponsor 30 - Objective 3.4NahNah2023-05-31