The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-08-04T00:17:51Zhttps://gitlab.torproject.org/tpo/core/arti-doc-project-2023/-/issues/4Add new calendar that accommodate time before 8 PM UTC2023-08-04T00:17:51ZharletaAdd new calendar that accommodate time before 8 PM UTChttps://gitlab.torproject.org/tpo/core/arti-doc-project-2023/-/issues/3#note_2928598https://gitlab.torproject.org/tpo/core/arti-doc-project-2023/-/issues/3#note_2928598harletaharleta2023-08-07https://gitlab.torproject.org/tpo/web/donate-static/-/issues/111Meta ticket: donate page frontend rewrite MVP2024-03-19T00:06:04Zal smithMeta ticket: donate page frontend rewrite MVPIn our work to redesign & rewrite donate.torproject.org, we identified must-have features for a MVP. Below is the estimated timeline, MVP features that we need to track and prioritize, and ideas for post-MVP features.
# Estimations/time...In our work to redesign & rewrite donate.torproject.org, we identified must-have features for a MVP. Below is the estimated timeline, MVP features that we need to track and prioritize, and ideas for post-MVP features.
# Estimations/timeline
* may-june - front-end design (ux team)
# MVP for frontend
- [ ] Form that donates through stripe
- [ ] Form that donates through paypal
- [ ] List wallet addresses - django setup, yes
- [ ] A link to BTCPay (non-integrated) - django setup, yes
- [ ] Noscript error - django setup, yes
- [ ] Better CRM integration (that meets Fundraising's specs)
- [ ] CMSable/lektorable content [e.g., ability to make new/standalone pages] (within reason)
- [ ] Donation amount array
- [ ] Recurring donations across both Stripe & Paypal
- [ ] Swag display & logic (+ ability to decline swag)
- [ ] CAPTCHA
- [ ] Simple YEC Ticker
- [ ] Simple order summary
- [ ] Redirect to existing thank you page? maybe? or a simple version for the MVP
- [ ] Newsletter signup
# Post-MVP
- Accessible CAPTCHA
- More groovy YEC ticker
- Floating basket thing
- Better thank you page
- Ability to track donations made directly through paypal (not through donate.tpo) and report them to civi ([tpo/anti-censorship/pluggable-transports/snowflake-webext#79](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/79#note_2898912))
# Post-post-MVP
- Full BTCPay API integration (all bells & whistles)
- Can we connect the ShipStation API? Dynamically disable perks?
ccing @mathieu, @kez, @mattlav - here's that meta ticket I promised. :smile:Redesign donate.torproject.orgstephenstephen2023-11-06https://gitlab.torproject.org/tpo/community/training/-/issues/113Add training resources to portal2024-03-25T11:29:34ZrayaAdd training resources to portalList of updates/additions:
- [ ] Update [All About Tor](https://docs.google.com/presentation/d/1BKpeDXqHib4zOQeGRBeFYWVYUtFNSwd-FLCY63TMDG8/edit)
- [ ] Update [Introduction to Onion Services](https://docs.google.com/presentation/d/1avHPN...List of updates/additions:
- [ ] Update [All About Tor](https://docs.google.com/presentation/d/1BKpeDXqHib4zOQeGRBeFYWVYUtFNSwd-FLCY63TMDG8/edit)
- [ ] Update [Introduction to Onion Services](https://docs.google.com/presentation/d/1avHPNzMhC5KJShtxAxe2Sl_KbQSrgG6yltdzHCEOfV0/edit)
- [ ] Add [Bypassing Censorship with and of Tor](https://docs.google.com/presentation/d/1f7IWy6rBoXffmAJPGxGSqCZvChlYJ012-E3a8mldbcM/edit)
- [ ] Add [YouTube videos](https://www.youtube.com/watch?v=uroe-xe0tcM)
- [ ] Add [Digital Security Basics](https://docs.google.com/presentation/d/1-uhiYwU1QNCYRuyJuacxKj2GLHvUWQ_Hcjz730IZqiM/edit?usp=sharing)
- [ ] Add licensing information on all training resources, see: https://gitlab.torproject.org/tpo/community/training/-/issues/74rayaraya2023-11-14https://gitlab.torproject.org/tpo/community/tor4zh/-/issues/1Create a Chinese version of slideshow2024-03-19T17:12:32ZHavenCreate a Chinese version of slideshowPreviously, I have suggested some changes to the English version of the slideshow.
I'm thinking to create a Chinese version of the slideshow based on the English one and my suggestions, so that we can use it to promote Tor browser and ...Previously, I have suggested some changes to the English version of the slideshow.
I'm thinking to create a Chinese version of the slideshow based on the English one and my suggestions, so that we can use it to promote Tor browser and bridges in Chinese social meida.
- [ ] Create a draft in English
- [ ] Review by @gus
- [ ] Create the Chinese versionHavenHaven2024-01-21https://gitlab.torproject.org/tpo/community/l10n/-/issues/40124O4.1: Localize all UI modified in this project.2024-02-12T13:49:23ZGabagaba@torproject.orgO4.1: Localize all UI modified in this project.The text of this activity is:
"We will coordinate the volunteer localization of UI components of all new and modified tools in this project into traditional and simplified Chinese. This process involves reviewing the strings, reaching o...The text of this activity is:
"We will coordinate the volunteer localization of UI components of all new and modified tools in this project into traditional and simplified Chinese. This process involves reviewing the strings, reaching out to the translator community, answering translator questions in Transifex, and publishing the reviewed content."
The modified tools in Sponsor 96 are:
- OnionSproutBot UI
- Tor Browser for Desktop (webtunnel UI, snowflake UI and manual)
- Tor Browser for Android (connect assist): (translations will happen in February and March
- Lox: translations will happen in February and March
- OnionShare: Desktop, Android and iOS
- Orbot web
- Rebranding of OnionShare iOS for users in Chinaemmapeelemmapeel2024-03-01https://gitlab.torproject.org/tpo/core/onionmasq/-/issues/70Add support for Snowflake2024-03-27T17:31:16ZetaAdd support for SnowflakeThe current PT support only does obfs4. We probably want snowflake too.The current PT support only does obfs4. We probably want snowflake too.VPN pre-alpha 06Micah Elizabeth ScottMicah Elizabeth Scott2024-03-07https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/126Research about designing an armored bridge line sharing URL format2024-03-04T15:32:16ZshelikhooResearch about designing an armored bridge line sharing URL formatTor's bridge line format is well suited for professional developers and power users on desktop environments. However, for other users the current bridge line does not work so well because:
1. The bridge line contains white space and oth...Tor's bridge line format is well suited for professional developers and power users on desktop environments. However, for other users the current bridge line does not work so well because:
1. The bridge line contains white space and other special characters that could make it hard to copy and paste correctly.
2. When the bridge line was corrupted, the client software can neither detect it, nor correct it. This results in user confusion as the corrupted bridge line results in silent error.
3. User tries to edit the bridge line without understanding how it works internally. This results in inconsistency between how the user expects a bridge line to work and how it actually works.
This ticket tracks the research and discussion about creating a new bridge line format specialized in sharing to address the issues mentioned.
Let's make some initial discussion before I write the full spec and write a reference implementation.
## Goals and non-goals
This armored bridge line format will try to:
1. auto detect/auto correct error occurred during transmission. Give the user explicit feedback when the bridge line is corrupted and avoid silent errors.
2. improve its operating system integration, allowing the user to click on the armored bridge line and be redirected to a bridge line recipient application.
3. avoid any characters or design that could make it harder to transmit the bridge line correctly.
4. signal user not to modify the shared bridge line by intuitively
It won't:
1. try to replace the current bridge line format. It is used to share bridge lines, and original bridge line format will still be accepted by all Tor applications and shown to users by default. The current bridge line format will still be the way bridge configurations are represented.
2. prevent users from editing bridge lines. Users still will be able to edit the bridge line once it is decoded from armored format.
3. prevent the bridge line from being censored or detected by authority.
## Expected Usage Context
This armored bridge line design will be used exclusively for sharing.
Specifically:
1. On Tor Browser, there will be a share bridge line button, when clicked, an armored bridge line will be converted from an ordinary bridge line, and shown to the user as plain text and QR code.
2. The user support team will share an armored bridge line generated from Tor Browser or command line tool to users requesting a bridge when appropriate.
3. Users can share armored bridge lines with each other.
4. Tor client implementations MAY support armored bridge line input. It is optional since this design is targeted toward ordinary users, and Tor Browser already supports converting bridge lines between different forms with command line tools. Advanced users can just use command line tools to convert bridge lines between its different formats.
## Internal design (for discussion)
The 2 way convention between armored bridge line and ordinary bridge line is through a sequence of reversible transform steps. Some of them are optional(under discussion), and may or may not be included in the final design. There are no dynamic or skipable step in the final version of the design.
### Compression (optional)
A compression like 7 bit UTF8 can be used to reduce the length of the final url string.
It will however make conversion more complex to implement.
### All or none transform (optional)
A all or none transform(AONT) like [SAEP+](http://crypto.stanford.edu/~dabo/abstracts/saep.html) can make sure the final output is completely random looking, polymorphic without any resemblance of underlying data.
This ensures:
1. Data are covered by checksum(see SAEP+ design), so any corruption will be detected.
2. Because data are encoded differently each time, if the final output contains a censored keyword, the user can just try again.
3. there will be less observable patterns in the final URL, preventing users from attempting to modify or interpreting it. The users will need to use a supported application to process the armored bridge line.
4. (less of a concern for Tor ecosystem) prevent client implementation from ignoring the checksum and process anyway.
This is a complex transform step.
### Checksum (if All or none transform step is not used) (optional)
Use a CRC64 or SHA-3 to generate a checksum to detect corruption.
This step should be skipped if AONT step was used.
### Forward error correction (optional)
Split the data into chunks and use Reed Solomon coding to encode the data and generate recovery shreds.
When the bridge line is corrupted, forward error correction attempts to repair content directly, without asking the user to try again. This non-interactive repair makes it easier for the user to get the bridge line working, without asking and waiting for assistance. Some environments like bad email clients/line breakers corrupt the content each time it processes it, retry itself won't work and frustrate users.
This is a complex transform step.
### URLSafe base64 encoding without padding + concreted
URL safe base64 encoding without padding will convert the binary result of previous steps into a URL safe string. If there is more than one shard of contents, they will be concreted with ~ symbol, which is URL safe and not used by URL safe base64.
### URL Prefix
The final string will be prefixed with either `bridgeprefix:?` or `https://bridgeprefix/#` to allow it to be clicked and be redirected to Tor client application by operating system.shelikhooshelikhoo2024-03-08https://gitlab.torproject.org/tpo/web/dev/-/issues/15Get staging site ready for review by TPO2024-03-14T14:33:01ZGabagaba@torproject.orgGet staging site ready for review by TPO- [x] repo: force-push new HUGO site into https://gitlab.torproject.org/tpo/web/dev (@anxhelo )
- [ ] staging: use pages for it until build pipeline is ready (@lavamind )
- [ ] triage/clean issues in web/dev (gaba)
- [ ] edit/curate cont...- [x] repo: force-push new HUGO site into https://gitlab.torproject.org/tpo/web/dev (@anxhelo )
- [ ] staging: use pages for it until build pipeline is ready (@lavamind )
- [ ] triage/clean issues in web/dev (gaba)
- [ ] edit/curate content (gaba)
- [ ] send to tor-internal for review
@anxhelo please fill free to force-push your code into this repo.anxheloanxhelo2024-03-15https://gitlab.torproject.org/tpo/team/-/issues/186Code Audit for Sponsor 1012024-03-19T18:04:53ZGabagaba@torproject.orgCode Audit for Sponsor 101- [x] Create RFPT
- [ ] Send to DRL for approval
- [ ] Send to auditors
- [ ] Choose an auditor to start work- [x] Create RFPT
- [ ] Send to DRL for approval
- [ ] Send to auditors
- [ ] Choose an auditor to start workGabagaba@torproject.orgGabagaba@torproject.org2024-03-20https://gitlab.torproject.org/tpo/team/-/issues/269s144 report2024-03-19T19:40:45ZGabagaba@torproject.orgs144 report2024-03-25https://gitlab.torproject.org/tpo/team/-/issues/265Draft agenda2024-03-25T17:38:08ZGabagaba@torproject.orgDraft agendaGabagaba@torproject.orgGabagaba@torproject.org2024-03-26https://gitlab.torproject.org/tpo/team/-/issues/268S150 Report2024-03-26T20:36:33ZGabagaba@torproject.orgS150 Report2024-04-01https://gitlab.torproject.org/tpo/team/-/issues/253Q1 reports for DRL sponsored projects2024-03-26T12:57:14ZGabagaba@torproject.orgQ1 reports for DRL sponsored projectsAs all Tor Project is going into a break for new year, I want to leave everything ready to work on these reports in January.
# For DRL projects
96
- [ ] Send mail [requesting info](http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464g...As all Tor Project is going into a break for new year, I want to leave everything ready to work on these reports in January.
# For DRL projects
96
- [ ] Send mail [requesting info](http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/sponsor96-next-report)
- [ ] Get narrative into the report
- [ ] Gather indicators
- [ ] Send final docs to team for review
- [ ] Send final docs to Bekeela and Isabela for review
101
- [x] Send mail [requesting info](https://pad.riseup.net/p/sponsor101-next-report)
- [ ] Get narrative into the report
- [ ] Gather indicators
- [ ] Send final docs to team for review
- [ ] Send final docs to Bekeela and Isabela for review
112
- [x] Send mail [requesting info](https://pad.riseup.net/p/sponsor112-next-report)
- [ ] Get narrative into the report
- [ ] Gather indicators
- [ ] Send final docs to team for review
- [ ] Send final docs to Bekeela and Isabela for review
141
- [ ] Send mail [requesting info](https://pad.riseup.net/p/sponsor141-next-report)
- [ ] Get narrative into the report
- [ ] Gather indicators
- [ ] Send final docs to team for review
- [ ] Send final docs to Bekeela and Isabela for reviewGabagaba@torproject.orgGabagaba@torproject.org2024-04-01https://gitlab.torproject.org/tpo/web/donate/-/issues/21implement a way to ban email addresses2024-03-28T20:24:49Zanarcatimplement a way to ban email addressesIn the last donate card testing attack (#19), Stripe claims that hundreds of attempts came from the same email address. now, it's possible this is misreported (like the IP address, #20), but if it isn't, we should just block that email a...In the last donate card testing attack (#19), Stripe claims that hundreds of attempts came from the same email address. now, it's possible this is misreported (like the IP address, #20), but if it isn't, we should just block that email address already.anarcatanarcat2024-04-02https://gitlab.torproject.org/tpo/team/-/issues/263Wrapping up sponsor 962024-03-19T17:50:14ZGabagaba@torproject.orgWrapping up sponsor 96- [ ] Final review of deliverables
- [ ] Review indicators
- [ ] Write report for last quarter. Due end of April.
- [ ] Schedule retrospective
- [ ] Write final report. Due on July 29th- [ ] Final review of deliverables
- [ ] Review indicators
- [ ] Write report for last quarter. Due end of April.
- [ ] Schedule retrospective
- [ ] Write final report. Due on July 29thGabagaba@torproject.orgGabagaba@torproject.org2024-07-15https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42490Install svg from branding theme to browser/chrome/icons/default2024-03-28T18:43:11ZboklmInstall svg from branding theme to browser/chrome/icons/defaultIn
https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_requests/943#note_3013584,
@PieroV mentioned that we have svg files (added in commits `Bug 2176:
Rebrand Firefox to TorBrowser` and `MB 1: Mullvad Browser brandi...In
https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_requests/943#note_3013584,
@PieroV mentioned that we have svg files (added in commits `Bug 2176:
Rebrand Firefox to TorBrowser` and `MB 1: Mullvad Browser branding`),
but we currently don't install them to `browser/chrome/icons/default`.
If we do that we can then update the debian package to link them from
`/usr/share/icons/hicolor/scalable/apps`.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42489Lox module notifications2024-03-28T10:07:16ZhenryLox module notificationsCurrently the Lox module does not give out notifications for when its internals change, so:
+ `TorSetting` is not notified when the bridges change. So it is only set to the new value when restarting Tor Browser.
+ "about:preferences" is...Currently the Lox module does not give out notifications for when its internals change, so:
+ `TorSetting` is not notified when the bridges change. So it is only set to the new value when restarting Tor Browser.
+ "about:preferences" is not notified when the invites change or when there is a blockage or upgrade event.henryhenryhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41112Fix indentation of projects/browser/RelativeLink/start-browser2024-03-27T16:54:03ZboklmFix indentation of projects/browser/RelativeLink/start-browserThe file `projects/browser/RelativeLink/start-browser` is currently
indented with a mix of tabs, 8, 4 or 2 spaces.
I think we can change it to 2 spaces everywhere.The file `projects/browser/RelativeLink/start-browser` is currently
indented with a mix of tabs, 8, 4 or 2 spaces.
I think we can change it to 2 spaces everywhere.boklmboklmhttps://gitlab.torproject.org/tpo/ux/research/-/issues/137Conduct a desirability study on the new illustrations2024-03-26T18:00:48ZdonutsConduct a desirability study on the new illustrations@nicob is working on new illustrations and a new illustration style:
* tpo/ux/design#61+
* [Figma / Tor illustrations](https://www.figma.com/file/U9UVJNborq5Aj0YH3I8DjZ/Tor-illustrations?type=design&node-id=105%3A496&mode=design&t=WriZm...@nicob is working on new illustrations and a new illustration style:
* tpo/ux/design#61+
* [Figma / Tor illustrations](https://www.figma.com/file/U9UVJNborq5Aj0YH3I8DjZ/Tor-illustrations?type=design&node-id=105%3A496&mode=design&t=WriZmRrkxjyFTd9d-1)
One idea for #128 is to test them with training participants doing a mix of qualitative and quantitative analysis.
**Estimate**: Small × Low = 1–1.1 d
### Preparation material
* Survey:
* For participants: https://survey.torproject.org/index.php/983521
* LimeSurvey structure: [desirability_study.lss](/tpo/ux/research/uploads/a723a762ba973b89f909dfd9b8ff4258/desirability_study.lss)
* Instructions for partners:
* PDF for distribution: [desirability_study_instructions.pdf](/tpo/ux/research/uploads/ef85a75226584c4f044b165cc8d0e5e9/desirability_study_instructions.pdf)
* Markdown source: [desirability_study_instructions.md](/tpo/ux/research/uploads/25b8fab0289e10dda65ef7a498ac931a/desirability_study_instructions.md)
### References
* https://www.nngroup.com/articles/microsoft-desirability-toolkit/
* https://www.xdstrategy.com/desirability-studies/
* https://www.nngroup.com/articles/testing-visual-design/
### Tasks
* [x] Check if that sounds like a useful research activity ( @donuts + @nicob)
* [x] Review and improve questions ( @nicob)
* [x] Create a prototype survey on https://survey.torproject.org/
* [x] Test survey on mobile
* [x] Decide if we want the survey to be responsive on mobile
* [x] Integrate the consent and demographics questionnaire from #130 in the survey
* [ ] Add final set of illustrations ( @nicob + @donuts)
* [x] Prepare instructions and reporting templates for partners
* [x] Do a quick pilot testSponsor 9 - Phase 7 - Usability and Community Intervention on Support for Democracy and Human Rightssajolidasajolidahttps://gitlab.torproject.org/tpo/ux/research/-/issues/136Onboard and coordinate user research grantees2024-03-27T19:07:43ZdonutsOnboard and coordinate user research granteesIn https://gitlab.torproject.org/tpo/ux/research/-/issues/128, we prepared two sets of materials for Privacy Resilience Grant recipients to use in their activities. Those include:
- A desirability study of the new illustrations: https:/...In https://gitlab.torproject.org/tpo/ux/research/-/issues/128, we prepared two sets of materials for Privacy Resilience Grant recipients to use in their activities. Those include:
- A desirability study of the new illustrations: https://gitlab.torproject.org/tpo/ux/research/-/issues/137
- A card sorting study of the support-dot menu: https://gitlab.torproject.org/tpo/ux/research/-/issues/8
Although we plan to distribute the desirability study to all Privacy Resilience Grant recipients, only the three partners who opted-in to conduct moderated user research will perform the card sorting activity. That second group of three partners will subsequently require more hands-on onboarding.
**Checklist**
- [ ] Finalize the user research materials for each activity
- [ ] Forward the materials to partners via email
- [ ] Co-ordinate a time to onboard our three card sorting facilitators on a BBB call (@raya will send round a poll)
- [ ] Provide ad-hoc support for research activities to all partners as required (e.g. via email, Signal or IRC/Matrix)
- [ ] Analyze the results of each study and write reports with recommendationsSponsor 9 - Phase 7 - Usability and Community Intervention on Support for Democracy and Human Rightssajolidasajolida