The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-01-23T14:49:52Zhttps://gitlab.torproject.org/tpo/network-health/metrics/onionperf/-/issues/40009Create log file for OnionPerf's own log messages2023-01-23T14:49:52ZKarsten LoesingCreate log file for OnionPerf's own log messagesOnionPerf logs a couple of log message to the console and writes a few other messages to the `torctl.log` file. We should create a new log file for messages coming from OnionPerf itself. This log file should be placed in `onionperf-data/...OnionPerf logs a couple of log message to the console and writes a few other messages to the `torctl.log` file. We should create a new log file for messages coming from OnionPerf itself. This log file should be placed in `onionperf-data/`, so that we can archive it together with the other log files. It should probably be rotated, just like all other log files are. And it should contain the OnionPerf version writing this log file.OnionPerf: Scalability, Performance, Establishing Basline Metricshttps://gitlab.torproject.org/tpo/network-health/metrics/onionperf/-/issues/33420Add CBT events to Onionperf result files2023-01-23T14:49:54ZAna CusturaAdd CBT events to Onionperf result filesAs I understand this, the results should record whether the CBT was set at the time of measurement. This could just be a CBT_SET True/False field in the tpf results file. The CBT resets in certain conditions, and this should be reflected...As I understand this, the results should record whether the CBT was set at the time of measurement. This could just be a CBT_SET True/False field in the tpf results file. The CBT resets in certain conditions, and this should be reflected in the results. The events should be parsed from the tor logs.
We should check with Mike if this meets the requirements.
* [ ] Blocked by [tpo/core/tor#40002](https://gitlab.torproject.org/tpo/core/tor/-/issues/40002)OnionPerf: Scalability, Performance, Establishing Basline Metricshttps://gitlab.torproject.org/tpo/network-health/metrics/onionperf/-/issues/33392Add new metadata fields to json output2023-01-23T14:48:37ZAna CusturaAdd new metadata fields to json outputAdd new metadata fields for experimental measurements to the onionperf json output.Add new metadata fields for experimental measurements to the onionperf json output.OnionPerf: Scalability, Performance, Establishing Basline Metricshttps://gitlab.torproject.org/tpo/network-health/metrics/onionperf/-/issues/33391Add new metadata fields and definitions2023-01-23T14:48:40ZAna CusturaAdd new metadata fields and definitionsDefine the instance metadata fields to help us differentiate experimental measurements.Define the instance metadata fields to help us differentiate experimental measurements.OnionPerf: Scalability, Performance, Establishing Basline Metricshttps://gitlab.torproject.org/tpo/network-health/metrics/onionperf/-/issues/33259Store measurements in a local database to reduce plotting time2023-01-23T14:48:44ZKarsten LoesingStore measurements in a local database to reduce plotting timeWe want to add graphs to OnionPerf that compare larger numbers of measurements. We also plan to add more parameters to plot different subsets of measurements. Having a local database for storing measurements and decoupling the parsing st...We want to add graphs to OnionPerf that compare larger numbers of measurements. We also plan to add more parameters to plot different subsets of measurements. Having a local database for storing measurements and decoupling the parsing step from the plotting step might reduce overall plotting time. This will be particularly useful when we include graphs based on Tor descriptors like flags or bandwidth or consensus weight.
Part of this ticket will be to figure out which database to use. Maybe we need to experiment with SQLite to see if it's fast enough for this purpose or whether we need something like PostgreSQL here.OnionPerf: Scalability, Performance, Establishing Basline Metricshttps://gitlab.torproject.org/tpo/network-health/metrics/onionperf/-/issues/30798Develop and deploy tgen model resembling ping2023-01-23T14:48:30ZKarsten LoesingDevelop and deploy tgen model resembling pingAt last week's tor-scaling meeting we discussed developing a second tgen model that resembles a ping service and deploying an OnionPerf instance with that model.
The current default tgen model in OnionPerf makes a new download every fiv...At last week's tor-scaling meeting we discussed developing a second tgen model that resembles a ping service and deploying an OnionPerf instance with that model.
The current default tgen model in OnionPerf makes a new download every five minutes. That's a tiny request with a response of 50 KiB or 1 MiB or 5 MiB.
This new model would send a tiny request once per second for, say, five minutes, and receive a tiny response back to each of these requests.
We wouldn't have to write analysis code that produces something like a .tpf file right now but could start with analyzing the raw logs for this experiment and extract some hopefully useful visualizations.
I could deploy this new model on my local machine (if it uses an onion service).
Raising priority to high, because it would be great to ideally get this deployed before All Hands.
Thoughts?OnionPerf: Scalability, Performance, Establishing Basline Metricshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40316Patch GeckoView's ConnectivityManager usage2022-11-30T15:19:48ZMatthew FinkelPatch GeckoView's ConnectivityManager usageGeckoView uses the connectivity manager for detecting the currently used [type of network connection](https://gitlab.torproject.org/tpo/applications/tor-browser/-/blob/tor-browser-86.0b1-10.5-1/mobile/android/geckoview/src/main/java/org/...GeckoView uses the connectivity manager for detecting the currently used [type of network connection](https://gitlab.torproject.org/tpo/applications/tor-browser/-/blob/tor-browser-86.0b1-10.5-1/mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java#L1170) (WIFI, 2G, 3G, 4G, etc). I didn't dig into the code, but it looks like some gecko behavior changes depending on the link type. Along with removing the `WIFI_STATE` Android permission, we should make sure this isn't [leaking any info into content](https://gitlab.torproject.org/tpo/applications/tor-browser/-/blob/tor-browser-86.0b1-10.5-1/dom/html/HTMLMediaElement.cpp#L2914), and we should probably just always return `LINK_TYPE_UNKNOWN`.Tor Browser: 11.0 Issues with previous releasehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40016Enable SharedArrayBuffers with sequential threads?2023-09-25T16:51:31ZGeorg KoppenEnable SharedArrayBuffers with sequential threads?https://bugzilla.mozilla.org/show_bug.cgi?id=1563335 implements a
preference, `dom.workers.serialized-sab-access`, that, when flipped to
`true`, allows using SharedArrayBuffers with some fingerprinting
resistance (see: Mozilla's
https://...https://bugzilla.mozilla.org/show_bug.cgi?id=1563335 implements a
preference, `dom.workers.serialized-sab-access`, that, when flipped to
`true`, allows using SharedArrayBuffers with some fingerprinting
resistance (see: Mozilla's
https://bugzilla.mozilla.org/show_bug.cgi?id=1617872 for binding that
pref directly to the RFP mode).
We probably want to do that if we want to enable SharedArrayBuffers at
all again.
This is planned to land on release in the Firefox 79/80 timeframe, see:
https://groups.google.com/forum/#!topic/mozilla.dev.platform/-hYWoob95LI.Tor Browser: 11.0 Issues with previous releasehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41193Support bridge: scheme URI to configure bridges2022-11-30T15:26:32ZNathan FreitasSupport bridge: scheme URI to configure bridgesFor easy bridge configuration on mobile, via QR code scanning, links sent in text messages or emails, TBA should support an agreed upon format for bridges sent via bridge:// encoded URI.
Copy and pasting bridge lines into a settings men...For easy bridge configuration on mobile, via QR code scanning, links sent in text messages or emails, TBA should support an agreed upon format for bridges sent via bridge:// encoded URI.
Copy and pasting bridge lines into a settings menu is highly unusable and prone to errors. The ability to one tap or one scan configure bridges with a confirmation dialog is easy and streamlined!Tor Browser 12.0Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40647Generate downloads.json files for nightly builds2023-11-01T18:02:51ZboklmGenerate downloads.json files for nightly buildsWe currently don't generate `downloads.json` files in https://nightlies.tbb.torproject.org/nightly-updates/updates/ (`create_downloads_json` is not set in `tools/signing/nightly/update-responses-base-config.yml`).
For easier testing of ...We currently don't generate `downloads.json` files in https://nightlies.tbb.torproject.org/nightly-updates/updates/ (`create_downloads_json` is not set in `tools/signing/nightly/update-responses-base-config.yml`).
For easier testing of changes to this file (for example for multi-locales builds, #40254 and #40110), we should generate them.Sponsor 131 - Phase 3 - Major ESR 102 Migrationboklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/34319remove symlink support from the updater2023-05-13T09:51:57ZMark Smithremove symlink support from the updaterOur updater patch (legacy/trac#4234) adds support for handling symlinks during MAR file generation and in the updater itself. The original reason for adding this feature was to support meek's use of a second browser for its HTTP tunnel; ...Our updater patch (legacy/trac#4234) adds support for handling symlinks during MAR file generation and in the updater itself. The original reason for adding this feature was to support meek's use of a second browser for its HTTP tunnel; see legacy/trac#12647.
We no longer use symlinks on any platform. Kathy and I think we should remove the symlink portions of the legacy/trac#4234 patch (smaller patches == good).Sponsor 131 - Phase 3 - Major ESR 102 Migrationhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22137Provide the same scrollbar size across different platforms + versions (and su...2023-11-04T00:31:22ZGeorg KoppenProvide the same scrollbar size across different platforms + versions (and subpixel entropy)Scrollbar sizes are different on different platforms. But it seems that there are ways to split the Linux users into different buckets based on that: On a Debian Stretch system with XFCE I get 15px thickness on an Ubuntu 14.04 system wit...Scrollbar sizes are different on different platforms. But it seems that there are ways to split the Linux users into different buckets based on that: On a Debian Stretch system with XFCE I get 15px thickness on an Ubuntu 14.04 system with GNOME I get 13px thickness.
A test can be found on http://www.hackerfactor.com/blog/index.php?/archives/761-Exploiting-the-TOR-Browser.html.
One option mentioned in that blog post would be to provide 17px on all platforms.Sponsor 131 - Phase 3 - Major ESR 102 Migrationhenryhenryhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40684In nightly builds, only do git fetch for projects which use a branch2023-01-05T12:56:36ZboklmIn nightly builds, only do git fetch for projects which use a branchIn nightly, we currently set `fetch: 1` globally, which mean do a `git fetch` for all projects, including those which don't use a branch (and for which a `git fetch` is useless).
Since there is only a small number of projects where we u...In nightly, we currently set `fetch: 1` globally, which mean do a `git fetch` for all projects, including those which don't use a branch (and for which a `git fetch` is useless).
Since there is only a small number of projects where we use a branch, I think we could set `fetch: 1` for those projects only.Sponsor 131 - Phase 4 - Browser Release Managementboklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40618Add support for android-only and desktop-only releases in do-all-signing2023-11-01T19:17:53ZboklmAdd support for android-only and desktop-only releases in do-all-signingIn `tools/signing/set-config.tbb-version` we should add some option to say if a release is desktop-only, or android-only, and make `do-all-signing` only run the steps relevant for desktop or android in those cases.In `tools/signing/set-config.tbb-version` we should add some option to say if a release is desktop-only, or android-only, and make `do-all-signing` only run the steps relevant for desktop or android in those cases.Sponsor 131 - Phase 4 - Browser Release Managementboklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40564Sign Tor Browser Windows binaries (not just the setup executable)2023-06-30T09:00:48ZGeorg KoppenSign Tor Browser Windows binaries (not just the setup executable)Mozilla is doing the signing of Firefox binaries for a while now, beyond providing signatures for the setup executable. https://blogs.msdn.com/b/ieinternals/archive/2011/03/22/authenticode-code-signing-for-developers-for-file-downloads-b...Mozilla is doing the signing of Firefox binaries for a while now, beyond providing signatures for the setup executable. https://blogs.msdn.com/b/ieinternals/archive/2011/03/22/authenticode-code-signing-for-developers-for-file-downloads-building-smartscreen-application-reputation.aspx has some things to say about that.Sponsor 131 - Phase 4 - Browser Release Managementhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40514In `do-all-signing`, add option to restart a failed step2023-01-05T12:40:23ZboklmIn `do-all-signing`, add option to restart a failed stepIn `do-all-signing`, when a step failed, it would be nice if the script asked to try restarting the step again (without having to re-enter all passwords again).In `do-all-signing`, when a step failed, it would be nice if the script asked to try restarting the step again (without having to re-enter all passwords again).Sponsor 131 - Phase 4 - Browser Release Managementboklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41469Remove security level preference migration code2022-12-23T23:11:56ZPier Angelo VendrameRemove security level preference migration codeIn #41460 we renamed preferences for security level and for new identity.
We forced users to go through 11.5.8, but we added the migration code also to 12.0 for alpha users.
However, we can remove whenever we feel we are ready to (e.g....In #41460 we renamed preferences for security level and for new identity.
We forced users to go through 11.5.8, but we added the migration code also to 12.0 for alpha users.
However, we can remove whenever we feel we are ready to (e.g., 12.5a1).Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41397Re-enable tab unloading for private browsing tabs2023-01-05T16:17:30ZrichardRe-enable tab unloading for private browsing tabsThe tab unloading feature was disabled in Firefox because it caused forced restarts after updates ( https://bugzilla.mozilla.org/show_bug.cgi?id=1751366 ). We only updates after Tor Browser is restarted by the user, so we may not be affe...The tab unloading feature was disabled in Firefox because it caused forced restarts after updates ( https://bugzilla.mozilla.org/show_bug.cgi?id=1751366 ). We only updates after Tor Browser is restarted by the user, so we may not be affected by this bug and may benefit from the perf improvements when Tor Browser is under memory pressure.
In 12.5 alpha series we should try reverting this patch and enabling tab unloading and see if this breaks anything.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41298Expose SafeLogging in UI2023-01-05T16:10:59ZcypherpunksExpose SafeLogging in UIAdd some checkbox or about:config entry to temporarily disable SafeLogging - it sometimes makes troubleshooting annoying. Of course, write **BIG FAT WARNING** when clicking it and possibly remind when restarted.Add some checkbox or about:config entry to temporarily disable SafeLogging - it sometimes makes troubleshooting annoying. Of course, write **BIG FAT WARNING** when clicking it and possibly remind when restarted.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41100Add unsupported OS warning UX when tor-browser upgrade cannot happen due to u...2024-03-11T14:40:50ZrichardAdd unsupported OS warning UX when tor-browser upgrade cannot happen due to user's device no longer meeting min-specWe have logic in UpdateService.jsm that detects when the user's OS version is incompatible with a pending update, but we don't have any UX to tell the user about it.
As part of this we should also add a debug pref for exercising this co...We have logic in UpdateService.jsm that detects when the user's OS version is incompatible with a pending update, but we don't have any UX to tell the user about it.
As part of this we should also add a debug pref for exercising this code path (similar to how we use `torbrowser.debug.censorship_level` in TorConnect.jsm)Sponsor 131 - Phase 2 - Privacy Browser