The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-01-05T16:36:14Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17123Request for certificate is sent over the catch-all circuit2023-01-05T16:36:14ZGeorg KoppenRequest for certificate is sent over the catch-all circuitThe request made to fetch a certificate of a page showing a certificate warning is sent over the catch-all circuit. I think it should be sent over the circuit of the page the user tried to visit originally instead.The request made to fetch a certificate of a page showing a certificate warning is sent over the catch-all circuit. I think it should be sent over the circuit of the page the user tried to visit originally instead.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16624Improper key passed to nsHttpChannel::DoInvalidateCacheEntry()?2023-01-05T16:36:29ZMike PerryImproper key passed to nsHttpChannel::DoInvalidateCacheEntry()?During the cache2 review in legacy/trac#13035, mcs noticed that an empty key was being passed to nsHttpChannel::DoInvalidateCacheEntry().
> nsHttpChannel::DoInvalidateCacheEntry() to use our modified (isolated) cache keys. That would inv...During the cache2 review in legacy/trac#13035, mcs noticed that an empty key was being passed to nsHttpChannel::DoInvalidateCacheEntry().
> nsHttpChannel::DoInvalidateCacheEntry() to use our modified (isolated) cache keys. That would involve passing a non-empty string as the second parameter to cacheStorage->AsyncDoomURI() within that method. This is not new code and not something we patched in the past... and Kathy and I do not understand the implications of not patching it. But it seems like the wrong key is being used there.
I replied:
> I have not dug through all of the eviction code (there sure are a lot of codepaths involved there), but my initial take is that since Mozilla has been using this same extension key to isolate caching for POST requests, it probably is not a serious issue to omit it, since the original code would have been experiencing similar problems even before our isolation made further use of this key...
We should ask Mozilla for an opinion. This may be a bug in their code, too.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16486about:cache page (disk entry) is confusing in Tor Browser2023-11-27T11:58:47ZGeorg Koppenabout:cache page (disk entry) is confusing in Tor Browser`about:cache` shows cache items stored in memory in the disk section as well which is quite confusing. Even though in the disk section it says:
```
Storage disk location: none, only stored in memory
```
it does not make sense to show m...`about:cache` shows cache items stored in memory in the disk section as well which is quite confusing. Even though in the disk section it says:
```
Storage disk location: none, only stored in memory
```
it does not make sense to show memory-only items in the disk section in the first place.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15908Compose key doesn't work when GTK_IM_MODULE=xim2022-07-09T22:00:37ZLunarCompose key doesn't work when GTK_IM_MODULE=ximWhen `GTK_IM_MODULE=xim` is set in the environment when starting Tor Browser 4.5, the compose key will not work. Unsetting the variable will fix the issue.
This is on a Debian Wheezy system.
(I don't think I'm going dig deeper now that...When `GTK_IM_MODULE=xim` is set in the environment when starting Tor Browser 4.5, the compose key will not work. Unsetting the variable will fix the issue.
This is on a Debian Wheezy system.
(I don't think I'm going dig deeper now that I have a work-around.)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15882Tor Browser shows up as Firefox in Ubuntu dash/launcher2022-07-09T21:59:27ZcypherpunksTor Browser shows up as Firefox in Ubuntu dash/launcherOn Debian (with Gnome), Tor Browser always showed up using the green, obvious Tor Browser icon (provided as tor-browser_en-US/Browser/browser/icons/mozicon128.png).
For some reason, on Ubuntu 14.04 64-bit with Unity (v 7.2.4) if I start...On Debian (with Gnome), Tor Browser always showed up using the green, obvious Tor Browser icon (provided as tor-browser_en-US/Browser/browser/icons/mozicon128.png).
For some reason, on Ubuntu 14.04 64-bit with Unity (v 7.2.4) if I start Tor Browser using the new "start-tor-browser.desktop" file, whether run from the terminal or by double-clicking, it simply attaches to the Firefox icon and treats it like a second instance of Firefox. It does not get its own icon using the provided "mozicon128.png".
Even when I drag the .desktop file into the launcher and click it, it still attaches the process to the Firefox icon.
This might lead to confusion for users who run Firefox in a normal session and Tor Browser concurrently and they might inadvertently enter information intended for TBB into their normal Firefox or vice versa.
As far as I can tell, it's a purely visual issue, but from a design perspective, I would think it'd be advantageous to keep the two identities as separate as possible, including in the launcher / dash.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/14939Support ipv6 addresses in Tor Circuit DIsplay2022-04-06T22:48:02ZArthur EdelsteinSupport ipv6 addresses in Tor Circuit DIsplayBridges and other nodes may have ipv6 addresses, and we need to fix the tor circuit display so that it handles these correctly.Bridges and other nodes may have ipv6 addresses, and we need to fix the tor circuit display so that it handles these correctly.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/14033Upgrade meek to 0.152020-06-27T14:41:23ZDavid Fifielddcf@torproject.orgUpgrade meek to 0.15The main reason for the upgrade is legacy/trac#12778, which is smaller HTTP headers for lower overhead.
Here's the diff between 0.11 (what is packaged currently) and 0.15:
https://gitweb.torproject.org/pluggable-transports/meek.git/di...The main reason for the upgrade is legacy/trac#12778, which is smaller HTTP headers for lower overhead.
Here's the diff between 0.11 (what is packaged currently) and 0.15:
https://gitweb.torproject.org/pluggable-transports/meek.git/diff/?id=0.15&id2=0.11https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13747Make sure tor browser handles mixed content in .onions correctly2023-01-05T16:56:03ZWilliam BudingtonMake sure tor browser handles mixed content in .onions correctlyThe .onion URL for a given THS instance is a fingerprint of the public key, thus ensuring authenticity of the service. For this reason, some assume the same security assurances for .onion addresses as they would for https, with the adde...The .onion URL for a given THS instance is a fingerprint of the public key, thus ensuring authenticity of the service. For this reason, some assume the same security assurances for .onion addresses as they would for https, with the added assurances that hidden services provide. For instance, the major browsers have chosen to not load http resources when accessing an https site, blocking mixed content. However, there is no protection against mixed content being loaded in the TBB for .onion addresses when they include resources from http URLs. For any .onion URL which includes http resources, an attacker controlling an exit node could perform a Man in the Middle attack, providing malicious javascript which modifies the content of the DOM.
One would hope that an http THS would never include remote resources from an http site if they would like to protect their users. In fact, one would hope that a THS would never load any resources at all from a source they do not control. But this is no guarantee that they won't. It seems like a good security measure to disallow http resources from being loaded in TBB.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13575Disable randomised Firefox HTTP cache decay user test groups2020-06-27T14:41:36ZIsis LovecruftDisable randomised Firefox HTTP cache decay user test groupsI need to look into it more, but I think we should be setting `browser.cache.frecency_experiment` to `-1` to [disable HTTP_CACHE_MISS_HALFLIFE_EXPERIMENT](https://bugzilla.mozilla.org/show_bug.cgi?id=986728#c3). Since we have Telemetry d...I need to look into it more, but I think we should be setting `browser.cache.frecency_experiment` to `-1` to [disable HTTP_CACHE_MISS_HALFLIFE_EXPERIMENT](https://bugzilla.mozilla.org/show_bug.cgi?id=986728#c3). Since we have Telemetry disabled, of course, Mozilla's experiment shouldn't be collecting any data on our users. However, if that pref is not set in `firefox.js` to `-1`, it will default to `0`. And if it's `0`, then it's randomised between `1` and `4` inclusive, setting different HTTP cache decay times for the four groups, which might make for a bit of a rough-edged fingerprinting mechanism.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13439Inspector raises the canvas prompt when hovering over images2020-06-27T14:41:42ZDavid Fifielddcf@torproject.orgInspector raises the canvas prompt when hovering over images1.Open any old page with an image, for instance https://blog.torproject.org/
2. Press Ctrl+Shift+I to open the Inspector.
3. Click the "Pick an element from the page" icon, the one that looks like ![pick.png](uploads/pick.png).
4. Hov...1.Open any old page with an image, for instance https://blog.torproject.org/
2. Press Ctrl+Shift+I to open the Inspector.
3. Click the "Pick an element from the page" icon, the one that looks like ![pick.png](uploads/pick.png).
4. Hover over an img element.
The "attempted to extract HTML5 canvas image data" prompt appears.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13027Make WebWorkers use spoofed navigator.* useragent values2020-06-27T14:41:56ZMike PerryMake WebWorkers use spoofed navigator.* useragent valuesWe spoof the navigator values through various general.useragent.override prefs. However, this object is now exposed to WebWorkers too, which may or may not be listening to these new prefs (because WebWorkers are special threads and have ...We spoof the navigator values through various general.useragent.override prefs. However, this object is now exposed to WebWorkers too, which may or may not be listening to these new prefs (because WebWorkers are special threads and have restricted access to much of XPCOM).
https://bugzilla.mozilla.org/show_bug.cgi?id=925847Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13026Verify screenX and screenY are spoofed sanely2020-06-27T14:41:56ZMike PerryVerify screenX and screenY are spoofed sanelyIn Firefox 28, window.screenX and window.screenY were changed to report CSS pixels instead of device pixels. We should ensure we're still properly reporting content window resolution here.In Firefox 28, window.screenX and window.screenY were changed to report CSS pixels instead of device pixels. We should ensure we're still properly reporting content window resolution here.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13025Lie about the screen orientation2020-06-27T14:41:56ZMike PerryLie about the screen orientationScreen orientation is now exposed as a JS property: https://developer.mozilla.org/en-US/docs/Web/API/Screen.orientation
We should probably make this property lie.Screen orientation is now exposed as a JS property: https://developer.mozilla.org/en-US/docs/Web/API/Screen.orientation
We should probably make this property lie.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/12995default font seems seems to leak system locale information2022-08-29T17:28:00Zcypherpunksdefault font seems seems to leak system locale informationI recently changed the default system locale on my GNU Linux system, and I noticed that afterwards the default font used on web pages in Tor Browser had changed (I didn't change the version/language of Tor Browser).
I suppose that this ...I recently changed the default system locale on my GNU Linux system, and I noticed that afterwards the default font used on web pages in Tor Browser had changed (I didn't change the version/language of Tor Browser).
I suppose that this means that an attacker can guess a user's locale based on the font used to display a page.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/12426Make use of HeapEnableTerminationOnCorruption in Tor Browser on Windows2022-01-11T19:33:18ZGeorg KoppenMake use of HeapEnableTerminationOnCorruption in Tor Browser on WindowsThis function gets defined in ipc/chromium/src/base/process_util* but is only used in the test suite: https://mxr.mozilla.org/mozilla-esr24/source/ipc/chromium/src/base/test_suite.h. We should make more use of it in the code itself. See:...This function gets defined in ipc/chromium/src/base/process_util* but is only used in the test suite: https://mxr.mozilla.org/mozilla-esr24/source/ipc/chromium/src/base/test_suite.h. We should make more use of it in the code itself. See: https://blogs.msdn.com/b/oldnewthing/archive/2013/12/27/10484882.aspx for more information.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/11884Tor Browser: add DuckDuckGo hidden service into default search engines list2020-06-27T14:42:11ZTracTor Browser: add DuckDuckGo hidden service into default search engines listSince DuckDuckGo main website is already in the default install, why not add an engine which searches on the hidden service (http://3g2upl4pq6kufc4m.onion/) as well?
Now I have to add it to bookmarks and assign a keyword to it and it al...Since DuckDuckGo main website is already in the default install, why not add an engine which searches on the hidden service (http://3g2upl4pq6kufc4m.onion/) as well?
Now I have to add it to bookmarks and assign a keyword to it and it always displays the HTML 5 canvas warning (there is no such warning with Tor Browser's normal DDG engine). I don't know any other way to add it (I guess it would be some customization of about:config)
Adding the hidden service to default search engines would be a great usability improvement.
**Trac**:
**Username**: bioshhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10720NSIS scripts can request Windows to avoid registry writes?2020-06-27T14:42:20ZMike PerryNSIS scripts can request Windows to avoid registry writes?In https://trac.torproject.org/projects/tor/ticket/7842#comment:20, Runa mentioned that NSIS scripts can request to avoid writing to the Windows registry.
We should figure out how to do this and use those settings in the TBB Windows NSI...In https://trac.torproject.org/projects/tor/ticket/7842#comment:20, Runa mentioned that NSIS scripts can request to avoid writing to the Windows registry.
We should figure out how to do this and use those settings in the TBB Windows NSIS scripts (which live at https://github.com/moba/tbb-windows-installer).Erinn ClarkErinn Clarkhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10573`nsILocalFile` should be replaced with `nsIFile` in our extensions2020-06-27T14:42:22Zcypherpunks`nsILocalFile` should be replaced with `nsIFile` in our extensions```
Warning: Starting with Gecko 14, `nsILocalFile` inherits all functions and attributes from `nsIFile`, meaning that you no longer need to use `nsILocalFile`. If your add-on doesn't support versions older than 14, you should use `nsIFi...```
Warning: Starting with Gecko 14, `nsILocalFile` inherits all functions and attributes from `nsIFile`, meaning that you no longer need to use `nsILocalFile`. If your add-on doesn't support versions older than 14, you should use `nsIFile` instead of `nsILocalFile`.
See bug https://bugzilla.mozilla.org/show_bug.cgi?id=682360 for more information.
components/tl-protocol.js
{
var file = Cc['@mozilla.org/file/local;1'].createInstance(Ci.nsILocalFile);
file.initWithPath(aPath);
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10534Let's not advertise help desk emails directly2020-06-27T14:42:22ZLunarLet's not advertise help desk emails directlyTor Browser 3.5 now advertises support help desk emails more prominently. While showing our users how to get help is a great idea, giving them an help desk address directly puts a severe load on the support assistants that could partiall...Tor Browser 3.5 now advertises support help desk emails more prominently. While showing our users how to get help is a great idea, giving them an help desk address directly puts a severe load on the support assistants that could partially be avoided.
I think we should rather point them to a web page with the following:
* List of Tor Browser known issues.
* Frequently Asked Questions related to Tor Browser
* Frequently Asked Questions related to Tor
* The help desk emails
That list can be refined over time.
The ticket should probably be split in multiple things, as it concerns Tor Browser release management (for the list of known issues) and the website.Mike PerryMike Perryhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9442Add New Circuit button to TorButton2020-11-18T14:11:59ZcypherpunksAdd New Circuit button to TorButton**From the blog:**
https://blog.torproject.org/blog/tor-browser-bundle-30alpha3-released#comment-33436
**ME:**
> Can we PLEASE have a NEWNYM function in the alpha TorButton now that Vadalia GUI is gone? The "New Identity" feature in T...**From the blog:**
https://blog.torproject.org/blog/tor-browser-bundle-30alpha3-released#comment-33436
**ME:**
> Can we PLEASE have a NEWNYM function in the alpha TorButton now that Vadalia GUI is gone? The "New Identity" feature in TorButton is not the same thing as NEWNYM, they do not serve the same function, not at all.
>
> I've asked a few times and no one has responded :( I even asked Mike *directly* on Tor-talk . . .
>
> Many times a user doesn't want to clear all their tabs and re-launch, they just want a new exit node.
>
> Please, please, please, add the damn NEWNYM function.
**SOMEONE ELSE:**
> +1 Agree with this comment.
>
> It's too bad to not have that option
**Arma:**
> Hm. Is this because the website you're trying to reach is trying to block Tor, and you're trying to find an exit relay that isn't blocked yet? Or some other issue?
>
> I think a lot of the reasons people click newnym are somewhat harmful to the Tor network (more circuits made), so I'm torn.
**ME:**
> Hi arma,
>
> Thanks for your response :) And I'm very sorry for being a bit rude, it's been a long day and I'm kind of grumpy by nature. You guys are amazing for not being rude back, you're a better man than I.
>
> The reason I like having newnym is:
>
> a.) Try to find faster circuit, which may be "somewhat harmful to the Tor network" even though you guys added the forced delay (grayed out button) for N seconds after it was used.
>
> b.) To prevent cross site traffic, e.g. I clear cookies and cache, then use NEWNYM when on site A, before I open a new tab to visit site B. I'm not sure if this is less 'safe' then clearing all tabs and re-lunching, but it sure is a lot better in terms of usage (being forced to close all tabs really sucks). I really dislike having to close all tabs when I want a new IP address, I often surf multiple sites concurrently, so the New Identity feature in TorButton is not an option for me.
>
> I guess the best option here would be if Mike was able to figure out finer-grained cookie control (IIRC, that he wrote about before), e.g. per tab. Then there would be less of a need to re-launch TorBrowser when someone clicks "New Identity."
>
> As always I defer to TPO's much greater knowledge than my own.