The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2020-06-27T13:43:08Zhttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/12872Know within which country a bridge is located2020-06-27T13:43:08ZMatthew FinkelKnow within which country a bridge is locatedThis has many uses, but in particular this will allow us to do legacy/trac#12843. I suggest we not bother rewriting large portions of the code to satisfy this and simply add another attribute to the Bridge class specifying its country. A...This has many uses, but in particular this will allow us to do legacy/trac#12843. I suggest we not bother rewriting large portions of the code to satisfy this and simply add another attribute to the Bridge class specifying its country. As soon as we have this information we can do more smart things with it (and those can be other smarter tickets).
For simplicity, we can only rely on the the ORPort netblock. This is what the BA checks. In the future, when ORPorts are disableable, we'll need to rely on the addresses in the transport lines, but that can be dealt with later, I think.Isis LovecruftIsis Lovecrufthttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10534Let's not advertise help desk emails directly2020-06-27T14:42:22ZLunarLet's not advertise help desk emails directlyTor Browser 3.5 now advertises support help desk emails more prominently. While showing our users how to get help is a great idea, giving them an help desk address directly puts a severe load on the support assistants that could partiall...Tor Browser 3.5 now advertises support help desk emails more prominently. While showing our users how to get help is a great idea, giving them an help desk address directly puts a severe load on the support assistants that could partially be avoided.
I think we should rather point them to a web page with the following:
* List of Tor Browser known issues.
* Frequently Asked Questions related to Tor Browser
* Frequently Asked Questions related to Tor
* The help desk emails
That list can be refined over time.
The ticket should probably be split in multiple things, as it concerns Tor Browser release management (for the list of known issues) and the website.Mike PerryMike Perryhttps://gitlab.torproject.org/tpo/web/support/-/issues/193Letterboxing: add a screenshot to show this feature2021-04-19T18:16:35ZGusLetterboxing: add a screenshot to show this featureSome users are confused about the letterboxing feature. We already have an entry in the Support portal, but we could add a screenshot pointing the borders. [Tails have a screenshot](https://tails.boum.org/doc/anonymous_internet/Tor_Brows...Some users are confused about the letterboxing feature. We already have an entry in the Support portal, but we could add a screenshot pointing the borders. [Tails have a screenshot](https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html#letterboxing), but we cannot use that image because their Tor Browser is different from ours.
Task:
1. Take a screenshot of Tor Browser
2. Edit and show letterboxing feature, for example, like Tails screenshot. Save it as `letterboxing.jpg`.
3. Fork `support` repository.
4. Add `letterboxing.jpg` to assets/static/images and change this entry: http://rzuwtpc4wb3xdzrj3yeajsvm3fkq4vbeubm2tdxaqruzzzgs5dwemlad.onion/tbb/maximized-torbrowser-window/
5. Send a Pull Request, one clean commit.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40112libstdc++.so.6 not stripped2021-01-20T18:56:24Zyanmaanilibstdc++.so.6 not strippedIn `tor-browser-build/projects/tor/build`, `libstdc++.so.6` is copied from GCC to the output:
```
# We need to copy the libstdc++.so.6 for Tor Browser on older Linux distros.
# Copying it into /Browser, which feels more natural, and ...In `tor-browser-build/projects/tor/build`, `libstdc++.so.6` is copied from GCC to the output:
```
# We need to copy the libstdc++.so.6 for Tor Browser on older Linux distros.
# Copying it into /Browser, which feels more natural, and amending
# LD_LIBRARY_PATH breaks updates from a Tor Browser with the old
# LD_LIBRARY_PATH value to the Tor Browser with the newer one. Thus, we copy
# the libstdc++ into the directory with the libs tor depends on, too. See bug
# 13359 for further details.
mkdir -p "$distdir/Tor/libstdc++"
cp /var/tmp/dist/gcc/[% c("var/libdir") %]/libstdc++.so.6 "$distdir/Tor/libstdc++/"
[% IF c("var/asan") -%]
cp /var/tmp/dist/gcc/[% c("var/libdir") %]/libasan.so.5 "$distdir/Tor/"
cp /var/tmp/dist/gcc/[% c("var/libdir") %]/libubsan.so.1 "$distdir/Tor/"
[% END -%]
chmod 700 "$distdir"/Tor/*.so*
chmod 700 "$distdir"/Tor/libstdc++/*.so*
```
This file is unstripped and contains debug info. Stripping it takes it from 17 MB to 2 MB, without any impact on functionality as far as I can tell. After compression, the entire tarball is 3MB smaller.
This should be a one-line change, provided `strip` is deterministic. I haven't looked into it.Tor Browser: 10.5https://gitlab.torproject.org/tpo/onion-services/cebollitas/-/issues/2LICENSE and other metafiles2023-05-15T09:49:43ZSilvio RhattoLICENSE and other metafilesAdd LICENSE and other metafiles.Add LICENSE and other metafiles.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13025Lie about the screen orientation2020-06-27T14:41:56ZMike PerryLie about the screen orientationScreen orientation is now exposed as a JS property: https://developer.mozilla.org/en-US/docs/Web/API/Screen.orientation
We should probably make this property lie.Screen orientation is now exposed as a JS property: https://developer.mozilla.org/en-US/docs/Web/API/Screen.orientation
We should probably make this property lie.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/web/newsletter/-/issues/15Links in the RSS feed need to have absolute paths2022-03-01T18:42:07Zchampionquizzerchampionquizzer@torproject.orgLinks in the RSS feed need to have absolute pathsA user on `#tor-www` IRC channel reported:
"https://newsletter.torproject.org/rss/ contains relative URLs (they start with ./), but RSS requires absolute/full URLs (e.g. https://newsletter.torproject.org/etc.). It causes feed readers t...A user on `#tor-www` IRC channel reported:
"https://newsletter.torproject.org/rss/ contains relative URLs (they start with ./), but RSS requires absolute/full URLs (e.g. https://newsletter.torproject.org/etc.). It causes feed readers to fail to open the links in the feed. See: https://validator.w3.org/feed/check.cgi?url=https%3A%2F%2Fnewsletter.torproject.org%2Frss%2F"
Thanks for reporting!https://gitlab.torproject.org/tpo/core/tor/-/issues/33632List ed25519 fingerprints on the command line2021-04-18T13:55:23ZteorList ed25519 fingerprints on the command lineFor RSA keys, tor has `tor --list-fingerprint`.
We could add a feature to tor so it accepts a key type argument:
* `tor --list-fingerprint rsa`
* `tor --list-fingerprint ed25519`
And defaults to RSA (for now).
Related to legacy/trac#30...For RSA keys, tor has `tor --list-fingerprint`.
We could add a feature to tor so it accepts a key type argument:
* `tor --list-fingerprint rsa`
* `tor --list-fingerprint ed25519`
And defaults to RSA (for now).
Related to legacy/trac#30642, which adds an `ed25519-fingerprint` file.https://gitlab.torproject.org/tpo/core/tor/-/issues/11360Listen on IPv6 by default for SocksPort *:Port2021-06-18T18:20:31ZDavid Gouletdgoulet@torproject.orgListen on IPv6 by default for SocksPort *:PortThat would be very useful if tor could listen on both IPv4 and IPv6 for the SocksPort. One use case is for Torsocks to work seamlessly with v4 and v6 without having to configure a v6 port in the configuration file and restart the daemon....That would be very useful if tor could listen on both IPv4 and IPv6 for the SocksPort. One use case is for Torsocks to work seamlessly with v4 and v6 without having to configure a v6 port in the configuration file and restart the daemon.
One way to fix that would be to change the function parse_port_config() in _src/or/config.c_ to allow multiple default values adding v6 defaults (which would benefit other ports as well).
Else, having a check somewhere that adds other defaults for specific ports but not sure that it's a good idea nor makes sense in the long run in terms of maintainability.
I thought also about bringing back legacy/trac#4760 by default and setting the ipv6 only option only and only if the user has defined an option in the torrc explicitly. For instance, this in the torrc would ONLY allow v6 (remove dual stack).
```
SocksPort [::1]:9050
```
Thoughts?https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/14Listing microseconds in bridgestrap status output is confusing2021-06-10T14:16:52ZRoger DingledineListing microseconds in bridgestrap status output is confusing(This ticket is just a simple UX improvement, but hopefully still a useful one :) I've tagged it as 'First Contribution' since it's a good opportunity for somebody to get some experience making a git commit etc.)
Compare the current out...(This ticket is just a simple UX improvement, but hopefully still a useful one :) I've tagged it as 'First Contribution' since it's a good opportunity for somebody to get some experience making a git commit etc.)
Compare the current output format:
```
* obfs4: dysfunctional
Error: timed out waiting for bridge descriptor
Last tested: 2021-01-17 10:38:22.671859857 +0000 UTC (8h41m42.941665234s ago)
```
to this simpler alternative:
```
* obfs4: dysfunctional
Error: timed out waiting for bridge descriptor
Last tested: 2021-01-17 10:38:22 +0000 UTC (8h41m42s ago)
```
At present, having so much precision in the fraction of the seconds draws the reader's eye to that number, and that number is the least important part of the output.
Thanks!https://gitlab.torproject.org/tpo/core/tor/-/issues/18988log error level messages if relay (self) is not in consensus2021-06-18T18:13:21Zcypherpunkslog error level messages if relay (self) is not in consensusTor (relay mode) should check once an hour if his fingerprint is included in the consensus and if that is not the case log a prominent error level entry telling the operator about the problem.
In the past I noticed such a log but appare...Tor (relay mode) should check once an hour if his fingerprint is included in the consensus and if that is not the case log a prominent error level entry telling the operator about the problem.
In the past I noticed such a log but apparently it is not done every hour.
I.e. relay dropped out of consensus >4 hours ago, but there is no log entry about it.
Is HeartbeatPeriod (default 6 hours) relevant for that?https://gitlab.torproject.org/tpo/core/tor/-/issues/28919Log IPv4 and IPv6 connections in Tor's heartbeat message2020-06-27T13:51:21ZteorLog IPv4 and IPv6 connections in Tor's heartbeat messageDo we already keep IPv4 and IPv6 statistics?
If we do, then this ticket is easy.
If not, then it's a bit harder, because we'll need to add some code to rephist (or wherever we get the other stats from).Do we already keep IPv4 and IPv6 statistics?
If we do, then this ticket is easy.
If not, then it's a bit harder, because we'll need to add some code to rephist (or wherever we get the other stats from).Tor: unspecifiedhttps://gitlab.torproject.org/tpo/core/tor/-/issues/6384Log library versions at startup, and in response to a command-line option2020-06-27T14:06:02ZJacob AppelbaumLog library versions at startup, and in response to a command-line optionI'd like to know which openssl/libevent/zlib that I'm using when I start Tor. This should be output with --version.I'd like to know which openssl/libevent/zlib that I'm using when I start Tor. This should be output with --version.Tor: unspecifiedhttps://gitlab.torproject.org/tpo/core/tor/-/issues/4803Log message contains typo2020-06-27T14:07:03ZRobert RansomLog message contains typo```
Dec 29 20:12:55.079 [warn] Before Tor can create a control socket in "/var/run/tor/control", the directory "/var/run/tor" needs to exist, and to be accessible only by the user and group account that is running Tor. (On some Unix sys...```
Dec 29 20:12:55.079 [warn] Before Tor can create a control socket in "/var/run/tor/control", the directory "/var/run/tor" needs to exist, and to be accessible only by the user and group account that is running Tor. (On some Unix systems, anybody who can list a socket can conect to it, so Tor is being careful.)
```
`s/conect/connect/`Tor: 0.2.2.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3311Log message indicating HS descriptor uploads have been started is misleading2020-06-27T14:08:14ZRobert RansomLog message indicating HS descriptor uploads have been started is misleading```
May 28 02:19:04.211 [info] upload_service_descriptor(): Sending publish request for hidden service o6nqpitsgxepq4se
May 28 02:19:04.214 [info] directory_post_to_hs_dir(): Sending publish request for v2 descriptor for service '[scrubb...```
May 28 02:19:04.211 [info] upload_service_descriptor(): Sending publish request for hidden service o6nqpitsgxepq4se
May 28 02:19:04.214 [info] directory_post_to_hs_dir(): Sending publish request for v2 descriptor for service '[scrubbed]' with descriptor ID '[scrubbed]' with validity of 7631 seconds to hidden service directory 'aminGL' on 80.217.179.115:9001.
...
May 28 02:19:04.260 [info] upload_service_descriptor(): Successfully uploaded v2 rend descriptors!
May 28 02:19:09.554 [info] connection_dir_client_reached_eof(): Uploaded rendezvous descriptor (status 200 ("Service descriptor (v2) stored"))
...
May 28 02:19:18.274 [info] connection_dir_client_reached_eof(): Received http status code 503 ("Currently not acting as v2 hidden service directory") from server '91.208.34.24:443'. I'll try again soon.
```Tor: 0.2.3.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3325Log message when a client tries to connect to an invalid hostname is incorrect2020-06-27T14:08:13ZRobert RansomLog message when a client tries to connect to an invalid hostname is incorrectIn `connection_ap_handshake_rewrite_and_attach`:
```
addresstype = parse_extended_hostname(socks->address,
remapped_to_exit || options->AllowDotExit);
if (addresstype == BAD_HOSTNAME) {
log_warn(LD_APP, ...In `connection_ap_handshake_rewrite_and_attach`:
```
addresstype = parse_extended_hostname(socks->address,
remapped_to_exit || options->AllowDotExit);
if (addresstype == BAD_HOSTNAME) {
log_warn(LD_APP, "Invalid onion hostname %s; rejecting",
safe_str_client(socks->address));
```
`parse_extended_hostname` also returns `BAD_HOSTNAME` for `.exit` hostnames when AllowDotExit is off.
Also, `parse_extended_hostname`'s documentation comment does not mention `BAD_HOSTNAME`.Tor: 0.2.3.x-finalRobert RansomRobert Ransomhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40134Log messages from client NAT check failures are confusing2022-05-31T22:11:07ZDavid Fifielddcf@torproject.orgLog messages from client NAT check failures are confusingWhen [`CheckIfRestrictedNAT`](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/common/nat/nat.go?h=v2.1.0#n34) fails with an error, it logs a message like `Error: no response from server`. But in context, the message...When [`CheckIfRestrictedNAT`](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/common/nat/nat.go?h=v2.1.0#n34) fails with an error, it logs a message like `Error: no response from server`. But in context, the messages confusingly appear to refer to the broker rendezvous, not the STUN server connection:
```
Target URL: snowflake-broker.torproject.net.global.prod.fastly.net
Front URL: cdn.sstatic.net
Error: no response from server
Error: no response from server
Error: no response from server
```
In this situation, communication with the broker has succeeded and a proxy has been assigned, but the client is having trouble checking its own NAT type. These log messages should say "STUN" or "NAT" somewhere in them, and ideally also the address of the server that failed (possibly subject to safe-log scrubbing).
Refactoring suggestion: instead of having a log call at every return of `isRestrictedMapping`, you can use [`fmt.Errorf("...: %w")`](https://pkg.go.dev/errors) to wrap the underlying error with additional context, and just return the error. That way, the logging can be consolidated in [`updateNATType`](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client/lib/snowflake.go?h=v2.1.0#n239), which is also where the STUN server address can be added and displayed.itchyonionitchyonionhttps://gitlab.torproject.org/tpo/core/tor/-/issues/3336Log option does not recognize ‘heartbeat’ as a log domain2020-06-27T14:08:12ZRobert RansomLog option does not recognize ‘heartbeat’ as a log domain```
setconf Log="[rend,heartbeat]debug notice stdout"
```
```
Jun 02 06:28:04.000 [warn] No such logging domain as heartbeat
Jun 02 06:28:04.000 [warn] Couldn't parse log levels in Log option 'Log [rend,heartbeat]debug notice stdout'
Ju...```
setconf Log="[rend,heartbeat]debug notice stdout"
```
```
Jun 02 06:28:04.000 [warn] No such logging domain as heartbeat
Jun 02 06:28:04.000 [warn] Couldn't parse log levels in Log option 'Log [rend,heartbeat]debug notice stdout'
Jun 02 06:28:04.000 [warn] Controller gave us config lines that didn't validate: Failed to validate Log options. See logs for details.
```Tor: 0.2.3.x-finalGeorge KadianakisGeorge Kadianakishttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30209logins.json data is added unencrypted, maybe that's why people have problems ...2023-01-05T16:36:11ZTraclogins.json data is added unencrypted, maybe that's why people have problems with saved login data1)
install TB
disable always private surfing
enable saving login data
open a page with login form, logon and accept saving login data
data is being added to logins.json in unencrypted form
so far all seems right, but you will not be able...1)
install TB
disable always private surfing
enable saving login data
open a page with login form, logon and accept saving login data
data is being added to logins.json in unencrypted form
so far all seems right, but you will not be able to USE the saved logins
2)
go options again, set master pass, apply
add another login (go logon somewhere and save)
data is STILL being added to logins.json in UNENCRYPTED form (and unencrypted is not being encrypted)
STILL not able to use the saved data
3)
copy over old logins.json and key4.db
voila, you can use it...
again try to add a new login to the old data -> same as 1) and 2) applies
implies the mechanism is broken
i can not find a fix
**Trac**:
**Username**: sashamanhttps://gitlab.torproject.org/tpo/network-health/tor-weather/-/issues/35Logout is not related to any kind of support2023-12-13T16:00:24ZGeorg KoppenLogout is not related to any kind of supportRight now if I look at the interface the "Logout" option looks like being in the Support group:
![weather_support](/uploads/f664069873d9a26baa0a2637a29f2fbd/weather_support.png)
I think there should be some space between it and the "Su...Right now if I look at the interface the "Logout" option looks like being in the Support group:
![weather_support](/uploads/f664069873d9a26baa0a2637a29f2fbd/weather_support.png)
I think there should be some space between it and the "Submit Feedback" option to avoid that impression.