The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-09-20T14:40:53Zhttps://gitlab.torproject.org/tpo/core/torsocks/-/issues/40017warning: implicit declaration of function 'conf_file_set_enable_ipv6'2023-09-20T14:40:53Zmilahuwarning: implicit declaration of function 'conf_file_set_enable_ipv6'ideally the build should finish without warnings
```
config-file.c: In function 'parse_config_line':
config-file.c:184:23: warning: implicit declaration of function 'conf_file_set_enable_ipv6' [8;;https://gcc.gnu.org/onlinedocs/gcc/Warn...ideally the build should finish without warnings
```
config-file.c: In function 'parse_config_line':
config-file.c:184:23: warning: implicit declaration of function 'conf_file_set_enable_ipv6' [8;;https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wimplicit-function-declaration-Wimplicit-function-declaration8;;]
184 | ret = conf_file_set_enable_ipv6(tokens[1], config);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
config-file.c: In function 'conf_file_set_socks5_user':
config-file.c:332:9: warning: '__builtin_strncpy' output truncated before terminating nul copying as many bytes from a string as its length [8;;https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wstringop-truncation-Wstringop-truncation8;;]
332 | strncpy(config->conf_file.socks5_username, username, strlen(username));
| ^
config-file.c:325:13: note: length computed here
325 | if (strlen(username) > sizeof(config->conf_file.socks5_username)) {
| ^~~~~~~~~~~~~~~~
config-file.c: In function 'conf_file_set_socks5_pass':
config-file.c:364:9: warning: '__builtin_strncpy' output truncated before terminating nul copying as many bytes from a string as its length [8;;https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wstringop-truncation-Wstringop-truncation8;;]
364 | strncpy(config->conf_file.socks5_password, password, strlen(password));
| ^
config-file.c:357:13: note: length computed here
357 | if (strlen(password) > sizeof(config->conf_file.socks5_password)) {
| ^~~~~~~~~~~~~~~~
```
[torsocks-2.4.0-unstable-2022-08-09-build.log](/uploads/702c8aab587a699c2634df815788b001/torsocks-2.4.0-unstable-2022-08-09-build.log)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40930Make Tor Browser follow the Tor Friendly Applications Best Practices doc2023-08-30T15:20:06ZRoger DingledineMake Tor Browser follow the Tor Friendly Applications Best Practices docIf I want to run two TBB 3.5's at once, I'm out of luck because the Tor ports conflict and they're hard-coded.
Vidalia solved this by having a checkbox for 'choose ports automatically', which starts Tor with "socksport auto" and "contro...If I want to run two TBB 3.5's at once, I'm out of luck because the Tor ports conflict and they're hard-coded.
Vidalia solved this by having a checkbox for 'choose ports automatically', which starts Tor with "socksport auto" and "controlport auto" and then reads the file specified to Tor by ControlPortWriteToFile to learn what control port it picked.
Should we teach Tor Launcher to do something similar?
Maybe a reasonable place for the interface toggle is in the proxy settings window?Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21347Retrying a download breaks URL bar domain isolation2023-08-28T16:05:46ZGeorg KoppenRetrying a download breaks URL bar domain isolationIf a download fails and one tries to restart it via the `about:downloads` page the resumption goes over the catch-all circuit. It would be more intuitive is we could use the circuit previously used (if it is still available).
Reported o...If a download fails and one tries to restart it via the `about:downloads` page the resumption goes over the catch-all circuit. It would be more intuitive is we could use the circuit previously used (if it is still available).
Reported on our blog: https://blog.torproject.org/blog/tor-browser-70a1-released#comment-233304https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40571Windows copyright notices should contain Tor Project2023-08-25T23:13:38ZMark SmithWindows copyright notices should contain Tor ProjectWhile working on legacy/trac#16910, Kathy and I noticed that the copyright notices embedded within the browser executables on Windows (firefox.exe, updater.exe) have the same text as in Firefox. For consistency with Mac OS, we should use...While working on legacy/trac#16910, Kathy and I noticed that the copyright notices embedded within the browser executables on Windows (firefox.exe, updater.exe) have the same text as in Firefox. For consistency with Mac OS, we should use text like:
Copyright 2015 The Tor Project
or maybe we should change both platforms to use:
Copyright (c) 2015, The Tor Project, Inc.
For reference, the file Bundle-Data/Docs/Licenses/Tor.txt within our builders/tor-browser-bundle repo. contains the following copyright text:
Copyright (c) 2001-2004, Roger Dingledine
Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
Copyright (c) 2007-2013, The Tor Project, Inc.
(we we are at it, we should also update the year there).Sponsor 131 - Phase 3 - Major ESR 102 Migrationhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40611Audit license and copyright info2023-08-25T23:13:34ZrichardAudit license and copyright infoHTTPS-Everywhere has been removed from Desktop, so we should stop including their copyright and any licensing information we have bundled. We also need to update the base-browser target to not include unneeded licensing (tor, PTs, etc)HTTPS-Everywhere has been removed from Desktop, so we should stop including their copyright and any licensing information we have bundled. We also need to update the base-browser target to not include unneeded licensing (tor, PTs, etc)Sponsor 131 - Phase 3 - Major ESR 102 Migrationhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40642statically-link dependencies into tor daemon2023-07-18T21:40:35Zrichardstatically-link dependencies into tor daemonWe ship our own versions of libevent, openssl, etc with tor in Tor Browser. This can cause issues when systems do not use these packaged libraries ( like in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41336 ).
We...We ship our own versions of libevent, openssl, etc with tor in Tor Browser. This can cause issues when systems do not use these packaged libraries ( like in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41336 ).
We should statically link our dependencies into the tor daemon. This will ensure we are actually, using the implementation we think we are, and it should reduce the final package/install size as LTO will ensure we are only building and linking in the symbols actually used.
Ricochet-Refresh builds openssl, zlib and libevent this way for tor on Windows (x86,x64), Linux (x86,x64), and macOS (x64):
- openssl: https://github.com/blueprint-freespeech/ricochet-build/tree/main/projects/openssl
- libvent: https://github.com/blueprint-freespeech/ricochet-build/tree/main/projects/libevent
- zlib: https://github.com/blueprint-freespeech/ricochet-build/tree/main/projects/zlib
- tor: https://github.com/blueprint-freespeech/ricochet-build/tree/main/projects/tor
Android is not currently built/supported so anything in there referncing it is left-overs from the original tor-browser-build fork.Marco SimonelliMarco Simonellihttps://gitlab.torproject.org/tpo/web/lego/-/issues/25tpo.onion v3 main nav points to .org2023-06-23T18:06:09ZAntonelaantonela@torproject.orgtpo.onion v3 main nav points to .orgIn `http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion` the links at the main nav still pointing to the .org url. Can we make the user to continue its flow in the .onion?In `http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion` the links at the main nav still pointing to the .org url. Can we make the user to continue its flow in the .onion?https://gitlab.torproject.org/tpo/onion-services/onionspray-log-parser/-/issues/1Provide logrotate examples2023-06-14T20:37:24ZSilvio RhattoProvide logrotate examplesProvide a logrotate configuration file example (with and without S3 storage).Provide a logrotate configuration file example (with and without S3 storage).https://gitlab.torproject.org/tpo/onion-services/onionspray-log-parser/-/issues/2Provide sample logfiles2023-06-14T20:37:24ZSilvio RhattoProvide sample logfilesProvide sample EOTK log files for testing.Provide sample EOTK log files for testing.https://gitlab.torproject.org/tpo/onion-services/onionspray-log-parser/-/issues/3Provide tests2023-06-14T20:37:24ZSilvio RhattoProvide testsProvide basic tests to check if the log parsing is working.Provide basic tests to check if the log parsing is working.https://gitlab.torproject.org/tpo/onion-services/onionmine/-/issues/10Make development contribution easier2023-06-14T20:17:41ZSilvio RhattoMake development contribution easier* [ ] Add a [Contributing guidelines](https://en.wikipedia.org/wiki/Contributing_guidelines) file.
* [ ] Make explicit that contributions are not just welcomed but needed.
* [ ] Tag some issues as "First contribution".* [ ] Add a [Contributing guidelines](https://en.wikipedia.org/wiki/Contributing_guidelines) file.
* [ ] Make explicit that contributions are not just welcomed but needed.
* [ ] Tag some issues as "First contribution".https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41022Onion rewrites should add eTLDs2023-06-12T13:36:27ZPier Angelo VendrameOnion rewrites should add eTLDsIf we want to extend the possibility to add custom `*.tor.onion` (or some similar domains) in runtime, we should hack somehow `nsEffectiveTLDService`.
This feature is very important: it is used to split domains when scoping whatever nee...If we want to extend the possibility to add custom `*.tor.onion` (or some similar domains) in runtime, we should hack somehow `nsEffectiveTLDService`.
This feature is very important: it is used to split domains when scoping whatever needs to be domain-scoped (e.g., cookies).
So, I expect it to be critical for FPI.
Actually, `nsEffectiveTLDService` already has a mechanism to update public suffixes, that we patch out (#40073).
But it uses some non trivial binary format that encodes a deterministic acyclic finite state automaton.
This format is explained in `xpcom/ds/tools/make_dafsa.py` (the code itself is about ~200 Python rows).
If the only reason for #40073 to exist was our changes to the list, we could restore it, and find some way to inject our additional domains at every update of the automaton.
@JeremyRand was suggesting to use some prefs.
I also thought of adding some other methods to the `IOnionAliasService` interface that we implemented for #40458.https://gitlab.torproject.org/tpo/network-health/tor-weather/-/issues/71Password Complexity Requirement lack of SSO2023-06-07T09:46:47ZAnonymous420Password Complexity Requirement lack of SSOAccounts currently do no require any complexity of passwords. A single char password is allowed.
Bonus points if you allow SSO with https://gitlab.onionize.space/ or GitLab accounts.Accounts currently do no require any complexity of passwords. A single char password is allowed.
Bonus points if you allow SSO with https://gitlab.onionize.space/ or GitLab accounts.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41656Site info panel for internal pages is misaligned vs the identity block2023-06-01T17:13:43ZdonutsSite info panel for internal pages is misaligned vs the identity blockSee this screenshot for reference:
![identity-block-internal-resource](/uploads/4833fe0b4d0eaf339fb485b3489bb25b/identity-block-internal-resource.png)
It should be aligned to the left of the identity block instead. Curiously, this seem...See this screenshot for reference:
![identity-block-internal-resource](/uploads/4833fe0b4d0eaf339fb485b3489bb25b/identity-block-internal-resource.png)
It should be aligned to the left of the identity block instead. Curiously, this seems to only be affecting internal pages – and external pages are fine.https://gitlab.torproject.org/tpo/onion-services/onionmine/-/issues/11Support for other key generator implementations2023-05-17T15:46:59ZSilvio RhattoSupport for other key generator implementationsMake Onionmine support other vanity generators such as:
* [ciehanski/oniongen-hs: v3 onion vanity URL generator written in Haskell](https://github.com/ciehanski/oniongen-hs)
* [rdkr/oniongen-go: 🔑 v3 .onion vanity URL generator written ...Make Onionmine support other vanity generators such as:
* [ciehanski/oniongen-hs: v3 onion vanity URL generator written in Haskell](https://github.com/ciehanski/oniongen-hs)
* [rdkr/oniongen-go: 🔑 v3 .onion vanity URL generator written in Go](https://github.com/rdkr/oniongen-go)
Full compatibility might now be support, given that each implementation has it's own set of parameters, but that's something that can be solved with proper configuration and with some business logic.https://gitlab.torproject.org/tpo/onion-services/cebollitas/-/issues/2LICENSE and other metafiles2023-05-15T09:49:43ZSilvio RhattoLICENSE and other metafilesAdd LICENSE and other metafiles.Add LICENSE and other metafiles.https://gitlab.torproject.org/tpo/web/community/-/issues/303Add NAT/firewall setup instructions for Snowflake2023-05-11T18:26:19ZWofWcawofwca@protonmail.comAdd NAT/firewall setup instructions for Snowflakehttps://gitlab.torproject.org/tpo/web/community/-/tree/main/content/relay/setup/snowflake
Need to add instructions for how to set up the machine for it to have an "unrestricted NAT".
Typical firewall settings appear to result in a ["re...https://gitlab.torproject.org/tpo/web/community/-/tree/main/content/relay/setup/snowflake
Need to add instructions for how to set up the machine for it to have an "unrestricted NAT".
Typical firewall settings appear to result in a ["restricted NAT"](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/7db2568448fed6d883b33db11e3a497c69f1748f/broker/broker.go#L125), even if the machine has a dedicated IP (no NAT) (see [this forum post](https://forum.torproject.net/t/firewall-needs-settings-for-running-standalone-snowflake-proxy/4314/2?u=wofwca), for example), while an unrestricted one is more desirable. (Although I might be wrong, since [the metrics](https://snowflake-broker.torproject.net/metrics) say that there are ~2000 unrestricted proxies?) We [already have instructions](https://gitlab.torproject.org/tpo/web/community/-/blob/abea7a2c54a959136dc573489bfd3b24dd399703/content/relay/setup/post-install/contents.lr#L9) for regular Tor relays, but WebRTC (ICE) is a different kind of beast.
Need to consider both the NATed (say, behind a router), and the dedicated IP cases.
In case there's no NAT, simply allowing all incoming connections to the entire [allowed port range](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/7db2568448fed6d883b33db11e3a497c69f1748f/proxy/main.go#L35) should solve the problem, allowing the use of [`host` ICE candidates](https://webrtcforthecurious.com/docs/03-connecting/#host), but it compromises security, because another app may get assigned an ephemeral port from that range. So I thought maybe there is a way to disable [filtering](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/NAT-matching#nat-filtering-behaviour) for the Snowflake process specifically. Or maybe use a non-ephemeral port range so that other apps can't randomly get a port from that range (but this may affect censorship-resistance). Or maybe there is a way to have one dedicated port for Snowflake (is [`SetICEUDPMux`](https://pkg.go.dev/github.com/pion/webrtc/v3#SettingEngine.SetICEUDPMux) it?) which can be opened up, with fallback to ephemeral ports in case the client's censor blocks that one.
There may be better mechanisms that I'm just not aware of since I'm not that good at networking (in both meanings of the word XD).
Related:
* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40092
* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/57
* https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40235https://gitlab.torproject.org/tpo/onion-services/cebollitas/-/issues/1Improve documentation, show different technologies depending on the knowledge...2023-05-09T17:32:06ZjugaImprove documentation, show different technologies depending on the knowledge, for different operating systems and accesibilityDuring the workshop today we realized about many things we can improve.
The attendees have MacOS and Windows, didn't know about docker and Internet wasn't good, therefore it took quite some time to download, install and understand how t...During the workshop today we realized about many things we can improve.
The attendees have MacOS and Windows, didn't know about docker and Internet wasn't good, therefore it took quite some time to download, install and understand how to use docker in those operative systems.
For this concrete case we could have here or in a different repository:
- [ ] an example using only python (lighter to download) and tor, without docker
- [ ] add documentation about how to install docker in different operating system for the docker case
- [ ] add documentation about what each things does (lines in `torrc`, docker, ...)
- [ ] get people from UX to review the readibility of our exampleshttps://gitlab.torproject.org/tpo/onion-services/cebollitas/-/issues/3Rename onion-app to onion-flask2023-05-09T17:32:06ZSilvio RhattoRename onion-app to onion-flaskRename `onion-app` to `onion-flask`, to be more specific.Rename `onion-app` to `onion-flask`, to be more specific.https://gitlab.torproject.org/tpo/onion-services/cebollitas/-/issues/4Create an onion-python example2023-05-09T17:32:06ZSilvio RhattoCreate an onion-python exampleCreate an `onion-python` example (with Python built-in webserver).Create an `onion-python` example (with Python built-in webserver).