The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-01-13T18:10:35Zhttps://gitlab.torproject.org/tpo/web/support/-/issues/275Dead link on FAQ2022-01-13T18:10:35ZcypherpunksDead link on FAQOn main page of support website, in section named "Gmail warns me that my account may have been compromised", there is a link to fscked.org, which seems to be a long-dead mikeperry's website.On main page of support website, in section named "Gmail warns me that my account may have been compromised", there is a link to fscked.org, which seems to be a long-dead mikeperry's website.https://gitlab.torproject.org/tpo/web/tpo/-/issues/262Remove jinja template escaping from "Become a Member" section2022-07-09T04:26:25ZGusRemove jinja template escaping from "Become a Member" sectionhttps://www.torproject.org/about/membership/
```
Become a Member
{ _("Join the Tor Project Membership Program and demonstrate your commitment to privacy online and become more deeply involved in the Tor community. Email us at giving@to...https://www.torproject.org/about/membership/
```
Become a Member
{ _("Join the Tor Project Membership Program and demonstrate your commitment to privacy online and become more deeply involved in the Tor community. Email us at giving@torproject.org. to get started.") }
```emmapeelemmapeelhttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/71Consider attaching Tor Browser signing key to gettor emails2022-10-12T18:28:12ZPhilipp Winterphw@torproject.orgConsider attaching Tor Browser signing key to gettor emailsIt turns out that censored users are unlikely to be able to fetch our Tor Browser signing key: tpo/applications/tor-browser#40195
One way to fix this issue is to attach the signing key to GetTor's email autoresponse. That's easy for us ...It turns out that censored users are unlikely to be able to fetch our Tor Browser signing key: tpo/applications/tor-browser#40195
One way to fix this issue is to attach the signing key to GetTor's email autoresponse. That's easy for us and convenient for the user. The downside is that users have to place more trust in GetTor's autoresponse. So far, if Alice receives a spoofed GetTor response and downloads a malicious Tor Browser, she can still detect this attack by getting her signing key from an independent source. If GetTor's response email provides both Tor Browser links *and* the signing key, Alice would fall for the attack.https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/70Unexpected Naming Scheme in Semantic Versioning Represention Structure2022-09-27T09:58:21ZshelikhooUnexpected Naming Scheme in Semantic Versioning Represention StructureIn the [Version](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/f7d0b7451e242a711f3c9887348b84a6ae054c38/pkg/usecases/resources/links.go#L14) Structure, "Major" version is named "Mayor" version, which is different from it...In the [Version](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/f7d0b7451e242a711f3c9887348b84a6ae054c38/pkg/usecases/resources/links.go#L14) Structure, "Major" version is named "Mayor" version, which is different from its [definition](https://semver.org/) form. If this is unintentional, we could consider renaming it to its definition form.https://gitlab.torproject.org/tpo/web/lego/-/issues/39Create 'sitemap.xml' for our Lektor websites2022-06-29T21:38:49ZGusCreate 'sitemap.xml' for our Lektor websitesA relay operator [suggested](https://lists.torproject.org/pipermail/tor-relays/2021-November/020015.html) creating a 'sitemap'.
Checking Lektor docs, I found this guide:
https://www.getlektor.com/docs/guides/sitemap/A relay operator [suggested](https://lists.torproject.org/pipermail/tor-relays/2021-November/020015.html) creating a 'sitemap'.
Checking Lektor docs, I found this guide:
https://www.getlektor.com/docs/guides/sitemap/https://gitlab.torproject.org/tpo/ux/design/-/issues/31Outreach material: update torproject.org onion site address (v2 to v3)2022-04-25T20:55:31ZGusOutreach material: update torproject.org onion site address (v2 to v3)As v2 onions are now fully deprecated, we need to update these outreach materials:
Files:
- https://gitlab.torproject.org/tpo/community/outreach/-/blob/master/print/en_EN/Back_feminist_en_EN.pdf
- https://gitlab.torproject.org/tpo/comm...As v2 onions are now fully deprecated, we need to update these outreach materials:
Files:
- https://gitlab.torproject.org/tpo/community/outreach/-/blob/master/print/en_EN/Back_feminist_en_EN.pdf
- https://gitlab.torproject.org/tpo/community/outreach/-/blob/master/print/en_EN/Back_stencil_en_EN.pdf
- https://gitlab.torproject.org/tpo/community/outreach/-/blob/master/print/es_ES/Back_feminist_es_ES.pdf
- https://gitlab.torproject.org/tpo/community/outreach/-/blob/master/print/es_ES/Back_stencil_es_ES.pdf
- https://gitlab.torproject.org/tpo/community/outreach/-/blob/master/print/pr_BR/Back_feminist_pr_BR.pdf
- https://gitlab.torproject.org/tpo/community/outreach/-/blob/master/print/pr_BR/Back_stencil_pr_BR.pdfGusGushttps://gitlab.torproject.org/tpo/web/manual/-/issues/110Add Android 12 battery optiization tip2023-11-08T07:17:09ZHackerNCoderhackerncoder@encryptionin.spaceAdd Android 12 battery optiization tipI'm using GrapheneOS which just updated to Android 12, it is even more battery optimizing, to the point where it feels like it is killing Tor Browser in the background by default. Whenever I close the app, and open it again, I have to cl...I'm using GrapheneOS which just updated to Android 12, it is even more battery optimizing, to the point where it feels like it is killing Tor Browser in the background by default. Whenever I close the app, and open it again, I have to click connect. Unless I change the battery optimization level to "Unrestricted".https://gitlab.torproject.org/tpo/web/community/-/issues/236Relay operations is missing from secondary navbar2021-10-29T19:59:35ZemmapeelRelay operations is missing from secondary navbarThe secondary navbar that we have on the different sections of the website is missing the Relay Operations link. See the 6 sections on the homepage:
![all-sections.cleaned](/uploads/97700a38f46adaa78a4d2dd8354bfd21/all-sections.cleaned....The secondary navbar that we have on the different sections of the website is missing the Relay Operations link. See the 6 sections on the homepage:
![all-sections.cleaned](/uploads/97700a38f46adaa78a4d2dd8354bfd21/all-sections.cleaned.png)
And only 5 sections on the navbar:
![missig-relays.cleaned](/uploads/bd7a13aa9b381de314f5fd257c43a558/missig-relays.cleaned.png)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40670Android Google Assistant Sign-In pops up using Tor2022-11-30T15:24:37ZiampowerslaveAndroid Google Assistant Sign-In pops up using TorHi.
I had the following issue that exposes my identity to Google.
I started Tor (Android) logged in to a website that is Google Sign-In compatible, and when I entered my credentials the Google Assistant Sign In dialog popped up, so Goo...Hi.
I had the following issue that exposes my identity to Google.
I started Tor (Android) logged in to a website that is Google Sign-In compatible, and when I entered my credentials the Google Assistant Sign In dialog popped up, so Google nows it was me trying to log in to that site even behind Tor.
Moto G9 Plus
Android 11
Tor 10.5.9 (91.2.0-Release)https://gitlab.torproject.org/tpo/web/community/-/issues/233[Onion Services] Update NYT onion service2021-10-20T13:23:15Zchampionquizzerchampionquizzer@torproject.org[Onion Services] Update NYT onion serviceNew York Times have updated their onion service to v3: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/
.. and we must update it on the 'featured onions' section: https://community.torproject.org/onion-servic...New York Times have updated their onion service to v3: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/
.. and we must update it on the 'featured onions' section: https://community.torproject.org/onion-services/#featured-onions
Proof: TLS/SSL certificate and onion-location header on https://www.nytimes.com/HackerNCoderhackerncoder@encryptionin.spaceHackerNCoderhackerncoder@encryptionin.spacehttps://gitlab.torproject.org/tpo/core/arti/-/issues/191Replace caret with num-derive, popularity.2022-02-07T15:56:39ZcheakoReplace caret with num-derive, popularity.I believe this would get tangled with #165.
The [`caret`](https://crates.io/crates/caret) create has sometimes 4 downloads a day, when [`num-derive`](https://crates.io/crates/num-derive) has thousands.
Effects `tor-cell`.
```
[depende...I believe this would get tangled with #165.
The [`caret`](https://crates.io/crates/caret) create has sometimes 4 downloads a day, when [`num-derive`](https://crates.io/crates/num-derive) has thousands.
Effects `tor-cell`.
```
[dependencies]
num-traits = "0.2"
num-derive = "0.3"
```
Note: Investigate `NumCast`, `NumOpt` makes no sense being math only and doesn't cover `Ord` and `Eq`.
```
use num_derive::{FromPrimitive, ToPrimitive};
```
https://fasterthanli.me/series/making-our-own-ping/part-11
```
#[derive(Debug, FromPrimitive, ToPrimitive)]
#[repr(u8)]
pub enum Protocol {
ICMP = 0x01,
TCP = 0x06,
UDP = 0x11,
}
```https://gitlab.torproject.org/tpo/web/lego/-/issues/33Add Discourse forum logo on the footer2021-10-25T19:31:15ZGusAdd Discourse forum logo on the footerAs part of our [Soft launch plan](https://gitlab.torproject.org/tpo/web/team/-/wikis/Plan-To-Launch-Tor's-Forum#timeline), we need to add [Discourse logo](https://fontawesome.com/v5.15/icons/discourse) on the footer.As part of our [Soft launch plan](https://gitlab.torproject.org/tpo/web/team/-/wikis/Plan-To-Launch-Tor's-Forum#timeline), we need to add [Discourse logo](https://fontawesome.com/v5.15/icons/discourse) on the footer.2021-10-20https://gitlab.torproject.org/tpo/web/manual/-/issues/108Error titles vary from original source in the browser2022-06-30T04:53:23ZemmapeelError titles vary from original source in the browserThe documentation at [onion-services/#onion-services-errors](https://tb-manual.torproject.org/onion-services/#onion-services-errors) has varied the Error messages and titles from the original source, that are the strings at the browser c...The documentation at [onion-services/#onion-services-errors](https://tb-manual.torproject.org/onion-services/#onion-services-errors) has varied the Error messages and titles from the original source, that are the strings at the browser code, and by extension also available for translation on [transifex](https://www.transifex.com/otf/torproject/translate/#es/$/185269561?q=key%3AonionServices.) and that can be seen at
https://gitweb.torproject.org/translation.git/tree/en/torbutton.properties?h=torbutton-torbuttonproperties
(they are the strings with keys starting with onionServices.)
We should make the docs have the same strings as the browser.https://gitlab.torproject.org/tpo/web/support/-/issues/268Add new entry about Tor mailing lists2023-01-18T18:32:02ZGusAdd new entry about Tor mailing listsAs we have a bunch of mailing lists, it would be nice to have a page with a list of our mailing lists and a description.
We have an old trac entry:
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/emailLists
But it would be great ...As we have a bunch of mailing lists, it would be nice to have a page with a list of our mailing lists and a description.
We have an old trac entry:
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/emailLists
But it would be great to list only public and maintained lists.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40647configure Tor Browser for Onion URL of offical TPO domain2023-01-05T16:47:58ZpseudonymisaTorconfigure Tor Browser for Onion URL of offical TPO domainTor Browser itself does not prefer onion for itself where possible?
Tor Browser should configure Onion URL for offical TPO domains where possible.
I discovered at least following `about:config` settings that use `torproject.org` instead...Tor Browser itself does not prefer onion for itself where possible?
Tor Browser should configure Onion URL for offical TPO domains where possible.
I discovered at least following `about:config` settings that use `torproject.org` instead `2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion`
| app.update.url.details | https://www.torproject.org/download/ |
|------------------------|--------------------------------------|
Update to:
http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/download/
| app.update.url.manual | https://www.torproject.org/download/languages/ |
|-----------------------|------------------------------------------------|
Update to:
http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/download/languages/
| extensions.torbutton.versioncheck_url | https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions |
|---------------------------------------|-----------------------------------------------------------------------|
Update to: http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/projects/torbrowser/RecommendedTBBVersionshttps://gitlab.torproject.org/tpo/web/community/-/issues/230[onion services] Update BBC onion site2021-09-28T12:02:24ZGus[onion services] Update BBC onion siteBBC upgraded their onion site to v3. Let's update the featured onions page:
https://www.bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd.onion/
https://community.torproject.org/onion-services/#featured-onionsBBC upgraded their onion site to v3. Let's update the featured onions page:
https://www.bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd.onion/
https://community.torproject.org/onion-services/#featured-onionshttps://gitlab.torproject.org/tpo/web/tpo/-/issues/227Update wiki link in the contributing.md2021-09-01T01:48:15Zchampionquizzerchampionquizzer@torproject.orgUpdate wiki link in the contributing.mdSimilar to https://gitlab.torproject.org/tpo/web/tpo/-/issues/226, we need to update the wiki link on the [contributing.md](https://gitlab.torproject.org/tpo/web/tpo/-/blob/master/CONTRIBUTING.md)
'Check our wiki pages for more informat...Similar to https://gitlab.torproject.org/tpo/web/tpo/-/issues/226, we need to update the wiki link on the [contributing.md](https://gitlab.torproject.org/tpo/web/tpo/-/blob/master/CONTRIBUTING.md)
'Check our wiki pages for more information.' (positioned right above '[Translations](https://gitlab.torproject.org/tpo/web/tpo/-/blob/master/CONTRIBUTING.md#translations)') should redirect to https://gitlab.torproject.org/tpo/web/wiki/-/wikis/How-to-develop-on-the-websitehttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/53GetTor IPFS Provider2022-10-05T13:39:21ZTracGetTor IPFS ProviderI think IPFS could be a good provider by having support for downloading from multiple sources and while the clients don't work through Tor, there are many public gateways.
When attempting to find a list of public gateways, I found https...I think IPFS could be a good provider by having support for downloading from multiple sources and while the clients don't work through Tor, there are many public gateways.
When attempting to find a list of public gateways, I found https://github.com/ipfs/public-gateway-checker/blob/master/gateways.json .
I am not sure how the procedure could be automated, but manually it would work by installing ipfs, creating a folder for requested content, "ipfs add -r directory/" and going to https://example.com/ipfs/HASH (which was given by the previous command) to download it. Alternatively for single file "ipfs add -w file" so a directory is created for it preserving the filename instead of changing it to the hash when downloading.
Volunteers could also host the content by using "ipfs pin add HASH" possibly reducing server load.
**Trac**:
**Username**: Mkaysihttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40060server is still logging io.ErrClosedPipe errors because of wrapped errors2022-01-07T16:46:16ZDavid Fifielddcf@torproject.orgserver is still logging io.ErrClosedPipe errors because of wrapped errorsDespite !30, the Snowflake server is still logging `io.ErrClosedPipe` errors:
```
2021/06/24 17:41:12 error copying WebSocket to ORPort readfrom tcp [scrubbed]->[scrubbed]: io: read/write on closed pipe
2021/06/24 17:46:11 acceptStreams...Despite !30, the Snowflake server is still logging `io.ErrClosedPipe` errors:
```
2021/06/24 17:41:12 error copying WebSocket to ORPort readfrom tcp [scrubbed]->[scrubbed]: io: read/write on closed pipe
2021/06/24 17:46:11 acceptStreams: io: read/write on closed pipe
2021/06/24 17:46:33 error copying WebSocket to ORPort readfrom tcp [scrubbed]->[scrubbed]: io: read/write on closed pipe
2021/06/24 18:20:20 error copying ORPort to WebSocket io: read/write on closed pipe
```
The reason is that the errors are not really `io.ErrClosedPipe`; they are wrapped by [`errors.WithStack`](https://pkg.go.dev/github.com/pkg/errors#WithStack) in kcp-go. You can see the different using `log.Printf("%T", err)`, which yields `*errors.withStack`.
I was having the same problem in the dnstt server. I solved it by using [`errors.Is`](https://pkg.go.dev/errors#Is) from the [go1.13 errors interface](https://blog.golang.org/go1.13-errors), rather than plain equality.
https://repo.or.cz/dnstt.git/commitdiff/e4dc2883efea932f1da62ef35c3e88806aed9eeahttps://gitlab.torproject.org/tpo/web/lego/-/issues/26Change the pointer when hovering over a .copy-button2022-01-24T17:35:14ZKezChange the pointer when hovering over a .copy-buttonI noticed that buttons with the `copy-button` class don't have a `cursor: pointer` attribute on hover. That makes them look less clickable than they should. It might be better UX to add that CSS rule so a user knows they can definitely c...I noticed that buttons with the `copy-button` class don't have a `cursor: pointer` attribute on hover. That makes them look less clickable than they should. It might be better UX to add that CSS rule so a user knows they can definitely click the button.
An example is the [cryptocurrency page of the donate site](https://donate.torproject.org/cryptocurrency/). Hover any of the copy buttons next to the wallet addresses: ![image](/uploads/36bdb4bedc21583186e58e3eabc36949/image.png)