The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-03-28T21:11:07Zhttps://gitlab.torproject.org/tpo/core/arti/-/issues/399Improve documentation and examples in `arti-client`2023-03-28T21:11:07ZNick MathewsonImprove documentation and examples in `arti-client`*(This is a placeholder ticket, made so that people can find it when they search for things to do under the ~"First Contribution" label.)*
Try to write a program using `arti`. (The interface in the `arti-client` crate is the place to s...*(This is a placeholder ticket, made so that people can find it when they search for things to do under the ~"First Contribution" label.)*
Try to write a program using `arti`. (The interface in the `arti-client` crate is the place to start.)
As you do this, you'll probably find that the documentation didn't explain something you wanted to know, or didn't explain it very well. After you figure out the issue (either by asking us, or reading the code), why not contribute a patch to improve the documentation?
----
Also, it's a good convention for all Rust code to have rustdoc examples for how to use it. These examples can be at the function level, the module level, or the type level. Right now, a lot of our crates are missing those. (`arti-client` is most important, but examples everywhere are welcome.)
When writing examples, please make sure that the example actually shows people how they would would _want_ to use the code, and what happens when they do.Arti: Feature parity with the C implementationhttps://gitlab.torproject.org/tpo/core/arti/-/issues/398Inspect TODOs in source code; fix whatever we can2023-04-22T13:45:48ZNick MathewsonInspect TODOs in source code; fix whatever we can*(This is a placeholder ticket, made so that people can find it when they search for things to do under the ~"First Contribution" label.)*
In our source code, we often use the string `TODO` to indicate a place where we want to come back...*(This is a placeholder ticket, made so that people can find it when they search for things to do under the ~"First Contribution" label.)*
In our source code, we often use the string `TODO` to indicate a place where we want to come back and improve things. You can sometimes find good starting projects by looking for this string in the code.
Unfortunately, some of these `TODO` issues are harder than they initially appear: therefore, it might be a good idea to ask about the intended fix before you start on one of them. Feel free to ask here, or on the `#tor-dev` IRC channel on OFTC.
Happy hacking!https://gitlab.torproject.org/tpo/web/support/-/issues/288Add Onion-Location to the glossary2023-11-06T21:18:57ZemmapeelAdd Onion-Location to the glossaryThere for sure are more updates needed, but I think at least this term, spelled maybe as 'Onion Location', has a place in the Glossary.
My idea is to have a brief introduction with links to deeper docs.
Anyone wants to volunteer a defi...There for sure are more updates needed, but I think at least this term, spelled maybe as 'Onion Location', has a place in the Glossary.
My idea is to have a brief introduction with links to deeper docs.
Anyone wants to volunteer a definition?https://gitlab.torproject.org/tpo/web/community/-/issues/250snowflake: add debian package as installation method2022-08-03T01:37:40Ztxt.filesnowflake: add debian package as installation method<!--
* Use this issue template for suggesting new docs or updates to existing docs.
-->
### Problem to solve
<!-- Include the following detail as necessary:
-->
* On debian its a good idea to use the package manager instead of docker/a...<!--
* Use this issue template for suggesting new docs or updates to existing docs.
-->
### Problem to solve
<!-- Include the following detail as necessary:
-->
* On debian its a good idea to use the package manager instead of docker/ansible/self-compilation
* debian has a snowflake-proxy package
### Further details
<!--
* Include use cases, benefits, and/or goals for this work.
* If adding content: What audience is it intended for? (What roles and scenarios?)
-->
* https://packages.debian.org/search?keywords=snowflake%2Dproxy
### Proposal
<!-- Further specifics for how can we solve the problem. -->
Add installation via debian packages to `content/relay/setup/snowflake/standalone/contents.lr`.
### Who can address the issue
<!-- What if any special expertise is required to resolve this issue? -->
Anyperson able to write text.
### Other links/references
<!-- E.g. related Tor issues/MRs -->https://gitlab.torproject.org/tpo/anti-censorship/docker-obfs4-bridge/-/issues/9Add Docker health check2022-03-01T17:54:36ZMelroy van den BergAdd Docker health checkYou could add a [HEALTHCHECK](https://docs.docker.com/engine/reference/builder/#healthcheck) to the Docker image.
So it's easy to see if the Bridge is working or not. You can execute any command you want within this HEALTHCHECK stateme...You could add a [HEALTHCHECK](https://docs.docker.com/engine/reference/builder/#healthcheck) to the Docker image.
So it's easy to see if the Bridge is working or not. You can execute any command you want within this HEALTHCHECK statement.
I leave it up to you what exact command you want to run to validate the healthy of the bridge.
Regards,
Melroyhttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/46Review UX and suggest improvements for telegram bridge bot2023-03-31T18:51:53ZdonutsReview UX and suggest improvements for telegram bridge botWe have a telegram bridge bot, and it's awesome! However at some point (i.e. when we revisit the bot and potentially integrate it with rdsys in future) UX should review and input into the following:
- The General UX/Design of the bot
- ...We have a telegram bridge bot, and it's awesome! However at some point (i.e. when we revisit the bot and potentially integrate it with rdsys in future) UX should review and input into the following:
- The General UX/Design of the bot
- How to collect user feedback about its use
- How to include (or link to) basic instructions on how to add bridges
- Improving user communication when (re)distributing cached bridges
- Integrating basic help functions/links to support articles
- If we want to localize it, and how this will work from a UI point of viewhttps://gitlab.torproject.org/tpo/web/manual/-/issues/114Explain *why* you would want to make Tor Browser portable2023-11-07T17:02:58ZGusExplain *why* you would want to make Tor Browser portableUser feedback:
The description doesn't explain the value of making Tor Browser portable.
What is the advantage, security and reason for portable?User feedback:
The description doesn't explain the value of making Tor Browser portable.
What is the advantage, security and reason for portable?https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/71Consider attaching Tor Browser signing key to gettor emails2022-10-12T18:28:12ZPhilipp Winterphw@torproject.orgConsider attaching Tor Browser signing key to gettor emailsIt turns out that censored users are unlikely to be able to fetch our Tor Browser signing key: tpo/applications/tor-browser#40195
One way to fix this issue is to attach the signing key to GetTor's email autoresponse. That's easy for us ...It turns out that censored users are unlikely to be able to fetch our Tor Browser signing key: tpo/applications/tor-browser#40195
One way to fix this issue is to attach the signing key to GetTor's email autoresponse. That's easy for us and convenient for the user. The downside is that users have to place more trust in GetTor's autoresponse. So far, if Alice receives a spoofed GetTor response and downloads a malicious Tor Browser, she can still detect this attack by getting her signing key from an independent source. If GetTor's response email provides both Tor Browser links *and* the signing key, Alice would fall for the attack.https://gitlab.torproject.org/tpo/web/lego/-/issues/39Create 'sitemap.xml' for our Lektor websites2022-06-29T21:38:49ZGusCreate 'sitemap.xml' for our Lektor websitesA relay operator [suggested](https://lists.torproject.org/pipermail/tor-relays/2021-November/020015.html) creating a 'sitemap'.
Checking Lektor docs, I found this guide:
https://www.getlektor.com/docs/guides/sitemap/A relay operator [suggested](https://lists.torproject.org/pipermail/tor-relays/2021-November/020015.html) creating a 'sitemap'.
Checking Lektor docs, I found this guide:
https://www.getlektor.com/docs/guides/sitemap/https://gitlab.torproject.org/tpo/web/manual/-/issues/110Add Android 12 battery optiization tip2023-11-08T07:17:09ZHackerNCoderhackerncoder@encryptionin.spaceAdd Android 12 battery optiization tipI'm using GrapheneOS which just updated to Android 12, it is even more battery optimizing, to the point where it feels like it is killing Tor Browser in the background by default. Whenever I close the app, and open it again, I have to cl...I'm using GrapheneOS which just updated to Android 12, it is even more battery optimizing, to the point where it feels like it is killing Tor Browser in the background by default. Whenever I close the app, and open it again, I have to click connect. Unless I change the battery optimization level to "Unrestricted".https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40670Android Google Assistant Sign-In pops up using Tor2022-11-30T15:24:37ZiampowerslaveAndroid Google Assistant Sign-In pops up using TorHi.
I had the following issue that exposes my identity to Google.
I started Tor (Android) logged in to a website that is Google Sign-In compatible, and when I entered my credentials the Google Assistant Sign In dialog popped up, so Goo...Hi.
I had the following issue that exposes my identity to Google.
I started Tor (Android) logged in to a website that is Google Sign-In compatible, and when I entered my credentials the Google Assistant Sign In dialog popped up, so Google nows it was me trying to log in to that site even behind Tor.
Moto G9 Plus
Android 11
Tor 10.5.9 (91.2.0-Release)https://gitlab.torproject.org/tpo/web/support/-/issues/268Add new entry about Tor mailing lists2023-01-18T18:32:02ZGusAdd new entry about Tor mailing listsAs we have a bunch of mailing lists, it would be nice to have a page with a list of our mailing lists and a description.
We have an old trac entry:
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/emailLists
But it would be great ...As we have a bunch of mailing lists, it would be nice to have a page with a list of our mailing lists and a description.
We have an old trac entry:
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/emailLists
But it would be great to list only public and maintained lists.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40647configure Tor Browser for Onion URL of offical TPO domain2023-01-05T16:47:58ZpseudonymisaTorconfigure Tor Browser for Onion URL of offical TPO domainTor Browser itself does not prefer onion for itself where possible?
Tor Browser should configure Onion URL for offical TPO domains where possible.
I discovered at least following `about:config` settings that use `torproject.org` instead...Tor Browser itself does not prefer onion for itself where possible?
Tor Browser should configure Onion URL for offical TPO domains where possible.
I discovered at least following `about:config` settings that use `torproject.org` instead `2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion`
| app.update.url.details | https://www.torproject.org/download/ |
|------------------------|--------------------------------------|
Update to:
http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/download/
| app.update.url.manual | https://www.torproject.org/download/languages/ |
|-----------------------|------------------------------------------------|
Update to:
http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/download/languages/
| extensions.torbutton.versioncheck_url | https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions |
|---------------------------------------|-----------------------------------------------------------------------|
Update to: http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/projects/torbrowser/RecommendedTBBVersionshttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/53GetTor IPFS Provider2022-10-05T13:39:21ZTracGetTor IPFS ProviderI think IPFS could be a good provider by having support for downloading from multiple sources and while the clients don't work through Tor, there are many public gateways.
When attempting to find a list of public gateways, I found https...I think IPFS could be a good provider by having support for downloading from multiple sources and while the clients don't work through Tor, there are many public gateways.
When attempting to find a list of public gateways, I found https://github.com/ipfs/public-gateway-checker/blob/master/gateways.json .
I am not sure how the procedure could be automated, but manually it would work by installing ipfs, creating a folder for requested content, "ipfs add -r directory/" and going to https://example.com/ipfs/HASH (which was given by the previous command) to download it. Alternatively for single file "ipfs add -w file" so a directory is created for it preserving the filename instead of changing it to the hash when downloading.
Volunteers could also host the content by using "ipfs pin add HASH" possibly reducing server load.
**Trac**:
**Username**: Mkaysihttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/45tests for gettor2022-10-25T11:27:01Zmeskiomeskio@torproject.orgtests for gettorAt least the usecases of the gettor distributor and updater should have some tests.At least the usecases of the gettor distributor and updater should have some tests.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40464Cannot add .onion search engine when equivalent clearnet is present2022-11-30T16:17:05ZbtdmasterCannot add .onion search engine when equivalent clearnet is presentAdding e.g. https://search.snopyta.org/ as a search engine prevents its .onion equivalent from being added, http://yra4tke2pwcnatxjkufpw6kvebu3h3ti2jca2lcdpgx3mpwol326lzid.onion/, and there is no notification to the user for the cause of...Adding e.g. https://search.snopyta.org/ as a search engine prevents its .onion equivalent from being added, http://yra4tke2pwcnatxjkufpw6kvebu3h3ti2jca2lcdpgx3mpwol326lzid.onion/, and there is no notification to the user for the cause of this issue; the 'Add Search Engine' option is completely absent and there is no practical way of knowing that this is the cause for the issue from the user's perspective.
The workaround is to remove the clearnet search engine manually and then add the .onion version.
This is important not only because adding the .onion version avoids clearnet connections but also because when enabling redirects from clearnet to .onion POST requests are lost, so searx is not only less private but practically useless as it redirects to the .onion with the search parameters lost.https://gitlab.torproject.org/tpo/web/support/-/issues/207Answer the Tor + VPN question better2023-11-08T02:30:16ZemmapeelAnswer the Tor + VPN question betterAt https://support.torproject.org/faq/faq-5/ we have a link to https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN which should be replaced as trac is not longer updated.At https://support.torproject.org/faq/faq-5/ we have a link to https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN which should be replaced as trac is not longer updated.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40437Allow users to backup bookmarks with adb2022-12-08T15:15:30ZAntonelaantonela@torproject.orgAllow users to backup bookmarks with adbfrom tor-ux:
macaroni:
hey all
you know we can't export the bookmarks on Tor Browser Android
and i thought if we can backup the app with adb
then we can backup also the bookmarks
i can backup some apps with adb because they have ALLOW_...from tor-ux:
macaroni:
hey all
you know we can't export the bookmarks on Tor Browser Android
and i thought if we can backup the app with adb
then we can backup also the bookmarks
i can backup some apps with adb because they have ALLOW_BACKUP flag
but i can't backup TBA with adb
if you can do this all users can backup the app including the bookmarks
thanks!https://gitlab.torproject.org/tpo/network-health/metrics/exit-scanner/-/issues/40002Clean up old results by cron job2023-01-23T14:48:24ZirlClean up old results by cron jobCollecTor is archiving the results daily. It's a good idea to keep a few days cache around to cope with outages but this is silly. https://check.torproject.org/lists/
A one-liner we could stick in a cron job to delete files older than X...CollecTor is archiving the results daily. It's a good idea to keep a few days cache around to cope with outages but this is silly. https://check.torproject.org/lists/
A one-liner we could stick in a cron job to delete files older than X days would be a great addition here.
(I guess if you were doing it properly you'd put it in the Python wrapper script.)https://gitlab.torproject.org/tpo/network-health/metrics/collector/-/issues/40007onionperf: No longer need to download tpf files2022-09-28T07:02:04Zirlonionperf: No longer need to download tpf filesThe OnionPerf module still has residual code related to the download of *.tpf files, which are no longer produced by modern OnionPerf. This code could be removed, and in the process might make the JSON downloading code that remains more ...The OnionPerf module still has residual code related to the download of *.tpf files, which are no longer produced by modern OnionPerf. This code could be removed, and in the process might make the JSON downloading code that remains more robust.
Relevant code: https://gitlab.torproject.org/tpo/metrics/collector/-/blob/master/src/main/java/org/torproject/metrics/collector/onionperf/OnionPerfDownloader.javaHiroHiro