The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-05-11T20:38:26Zhttps://gitlab.torproject.org/tpo/web/lego/-/issues/23[UX] text alignment for the header bar2022-05-11T20:38:26Zriyajawandhiya[UX] text alignment for the header bar**What is the user problem?**
When considering the text alignment for the header bar. Headers are often referred to as «Site Menus» and positioned as a key element of navigation in the website layout. Proper alignment in the designs wi...**What is the user problem?**
When considering the text alignment for the header bar. Headers are often referred to as «Site Menus» and positioned as a key element of navigation in the website layout. Proper alignment in the designs will make them visually more appealing and will also make it easier for users to scan over a page.
![image](/uploads/0349f62db2fcc3e409e5f9cb57407579/image.png)
**Why is this important?**
Before downloading the application, people tend to visit the website to understand why they should prefer the new application, rather than their existing ones.
**Why does this satisfy?**
1. Looks uniform
2. Clean and self-explanatory
**Why will the community benefit from it?**
1. The user will feel comfortable and creates Connectivity
**How to measure design's effectiveness?**
[A/B testing](https://uxdesign.cc/7-steps-of-a-b-testing-what-how-cf3b209467fd) - A quick A/B with my acquaintances (who cover major sections of people using the internet) with a high-fidelity versionhttps://gitlab.torproject.org/tpo/web/community/-/issues/89[FAQ Trainer] Can I use the tor network to browse normal https websites?2022-05-11T21:12:45ZNah[FAQ Trainer] Can I use the tor network to browse normal https websites?Actions:
- [x] Merge f.a.q phase 1 and 2
- [x] Cross reference with the support portal
- [ ] Improve or Answer question
- [ ] Upload to website and close ticket
**Child questions:**
* Can I browse http sites?
* What happens if I use a p...Actions:
- [x] Merge f.a.q phase 1 and 2
- [x] Cross reference with the support portal
- [ ] Improve or Answer question
- [ ] Upload to website and close ticket
**Child questions:**
* Can I browse http sites?
* What happens if I use a page without https?
* So the https make it secure? They know the website that you’re visiting?
* About DNS over TLS how does it contrast? When someone is using Tor with HTTPS, does the DNS still knows where you will go?Community Portal: Public Launchhttps://gitlab.torproject.org/tpo/web/support/-/issues/92Add more information to question: "Can I use Tor with a browser besides Tor B...2023-11-13T16:04:52ZemmapeelAdd more information to question: "Can I use Tor with a browser besides Tor Browser?"In https://support.torproject.org/tbb/tbb-9/ we say it is not a good idea to use another browser, because it leaves you vulnerable without the protections of Tor Browser.
We could explain more what are those protections, specially with ...In https://support.torproject.org/tbb/tbb-9/ we say it is not a good idea to use another browser, because it leaves you vulnerable without the protections of Tor Browser.
We could explain more what are those protections, specially with links etc, so it becomes more clear to the user.https://gitlab.torproject.org/tpo/community/relays/-/issues/43[Feature Request] Offer relay functionality2022-08-08T16:43:51ZFelixkruemel[Feature Request] Offer relay functionalityI don't know where to put this. If this is an inappropriate repository for this issue please close it and tell me where to request it.
This docker container already has all the functionality needed for relay operations I think. Please c...I don't know where to put this. If this is an inappropriate repository for this issue please close it and tell me where to request it.
This docker container already has all the functionality needed for relay operations I think. Please corretc me if I'm wrong. So not only obfs4 bridges, but also normal exit and non-exit relays. As a result I would like to have the option to specify the type of relay (bridge, middle/guard, exit) via enviroment variable and adjust the torrc config accordingly. The container already allows passing of custom variables through `OBFS4V_variable`. Renaming the prefix and offering to also change `BridgeRelay 1` already would enable the functionality of an normal relay.
There currently is no official container available to host an tor relay on docker.GusGushttps://gitlab.torproject.org/tpo/community/team/-/issues/8Template letter to universities to unblock Tor2023-11-24T11:56:40ZGusTemplate letter to universities to unblock TorSome universities are blocking torproject.org and also the Tor network.
If we create a template letter, I think many students and teachers will feel engaged to formalize and fill some papers to request to unblock Tor at their universiti...Some universities are blocking torproject.org and also the Tor network.
If we create a template letter, I think many students and teachers will feel engaged to formalize and fill some papers to request to unblock Tor at their universities. And even if the university doesn't unblock at least it will require a formal answer from the university. Thoughts?Roger DingledineRoger Dingledine2023-12-01https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41256pre-crunch and pre-strip PNG in tor-service-android to make it reproducible2022-11-30T14:46:13Zeighthavepre-crunch and pre-strip PNG in tor-service-android to make it reproduciblePNG crunching is not a deterministic process, especially the way aapt does it. This makes the builds not reproducible. The easy solution to this is to pre-crunch the PNGs and commit them to git. This also uses exiftool to strip any me...PNG crunching is not a deterministic process, especially the way aapt does it. This makes the builds not reproducible. The easy solution to this is to pre-crunch the PNGs and commit them to git. This also uses exiftool to strip any metadata from the PNG. This then disables running the crunch as part of the gradle build process.
https://medium.com/@duhroach/smaller-pngs-and-android-s-aapt-tool-4ce38a24019d
I have submitted this upstream to Orbot:
https://github.com/guardianproject/orbot/pull/252
And it is here in my tor-android-service-fork:
https://gitlab.com/eighthave/tor-android-service/commits/png-pre-compress
Once it is merged, someone will need to do:
```
$ sudo apt install exiftool zopfli
$ cd /path/to/tor-android-service
$ ./tools/png-pre-compress
```
Then commit all the changed PNGs.https://gitlab.torproject.org/tpo/web/community/-/issues/164I think that is a part of the relay guide that we can improve (teor)2022-01-20T19:11:28ZcypherpunksI think that is a part of the relay guide that we can improve (teor)https://lists.torproject.org/pipermail/tor-relays/2018-June/015527.html
```
I think that is a part of the relay guide that we can improve:
Relays exist so that clients can use the network.
Consensus flags exist so that clients can use ...https://lists.torproject.org/pipermail/tor-relays/2018-June/015527.html
```
I think that is a part of the relay guide that we can improve:
Relays exist so that clients can use the network.
Consensus flags exist so that clients can use the network efficiently.
Bandwidth weights are assigned so that clients can use the network efficiently.
```https://gitlab.torproject.org/tpo/web/newsletter/-/issues/15Links in the RSS feed need to have absolute paths2022-03-01T18:42:07Zchampionquizzerchampionquizzer@torproject.orgLinks in the RSS feed need to have absolute pathsA user on `#tor-www` IRC channel reported:
"https://newsletter.torproject.org/rss/ contains relative URLs (they start with ./), but RSS requires absolute/full URLs (e.g. https://newsletter.torproject.org/etc.). It causes feed readers t...A user on `#tor-www` IRC channel reported:
"https://newsletter.torproject.org/rss/ contains relative URLs (they start with ./), but RSS requires absolute/full URLs (e.g. https://newsletter.torproject.org/etc.). It causes feed readers to fail to open the links in the feed. See: https://validator.w3.org/feed/check.cgi?url=https%3A%2F%2Fnewsletter.torproject.org%2Frss%2F"
Thanks for reporting!https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/22633Running ./start-tor-browser.desktop --detach --log creates two log files2022-08-03T14:52:38ZGeorg KoppenRunning ./start-tor-browser.desktop --detach --log creates two log filesAdding `--detach` explicitely creates two log files one inside the current working directory containing all the logs (which is okay) and an empty one in the parent directory (which is not okay).
This got reported on our blog: https://bl...Adding `--detach` explicitely creates two log files one inside the current working directory containing all the logs (which is okay) and an empty one in the parent directory (which is not okay).
This got reported on our blog: https://blog.torproject.org/comment/269202#comment-269157.https://gitlab.torproject.org/tpo/web/support/-/issues/71Unclosed divs and other errors in the template2022-02-15T20:02:38ZemmapeelUnclosed divs and other errors in the templateThe w3c validator detects some errors that we should fix:
https://validator.w3.org/nu/?doc=https%3A%2F%2Fsupport.torproject.org%2F
* Duplicate ids
* Unclosed div tags
* Anchor (<a>) tags without href or roleThe w3c validator detects some errors that we should fix:
https://validator.w3.org/nu/?doc=https%3A%2F%2Fsupport.torproject.org%2F
* Duplicate ids
* Unclosed div tags
* Anchor (<a>) tags without href or rolehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/5203Setting Tor Browser as default browser does not work in Wndows 72022-07-09T17:44:33ZTracSetting Tor Browser as default browser does not work in Wndows 7For whatever reason, Aurora fails to establish itself as the default browser in Windows 7.
Using Tools -> Options -> Advanced -> General on Aurora 9.0.1, I press the "Check Now" button, which informs me that
"Aurora is not currently ...For whatever reason, Aurora fails to establish itself as the default browser in Windows 7.
Using Tools -> Options -> Advanced -> General on Aurora 9.0.1, I press the "Check Now" button, which informs me that
"Aurora is not currently set as your default browser. Would you like to make it your default browser?"
After pressing "yes", nothing else happens, suggesting success. But there is no success, a second check shows that nothing has changed.
Whatever the reason for the failure, the Tor Browser should at least check this itself, and, in case of a failure, inform about this and suggest additional information.
It seems quite dangerous, because other applications using Tor, like Torchat, refer to the default browser if one clicks on a link. So one may click on a critical link believing that one already has established the Tor browser as the default browser.
**Trac**:
**Username**: Iljahttps://gitlab.torproject.org/tpo/web/support/-/issues/207Answer the Tor + VPN question better2023-11-08T02:30:16ZemmapeelAnswer the Tor + VPN question betterAt https://support.torproject.org/faq/faq-5/ we have a link to https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN which should be replaced as trac is not longer updated.At https://support.torproject.org/faq/faq-5/ we have a link to https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN which should be replaced as trac is not longer updated.https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/53GetTor IPFS Provider2022-10-05T13:39:21ZTracGetTor IPFS ProviderI think IPFS could be a good provider by having support for downloading from multiple sources and while the clients don't work through Tor, there are many public gateways.
When attempting to find a list of public gateways, I found https...I think IPFS could be a good provider by having support for downloading from multiple sources and while the clients don't work through Tor, there are many public gateways.
When attempting to find a list of public gateways, I found https://github.com/ipfs/public-gateway-checker/blob/master/gateways.json .
I am not sure how the procedure could be automated, but manually it would work by installing ipfs, creating a folder for requested content, "ipfs add -r directory/" and going to https://example.com/ipfs/HASH (which was given by the previous command) to download it. Alternatively for single file "ipfs add -w file" so a directory is created for it preserving the filename instead of changing it to the hash when downloading.
Volunteers could also host the content by using "ipfs pin add HASH" possibly reducing server load.
**Trac**:
**Username**: Mkaysihttps://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/71Send commits to mailing list(s)2022-10-31T14:01:56ZAlexander Færøyahf@torproject.orgSend commits to mailing list(s)The browser folks wants us to enable commit emails from fenix and other TB related repositories to their commit mailing list. We should find a way to do this in a structured way for the tpo/ namespace such that all our projects (also upc...The browser folks wants us to enable commit emails from fenix and other TB related repositories to their commit mailing list. We should find a way to do this in a structured way for the tpo/ namespace such that all our projects (also upcoming) gets these hooks enabled.
For now, we need to get Fenix and Tor-Browser.https://gitlab.torproject.org/tpo/core/chutney/-/issues/33598chutney does not fail on some SOCKS errors2022-02-07T19:32:13Zteorchutney does not fail on some SOCKS errorsWhen tor can't make a connection, and sends back a SOCKS error, chutney keeps on rapidly sending SOCKS requests. Instead, chutney should fail.
I think we introduced this bug when we started using asyncore.
I have worked around the bug...When tor can't make a connection, and sends back a SOCKS error, chutney keeps on rapidly sending SOCKS requests. Instead, chutney should fail.
I think we introduced this bug when we started using asyncore.
I have worked around the bug using a 5 second asyncore timeout, but we should come up with a permanent fix.
I think nickm might be able to help with this issue, because he wrote that code.https://gitlab.torproject.org/tpo/core/chutney/-/issues/17282Chutney could use a HOWTO for writing new test cases, network tests, etc2022-02-07T19:32:12ZNick MathewsonChutney could use a HOWTO for writing new test cases, network tests, etcDue April 2016Due April 2016https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/46Gitlab should show text files in the browser2022-03-24T23:28:17ZGeorg KoppenGitlab should show text files in the browserRight now if I want to look at some .md or .txt file on Gitlab I need to
download and open it with an external application. However, that should
not be necessary. The browser should be sufficient for this task.Right now if I want to look at some .md or .txt file on Gitlab I need to
download and open it with an external application. However, that should
not be necessary. The browser should be sufficient for this task.https://gitlab.torproject.org/tpo/network-health/metrics/relay-search/-/issues/28681reflected XSS metrics.torproject.org2021-06-30T15:32:58ZTracreflected XSS metrics.torproject.orgHello! I have been found reflected XSS vulnerability on subdomain of torproject.
You should fix it :) Screenshot with easy exploit is attached to ticket.
If it possible, I will proud to get one more sticker pack ^^ .
```
https://metri...Hello! I have been found reflected XSS vulnerability on subdomain of torproject.
You should fix it :) Screenshot with easy exploit is attached to ticket.
If it possible, I will proud to get one more sticker pack ^^ .
```
https://metrics.torproject.org/rs.html#search/1337%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E
```
the vector is:
**"><img src=x onerror=alert(1)>**
P0W3RING D1G1T4L R3S1S74NC3!
**Trac**:
**Username**: 0x539hhttps://gitlab.torproject.org/tpo/network-health/metrics/relay-search/-/issues/40002When the Tor settings are set to safest security level2021-08-10T13:11:32ZMelroy van den BergWhen the Tor settings are set to safest security levelHi,
So when you set the Tor Browser to safe/safest security level settings, the relay search will give an error. See below:
![cors_issue](/uploads/470525bf8326268370fec832309f0523/cors_issue.png)
Two possible solutions (or both?):
1...Hi,
So when you set the Tor Browser to safe/safest security level settings, the relay search will give an error. See below:
![cors_issue](/uploads/470525bf8326268370fec832309f0523/cors_issue.png)
Two possible solutions (or both?):
1. Fix the **CORS issue**, by hosting the backend also via an onion domain
2. Fix the **error message**, since the backend is NOT down. Also let the person now that either the backend is down _OR_ your Tor Browser settings are too high. Otherwise it's very confusing.
Thanks!
**UPDATED:** Related: #31714
Regards,
Melroyhttps://gitlab.torproject.org/tpo/core/tor/-/issues/2743safelogging should cover hidden service name and intro-points too2022-02-07T19:37:07ZRoger Dingledinesafelogging should cover hidden service name and intro-points tooIn log messages about a hidden service we operate, we don't replace the hidden service name with [scrubbed].
Historically, this was considered fine, because you have your hostname and private_key files on disk already.
But if the user ...In log messages about a hidden service we operate, we don't replace the hidden service name with [scrubbed].
Historically, this was considered fine, because you have your hostname and private_key files on disk already.
But if the user puts his $datadir on encrypted storage, and the logs aren't on encrypted storage, then the logs could be the weak link.