The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-11-30T16:17:05Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40464Cannot add .onion search engine when equivalent clearnet is present2022-11-30T16:17:05ZbtdmasterCannot add .onion search engine when equivalent clearnet is presentAdding e.g. https://search.snopyta.org/ as a search engine prevents its .onion equivalent from being added, http://yra4tke2pwcnatxjkufpw6kvebu3h3ti2jca2lcdpgx3mpwol326lzid.onion/, and there is no notification to the user for the cause of...Adding e.g. https://search.snopyta.org/ as a search engine prevents its .onion equivalent from being added, http://yra4tke2pwcnatxjkufpw6kvebu3h3ti2jca2lcdpgx3mpwol326lzid.onion/, and there is no notification to the user for the cause of this issue; the 'Add Search Engine' option is completely absent and there is no practical way of knowing that this is the cause for the issue from the user's perspective.
The workaround is to remove the clearnet search engine manually and then add the .onion version.
This is important not only because adding the .onion version avoids clearnet connections but also because when enabling redirects from clearnet to .onion POST requests are lost, so searx is not only less private but practically useless as it redirects to the .onion with the search parameters lost.https://gitlab.torproject.org/tpo/web/support/-/issues/207Answer the Tor + VPN question better2023-11-08T02:30:16ZemmapeelAnswer the Tor + VPN question betterAt https://support.torproject.org/faq/faq-5/ we have a link to https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN which should be replaced as trac is not longer updated.At https://support.torproject.org/faq/faq-5/ we have a link to https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN which should be replaced as trac is not longer updated.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40437Allow users to backup bookmarks with adb2022-12-08T15:15:30ZAntonelaantonela@torproject.orgAllow users to backup bookmarks with adbfrom tor-ux:
macaroni:
hey all
you know we can't export the bookmarks on Tor Browser Android
and i thought if we can backup the app with adb
then we can backup also the bookmarks
i can backup some apps with adb because they have ALLOW_...from tor-ux:
macaroni:
hey all
you know we can't export the bookmarks on Tor Browser Android
and i thought if we can backup the app with adb
then we can backup also the bookmarks
i can backup some apps with adb because they have ALLOW_BACKUP flag
but i can't backup TBA with adb
if you can do this all users can backup the app including the bookmarks
thanks!https://gitlab.torproject.org/tpo/network-health/metrics/exit-scanner/-/issues/40002Clean up old results by cron job2023-01-23T14:48:24ZirlClean up old results by cron jobCollecTor is archiving the results daily. It's a good idea to keep a few days cache around to cope with outages but this is silly. https://check.torproject.org/lists/
A one-liner we could stick in a cron job to delete files older than X...CollecTor is archiving the results daily. It's a good idea to keep a few days cache around to cope with outages but this is silly. https://check.torproject.org/lists/
A one-liner we could stick in a cron job to delete files older than X days would be a great addition here.
(I guess if you were doing it properly you'd put it in the Python wrapper script.)https://gitlab.torproject.org/tpo/network-health/metrics/collector/-/issues/40007onionperf: No longer need to download tpf files2022-09-28T07:02:04Zirlonionperf: No longer need to download tpf filesThe OnionPerf module still has residual code related to the download of *.tpf files, which are no longer produced by modern OnionPerf. This code could be removed, and in the process might make the JSON downloading code that remains more ...The OnionPerf module still has residual code related to the download of *.tpf files, which are no longer produced by modern OnionPerf. This code could be removed, and in the process might make the JSON downloading code that remains more robust.
Relevant code: https://gitlab.torproject.org/tpo/metrics/collector/-/blob/master/src/main/java/org/torproject/metrics/collector/onionperf/OnionPerfDownloader.javaHiroHirohttps://gitlab.torproject.org/tpo/web/lego/-/issues/25tpo.onion v3 main nav points to .org2023-06-23T18:06:09ZAntonelaantonela@torproject.orgtpo.onion v3 main nav points to .orgIn `http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion` the links at the main nav still pointing to the .org url. Can we make the user to continue its flow in the .onion?In `http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion` the links at the main nav still pointing to the .org url. Can we make the user to continue its flow in the .onion?https://gitlab.torproject.org/tpo/tpa/team/-/issues/40216Add Matrix alerts to Prometheus AlertManager2023-09-29T17:05:56ZirlAdd Matrix alerts to Prometheus AlertManagerWe currently send emails from the Prometheus AlertManager which is great as long as those emails are read by the right person in a timely manner. There are some issues though:
* mail may be send with unencrypted transport (containing se...We currently send emails from the Prometheus AlertManager which is great as long as those emails are read by the right person in a timely manner. There are some issues though:
* mail may be send with unencrypted transport (containing sensitive log information)
* difficult to update list of recipients
* no easy place to see history of alerts
* if the mail server is down, you get no alerts
Some effort has recently been made to start using Matrix inside Tor, and this seems like an oppportunity to move with that momentum and solve some or all of the above issues.
The webhook receiver used in the other project I mentioned is: https://github.com/jaywink/matrix-alertmanager.
If desirable, I could write an Ansible role to run this as a systemd user service on a TPA machine as we have done for Metrics services in the past, or you could write some Puppet to do the same.https://gitlab.torproject.org/tpo/web/newsletter/-/issues/15Links in the RSS feed need to have absolute paths2022-03-01T18:42:07Zchampionquizzerchampionquizzer@torproject.orgLinks in the RSS feed need to have absolute pathsA user on `#tor-www` IRC channel reported:
"https://newsletter.torproject.org/rss/ contains relative URLs (they start with ./), but RSS requires absolute/full URLs (e.g. https://newsletter.torproject.org/etc.). It causes feed readers t...A user on `#tor-www` IRC channel reported:
"https://newsletter.torproject.org/rss/ contains relative URLs (they start with ./), but RSS requires absolute/full URLs (e.g. https://newsletter.torproject.org/etc.). It causes feed readers to fail to open the links in the feed. See: https://validator.w3.org/feed/check.cgi?url=https%3A%2F%2Fnewsletter.torproject.org%2Frss%2F"
Thanks for reporting!https://gitlab.torproject.org/tpo/web/community/-/issues/193Past GSOC projects don't appear, but there is an empty section for them.2023-04-22T07:32:26ZemmapeelPast GSOC projects don't appear, but there is an empty section for them.at the bottom of https://community.torproject.org/gsoc/ there is a section only consisting of:
Past Projects
Here are some successful projects which have been implemented in the past by Google Summer of Code and Outreachy participants
...at the bottom of https://community.torproject.org/gsoc/ there is a section only consisting of:
Past Projects
Here are some successful projects which have been implemented in the past by Google Summer of Code and Outreachy participants
But the past projects are not there anymore.https://gitlab.torproject.org/tpo/web/community/-/issues/188[content][types of relays] Mentions to unexisting section are confusing2022-01-20T19:12:23Zemmapeel[content][types of relays] Mentions to unexisting section are confusingIn the page https://community.torproject.org/relay/types-of-relays/ , in the Exit relay section, we mention the 'legal considerations section' twice.
One is linked to https://community.torproject.org/relay/community-resources , but the ...In the page https://community.torproject.org/relay/types-of-relays/ , in the Exit relay section, we mention the 'legal considerations section' twice.
One is linked to https://community.torproject.org/relay/community-resources , but the other is unlinked, and there are no sections called 'legal considerations'.
> Exit relays have the greatest legal exposure and liability of all the relays. For example, if a user downloads copyrighted material while using your exit relay, you, the operator may receive a DMCA notice. Any abuse complaints about the exit will go directly to you (via your hoster, depending on the WHOIS records). Generally, most complaints can be handled pretty easily through template letters, which we'll discuss further in the **legal considerations section**.
> Because of the legal exposure that comes with running an exit relay, you should not run a Tor exit relay from your home. Ideal exit relay operators are affiliated with some institution, like a university, a library, a hackerspace or a privacy related organization. An institution can not only provide greater bandwidth for the exit, but is better positioned to handle abuse complaints or the rare law enforcement inquiry.
> If you are considering running an exit relay, please read the **section on legal considerations** for exit relay operators.
We should rephrase, mention the current name of the section, and also add a link where there is none.https://gitlab.torproject.org/tpo/web/lego/-/issues/23[UX] text alignment for the header bar2022-05-11T20:38:26Zriyajawandhiya[UX] text alignment for the header bar**What is the user problem?**
When considering the text alignment for the header bar. Headers are often referred to as «Site Menus» and positioned as a key element of navigation in the website layout. Proper alignment in the designs wi...**What is the user problem?**
When considering the text alignment for the header bar. Headers are often referred to as «Site Menus» and positioned as a key element of navigation in the website layout. Proper alignment in the designs will make them visually more appealing and will also make it easier for users to scan over a page.
![image](/uploads/0349f62db2fcc3e409e5f9cb57407579/image.png)
**Why is this important?**
Before downloading the application, people tend to visit the website to understand why they should prefer the new application, rather than their existing ones.
**Why does this satisfy?**
1. Looks uniform
2. Clean and self-explanatory
**Why will the community benefit from it?**
1. The user will feel comfortable and creates Connectivity
**How to measure design's effectiveness?**
[A/B testing](https://uxdesign.cc/7-steps-of-a-b-testing-what-how-cf3b209467fd) - A quick A/B with my acquaintances (who cover major sections of people using the internet) with a high-fidelity versionhttps://gitlab.torproject.org/tpo/core/tor/-/issues/40333`ServerTransportPlugin` option exit cleanly with exit code `-1`, but with no ...2024-03-05T15:39:31Zcypherpunks`ServerTransportPlugin` option exit cleanly with exit code `-1`, but with no user-friendly log warning when the argument `path-to-binary` is invalidIf we add in `/etc/tor/torrc` the line `ServerTransportPlugin obfs4 exec /path/that/does/not/exist`, have log minimum severity to `info` and execute the command `sudo systemctl reload tor`, we can clearly see in the following log extract...If we add in `/etc/tor/torrc` the line `ServerTransportPlugin obfs4 exec /path/that/does/not/exist`, have log minimum severity to `info` and execute the command `sudo systemctl reload tor`, we can clearly see in the following log extract, that the `path-to-binary` argument is improperly or not at all validated before executing it :
~~~
`XXX 00 00:00:00.001 [notice] Tor 0.4.5.6 opening new log file.` \
`[...]` \
`XXX 00 00:00:00.002 [info] process_exec(): Starting new process: /path/that/does/not/exist` \
`XXX 00 00:00:00.020 [info] launch_managed_proxy(): Managed proxy at \'/path/that/does/not/exist\' has spawned with PID \'XXXXX\'. ` \
`[...]` \
`XXX 00 00:00:00.300 [info] notify_waitpid_callback_by_pid(): Child process XXXXX has exited; running callback.` \
`XXX 00 00:00:00.300 [warn] Pluggable Transport process terminated with status code 256` \
`[...]` \
~~~
A relay operator who do no pay enough attentions while reading logs and have log minimum severity of `notice` will only see :
> `XXX 00 00:00:00.300 [warn] Pluggable Transport process terminated with status code 256`
We should definitely have a user-friendly log message to notify the operator that there is a problem with is configuration file.
The file `tor-0.4.5.6/app/config/config.c`, at the fonction `pt_parse_transport_line()`, in the `else` statement between line 5377 and 5421 look a promising place to validate the `path-to-binary`.
There is already a test for this case of non-existent executable, at `tor-0.4.5.6/src/test/test_process_slow.c`, `test_nonexistent_executable()`, starting at line 331.Tor: 0.4.9.x-freezeAlexander Færøyahf@torproject.orgAlexander Færøyahf@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/40328Man tor - Refactoring - Creation of a new `BANDWIDTH MANAGEMENT OPTIONS` section2023-04-03T16:43:38ZcypherpunksMan tor - Refactoring - Creation of a new `BANDWIDTH MANAGEMENT OPTIONS` sectionA total of 11 options (see the list below) should go in a new section named `BANDWIDTH MANAGEMENT OPTIONS`. This would reduce the amount of time spent scrolling around in the man tor page and make finding options more intuitive instead o...A total of 11 options (see the list below) should go in a new section named `BANDWIDTH MANAGEMENT OPTIONS`. This would reduce the amount of time spent scrolling around in the man tor page and make finding options more intuitive instead of having to remember the spreaded locations were bandwidth options are sometimes located.\\
We could also take this opportunity to change the location of the warning about how bandwidth-limiting options are managed. This warning is located at the end of the description of the option `BandwidthRate`. We could move the warning to the description of the newly created `BANDWIDTH MANAGEMENT OPTIONS` section, or at least, in the `THE CONFIGURATION FILE FORMAT` section.\\
Also, like it is said in description of the option `AccountingMax`:\
>>>
Note that (as also described in the Bandwidth section) Tor uses powers of two [...]
>>>
This "Bandwidth section" does not really exist, but now it will if this issue is approuved. The non-existing "Bandwidth section" seems to refer to the description of the option `BandwidthRate`.\\
I will make the neccessary changes in the man tor page and only show you the final result. You will just need to accept it or tell me what need more tweaking.\\
List of options that will need to move to the newly created one:\
>>>
GENERAL OPTIONS:\
- BandwidthBurst
- BandwidthRate
- CountPrivateBandwidth
- MaxAdvertisedBandwidth
- PerConnBWBurst
- PerConnBWRate
- RelayBandwidthBurst
- RelayBandwidthRate\
SERVER OPTIONS:\
- AccountingMax
- AccountingRule
- AccountingStart
>>>
The newly created section will look something like that:\
>>>
**BANDWIDTH MANAGEMENT OPTIONS**\
Description : The end of the description of the options `BandwidthRate` about size unit format.\\
- AccountingMax
- AccountingRule
- AccountingStart
- BandwidthBurst
- BandwidthRate
- CountPrivateBandwidth
- MaxAdvertisedBandwidth
- PerConnBWBurst
- PerConnBWRate
- RelayBandwidthBurst
- RelayBandwidthRate
>>>\
On an unrelated note to this issue:\
I try to use the functionalities of `GitLab Flavord Markdown` in my previous 2 issues, but that did not really goes has I expected, so sorry for the ugly formating of all my previous issues. I'm learning. I hope this issue look a bit better :)https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/96setup CI caching (and dependency proxy?)2022-03-24T23:28:18Zjugasetup CI caching (and dependency proxy?)I'm used to configure a cache in `gitlab-ci.org`, but maybe tpo isn't configured for [that](https://docs.gitlab.com/ee/ci/caching/#where-the-caches-are-stored)?
The message i get in the pipeline job:
```
Creating cache default...
.cac...I'm used to configure a cache in `gitlab-ci.org`, but maybe tpo isn't configured for [that](https://docs.gitlab.com/ee/ci/caching/#where-the-caches-are-stored)?
The message i get in the pipeline job:
```
Creating cache default...
.cache/pip: found 417 matching files and directories
No URL provided, cache will be not uploaded to shared cache server. Cache will be stored only locally.
```https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40009Use tearDown() in unit tests to clean up all created files2022-10-04T17:30:27ZCecylia BocovichUse tearDown() in unit tests to clean up all created filesRight now we're manually removing the files we create, but we don't manage to find and remove all of them. It would be better to have a more thorough cleanup after tests.
@atagar pointed out the use of the tearDown function in https://g...Right now we're manually removing the files we create, but we don't manage to find and remove all of them. It would be better to have a more thorough cleanup after tests.
@atagar pointed out the use of the tearDown function in https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/merge_requests/13#note_272732155abhilash55abhilashhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40316Patch GeckoView's ConnectivityManager usage2022-11-30T15:19:48ZMatthew FinkelPatch GeckoView's ConnectivityManager usageGeckoView uses the connectivity manager for detecting the currently used [type of network connection](https://gitlab.torproject.org/tpo/applications/tor-browser/-/blob/tor-browser-86.0b1-10.5-1/mobile/android/geckoview/src/main/java/org/...GeckoView uses the connectivity manager for detecting the currently used [type of network connection](https://gitlab.torproject.org/tpo/applications/tor-browser/-/blob/tor-browser-86.0b1-10.5-1/mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java#L1170) (WIFI, 2G, 3G, 4G, etc). I didn't dig into the code, but it looks like some gecko behavior changes depending on the link type. Along with removing the `WIFI_STATE` Android permission, we should make sure this isn't [leaking any info into content](https://gitlab.torproject.org/tpo/applications/tor-browser/-/blob/tor-browser-86.0b1-10.5-1/dom/html/HTMLMediaElement.cpp#L2914), and we should probably just always return `LINK_TYPE_UNKNOWN`.Tor Browser: 11.0 Issues with previous releasehttps://gitlab.torproject.org/tpo/network-health/doctor/-/issues/40018Fix up list() usage after Python 3 port2023-10-04T13:55:22ZGeorg KoppenFix up list() usage after Python 3 port@atagar pointed rightly out that I was lazy in 5360a2131d3189e82e02d73a9c840e96dcd85a4c as not all `list()` changes need to be made. We should clean that up by having a closer look at when it is actually needed and when not.@atagar pointed rightly out that I was lazy in 5360a2131d3189e82e02d73a9c840e96dcd85a4c as not all `list()` changes need to be made. We should clean that up by having a closer look at when it is actually needed and when not.https://gitlab.torproject.org/tpo/network-health/doctor/-/issues/40017Doctor incorrectly reports clock skew2022-09-07T07:01:44ZRoger DingledineDoctor incorrectly reports clock skewOn the consensus-health mails, we're getting lines like this:
```
NOTICE: The system clock of moria1 is 48 seconds off
NOTICE: The system clock of dizum is 70 seconds off
NOTICE: The system clock of Faravahar is 37 seconds off
NOTICE: Th...On the consensus-health mails, we're getting lines like this:
```
NOTICE: The system clock of moria1 is 48 seconds off
NOTICE: The system clock of dizum is 70 seconds off
NOTICE: The system clock of Faravahar is 37 seconds off
NOTICE: The system clock of longclaw is 41 seconds off
```
But I believe the clocks on these systems are fine.
What I assume is happening is that DocTor is launching a directory fetch for an object like the consensus, and it's taking 48 seconds to finish retrieving the answer, and then DocTor looks at the Date header in the resulting http response, notices that it is from 48 seconds ago, and reports a clock problem.
Here is an improved algorithm: remember when we started the request, and when we finished it, and if the Date header is anywhere within that range, there is nothing to report.
We could instead consider making additional tiny requests where we expect the answer to come back quickly, but I think that might be overkill at this stage.https://gitlab.torproject.org/tpo/anti-censorship/monit-configuration/-/issues/6Add "end-to-end" test that talks to moat2022-03-01T17:56:58ZPhilipp Winterphw@torproject.orgAdd "end-to-end" test that talks to moatTo catch issues like the one in tpo/anti-censorship/pluggable-transports/meek#40001 early, we could add a new monit test that talks to moat over obfs4proxy. Basically, we would spawn a tor instance and let it bootstrap over meek. We then...To catch issues like the one in tpo/anti-censorship/pluggable-transports/meek#40001 early, we could add a new monit test that talks to moat over obfs4proxy. Basically, we would spawn a tor instance and let it bootstrap over meek. We then try to talk to moat and return with exit code 0 if this succeeded.
The challenge is that we should use the same tor and obfs4proxy version as Tor Browser does. And even then, there is no guarantee that we're catching all possible problems – for example, an issue may be limited to Windows. Still, having a test like this would probably go a long way.
(We discussed this topic in [today's anti-censorship meeting](http://meetbot.debian.net/tor-meeting/2020/tor-meeting.2020-12-17-15.57.html)).https://gitlab.torproject.org/tpo/web/manual/-/issues/63Images overflow on mobile2023-04-23T15:18:56ZtorrrrrrrrrrrrrrrrImages overflow on mobileOn these pages,
- https://tb-manual.torproject.org/about/
- https://tb-manual.torproject.org/secure-connections/
- https://tb-manual.torproject.org/updating/
- https://tb-manual.torproject.org/uninstalling/
An image overflows device wid...On these pages,
- https://tb-manual.torproject.org/about/
- https://tb-manual.torproject.org/secure-connections/
- https://tb-manual.torproject.org/updating/
- https://tb-manual.torproject.org/uninstalling/
An image overflows device width on mobile.
One screenshot:
<img src="/uploads/19177e9a09d6798a5a57b059d0b604ee/tb-manual.png" width="300">