The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-01-11T17:32:09Zhttps://gitlab.torproject.org/tpo/community/hackweek/-/issues/24Public documentation about project design and grant writing process2024-01-11T17:32:09Zal smithPublic documentation about project design and grant writing process# About the project
* Contact: @smith
* Chat: #tor-internal on `irc.oftc.net`
* Video room: tbd
# Participants
- @smith
- etc
# Summary
- Write a guide on the process of project design and grant proposal writing
- Publish that ...# About the project
* Contact: @smith
* Chat: #tor-internal on `irc.oftc.net`
* Video room: tbd
# Participants
- @smith
- etc
# Summary
- Write a guide on the process of project design and grant proposal writing
- Publish that guide
- Create a template spreadsheet with guidelines on how to do estimations (@gaba, any interest in helping?)
We created an [overview of the grants process in Costa Rica and presented it in an in-person session](https://gitlab.torproject.org/tpo/team/-/wikis/Meetings/2023/2023-Tor-Meeting-Costa-Rica-Wiki/overview-of-how-projects-get-funded). We can use this to create something that's easier to read, more well-resourced, and easier to find.
# Skills
- Familiarity with the project design and grant writing process, either from a team participant side (e.g., someone from the network team who has been involved grant writing before) or from the design and writing side (e.g., someone form the money machine team).
# LinksHackweek 2023al smithal smithhttps://gitlab.torproject.org/tpo/community/hackweek/-/issues/21Spell checker CI for Markdown (and maybe other) files2023-11-30T16:16:39ZSilvio RhattoSpell checker CI for Markdown (and maybe other) files# About the project
* Contact: @rhatto
* Chat: #tor-dev on `irc.oftc.net`
* Video room: to be defined.
# Participants
- @rhatto (I'm proposing more than one project to the 2023 Hackweek, so I might end up participating in just one, de...# About the project
* Contact: @rhatto
* Chat: #tor-dev on `irc.oftc.net`
* Video room: to be defined.
# Participants
- @rhatto (I'm proposing more than one project to the 2023 Hackweek, so I might end up participating in just one, depending on other people interest in participate)
- etc
# Summary
This is a proposal to write a spell checking [GitLab CI/CD](https://about.gitlab.com/topics/ci-cd/) job (or a bot) to look for typos in Markdown files (and maybe other types).
## Project A - Writing
The first project in this proposal would be to actually write the spell checking routine.
Some existing solutions that can be evaluated and used, or being just a source of inspiration:
* [R2Devops - codespell](https://r2devops.io/marketplace/gitlab/r2devops/hub/codespell)
* [codespell-project/codespell: check code for common misspellings](https://github.com/codespell-project/codespell)
* [check-spelling/check-spelling: Spelling checker action to check spelling in repositories / pull requests / commits](https://github.com/check-spelling/check-spelling)
* [betrybe/code-spell-checker-action](https://github.com/betrybe/code-spell-checker-action)
* [CSpell | A Spell Checker for Code!](http://cspell.org/)
* [Documentation for Spelling - spell checker for CI!](https://spelling-dev.readthedocs.io/en/latest/)
It may also be important to find a way to reduce false positives.
## Project B - Integrating
In this project, the spell checker would be integrated into the following projects:
* [Onion MkDocs](https://rhatto.pages.torproject.net/onion-mkdocs/).
* [Onion TeX Slim](https://gitlab.torproject.org/rhatto/onion-tex-slim).
* [Onion Reveal](https://gitlab.torproject.org/tpo/community/hackweek/-/issues/15) (if it actually exists).
* ... and also in some repositories using these things (like [The Onion Plan](https://tpo.pages.torproject.net/onion-services/onionplan/))!
## Project C - Documenting
This project is about documenting how to use the spell checker in a repository.
# Skills
Some knowledge in the following technologies may be needed in order to participate:
* Git/GitLab CI.
* Markdown.
* Writing documentation.
* Basic scripting (Python, shell).Hackweek 2023Silvio RhattoSilvio Rhatto2023-11-09https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42174"GET / undefined" from Tor Browser, but "GET / HTTP/1.1" on normal Firefox Br...2023-11-07T13:30:45Zcypherpunks"GET / undefined" from Tor Browser, but "GET / HTTP/1.1" on normal Firefox BrowserYour Browser is sending "GET / undefined", while Firefox and Chrome correctly navigate with HTTP/1.1 or 2.0. This started happening since v13. Normal Firefox, Firefox with Tor, Chrome, Chrome with Tor never have this problem.Your Browser is sending "GET / undefined", while Firefox and Chrome correctly navigate with HTTP/1.1 or 2.0. This started happening since v13. Normal Firefox, Firefox with Tor, Chrome, Chrome with Tor never have this problem.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42173Error instead of https://noscript.net/getit/ (13.0a6)2023-11-01T18:19:45ZcypherpunksError instead of https://noscript.net/getit/ (13.0a6)```
GET
https://noscript.net/getit/
Security state 0 has no known STATE_IS_* flags. DevToolsInfaillibleUtils.sys.mjs:22:13
reportException resource://devtools/shared/DevToolsInfaillibleUtils.sys.mjs:22
parseSecurityInfo resource...```
GET
https://noscript.net/getit/
Security state 0 has no known STATE_IS_* flags. DevToolsInfaillibleUtils.sys.mjs:22:13
reportException resource://devtools/shared/DevToolsInfaillibleUtils.sys.mjs:22
parseSecurityInfo resource://devtools/shared/network-observer/NetworkHelper.sys.mjs:671
#getSecurityInfo resource://devtools/shared/network-observer/NetworkResponseListener.sys.mjs:364
onStartRequest resource://devtools/shared/network-observer/NetworkResponseListener.sys.mjs:262
NS_ERROR_UNKNOWN_PROXY_HOST: Component returned failure code: 0x804b002a (NS_ERROR_UNKNOWN_PROXY_HOST) [nsIDNSService.asyncResolve] 2 URIFixup.sys.mjs:626
checkHost resource://gre/modules/URIFixup.sys.mjs:626
RPMCheckAlternateHostAvailable resource://gre/actors/NetErrorChild.sys.mjs:144
accessCheckedFn resource://gre/actors/RemotePageChild.sys.mjs:77
initPage chrome://global/content/aboutNetError.mjs:424
<anonymous> chrome://global/content/aboutNetError.mjs:1570
Uncaught (in promise) DOMException: An exception was thrown
initPage chrome://global/content/aboutNetError.mjs:424
<anonymous> chrome://global/content/aboutNetError.mjs:1570
aboutNetError.mjs:424
```https://gitlab.torproject.org/tpo/tpa/team/-/issues/41354gitlab-runner errors on some runners2023-11-04T13:40:49Zmicahmicah@torproject.orggitlab-runner errors on some runnersI found that some runners produced an error on a job, but others did not. The error, which you can see in [this example job](https://gitlab.torproject.org/tpo/tpa/container-images/-/jobs/381195) is as follows:
```
$ podman login -u $CI_...I found that some runners produced an error on a job, but others did not. The error, which you can see in [this example job](https://gitlab.torproject.org/tpo/tpa/container-images/-/jobs/381195) is as follows:
```
$ podman login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
time="2023-10-05T15:32:04Z" level=warning msg="\"/\" is not a shared mount, this could cause issues or missing mounts with rootless containers"
cannot clone: Operation not permitted
Error: cannot re-exec process
```
I get this error on `ci-runner-x86-09`, `ci-runner-x86-10`, `ci-runner-arm64-13`, `runner-s390x-11`, `runner-ppcle64-12`
I do *not* get the error on: `ci-runner-x86-02-main`, `runner-x86-03-main`, `runner-x86-02-large`, these would succeed.
The ones that fail all seem to be osuosl.
The message appears to be suggesting there is a template backslash that snuck into the runner config.anarcatanarcathttps://gitlab.torproject.org/tpo/applications/vpn/-/issues/113missing image disconnected default screen2023-11-28T12:01:07Zkwadronautmissing image disconnected default screenShould probably not be black when disconnected
![image](/uploads/92cb39cd6f420c873d7a566f4ad43fef/image.png)Should probably not be black when disconnected
![image](/uploads/92cb39cd6f420c873d7a566f4ad43fef/image.png)VPN pre-alpha 04kwadronautkwadronauthttps://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/239Arch Linux spits out core dump and stops when building from source2023-10-02T03:30:43ZGhost UserArch Linux spits out core dump and stops when building from source<!--
* Use this issue template for reporting a new bug.
-->
### Summary
**Summarize the bug encountered concisely.**
### Steps to reproduce:
**How one can reproduce the issue - this is very important.**
1. [paru](https://github.com/M...<!--
* Use this issue template for reporting a new bug.
-->
### Summary
**Summarize the bug encountered concisely.**
### Steps to reproduce:
**How one can reproduce the issue - this is very important.**
1. [paru](https://github.com/Morganamilo/paru/) -G [mullvad-browser](https://aur.archlinux.org/packages/mullvad-browser)
2. cd mullvad-browser
3. [makepkg](https://gitlab.archlinux.org/pacman/pacman)
### What is the current bug behavior?
**What actually happens.**
Build fails with output of core dump
### What is the expected behavior?
**What you want to see instead**
Build succeeds and binary package is generated
### Environment
**Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.**
**Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.**
- OS: Arch Linux
- Repository: [Arch User Reposotory](https://aur.archlinux.org/)
### Relevant logs and/or screenshots
- [stdout-1.log](/uploads/5840e22ac93bd8949751e98f75ba92ca/stdout-1.log)
- [stdout-2.log](/uploads/52c9485b174999d1e5bef9261a3162c5/stdout-2.log)
- [stdout-3.log](/uploads/9ddc8fcdf90d75182b7090aafd224f23/stdout-3.log)
- [stdout-4.log](/uploads/37d8053995bbc643c7d9bc2759f9dc2d/stdout-4.log)
- [stdout-5.log](/uploads/e72bddd5a2aad21f6682e7160ce1d759/stdout-5.log)
- [stdout-6.log](/uploads/b709a5ac52d78497b70a5fec3456079e/stdout-6.log)
- [journal.log](/uploads/5e300b207cedafa3b6eaa8bffec1eb04/journal.log)https://gitlab.torproject.org/tpo/tpa/team/-/issues/41323Mysterious gitlab CI failure related to artifacts?2023-10-12T16:42:04ZIan Jacksoniwj@torproject.orgMysterious gitlab CI failure related to artifacts?This job
https://gitlab.torproject.org/Diziet/arti/-/jobs/367045
failed with what appears to an inability to find the Arti binary. That is supposed to come via `artifacts/`. I think, from this job
https://gitlab.torproject.org/Dizi...This job
https://gitlab.torproject.org/Diziet/arti/-/jobs/367045
failed with what appears to an inability to find the Arti binary. That is supposed to come via `artifacts/`. I think, from this job
https://gitlab.torproject.org/Diziet/arti/-/jobs/367037
That job has some strange messages at the end. "WARNING: artifacts: no matching files". I don't know how that could be possible given that the build succeeded.
We discussed this briefly on `#tor-dev` without any conclusion. @jnewsome reports "hmm this has happened before too", "at least once before i just chalked it up as weirdness and reran".
This is part of https://gitlab.torproject.org/Diziet/arti/-/pipelines/104832, and I'm going to hit "retry" on the rust-latest and integration tests, because I want this MR CI to pass.
CC @trinity-1686a who has also been helpful in this conversation.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42104Gah. Your tab just crashed. Cause: Usage of Hardened-Malloc2023-09-20T01:37:01ZshanzhanzGah. Your tab just crashed. Cause: Usage of Hardened-Malloc<!--
* Use this issue template for reporting a new bug.
-->
### Summary
**Summarize the bug encountered concisely.**
When opening tabs that are loaded with JS it will crush.
### Steps to reproduce:
**How one can reproduce the issue - ...<!--
* Use this issue template for reporting a new bug.
-->
### Summary
**Summarize the bug encountered concisely.**
When opening tabs that are loaded with JS it will crush.
### Steps to reproduce:
**How one can reproduce the issue - this is very important.**
Sadly no known steps to reproduce it, but i can provide all the needed logs.
### What is the current bug behavior?
**What actually happens.**
![tbnsbug](/uploads/811109c00bf1d37b031e13bcab6a7a92/tbnsbug.png)
### What is the expected behavior?
**What you want to see instead**
https://monkeytype.com/
### Environment
**Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.**
**Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.**
Debian 12
TB downloaded from TPO download page.
### Relevant logs
```
[host user ~]% torbrowser
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 42: Use of ambiguous path in <dir> element. please add prefix="cwd" if current behavior is desired.
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 118: unknown element "blank"
Crash Annotation GraphicsCriticalError: |[0][GFX1-]: No GPUs detected via PCI (t=0.673829) [GFX1-]: No GPUs detected via PCI
Crash Annotation GraphicsCriticalError: |[0][GFX1-]: No GPUs detected via PCI (t=0.673829) |[1][GFX1-]: glxtest: process failed (received signal 11) (t=0.673876) [GFX1-]: glxtest: process failed (received signal 11)
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 42: Use of ambiguous path in <dir> element. please add prefix="cwd" if current behavior is desired.
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 118: unknown element "blank"
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 42: Use of ambiguous path in <dir> element. please add prefix="cwd" if current behavior is desired.
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 118: unknown element "blank"
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 42: Use of ambiguous path in <dir> element. please add prefix="cwd" if current behavior is desired.
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 118: unknown element "blank"
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 42: Use of ambiguous path in <dir> element. please add prefix="cwd" if current behavior is desired.
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 118: unknown element "blank"
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 42: Use of ambiguous path in <dir> element. please add prefix="cwd" if current behavior is desired.
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 118: unknown element "blank"
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 42: Use of ambiguous path in <dir> element. please add prefix="cwd" if current behavior is desired.
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 118: unknown element "blank"
(Tor Browser:2921): Gtk-WARNING **: 16:46:54.143: Could not load a pixbuf from /org/gtk/libgtk/theme/Adwaita/assets/bullet-symbolic.svg.
This may indicate that pixbuf loaders or the mime database could not be found.
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 42: Use of ambiguous path in <dir> element. please add prefix="cwd" if current behavior is desired.
Fontconfig warning: "/home/user/.tb/tor-browser/Browser/fontconfig/fonts.conf", line 118: unknown element "blank"
fatal allocator error: invalid uninitialized allocator usage
Redirecting call to abort() to mozalloc_abort
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42044add -moz-device-pixel-ratio to RFP2023-08-28T14:26:07ZThorinadd -moz-device-pixel-ratio to RFPin #41740 we will change the devicePixelRatio spoof to 2
This issue is to add `-moz-device-pixel-ratio` to RFP to do the samein #41740 we will change the devicePixelRatio spoof to 2
This issue is to add `-moz-device-pixel-ratio` to RFP to do the sameThorinThorinhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42041TBB --allow-remote mixes up with plain Firefox2023-10-03T13:27:51ZilfTBB --allow-remote mixes up with plain FirefoxI am trying to use TBB with `--allow-remote` (see #15185) and Firefox at the same time, but both get mixed up.
Steps to reproduce:
# both regular
1. `/path/to/tor-browser/Browser/start-tor-browser`
2. `/usr/bin/firefox`
3. `firefox tor...I am trying to use TBB with `--allow-remote` (see #15185) and Firefox at the same time, but both get mixed up.
Steps to reproduce:
# both regular
1. `/path/to/tor-browser/Browser/start-tor-browser`
2. `/usr/bin/firefox`
3. `firefox torproject.org` -> opens in firefox
4. `start-tor-browser torproject.org` -> "Tor Browser is already running, but is not responding."
# allow-remote, tbb first
1. `start-tor-browser --allow-remote`
2. `firefox` -> opens new TBB window
3. `start-tor-browser --allow-remote torproject.org` -> opens tab in TBB
4. `firefox torproject.org` -> opens tab in TBB
# allow-remote, ff first
1. `firefox`
2. `start-tor-browser --allow-remote` -> opens new FF window
3. `start-tor-browser --allow-remote torproject.org` -> opens tab in FF
4. `firefox torproject.org` -> opens tab in FF
It seems both somehow call just plain "firefox" and take the first one running on the system, without checking and distinguishing instances.
`start-tor-browser` from line 341 calls `./firefox` and sais this:
```
# --class and --name parameters are used to make sure WM_CLASS is set
# up correctly, to identify itself from plain Firefox windows (and
# prevent from mixing up with them).
```
Looks to me like `WM_CLASS` doesn't work as intended?ilfilfhttps://gitlab.torproject.org/tpo/network-health/sbws/-/issues/40161Bandwidth scanners don't measure >1 Gbps per IP2023-09-28T15:39:05ZNeel Chauhanneel@neelc.orgBandwidth scanners don't measure >1 Gbps per IPThis isn't my usual "sbws is slow" issue, but with the new 8 relays per IP, I found one possible bottleneck: the fact that an IPv4 can't measure more than 1 Gbps.
This happens on my **opsrelay** family relays: https://metrics.torproject...This isn't my usual "sbws is slow" issue, but with the new 8 relays per IP, I found one possible bottleneck: the fact that an IPv4 can't measure more than 1 Gbps.
This happens on my **opsrelay** family relays: https://metrics.torproject.org/rs.html#search/family:E1E99C9C48054C988A124BE5678A45F883FC8E72
Most of these these relays are hosted on a 2 Gbps OVH VPS (since I had to leave ReliableSite, avoid them, even pay the AWS tax instead), each VPS has 8 exit relays, all 8 which only measure 1 Gbps combined. The only exception is my **NeelTorRelay** middle relays which are hosted on a CenturyLink Gigabit connection with 4 middle relays.
I can understand why you measure all relays on one IP at once (assuming you do): to see the server's capacity when fully loaded. But since we allow 8 relays per IP, many IPs can give >1 Gbps relay capacity. I have 2 Gbps bandwidth per OVH IP but each only measure up to 1 Gbps.
Other people may be affected as well: people with 10 Gigabit servers but not a lot of IPv4, and multi-Gigabit XGS-PON fiber ISPs.
**I believe this isn't an issue with sbws, but rather the servers hosting sbws.**
We *need* to upgrade the scanners to 10 Gbps ports when we can. It's more expensive, but necessary. You don't need 10 Gbps upfront, but we can start at 2 Gbps and slowly ramp up the bandwidth, or use 95th Percentile ports and only "commit" to 1 Gbps to avoid overpaying for capacity we don't have
We could also measure each relay individually, but this has the issue of overstating capacity and ruining user experience if a relay is congested.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41895flip RFP's prefers-color-scheme to dark2023-11-01T23:10:07ZThorinflip RFP's prefers-color-scheme to darkRFP reduces this binary metric to useless (in our Tor Browser set of users) by always returning `light`. We can achieve the same FPing protection by always returning `dark`.
This is, IMO, not technically an accessibility issue, as the C...RFP reduces this binary metric to useless (in our Tor Browser set of users) by always returning `light`. We can achieve the same FPing protection by always returning `dark`.
This is, IMO, not technically an accessibility issue, as the CSS standard is arbitrary, not universal - i.e only a few websites (but arguably large popular websites) implement it. That said, I am not an accessibility expert, or knowledgeable about or experience light hurting eyes and creating migraines etc. I will say I've never heard of anyone claiming dark sites did the same (but of course the default is light and we enforce light)
In ESR115 as a major milestone, we could change test always returning `dark`. My logic for this is
- entropy is not affected
- accessibility _may_ be helped
- I strongly believe accessibility re colors is best served under existing/upcoming standards that are universal (which we could preset/harden)
- there are degrees of usefulness, and accessibility advocates indicate that this helps (maybe they're lying just to advocate their perference, but I'm inclined to agree that it can't hurt and would likely help)
We currently get RFP users (and tom will confirm), who complain about the _same few_ RFP items: it's _always_ timezone, prefers-color-scheme, and now timing (60FPS). It is my belief that no matter what we do, people will complain, but by returning `dark`, user's complaints are no longer anywhere near the validity of e.g. saying it causes migraines - in fact users who complain they get dark themed sites are just aesthetics (unless someone can prove dark themes are an accessibility problem)
In other words - flipping to dark cannot hurt fingerprinting, and can/would help usability
Class, discuss! cc @donutshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41894tor signal reload -> no more connections possible2023-07-20T15:44:06ZYetitor signal reload -> no more connections possible### Summary
After reloading TOR configuration by sending signal RELOAD (HUP) to control port no further connections are possible.
### Steps to reproduce:
1. Connect to Torbrowser/Tor control port (usually 9051), authenticate using a con...### Summary
After reloading TOR configuration by sending signal RELOAD (HUP) to control port no further connections are possible.
### Steps to reproduce:
1. Connect to Torbrowser/Tor control port (usually 9051), authenticate using a configured authentication method, and send the "signal reload" command. This is needed for example to (temporary) set a new exit node or exit country for a new browser tab without closing all other tabs and restarting Torbrowser.
2. Try to reload the current page or open a new.
### What is the current bug behavior?
Error "The proxy server is refusing connections". No more browsing is possible.
### What is the expected behavior?
The page navigation should continue working, but with the new Tor config.
### Environment
Windows 10
Torbrowser 12.5.1YetiYetihttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/128Modern firewall-penetration protocols for Tor in China2023-08-11T09:50:26ZcomputerscotModern firewall-penetration protocols for Tor in ChinaReports on https://github.com/net4people/bbs/issues and https://forum.torproject.org say that both obfs4 and snowflake are blocked by the GFW. There are also doubts about whether the new WebTunnel pluggable transport will work. The GFW d...Reports on https://github.com/net4people/bbs/issues and https://forum.torproject.org say that both obfs4 and snowflake are blocked by the GFW. There are also doubts about whether the new WebTunnel pluggable transport will work. The GFW detects and blocks WebSocket-based proxies.
This is a proof-of-concept for more modern firewall-penetration protocols.
To test these protocols in action, set up an Xray server and client using the latest techniques, for example, https://cscot.pages.dev/2023/07/02/xray-reality-h2. If you follow the sample configuration in that article, you will have a SOCKS5 proxy listening on port `10808` on your client.
Download and install the Tor Browser from https://www.torproject.org.
When you run the Tor Browser for the first time, click **Configure Connection**.
Scroll down and click the **Settings** button at the bottom to configure how you connect to the internet. Check **I use a proxy to connect to the Internet**. The type is **SOCKS5**, the address is `127.0.0.1`, and the port is `10808`. Click **OK**.
I have found it more reliable to click **Select a Built-In Bridge**. This should not be necessary, since the Xray server is already outside the GFW. Perhaps it helps because built-in bridges are faster than random entry nodes. Select **obfs4**. Click **Connect**.
Now you can test your connection by trying to reach a Tor-only site.
BBC News in simplified Chinese:
```
https://www.bbcweb3hytmzhn5d532owbu6oqadra5z3ar726vq5kgwwn6aucdccrad.onion/zhongwen/simp
```
DW News in simplified Chinese:
```
https://www.dwnewsgngmhlplxy6o2twtfgjnrnjxbegbwqx6wnotdhkzt562tszfid.onion/zh/?zhongwen=simp
```
New York Times in simplified Chinese:
```
https://cn.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion
```
![dw-onion-simplified-chinese](/uploads/37794d56098885a7979eb2230e140737/dw-onion-simplified-chinese.png)meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41870Modern firewall-penetration protocols for Tor in China2023-07-07T10:01:53ZcomputerscotModern firewall-penetration protocols for Tor in ChinaReports on https://github.com/net4people/bbs/issues and https://forum.torproject.org say that both obfs4 and snowflake are blocked by the GFW. There are also doubts about whether the new WebTunnel pluggable transport will work. The GFW d...Reports on https://github.com/net4people/bbs/issues and https://forum.torproject.org say that both obfs4 and snowflake are blocked by the GFW. There are also doubts about whether the new WebTunnel pluggable transport will work. The GFW detects and blocks WebSocket-based proxies.
This is a proof-of-concept for more modern firewall-penetration protocols.
To test these protocols in action, set up an Xray server and client using the latest techniques, for example, https://cscot.pages.dev/2023/07/02/xray-reality-h2. If you follow the sample configuration in that article, you will have a SOCKS5 proxy listening on port `10808` on your client.
Download and install the Tor Browser from https://www.torproject.org.
When you run the Tor Browser for the first time, click **Configure Connection**.
Scroll down and click the **Settings** button at the bottom to configure how you connect to the internet. Check **I use a proxy to connect to the Internet**. The type is **SOCKS5**, the address is `127.0.0.1`, and the port is `10808`. Click **OK**.
I have found it more reliable to click **Select a Built-In Bridge**. This should not be necessary, since the Xray server is already outside the GFW. Perhaps it helps because built-in bridges are faster than random entry nodes. Select **obfs4**. Click **Connect**.
Now you can test your connection by trying to reach a Tor-only site.
BBC News in simplified Chinese:
```
https://www.bbcweb3hytmzhn5d532owbu6oqadra5z3ar726vq5kgwwn6aucdccrad.onion/zhongwen/simp
```
DW News in simplified Chinese:
```
https://www.dwnewsgngmhlplxy6o2twtfgjnrnjxbegbwqx6wnotdhkzt562tszfid.onion/zh/?zhongwen=simp
```
New York Times in simplified Chinese:
```
https://cn.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion
```
![dw-onion-simplified-chinese](/uploads/c696b775dc1f976880b42e8100342f54/dw-onion-simplified-chinese.png)meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40883Verification issues with the new Windows code signing certificate2023-08-17T21:35:26Zcypherpunks1Verification issues with the new Windows code signing certificateThe new certificate cannot be verified on two systems that I tried it.
A comparison of the 12.0.4 and 12.5a7 installers:
![cert](/uploads/eceecebe2d7a455900271857d7484f25/cert.png)The new certificate cannot be verified on two systems that I tried it.
A comparison of the 12.0.4 and 12.5a7 installers:
![cert](/uploads/eceecebe2d7a455900271857d7484f25/cert.png)cypherpunks1cypherpunks1https://gitlab.torproject.org/tpo/tpa/team/-/issues/41222Is the web ui disabled for our VictoriaMetrics version?2023-06-13T12:37:36ZHiroIs the web ui disabled for our VictoriaMetrics version?I see the web ui for VictoriaMetrics at https://metrics-db.torproject.org/vmui/ is returning a 404.
\@gkI see the web ui for VictoriaMetrics at https://metrics-db.torproject.org/vmui/ is returning a 404.
\@gkSponsor 112 : Combating Malicious RelaysJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41829Error after run make build, trying to build tor browser from source2023-07-06T18:15:47ZwaterglassError after run make build, trying to build tor browser from sourceI am trying to build tor browser from source according wiki. I get the following error when run `make build`.
```
./build.sh /home/$USER/tor-browser/tools/torbrowser/../..
0:00.37 Clobber not needed.
Config object not found by mach.
...I am trying to build tor browser from source according wiki. I get the following error when run `make build`.
```
./build.sh /home/$USER/tor-browser/tools/torbrowser/../..
0:00.37 Clobber not needed.
Config object not found by mach.
0:00.46 Using Python 3.10.6 from /home/$USER/tor-browser/obj-x86_64-pc-linux-gnu/_virtualenvs/build/bin/python
0:00.46 Adding configure options from /home/$USER/tor-browser/mozconfig
0:00.46 --enable-application=browser
0:00.46 --enable-official-branding
0:00.46 --enable-optimize
0:00.47 --enable-rust-simd
0:00.47 --enable-verify-mar
0:00.47 --enable-nss-mar
0:00.47 --enable-base-browser-update
0:00.47 --enable-bundled-fonts
0:00.47 --disable-tests
0:00.47 --disable-debug
0:00.47 --disable-crashreporter
0:00.47 --disable-webrtc
0:00.47 --disable-parental-controls
0:00.47 --disable-eme
0:00.47 --enable-proxy-bypass-protection
0:00.47 --disable-system-policies
0:00.47 --disable-backgroundtasks
0:00.47 MOZ_TELEMETRY_REPORTING=
0:00.47 --without-wasm-sandboxed-libraries
0:00.47 --with-relative-data-dir=TorBrowser/Data/Browser
0:00.47 --with-distribution-id=org.torproject
0:00.47 --with-branding=browser/branding/tb-nightly
0:00.47 --enable-default-toolkit=cairo-gtk3
0:00.47 --disable-strip
0:00.47 --disable-install-strip
0:00.47 --with-base-browser-version=dev-build
0:00.47 --disable-base-browser-update
0:00.47 --enable-artifact-builds
0:00.47 MOZILLA_OFFICIAL=
0:00.47 checking for vcs source checkout... git
0:00.58 checking for a shell... /usr/bin/sh
0:00.60 checking for host system type... x86_64-pc-linux-gnu
0:00.60 checking for target system type... x86_64-pc-linux-gnu
0:00.66 checking whether cross compiling... no
0:00.71 Traceback (most recent call last):
0:00.71 File "/home/$USER/tor-browser/configure.py", line 349, in <module>
0:00.71 sys.exit(main(sys.argv))
0:00.71 File "/home/$USER/tor-browser/configure.py", line 131, in main
0:00.71 sandbox.run(os.path.join(os.path.dirname(__file__), "moz.configure"))
0:00.71 File "/home/$USER/tor-browser/python/mozbuild/mozbuild/configure/__init__.py", line 516, in run
0:00.71 self._value_for(option)
0:00.71 File "/home/$USER/tor-browser/python/mozbuild/mozbuild/configure/__init__.py", line 621, in _value_for
0:00.71 return self._value_for_option(obj)
0:00.71 File "/home/$USER/tor-browser/python/mozbuild/mozbuild/util.py", line 1061, in method_call
0:00.71 cache[args] = self.func(instance, *args)
0:00.71 File "/home/$USER/tor-browser/python/mozbuild/mozbuild/configure/__init__.py", line 688, in _value_for_option
0:00.71 raise InvalidOptionError(
0:00.71 mozbuild.configure.options.InvalidOptionError: --enable-optimize is not available in this configuration
*** Fix above errors and then restart with "./mach build"
make: *** [Makefile:26: build] Error 1
```waterglasswaterglasshttps://gitlab.torproject.org/tpo/network-health/sbws/-/issues/40155Lower advertised bandwidth/consensus weight on relays with "higher latency"2023-07-03T13:14:12ZNeel Chauhanneel@neelc.orgLower advertised bandwidth/consensus weight on relays with "higher latency"I run four middle relays on a CenturyLink Gigabit connection in Seattle, WA: https://metrics.torproject.org/rs.html#search/neeltorrelay
I noticed that the consensus weight is lower if the latency is generally higher, with four instances...I run four middle relays on a CenturyLink Gigabit connection in Seattle, WA: https://metrics.torproject.org/rs.html#search/neeltorrelay
I noticed that the consensus weight is lower if the latency is generally higher, with four instances on a connection I get ~25 MB/s (~200 Mbps). "higher latency" means generally higher latency from most of the other relays, namely relays in Europe.
I can get around this temporally by pushing large file downloads between my relay instances, with two client instances and relays closer to my area (namely Emerald Onion, Telus, and Ziply Fiber). Right now the advertised bandwidth/consensus weight is lower than it could be.
For a while it seemed fixed, but it came back for some reason.jugajuga