The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-03-28T10:49:31Zhttps://gitlab.torproject.org/tpo/applications/vpn/-/issues/151reconnect/new circuit when changing bridge type or on/off2024-03-28T10:49:31Zkwadronautreconnect/new circuit when changing bridge type or on/offIs there a need to reconnect/move to a new circuit when the bridge settings are changed: bridge on/off or type (obfs4 or snowflake for now).Is there a need to reconnect/move to a new circuit when the bridge settings are changed: bridge on/off or type (obfs4 or snowflake for now).Sponsor 101 - Tor VPN Client for Androidhttps://gitlab.torproject.org/tpo/applications/vpn/-/issues/97Consider adding a "No internet" state2024-03-27T17:28:52Zmicahmicah@torproject.orgConsider adding a "No internet" stateI was in an airport, with fairly restrictive internet. I had connected to the captive portal and logged in, so I could use the free airport wifi, and I wanted to turn on the Tor VPN to obfuscate my traffic. I launched it, pressed the con...I was in an airport, with fairly restrictive internet. I had connected to the captive portal and logged in, so I could use the free airport wifi, and I wanted to turn on the Tor VPN to obfuscate my traffic. I launched it, pressed the connect button, and it showed connected, and data transfer rates started to show.
However, nothing was loading in my browser on my device, so I went to go look at the logs, and I found that onionmasq underneath was complaining about failing to connect to the tor network, it clearly was not actually connected and was retrying, but the UI was showing I was connected and that data was being transferred.
I failed to copy the logs, and I realize that its not trivial to re-produce this, but I thought I should file an issue to get this out there.VPN pre-alpha 07donutsdonutshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41112Integrate cross-tab identity leak protection into Tor Browser with native UX2024-03-27T14:39:06ZdonutsIntegrate cross-tab identity leak protection into Tor Browser with native UXIn response to the potential for cache side channel attacks reported in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41071, @ma1 deployed [Cross-tab Identity Leak Protection](https://noscript.net/usage/#crosstab-i...In response to the potential for cache side channel attacks reported in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41071, @ma1 deployed [Cross-tab Identity Leak Protection](https://noscript.net/usage/#crosstab-identity-leak-protection) (or "TabGuard") in NoScript 11.4.8. However some users are finding the warning confusing, and/or are suffering from warning fatigue – e.g.:
```
<Jeremy_Rand_36C3[m]> So far at least 2 users in #tor have been very confused about the NoScript warnings that were recently added. One of them thought the warning meant his identity had already leaked, and panicked and shut off Tor Browser. Seems like we should ask the UX Team to evaluate how we can improve this, now that we have some breathing room since the vulnerability is mitigated.
<Jeremy_Rand_36C3[m]> One of the two users I noticed who was confused about the warning was one of my co-workers, who is very technically proficient, including about Tor, and even he couldn't understand what the warning was about, what triggered it, and what the correct course of action was
<Jeremy_Rand_36C3[m]> Then you have a less sophisticated user who thought the warning meant he was already pwned and panicked
<Jeremy_Rand_36C3[m]> I was hoping the UX Team might be able to evaluate how this warning can be better presented so that users don't get confused or make bad decisions when they see it
```
We're planning on integrating this feature into Tor Browser as part of the work to migrate the Security Level feature in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40925. We should take this opportunity to improve the UX in general, in addition to converting the feature into standard Tor Browser UI patterns.ma1ma1https://gitlab.torproject.org/tpo/ux/research/-/issues/69Test Tor VPN prototypes with potential users2024-03-26T22:46:21ZdonutsTest Tor VPN prototypes with potential usersThis ticket relates to the following objectives:
- O1.4: Test wireframes and user flows with target users, identify user challenges, iterate on these designs throughout the project.
Our target is to conduct 2-3 focus groups with potent...This ticket relates to the following objectives:
- O1.4: Test wireframes and user flows with target users, identify user challenges, iterate on these designs throughout the project.
Our target is to conduct 2-3 focus groups with potential users.
The designs can be found here: [Figma / Tor VPN for Android](https://www.figma.com/file/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?type=design&node-id=4280%3A1524&mode=design&t=mNf6BRHqG6b1oXYs-1)Sponsor 101 - Tor VPN Client for Androidsajolidasajolidahttps://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/200Build system installer for Mullvad Browser on Windows2024-03-26T16:07:58ZrichardBuild system installer for Mullvad Browser on WindowsCurrently Mullvad Browser inherits Tor Browse's portable-only installer on Windows. We should either:
1. Add support to existing installer to support portable OR system `%PROGRAMFILES%` installs
2. Create a second installer which can in...Currently Mullvad Browser inherits Tor Browse's portable-only installer on Windows. We should either:
1. Add support to existing installer to support portable OR system `%PROGRAMFILES%` installs
2. Create a second installer which can install to a system location, separate from the portable installer
3. Update existing installer to be a classic system installer and instead ship portable as a zip archive
Some things to consider:
- System installation requires Admin/Elevation privileges on Windows. NSIS installers can be built such that the elevation prompt happens automatically on launch, but this will likely/possible prevent portable installation on systems which the user does not have admin access (such as in library/univeristy/corporate terminals). I don't know if you can conditionally elevate in an NSIS installer based on install location.
- A second installer to counter the previous constraint would work, but could cause user confusion
- Providing a zip bundle may make it easier for dowstream package maintainers if any were to appear (eg for [chocolatay](https://chocolatey.org/))Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/136renew Docker-Sponsored Open Source Program2024-03-26T10:35:25Zmeskiomeskio@torproject.orgrenew Docker-Sponsored Open Source ProgramThe billing tab of our docker organization says:
> Your Docker-Sponsored Open Source status will expire on Apr 15, 2024.
> To keep your Docker-Sponsored Open Source status, look for our email containing renewal information and follow t...The billing tab of our docker organization says:
> Your Docker-Sponsored Open Source status will expire on Apr 15, 2024.
> To keep your Docker-Sponsored Open Source status, look for our email containing renewal information and follow the link within to reapply.
I got the mentioned email. I was assuming it was a phishing email as the renew link points to *docker.my.site.com*, but I guess is legit (site.com is a salesforce domain and the DKIM of the email looks valid):
```
We would like to kindly remind you that your current subscription to
the Docker-Sponsored Open Source Program is set to expire in 45 days.
We highly value your participation in the program and would like to
invite you to renew your subscription.
[1]Click Here to Renew
By renewing, you'll continue to benefit from the program's offerings
if your project still meets the [2] qualification criteria. An annual
Docker Team subscription will be allocated to the following project
organization: Docker ID - thetorproject
Here are the benefits you'll continue to enjoy:
* Autobuilds
* Free team seats
* Rate-limit removal for all users pulling public images from your
project namespace
* Sponsored OSS badge on Docker Hub and being prioritized in search
results
* Usage reporting
Before you proceed with the renewal application, we kindly request
that you take a moment to complete a [3]brief survey. Your feedback
in the survey does not impact the review of your application; it will
only be used to inform improvements to the program so that we can
better serve the open-source community.
If you have any questions or encounter any technical issues during
the renewal process, please don't hesitate to contact
support@docker.com. Our team is here to assist you and ensure a
smooth renewal experience.
Thank you!
The Docker Team
```
Anyway, I guess we should follow the email instructions and renew the subscription. Depending on how much work is that we might want to consider more seriously to move to our gitlab container registry (#121)meskiomeskio@torproject.orgmeskiomeskio@torproject.org2024-03-28https://gitlab.torproject.org/tpo/web/donate-neo/-/issues/28Social media icons in footer are fuzzy2024-03-18T18:23:41ZdonutsSocial media icons in footer are fuzzyThis is likely due to using low-res raster assets. The UX Team should supply SVGs instead.This is likely due to using low-res raster assets. The UX Team should supply SVGs instead.donutsdonutshttps://gitlab.torproject.org/tpo/web/donate-neo/-/issues/27Onion pattern is missing from the site footer2024-03-18T18:22:34ZdonutsOnion pattern is missing from the site footerThe UX Team need to supply an SVG asset for implementation.The UX Team need to supply an SVG asset for implementation.donutsdonutshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42462investigate mpris + disk data2024-03-16T18:53:58ZThorininvestigate mpris + disk dataAFAICT [this](https://searchfox.org/mozilla-central/search?q=mpris&path=&case=false&regexp=false) is a linux (gtk?) thing - and at least with `media.hardwaremediakeys.enabled` creates video thumbnails - I have not tested or verified
cc ...AFAICT [this](https://searchfox.org/mozilla-central/search?q=mpris&path=&case=false®exp=false) is a linux (gtk?) thing - and at least with `media.hardwaremediakeys.enabled` creates video thumbnails - I have not tested or verified
cc @pierovhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42432'Tor Circuit'-button hidden2024-03-12T12:05:58Zcypherpunks'Tor Circuit'-button hidden'Tor Circuit' button sometimes suddenly hidden.
Visible again on this site only after 'New Identity', not with 'New Tor circuit for this site'. TBB13.0.10'Tor Circuit' button sometimes suddenly hidden.
Visible again on this site only after 'New Identity', not with 'New Tor circuit for this site'. TBB13.0.10https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/issues/15Unable to utilise Firefox profiles2024-03-08T00:42:38ZHermistonUnable to utilise Firefox profilesI currently use the Firefox Flatpak to launch multiple profiles e.g.
- `Exec=/usr/bin/flatpak run --branch=stable --arch=x86_64 --command=firefox --file-forwarding org.mozilla.firefox -P LEISURE --class=LEISURE @@u %u @@`
- `Exec=/usr/b...I currently use the Firefox Flatpak to launch multiple profiles e.g.
- `Exec=/usr/bin/flatpak run --branch=stable --arch=x86_64 --command=firefox --file-forwarding org.mozilla.firefox -P LEISURE --class=LEISURE @@u %u @@`
- `Exec=/usr/bin/flatpak run --branch=stable --arch=x86_64 --command=firefox --file-forwarding org.mozilla.firefox -P WORK --class=WORK @@u %u @@`
When I tried to do the same with the Tor Browser Launcher I discovered there was no `-P` flag available. Please make it available so that multiple profiles can be used.asciiwolfasciiwolfhttps://gitlab.torproject.org/tpo/web/snowflake/-/issues/8Preparing Content for Snowflake Website2024-03-06T13:40:24ZAshish SoniPreparing Content for Snowflake WebsiteThis issue is for preparing and updating content for the Snowflake website.
The current text on the website can be found in the shared document [here](https://docs.google.com/document/d/10IWjY-FeyG1k8ywAE23HgPsxgwvliUqbV91PTb6oimY/edit...This issue is for preparing and updating content for the Snowflake website.
The current text on the website can be found in the shared document [here](https://docs.google.com/document/d/10IWjY-FeyG1k8ywAE23HgPsxgwvliUqbV91PTb6oimY/edit?usp=sharing)
looping with @raya @donutsrayarayahttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42430Crash with nested XHTML2024-03-05T14:03:56ZcypherpunksCrash with nested XHTMLTor Browser 13.0.10 on Windows crashes when I open `chrome://browser/content/browser.xhtml`, press <kbd>Alt</kbd> and select `Tools > Downloads (Ctrl-J)` (or just press <kbd>Ctrl+J</kbd>). Nothing of importance on its own, but still indi...Tor Browser 13.0.10 on Windows crashes when I open `chrome://browser/content/browser.xhtml`, press <kbd>Alt</kbd> and select `Tools > Downloads (Ctrl-J)` (or just press <kbd>Ctrl+J</kbd>). Nothing of importance on its own, but still indicative of something wrong - possibly even web accessible wrong.cypherpunkscypherpunkshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42404Tracking bug for necko pref flips2024-03-05T13:42:53ZcypherpunksTracking bug for necko pref flipshttps://bugzilla.mozilla.org/show_bug.cgi?id=1874137
Enable network.http.http2.move_to_pending_list_after_network_change
https://bugzilla.mozilla.org/show_bug.cgi?id=1876045https://bugzilla.mozilla.org/show_bug.cgi?id=1874137
Enable network.http.http2.move_to_pending_list_after_network_change
https://bugzilla.mozilla.org/show_bug.cgi?id=1876045https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42422Tor's PDF viewer hides or deletes changes on the PDF file when saved, irregul...2024-02-28T10:10:47ZMattiasbleeda097@gmail.comTor's PDF viewer hides or deletes changes on the PDF file when saved, irregularly<!--
* Use this issue template for reporting a new bug.
-->
### Summary
Tor Version 13.0.9 (64-bit)
Tor security level Standard
The following bug doesn't display the changes made on the PDF by Tor PDF's viewer, the bug sometimes seems ...<!--
* Use this issue template for reporting a new bug.
-->
### Summary
Tor Version 13.0.9 (64-bit)
Tor security level Standard
The following bug doesn't display the changes made on the PDF by Tor PDF's viewer, the bug sometimes seems to "delete" the written data of the changes, so that it did disappear edits made before the last saving by me.
It also hides info because I did open the same file in two different tabs, and in one tab was loading written text while in the another didn't load it at all being incomplete.¹
As far as I'm concerned, I think it hides it rather than deleting because the file size apparent weighter **despite no text added is shown**, unlike a previous version written without the last save which is lighter. This seems reasonable, but not if the weighter file with the last writing doesn't have the content which it's like ghost data lost...
¹: I mean writting text saved, not PDF pages.
### Steps to reproduce:
Unfortunately I can't remember what I did exactly. Incident date 13/2/24 midday. but I remember to overwrite the file PDF in an ordinary folder settled in Onedrive (Microsoft) as I used to do. Here what I was doing
1. Drag the pdf file to Tor's window tabs.
2. Use the tools _Text_ of PDF's viewer
3. Once editing, save the file in the original
4. From time to time it might not show what was written
I must clarify I was using my mobile phone to continue editing what I wrote, this process of displaying destroys the text body each once I save changes from mobile phone, then, displaying it in desktop the extended spaces are taken out, Tor's PDF viewer stills take them into account although, but the damages are irreversible. Odd behavior.
### What is the current bug behavior?
It hides modified txt files or doesn't show it.
### What is the expected behavior?
I expected to see the last changes I saved but there aren't. I wrote until page 80, by PDF's viewer page scrolling, 81 by book index, starting from 61. There was nothing between 61 to 80, and later one time there was nothing between 47 in forward... Later, that fixed itself (61-80) and I opened two tabs, one had until 70 and that one remained currently.
### Environment
**Windows 10 Home Single Language 64 bits (10.0, compilation 19045)**
**From Tor main page**
### Relevant logs and/or screenshots
![marcas-mapa-rojo-Y-latigo-que-corta-viento](/uploads/ad440a8aff645cd7a1ba1628b6811562/marcas-mapa-rojo-Y-latigo-que-corta-viento.png)
![OneDrive_-_Personal_21_02_2024_7_30_28](/uploads/98b56603b37cb70f7520f8aa6a56d926/OneDrive_-_Personal_21_02_2024_7_30_28.png)
Honestly, I don't know what I did specifically, I'd like to provide more information specially with the steps to the bug, these are a custom mine. I can't post the file I'm talking about because it's too big.
By the way, just in case English isn't my first language.Mattiasbleeda097@gmail.comMattiasbleeda097@gmail.comhttps://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/151WebRTC leaks UDP traffic outside socks5 proxy2024-02-21T13:20:46ZruihildtWebRTC leaks UDP traffic outside socks5 proxy- Connect to a socks5 proxy on port 1080 in your LAN that uses a different IP than your computer
- Create a room on meet.mullvad.net jitsi instance
- tcpdump on interface connected to internet and filter out port 1080
- observe UDP traff...- Connect to a socks5 proxy on port 1080 in your LAN that uses a different IP than your computer
- Create a room on meet.mullvad.net jitsi instance
- tcpdump on interface connected to internet and filter out port 1080
- observe UDP traffic to the remote jitsi meet peer
So this is not specific to Mullvad Browser, so not sure how/if we need to deal with it.ma1ma1https://gitlab.torproject.org/tpo/tpa/team/-/issues/41177fix billing for joker.com domain names2024-02-20T16:22:07Zanarcatfix billing for joker.com domain namesIt seems like our domain names have always been manually renewed, and then sent as expenses to be reimbursed to accounting. we recently realized this as we noticed `tor.network` was expiring. the domain was hosted outside of our normal j...It seems like our domain names have always been manually renewed, and then sent as expenses to be reimbursed to accounting. we recently realized this as we noticed `tor.network` was expiring. the domain was hosted outside of our normal joker.com account and has since been migrated there (#41148). we were mistakenly thinking this would solve the renewal issue, but we actually realized instead that none of our domains are actually configured to be automatically renewed and billed to accounting.
in #41148, have credited the joker.com account by 100$USD, without realizing that is actually problematic for accounting. @sue wants to figure out another way to pay for those domains, and this ticket aims at cleaning that up and regularizing the domain billing at Tor.
note that all domains are marked for autorenewal and `tor.network` *has* been renewed, so there is no more an ~Emergency for this, but it would still be nice to regularize billing.
/cc @susananarcatanarcat2024-04-07https://gitlab.torproject.org/tpo/network-health/onbasca/-/issues/156add support for webtunnel bridges2024-02-12T12:46:44Zmeskiomeskio@torproject.orgadd support for webtunnel bridgeshttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41811Connect buttons in bridge modals should be purple2024-01-30T22:03:42ZdonutsConnect buttons in bridge modals should be purple`Connect` buttons are always purple in our UI, however all other confirmation buttons (e.g. "OK" and "Save") should remain the primary theme color.
See this Figma file for reference: [Figma link](https://www.figma.com/file/RS584DcR4emXr...`Connect` buttons are always purple in our UI, however all other confirmation buttons (e.g. "OK" and "Save") should remain the primary theme color.
See this Figma file for reference: [Figma link](https://www.figma.com/file/RS584DcR4emXrw1F8g3l5x/Tor-Browser-12.5?type=design&node-id=62%3A10116&t=BJbn9R4EgNRt9Tq3-1)henryhenryhttps://gitlab.torproject.org/tpo/network-health/metrics/networkstatusapi/-/issues/49details TODOs2024-01-29T23:07:30ZMattia Righettidetails TODOsI left some TODOs in the `/details` endpoint response object, they refer to fields that are currently not filled.
I'm copying them all down here so we can keep track of their progress.
### Relays
- [ ] last_changed_address_or_port
- [ ...I left some TODOs in the `/details` endpoint response object, they refer to fields that are currently not filled.
I'm copying them all down here so we can keep track of their progress.
### Relays
- [ ] last_changed_address_or_port
- [ ] region_name
- [ ] city_name
- [ ] latitude
- [ ] longitude
- [ ] alleged_family
- [ ] advertised_bandwidth
- [ ] exit_policy_v6_summary
- [ ] recommended_version
- [ ] indirect_family
- [ ] measured
- [ ] unreachable_or_addresses
### Bridges
- [ ] advertised_bandwidth
- [ ] recommended_version