The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-01-30T16:07:48Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/40661Do phase 3 of proposal 2892024-01-30T16:07:48ZGeorg KoppenDo phase 3 of proposal 289In [prop#289](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/289-authenticated-sendmes.txt) we included a deployment timeline. Currently we are at Phase 2 and Phase 3 contains the following:
```
This phase ...In [prop#289](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/289-authenticated-sendmes.txt) we included a deployment timeline. Currently we are at Phase 2 and Phase 3 contains the following:
```
This phase will effectively exit() all tor not supporting
"FlowCtrl=1". The earliest date we can do that is when all versions
not supporting v1 are EOL.
According to our release schedule[4], this can happen when our latest
LTS (0.3.5) goes EOL that is on Feb 1st, 2022.
```
We are past Feb 1st, 2022 and 0.3.5.x is gone for good for a while. Let's get to Phase 3 for the next major release at least then.Tor: 0.4.8.x-freezehttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40170Create a patch to remove Hello Verify Request in Snowflake's WebRTC2022-08-09T19:15:31ZshelikhooCreate a patch to remove Hello Verify Request in Snowflake's WebRTCThe Snowflake with [patched](https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/83) supported_groups [don't](https://ntc.party/t/testing-invitation-for-tor-browser-with-supported-groups-patch-countermeasure-in-snowflake-to-e...The Snowflake with [patched](https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/83) supported_groups [don't](https://ntc.party/t/testing-invitation-for-tor-browser-with-supported-groups-patch-countermeasure-in-snowflake-to-evade-censorship-observed-in-russia/2837/2) work. It is suggested that Hello Verify Request is now the signature being targeted.
```
16:07:39 <shelikhoo> the patched version we produced is not working]
16:08:12 <shelikhoo> and one of the possible reason that that Hello Verify is now censored
16:08:24 <shelikhoo> and one of the possible reason is that that Hello Verify is now censored
16:08:34 <dcf1> Hello Verify Request: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40030#note_2823140
16:08:50 <shelikhoo> we could patch it again and generate an binary again
16:11:21 <shelikhoo> do we have an existing patch for removing Hello Verify?
16:11:28 <shelikhoo> that we can just apply?
16:11:48 <dcf1> Not as far as I know
16:15:26 <shelikhoo> I can create a ticket to track this issue.
16:16:34 <shelikhoo> https://gist.github.com/xiaokangwang/5cd4437d087b0159146b0cb9d09aa9a5
16:16:55 <shelikhoo> I received such an patch, but I forgot the exact context I got it...
16:18:14 <shelikhoo> I think it changes whether the local will be client or server to avoid some censorship
```https://gitlab.torproject.org/tpo/web/community/-/issues/286Move bridge post-install info to "Technical Setup"2023-01-11T16:38:28ZGhost UserMove bridge post-install info to "Technical Setup"<!-- This template is a great use for issues that are feature::additions or technical tasks for larger issues.-->
### Proposal
<!-- Use this section to explain the proposal and how it will work. It can be helpful to add technical detai...<!-- This template is a great use for issues that are feature::additions or technical tasks for larger issues.-->
### Proposal
<!-- Use this section to explain the proposal and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. -->
The relay post-install info is located at [/relay/setup/post-install/](https://community.torproject.org/relay/setup/post-install/), but the bridge post-install info is mixed in between the operating systems at [/relay/setup/bridge/post-install/](https://community.torproject.org/relay/setup/bridge/post-install/).
I suggest moving the bridge post-install page next to the relay post-install page at [/relay/setup/](https://community.torproject.org/relay/setup/).
What needs to be done:
- Move /relay/setup/post-install/ to /relay/setup/relay-post-install/
- Move /relay/setup/bridge/post-install/ to /relay/setup/bridge-post-install/
- Update all links to the new destination of /relay/setup/post-install/
- Update all links to the new destination of /relay/setup/bridge/post-install/
- Change the title of /relay/setup/bridge-post-install/contents.lr to "Bridge Post-install"
- Change the key of /relay/setup/bridge-post-install/contents.lr to "4"
- Change the key of /relay/setup/post-install/contents.lr from "4" to "5"
- Change the key of /relay/setup/snowflake/contents.lr from "5" to "6"
I could work on this.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41091Segmentation fault on Alpine Linux2022-08-02T14:34:04ZMarek Küthem.k@mk16.deSegmentation fault on Alpine LinuxHello,
I am trying to run the Tor Browser on Alpine Linux in a VM. Unfortunately, the program would not start at the beginning. After installing some packages it worked: `apk add build-base gcompat libc6-compact`
Now the following error...Hello,
I am trying to run the Tor Browser on Alpine Linux in a VM. Unfortunately, the program would not start at the beginning. After installing some packages it worked: `apk add build-base gcompat libc6-compact`
Now the following error message appears:
```
./start-tor-browser --verbose
mozilla::detail::MutexImpl::MutexImpl: pthread_mutexattr_settype failed: Invalid argument
./start-tor-browser: line 362: 4658 Segmentation fault TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
```
How can I start the Tor Browser?https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41068"HTTPS-Only Mode Alert Secure Connection Not Available" gets triggered when l...2023-01-06T15:55:38ZRoger Dingledine"HTTPS-Only Mode Alert Secure Connection Not Available" gets triggered when loading is slow, and it's scaring usersLoad your Tor Browser, then move to a network where Tor can't connect, e.g. because it is firewalled or because you're captive portaled or etc.
Then type a non-existent domain into the url bar (I picked dffffogifdgoise.org) and hit ente...Load your Tor Browser, then move to a network where Tor can't connect, e.g. because it is firewalled or because you're captive portaled or etc.
Then type a non-existent domain into the url bar (I picked dffffogifdgoise.org) and hit enter.
After a few minutes, Tor will give up trying to find a circuit for that domain, and it will give you an error page.
In the old days, we'd get the "We can’t connect to the server at www.dffffogifdgoise.org." error page.
But now (Tor Browser 11.5) we get a new page, telling the user "You've enabled HTTPS-Only Mode for enhanced security, and a HTTPS version of dffffogifdgoise.org is not available." and then "Most likely, the website simply does not support HTTPS."
I'm attaching a screenshot of "I failed to reach news.google.com" which mistakenly/misleadingly turned into the https-only mode warning:
![Screenshot_2022-07-20_22-42-52](/uploads/e36a4ef34e54dc51cd0fe16a9a77787a/Screenshot_2022-07-20_22-42-52.png)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41062Assume internet is online when connected to Tor2022-11-30T18:21:48ZcypherpunksAssume internet is online when connected to TorIn Connection settings, where Internet and Tor statuses are shown, Tor might be displayed as connected while Internet as unknown. That's weird - it implies working Inet.In Connection settings, where Internet and Tor statuses are shown, Tor might be displayed as connected while Internet as unknown. That's weird - it implies working Inet.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40548Investigate using Snaps2023-08-21T18:08:20ZMatthew FinkelInvestigate using SnapsShould we distribute Tor Browser as a snap?
https://snapcraft.io/Should we distribute Tor Browser as a snap?
https://snapcraft.io/https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40155screenshots for translators2022-10-04T17:54:48Zmeskiomeskio@torproject.orgscreenshots for translators@emmapeel is asking if we can provide some screenshots for transifex so the translators get some context on the strings they are translating. The webextension strings are:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-trans...@emmapeel is asking if we can provide some screenshots for transifex so the translators get some context on the strings they are translating. The webextension strings are:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/blob/main/static/_locales/en_US/messages.json
I think some of those strings are only used in the webextension store, isn't it? we might need also screenshots of those.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40538Package and distribute Tor Browser using Flatpak2023-01-05T12:45:48ZTracPackage and distribute Tor Browser using FlatpakPlease provide a Tor Browser package for Flatpak, and ideally publish it on Flathub. Aside from getting the added security benefit of the Flatpak sandbox, this will make it possible for normal people to install Tor Browser on Linux - the...Please provide a Tor Browser package for Flatpak, and ideally publish it on Flathub. Aside from getting the added security benefit of the Flatpak sandbox, this will make it possible for normal people to install Tor Browser on Linux - the current binary tarball isn't great.
**Trac**:
**Username**: mjoghttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40537Tor Browser for ppc642023-01-05T12:37:35ZJeremyRandTor Browser for ppc64ppc64 is the big-endian variant of ppc64le (tracked in #28326). All commonly-used ppc64le hardware also supports ppc64, so ppc64 has the same firmware freedom advantages that ppc64le does. ppc64 is interesting from a security perspecti...ppc64 is the big-endian variant of ppc64le (tracked in #28326). All commonly-used ppc64le hardware also supports ppc64, so ppc64 has the same firmware freedom advantages that ppc64le does. ppc64 is interesting from a security perspective, because certain classes of memory-safety bugs (e.g. accessing a variable with the wrong size) cause an immediate crash or otherwise obviously-wrong behavior in BE mode, while instead manifesting as a silent security vulnerability in LE mode. Porting Tor Browser to ppc64 should be relatively simple on top of the ppc64le patches.
@richard, @boklm, and I already reached a consensus on IRC that a ppc64 port of Tor Browser would be acceptable as long as the POWER community (i.e. mainly me) does the work. Alas, I forgot to file an issue for this, so I am rectifying that error now. This issue will track my efforts on porting Tor Browser to ppc64.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40149Connection Result Feedback2022-06-22T18:55:40ZshelikhooConnection Result FeedbackCurrently, the broker does not receive feedback from the client about whether the Snowflake connection is successful. This means we do not receive feedback from real-world connection attempts. In the last team sync meeting, @arma and I d...Currently, the broker does not receive feedback from the client about whether the Snowflake connection is successful. This means we do not receive feedback from real-world connection attempts. In the last team sync meeting, @arma and I discussed receiving more automated feedback from clients. and one of the ways it could work is by receiving connection feedback info from clients.
IRC:
```
[5:51:16 pm] <+shelikhoo> yes. and better if the broker can track if the connection between proxy and client is actually successful or not
[5:51:29 pm] <+shelikhoo> so that we don't need run separate test
[5:51:42 pm] <+shelikhoo> just observe the real world data from users
[5:52:28 pm] <+arma2> hm! yes, now i want that too :)
```https://gitlab.torproject.org/tpo/tpa/team/-/issues/40799review efficiency of the Ganeti cluster, particularly gnt-fsn2023-11-22T20:56:18Zanarcatreview efficiency of the Ganeti cluster, particularly gnt-fsnLet's review the provisioning ration on the ganti cluster: how much do we over or under provision and how much does this thing cost per VM anyway.
The idea is that we started down the project of hosting everything with Ganeti mostly as...Let's review the provisioning ration on the ganti cluster: how much do we over or under provision and how much does this thing cost per VM anyway.
The idea is that we started down the project of hosting everything with Ganeti mostly as an experiement, with the belief it would give us better reliability. That probably is the case: we can reboot nodes without causing outages on instances (when only the needs need an upgrade, which is often not the case, that said). We could probably survive a total server loss as well, for example. But we haven't thought of how much resources go into making sure that availability is around.
So here's the task list:
- [x] evaluate the cost of hosting a single VM in the gnt-fsn cluster (or maybe per disk/memory/cpu unit? not sure how to evaluate this?)
- [ ] evaluate how much waste we have, for example
- [ ] how many CPUs are actually fully in use (say over a given 24h period or week?)
- [ ] how much memory is fully in use (same)
- [ ] how much disk is in use (probably just current snapshot)
I wonder if we should also evaluate performance overhead:
- [ ] how much is Qemu/KVM costing us in terms of raw processing power? maybe run a CPU-intensive benchmark in and out of a VM on an otherwise idle node
- [ ] same with disk: do we pay a big price for virtualized I/O?
- [ ] DRBD overhead: benchmark plain disk vs DRBD
- [ ] network overhead: benchmark local disk vs network disk (might be tough without also testing DRBD? we're mostly concerned about vswitch vs local switch performance, could we compare performance with gnt-chi here for example?)
The point here is that we're paying Hetzner a lot of money for a lot of rented metal (8 machines), instead of hosting everything in their cloud. That imposes a significant management cost, while at the same time giving us certain garantees in terms of privacy in control. We need to seriously consider whether it's worth hosting our own metal, still, and efficiency is certainly a big part of this.
Also related to #40163 (evaluate power usage).(next) cluster scalinganarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40797Upload deb.torproject.org-keyring to Debian2022-06-27T13:56:04Zmicahmicah@torproject.orgUpload deb.torproject.org-keyring to DebianThe `deb.torproject.org-keyring` package is very useful to keep the tor archive keyring up-to-date. However, it requires that one go through the manual process of establishing a chain of trust via the method described on the [Debian inst...The `deb.torproject.org-keyring` package is very useful to keep the tor archive keyring up-to-date. However, it requires that one go through the manual process of establishing a chain of trust via the method described on the [Debian installation page](https://support.torproject.org/apt/tor-deb-repo/).
If this package was uploaded into Debian proper, then Debian users could install this package without having to jump through these hoops, bootstrapping from the already established Debian trust path.weasel (Peter Palfrader)weasel (Peter Palfrader)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41025Requests from local files go over catch-all circuit2023-04-07T13:06:31ZcypherpunksRequests from local files go over catch-all circuitIf I open local file linking or fetching something remote in Tor Browser, the circuit display window displays "--unknown" as destination and requests presumably go over catch-all circuit.If I open local file linking or fetching something remote in Tor Browser, the circuit display window displays "--unknown" as destination and requests presumably go over catch-all circuit.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41022Onion rewrites should add eTLDs2023-06-12T13:36:27ZPier Angelo VendrameOnion rewrites should add eTLDsIf we want to extend the possibility to add custom `*.tor.onion` (or some similar domains) in runtime, we should hack somehow `nsEffectiveTLDService`.
This feature is very important: it is used to split domains when scoping whatever nee...If we want to extend the possibility to add custom `*.tor.onion` (or some similar domains) in runtime, we should hack somehow `nsEffectiveTLDService`.
This feature is very important: it is used to split domains when scoping whatever needs to be domain-scoped (e.g., cookies).
So, I expect it to be critical for FPI.
Actually, `nsEffectiveTLDService` already has a mechanism to update public suffixes, that we patch out (#40073).
But it uses some non trivial binary format that encodes a deterministic acyclic finite state automaton.
This format is explained in `xpcom/ds/tools/make_dafsa.py` (the code itself is about ~200 Python rows).
If the only reason for #40073 to exist was our changes to the list, we could restore it, and find some way to inject our additional domains at every update of the automaton.
@JeremyRand was suggesting to use some prefs.
I also thought of adding some other methods to the `IOnionAliasService` interface that we implemented for #40458.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41017URI scheme for Tor2023-01-05T18:01:16Zanother_dodoURI scheme for Tor### Summary
It is currently impossible to open any website or hidden service trough Tor using QR codes.
Hidden service URLs are quite long, impractical to type over, let alone remember.
So i wanted to create a QR code that leads directl...### Summary
It is currently impossible to open any website or hidden service trough Tor using QR codes.
Hidden service URLs are quite long, impractical to type over, let alone remember.
So i wanted to create a QR code that leads directly to my hidden service.
However, QR codes open an app based on URI scheme, which Tor currently doesn't have.
Consequently, any hidden service QR code is opened by your normal browser.
### Steps to reproduce:
1. Step 1: take an hidden service URL
2. Step 2: create a QR code of it.
3. Step 3: Scan the QR code with your mobile device that has a Tor browser installed on it.
4. Step 4: Watch and observe that a normal browser is opened instead.
### What is the current bug behavior?
The current format of a hidden service URL is: "http://myVeryLongHiddenServiceUrl.onion"
(where "http://" is hidden, but still appended on copy-paste and bookmarking!)
This is recognized as an "HTTP" URI scheme, which is automatically opened in a normal browser.
### What is the expected behavior?
I expected an URI scheme to be available for the Tor browser,
or at least for hidden services specifically.
Like this: "**tor:http://myVeryLongHiddenServiceUrl.onion**"
And of course, also allowing this:
"**tor:https://duckduckgo.com/?q=Hello+secret+TOR+search**"
And in the case that scheme stacking isn't desired, maybe just for hidden services alone:
Like this: "**tor://myVeryLongHiddenServiceUrl.onion**"
## Relevant logs and/or screenshots
No, i don't have any screenshots, but i DO have an example.
Open this link in a new tab, and scan the resulting QR code with your phone that has the Tor browser installed:
[let duckduckgo make a QR code for a hidden service](https://duckduckgo.com/?q=QR+code+http%3A%2F%2Flobsterj2lvqyoljdaywie3soipbanktdz2dt3pifqh3hgymcagnd3ad.onion%2F&ia=answer)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40975Disk leak on macOS due to Notification API2023-10-12T11:29:31ZGeorg KoppenDisk leak on macOS due to Notification APIKonark Modi reported a while ago a disk leak at least on macOS due to the Notification API. Here is the bug report:
```
The leak is cause by: https://www.w3.org/TR/notifications/ API.
Steps to reproduce:
1. Visit http://www.bennish.net/...Konark Modi reported a while ago a disk leak at least on macOS due to the Notification API. Here is the bug report:
```
The leak is cause by: https://www.w3.org/TR/notifications/ API.
Steps to reproduce:
1. Visit http://www.bennish.net/web-notifications.html
2. Temporarily allow JS.
3. Click on Authorize button.
4. Click on Show button.
5. Notification should occur.
macOS by default saves these notification in`/private/var/folders/qs/54swlb5d1fx4hq969vdqg4rr0000gn/0/com.apple.notificationcenter/db` . It dumps the content of the notification and the website name.
This location can be found using:
Activity Monitor -> Search for process user noted -> Open files and ports -> Notifications DB.
Now, although the user opted in to these notifications, but this is an intended leak from OS level.
```Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40946Two circuits for one domain (Circuit visualizer sometimes shows the "wrong" e...2023-06-28T09:04:53ZcypherpunksTwo circuits for one domain (Circuit visualizer sometimes shows the "wrong" exit node)Making an arbitrary number of new circuits (either with the new identity button or when the Tor client creates circuits while browsing) eventually causes the circuit view in Torbutton to show the wrong exit node.
I have noticed this in ...Making an arbitrary number of new circuits (either with the new identity button or when the Tor client creates circuits while browsing) eventually causes the circuit view in Torbutton to show the wrong exit node.
I have noticed this in Tor Browser 5.0.3 through Tor Browser 5.0.7
A far as I can tell, this is not related to architecture or OS nor to my network or even to machines owned by me. Also the problem is not limited to any particular website and it has nothing to do with JavaScript. I noticed this on Linux 64-bit and 32-bit on every Tor Browser version above and Windows 64-bit and 32-bit on version 5.0.3 (I've not checked since then). However I have not tested this in Mac OS X at all.
When testing this I found that the number of new circuits that are needed to reproduce this varies. Sometimes it happened first time I visited check.torproject.org, other times I spent 10-15 minutes creating new identities.
A screenshot can be found on stack exchange. https://tor.stackexchange.com/questions/9460/why-does-torbutton-circuit-view-not-consistently-show-the-correct-exit-nodehttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/5Write documentation on how it is working2023-04-11T18:29:41ZGabagaba@torproject.orgWrite documentation on how it is workingAdd documentation on how it is working, the design, architecture and anything we need for it to be running (including survival guide).
- [ ] bridge survival guide
- [ ] point of contact for conjure station
- [ ] brief summary of archite...Add documentation on how it is working, the design, architecture and anything we need for it to be running (including survival guide).
- [ ] bridge survival guide
- [ ] point of contact for conjure station
- [ ] brief summary of architectureCecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/core/tor/-/issues/40609Poor UX when missing curly brackets in torrc's ExitNodes setting2022-12-16T20:24:03ZviPoor UX when missing curly brackets in torrc's ExitNodes setting### Summary
/etc/tor/torrc with a line like `ExitNodes us` instead of `ExitNodes {us}` is accepted, but fails to bootstrap.
### Steps to reproduce:
1. Edit torrc file: add `ExitNodes` with invalid syntax (omitted curly brackets)
2. S...### Summary
/etc/tor/torrc with a line like `ExitNodes us` instead of `ExitNodes {us}` is accepted, but fails to bootstrap.
### Steps to reproduce:
1. Edit torrc file: add `ExitNodes` with invalid syntax (omitted curly brackets)
2. Start or reload Tor
3. Try to use it.
### What is the current bug behavior?
It starts, sticks at 0% bootstrapping (or logs `Our directory information is no longer up-to-date enough to build circuits: We need more microdescriptors: we have 7057/7057, and can only build 0% of likely paths. (We have 100% of guards bw, 100% of midpoint bw, and 0% of exit bw = 0% of path bw.)` if reloaded), does not work.
### What is the expected behavior?
Tor refuses to read torrc file as invalid, showing the line number of ExitNodes directive, ideally also recongnizing and explaining the mistake.
Alternatively, the bracket-less syntax is considered valid and working and Tor works normally and a line like `ExitNodes us` is applied, just like `ExitNodes {us}`.
### Environment
- Which version of Tor are you using? Run `tor --version` to get the version if you are unsure.
```
Tor version 0.4.7.7.
Tor is running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1k, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.31 as libc.
Tor compiled with GCC version 10.2.1
```
- Which operating system are you using? Debian GNU/Linux Bullseye on x86_64.
- Which installation method did you use? Distribution package from bullseye-backports.