The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-03-21T20:19:59Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10498Get only the NoScript we want to our users2022-03-21T20:19:59ZcypherpunksGet only the NoScript we want to our usersNoscript is Firefox extension, known for years security tool and simplest way to stop stuff. Author of Noscript never used [public repository](http://forums.informaction.com/viewtopic.php?p=10981#p10981) for demonstrating development pro...Noscript is Firefox extension, known for years security tool and simplest way to stop stuff. Author of Noscript never used [public repository](http://forums.informaction.com/viewtopic.php?p=10981#p10981) for demonstrating development progress, all known code was available as standalone archive or file from [AMO](https://addons.mozilla.org/). However, author used to sign components of archive [before 2.6.6.9 version](http://hackademix.net/2013/07/20/noscript-and-flashgot-unsigned/). All we have now to try guess files wasn't modified on a way, and still chance to recreate history of development by hands or by 3rd party [repository for versions difference](https://github.com/avian2/noscript)
TBB takes Noscript from servers of AMO during building and run-time addon updates. Do we trust them so much?https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10497Tor Browser crashes on OS X if gocomics.com and newspaper sites are involved2020-06-27T14:42:23ZTracTor Browser crashes on OS X if gocomics.com and newspaper sites are involvedI tried to open Julius Caesar (found with Startpage0 and TBB 3.5 hung. After about 15 minutes, I finally had to hit Force Quit, since I had something else I had to do.
**Trac**:
**Username**: mwolfeI tried to open Julius Caesar (found with Startpage0 and TBB 3.5 hung. After about 15 minutes, I finally had to hit Force Quit, since I had something else I had to do.
**Trac**:
**Username**: mwolfeMike PerryMike Perryhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10491TorBrowser integration in a desktop enviroment2020-06-27T14:42:23ZTracTorBrowser integration in a desktop enviromentI use TBB 3.5 as my default browser. The browsing experience over Tor network is for me almost the same as with normal FF. What I am missing as a user is the integration into my desktop environment.
If have set TBB in my desktop as the...I use TBB 3.5 as my default browser. The browsing experience over Tor network is for me almost the same as with normal FF. What I am missing as a user is the integration into my desktop environment.
If have set TBB in my desktop as the default browser application. When I read a email with a link in it (or when I click in any other application on a link), I want that the URL opens with TBB by default. Because the TBB start script does not pass parameters to the FF instance at the moment, clicking on a link in an email just opens a blank TBB.
There is a bug legacy/trac#10472 filed that provides a patch for passing parameters to TBB. But it only works if no TBB instance is running. If I have a TBB already open I get the message:
"Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system."
**Trac**:
**Username**: torlandhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10487TBB OS X: Last directory recorded in /Users/User/Library/Preferences/2020-06-27T14:42:23ZTracTBB OS X: Last directory recorded in /Users/User/Library/Preferences/It's not a huge big deal, but worth mentioning TBB 3.5 OS X leaves a record of the last download directory in org.mozilla.torbrowser.plist:
<key>NSNavLastRootDirectory</key>
---><string>/Volumes/place/place/</string>
Some say there is...It's not a huge big deal, but worth mentioning TBB 3.5 OS X leaves a record of the last download directory in org.mozilla.torbrowser.plist:
<key>NSNavLastRootDirectory</key>
---><string>/Volumes/place/place/</string>
Some say there is no security through obscurity, correct I'm sure, but no need to specifically point to the directory or volume (even if encrypted) about where data via Tor is being downloaded to.
Seems to be quite a challenge to lock down TBB on OS X. Has anyone checked the status of things like /var/folders lately ?
**Trac**:
**Username**: DrMikeTwiddlehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10483Easy to add wrong component of TBB to Mac OS X dock2020-06-27T14:42:23ZSeth SchoenEasy to add wrong component of TBB to Mac OS X dockIn TBB, there are several different components, including TorBrowserBundle, Tor, Vidalia, and the TorBrowser. The intended flow is for a user to launch TorBrowserBundle, which will then launch the other components.
On Mac OS X, I saw a...In TBB, there are several different components, including TorBrowserBundle, Tor, Vidalia, and the TorBrowser. The intended flow is for a user to launch TorBrowserBundle, which will then launch the other components.
On Mac OS X, I saw a user open TorBrowserBundle correctly, and then try to save a shortcut in the Dock (the application launching area at the bottom of the screen). Unfortunately, the only application that had a window open was the TorBrowser itself, not the bundle launcher. Adding a shortcut for _this_ to the Dock results in an icon called "TorBrowser". So far so good -- but trying to use this icon later on results in launching the browser in isolation without Vidalia or Tor, and errors about not being able to connect to Tor's SOCKS proxy.
This is pretty easy to do because Mac OS users are used to the idea that they can pin applications in the Dock for quick access, and most applications have only a single candidate component that creates GUI objects. I'm not sure what the right solution would be. One possibility is to make the TorBrowser detect if it's being launched from outside of the bundle, and, if so, to exec the bundle launcher instead.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10475OS X: High CPU usage when TBB can't access a site2020-06-27T14:42:23ZTracOS X: High CPU usage when TBB can't access a siteTBB 3.5 OS X: When a URL can't be accessed for whatever reason (bad Tor connection, bad internet connection, or internet off) TBB seems to get locked into a very high CPU usage situation that it can't remedy itself out of without user in...TBB 3.5 OS X: When a URL can't be accessed for whatever reason (bad Tor connection, bad internet connection, or internet off) TBB seems to get locked into a very high CPU usage situation that it can't remedy itself out of without user interaction (closing the window/tab or new identity etc)
This is not new. Prior versions of TBB on OS X that included Vidalia had the same problem.
Perhaps it's getting stuck in a loop somewhere ?
**Trac**:
**Username**: DrMikeTwiddlehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10474TorBrowser 3.5.1 launch tasks2020-06-27T14:42:24ZAndrew LewmanTorBrowser 3.5.1 launch tasksWe can do a better job launching TBB 3.5.1. TBB 3.5 is a wholly new interface and our documentation, videos, and general website don't reflect the change.
I suggest we update the following:
1. Update https://www.torproject.org/projects...We can do a better job launching TBB 3.5.1. TBB 3.5 is a wholly new interface and our documentation, videos, and general website don't reflect the change.
I suggest we update the following:
1. Update https://www.torproject.org/projects/torbrowser.html.en with new documentation (text and screenshots) of TBB 3.5 on all OSes we support (OSX, Linux, Windows).
2. Update https://www.torproject.org/docs/short-user-manual.html.en with new documentation (text and screenshots) of TBB 3.5 on all OSes we support (OSX, Linux, Windows).
3. Update our videos for "how to install" and "how to verify signatures" of TBB 3.5
4. Update our relevant FAQ entries for TBB 3.5.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10469Tor skip line2020-06-27T14:42:24ZcypherpunksTor skip lineWhy don't keep these skip-tor-lauch lines by default in start-tor-browser.sh? Who needs it just uncomment the last line.
## Deactivate tor-launcher,
## a Vidalia replacement as browser extension,
## to prevent running Tor over Tor.
## h...Why don't keep these skip-tor-lauch lines by default in start-tor-browser.sh? Who needs it just uncomment the last line.
## Deactivate tor-launcher,
## a Vidalia replacement as browser extension,
## to prevent running Tor over Tor.
## https://trac.torproject.org/projects/tor/ticket/6009
## https://gitweb.torproject.org/tor-launcher.git
#export TOR_SKIP_LAUNCH=1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10467URLs are leaked to third party if they contain typos2020-06-27T14:42:24ZTracURLs are leaked to third party if they contain typosOpen a new tab in the Tor Browser and type "https;//www.wikipedia.org" into the URL field (note the typo - a semicolon instead of a colon)
The Tor Browser jumps to startpage.com and searches it for "https;//www.wikipedia.org"
Users may...Open a new tab in the Tor Browser and type "https;//www.wikipedia.org" into the URL field (note the typo - a semicolon instead of a colon)
The Tor Browser jumps to startpage.com and searches it for "https;//www.wikipedia.org"
Users may make typos - and I think there is no need to leak URLs with typos to a third party (startpage). You should patch Firefox so that anything typed into the URL field is never sent to a third party.
There is already a special field for startpage search in the navigation toolbar - so there is no need to use the URL field for searches.
**Trac**:
**Username**: torarhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10466Slow menu response of Torbrowser2020-06-27T14:42:24ZTracSlow menu response of TorbrowserSince Torbrowser 3.X comes with TorLauncher I really like the TorBrowserBundle and use it daily as my Firefox replacement.
Although the browser experience and speed is really good I noticed an issue that hampers the usability and leads ...Since Torbrowser 3.X comes with TorLauncher I really like the TorBrowserBundle and use it daily as my Firefox replacement.
Although the browser experience and speed is really good I noticed an issue that hampers the usability and leads to the impression that TBB is slow.
When I open the main menu or context menu or when I switch in the main menu from the open "File" menu to "Edit" this is much slower in TBB than in the standard FF.
Examples:
1.) right click in the URL address field. TBB is much slower than FF
2.) open "File" menu and move the mouse pointer over "Edit". There is a significant delay in TBB compared to FF.
3.) I have the bookmarks toolbar visible and there are folder in it. When I click on a folder in TBB it can take up to 1-2 second until it opens. In FF the bookmark toolbar folder open immediately.
4.) Right click in the browser window to get the standard browser context menu. It take significantly longer in TBB than in FF
5.) I have structured my bookmarks with folders. If I click on Bookmarks in the main menu and move the mouse down from folder to folder the folder submenu opens immediately in FF whereas there is a delay in TBB.
The delay I am talking about is not always the same. Sometimes it open almost immediately (but never as fast as in FF) sometimes the delay is significant up to 1-3 seconds.
From a user perspective TBB handling seems to be slower because of that. When opening a menu I sometime have the impression as if TBB loads the menu over the network.
The fact that TBB loads pages over the Tor networks slower than FF is understandable from a user perspective. But that local actions are slower than in FF is something a user cannot understand.
Is there something I configure in TBB to make menu handling faster?
I am using TBB 3.5 I have build via gitian on Linux 64-bit Ubuntu.
Thanks & regards,
torland
**Trac**:
**Username**: torlandhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10434Segmentation fault when Tor Browser 3.5 has a ton of state.2020-06-27T14:42:24ZMatt PaganSegmentation fault when Tor Browser 3.5 has a ton of state.To reproduce this bug, spend all day on Twitter clicking a bunch of links and never get a new identity. This is the only way I have been able to consistently get enough state in my browser to trigger the crash. I have a core file, but I ...To reproduce this bug, spend all day on Twitter clicking a bunch of links and never get a new identity. This is the only way I have been able to consistently get enough state in my browser to trigger the crash. I have a core file, but I would prefer to send it to interested developers over PGP because I have no idea how much information it contains. This is the TBB version I used: https://lists.torproject.org/pipermail/tor-qa/2013-December/000283.htmlhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10408Obvious version information for extracted Tor Browser2022-03-21T20:19:22Zweasel (Peter Palfrader)Obvious version information for extracted Tor BrowserAssuming I have an unpacked tbb tree, there doesn't seem to be an obvious way to learn its version. Maybe there should be a VERSION file next to the start-tor-browser script?
Emphasis is on obvious -- I now know the information is hidd...Assuming I have an unpacked tbb tree, there doesn't seem to be an obvious way to learn its version. Maybe there should be a VERSION file next to the start-tor-browser script?
Emphasis is on obvious -- I now know the information is hidden away in Docs/sources/versions.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10403Add TBB version to Help->About Tor browser2020-06-27T14:42:24ZTracAdd TBB version to Help->About Tor browserit currently displays original version of firefox browser which is confusing to user.
Add TBB version under Firefox ESR version, so user can see both.
**Trac**:
**Username**: hsnit currently displays original version of firefox browser which is confusing to user.
Add TBB version under Firefox ESR version, so user can see both.
**Trac**:
**Username**: hsnhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10400Provide "New Identity" option that uses session restore2020-06-27T14:42:25ZMike PerryProvide "New Identity" option that uses session restorePeople routinely request a New Identity option that doesn't close all of their tabs. Unfortunately, this is not really possible to implement while still clearing all of the tracking-related browser state.
However, what we can do is stor...People routinely request a New Identity option that doesn't close all of their tabs. Unfortunately, this is not really possible to implement while still clearing all of the tracking-related browser state.
However, what we can do is store a memory-only instance of the session restore data prior to New Identity and then restore it afterwords. This might be rather klunky in terms of responsiveness and load delay, but it would give people who really don't want to lose their current tabs a way to still keep them without quite so much tracking data persisting across the "New Identity" invocation.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10399Tor Browser should be visually distinguished from Firefox to prevent user error2023-03-06T15:36:42ZTracTor Browser should be visually distinguished from Firefox to prevent user errorMore than once, I have had multiple browsers open (in this example, let's say both Tor Browser and Firefox due to their similarity) and have mixed them up, for example logging into accounts or entering information I intended to keep comp...More than once, I have had multiple browsers open (in this example, let's say both Tor Browser and Firefox due to their similarity) and have mixed them up, for example logging into accounts or entering information I intended to keep compartmentalized only transmitted over the Tor network. In situations where OPSEC is important, such a mistake can be very costly indeed.
This led me to give some thought to the idea that the Tor Browser should be more visually distinct to prevent this type easily committed user error that can compromise privacy and security in potentially disastrous situations. At present, the title bar and onion logo are the main distinguishing features that allow a Desktop user to know which environment they are working in. In my opinion, that's not enough. Is there anything more that can be done to customize TorBrowser's UI?
Any thoughts or ideas about this?
**Trac**:
**Username**: ageisp0lishttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10397Torbrowser's updater integrates additional protections from Thandy's threat m...2022-03-21T20:18:40ZTom LowenthalTorbrowser's updater integrates additional protections from Thandy's threat modelhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10394Torbrowser's updater updates HTTPS-everywhere2022-01-11T19:33:41ZTom LowenthalTorbrowser's updater updates HTTPS-everywhereLet's think about shipping HTTPS-Everywhere solely via our updater, disabling update pings for that extension as well.Let's think about shipping HTTPS-Everywhere solely via our updater, disabling update pings for that extension as well.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10393Torbrowser updates are verified through the Tor consensus2022-01-11T19:33:41ZTom LowenthalTorbrowser updates are verified through the Tor consensusTorbrowser's updater checks the Tor consensus to see whether Torbrowser's current version is recommended. If not, the updater gets updates from a location described in the consensus, and verifies downloaded updates against a hash provide...Torbrowser's updater checks the Tor consensus to see whether Torbrowser's current version is recommended. If not, the updater gets updates from a location described in the consensus, and verifies downloaded updates against a hash provided in the consensus.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10388TBB should disable "New Private Window" menu option if disk history is disabled2022-03-21T20:18:23ZMike PerryTBB should disable "New Private Window" menu option if disk history is disabledBecause we use browser.privatebrowsing.autostart as defense in depth against disk leaks, "New Private Window" is equivalent to "New Window". This can be confusing to users who will expect their "New Private Windows" to be isolated from t...Because we use browser.privatebrowsing.autostart as defense in depth against disk leaks, "New Private Window" is equivalent to "New Window". This can be confusing to users who will expect their "New Private Windows" to be isolated from their normal TBB state, especially since the UI hints are different for these windows.
We should probably patch Firefox to hide this menu option if browser.privatebrowsing.autostart is set. This seems like something Mozilla should be interested in picking up.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10378Update Tor Browser design documentation for the 3.x series2020-06-27T14:42:26ZGeorg KoppenUpdate Tor Browser design documentation for the 3.x seriesWe should update the Tor Browser design documentation to reflect the changes in the new stable version and fix typos and broken links (e.g. there are links to patches that are broken).We should update the Tor Browser design documentation to reflect the changes in the new stable version and fix typos and broken links (e.g. there are links to patches that are broken).