The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-11-30T11:28:02Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41457Remove more Mozilla permissions2022-11-30T11:28:02ZPier Angelo VendrameRemove more Mozilla permissionsWe should just remove all Mozilla's permissions from `browser/app/permissions`, rather than removing only the ones to install addons.We should just remove all Mozilla's permissions from `browser/app/permissions`, rather than removing only the ones to install addons.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41462Add anchors to bridge-moji and onion authentication entries2022-11-30T11:28:17ZPier Angelo VendrameAdd anchors to bridge-moji and onion authentication entriesNow that we have the anchors on the manual for these topics, we should add them to the learn more links in the browser.Now that we have the anchors on the manual for these topics, we should add them to the learn more links in the browser.Sponsor 131 - Phase 3 - Major ESR 102 MigrationPier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17999Changed default GUI font might help fingerprinting JA Windows users2022-11-30T13:10:20ZGeorg KoppenChanged default GUI font might help fingerprinting JA Windows usersAs yawning noted in legacy/trac#17550 the default GUI font changed across Windows versions:
* Windows XP -> `MS UI Gothic` (Not sure if this needs to be localized, don't have a box with this)
* Windows Vista/7 -> `メイリオ`
* Windows 8/8...As yawning noted in legacy/trac#17550 the default GUI font changed across Windows versions:
* Windows XP -> `MS UI Gothic` (Not sure if this needs to be localized, don't have a box with this)
* Windows Vista/7 -> `メイリオ`
* Windows 8/8.1 -> `Meiryo UI`
* Windows 10 -> `Yu Gothic UI`
This might aid in fingerprinting JA users which are on Windows.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33849Maybe disable Windows Hello2022-11-30T13:27:45ZrichardMaybe disable Windows HelloIf we want to disable Windows Hello and associated biometrics queries in Tor Browser it looks like we can patch various IsUserVerifyingPlatformAuthenticatorAvailable calls to always return false.
It seems like there was a bit of a refac...If we want to disable Windows Hello and associated biometrics queries in Tor Browser it looks like we can patch various IsUserVerifyingPlatformAuthenticatorAvailable calls to always return false.
It seems like there was a bit of a refactor to wrap both Windows Hello as well hardware tokens like yubikeys(?) into the same authentication system so we need to take care to not break support for these.
See this patch: https://bugzilla.mozilla.org/show_bug.cgi?id=1508115
The library Mozilla is using to add Windows Hello support: https://github.com/Microsoft/webauthnhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32476Support Launching TorService Using JNI2022-11-30T13:28:03ZShane IsbellSupport Launching TorService Using JNIhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/31983Completely Disable Activity Stream on Android2022-11-30T13:28:19ZMatthew FinkelCompletely Disable Activity Stream on AndroidSimilar to legacy/trac#30846, but on Android the ActivityStream is not shown sometimes. This was originally prevented [here](https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-60.9.0esr-8.5-2-build3&id=27d688d9b1ead99ee7...Similar to legacy/trac#30846, but on Android the ActivityStream is not shown sometimes. This was originally prevented [here](https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-60.9.0esr-8.5-2-build3&id=27d688d9b1ead99ee76bf7a3e081efe2c8e1efb3), and now in 68esr that piece of code was squashed into the [.mozconfig and branding patch](https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-68.1.0esr-9.0-2-build3&id=9d0fc747ae450534dbb33c3731feff1b26141275).
This small patch prevents showing the ActivityStream screen when the URL is first pressed (and the url bar is enters "Editing" mode), however there exist other ways of accessing the ActivityStream screen. In particular, [showBrowserApp()](https://gitweb.torproject.org/tor-browser.git/tree/mobile/android/base/java/org/mozilla/gecko/BrowserApp.java?h=tor-browser-68.1.0esr-9.0-2-build3#n3026) is called when the text is typed into the url bar and then it is [completely deleted](https://gitweb.torproject.org/tor-browser.git/tree/mobile/android/base/java/org/mozilla/gecko/BrowserApp.java?h=tor-browser-68.1.0esr-9.0-2-build3#n3302) and when the user configures [about:home](https://gitweb.torproject.org/tor-browser.git/tree/mobile/android/base/java/org/mozilla/gecko/BrowserApp.java?h=tor-browser-68.1.0esr-9.0-2-build3#n2915) as their default new tab page.
The second instance is similar to legacy/trac#31575 with respect to changing the default `about:home` choices. We currently force the default homepage via Fennec's [Distribution method](https://gitweb.torproject.org/tor-browser.git/diff/mobile/android/torbrowser/assets/distribution/preferences.json?h=tor-browser-68.1.0esr-9.0-2-build3&id=9d0fc747ae450534dbb33c3731feff1b26141275).https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30130Provide custom bridges in a multiline form2022-11-30T13:30:01ZGeorg KoppenProvide custom bridges in a multiline formHave a separate line for each custom bridge to enter is a bit cumbersome as e.g. BridgeDB is giving out three bridges which then could be easily copied and pasted in multiline form. Now, the user must manually cut out the respective brid...Have a separate line for each custom bridge to enter is a bit cumbersome as e.g. BridgeDB is giving out three bridges which then could be easily copied and pasted in multiline form. Now, the user must manually cut out the respective bridges after pasting all three of them of copy them over one-by-one.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27069TBA: Make SendTab Safe2022-11-30T13:31:30ZMatthew FinkelTBA: Make SendTab SafeI see two options.
1. Delete/Comment-out the offending code like [Orfox](https://github.com/guardianproject/tor-browser/commit/45ba8e208975daebda7520ea0f111f475adba967#diff-3e37c64588dc24943c970806d5c670cd)
1. Delete all instances of `S...I see two options.
1. Delete/Comment-out the offending code like [Orfox](https://github.com/guardianproject/tor-browser/commit/45ba8e208975daebda7520ea0f111f475adba967#diff-3e37c64588dc24943c970806d5c670cd)
1. Delete all instances of `SendTab`
I believe the goal here is preventing Orfox/TBA from interacting with the Android Accounts subsystem. This is reasonable.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27065TBA: Delete AccountManager usage from Tabs2022-11-30T13:31:35ZMatthew FinkelTBA: Delete AccountManager usage from TabsWhen the app is started/restarted, it creates an `OnAccountsUpdatedListener` using the Android `AccountManager` in `Tabs.attachToContext()`. When a new account is added, the Listener calls `queuePersistAllTabs()` where the current tabs a...When the app is started/restarted, it creates an `OnAccountsUpdatedListener` using the Android `AccountManager` in `Tabs.attachToContext()`. When a new account is added, the Listener calls `queuePersistAllTabs()` where the current tabs are cached in the local database on disk. We should avoid all of this. We already deleted most of the FxA and Sync related code, we can probably delete this, too.
```
mAccountManager = AccountManager.get(appContext);
mAccountListener = new OnAccountsUpdateListener() {
@Override
public void onAccountsUpdated(Account[] accounts) {
queuePersistAllTabs();
}
};
// The listener will run on the background thread (see 2nd argument).
mAccountManager.addOnAccountsUpdatedListener(mAccountListener, ThreadUtils.getBackgroundHandler(), false);
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30270Use Ndk.abiFilters to include native dependencies2022-11-30T13:34:59ZShane IsbellUse Ndk.abiFilters to include native dependenciesndk.abiFilters should be used to manage what dependencies are included in the apk. This would be added to the gradle build file of firefox.ndk.abiFilters should be used to manage what dependencies are included in the apk. This would be added to the gradle build file of firefox.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26573TBA: Cleanup logging on < API 212022-11-30T13:37:10ZMatthew FinkelTBA: Cleanup logging on < API 21Compiling with localWithGeckoBinariesNoMinApiPhotonDebug (or another NoMinApi variant), these methods don't exist when using the lower APIs and can't be revolved at run-time. It'd be nice we can avoid this in the the situations where we ...Compiling with localWithGeckoBinariesNoMinApiPhotonDebug (or another NoMinApi variant), these methods don't exist when using the lower APIs and can't be revolved at run-time. It'd be nice we can avoid this in the the situations where we know it won't work. This only happens in onCreate from GeckoApp, but the errors are misleading. These errors are not fatal.
These errors generally come from `Hardwareutils.isSystemSupported()`, I haven't tracked down where the getDrawable*() methods are used.
```
12-31 19:06:13.340 2133-2133/org.torproject.torbrowser I/GeckoApplication: zerdatime 373344 - application start
12-31 19:06:20.390 2133-2133/org.torproject.torbrowser W/dalvikvm: VFY: unable to resolve virtual method 466: Landroid/content/Context;.checkSelfPermission (Ljava/lang/String;)I
12-31 19:06:20.770 2133-2133/org.torproject.torbrowser D/dalvikvm: DexOpt: couldn't find static field Landroid/os/Build;.SUPPORTED_ABIS
12-31 19:06:20.770 2133-2133/org.torproject.torbrowser W/dalvikvm: VFY: unable to resolve static field 173 (SUPPORTED_ABIS) in Landroid/os/Build;
12-31 19:06:20.810 2133-2133/org.torproject.torbrowser I/dalvikvm: Could not find method android.system.Os.uname, referenced from method org.mozilla.gecko.util.HardwareUtils.isX86System
12-31 19:06:20.810 2133-2133/org.torproject.torbrowser W/dalvikvm: VFY: unable to resolve static method 19531: Landroid/system/Os;.uname ()Landroid/system/StructUtsname;
12-31 19:06:23.260 2133-2133/org.torproject.torbrowser D/dalvikvm: DexOpt: couldn't find static field Landroid/os/Build;.SUPPORTED_ABIS
12-31 19:06:23.290 2133-2133/org.torproject.torbrowser W/dalvikvm: VFY: unable to resolve static field 173 (SUPPORTED_ABIS) in Landroid/os/Build;
12-31 19:06:24.260 2133-2133/org.torproject.torbrowser W/dalvikvm: VFY: unable to find class referenced in signature (Landroid/view/SearchEvent;)
12-31 19:06:24.260 2133-2133/org.torproject.torbrowser I/dalvikvm: Could not find method android.view.Window$Callback.onSearchRequested, referenced from method android.support.v7.view.WindowCallbackWrapper.onSearchRequested
12-31 19:06:24.260 2133-2133/org.torproject.torbrowser W/dalvikvm: VFY: unable to resolve interface method 20450: Landroid/view/Window$Callback;.onSearchRequested (Landroid/view/SearchEvent;)Z
12-31 19:06:24.290 2133-2133/org.torproject.torbrowser I/dalvikvm: Could not find method android.view.Window$Callback.onWindowStartingActionMode, referenced from method android.support.v7.view.WindowCallbackWrapper.onWindowStartingActionMode
12-31 19:06:24.290 2133-2133/org.torproject.torbrowser W/dalvikvm: VFY: unable to resolve interface method 20454: Landroid/view/Window$Callback;.onWindowStartingActionMode (Landroid/view/ActionMode$Callback;I)Landroid/view/ActionMode;
12-31 19:06:25.370 2133-2133/org.torproject.torbrowser I/dalvikvm: Could not find method android.content.res.Resources.getDrawable, referenced from method android.support.v7.widget.ResourcesWrapper.getDrawable
12-31 19:06:25.370 2133-2133/org.torproject.torbrowser W/dalvikvm: VFY: unable to resolve virtual method 696: Landroid/content/res/Resources;.getDrawable (ILandroid/content/res/Resources$Theme;)Landroid/graphics/drawable/Drawable;
12-31 19:06:25.380 2133-2133/org.torproject.torbrowser I/dalvikvm: Could not find method android.content.res.Resources.getDrawableForDensity, referenced from method android.support.v7.widget.ResourcesWrapper.getDrawableForDensity
12-31 19:06:25.380 2133-2133/org.torproject.torbrowser W/dalvikvm: VFY: unable to resolve virtual method 698: Landroid/content/res/Resources;.getDrawableForDensity (IILandroid/content/res/Resources$Theme;)Landroid/graphics/drawable/Drawable;
```
[[https://developer.android.com/reference/android/content/Context.html#checkSelfPermission(java.lang.String)|android.content.Context.checkSelfPermission()]] - added in API level 23
[[https://developer.android.com/reference/android/os/Build.html#SUPPORTED_ABIS|android.os.Build.SUPPORTED_ABIS]] - added in API level 21
[[https://developer.android.com/reference/android/system/Os.html#uname()|android.system.Os.uname()]] - added in API level 21
[[https://developer.android.com/reference/android/view/SearchEvent|android.view.SearchEvent]] - added in API level 23
[[https://developer.android.com/reference/android/view/Window.Callback.html#onWindowStartingActionMode(android.view.ActionMode.Callback,%20int)|android.view.Window.Callback.onWindowStartingActionMode]] - added in API level 23
[[https://developer.android.com/reference/android/content/res/Resources.html#getDrawable(int,%20android.content.res.Resources.Theme)|android.content.res.Resources.getDrawable()]] - added in API level 21
[[int, android.content.res.Resources.Theme)|android.content.res.Resources.getDrawableForDensity()](https://developer.android.com/reference/android/content/res/Resources.html#getDrawableForDensity(int,)] - added in API level 21https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30139Reenable HLS support on mobile2022-11-30T13:58:37ZGeorg KoppenReenable HLS support on mobileWe needed to disable HLS support in legacy/trac#29859 due to crashes. Those were caused by the patch for legacy/trac#28125 which was preventing direct DNS request from Android. This ticket is tracking the work to reenable HLS support.We needed to disable HLS support in legacy/trac#29859 due to crashes. Those were caused by the patch for legacy/trac#28125 which was preventing direct DNS request from Android. This ticket is tracking the work to reenable HLS support.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41200Support Adaptive Icon2022-11-30T13:59:21Zaj326Support Adaptive Iconhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22814Disable clipboard.autocopy in Tor Browser2022-11-30T14:02:27ZTracDisable clipboard.autocopy in Tor BrowserOn Linux Mint KDE (and possibly other distros) clicking with the mouse wheel on an empty (non-linked) area of a web page in Firefox will take you back to a previously closed page.
This also works if the page was in an already closed pri...On Linux Mint KDE (and possibly other distros) clicking with the mouse wheel on an empty (non-linked) area of a web page in Firefox will take you back to a previously closed page.
This also works if the page was in an already closed private window.
It also works if the page was in a TOR Browser instance after doing "create new identity".
Most hilariously, it is possible to reopen a closed page from before an identity change in a separate instance of normal Firefox.
Changing clipboard.autocopy to false in about:config stops this behavior.
In my opinion this is a highly questionable "feature" under any circumstances, but in the context of TOR Browser this should be considered a major security risk. Please disable this option by default.
This behavior is present in TOR Browser 7.0.2 on Linux Mint 18.2, but I have observed it in several older versions of both TOR Browser and Mint going back several years.
**Trac**:
**Username**: pqrstSponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/28800Implement New Identity functionality for Tor Browser on Android2022-11-30T14:06:05ZGeorg KoppenImplement New Identity functionality for Tor Browser on AndroidWe want to have an easy to use New Identity functionality for Tor Browser for Android. Currently there is some New Identity-like functionality provided by Orbot but a) that's only responsible for circuit-switching and b) it is not clear ...We want to have an easy to use New Identity functionality for Tor Browser for Android. Currently there is some New Identity-like functionality provided by Orbot but a) that's only responsible for circuit-switching and b) it is not clear whether we stick to Orbot in our grand scheme of things.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40031Easier flow to navigate back to clear-URL after an onion-location redirect, e...2022-11-30T14:08:36ZJim NewsomeEasier flow to navigate back to clear-URL after an onion-location redirect, e.g. when onion is brokenI've configured TBB to automatically follow onion-location redirects. Occasionally such a redirect goes to a broken onion site, while the clear-site is working fine. Unfortunately there's not an easy flow to navigate back to the clear-ur...I've configured TBB to automatically follow onion-location redirects. Occasionally such a redirect goes to a broken onion site, while the clear-site is working fine. Unfortunately there's not an easy flow to navigate back to the clear-url (and not redirect again).https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41196Two new-tab options shown on urlbar long-press2022-11-30T14:29:29ZMatthew FinkelTwo new-tab options shown on urlbar long-pressReported https://blog.torproject.org/comment/292074#comment-292074
Let's remove the `New Tab` option.Reported https://blog.torproject.org/comment/292074#comment-292074
Let's remove the `New Tab` option.https://gitlab.torproject.org/tpo/core/arti/-/issues/69Client side bridge, proxy, and PT support2022-11-30T14:39:41ZNick MathewsonClient side bridge, proxy, and PT supportArti clients should be able to use outbound proxies, pluggable transports, and bridges.
To use proxies:
* [x] Allow configuration of at least SOCKS4, SOCKS5, and SOCKS*-with-Tor extensions for outbound proxy types. HTTP is optional. ...Arti clients should be able to use outbound proxies, pluggable transports, and bridges.
To use proxies:
* [x] Allow configuration of at least SOCKS4, SOCKS5, and SOCKS*-with-Tor extensions for outbound proxy types. HTTP is optional. (4h) (partially defer)
* [x] Implement the above protocols. (16h)
* [x] In the code, allow these proxies to be applied to a single TCP connection, or to all TCP connections. This might need to apply at the channel level; we'll probably need to add more complexity in tor_chanmgr. (16h) (partially defer)
* [x] When these proxies are configured, apply them to all outgoing connections that they're configured for. (16h) (partially defer)
To implement bridge usage:
* [x] Allow a configuration of a list of bridges. (8h)
* [x] Allow bridge usage to be turned on and off. (4h)
* ✗ ~~**Possibly**, kill all streams and circuits when doing this.~~ (24h)
* [x] Retire no-longer-correct streams and circuits when doing this. (#650) (8h)
* [x] Support code, either in dirmgr or as a separate thing, to download and maintain a set of router descriptors for a set of configured bridges. (40h)
* [x] Persistently cache downloaded descriptors
* [x] Ability to configure the bridge descriptor downloader's parameters
* [x] Support multiple guard sets, and switching between them. (24h)
* [x] Extend guard manager code to allow guards to be bridges as well as relays in the public network. (24h)
* [x] Allow guards to be chosen from a universe of bridges
* [x] Install a universe of bridges as appropriate
* [x] Inform the directory manager when we want different bridges
* [x] Extend circuit manager code to use bridges correctly. (24h)
* [x] Ask `FirstHop` to be a `CircTarget` before hitting the directory for a `Relay`
* [x] Make sure that a bridge-based `FirstHop` can indeed be a `CircTarget` on its own.
* (Also, see all places in the specs that talk about bridges)
To implement PT usage:
* [x] Allow a set of pluggable transports to be configured, either as managed or unmanaged proxies. (12h)
* [x] Allow bridges to be configured to use pluggable transports. (4h)
* ✗ For unmanaged PTs (are these used?), connect to chosen IP:Port and speak SOCKS. (defer)
* [x] Implement the code to launch and manage a pluggable transport according to the protocols in `pt-spec.txt` (24h)
* [x] For managed PTs, launch them when we need them, handle it if they crash, and route traffic through them via SOCKS as appropriate. If we go for a long time without using a managed PT, maybe shut it down. (40h)
* (Also, see `pt-spec.txt`)Arti 1.1.0: Anticensorship readyhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40171Make WebRequest and GeckoWebExecutor First-Party aware2022-11-30T14:43:41ZMatthew FinkelMake WebRequest and GeckoWebExecutor First-Party awareGeckoWebExecutor, and WebRequest, are only aware of the request URL, but they don't have necessary context for setting first-party origin attributes.
https://searchfox.org/mozilla-beta/source/widget/android/WebExecutorSupport.cpp#360
`...GeckoWebExecutor, and WebRequest, are only aware of the request URL, but they don't have necessary context for setting first-party origin attributes.
https://searchfox.org/mozilla-beta/source/widget/android/WebExecutorSupport.cpp#360
```cpp
nsresult WebExecutorSupport::CreateStreamLoader(
java::WebRequest::Param aRequest, int32_t aFlags,
java::GeckoResult::Param aResult) {
const auto req = java::WebRequest::LocalRef(aRequest);
const auto reqBase = java::WebMessage::LocalRef(req.Cast<java::WebMessage>());
nsCOMPtr<nsIURI> uri;
nsresult rv = NS_NewURI(getter_AddRefs(uri), reqBase->Uri()->ToString());
NS_ENSURE_SUCCESS(rv, NS_ERROR_MALFORMED_URI);
nsCOMPtr<nsIChannel> channel;
rv = NS_NewChannel(getter_AddRefs(channel), uri,
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
nsIContentPolicy::TYPE_OTHER);
NS_ENSURE_SUCCESS(rv, rv);
if (aFlags & java::GeckoWebExecutor::FETCH_FLAGS_ANONYMOUS) {
channel->SetLoadFlags(nsIRequest::LOAD_ANONYMOUS);
}
nsCOMPtr<nsICookieJarSettings> cookieJarSettings =
CookieJarSettings::Create();
MOZ_ASSERT(cookieJarSettings);
nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
loadInfo->SetCookieJarSettings(cookieJarSettings);
// setup http/https specific things
nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(channel, &rv));
if (httpChannel) {
rv = SetupHttpChannel(httpChannel, channel, aRequest);
NS_ENSURE_SUCCESS(rv, rv);
}
```
I'll open a bugzilla ticket for this, too.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41260Improve Port external helper app prompting2022-11-30T14:45:08ZMatthew FinkelImprove Port external helper app promptingIn android-components#40007 we added a prompt before launching an external app, but that implementation requires tight-coupling between this repo and Fenix. In android-components!5 i tried sketching how we can handle the prompting entire...In android-components#40007 we added a prompt before launching an external app, but that implementation requires tight-coupling between this repo and Fenix. In android-components!5 i tried sketching how we can handle the prompting entirely within android-components without relying on Fenix.