The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-11-30T17:01:16Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40321AV1 playback doesn't work on Windows2022-11-30T17:01:16Zthrowawayissueav1AV1 playback doesn't work on WindowsHi I noticed AV1 does not work with tor browser on Windows 10 x64, I tried it on Linux and it works fine.
Site I tested on with 10.0.9 Tor Browser default settings - https://demo.bitmovin.com/public/firefox/av1/ see console error log att...Hi I noticed AV1 does not work with tor browser on Windows 10 x64, I tried it on Linux and it works fine.
Site I tested on with 10.0.9 Tor Browser default settings - https://demo.bitmovin.com/public/firefox/av1/ see console error log attached.
[console-errors_-_Copy.txt](/uploads/6ce01944c1f3609982d151771f2d40ef/console-errors_-_Copy.txt)Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/core/tor/-/issues/40214Tune KIST and EWMA with Congestion Control2022-02-28T19:41:52ZMike PerryTune KIST and EWMA with Congestion ControlOnce congestion control (Proposal 324) is implemented, we will need to re-visit our KIST and EWMA parameter choices and performance, as EWMA will provide better fairness properties by increasing RTT of overly loud circuits, which will ca...Once congestion control (Proposal 324) is implemented, we will need to re-visit our KIST and EWMA parameter choices and performance, as EWMA will provide better fairness properties by increasing RTT of overly loud circuits, which will cause congestion control to back off.
The KIST interval will also influence the number of circuits that can be involved in prioritization decisions. Larger intervals mean lower throughput, but more prioritization choice. Smaller intervals mean higher throughput, but less prioritization choice.
For some additional background on KIST tuning, see https://gitlab.torproject.org/tpo/core/tor/-/issues/29427.Sponsor 61 - Making the Tor network faster & more reliable for users in Internet-repressive placeshttps://gitlab.torproject.org/tpo/network-health/exitmap/-/issues/4Investigate circuit build errors in exitmap2022-10-17T10:12:07ZGeorg KoppenInvestigate circuit build errors in exitmapRunning different tests locally and remotely on a server both with Python2 and the upcoming Python3 changes result in circuit build failures 3.15% and 5.83% which seems a lot.
Moreover, the Python3 failure rates (4.29%, 4,78%, and 5.83%...Running different tests locally and remotely on a server both with Python2 and the upcoming Python3 changes result in circuit build failures 3.15% and 5.83% which seems a lot.
Moreover, the Python3 failure rates (4.29%, 4,78%, and 5.83%) seem to be slightly higher than the Python2 ones (3.15% and 3.465) but that could easily be due to the low sample size.
I ran the `checktest` and `patchingTest` modules for that.
While the Python2 code does not show any particular circuit build errors my Python3 logs do sometimes (but not always) e.g.:
```
Traceback (most recent call last):
File "/path/to/exitmap/src/torsocks.py", line 93, in ourneg
orig_neg(*args, **kwargs)
File "/usr/lib/python3/dist-packages/socks.py", line 443, in _negotiate_SOCKS5
self.proxy_peername, self.proxy_sockname = self._SOCKS5_request(
File "/usr/lib/python3/dist-packages/socks.py", line 524, in _SOCKS5_request
resp = self._readall(reader, 3)
File "/usr/lib/python3/dist-packages/socks.py", line 276, in _readall
d = file.read(count - len(data))
File "/usr/lib/python3.8/socket.py", line 669, in readinto
return self._sock.recv_into(b)
socket.timeout: timed out
```
or
```
2020-11-06 17:07:51,370 modules.patchingCheck [WARNING] urlopen() failed for <https://metrics.torproject.org/rs.html#details/B08E00F42640CE8B63698DC133F9F35D1177F0BB>: timed out
Traceback (most recent call last):
File "/path/to/exitmap/src/torsocks.py", line 93, in ourneg
orig_neg(*args, **kwargs)
File "/usr/lib/python3/dist-packages/socks.py", line 443, in _negotiate_SOCKS5
self.proxy_peername, self.proxy_sockname = self._SOCKS5_request(
File "/usr/lib/python3/dist-packages/socks.py", line 533, in _SOCKS5_request
raise SOCKS5Error("{:#04x}: {}".format(status, error))
socks.SOCKS5Error: 0x04: Host unreachable
```Sponsor 61 - Making the Tor network faster & more reliable for users in Internet-repressive placeshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40207Tor Browser is writing to Windows registry on every start2022-11-30T15:19:24ZGeorg KoppenTor Browser is writing to Windows registry on every startI got a report from a cypherpunk:
```
https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Platform-Installation
Firefox is still writing to Windows Registry on every start:
Computer\HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firef...I got a report from a cypherpunk:
```
https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Platform-Installation
Firefox is still writing to Windows Registry on every start:
Computer\HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Launcher
There it stores all the paths TBB was started from.
That also allows an attacker to permanently disable Launcher Process
security feature, and even any hiccup can do/leads to it:
about:support
Launcher Process Disabled due to failure
```Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/core/tor/-/issues/40169Circuit Build Timeout code needs cleanup2023-06-08T17:51:54ZMike PerryCircuit Build Timeout code needs cleanupThere's two places where we time out circuits: `circuit_expire_building` and `circuit_build_times_handle_completed_hop()`. `circuit_expire_building` is filled with 19 years of cruft and complexity, and only operates on the *second* resol...There's two places where we time out circuits: `circuit_expire_building` and `circuit_build_times_handle_completed_hop()`. `circuit_expire_building` is filled with 19 years of cruft and complexity, and only operates on the *second* resolution, instead of milliseconds.
These probably only affect timeout in rare cases -- https://gitlab.torproject.org/tpo/core/tor/-/issues/40157 seems to show that with fixes from https://gitlab.torproject.org/tpo/core/tor/-/issues/40168, then we get very close to the target 20% timeout. But there's so much old cruft here that we should clean it up anyway. It might affect UX very poorly in some edge cases.
This is especially true for onion services, which rely primarily on `circuit_expire_building()`. There's likely many bad performance consequences of this, for them.Sponsor 61 - Making the Tor network faster & more reliable for users in Internet-repressive placesMike PerryMike Perryhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40057ensure that CSS4 system colors are not a fingerprinting vector2023-06-01T17:13:29ZMark Smithensure that CSS4 system colors are not a fingerprinting vectorFrom #33534: Firefox 76 added support for CSS4 system colors. It looks like these were not added to https://searchfox.org/mozilla-central/source/widget/nsXPLookAndFeel.cpp#534 (`GetStandinForNativeColor()`). We should test the behavior a...From #33534: Firefox 76 added support for CSS4 system colors. It looks like these were not added to https://searchfox.org/mozilla-central/source/widget/nsXPLookAndFeel.cpp#534 (`GetStandinForNativeColor()`). We should test the behavior and consider updating the system colors to Windows 10 and MacOS 10.10.x.
https://bugzilla.mozilla.org/show_bug.cgi?id=1590894 \
"Need to support CSS4 system colors"Sponsor 131 - Phase 2 - Privacy BrowserDan BallardDan Ballardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40054Investigate disabling disk caching of shaders2023-01-05T16:25:29ZMark SmithInvestigate disabling disk caching of shadersFrom #33534: Firefox 75 implemented more aggressive caching of shaders to disk. We should verify this does not happen in private browsing mode (or that the shaders being cached are not from web content).
https://bugzilla.mozilla.org/sho...From #33534: Firefox 75 implemented more aggressive caching of shaders to disk. We should verify this does not happen in private browsing mode (or that the shaders being cached are not from web content).
https://bugzilla.mozilla.org/show_bug.cgi?id=1614679 \
"Cache shaders to disk even if they are compiled after the 10th frame"Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/23024Flags to increase hardening on Windows2022-10-06T01:14:43ZArthur EdelsteinFlags to increase hardening on WindowsWe can add `-fstack-protector-all` and `-D_FORTIFY_SOURCE=2` to our Windows build for some extra protection.We can add `-fstack-protector-all` and `-D_FORTIFY_SOURCE=2` to our Windows build for some extra protection.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33965Uplift 27604: Fix addon issues when moving TB directory2023-01-05T16:19:24ZAlex CatarineuUplift 27604: Fix addon issues when moving TB directoryThis is https://bugzilla.mozilla.org/show_bug.cgi?id=1429838, which did not get much attention by mozilla. But we can try attaching our patch and see if there's some progress.This is https://bugzilla.mozilla.org/show_bug.cgi?id=1429838, which did not get much attention by mozilla. But we can try attaching our patch and see if there's some progress.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32225Saving whole web pages broken on "Safest" security setting on Tor Browser 11.52023-01-05T16:19:28ZTracSaving whole web pages broken on "Safest" security setting on Tor Browser 11.5When saving pages using the "Save page as" dialog, the download fails immediately after starting and is displayed as "failed" in the download panel. The page still seems to be saved correctly. So far, I've only tested 9.0 (based on Mozil...When saving pages using the "Save page as" dialog, the download fails immediately after starting and is displayed as "failed" in the download panel. The page still seems to be saved correctly. So far, I've only tested 9.0 (based on Mozilla Firefox 68.2.0esr) (64-bit) on Windows 10.
**Trac**:
**Username**: 7TR0OrSponsor 131 - Phase 2 - Privacy Browserma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32118New Identity button icon could be more legible2022-11-30T16:33:13ZTaylor YuNew Identity button icon could be more legibleOn upgrading to 9.0a8, I had trouble identifying what the new "New Identity" button was supposed to represent. I can't tell if it's supposed to be a broom with sparkles around it, or a rocket in flight against a starfield.
Relatedly, th...On upgrading to 9.0a8, I had trouble identifying what the new "New Identity" button was supposed to represent. I can't tell if it's supposed to be a broom with sparkles around it, or a rocket in flight against a starfield.
Relatedly, the "New Identity" button also seems lower resolution and blockier than the other icons in the toolbar. (I'm on macOS 10.12.6 on a new-ish MacBook Pro with a Retina screen, if that matters.)Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/29887Potential user activity data leak2023-01-05T17:32:42ZTracPotential user activity data leakThe user preferences file at ./Browser/TorBrowser/Data/Browser/profile.default/prefs.js contains data that can be used to tie anonymous activity via Tor in a certain time period to a particular user. This information may serve as additio...The user preferences file at ./Browser/TorBrowser/Data/Browser/profile.default/prefs.js contains data that can be used to tie anonymous activity via Tor in a certain time period to a particular user. This information may serve as additional evidence and help repressive regimes to identify activists and whistleblowers.
The most sensitive data is contained in the following parameters:
* toolkit.startup.last_success - time of last successful browser startup.
* browser.laterrun.bookkeeping.profileCreationTime - profile creation time, i.e. when this browser was started for the first time.
All other parameters listed below are regularly updated during the browser's run. Given their quantity, they may serve as a pretty reliable indication of when this particular user was online.
* app.update.lastUpdateTime.addon-background-update-timer
* app.update.lastUpdateTime.background-update-timer
* app.update.lastUpdateTime.blocklist-background-update-timer
* app.update.lastUpdateTime.browser-cleanup-thumbnails
* app.update.lastUpdateTime.experiments-update-timer
* app.update.lastUpdateTime.search-engine-update-timer
* app.update.lastUpdateTime.xpi-signature-verification
* extensions.blocklist.lastModified
* extensions.torbutton.lastUpdateCheck
* idle.lastDailyNotification
* media.gmp-manager.lastCheck
* places.database.lastMaintenance
* storage.vacuum.last.places.sqlite
* app.update.lastUpdateTime.xpi-signature-verification
If there are any other such parameters, they may pose a security risk as well.
As a possible solution, we propose that these parameters should not be updated at all, and the browser should treat every time it is run as the first.
**Trac**:
**Username**: pf.teamSponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/29886NoScript icon is still visible in context menu after the fix for #25658 landed2023-11-27T12:07:07ZGeorg KoppenNoScript icon is still visible in context menu after the fix for #25658 landedA user on the blog noticed that we removed the NoScript toolbar icon but the one in the context menu is still visible. (see: https://blog.torproject.org/comment/280411#comment-280411). Moreover, clicking on it results in an error:
```
Ty...A user on the blog noticed that we removed the NoScript toolbar icon but the one in the context menu is still visible. (see: https://blog.torproject.org/comment/280411#comment-280411). Moreover, clicking on it results in an error:
```
TypeError: this.getPlacementOfWidget(...) is null[Learn More] CustomizableUI.jsm:1638:18
```Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/29745Exposed chrome:// resources can leak point releases, confirmed can leak app l...2024-03-03T00:39:25ZTracExposed chrome:// resources can leak point releases, confirmed can leak app languageThe default permissions defined in the chrome.manifest file allow specific paths to be called from any web page. For example, chrome://browser/content/* or chrome://global/content/*.
**For references see** https://bugzilla.mozilla.or...The default permissions defined in the chrome.manifest file allow specific paths to be called from any web page. For example, chrome://browser/content/* or chrome://global/content/*.
**For references see** https://bugzilla.mozilla.org/show_bug.cgi?id=1534581
**Trac**:
**Username**: flngerprlntSponsor 131 - Phase 2 - Privacy BrowserPier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/29142Clean-up branding directories2023-05-08T08:23:45ZGeorg KoppenClean-up branding directoriesDuring work on legacy/trac#25702 we realized that the branding directories contain old cruft which is not needed anymore (like the .bmp file changes). We should go over our branding patch(es) and make sure we have everything we need (and...During work on legacy/trac#25702 we realized that the branding directories contain old cruft which is not needed anymore (like the .bmp file changes). We should go over our branding patch(es) and make sure we have everything we need (and only that).
The first branding patch is the one for legacy/trac#2716. It could be worth merging the one from legacy/trac#25702 with it and doing the clean-up while that happens (i.e. during the esr68 rebase). Putting it tentatively on that radar.Sponsor 131 - Phase 2 - Privacy BrowserPier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27607Enabling SVG sets security slider back to "Safer"2023-01-05T16:20:10ZGeorg KoppenEnabling SVG sets security slider back to "Safer"Set the slider to "Safest" and then enable SVG in `about:config`. Despite the wish to just enable SVG this sets the slider back to "Safer". Found by ln5.Set the slider to "Safest" and then enable SVG in `about:config`. Despite the wish to just enable SVG this sets the slider back to "Safer". Found by ln5.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26616Check that change to KeyboardEvent.keyCode behavior doesn't add fingerprintin...2022-11-30T16:52:23ZArthur EdelsteinCheck that change to KeyboardEvent.keyCode behavior doesn't add fingerprinting riskmcs and brade pointed out a change to KeyboardEvent.keyCode behavior:
https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/keyCode#keyCode_of_punctuation_keys_on_some_keyboard_layout
We should check that this does not worsen ...mcs and brade pointed out a change to KeyboardEvent.keyCode behavior:
https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/keyCode#keyCode_of_punctuation_keys_on_some_keyboard_layout
We should check that this does not worsen the KeyboardEvent anti-fingerprinting patch.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26404Fixup commits for unused symbols2023-01-05T15:48:14ZMatthew FinkelFixup commits for unused symbolsSome Tor Browser patches result in unreachable and/or unused code. This isn't a problem, in general, but when Firefox is built with `-Werror`, this causes a compile-time build failure. I'd like to fix these failures in our tree so we can...Some Tor Browser patches result in unreachable and/or unused code. This isn't a problem, in general, but when Firefox is built with `-Werror`, this causes a compile-time build failure. I'd like to fix these failures in our tree so we can begin pushing Try builds for our entire patchset.
This is step 0 on the larger/grander path of running the entire Firefox test suite against Tor Browser. Currently, too many unit tests fail when run on Tor Browser's patches, so this will not be useful (by itself) right now.
To be clear, I'm not sure if we should patch every unit test failure or if we should write a script that fetches the results and tells us if any failures were not expected - but this is a different topic.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26080torbrowser 7.5.4 update seems to generate file with unique uuid in it2022-11-29T14:28:02Zcypherpunkstorbrowser 7.5.4 update seems to generate file with unique uuid in itupdating from 7.5.3 to 7.5.4 on linux seems to include a file named '.uuid' in the fonts dir that appears to be unique (comparing two different updated torbrowsers)updating from 7.5.3 to 7.5.4 on linux seems to include a file named '.uuid' in the fonts dir that appears to be unique (comparing two different updated torbrowsers)Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25916Disable MOZ_DISABLE_CONTENT_SANDBOX2023-07-12T14:12:39ZTom Rittertom@ritter.vgDisable MOZ_DISABLE_CONTENT_SANDBOXMOZ_DISABLE_CONTENT_SANDBOX can be used at runtime to disable the content sandbox. If an attacker can influence this, we're probably already sunk, but just like we disable the "Dump all your TLS Session Keys here please" environment var...MOZ_DISABLE_CONTENT_SANDBOX can be used at runtime to disable the content sandbox. If an attacker can influence this, we're probably already sunk, but just like we disable the "Dump all your TLS Session Keys here please" environment variable, we should disable this one too.Sponsor 131 - Phase 2 - Privacy Browser