The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2020-06-27T14:30:00Zhttps://gitlab.torproject.org/tpo/web/blog/-/issues/24187Reduce bullet spacing on blog2020-06-27T14:30:00ZstephwReduce bullet spacing on blogChange li margin-bottom from 1.5em to 0.5emChange li margin-bottom from 1.5em to 0.5emHiroHirohttps://gitlab.torproject.org/tpo/network-health/metrics/tor-check/-/issues/25285Atlas is now called Relay Search and it has a new URL2020-06-27T14:26:36ZirlAtlas is now called Relay Search and it has a new URLThis is referenced from the HTML sent to clients when visiting check.torproject.org.
The old URLs look like:
https://atlas.torproject.org/#
The new URLs look like:
https://metrics.torproject.org/rs.html#This is referenced from the HTML sent to clients when visiting check.torproject.org.
The old URLs look like:
https://atlas.torproject.org/#
The new URLs look like:
https://metrics.torproject.org/rs.html#irlirlhttps://gitlab.torproject.org/tpo/community/support/-/issues/28474add tor + msg apps entry to the support portal2020-06-27T13:44:41Zemmapeeladd tor + msg apps entry to the support portal
We could link and maybe update https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/InstantMessaging
We could link and maybe update https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/InstantMessaginghttps://gitlab.torproject.org/tpo/network-health/metrics/collector/-/issues/5812Look into downloading votes by all known authorities2020-06-27T14:22:51ZKarsten LoesingLook into downloading votes by all known authoritiesmetrics-db currently looks at the downloaded consensus to decide which votes to download. This approach fails, as we found in legacy/trac#5805, when metrics-db is missing a consensus. We should look into downloading votes published by ...metrics-db currently looks at the downloaded consensus to decide which votes to download. This approach fails, as we found in legacy/trac#5805, when metrics-db is missing a consensus. We should look into downloading votes published by all known authorities, not just the ones contained in the consensus.Karsten LoesingKarsten Loesinghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/29258Provide an IPv6 address for the Snowflake broker2020-07-06T23:50:09ZAlexander Færøyahf@torproject.orgProvide an IPv6 address for the Snowflake brokerWe have a bit of a tendency to forget to test IPv6 solutions properly and in a structured way. We should make sure that IPv6 is working properly with Snowflake.We have a bit of a tendency to forget to test IPv6 solutions properly and in a structured way. We should make sure that IPv6 is working properly with Snowflake.Sponsor 28: Reliable Anonymous Communication Evading Censors and Repressors (RACECAR)David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek/-/issues/26891Problem running meek server without CDN, stuck at Performing bandwidth self-t...2023-08-01T19:36:47ZTracProblem running meek server without CDN, stuck at Performing bandwidth self-test...done**I am trying to run a meek server, and this is what I have done for the test:**
I have a domain (for example, call it example.com) and I manually applied for Let's Encrypt SSL certificate, so I can visit the website through https://exa...**I am trying to run a meek server, and this is what I have done for the test:**
I have a domain (for example, call it example.com) and I manually applied for Let's Encrypt SSL certificate, so I can visit the website through https://example.com.
**Here is the torrc:**
BridgeRelay 1
ORPort 9001
ExtORPort auto
SocksPort 0
ExitPolicy reject *:*
ServerTransportListenAddr meek 0.0.0.0:443
ServerTransportPlugin meek exec /usr/local/bin/meek-server --cert /etc/letsencrypt/live/example.com/fullchain.pem --key /etc/letsencrypt/live/example.com/privkey.pem --log /var/log/tor/meek-server.log
**However, when I enter "tor -f torrc", it stuck here:**
Jul 20 15:29:53.566 [notice] Tor 0.3.2.10 (git-0edaa32732ec8930) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.0.2g, Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.1.
Jul 20 15:29:53.567 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jul 20 15:29:53.567 [notice] Read configuration file "/xxx/torrc".
Jul 20 15:29:53.574 [notice] Your ContactInfo config option is not set. Please consider setting it, so we can contact you if your server is misconfigured or something else goes wrong.
Jul 20 15:29:53.574 [notice] Based on detected system memory, MaxMemInQueues is set to 739 MB. You can override this by setting MaxMemInQueues by hand.
Jul 20 15:29:53.576 [notice] Scheduler type KIST has been enabled.
Jul 20 15:29:53.576 [notice] Opening OR listener on 0.0.0.0:9001
Jul 20 15:29:53.576 [notice] Opening Extended OR listener on 127.0.0.1:0
Jul 20 15:29:53.577 [notice] Extended OR listener listening on port 40651.
Jul 20 15:29:54.000 [warn] Failed to open GEOIP file /usr/share/tor/geoip. We've been configured to see which countries can access us as a bridge, and we need GEOIP information to tell which countries clients are in. Do you have the tor-geoipdb package installed?
Jul 20 15:29:54.000 [warn] Failed to open GEOIP file /usr/share/tor/geoip6. We've been configured to see which countries can access us as a bridge, and we need GEOIP information to tell which countries clients are in. Do you have the tor-geoipdb package installed?
Jul 20 15:29:54.000 [notice] Configured to measure directory request statistics, but no GeoIP database found. Please specify a GeoIP database using the GeoIPFile option.
Jul 20 15:29:54.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't.
Jul 20 15:29:56.000 [notice] Your Tor server's identity key fingerprint is 'Unnamed E8094BFxxxxxxxxxx5C1E'
Jul 20 15:29:56.000 [notice] Your Tor bridge's hashed identity key fingerprint is 'Unnamed BBAA6xxxxxxxxxAA811B'
Jul 20 15:29:56.000 [notice] Bootstrapped 0%: Starting
Jul 20 15:30:03.000 [notice] Starting with guard context "default"
Jul 20 15:30:03.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Jul 20 15:30:03.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Jul 20 15:30:04.000 [warn] Server managed proxy encountered a method error. (meek listen tcp 0.0.0.0:443: bind: address already in use)
Jul 20 15:30:04.000 [warn] Managed proxy at '/usr/local/bin/meek-server' failed the configuration protocol and will be destroyed.
Jul 20 15:30:04.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Jul 20 15:30:06.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jul 20 15:30:06.000 [notice] Bootstrapped 100%: Done
Jul 20 15:30:06.000 [notice] Now checking whether ORPort 45.xxx.xxx.xxx:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Jul 20 15:30:09.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Jul 20 15:31:14.000 [notice] Your network connection speed appears to have changed. Resetting timeout to 60s after 18 timeouts and 442 buildtimes.
Jul 20 15:31:20.000 [notice] Performing bandwidth self-test...done.
**And then it has no output and seems not working. Besides the above one, once I also got the output:**
...
Jul 20 08:24:27.000 [notice] Performing bandwidth self-test...done.
Jul 20 09:23:17.000 [notice] No circuits are opened. Relaxed timeout for circuit 30 (a Measuring circuit timeout 3-hop circuit in state doing handshakes with channel state open) to 60000ms. However, it appears the circuit has timed out anyway.
**What's wrong with my steps in setting the meek server? What should I do next to set up a meek server, either for use or for test?
Must I use CDN to domain fronting it?**
By the way, is it possible to use meek without domain fronting if the domain has not been filtered?
May be I misunderstood something in https://trac.torproject.org/projects/tor/wiki/doc/meek#Howtorunameek-serverbridge and meek's README and I am sorry for that.
**Trac**:
**Username**: weiruoDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/web/community/-/issues/141Include Code of Conduct, Social Contract and Community Council links2020-12-18T00:42:32ZAntonelaantonela@torproject.orgInclude Code of Conduct, Social Contract and Community Council linksDuring the last CC meeting, we discussed a few low-hanging fruits to make more public our governance documents. One of the places to publicize them is the community portal.
Include:
- Code of Conduct https://gitweb.torproject.org/commun...During the last CC meeting, we discussed a few low-hanging fruits to make more public our governance documents. One of the places to publicize them is the community portal.
Include:
- Code of Conduct https://gitweb.torproject.org/community/policies.git/tree/code_of_conduct.txt
- Social Contract https://gitweb.torproject.org/community/policies.git/tree/social_contract.txt
- Community Council https://gitweb.torproject.org/community/policies.git/tree/community_council.txt
cc @ahf @pili @catalyst @gabaAntonelaantonela@torproject.orgAntonelaantonela@torproject.orghttps://gitlab.torproject.org/tpo/web/support/-/issues/106Rename "censorship" question in metrics section2020-04-14T22:00:46ZGusRename "censorship" question in metrics sectionWe need to change the folder name, seo_slug and _seo_slug, since we have a whole section called 'censorship'.We need to change the folder name, seo_slug and _seo_slug, since we have a whole section called 'censorship'.GusGushttps://gitlab.torproject.org/tpo/network-health/metrics/onionperf/-/issues/40019Manage existing OP deployments with Ansible2021-04-21T15:09:32ZAna CusturaManage existing OP deployments with AnsibleWe currently manually redeploy all long-term running instances when there is a bump in OP version. The goal is to move them to the ansible framework proposed in https://gitlab.torproject.org/tpo/metrics/onionperf/-/issues/33319 once avai...We currently manually redeploy all long-term running instances when there is a bump in OP version. The goal is to move them to the ansible framework proposed in https://gitlab.torproject.org/tpo/metrics/onionperf/-/issues/33319 once available.https://gitlab.torproject.org/tpo/core/chutney/-/issues/18932Re-launching chutney with cached descriptors sometimes fails2020-07-23T20:18:37ZteorRe-launching chutney with cached descriptors sometimes failsA user reports that chutney sometimes fails when relaunched with a previous configuration and cached descriptors.
https://lists.torproject.org/pipermail/tor-dev/2016-April/010854.html
Typically, chutney is run on a newly-configured dir...A user reports that chutney sometimes fails when relaunched with a previous configuration and cached descriptors.
https://lists.torproject.org/pipermail/tor-dev/2016-April/010854.html
Typically, chutney is run on a newly-configured directory every time, so we don't run into this bug very often.https://gitlab.torproject.org/tpo/core/tor/-/issues/200Path selection algorithm wastes exit bandwidth by choosing exits as relay nodes.2020-06-27T14:11:05ZgoodellPath selection algorithm wastes exit bandwidth by choosing exits as relay nodes.Nodes with more liberal exit policies should be chosen less frequently
than nodes with more conservative exit policies, since they will
naturally attract a disproportionate number of streams exiting to that
port. For example, the fact ...Nodes with more liberal exit policies should be chosen less frequently
than nodes with more conservative exit policies, since they will
naturally attract a disproportionate number of streams exiting to that
port. For example, the fact that many streams traverse one
particular node because it provides exit to port 6881 should not
result in a concomitant bandwidth report that makes it more attractive
to clients interested in exiting to port 80.
Ideally, we would (a) take into account that two hops of each circuit
are chosen irrespectively of exit policy, and (b) we want to avoid
"popular" nodes, where "popular" is some function of the scarcity of
the ports to which they allow passage.
[Automatically added by flyspray2trac: Operating System: All]0.1.2.x-finalhttps://gitlab.torproject.org/tpo/core/fallback-scripts/-/issues/28863updateFallbackDirs.py thinks it is python 3 compatible but it is not2020-06-27T14:11:37ZstarlightupdateFallbackDirs.py thinks it is python 3 compatible but it is notThis comment would lead one to believe the script will run with python 3 but problems remain:
```
# Optionally uses ipaddress (python 3 builtin) or py2-ipaddress (package)
# for netblock analysis.
```
After running `2to3-3.7` on commit...This comment would lead one to believe the script will run with python 3 but problems remain:
```
# Optionally uses ipaddress (python 3 builtin) or py2-ipaddress (package)
# for netblock analysis.
```
After running `2to3-3.7` on commit 6BC5C06D additional manual revisions were required per the attached patch. A subtle certificate validation problem exists, not enough time to fix so disabled it. Have good CA files in both system and Python directories and `openssl s_client` has no problem.
```
OUTPUT_CANDIDATES = True
```
is broken, wasn't prepared to spend the time hacking it.https://gitlab.torproject.org/tpo/core/torsocks/-/issues/17478Fix typos in comments2020-06-27T14:12:06ZTracFix typos in commentsThere are some typos in comments.
**Trac**:
**Username**: junglefowlThere are some typos in comments.
**Trac**:
**Username**: junglefowlDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/community/l10n/-/issues/9144Untranslated strings are still removed/empty in Transifex output2020-06-27T13:45:09ZMike PerryUntranslated strings are still removed/empty in Transifex outputIt appears that untranslated strings are still empty for Firefox DTD strings, and commented out for property strings. This is causing the partially localized bundles (like Farsi) to have rendering errors. Worse, empty properties cause ex...It appears that untranslated strings are still empty for Firefox DTD strings, and commented out for property strings. This is causing the partially localized bundles (like Farsi) to have rendering errors. Worse, empty properties cause exceptions in Torbutton and Tor Launcher, which will alter the browser behavior in unexpected ways, possibly including interfering with important privacy settings and even proxy configuration.
Is there any way to get Transifex to provide us with a copy of the DTD and property files that actually have the English placeholders active?Colin ChildsColin Childshttps://gitlab.torproject.org/tpo/community/support/-/issues/28475Update support portal on Tor Browser for Android2020-06-27T13:44:41ZemmapeelUpdate support portal on Tor Browser for AndroidSome information needs to be updated on the support portal:
https://support.torproject.org/#tormobile
About Tor Browser for Android:
Can I run Tor on an Android device?
Who is the Guardian Project?
Can I run Tor on an iOS device?
How ...Some information needs to be updated on the support portal:
https://support.torproject.org/#tormobile
About Tor Browser for Android:
Can I run Tor on an Android device?
Who is the Guardian Project?
Can I run Tor on an iOS device?
How do I run Tor on Windows Phone?
When is Tor Browser for Android being released?Colin ChildsColin Childshttps://gitlab.torproject.org/tpo/network-health/metrics/collector/-/issues/5813Sanity-check descriptors using metrics-lib before writing them to disk2020-06-27T14:22:51ZKarsten LoesingSanity-check descriptors using metrics-lib before writing them to diskIn legacy/trac#5805 we found that we have quite a few files that are either empty or truncated. We should parse all descriptors with metrics-lib and only store valid descriptors to disk.In legacy/trac#5805 we found that we have quite a few files that are either empty or truncated. We should parse all descriptors with metrics-lib and only store valid descriptors to disk.Karsten LoesingKarsten Loesinghttps://gitlab.torproject.org/tpo/network-health/metrics/library/-/issues/22139last_restarted and platform missing even though it is available in descriptor2020-06-27T14:23:38Zcypherpunkslast_restarted and platform missing even though it is available in descriptorthere are currently 3 such relays, one example:
256F183F252DBBF080F2E70E5CB0F523A6323D0F
Also note that recommended_version is set to true even though that depends on the relay's platform string.
https://onionoo.torproject.org/details?...there are currently 3 such relays, one example:
256F183F252DBBF080F2E70E5CB0F523A6323D0F
Also note that recommended_version is set to true even though that depends on the relay's platform string.
https://onionoo.torproject.org/details?fingerprint=256F183F252DBBF080F2E70E5CB0F523A6323D0F
```
{"version":"4.0",
"relays_published":"2017-05-03 08:00:00",
"relays":[
{"nickname":"UbuntuCore169","fingerprint":"256F183F252DBBF080F2E70E5CB0F523A6323D0F","or_addresses":["176.158.53.63:44583"],"last_seen":"2017-05-02 18:00:00","last_changed_address_or_port":"2017-05-02 18:00:00","first_seen":"2017-05-02 18:00:00","running":false,"flags":["Running","V2Dir","Valid"],"country":"fr","country_name":"France","region_name":"\u00CEle-de-France","city_name":"Paris","latitude":48.8628,"longitude":2.3292,"as_number":"AS5410","as_name":"Bouygues Telecom SA","consensus_weight":0,"host_name":"static-176-158-53-63.ftth.abo.bbox.fr","exit_policy_summary":{"reject":["1-65535"]},"recommended_version":true,"measured":false}
],
"bridges_published":"2017-05-03 06:57:32",
"bridges":[
]}
```
https://collector.torproject.org/recent/relay-descriptors/server-descriptors/2017-05-02-18-05-00-server-descriptors
```
@type server-descriptor 1.0
router UbuntuCore169 176.158.53.63 44583 0 0
identity-ed25519
-----BEGIN ED25519 CERT-----
AQQABleiAZ2Ce5QY1oSL0F79WeaPhL/zWomAVJG1vwTioPBkpeG7AQAgBABF3iK6
clXuNv2ZbfNSbmrJkKRLKsC41BZAVs1BSWQndRMNDsZJ/s6GmOd5IiU6axR5z2Nn
XTUR0TMGOc5KNJHqKi9Ht+iSIH02OeV1Gm/PNfos7KBKSJJROme1YQQsvwQ=
-----END ED25519 CERT-----
master-key-ed25519 Rd4iunJV7jb9mW3zUm5qyZCkSyrAuNQWQFbNQUlkJ3U
platform Tor 0.3.0.6 on Linux
proto Cons=1-2 Desc=1-2 DirCache=1 HSDir=1-2 HSIntro=3-4 HSRend=1-2 Link=1-4 LinkAuth=1,3 Microdesc=1-2 Relay=1-2
published 2017-05-02 17:25:22
fingerprint 256F 183F 252D BBF0 80F2 E70E 5CB0 F523 A632 3D0F
uptime 12
bandwidth 4194304 6291456 0
extra-info-digest 357F399E5A0FE2EEDEB7B3AD3D9328440EC17582 OgEu6BAQLUeTFjGofg0WTT9CYQsUGH9tiDENt/tiAD0
onion-key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAMYpYIFcAGOcfZBWt+nUPDu1ovbG8uamDBN4A/XTla74p6A3Ozl8/06D
1E/CcX6N2UahjDs+iM9EmND0k1CFgnkkkU7qBhm4aeOwfzSjDGXA52ab9vS0yEpa
aFHORGn88LRqcSvm9zRtChde5Ez0QJpBOuhyh19qIsSwT4EVa6CXAgMBAAE=
-----END RSA PUBLIC KEY-----
signing-key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAL6touSlbyMx2frcjIrLXcUUhN9rydnQhZrREZEdpALondnaEZzu3LE8
AeQI+VUTpZBlYbWR3Wh+wMDrdPzB3B07ATjAV3N07x6CtKk8YHE5RgShLlEr1k9c
DhN1VZi3rEA63pVfGTC1n7jXpAkMgYMW4KSHk40kgueu+3JxNSe1AgMBAAE=
-----END RSA PUBLIC KEY-----
onion-key-crosscert
-----BEGIN CROSSCERT-----
ITr+XCRVFqFE5o/5utRst/j8cZjEj43Ucd6n4Xoo566rVS9VPvUszduvPAZJECVS
QHPmshTsvXFH5+LEzCk0nN3cR5+iZX5zT15+1EoplE97doHQqtSTcA1CJSSFvoRj
1iobnqDn1lHLFyTMBJ4VV38a1NeovFmy4YkodTrtztk=
-----END CROSSCERT-----
ntor-onion-key-crosscert 1
-----BEGIN ED25519 CERT-----
AQoABlV6AUXeIrpyVe42/Zlt81JuasmQpEsqwLjUFkBWzUFJZCd1ALsQt0Q8mBNP
FcAXX6E+2oX2nGto910Sb1CBMPenMopKXaqArOPeqEQQx4+4x/waBLw7niBtEVjb
+WZ5cSha6Aw=
-----END ED25519 CERT-----
hidden-service-dir
ntor-onion-key fhiVUl9Ff0OlXd6zyqnfEA8u86KmewZISILHeU33Diw=
reject *:*
tunnelled-dir-server
router-sig-ed25519 pyHeZ3dimbx4cBOAjlhLbnav2F9FLrmy+CqO+QIv01VI4qK5xihG6s75HLj3s6dpa52xGBE6HNRdx2rCk2r3Bg
router-signature
-----BEGIN SIGNATURE-----
gJGxrxrbBVnO5x34450bKkBBBGZGJrgfYBLL6tfN6BhEYtENy9cWqt556boXsEuW
cN8z+OdNYr+LGJqUJgGWTSb1am26lU9lyHHHzVIhp9I9K4CXYq93POHCSore0M0c
PgAHPTkUN6WJvxachkEXwftzYaOLvJOqP+GFj+QvsVg=
-----END SIGNATURE-----
```metrics-lib 1.9.0https://gitlab.torproject.org/tpo/network-health/metrics/onionoo/-/issues/13088Versioning and Releases2020-06-27T14:24:26ZiwakehVersioning and ReleasesAs with the Onionoo protocol the application itself needs versioning, too.
It might be a good idea to also add versions to the classpath components
defined in `build.xml`? Also as some sort of documentation.
What about releases?
Espec...As with the Onionoo protocol the application itself needs versioning, too.
It might be a good idea to also add versions to the classpath components
defined in `build.xml`? Also as some sort of documentation.
What about releases?
Especially deployers might not be happy about having to bother with
compilation before setting up an Onionoo server.
For development a release of metrics-lib would be useful, too.Onionoo 3.1-1.0.0iwakehiwakehhttps://gitlab.torproject.org/tpo/network-health/metrics/relay-search/-/issues/12692Hide field names of empty fields2020-06-27T14:25:24ZRoger DingledineHide field names of empty fieldshttps://atlas.torproject.org/#details/3CA834833A7D8C7A3473BA21A4588EBCE1281AFC
lists "reject 1-65535" under the ipv4 exit policy summary (fine), but then
```
accept 213.0.0.0/8:8333
accept 213.0.0.0/8:443
accept 213.0.0.0/8:6667
reject *...https://atlas.torproject.org/#details/3CA834833A7D8C7A3473BA21A4588EBCE1281AFC
lists "reject 1-65535" under the ipv4 exit policy summary (fine), but then
```
accept 213.0.0.0/8:8333
accept 213.0.0.0/8:443
accept 213.0.0.0/8:6667
reject *:*
```
under the ipv6 exit policy summary.
Oh wait, that's under the "exit policy", and there's a stray line "ipv6 exit policy summary" with nothing under it?
Maybe it shouldn't list an ipv6 exit policy summary if it isn't planning to list an ipv6 exit policy summary? :)irlirlhttps://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/8365New metrics type for microdescriptors2020-06-27T14:26:18ZDamian JohnsonNew metrics type for microdescriptorsHi Karsten. I just pushed support for microdescriptors to stem...
https://gitweb.torproject.org/stem.git/commitdiff/23d2332b2514fd9194e64cb1859614014087394b
I'm using the metrics type of 'microdescriptor 1.0'. Would you mind adding it ...Hi Karsten. I just pushed support for microdescriptors to stem...
https://gitweb.torproject.org/stem.git/commitdiff/23d2332b2514fd9194e64cb1859614014087394b
I'm using the metrics type of 'microdescriptor 1.0'. Would you mind adding it to 'https://metrics.torproject.org/formats.html#descriptortypes'?
Thanks! -Damian