The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-04-16T06:54:33Zhttps://gitlab.torproject.org/tpo/network-health/metrics/ideas/-/issues/40001Run fake onion servers to study behavior of malicious clients2021-04-16T06:54:33ZsmoutwortelRun fake onion servers to study behavior of malicious clientsRun onion-servers that don't advertise services in any way, so that if some entity that wants to uncover onion-services by trying out many onion-addresses can also accidentally stumble on to them and thus be studied and distracted from r...Run onion-servers that don't advertise services in any way, so that if some entity that wants to uncover onion-services by trying out many onion-addresses can also accidentally stumble on to them and thus be studied and distracted from real onion-services.
This can of course be done by having the decoy servers assume multiple onion-adresses par server, so the chance of catching a malicious client is higher.https://gitlab.torproject.org/tpo/web/manual/-/issues/44Improve security settings writing2020-10-11T06:22:30ZGusImprove security settings writingA translator opened this issue:
"[Security settings](https://tb-manual.torproject.org/security-settings/) disable certain web features that can be used to attack your security and anonymity."
One doesn't attack someone's security and a...A translator opened this issue:
"[Security settings](https://tb-manual.torproject.org/security-settings/) disable certain web features that can be used to attack your security and anonymity."
One doesn't attack someone's security and anonymity, but rather "can be used to compromise your security and anonymity."https://gitlab.torproject.org/tpo/web/dev/-/issues/10Write a guidelines documentation for requirements with Tor integration by thi...2022-03-14T18:50:36ZcypherpunksWrite a guidelines documentation for requirements with Tor integration by third partiesI heard that one of the discussions in the Montreal meeting was "Encouraging Tor integration by third parties" which spawned for me the idea that there must be some guidelines documentation the requirements that should be met for each us...I heard that one of the discussions in the Montreal meeting was "Encouraging Tor integration by third parties" which spawned for me the idea that there must be some guidelines documentation the requirements that should be met for each use case. For example for browsers (where integrating Tor is a goal with Brave in private browsing and it has been suggested by the (ex?)-CEO of Mozilla) among the requirements I can think of,
1. Having the user agent the same as the Tor Browser (Otherwise fingerprinting would be easy).
2. Stream isolation should be enforced, otherwise a single exit can watch all traffic.
3. First party isolation should be enforced.
5. ...etc
Of course there's already the Tor Browser design documentation, but it doesn't address this question directly, and more importantly those folks don't want to make an alternative Tor Browser, rather just a "Tor mode" to their private browsing that can enable true privacy by design.
What do you think of such an idea?
Note that this finds its parallel with little-t-tor in another ticket that I couldn't find about alternative implementations of the tor client.Developer portalhttps://gitlab.torproject.org/tpo/web/donate-static/-/issues/18Donate form doesn't display in IE 112022-03-14T18:50:38ZdonutsDonate form doesn't display in IE 11The donate form isn't displaying in IE 11 (Win7/8) despite JS being enabled.
- Screenshot of console here: [donate-ie11-console](/uploads/2561bbc511159f596ead12df5cc5584c/donate-ie11-console.png)
![donate-ie11-screenshot](/uploads/82a0...The donate form isn't displaying in IE 11 (Win7/8) despite JS being enabled.
- Screenshot of console here: [donate-ie11-console](/uploads/2561bbc511159f596ead12df5cc5584c/donate-ie11-console.png)
![donate-ie11-screenshot](/uploads/82a011e50e94732fcc91c746da7e9a03/donate-ie11-screenshot.png)Redesign donate.torproject.orghttps://gitlab.torproject.org/tpo/web/donate-static/-/issues/16Users in countries without regions can't donate because of validation error2022-12-01T19:47:15ZGusUsers in countries without regions can't donate because of validation errorThere’s an unclear validation error on the http://donate.torproject.org page while trying to make a donation (in my case, from Singapore). Clicking the “Donate” button doesn’t work due to this. Here’s the attached screenshot:
![Eoo4cXrU...There’s an unclear validation error on the http://donate.torproject.org page while trying to make a donation (in my case, from Singapore). Clicking the “Donate” button doesn’t work due to this. Here’s the attached screenshot:
![Eoo4cXrU0AAIX_K](/uploads/9a68d3c7356e470c0092a0e1213d6e87/Eoo4cXrU0AAIX_K.jpeg)
https://twitter.com/rohitsm/status/1335942303769235456Redesign donate.torproject.orghttps://gitlab.torproject.org/tpo/web/manual/-/issues/108Error titles vary from original source in the browser2022-06-30T04:53:23ZemmapeelError titles vary from original source in the browserThe documentation at [onion-services/#onion-services-errors](https://tb-manual.torproject.org/onion-services/#onion-services-errors) has varied the Error messages and titles from the original source, that are the strings at the browser c...The documentation at [onion-services/#onion-services-errors](https://tb-manual.torproject.org/onion-services/#onion-services-errors) has varied the Error messages and titles from the original source, that are the strings at the browser code, and by extension also available for translation on [transifex](https://www.transifex.com/otf/torproject/translate/#es/$/185269561?q=key%3AonionServices.) and that can be seen at
https://gitweb.torproject.org/translation.git/tree/en/torbutton.properties?h=torbutton-torbuttonproperties
(they are the strings with keys starting with onionServices.)
We should make the docs have the same strings as the browser.https://gitlab.torproject.org/tpo/web/tpo/-/issues/122Website feedback - how to support Tor2022-05-11T20:35:45ZGusWebsite feedback - how to support TorA user joined #tor-ux channel and gave this feedback:
"For people who don't want/are not ready to install Tor, but want to help, you must propose a page/section "How to help", were you absolutely need to promote your addon Snowflake and...A user joined #tor-ux channel and gave this feedback:
"For people who don't want/are not ready to install Tor, but want to help, you must propose a page/section "How to help", were you absolutely need to promote your addon Snowflake and maybe other random stuff like "Support us" "Share us" "Talk about us" blablabla. But Snowflake is clearly not mentioned on the website and to me, that's bad for you."https://gitlab.torproject.org/tpo/web/donate-static/-/issues/5Champions of privacy can't pick swag?2022-03-14T18:50:49ZRoger DingledineChampions of privacy can't pick swag?On https://donate.torproject.org/champions-of-privacy/ it says "No Gift Selected" as though I had a chance to select a gift and I chose none. But there aren't any swag choices on that page.
If the plan is that we're deciding champions o...On https://donate.torproject.org/champions-of-privacy/ it says "No Gift Selected" as though I had a chance to select a gift and I chose none. But there aren't any swag choices on that page.
If the plan is that we're deciding champions of privacy are the sort of people who don't want a gift, should we change the text to be something that doesn't imply that we meant to offer them the selection?Redesign donate.torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41541Vaultwarden experiment2024-03-26T20:46:38Zmicahmicah@torproject.orgVaultwarden experimentI have been working in the engineering side of the organization to organize accounts we have with different online services. That work has identified that we have accounts that have been setup by different individuals over time (some who...I have been working in the engineering side of the organization to organize accounts we have with different online services. That work has identified that we have accounts that have been setup by different individuals over time (some who are no longer with us, many who should not even have access any longer), with different personal or outdated organization information configured, and their associated passwords being shared in numerous ways of various levels of security or insecurity (signal, matrix, email, etc.). Accounts such as google play store, apple developer console, dockerhub, domain fronting CDN providers, browser extension stores, AWS, GKE, etc. are strewn about in a fairly haphazard way. The goal of this effort is to bring sanity to these accounts and reduce the overhead involved in regaining access, performing necessary billing work, adjusting organizational details, updating legal agreements, etc. Having a single password vault for accounts that can be organized in ways that different people can have appropriate access would go a long ways towards making things less chaotic.
As we continue to [evaluate passsword management options](https://gitlab.torproject.org/tpo/tpa/team/-/issues/29677), and because there is a need in engineering to solve our messy password situation, I'd like to propose that we try an experiment with a [vaultwarden](https://github.com/dani-garcia/vaultwarden) server (the free software, rust rewrite of Bitwarden). I have been managing a valutwarden server for personal use, and it appears to work well, and functions well in organizations who have different access and client needs. My proposal is that TPA would setup and manage a VM, with the vaultwarden-server container setup, and I would manage the service. I would attempt to use this system to organize these efforts, and this can be simultaneously an opportunity to evaluate the relative merits of this system for potential wider use. We can check in on the effectiveness of this as we go along and change course without difficulty.
Vaultwarden was designed to run on a raspberry pi, and it [appears](https://github.com/dani-garcia/vaultwarden/issues/277#issuecomment-445526374) that hosting up to 100 users works just fine on [such a setup](https://github.com/dani-garcia/vaultwarden/issues/645). Thus the [required specifications](https://github.com/dani-garcia/vaultwarden/wiki/Deployment-examples) for a server are quite minimal. Considering this is a experiment, I would suggest we start off with a minimal configuration and monitor it and adjust on the way.
**Specs requested:**
- Memory: 512MB
- CPU: 1 core
- Storage: 5GB (in addition to what your typical Debian installation with podman would reuqire)
- DNS: vault.torproject.org
- Software:
podman configured to auto-update the docker image `vaultwarden/server:latest` -- this [tracks the latest released tagged version number](https://github.com/dani-garcia/vaultwarden/wiki/Which-container-image-to-use) with an appropriate rw volume/directory mounted on `/data` and port 80 exposed (`-p 80:80`), passing the following environment variables:
```
SIGNUPS_ALLOWED: false
ORG_CREATION_USERS: none
INVITATIONS_ALLOWED: false
INVITATION_ORG_NAME: Tor
DOMAIN: 'https://vault.torproject.org'
ADMIN_TOKEN: <provided out of band>
SMTP_HOST: <tpa provided>
SMTP_FROM: <tpa provided>
SMTP_USERNAME: <tpa provided>
SMTP_PASSWORD: <tpa provided>
SMTP_SECURITY: <tpa provided: starttls for 587, force_tls for 465)
SMTP_AUTH_MECHANISM: <tpa provided: Plain, Login, Xoauth2>
HELO_NAME: vault.torproject.org
```
```
TPA's choice:
USE_SYSLOG: true (depends on TPA logging policy)
LOG_FILE: /path/to/log (if not using syslog, depending on TPA log poligy)
```
- Reverse Proxy: avec TLS certificate, please see [these examples](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples), presumably the normal `nginx` one there is what you would use, but if that isn't the typical tpa webserver, other options are there.
- Backups: please backup the volume that is passed, it contains a sqlite database that is critical.
- Firewall:
ALL IN/OUT: port 443 for reverse proxy
OUT: either port 587 or 465, depending on `SMTP_SECURITY`Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/web/donate-neo/-/issues/21figure out how to deploy this to prod2024-03-26T14:41:14Zanarcatfigure out how to deploy this to prodin 61bdef679ba7dfc733aaae4bec3c73e483ecb041, we allowed staging to be deployed from GitLab CI/CD.
let's think about how we want to deploy to prod too.
/cc @lavamind @stephenin 61bdef679ba7dfc733aaae4bec3c73e483ecb041, we allowed staging to be deployed from GitLab CI/CD.
let's think about how we want to deploy to prod too.
/cc @lavamind @stephenJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/web/donate-static/-/issues/29Build new front-end2023-12-05T22:00:22ZdonutsBuild new front-endThis ticket is to document and discuss the front-end development of the new donate portal. Separate tickets will be created for back-end considerations (e.g. Lektor, CiviCRM and the various payment gateways).
**UX planning**
Includes o...This ticket is to document and discuss the front-end development of the new donate portal. Separate tickets will be created for back-end considerations (e.g. Lektor, CiviCRM and the various payment gateways).
**UX planning**
Includes our principal use cases, simplified user flows and annotated versions of the three primary wireframes documenting the difference between the current and expected behavior of each applicable section/component.
- Ticket: https://gitlab.torproject.org/tpo/web/donate-static/-/issues/24
- [Figma file here](https://www.figma.com/file/GI9LLgwWAnux1CVbbyOebq/Donate-UX-planning?node-id=0%3A1)
**Full wireframes**
Documents 10 different user journeys spanning each donation tab and supporter level in a clickable prototype, and are significantly more granular than the simplified user flow.
- Ticket: https://gitlab.torproject.org/tpo/web/donate-static/-/issues/26
- [Figma file here](https://www.figma.com/file/mtvcBlkHHwTO2QP0y0qyN0/Donate-portal?node-id=72%3A2930)
- [Prototype here](https://www.figma.com/proto/mtvcBlkHHwTO2QP0y0qyN0/Donate-portal?page-id=72%3A2930&node-id=72%3A2931&viewport=-6134%2C-3031%2C0.5050595998764038&scaling=min-zoom)
**High-fidelity mockups**
Includes a list of the screens, states and assets that will be designed – please add any other requirements needed to support front-end development there.
- Ticket: https://gitlab.torproject.org/tpo/web/donate-static/-/issues/27
- [Figma file here](https://www.figma.com/file/mtvcBlkHHwTO2QP0y0qyN0/Donate-portal?node-id=411%3A13557)Redesign donate.torproject.orghttps://gitlab.torproject.org/tpo/web/donate-neo/-/issues/13Build new front-end2024-02-27T15:00:08ZdonutsBuild new front-endThis ticket is to document and discuss the front-end development of the new donate portal. Separate tickets will be created for back-end considerations (e.g. Lektor, CiviCRM and the various payment gateways).
**UX planning**
Includes o...This ticket is to document and discuss the front-end development of the new donate portal. Separate tickets will be created for back-end considerations (e.g. Lektor, CiviCRM and the various payment gateways).
**UX planning**
Includes our principal use cases, simplified user flows and annotated versions of the three primary wireframes documenting the difference between the current and expected behavior of each applicable section/component.
- Ticket: https://gitlab.torproject.org/tpo/web/donate-static/-/issues/24
- [Figma file here](https://www.figma.com/file/GI9LLgwWAnux1CVbbyOebq/Donate-UX-planning?node-id=0%3A1)
**Full wireframes**
Documents 10 different user journeys spanning each donation tab and supporter level in a clickable prototype, and are significantly more granular than the simplified user flow.
- Ticket: https://gitlab.torproject.org/tpo/web/donate-static/-/issues/26
- [Figma file here](https://www.figma.com/file/mtvcBlkHHwTO2QP0y0qyN0/Donate-portal?node-id=72%3A2930)
- [Prototype here](https://www.figma.com/proto/mtvcBlkHHwTO2QP0y0qyN0/Donate-portal?page-id=72%3A2930&node-id=72%3A2931&viewport=-6134%2C-3031%2C0.5050595998764038&scaling=min-zoom)
**High-fidelity mockups**
Includes a list of the screens, states and assets that will be designed – please add any other requirements needed to support front-end development there.
- Ticket: https://gitlab.torproject.org/tpo/web/donate-static/-/issues/27
- [Figma file here](https://www.figma.com/file/mtvcBlkHHwTO2QP0y0qyN0/Donate-portal?node-id=411%3A13557)Redesign donate.torproject.orgstephenstephenhttps://gitlab.torproject.org/tpo/web/dev/-/issues/9Make more accessible Core Tor documentation2022-03-14T18:50:57ZjugaMake more accessible Core Tor documentationThere's Core Tor documentation distributed in three (at least) sources. Even if it's documentation intended for developers, it'd be great that it would be more accessible by providing the HTML version online and using some torproject.org...There's Core Tor documentation distributed in three (at least) sources. Even if it's documentation intended for developers, it'd be great that it would be more accessible by providing the HTML version online and using some torproject.org subdomain or path or links.
The sources are:
- The HTML that can be generated from little-t tor code (with doxygen): https://people.torproject.org/~nickm/tor-auto/doxygen/
- Nickm's torgut repository: https://gitweb.torproject.org/user/nickm/torguts.git/tree/. Files are in markdown, the can be converted to HTML.
- The documentation included in little-t tor code: https://gitweb.torproject.org/tor.git/tree/doc/HACKING (also markdown).
I can provide scripts to generate/convert the documentation automatically.
We would need to decide where to put it, maybe get subdomain and get access to the server where it would live.Developer portalhttps://gitlab.torproject.org/tpo/web/dev/-/issues/11Write a "Tor Integration Guide"2022-03-14T18:50:55ZArthur EdelsteinWrite a "Tor Integration Guide"The website should have a page specifically explaining how to integrate Tor into your third-party app or product. Suggested in [the Montreal meeting](https://trac.torproject.org/projects/tor/wiki/org/meetings/2017Montreal/Notes/Encouragi...The website should have a page specifically explaining how to integrate Tor into your third-party app or product. Suggested in [the Montreal meeting](https://trac.torproject.org/projects/tor/wiki/org/meetings/2017Montreal/Notes/EncouragingThirdPartyIntegrationAndOnionServicesEverywhere).Developer portalhttps://gitlab.torproject.org/tpo/web/community/-/issues/245Work on community.torproject.org usabilty issues based on user feedback2022-06-23T00:58:42ZGabagaba@torproject.orgWork on community.torproject.org usabilty issues based on user feedbackBased on feedback from Sponsor 9's trainings, this ticket will link to usability issues from the community portal.Based on feedback from Sponsor 9's trainings, this ticket will link to usability issues from the community portal.Sponsor 9 - Phase 5 - Usability and Community Intervention on Support for Democracy and Human Rightshttps://gitlab.torproject.org/tpo/web/donate-static/-/issues/31Localize new donate templates2023-12-05T21:58:52ZdonutsLocalize new donate templates- [ ] [Make sure the strings are ready for l10n](https://gitlab.torproject.org/tpo/web/donate-static/-/issues/34)
- [x] Configure l10n in Lektor
- [x] Hook translations to repository
- [ ] Call for translations
- [ ] l10n QA- [ ] [Make sure the strings are ready for l10n](https://gitlab.torproject.org/tpo/web/donate-static/-/issues/34)
- [x] Configure l10n in Lektor
- [x] Hook translations to repository
- [ ] Call for translations
- [ ] l10n QARedesign donate.torproject.orghttps://gitlab.torproject.org/tpo/web/donate-neo/-/issues/11Localize new donate templates2024-02-06T07:27:54ZdonutsLocalize new donate templates- [ ] [Make sure the strings are ready for l10n](https://gitlab.torproject.org/tpo/web/donate-static/-/issues/34)
- [x] Configure l10n in Lektor
- [x] Hook translations to repository
- [ ] Call for translations
- [ ] l10n QA- [ ] [Make sure the strings are ready for l10n](https://gitlab.torproject.org/tpo/web/donate-static/-/issues/34)
- [x] Configure l10n in Lektor
- [x] Hook translations to repository
- [ ] Call for translations
- [ ] l10n QARedesign donate.torproject.orghttps://gitlab.torproject.org/tpo/web/dev/-/issues/4Create Tordnsel documentation page2023-11-02T21:52:17ZGusCreate Tordnsel documentation pageWe need to migrate and update this doc:
http://qrmfuxwgyzk5jdjz.onion/projects/tordnsel.html.en
The last changes you can find here:
https://lists.torproject.org/pipermail/tor-project/2020-March/002759.htmlWe need to migrate and update this doc:
http://qrmfuxwgyzk5jdjz.onion/projects/tordnsel.html.en
The last changes you can find here:
https://lists.torproject.org/pipermail/tor-project/2020-March/002759.htmlDeveloper portalhttps://gitlab.torproject.org/tpo/web/dev/-/issues/3Move Community projects2022-03-14T18:51:07ZGusMove Community projectsWe should have a section of projects run by our community:
https://2019.www.torproject.org/projects/community.html.enWe should have a section of projects run by our community:
https://2019.www.torproject.org/projects/community.html.enDeveloper portalhttps://gitlab.torproject.org/tpo/web/dev/-/issues/2Move projects to new dev.tpo2022-03-14T18:51:06ZGusMove projects to new dev.tpoWe have a list of projects that use Tor, we should have this somewhere in the dev.tpo:
https://2019.www.torproject.org/projects/projects.html.enWe have a list of projects that use Tor, we should have this somewhere in the dev.tpo:
https://2019.www.torproject.org/projects/projects.html.enDeveloper portal