The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-03-19T08:50:35Zhttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/183Import bridges.torproject.org web design2024-03-19T08:50:35Zmeskiomeskio@torproject.orgImport bridges.torproject.org web designBring the bridges.torproject.org web design into rdsys.Bring the bridges.torproject.org web design into rdsys.shelikhooshelikhoo2024-03-08https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/177export bridge ratio and acceptance in the collector metrics2024-03-19T08:48:07Zmeskiomeskio@torproject.orgexport bridge ratio and acceptance in the collector metricsLet's add a field with the bridge ratio status into the collector metrics.Let's add a field with the bridge ratio status into the collector metrics.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/applications/rbm/-/issues/40075Create destination directory when creating input_files with `content`2024-03-19T01:29:16ZboklmCreate destination directory when creating input_files with `content`If `input_files` contains an entry like:
```
- filename: 'somedirectory/name'
content: 'INCLUDE template'
refresh_input: 1
```
rbm will fail if `somedirectory` does not exist yet. Instead it should
create the directory.If `input_files` contains an entry like:
```
- filename: 'somedirectory/name'
content: 'INCLUDE template'
refresh_input: 1
```
rbm will fail if `somedirectory` does not exist yet. Instead it should
create the directory.boklmboklmhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40566Abnormally slow requests on static mirror hosts2024-03-19T00:40:09ZJérôme Charaouilavamind@torproject.orgAbnormally slow requests on static mirror hostsThis morning Nagios was unhappy with some of the static mirror hosts, with several errors like this:
```
tor-nagios: [web-chi-03] network service - https is CRITICAL: CRITICAL - Socket timeout after 10 seconds
tor-nagios: [global] mirro...This morning Nagios was unhappy with some of the static mirror hosts, with several errors like this:
```
tor-nagios: [web-chi-03] network service - https is CRITICAL: CRITICAL - Socket timeout after 10 seconds
tor-nagios: [global] mirror sync - www is CRITICAL: CRITICAL: 38.229.82.25 broken: 500 Cant connect to www.torproject.org:443
```
Looking at Grafana, since about one week ago we are seeing increased loads on our web mirrors, which Apache connection slots getting abnormally filled up:
![Capture_d_écran_de_2021-12-20_12-29-57](/uploads/3ae395cb32e2874722367ab34e28c5c7/Capture_d_écran_de_2021-12-20_12-29-57.png)
Currently Nagios only barks if the web hosts don't respond to HTTPS connections within 10 seconds, which is fine to the purposes of determining whether the service is *alive* at all, but for static sites even on a busy webserver response times of 1 second or more shouldn't be considered acceptable.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41549BTCPayServer is Down2024-03-18T23:29:44ZSusanBTCPayServer is DownI am unable to connect to the btcpay.torproject.org. It says the site cannot be reached. I believe this means that donors cannot use it to donate either.I am unable to connect to the btcpay.torproject.org. It says the site cannot be reached. I believe this means that donors cannot use it to donate either.anarcatanarcathttps://gitlab.torproject.org/tpo/community/team/-/issues/87Integrate into upcoming training plans with the community: We will add these ...2024-03-18T18:19:07ZGabagaba@torproject.orgIntegrate into upcoming training plans with the community: We will add these materials into our lesson plans so that they continue to be distributed over time.rayaraya2023-10-31https://gitlab.torproject.org/tpo/web/community/-/issues/343[Relays] Add unredacted.org to relay associations page2024-03-18T17:45:55ZGus[Relays] Add unredacted.org to relay associations page- Country: US
- Name: Unredacted.org.
- Donate: https://unredacted.org/donate/
https://community.torproject.org/relay/community-resources/relay-associations/- Country: US
- Name: Unredacted.org.
- Donate: https://unredacted.org/donate/
https://community.torproject.org/relay/community-resources/relay-associations/GusGushttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40346Start disabled2024-03-18T17:30:14ZcypherpunksStart disabledRegardless of any other settings, I would suggest Snowflake never begin operating automatically upon installation, instead requiring the first use on any given device to be initiated manually.
I briefly had Snowflake installed on a pers...Regardless of any other settings, I would suggest Snowflake never begin operating automatically upon installation, instead requiring the first use on any given device to be initiated manually.
I briefly had Snowflake installed on a personal device, where it was disabled while I looked into the possibility of using a DNS sinkhole to prevent the use of my connection for undesirable purposes. I had preemptively turned services.sync.addons.ignoreUserEnabledChanges on so that, once I was comfortable, enabling Snowflake on my personal device I would not inadvertently enable it on my work computer. I unexpectedly needed to have the work machine reset and did not disable this flag, so Snowflake was installed and enabled when I synchronised my settings. I responded quickly and uninstalled the extension entirely, but it appears to have been active for long enough to have routed a connection to the website of a violent extremist group that was identified and flagged by our IT systems. This incident has caused me to seriously reconsider the risk using Snowflake creates, not just to myself but also by inadvertently enabling uses like the connection in question despite my efforts to prevent doing so, and as a result I am highly unlikely to reinstall it.
That this situation involved a mistake on my part does not justify it as a possibility. It cannot be expected that no user will ever make such a mistake - even advanced users cannot be expected to never forget things - and if such a simple and potentially-unavoidable mistake can cause automatic operation to put the user at risk like this then safeguards should be put in place both to protect them and to avoid deterring them entirely.https://gitlab.torproject.org/tpo/network-health/team/-/issues/351New round of contacting operators for DNS issues and badexiting problematic r...2024-03-18T17:22:03ZGeorg KoppenNew round of contacting operators for DNS issues and badexiting problematic relays (2024-03-11)We got a new report about two relays:
```
Relay 3EC0EAB430E9885BDF937B4EAC578DD4A2E74075 failed DNS check 5/5 times
Relay A53C46F5B157DD83366D45A8E99A244934A14C46 failed DNS check 1/1 times
```
Only the first remains. I've reached out to...We got a new report about two relays:
```
Relay 3EC0EAB430E9885BDF937B4EAC578DD4A2E74075 failed DNS check 5/5 times
Relay A53C46F5B157DD83366D45A8E99A244934A14C46 failed DNS check 1/1 times
```
Only the first remains. I've reached out to the operator. Details of that relay are:
```
[+] 3EC0EAB430E9885BDF937B4EAC578DD4A2E74075
> Addr: 167.71.6.109 - Contact: '[selling-pack-hml-jkjk] [@] [protonmail.ch] //\\// Questions / Security Issues / Bugs / Please Contact Me' - Nickname: 'mrrogerprivacy001' - Version: 0.4.8.10
> Flags: ['Exit', 'Fast', 'Running', 'V2Dir', 'Valid']
> OR Port: 443, Dir Port: 0
> Bandwidth: 9.613838 MB/s
> Uptime: 3 days, 6:24:14
https://metrics.torproject.org/rs.html#details/3EC0EAB430E9885BDF937B4EAC578DD4A2E74075
```Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42440Letterboxing manual entry (about:manual#letterboxing)2024-03-18T16:26:27Zma1Letterboxing manual entry (about:manual#letterboxing)We're implementing a `Learn more` link in the new user-facing letteboxing preferences (#41916) and we need some content to be referenced by about:manual#letterboxing :)
@donuts' [comment](https://gitlab.torproject.org/tpo/applications/...We're implementing a `Learn more` link in the new user-facing letteboxing preferences (#41916) and we need some content to be referenced by about:manual#letterboxing :)
@donuts' [comment](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32324#note_2876483):
> It's on support-dot, but possibly not the manual?
> https://support.torproject.org/tbb/maximized-torbrowser-window/donutsdonutshttps://gitlab.torproject.org/tpo/network-health/sbws/-/issues/40195Figure out why server descriptor observed bandwidth is not seen for at least ...2024-03-18T14:59:16ZjugaFigure out why server descriptor observed bandwidth is not seen for at least 4 days by some bwauthsOne reason could be that at the moment of the measurement, sbws can't see it.
Other could be that when the measurement fails, the original data structures doesn't store that moment observed bandwidth. I think i created an issue for this ...One reason could be that at the moment of the measurement, sbws can't see it.
Other could be that when the measurement fails, the original data structures doesn't store that moment observed bandwidth. I think i created an issue for this last one that at that moment didn't look important and it doesn't happen in onbasca. Maybe it's one of these: https://gitlab.torproject.org/tpo/network-health/sbws/-/issues/?sort=updated_desc&state=closed&search=observed&first_page_size=100
Maybe https://gitlab.torproject.org/tpo/network-health/sbws/-/issues/40190 could be happening due this too (observed getting higher and sbws taking days to realize)jugajugahttps://gitlab.torproject.org/tpo/community/outreach/-/issues/40038Organize Tor presence @ Global Gathering2024-03-18T13:19:20ZGusOrganize Tor presence @ Global GatheringTor Team will attend the Global Gathering in Portugal. I'm creating this ticket so we can organize all the logistics for the event.
https://www.digitalrights.community/blog/tag/global+gatheringTor Team will attend the Global Gathering in Portugal. I'm creating this ticket so we can organize all the logistics for the event.
https://www.digitalrights.community/blog/tag/global+gatheringIsabela FernandesIsabela Fernandes2023-08-20https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek/-/issues/40004Missing some commits after gitlab migration2024-03-18T07:54:47ZCecylia BocovichMissing some commits after gitlab migrationI was debugging a meek server setup and noticed that the meek repository I had checked out from before the gitlab migration has a git history inconsistent with the repository on Gitlab.
On my machine:
```
commit 46e612d2e9afd6e5dfa54c47...I was debugging a meek server setup and noticed that the meek repository I had checked out from before the gitlab migration has a git history inconsistent with the repository on Gitlab.
On my machine:
```
commit 46e612d2e9afd6e5dfa54c473ed17aeab49001af (HEAD -> main)
Author: David Fifield <david@bamsoftware.com>
Date: Wed Dec 29 22:06:41 2021 -0700
Fix the locking around rt.rt.
sync.Once does not prevent other goroutines from accessing a variable
that has not been defined yet.
commit 88fd7233036450e0d3278f3afe0a9995974ae120
Author: David Fifield <david@bamsoftware.com>
Date: Wed Dec 29 21:35:06 2021 -0700
Only lock the assignment to rt.rt, not the whole RoundTrip.
We need to guard against concurrent modification of rt.rt, but once it
is set, we many concurrently call rt.rt.RoundTrip. The way this was
written before, it was preventing more than one RoundTrip from happening
at once. (Which was not noticeable, because the protocol serialized all
RoundTrips.)
commit 6600c52acb7979b08dd0916a7a779dd0e5dde0b0
Author: David Fifield <david@bamsoftware.com>
Date: Tue Sep 14 13:22:10 2021 -0600
Add missing transport to ServerTransportListenAddr in meek-server man page.
```
On Gitlab:
```
commit e195aff85633786ee4b8f175cb7a2ec8ee12952b (HEAD -> main, origin/main, origin/HEAD)
Author: meskio <meskio@torproject.org>
Date: Tue Apr 18 19:04:02 2023 +0200
Add CI
commit 048441a54233c0e64bd3f9821b2cc9f8a36f5aea
Author: meskio <meskio@torproject.org>
Date: Tue Apr 18 18:52:29 2023 +0200
Move the project to gitlab
commit cb192ff42a3662b6cbbfc901114c499366c7b8a0
Author: meskio <meskio@torproject.org>
Date: Tue Apr 18 17:49:11 2023 +0200
Use goptlib from gitlab
Related: tpo/anti-censorship/team/-/issues/86
commit 6600c52acb7979b08dd0916a7a779dd0e5dde0b0
Author: David Fifield <david@bamsoftware.com>
Date: Tue Sep 14 13:22:10 2021 -0600
Add missing transport to ServerTransportListenAddr in meek-server man page.
```
Did something happen with the migration that resulted in some commits getting dropped?https://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/issues/81Onion Launchpad issue triage - 2024.Q12024-03-15T17:19:30ZSilvio RhattoOnion Launchpad issue triage - 2024.Q1# Tasks
* [x] Do an Onion Launchpad issue triage:
* [x] Close what does not make sense anymore.
* [x] Assign to the [2024.Q1 milestone][] what can be solved quickly.
* [x] Handle exceptions.
* [x] ~Icebox everything else.
[2024...# Tasks
* [x] Do an Onion Launchpad issue triage:
* [x] Close what does not make sense anymore.
* [x] Assign to the [2024.Q1 milestone][] what can be solved quickly.
* [x] Handle exceptions.
* [x] ~Icebox everything else.
[2024.Q1 milestone]: https://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/milestones/1
# Time estimation
* Complexity: very small (0.5 day)
* Uncertainty: low (x1.1)
* [Reference](https://jacobian.org/2021/may/25/my-estimation-technique/) (adapted)Onion Launchpad - 2024.Q2Silvio RhattoSilvio Rhatto2024-03-14https://gitlab.torproject.org/tpo/onion-services/onion-launchpad/-/issues/73Proposal - Move this project to the /tpo/web group2024-03-15T16:57:46ZGusProposal - Move this project to the /tpo/web groupAs this project is using Lektor, I believe it should move to /tpo/web/ group. Is there any specific reason for this project to live here on the "Onion Services" group?As this project is using Lektor, I believe it should move to /tpo/web/ group. Is there any specific reason for this project to live here on the "Onion Services" group?https://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/170Onion Services initial content structure for the development portal2024-03-15T16:34:34ZSilvio RhattoOnion Services initial content structure for the development portalGive feedback on the proposed structure for Onion Services at the [upcoming development portal](tpo/web/dev#6).Give feedback on the proposed structure for Onion Services at the [upcoming development portal](tpo/web/dev#6).Developer portalSilvio RhattoSilvio Rhatto2022-12-06https://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/202Get domains for some Onion Service projects2024-03-15T16:32:57ZSilvio RhattoGet domains for some Onion Service projects# Goals
* Get shorter URLs for some Onion Service related projects, pointing to their GitLab Pages.
# Why
* The current URLs are hard to remember and take a lot to type.
# Approaches
## Per-project domains
This approach consists in...# Goals
* Get shorter URLs for some Onion Service related projects, pointing to their GitLab Pages.
# Why
* The current URLs are hard to remember and take a lot to type.
# Approaches
## Per-project domains
This approach consists in having one domain per project:
* [ ] `onionplan.torproject.org` (for [The Onion Plan](https://tpo.pages.torproject.net/onion-services/onionplan/)).
* [ ] `onionbalance.torproject.org` (for [Onionbalance](https://tpo.pages.torproject.net/onion-services/onionbalance/)).
* [ ] `onionprobe.torproject.org` (for [Onionprobe](https://tpo.pages.torproject.net/onion-services/onionprobe/)).
* [ ] `oniongroove.torproject.org` (for [Oniongroove](https://tpo.pages.torproject.net/onion-services/oniongroove/)).
* [ ] `onion-launchpad.torproject.org` (for [Onion Launchpad](https://tpo.pages.torproject.net/onion-services/onion-launchpad/)).
* [ ] `onionspray.torproject.org` (for [Onionspray](https://gitlab.torproject.org/tpo/onion-services/onionspray)) (see [this issue about rebranding the EOTK fork](tpo/onion-services/eotk#13)).
* [ ] `onionmine.torproject.org` (for [Onionmine](https://gitlab.torproject.org/tpo/onion-services/onionmine), check tpo/onion-services/onionmine#26).
Pros:
* Tend to produce shorter URLs.
Cons:
* Involves more work to setup.
## Single Onion Service documentation site
This approach consists in having a single `onionservices.torproject.org` domain, and allocating a subpath for each project:
* [ ] `onionservices.torproject.org/onionplan` (for [The Onion Plan](https://tpo.pages.torproject.net/onion-services/onionplan/)).
* [ ] `onionservices.torproject.org/onionbalance` (for [Onionbalance](https://tpo.pages.torproject.net/onion-services/onionbalance/), check tpo/onion-services/onionbalance#28).
* [ ] `onionservices.torproject.org/onionprobe` (for [Onionprobe](https://tpo.pages.torproject.net/onion-services/onionprobe/)).
* [ ] `onionservices.torproject.org/oniongroove` (for [Oniongroove](https://tpo.pages.torproject.net/onion-services/oniongroove/)).
* [ ] `onionservices.torproject.org/onion-launchpad` (for [Onion Launchpad](https://tpo.pages.torproject.net/onion-services/onion-launchpad/)).
* [ ] `onionservices.torproject.org/onionspray` (for [Onionspray](https://gitlab.torproject.org/tpo/onion-services/onionspray)) (see [this issue about rebranding the EOTK fork](tpo/onion-services/eotk#13)).
* [ ] `onionservices.torproject.org/onionmine` (for [Onionmine](https://gitlab.torproject.org/tpo/onion-services/onionmine), check tpo/onion-services/onionmine#26).
Pros:
* Can be easier for a sysadmin point of view.
* It's self-explanatory.
* May have integrated search across all these projects by leveraging these configurations:
* [mkdocs-multirepo-plugin · PyPI](https://pypi.org/project/mkdocs-multirepo-plugin/)
* [Built-in projects plugin - Material for MkDocs](https://squidfunk.github.io/mkdocs-material/plugins/projects/)
* Could be release as part of the [Onion Services 20th Years Anniversary (2024 edition)](https://gitlab.torproject.org/tpo/onion-services/onionplan/-/issues/14#note_2933136).
Cons:
* May conflict/duplicate efforts with the upcoming [Tor Developer Portal](https://gitlab.torproject.org/groups/tpo/-/milestones/23).
* Requires an additional home page.
## Deployment options
1. Have a static hosting endpoint with changes pushed by GitLab CI jobs, possibly the [static shim][] deploying to the [static component].
2. A reverse proxy setup.
3. Or it may happen that only a redirect/alias is supported (like was done at tpo/tpa/team#40294).
## Bonus
* [ ] Onion Services endpoint and Onion-Location for each site. The Onion Service itself could be one for the entire GitLab pages (and that would also help with tpo/onion-services/onion-launchpad#32, related to tpo/tpa/team#40379).
[static shim]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/static-shim
[static component]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/static-componentSilvio RhattoSilvio Rhatto2024-02-29https://gitlab.torproject.org/tpo/core/tor/-/issues/40922High INTRO1 failure rate with TestingTorNetwork2024-03-14T17:41:55ZJim NewsomeHigh INTRO1 failure rate with TestingTorNetworkIn shadow simulations with TestingTorNetwork set, hidden service clients get a lot of errors like:
```
Jan 01 00:06:02.017 [info] handle_introduce_ack_bad(): Received INTRODUCE_ACK nack by $8A269A69067A353059B3C24C0316A3DCA8B3CE19~ [VJt...In shadow simulations with TestingTorNetwork set, hidden service clients get a lot of errors like:
```
Jan 01 00:06:02.017 [info] handle_introduce_ack_bad(): Received INTRODUCE_ACK nack by $8A269A69067A353059B3C24C0316A3DCA8B3CE19~ [VJtO38jK4XYxnRFX7LOhHTf+kJaGynhhbeeJ21rk30A] at 202.61.225.95. Reason: 1
```
In the intro point logs, we can see the corresponding log entries such as:
```
5294:Jan 01 00:05:21.858 [info] handle_introduce1(): No intro circuit found for INTRODUCE1 cell with auth key df0+MAxHZZTPzG4LFC+Pdu1r3mPSRMl6d5GGttl1wmQ from circuit 1033772687. Responding with NACK.
```
It looks like one of the effects of TestingTorNetwork is to set the min and max intro point lifetime to 10s and 30s. Removing those overrides seems to make the problem go away. https://gitlab.torproject.org/tpo/core/tor/-/blob/main/src/feature/hs/hs_service.c?ref_type=heads#L431
So, one solution is to remove those overrides permanently (or increase them, or make them separate Testing* config params).
It might be worth checking though whether the client behavior ought to be improved; @arma thinks these aggressive parameters combined with a relatively small network might be causing a particularly bad situation for the client's failure cache. Might be worth understanding what's going on there and improving it, even if the issue is less likely in production and with less aggressive intro point rollover.Jim NewsomeJim Newsomehttps://gitlab.torproject.org/tpo/ux/research/-/issues/132Create testing plan for diary study2024-03-14T17:05:38ZsajolidaCreate testing plan for diary studyWe would like our partners to facilitate a diary study to discover what pain points or barriers to adoption users face in their first few weeks of using Tor Browser.
### Tasks
- [x] Brainstorm on how this diary study could go
- [ ] Cla...We would like our partners to facilitate a diary study to discover what pain points or barriers to adoption users face in their first few weeks of using Tor Browser.
### Tasks
- [x] Brainstorm on how this diary study could go
- [ ] Clarify what incentive we can provide to participants, if any
- [ ] Clarify whether people are going to report in EnglishSponsor 9 - Phase 7 - Usability and Community Intervention on Support for Democracy and Human Rightshttps://gitlab.torproject.org/tpo/ux/research/-/issues/105Test the download page redesign with the help of regional partners2024-03-14T17:05:33ZNahTest the download page redesign with the help of regional partnersAs part of Sponsor 9, we are going to research user's needs and pain points when trying to download Tor Browser.
* [x] Create Research Plan
* [x] Onboard Partners
* [x] Collect Feedback
* [x] Publish ReportAs part of Sponsor 9, we are going to research user's needs and pain points when trying to download Tor Browser.
* [x] Create Research Plan
* [x] Onboard Partners
* [x] Collect Feedback
* [x] Publish ReportSponsor 9 - Phase 6 - Usability and Community Intervention on Support for Democracy and Human RightsNahNah