Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T17:43:05Zhttps://gitlab.torproject.org/legacy/trac/-/issues/12895add @riseup.net to Bridge Relay Help2020-06-13T17:43:05ZMark Smithadd @riseup.net to Bridge Relay HelpWe need to mention @riseup.net on Tor Launcher's Bridge Relay Help screen. In #11139, Mike said:
I think this is a good idea, but if we're going to change the Tor Launcher strings, we should try to future proof it, especially if stuff ...We need to mention @riseup.net on Tor Launcher's Bridge Relay Help screen. In #11139, Mike said:
I think this is a good idea, but if we're going to change the Tor Launcher strings, we should try to future proof it, especially if stuff like #11140 is on the table (though I would prefer limiting the yahoo bridge pool instead of completely removing it), or we want to add new providers later.
Here's the two entities I think we should use instead of the current single entity:
```
<!ENTITY torsettings.bridgeHelp3.emailDesc "Send email to bridges@torproject.org with the line 'get bridges' by itself in the body of the message.  However, to make it harder for an attacker to learn a lot of bridge addresses, you must send this request from one of the following email address providers (listed in order of preference):">
<!ENTITY torsettings.bridgeHelp3.emailList "https://www.riseup.net, https://mail.google.com, or https://mail.yahoo.com">
```
This will produce:
```
Send email to bridges@torproject.org with the line 'get bridges' by itself
in the body of the message. However, to make it harder for an attacker to
learn a lot of bridge addresses, you must send this request from one of
the following email address providers (listed in order of preference):
https://mail.riseup.net, https://mail.google.com, or https://mail.yahoo.com
```
How is that? Can we make the differing expense of crawling these three any more clear with different (yet concise) text?Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/12753Building pre 4.0-alpha results in non-deterministic Windows builds2020-06-15T23:19:28ZGeorg KoppenBuilding pre 4.0-alpha results in non-deterministic Windows buildsBuilding 4.0-alpha bundles using a6ec17d500fadaa6ce9259ac5a7bd8150504e2a4 results in different timestamps and checksums in the PE header of libeay32.dll. The diff between https://people.torproject.org/~mikeperry/builds/4.0-alpha-1/torbro...Building 4.0-alpha bundles using a6ec17d500fadaa6ce9259ac5a7bd8150504e2a4 results in different timestamps and checksums in the PE header of libeay32.dll. The diff between https://people.torproject.org/~mikeperry/builds/4.0-alpha-1/torbrowser-install-4.0-alpha-1_de.exe and mine is:
```
0000050: 6973 2070 726f 6772 616d 2063 616e 6e6f is program canno
0000060: 7420 6265 2072 756e 2069 6e20 444f 5320 t be run in DOS
0000070: 6d6f 6465 2e0d 0d0a 2400 0000 0000 0000 mode....$.......
-0000080: 5045 0000 4c01 0a00 0000 0000 0000 0000 PE..L...........
+0000080: 5045 0000 4c01 0a00 6163 6b00 0000 0000 PE..L...ack.....
0000090: 0000 0000 e000 0e23 0b01 0218 0078 1300 .......#.....x..
00000a0: 00e4 1900 0032 0000 2014 0000 0010 0000 .....2.. .......
00000b0: 0090 1300 0000 0063 0010 0000 0002 0000 .......c........
00000c0: 0400 0000 0100 0000 0400 0000 0000 0000 ................
-00000d0: 0090 1a00 0004 0000 e762 1a00 0300 0000 .........b......
+00000d0: 0090 1a00 0004 0000 b3c6 1a00 0300 0000 ................
00000e0: 0000 2000 0010 0000 0000 1000 0010 0000 .. .............
00000f0: 0000 0000 1000 0000 00e0 1700 20a9 0100 ............ ...
0000100: 0090 1900 7010 0000 00d0 1900 3804 0000 ....p.......8...
```
This might be related to the fix for #12391.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/11200cached consensus inteferes with DisableNetwork=12020-06-13T14:34:46ZMark Smithcached consensus inteferes with DisableNetwork=1When testing with a TBB 3.6b1 build on Mac OS 10.8.5, I noticed that sometimes tor tries to open a network connection even though it was started with DisableNetwork=1 (and bootstrapping proceeds but fails with a NOROUTE error).
I can al...When testing with a TBB 3.6b1 build on Mac OS 10.8.5, I noticed that sometimes tor tries to open a network connection even though it was started with DisableNetwork=1 (and bootstrapping proceeds but fails with a NOROUTE error).
I can also reproduce this problem with TBB 3.5.2.1 (although the error message that is displayed by Tor Launcher is less detailed).
Here is a log snippet from TBB 3.6b1 (tor 0.2.4.21):
```
... [notice] Bootstrapped 5%: Connecting to directory server.
... [warn] connection_connect(): Bug: Tried to open a socket with DisableNetwork set.
... [warn] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Network is unreachable; NOROUTE; count 1; recommendation warn)
... [notice] We now have enough directory information to build circuits.
... [notice] Bootstrapped 80%: Connecting to the Tor network.
... [notice] New control connection opened.
... [warn] Problem bootstrapping. Stuck at 80%: Connecting to the Tor network. (Network is unreachable; NOROUTE; count 2; recommendation warn)
... [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
```
This occurs when there is a cached-microdesc-consensus file (so not the first time I start the Tor Browser).
Here are some steps to reproduce:
1) Grab a build from here:
https://people.torproject.org/~mikeperry/builds/3.6-beta-1/
2) Start Tor Browser and click "Connect" when the wizard opens. Let it connect.
3) Exit the browser and delete the file Data/Browser/profile.default/prefs.js.
4) Start Tor Browser a second time. You will see an error "Connecting to the Tor network failed (no route to host)."Tor: 0.2.5.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/12777Decide how to handle multiple meek backends in Tor Launcher2020-06-13T18:32:05ZDavid Fifielddcf@torproject.orgDecide how to handle multiple meek backends in Tor LauncherI made a [3.6.3-meek-2](https://gitweb.torproject.org/user/dcf/tor-browser-bundle.git/shortlog/refs/tags/tbb-3.6.3-meek-2) release that has a meek capable of using both [[doc/meek#GoogleAppEngine|Google App Engine]] and [[doc/meek#Amazon...I made a [3.6.3-meek-2](https://gitweb.torproject.org/user/dcf/tor-browser-bundle.git/shortlog/refs/tags/tbb-3.6.3-meek-2) release that has a meek capable of using both [[doc/meek#GoogleAppEngine|Google App Engine]] and [[doc/meek#AmazonCloudFront|Amazon CloudFront]] as backends.
* https://people.torproject.org/~dcf/pt-bundle/3.6.3-meek-2/
The idea behind having two (or more) is that one may work where another does not. The question is, how to usefully present the option? How is the user supposed to choose between them?David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/4234Deploy experimental builds using the Firefox update process2020-06-16T01:13:10ZMike PerryDeploy experimental builds using the Firefox update processSure, it's probably not hardened against version downgrade attacks, interruption attacks, no-progress attacks, and maybe not even against CA compromises.
But it's gotta be better than nothing, and maybe it is easily serviceable into so...Sure, it's probably not hardened against version downgrade attacks, interruption attacks, no-progress attacks, and maybe not even against CA compromises.
But it's gotta be better than nothing, and maybe it is easily serviceable into something that will work for us.
Users are having a hard time manually working with our TBB packages if they want to preserve bookmarks, settings, and history, and are getting themselves into trouble by copying pieces of them over each other incorrectly while trying to manually upgrade:
https://lists.torproject.org/pipermail/tor-talk/2011-October/021771.html
I think any form of process that automates this for them is a step above status quo. It's just a matter of finding out if it is significantly less time+effort to deploy than Thandy, and what the security tradeoffs are.TorBrowserBundle 2.3.x-stableMark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/12766Disable TLSv1.1 and TLSv1.2 in the Firefox helper2020-06-13T18:32:03ZDavid Fifielddcf@torproject.orgDisable TLSv1.1 and TLSv1.2 in the Firefox helperWith #11253, Tor Browser's Firefox config has TLSv1.1 and TLSv1.2 turned on. If meek-http-helper (browser TLS camouflage) sends Firefox 24 ciphersuites but uses TLSv1.1 or TLSv1.2, then it will look weird, because as I understand it, mai...With #11253, Tor Browser's Firefox config has TLSv1.1 and TLSv1.2 turned on. If meek-http-helper (browser TLS camouflage) sends Firefox 24 ciphersuites but uses TLSv1.1 or TLSv1.2, then it will look weird, because as I understand it, mainline Firefox 24 has TLSv1.1 and TLSv1.2 disabled. ([[doc/meek#Sampleclienthellos]] corroborates that ordinary Firefox 24 uses TLSv1.0 when connecting to Google.)
We also need to remember to turn TLSv1.1 and TLSv1.2 back on when they get enabled in the next ESR...David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/12684Make "Not Now" the default button for TorBrowser's canvas permission dialogue2020-06-15T23:19:20ZIsis LovecruftMake "Not Now" the default button for TorBrowser's canvas permission dialogueWhen TorBrowser's HTML5 canvas permission dialogue pops up from the URL bar,
![https://trac.torproject.org/projects/tor/raw-attachment/ticket/12684/tlk.io-canvas-access.png](https://trac.torproject.org/projects/tor/raw-attachment/ticket...When TorBrowser's HTML5 canvas permission dialogue pops up from the URL bar,
![https://trac.torproject.org/projects/tor/raw-attachment/ticket/12684/tlk.io-canvas-access.png](https://trac.torproject.org/projects/tor/raw-attachment/ticket/12684/tlk.io-canvas-access.png)
I suspect that users have _no idea_ what any of that text means, and so they click the largest, most-visible button available on the dialogue box. Right now, that's the "Allow in the Future" button, which allows the site to access HTML5 canvases forever (and until #12682 and/or #12683 are fixed, there isn't a way to revoke that permission).
I suggest that we make the largest, most-visible button on this dialogue be the one which doesn't allow the site permission to access HTML5 canvases, i.e. the "Not Now" button, since a site which is trying to do this is overwhelmingly likely to be sourcing some evil ad company's scripts which try to track users. It's not fair to make normal users understand how this works, so let's use people's desires to make popups go away ASAP to their own advantage for their privacy, without making them think too hard about it.
For background info, see [this thread on the tor-talk mailing list](https://lists.torproject.org/pipermail/tor-talk/2014-July/033969.html).Isis LovecruftIsis Lovecrufthttps://gitlab.torproject.org/legacy/trac/-/issues/9531More Torbutton hangs on New Identity control port access2020-06-15T23:18:30ZMike PerryMore Torbutton hangs on New Identity control port accessskruffy is reporting hangs on Torbutton's New Identity. Oddly, the hangs seem to be more common if you are loading a bunch of websites at the time of hitting New Identity, but that is not a full repro case.
The hang actually appears to ...skruffy is reporting hangs on Torbutton's New Identity. Oddly, the hangs seem to be more common if you are loading a bunch of websites at the time of hitting New Identity, but that is not a full repro case.
The hang actually appears to be happening while attempting to open a control port connection. Perhaps another race introduced by our SOCKS optimistic data hack in nsITransport? Or perhaps our hack for #8642 is insufficient in some cases, and/or during heavy network activity.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/12776Move meek's URL and front configuration into bridge_prefs.js2020-06-15T23:19:31ZDavid Fifielddcf@torproject.orgMove meek's URL and front configuration into bridge_prefs.jsSince the tor in the 4.0-alpha branch (current tor-browser-bundle.git master) supports setting parameters in bridge lines, we can move some of the configuration out of torrc.
This is going to be good for supporting multiple meek backend...Since the tor in the 4.0-alpha branch (current tor-browser-bundle.git master) supports setting parameters in bridge lines, we can move some of the configuration out of torrc.
This is going to be good for supporting multiple meek backends (like the upcoming CloudFront). Each one can be defined in its own bridge line, instead of requiring a ClientTransportPlugin line with a distinct method name.
On the other hand, if you're planning to do any meek bundles based on maint-3.6, you don't want this, because it won't work with tor 0.2.4.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/12674Neuter meek-http-helper's default proxy setting2020-06-15T23:22:57ZDavid Fifielddcf@torproject.orgNeuter meek-http-helper's default proxy settingThe headless meek-http-helper browser undoes Tor Browser's proxy setting:
https://gitweb.torproject.org/builders/tor-browser-bundle.git/blob/5400da654020a34edb9edee70a0583a89231c4fe:/Bundle-Data/PTConfigs/meek-http-helper-user.js#l7
...The headless meek-http-helper browser undoes Tor Browser's proxy setting:
https://gitweb.torproject.org/builders/tor-browser-bundle.git/blob/5400da654020a34edb9edee70a0583a89231c4fe:/Bundle-Data/PTConfigs/meek-http-helper-user.js#l7
{{{
// 0 is "No proxy".
user_pref("network.proxy.type", 0);
}}}
This setting used to be necessary in order for the HTTPS requests to be made on the network without themselves trying to go through the local tor proxy. However, since #12120, we [set the proxy type individually for every request](https://gitweb.torproject.org/pluggable-transports/meek.git/blob/2ef6e31de94eb10d40464a38909373114ff44132:/firefox/components/main.js#l134) (including a "direct" non-proxy when TOR_PT_PROXY is unset), so it's no longer necessary to change the global setting.
A good reason to leave the proxy set is so if someone manages to start Firefox using the meek-http-helper profile as a normal non-headless browser, it should fail closed, and give "the proxy server is refusing connections" rather than acting as an unproxied browser.
Even better, we can set the proxy URL to 127.0.0.1:9, the discard port, so it will fail even closeder if tor happens to be running on the usual port set by Tor Browser.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/7265Only display Canvas message for first parties; simply log third parties2020-06-15T23:15:21ZMike PerryOnly display Canvas message for first parties; simply log third partiesIn #6253, we created a prompt before allowing sites to extract image data from the HTML5 canvas. We did this for fingerprinting reasons.
However, since deploying that patch, I have noticed the warning on at least two random sites.
Unfo...In #6253, we created a prompt before allowing sites to extract image data from the HTML5 canvas. We did this for fingerprinting reasons.
However, since deploying that patch, I have noticed the warning on at least two random sites.
Unfortunately, the warning is not reproducible, and likely came from a particular 3rd party advertising network. Extra unfortunately, we display only the first party URL in the warning, for usability reasons and for first party-jailed content permissions.
We should provide some mouseover tooltip or other way of determining the full third party url in such warning boxes.
We need to be careful that such a notification does not clutter the warning box or confuse users, and we also need to be mindful of string updates, since the strings are stored in Torbutton but are used in Tor Browser (for translation expedience).Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/12444Please provide feedback when “Copy Tor Log messages” is clicked2020-06-13T17:43:01ZLunarPlease provide feedback when “Copy Tor Log messages” is clickedCopying Tor log messages to the clipboard is great. But it requires that user understand how the whole thing works. I've seen users regularly thinks that the button “did nothing” when it was clicked.
A feedback in the form of a non-moda...Copying Tor log messages to the clipboard is great. But it requires that user understand how the whole thing works. I've seen users regularly thinks that the button “did nothing” when it was clicked.
A feedback in the form of a non-modal, transient, notification would probably help. The message could say “513 Tor log messages now ready to be pasted in any text editor”, or something like that.Kathleen BradeKathleen Bradehttps://gitlab.torproject.org/legacy/trac/-/issues/12156Provide a helper script/instructions to package up a non-gitian compiled Fire...2014-09-01T22:06:25ZMike PerryProvide a helper script/instructions to package up a non-gitian compiled Firefox for GitianAn easy way to allow incremental developer (re)builds is to provide a helper script that wraps up a non-Gitian compiled Firefox component into a gitian compatible input zip, so you can incrementally rebuild Firefox and only have to wait ...An easy way to allow incremental developer (re)builds is to provide a helper script that wraps up a non-Gitian compiled Firefox component into a gitian compatible input zip, so you can incrementally rebuild Firefox and only have to wait through a re-bundling step to produce a working Linux bundle that is otherwise as close to an official TBB as possible.
We should also document this process in the Hacking file and/or Gitian README.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/12621Review and audit Firefox changes since Firefox 242020-06-15T23:19:16ZGeorg KoppenReview and audit Firefox changes since Firefox 24As the first step in the the switch to Firefox 31 in October, we'll need to review all of the Firefox for Developers pages, the undocumented bugs, and scan the source code for the appearance of new networking system calls.As the first step in the the switch to Firefox 31 in October, we'll need to review all of the Firefox for Developers pages, the undocumented bugs, and scan the source code for the appearance of new networking system calls.https://gitlab.torproject.org/legacy/trac/-/issues/12852Switch RecommendedVersions file to www.tpo2020-06-15T23:19:41ZMike PerrySwitch RecommendedVersions file to www.tpoWeasel suggests that we should move the version check location to be on www.torproject.org. This is probably a good idea, but it requires changes to our release process notes, as well as changes to Tor Browser to check the new update loc...Weasel suggests that we should move the version check location to be on www.torproject.org. This is probably a good idea, but it requires changes to our release process notes, as well as changes to Tor Browser to check the new update location.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/6062Tor Browser wont start via pinned link or shortcut? in windows start menu2020-06-15T23:19:42ZTracTor Browser wont start via pinned link or shortcut? in windows start menutitle says it all
also, window controls (minimize, maximize, close) are invisible on vista
on a completely unrelated note: your last torbutton update was messed up as tor mode continued to be active even after uninstalling torbutton (i...title says it all
also, window controls (minimize, maximize, close) are invisible on vista
on a completely unrelated note: your last torbutton update was messed up as tor mode continued to be active even after uninstalling torbutton (i switched it of in the firefox menu but im pretty sure there are some people out there who wouldnt know to do that)
and yes i know, you hate it when multiple issues are cramped into one ticket but i dont really think the other 2 deserve a ticket of their own, especially the torbutton one, since you wont be developing that anymore, just thought id bring it to your attention.
**Trac**:
**Username**: trallalaTorBrowserBundle 2.3.x-stableMark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/11405Tor Launcher UI for Proxy and Firewall selection is confusing to users2020-06-13T17:42:49ZMatt PaganTor Launcher UI for Proxy and Firewall selection is confusing to usersFrequently users contact the support desk for help configuring a proxy when they don't need to.
Some users think they can get even more security by setting a proxy with Tor, or they think that using a proxy with Tor can circumvent webs...Frequently users contact the support desk for help configuring a proxy when they don't need to.
Some users think they can get even more security by setting a proxy with Tor, or they think that using a proxy with Tor can circumvent website bans, or they start using Tor when someone tells them they need to use a proxy, then when they see on Tor Browser's launch that they can set a proxy, they think that's what they should do.
Please use this ticket to discuss other ways tor-launcher is confusing for users.Kathleen BradeKathleen Brade