Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2012-08-29T00:28:26Zhttps://gitlab.torproject.org/legacy/trac/-/issues/5667Rebase patches for FF12, review doc2012-08-29T00:28:26ZMike PerryRebase patches for FF12, review docUsual drill. https://developer.mozilla.org/en/Firefox_12_for_developers looks benign, with the possible exception of https://developer.mozilla.org/en/DOM/window.navigator.connection, which we'll just disable for now via the pref.Usual drill. https://developer.mozilla.org/en/Firefox_12_for_developers looks benign, with the possible exception of https://developer.mozilla.org/en/DOM/window.navigator.connection, which we'll just disable for now via the pref.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5660hello i can t connect Tor Brownse2012-04-22T12:24:19ZTrachello i can t connect Tor Brownsehello my problem is the next
my sistem is window xp, and i can t connect tor brownser,
the log register show me thart
abr 22 18:11:08.140 [Notice] Bootstrapped 100%: Done.
abr 22 18:14:57.515 [Notice] Closing stream for '[scrubbed].o...hello my problem is the next
my sistem is window xp, and i can t connect tor brownser,
the log register show me thart
abr 22 18:11:08.140 [Notice] Bootstrapped 100%: Done.
abr 22 18:14:57.515 [Notice] Closing stream for '[scrubbed].onion': hidden service is unavailable (try again later).
abr 22 18:14:57.515 [Notice] Closing stream for '[scrubbed].onion': hidden service is unavailable (try again later).
abr 22 18:17:06.093 [Notice] Tried for 120 seconds to get a connection to [scrubbed]:80. Giving up. (waiting for circuit)
abr 22 18:17:06.093 [Notice] Tried for 120 seconds to get a connection to [scrubbed]:80. Giving up. (waiting for circuit)
abr 22 18:20:46.109 [Notice] Tried for 120 seconds to get a connection to [scrubbed]:80. Giving up. (waiting for circuit)
abr 22 18:20:46.109 [Notice] Tried for 120 seconds to get a connection to [scrubbed]:80. Giving up. (waiting for circuit)
abr 22 18:41:39.812 [Warning] Invalid onion hostname [scrubbed]; rejecting
PLEASE HELP
**Trac**:
**Username**: mhistral5TorBrowserBundle 2.3.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5461Circuit reused after New Identity is selected2012-06-04T23:58:23ZcypherpunksCircuit reused after New Identity is selectedNot sure if this is a fault of Tor Browser or TorBrowserButton, it would seem that the latter is at fault, but it's a recent regression (it didn't occur in 2.2.35-7.1) and TorButton version didn't change, so I'm a little confused.
Anywa...Not sure if this is a fault of Tor Browser or TorBrowserButton, it would seem that the latter is at fault, but it's a recent regression (it didn't occur in 2.2.35-7.1) and TorButton version didn't change, so I'm a little confused.
Anyway here's the jist, one of the websites I visit (let's call it IP1) detects if certain Tor exit nodes are used and if the IP is blacklisted it redirects (server-side 302) to a specific URL in another domain (let's call it IP2). In the previous TBB, I just selected New Identity from Tor Button and if I was lucky to have a "clean" exit node IP in the new identity, there would be no redirect. In 2.2.35-8 however, I can try New Identity as many times as I want and it will keep redirecting if I had stumbled on a blacklisted exit node once. I have verified by looking at open circuits in Vidalia's Tor Network Map that this is not because the website has banned more Tor exit nodes. I noticed that after I press New Identity, the circuit for "IP1" remains open. Also, loading IP1 in the browser does NOT open a new connection to IP1, it automatically goes straight to IP2 in a new circuit. If I manually close the "stalled" circuit for IP1, I can finally access the website (if the new connection to IP1 comes from a circuit with a "clean" exit node).
TorBrowserButton should ensure that ALL circuits are closed when New Identity is selected. Otherwise, a website can create unique redirects for every connection and identify users across TorButton identities.TorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5427NoScript configuration overwritten on every update2012-03-20T16:20:34ZcypherpunksNoScript configuration overwritten on every updateI'm aware that [#3007](https://trac.torproject.org/projects/tor/ticket/3007) and [#4794](https://trac.torproject.org/projects/tor/ticket/4794) have been closed as non-bugs. However, even if the design philosophy requires not to activate ...I'm aware that [#3007](https://trac.torproject.org/projects/tor/ticket/3007) and [#4794](https://trac.torproject.org/projects/tor/ticket/4794) have been closed as non-bugs. However, even if the design philosophy requires not to activate NoScript by default, then it would be good if NoScript was not deactivated with every update.
To be specific: I enable NoScript manually (Forbid Scripts Globally). For an update of TorBrowser, I extract the tar archive. This extraction silently overwrites my manual configuration to NoScript, leaving me with scripts enabled globally. This is a security bug.
P.S. Why do you include NoScript at all?TorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5412There is a security update available for the Tor Browser Bundle.2020-06-13T01:01:09ZTracThere is a security update available for the Tor Browser Bundle.I just installed the latest browser bundle for Linux today;
tor-browser-gnu-linux-i686-2.2.35-8-dev-en-US.tar.gz
And when I started it, to my surprise it's telling me there's an update;
There is a security update available for the Tor...I just installed the latest browser bundle for Linux today;
tor-browser-gnu-linux-i686-2.2.35-8-dev-en-US.tar.gz
And when I started it, to my surprise it's telling me there's an update;
There is a security update available for the Tor Browser Bundle
**Trac**:
**Username**: DasFoxMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5404Rebase patches for Firefox 11, review dev doc2012-08-29T00:28:20ZMike PerryRebase patches for Firefox 11, review dev docFirefox 11 is out. https://developer.mozilla.org/en/Firefox_11_for_developers.
The main concern for us is that the battery API is now on by default (#5293), but we may also want to look into if SPDY alters out plans for #5282 as well.Firefox 11 is out. https://developer.mozilla.org/en/Firefox_11_for_developers.
The main concern for us is that the battery API is now on by default (#5293), but we may also want to look into if SPDY alters out plans for #5282 as well.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5375Important Idea Submission2012-03-13T04:55:26ZTracImportant Idea SubmissionTo create an encrypted search engine that can search through .onion websites and other websites alike to host a distributed shared search engine that is capable of going through content without a third party being aware of what content i...To create an encrypted search engine that can search through .onion websites and other websites alike to host a distributed shared search engine that is capable of going through content without a third party being aware of what content is being searched for such as google, etc.
**Trac**:
**Username**: lionoxmaneagleMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5296Tor Browser Bundle leaks version info2012-03-02T03:26:41ZproperTor Browser Bundle leaks version infohttps://svn.torproject.org/svn/check/trunk/cgi-bin/TorCheck.py it includes "There is a security update available for the Tor Browser Bundle." I saw that message live already.
How can check.torproject.org find out the Tor Browser Bundle ...https://svn.torproject.org/svn/check/trunk/cgi-bin/TorCheck.py it includes "There is a security update available for the Tor Browser Bundle." I saw that message live already.
How can check.torproject.org find out the Tor Browser Bundle version? This is not documented.
If check.torproject.org can do it, can other websites get the information as well?Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5289Disable IndexDB2012-05-02T20:01:30ZMike PerryDisable IndexDBFirefox mumblepointoh added official support for the IndexDB API, which is yet another storage mechanism we have to worry about: https://developer.mozilla.org/en/IndexedDB
It appears IndexDB is disabled for third parties, and also promp...Firefox mumblepointoh added official support for the IndexDB API, which is yet another storage mechanism we have to worry about: https://developer.mozilla.org/en/IndexedDB
It appears IndexDB is disabled for third parties, and also prompts the user for permissions to store data for each site, but we should still be clearing it on New Identity.TorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5282Randomize non-pipelined requests to defend against traffic fingerprinting2020-06-15T23:44:16ZMike PerryRandomize non-pipelined requests to defend against traffic fingerprintingAccording to Martin Henze (who works with Andriy Panchenko), the defense in #3914 is inadequate due to the fact that many sites forcibly disable pipelining.
He implemented a defense that randomizes non-pipelined HTTP requests as well, b...According to Martin Henze (who works with Andriy Panchenko), the defense in #3914 is inadequate due to the fact that many sites forcibly disable pipelining.
He implemented a defense that randomizes non-pipelined HTTP requests as well, but it may need some cleanup. It also needs testing against their framework still, I believe.TorBrowserBundle 2.3.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5273Update TBB design doc for 2.3.x2020-06-15T23:14:24ZMike PerryUpdate TBB design doc for 2.3.xThere's a few XXX's in the design doc I should clean up.
Additionally, we need to describe our resolution defenses, provide an entropy count estimate for fingerprinting defenses, and document the environment variables and settings used ...There's a few XXX's in the design doc I should clean up.
Additionally, we need to describe our resolution defenses, provide an entropy count estimate for fingerprinting defenses, and document the environment variables and settings used to provide a non-grey "New Identity" button.
There may also be some development changes we'll want to roll up into this update, too.TorBrowserBundle 2.3.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5266NoScript's Audio/Video blocking breaks YouTube HTML52012-08-06T08:18:23ZMike PerryNoScript's Audio/Video blocking breaks YouTube HTML5For some reason, NoScript's click-to-play placeholders can't be clicked through for html5 video on youtube, unless you disable them for all content types.
I've contacted Giorgio about this. I still need to get him a NoScript config that...For some reason, NoScript's click-to-play placeholders can't be clicked through for html5 video on youtube, unless you disable them for all content types.
I've contacted Giorgio about this. I still need to get him a NoScript config that causes the issue in a vanilla Firefox though.TorBrowserBundle 2.3.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5264Triage TBB bugs for 2.3.x2012-03-02T23:25:39ZMike PerryTriage TBB bugs for 2.3.xI need a placeholder to mark the point at which tickets for TBB 2.3.x were triaged, to make the triage process easier the next time around.
Last time, Erinn and I triaged was during PETS 2011, before the 2011 dev meeting in Waterloo, wh...I need a placeholder to mark the point at which tickets for TBB 2.3.x were triaged, to make the triage process easier the next time around.
Last time, Erinn and I triaged was during PETS 2011, before the 2011 dev meeting in Waterloo, which was around Jul 20-24. It looks like #3600 corresponds to the most recent ticket that was opened that received triage attention.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5223Frequent vidalia log error2013-03-23T03:01:54ZcypherpunksFrequent vidalia log errorSometimes a www is added to an .onion address causing:
"One of your applications tried to establish a connection through tor to "www.xy.onion", which Tor does not recognize as a valid hostname. Please check your application's configurat...Sometimes a www is added to an .onion address causing:
"One of your applications tried to establish a connection through tor to "www.xy.onion", which Tor does not recognize as a valid hostname. Please check your application's configuration."
Noticed it several times, browser bundle for linux, version 2.2.3.5-7.2
how's that?Sebastian HahnSebastian Hahnhttps://gitlab.torproject.org/legacy/trac/-/issues/5193Tor Browser Bundle Shows No Socks Proxy Connection Info2013-03-23T03:19:35ZTracTor Browser Bundle Shows No Socks Proxy Connection InfoI'm running Linux, so I'm not sure if this is the same for the other versions of the browser bundle, but if it is I hope someone can please correct this.
This is not a bug, rather a lack of a feature that seems fairly important.
In The...I'm running Linux, so I'm not sure if this is the same for the other versions of the browser bundle, but if it is I hope someone can please correct this.
This is not a bug, rather a lack of a feature that seems fairly important.
In The network settings and using a proxy to access the internet, I noticed when using a Socks 5 proxy there is no information being listed in the Message Log, about the connectivity to this proxy.
I think it would be great if Tor showed some type of connectivity information, showing it was making the connection, when the connection is completed and successful, then making the connections to Tor, rather then simply connecting and getting online.
I reported something like this in the past, but it seemed like Tor was just by passing the proxy and getting online and without any information in the log, we don't really know if it was successful or Tor simply by passed it and was able to get online, also there could be a bug in the software, so we need some type of logging information...
THANKS
**Trac**:
**Username**: DasFoxMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5140prevent bookmarks manipalation in firefox2012-06-14T05:41:30ZTracprevent bookmarks manipalation in firefox-prevent drag and drop the icon from adress bar to get a bookmark
-prevent drag and drop bookmarks in bookmarks panel
-prevent drag and drop tab to open it in a new window
tested under Firefox 13.0a1 on Intel Mac OS X 10.7
**Trac**:
...-prevent drag and drop the icon from adress bar to get a bookmark
-prevent drag and drop bookmarks in bookmarks panel
-prevent drag and drop tab to open it in a new window
tested under Firefox 13.0a1 on Intel Mac OS X 10.7
**Trac**:
**Username**: angelo666Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5115Add option to keep Tor open even after browser is closed2012-02-29T00:45:30ZTracAdd option to keep Tor open even after browser is closedI've found it annoying that if the browser crashes or I close it automatically, the Vidalia control panel and the tor processes will close as well. Also, I sometimes just want to run Tor without the browser (Just as a relay), and I can't...I've found it annoying that if the browser crashes or I close it automatically, the Vidalia control panel and the tor processes will close as well. Also, I sometimes just want to run Tor without the browser (Just as a relay), and I can't run it without having to keep the browser open.
So maybe there could be an option to not close everything if the browser is closed?
**Trac**:
**Username**: Frogging101Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5060Track Mozilla's plan to implement MetricsDataPing2013-12-04T05:32:57ZGeorg KoppenTrack Mozilla's plan to implement MetricsDataPingThe metrics data folks at Mozilla plan to implement a mechanism to get a lot of data from Firefox users on an opt-out basis. See: https://bugzilla.mozilla.org/show_bug.cgi?id=718066 and https://wiki.mozilla.org/MetricsDataPing. Hopefully...The metrics data folks at Mozilla plan to implement a mechanism to get a lot of data from Firefox users on an opt-out basis. See: https://bugzilla.mozilla.org/show_bug.cgi?id=718066 and https://wiki.mozilla.org/MetricsDataPing. Hopefully, there will be a pref to disable this. If not, I guess, the browser needs to get patched. This ticket is for the latter case in order to not get caught off guard.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5056User Agent bug related to update to Firefox 102012-02-29T08:36:53ZcypherpunksUser Agent bug related to update to Firefox 10Firefox 10 no longer sends HTTP_ACCEPT_CHARSET header.
Tor Browser Bundle tor-browser-2.2.35-5_en-US.exe behaves in the same way, not sending this header, however its User Agent is the same as Firefox 5, which did send the HTTP_ACCEPT_C...Firefox 10 no longer sends HTTP_ACCEPT_CHARSET header.
Tor Browser Bundle tor-browser-2.2.35-5_en-US.exe behaves in the same way, not sending this header, however its User Agent is the same as Firefox 5, which did send the HTTP_ACCEPT_CHARSET header.
This makes it much easier for websites to identify Tor users, and can also cause some confusion for browser sniffing and web statistics, thus possibly denying access for Tor users.
Easy resolution is to update the Tor Browser Bundle User Agent to the same one as Firefox 10. Based on the upgrade curve of new Firefox versions, majority of Firefox users will be running Firefox 10 very soon.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5025https everywhere prevents scroogle from loading?2012-02-29T08:32:09Zcypherpunkshttps everywhere prevents scroogle from loading?"HTTPS Everywhere and maybe extensions.torbutton.redir_url.4 is messing with scroogle.org which is inaccessible with TBB. Disabling only the related rule is not enough, only fully disabling the extension and deleting the torbutton value ..."HTTPS Everywhere and maybe extensions.torbutton.redir_url.4 is messing with scroogle.org which is inaccessible with TBB. Disabling only the related rule is not enough, only fully disabling the extension and deleting the torbutton value in about:config seems to fix it."
http://www.scroogle.org/ times out in TBB.
Disable https everywhere and it suddenly loads again.Mike PerryMike Perry