Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-15T23:19:42Zhttps://gitlab.torproject.org/legacy/trac/-/issues/6062Tor Browser wont start via pinned link or shortcut? in windows start menu2020-06-15T23:19:42ZTracTor Browser wont start via pinned link or shortcut? in windows start menutitle says it all
also, window controls (minimize, maximize, close) are invisible on vista
on a completely unrelated note: your last torbutton update was messed up as tor mode continued to be active even after uninstalling torbutton (i...title says it all
also, window controls (minimize, maximize, close) are invisible on vista
on a completely unrelated note: your last torbutton update was messed up as tor mode continued to be active even after uninstalling torbutton (i switched it of in the firefox menu but im pretty sure there are some people out there who wouldnt know to do that)
and yes i know, you hate it when multiple issues are cramped into one ticket but i dont really think the other 2 deserve a ticket of their own, especially the torbutton one, since you wont be developing that anymore, just thought id bring it to your attention.
**Trac**:
**Username**: trallalaTorBrowserBundle 2.3.x-stableMark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/4234Deploy experimental builds using the Firefox update process2020-06-16T01:13:10ZMike PerryDeploy experimental builds using the Firefox update processSure, it's probably not hardened against version downgrade attacks, interruption attacks, no-progress attacks, and maybe not even against CA compromises.
But it's gotta be better than nothing, and maybe it is easily serviceable into so...Sure, it's probably not hardened against version downgrade attacks, interruption attacks, no-progress attacks, and maybe not even against CA compromises.
But it's gotta be better than nothing, and maybe it is easily serviceable into something that will work for us.
Users are having a hard time manually working with our TBB packages if they want to preserve bookmarks, settings, and history, and are getting themselves into trouble by copying pieces of them over each other incorrectly while trying to manually upgrade:
https://lists.torproject.org/pipermail/tor-talk/2011-October/021771.html
I think any form of process that automates this for them is a step above status quo. It's just a matter of finding out if it is significantly less time+effort to deploy than Thandy, and what the security tradeoffs are.TorBrowserBundle 2.3.x-stableMark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/34379Fix learn more for Onion-Location2020-06-16T01:13:16ZAlex CatarineuFix learn more for Onion-LocationSimilar to #34369, we have to fix the learn more links in the doorhanger and in about:preferences to point to https://tb-manual.torproject.org/[locale]/onion-services/Similar to #34369, we have to fix the learn more links in the doorhanger and in about:preferences to point to https://tb-manual.torproject.org/[locale]/onion-services/Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/34369Fix learn more link in Onion Auth prompt2020-06-16T01:13:14ZAntonelaantonela@torproject.orgFix learn more link in Onion Auth promptThe Learn more link in the "requesting your private key" dialogue leads to a 404 page:
https://2019.www.torproject.org/docs/tor-manual-dev.html.en-US#_client_…
It should go to
https://tb-manual.torproject.org/onion-services/
or
http...The Learn more link in the "requesting your private key" dialogue leads to a 404 page:
https://2019.www.torproject.org/docs/tor-manual-dev.html.en-US#_client_…
It should go to
https://tb-manual.torproject.org/onion-services/
or
https://support.torproject.org/onionservices/client-auth/
via https://blog.torproject.org/comment/288070#comment-288070Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/34362Improve Onion Service Authentication prompt2020-06-16T01:13:13ZMatthew FinkelImprove Onion Service Authentication prompthttps://blog.torproject.org/comment/288030#comment-288030
pastly commented that the current phrasing implies Tor Browser will send the private key to the onion service (because the onion service "requested it").
pastly, subsequently, s...https://blog.torproject.org/comment/288030#comment-288030
pastly commented that the current phrasing implies Tor Browser will send the private key to the onion service (because the onion service "requested it").
pastly, subsequently, suggested something like "foo.onion requires you to authenticate. Please enter the private key for your identity with this onion service".
The message should imply that the private key is needed for authentication, but the key is only used locally to prove possession of it (via crypto magic), and the key is not actually sent to the onion service.
Related: #30237Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/34315avoid reading policies from /etc/firefox on Linux2020-06-16T01:13:09ZMark Smithavoid reading policies from /etc/firefox on LinuxGeorg noticed that Firefox 77 and ESR 68.9 will include a fix for this bug:
"Read Linux policy from etc/opt directory"
https://bugzilla.mozilla.org/show_bug.cgi?id=1469629
Here is the patch:
https://hg.mozilla.org/releases/mozilla-esr68...Georg noticed that Firefox 77 and ESR 68.9 will include a fix for this bug:
"Read Linux policy from etc/opt directory"
https://bugzilla.mozilla.org/show_bug.cgi?id=1469629
Here is the patch:
https://hg.mozilla.org/releases/mozilla-esr68/rev/203a8c227a997c4ae7e970d0ec497d7292078d5c
Unfortunately, with that patch in place, policies will be read from /etc/firefox/policies/policies.json if it exists. For Tor Browser we do not want that behavior.
In the short run we can back out the Mozilla patch. In the long run should we handle this via a fixup for our #32418 patch.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/34209about:tor and about:tbupdate fail to load in debug build of Tor Browser2020-06-16T01:13:03ZMark Smithabout:tor and about:tbupdate fail to load in debug build of Tor BrowserWhen using a debug build based on acat's 33533+5 branch, trying to open about:tor or about:tbupdate leads to an assertion failure and a tab crash:
Assertion failure: foundObjectSrc (about: page must contain a CSP denying object-src), at...When using a debug build based on acat's 33533+5 branch, trying to open about:tor or about:tbupdate leads to an assertion failure and a tab crash:
Assertion failure: foundObjectSrc (about: page must contain a CSP denying object-src), at /.../dom/security/nsContentSecurityUtils.cpp:818
We need to add `object-src 'none'` to the CSP for those pages.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/33998stop using XUL <grid> soon2020-06-16T01:12:46ZMark Smithstop using XUL <grid> soonMozilla is removing support for XUL <grid>, probably in Firefox 78. References:
https://bugzilla.mozilla.org/show_bug.cgi?id=1525737
https://groups.google.com/forum/#!topic/mozilla.dev.platform/yDiT7nEWe2c
Our Tor Browser patches use it...Mozilla is removing support for XUL <grid>, probably in Firefox 78. References:
https://bugzilla.mozilla.org/show_bug.cgi?id=1525737
https://groups.google.com/forum/#!topic/mozilla.dev.platform/yDiT7nEWe2c
Our Tor Browser patches use it here:
https://gitweb.torproject.org/tor-browser.git/tree/browser/components/torpreferences/content/torPane.xul?h=tor-browser-68.7.0esr-9.5-1#n77
Tor Launcher uses it here:
https://gitweb.torproject.org/tor-launcher.git/tree/src/chrome/content/network-settings-shared.js#n15Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/33856Set browser.privatebrowsing.forceMediaMemoryCache=true2020-06-24T11:43:52ZrichardSet browser.privatebrowsing.forceMediaMemoryCache=trueNew pref added to disable disk caching of video in private browsing mode.
Relevant ticket:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1532486New pref added to disable disk caching of video in private browsing mode.
Relevant ticket:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1532486Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/33851Patch out Parental Controls detection and logging2020-06-16T01:12:23ZrichardPatch out Parental Controls detection and loggingWe should remove the per-OS implementations of nsIParentalControlsService in `/toolkit/components/parentalcontrols` and always use the stubbed-out `nsParentalControlsServiceDefault.cpp` implementation.
When an implementation is present,...We should remove the per-OS implementations of nsIParentalControlsService in `/toolkit/components/parentalcontrols` and always use the stubbed-out `nsParentalControlsServiceDefault.cpp` implementation.
When an implementation is present, URIs are sent to an `isAllowed(...` function that parental control software presumably can hook in the OS to filter content, and a `log(...)` method also takes in URIs.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/33848Disable Enhanced Tracking Protection (assuming we want it disabled)2020-06-16T01:12:22ZrichardDisable Enhanced Tracking Protection (assuming we want it disabled)There doesn't seem to be a single pref that disables everything, here's the prefs we need to set to disable the functionality:
- network.cookie.cookieBehavior = 0
- privacy.trackingprotection.enabled = false
- privacy.trackingprotect...There doesn't seem to be a single pref that disables everything, here's the prefs we need to set to disable the functionality:
- network.cookie.cookieBehavior = 0
- privacy.trackingprotection.enabled = false
- privacy.trackingprotection.pbmode.enabled = false
- privacy.trackingprotection.socialtracking.enabled = false
- privacy.trackingprotection.cryptomining.enabled = false
- privacy.trackingprotection.fingerprinting.enabled = false
We would need to some code to remove the ETP UI from about:preferences, the urlbar, etc.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/33698Update "About Tor Browser" links in Tor Browser2020-06-16T01:12:01ZGusUpdate "About Tor Browser" links in Tor BrowserIn Tor Browser, in Help > About Tor Browser, we should update some links:
1. Donate to https://donate.torproject.org
2. Get involved to https://community.torproject.org
3. Questions to https://support.torproject.org
4. Help the Tor Netw...In Tor Browser, in Help > About Tor Browser, we should update some links:
1. Donate to https://donate.torproject.org
2. Get involved to https://community.torproject.org
3. Questions to https://support.torproject.org
4. Help the Tor Network Grow! to https://community.torproject.org/relayMark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/33671Update "Get Involved" url in about:tor2020-06-16T01:11:57ZGusUpdate "Get Involved" url in about:torWe can replace this link https://www.torproject.org/getinvolved/volunteer.html.en that we have now in the footer of `about:tor` to the Community portal: https://community.torproject.org/We can replace this link https://www.torproject.org/getinvolved/volunteer.html.en that we have now in the footer of `about:tor` to the Community portal: https://community.torproject.org/Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/33482Update about:tor donate string2020-06-16T01:11:26ZAntonelaantonela@torproject.orgUpdate about:tor donate stringSarah suggested:
"On about:Tor instead of “Keep Tor Strong” how about something like, “Tor is free to use because of donations from people like you. Donate Now.”?" [i like it! -steph]
I attached a mockup.Sarah suggested:
"On about:Tor instead of “Keep Tor Strong” how about something like, “Tor is free to use because of donations from people like you. Donate Now.”?" [i like it! -steph]
I attached a mockup.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/32674Change link on 'Get involved' in about:tor to new community portal2020-06-16T01:28:33ZemmapeelChange link on 'Get involved' in about:tor to new community portalThe link to 'Get involved should not point to the old volunteer page, now that we have the new community page.
The link should be localized, as the manual and others on that page, although for the moment there are no translations enable...The link to 'Get involved should not point to the old volunteer page, now that we have the new community page.
The link should be localized, as the manual and others on that page, although for the moment there are no translations enabled, but we can do some .htacess foo meanwhile on the community portal as we plan to translate it and it has a lot of content.
![get_involved.png](uploads/get_involved.png)Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/32616disable GetSecureOutputDirectoryPath() functionality2020-06-16T01:10:04ZMark Smithdisable GetSecureOutputDirectoryPath() functionalityEven though the code paths that end in `GetSecureOutputDirectoryPath()` should not be taken in Tor Browser, we want to avoid any chance that the updater will create files under `C:\Program Files (x86)` or a similar location. Therefore we...Even though the code paths that end in `GetSecureOutputDirectoryPath()` should not be taken in Tor Browser, we want to avoid any chance that the updater will create files under `C:\Program Files (x86)` or a similar location. Therefore we will stub out the body of `GetSecureOutputDirectoryPath()` and have it return an error.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/32418Torbrowser tells on every start, that it can't update although it is newest2020-06-16T01:13:09ZTracTorbrowser tells on every start, that it can't update although it is newestTorbrowser 9.01/Windows 7 x86
Torbrowser tells on every start, that it can't update although it is newest
(I try to attach a screenshot, this seems to be difficult)
**Trac**:
**Username**: YetiTorbrowser 9.01/Windows 7 x86
Torbrowser tells on every start, that it can't update although it is newest
(I try to attach a screenshot, this seems to be difficult)
**Trac**:
**Username**: YetiMark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/31935TB9.0a7 is asking for a new profile2020-06-16T01:07:59ZAntonelaantonela@torproject.orgTB9.0a7 is asking for a new profileAfter installing the new alpha in MacOS Mojave v10.14, a New Profile box was prompted. Screenshot attached.After installing the new alpha in MacOS Mojave v10.14, a New Profile box was prompted. Screenshot attached.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/31910replace meek_lite with meek in circuit display2020-06-16T01:07:52ZMark Smithreplace meek_lite with meek in circuit displaySince #29430 was fixed, the Tor Browser circuit display shows "meek_lite" instead of "meek" (this is because the circuit display code gets the PT name from the Tor configuration and obfs4proxy uses "meek_lite" as the name for its meek im...Since #29430 was fixed, the Tor Browser circuit display shows "meek_lite" instead of "meek" (this is because the circuit display code gets the PT name from the Tor configuration and obfs4proxy uses "meek_lite" as the name for its meek implementation).
I think it would be better and less confusing if the circuit display showed "meek" as it did in previous versions of Tor Browser. The "lite" part is somewhat misleading given obfs4proxy's use of utls to mimic common TLS ClientHello messages.
Antonela, do you agree? Any other opinions?
(I included the tbb-9.0-must-alpha keyword so we remember to decide about this before we ship Tor Browser 9.0 stable).Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/31491clean up the old meek http helper browser profiles2020-06-13T17:44:22ZMark Smithclean up the old meek http helper browser profilesNow that we are using obfs4proxy's meek_lite in Tor Browser, we should add code that removes the old meek http helper browser profiles.
This is probably most easily done by Tor Launcher during startup since it already knows the file sys...Now that we are using obfs4proxy's meek_lite in Tor Browser, we should add code that removes the old meek http helper browser profiles.
This is probably most easily done by Tor Launcher during startup since it already knows the file system path for each profile.Mark SmithMark Smith