Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T00:45:40Zhttps://gitlab.torproject.org/legacy/trac/-/issues/25850Eval error on content include via iframe2020-06-16T00:45:40ZTracEval error on content include via iframeHi,
https://linc.cnil.fr/une-cartographie-des-outils-et-pratiques-de-protection-de-la-vie-privee include https://framindmap.org/c/maps/438273/embed?zoom=1 with an iframe.
On Firefox 52.7.3esr both works fine.
On TorBrowser 7.5.3,
- ht...Hi,
https://linc.cnil.fr/une-cartographie-des-outils-et-pratiques-de-protection-de-la-vie-privee include https://framindmap.org/c/maps/438273/embed?zoom=1 with an iframe.
On Firefox 52.7.3esr both works fine.
On TorBrowser 7.5.3,
- https://framindmap.org/c/maps/438273/embed?zoom=1 works fine
- https://linc.cnil.fr/une-cartographie-des-outils-et-pratiques-de-protection-de-la-vie-privee which try to include https://framindmap.org/c/maps/438273/embed?zoom=1 via an iframe does not print the content. Eval errors are displayed in the console.
**Trac**:
**Username**: gebhttps://gitlab.torproject.org/legacy/trac/-/issues/25729UTF8 encoded TORRC does NOT parse non-Latin paths2020-06-13T15:33:33ZTracUTF8 encoded TORRC does NOT parse non-Latin pathsUnpack [this Tor archive](https://linx.li/selif/tor-utf8-fails.7z) to C:\
It will create the following hierarchy:
_C:\Проверка\Tor_ (for executables, libraries and torrc)
_C:\Проверка\Tor\Data_ (for data and geoip)
Configuration file, ...Unpack [this Tor archive](https://linx.li/selif/tor-utf8-fails.7z) to C:\
It will create the following hierarchy:
_C:\Проверка\Tor_ (for executables, libraries and torrc)
_C:\Проверка\Tor\Data_ (for data and geoip)
Configuration file, torrc, is encoded UTF8.
It has this line: _DataDirectory C:\Проверка\Tor\Data_
If I run tor.exe -f torrc, the output as follows
''[warn] Error creating directory C:\Проверка\Tor\Data: No such file or directory
[warn] Failed to parse/validate config: Couldn't create private data directory "C:\Проверка\Tor\Data"''
Now let’s replace UTF8 encoded torrc with [ANSI encoded torrc](https://linx.li/selif/torrc-ansi.7z) and Tor works as expected.
**Trac**:
**Username**: FlemingTor: unspecifiedhttps://gitlab.torproject.org/legacy/trac/-/issues/25660Remove "New Private Window" option from Tor Browser or make it a separate ses...2020-06-16T00:45:02ZstephwRemove "New Private Window" option from Tor Browser or make it a separate sessionIt doesn't do anything that I can tell. If it does, we should have more of an explanation to set user expectation.
For instance, I thought perhaps when I was logged into Twitter in another tab, it might isolate a separate session, but i...It doesn't do anything that I can tell. If it does, we should have more of an explanation to set user expectation.
For instance, I thought perhaps when I was logged into Twitter in another tab, it might isolate a separate session, but it does not. If I go to twitter.com in a "New Private Window", I am still logged into the same account.https://gitlab.torproject.org/legacy/trac/-/issues/25633Ctrl-D makes it too easy to create bookmarks accidentally2020-06-16T00:44:54ZcypherpunksCtrl-D makes it too easy to create bookmarks accidentallyIt used to be the case that pressing Ctrl-D would pop up a dialog box prompting you to create a bookmark (or cancel.)
A few releases ago, Firefox changed this behavior. Now, Ctrl-D creates a bookmark, then pops up a dialog prompting yo...It used to be the case that pressing Ctrl-D would pop up a dialog box prompting you to create a bookmark (or cancel.)
A few releases ago, Firefox changed this behavior. Now, Ctrl-D creates a bookmark, then pops up a dialog prompting you to edit the bookmark (or delete it.)
This is a subtle distinction, but potentially an important one, for two reasons.
**1. Pressing Escape after Ctrl-D doesn't undo the bookmarking operation as you might expect.** It's very easy to press Ctrl-D by mistake when you mean to press, say, Ctrl-F. If you've just pressed a key you didn't intend to press, without knowing what it does, and an unexpected dialog appears in your peripheral vision, it's natural to react by pressing Escape ("oops, didn't mean that.") And if you do that, and the dialog disappears in response, it's quite natural to assume that you successfully cancelled whatever action it was that you inadvertently initiated.
**2. Pressing Ctrl-D immediately saves the current URL to disk** (namely, in places.sqlite), without any further confirmation. Even if you are paying attention, a simple slip of the finger can potentially create a persistent record of your browsing activity. (Even if you delete the bookmark immediately, it won't be purged from places.sqlite right away.)
This UI change was a bad idea, but in "normal" Firefox usage, it's usually only a minor annoyance - I end up with a bunch of random accidental bookmarks at the bottom of the menu that I need to clean out every couple of months. But in the Tor Browser context, it's potentially quite dangerous, as it violates the disk avoidance principle.
Saving bookmarks without the user's consent may or may not have any practical impact in most cases. But it can have a major impact on users' confidence in the browser. For that reason, Tor Browser can and should do better.https://gitlab.torproject.org/legacy/trac/-/issues/25308Onion service node pinning by default2020-06-13T15:22:13ZcypherpunksOnion service node pinning by defaultHi, can you please consider enabling node pinning by default for onion services? https://trac.torproject.org/projects/tor/ticket/13837
If you plan on waiting for more testing, is there a fingerprinting disadvantage if some users have it...Hi, can you please consider enabling node pinning by default for onion services? https://trac.torproject.org/projects/tor/ticket/13837
If you plan on waiting for more testing, is there a fingerprinting disadvantage if some users have it enabled?Tor: unspecifiedhttps://gitlab.torproject.org/legacy/trac/-/issues/24981Update trac identity to match styleguide2020-06-13T16:54:19ZstephwUpdate trac identity to match styleguide- change Tor trac logo to: https://styleguide.torproject.org/static/images/color.svg
- change purple links to # 7D4698
- change green h1 to # 68B030- change Tor trac logo to: https://styleguide.torproject.org/static/images/color.svg
- change purple links to # 7D4698
- change green h1 to # 68B030HiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/24943Tor Browser is preventing add-on from saving its setting2020-06-16T00:43:23ZcypherpunksTor Browser is preventing add-on from saving its settingTL:DR;
I've downloaded an add-on from mozilla, and when I try to configure it the TorButton cleared its settings.
Detail:
First, I thought this might be an add-on's bug. I tested the add-on with Mozilla Firefox ESR and Firefox 57. Both ...TL:DR;
I've downloaded an add-on from mozilla, and when I try to configure it the TorButton cleared its settings.
Detail:
First, I thought this might be an add-on's bug. I tested the add-on with Mozilla Firefox ESR and Firefox 57. Both worked without problem.
So I removed the add-on from Tor browser and tried this[1].
When I clicked "Save", it cleared all forms.
The Browser console said TorButton is causing this issue.
I understand you don't want users to add any add-ons to your browser.
But isn't this too much?
[1] https://trac.torproject.org/projects/tor/attachment/ticket/24783/samplefortor.ziphttps://gitlab.torproject.org/legacy/trac/-/issues/24934Possible memory leak and high cpu usage with Tor Browser when visiting a cert...2020-06-16T00:43:22ZcypherpunksPossible memory leak and high cpu usage with Tor Browser when visiting a certain website and opening the Inspector1. Open Tor Browser and GNOME System Monitor.
2. Go to https://pomf.space/
3. Open the Inspector `Ctrl+Shift+C`
4. On my system the CPU usage hits up 99%, and after some time (+30min) memory usage of firefox reaches 700Mb and of Web Cont...1. Open Tor Browser and GNOME System Monitor.
2. Go to https://pomf.space/
3. Open the Inspector `Ctrl+Shift+C`
4. On my system the CPU usage hits up 99%, and after some time (+30min) memory usage of firefox reaches 700Mb and of Web Content reaches 700Mb as well.
Could this be a memory leak?https://gitlab.torproject.org/legacy/trac/-/issues/24685Lockpad icon doesn't appear and connection is labeled as insecure when loadin...2020-06-16T00:42:58ZcypherpunksLockpad icon doesn't appear and connection is labeled as insecure when loading a PDF from a secure URLThis doesn't happen all the time but it does sometimes, try to reproduce it by opening for example:
https://svn.torproject.org/svn/projects/design-paper/blocking.pdfThis doesn't happen all the time but it does sometimes, try to reproduce it by opening for example:
https://svn.torproject.org/svn/projects/design-paper/blocking.pdfhttps://gitlab.torproject.org/legacy/trac/-/issues/24412Provide single parameter that accepts all other parameters as qualified searc...2020-06-13T18:02:10ZirlProvide single parameter that accepts all other parameters as qualified search termsThis works:
https://onionoo.torproject.org/details?limit=1
This does not:
https://onionoo.torproject.org/details?search=limit:1
I'd like to give Relay Search users the ability to load larger results sets as long as they have explicitly...This works:
https://onionoo.torproject.org/details?limit=1
This does not:
https://onionoo.torproject.org/details?search=limit:1
I'd like to give Relay Search users the ability to load larger results sets as long as they have explicitly asked for them. This would mean adding a limit:N to the search term as part of the search query which could be built using #23782.
Unfortunately, this parameter does not seem to work.https://gitlab.torproject.org/legacy/trac/-/issues/24321Review Cloudflare's Official "Privacy Pass" addon to evaluate inclusion in To...2020-06-16T00:42:30ZcypherpunksReview Cloudflare's Official "Privacy Pass" addon to evaluate inclusion in Tor Browserhttps://addons.mozilla.org/en-US/firefox/addon/privacy-pass/
This addon is a design intended to reduce the captcha burden from Cloudflare on users.
PETS 2018 paper:
https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026.pdfhttps://addons.mozilla.org/en-US/firefox/addon/privacy-pass/
This addon is a design intended to reduce the captcha burden from Cloudflare on users.
PETS 2018 paper:
https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026.pdfhttps://gitlab.torproject.org/legacy/trac/-/issues/24216Make p global in the sigterm handler2020-06-13T16:19:51ZteorMake p global in the sigterm handlerThis causes errors like:
```
./bwauthority.py:71: SyntaxWarning: name 'p' is assigned to before global declaration
global p
```
in some recent python versions.
It appears to be one of those lovely python hiesenbugs that appears and di...This causes errors like:
```
./bwauthority.py:71: SyntaxWarning: name 'p' is assigned to before global declaration
global p
```
in some recent python versions.
It appears to be one of those lovely python hiesenbugs that appears and disappears depending on python version, OS, and other code changes.Tom Rittertom@ritter.vgTom Rittertom@ritter.vghttps://gitlab.torproject.org/legacy/trac/-/issues/24177screenshot command in Web Developer toolbar is broken in Tor Browser2020-06-16T00:42:03Zcypherpunksscreenshot command in Web Developer toolbar is broken in Tor BrowserWhen I try use the command it returns "unknownError"
Linux Tor Browser 7.0.9 (based on Mozilla Firefox 52.4.1) (64-bit)When I try use the command it returns "unknownError"
Linux Tor Browser 7.0.9 (based on Mozilla Firefox 52.4.1) (64-bit)https://gitlab.torproject.org/legacy/trac/-/issues/24146Linux Tor Browser 7.0.10 version: The proxy server is refusing connections2020-06-16T00:42:00ZTracLinux Tor Browser 7.0.10 version: The proxy server is refusing connectionsMy tor browser auto-upgraded yesterday 2017 Friday Nov 03 to 7.0.9 but the restart gave me the error "The proxy server is refusing connections" for any URL. I cannot use the browser.
I'm on Ubuntu 16.04. How do I fix this issue. I norma...My tor browser auto-upgraded yesterday 2017 Friday Nov 03 to 7.0.9 but the restart gave me the error "The proxy server is refusing connections" for any URL. I cannot use the browser.
I'm on Ubuntu 16.04. How do I fix this issue. I normally do not change any of Tor's settings.
About Tor Borowser: 7.0.9 (based on Mozilla Firefox 52.4.1) (64-bit)
Any help to get Tor browser working again would be appreciated. Thank you.
**Trac**:
**Username**: TorontoBoyhttps://gitlab.torproject.org/legacy/trac/-/issues/24045Measure and map overloaded or over-weighted relays2020-06-13T18:07:40ZteorMeasure and map overloaded or over-weighted relaysFrom #21394, it looks like some exits are allocated too much consensus weight, and then they fail.
Can we calculate and map or graph the bandwidth to consensus weight ratios of relays?
This would help us find out if the changes we make...From #21394, it looks like some exits are allocated too much consensus weight, and then they fail.
Can we calculate and map or graph the bandwidth to consensus weight ratios of relays?
This would help us find out if the changes we make are helping to allocate bandwidth more evenly.https://gitlab.torproject.org/legacy/trac/-/issues/24043monotonic time test failure on 0.3.0.x2020-06-13T15:16:32Zweasel (Peter Palfrader)monotonic time test failure on 0.3.0.xhttps://jenkins.torproject.org/job/tor-debian-0.3.0-nightly-binaries/169/ARCHITECTURE=amd64,SUITE=jessie/consoleFull
on (I think) 4d73ed10c40938d1ef1cf5628fd1840ee64df8ff
```
01:45:40 util/pwdb: [forking] OK
01:45:40 util/calloc_check: ...https://jenkins.torproject.org/job/tor-debian-0.3.0-nightly-binaries/169/ARCHITECTURE=amd64,SUITE=jessie/consoleFull
on (I think) 4d73ed10c40938d1ef1cf5628fd1840ee64df8ff
```
01:45:40 util/pwdb: [forking] OK
01:45:40 util/calloc_check: OK
01:45:40 util/monotonic_time:
01:45:40 FAIL ../src/test/test_util.c:5552: assert(monotime_coarse_diff_msec(&mtc1, &mtc2) OP_GE 125): 0 vs 125
01:45:40 [monotonic_time FAILED]
01:45:40 util/monotonic_time_ratchet: [forking] OK
01:45:40 util/htonll: OK
```Tor: unspecifiedhttps://gitlab.torproject.org/legacy/trac/-/issues/23955Set "ConnectionPadding 1" by default to unify padding behavior for Tor Browse...2020-06-16T00:41:45ZcypherpunksSet "ConnectionPadding 1" by default to unify padding behavior for Tor Browser usersNetflow padding was implemented by Mike Perry and merged for Tor 0.3.1.x, however by default it is only enabled with relays that have version bigger or equal to 0.3.1.x.
https://www.torproject.org/docs/tor-manual.html.en#ConnectionPadd...Netflow padding was implemented by Mike Perry and merged for Tor 0.3.1.x, however by default it is only enabled with relays that have version bigger or equal to 0.3.1.x.
https://www.torproject.org/docs/tor-manual.html.en#ConnectionPadding
As a result, since Tor version distribution for guard nodes is significantly different it means that some Tor Browser users will have different network fingerprint.
Of course even if they have it's not really _that_ harmful but enabling it by default _may_ not prove harmful either.https://gitlab.torproject.org/legacy/trac/-/issues/23840Google's reCAPTCHA fails 100%2020-06-13T17:36:14ZcypherpunksGoogle's reCAPTCHA fails 100%When I click "I;m not a robot" of Google Captcha, I instantly got:
Try again later
Your computer or network may be sending automated queries. To protect our users, we can't process your request right now. For more details visit our help...When I click "I;m not a robot" of Google Captcha, I instantly got:
Try again later
Your computer or network may be sending automated queries. To protect our users, we can't process your request right now. For more details visit our help page
Switching identity didn't help. Looks like Google ban Tor completely.
This will block Tor users to:
a) use web services which use Google Captcha (reddit registration for example)
b) visit Cloudflared website
You should write a blog to gather attention.HiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/23446Write a guidelines documentation for requirements with Tor integration by thi...2020-06-13T17:25:13ZcypherpunksWrite a guidelines documentation for requirements with Tor integration by third partiesI heard that one of the discussions in the Montreal meeting was "Encouraging Tor integration by third parties" which spawned for me the idea that there must be some guidelines documentation the requirements that should be met for each us...I heard that one of the discussions in the Montreal meeting was "Encouraging Tor integration by third parties" which spawned for me the idea that there must be some guidelines documentation the requirements that should be met for each use case. For example for browsers (where integrating Tor is a goal with Brave in private browsing and it has been suggested by the (ex?)-CEO of Mozilla) among the requirements I can think of,
1. Having the user agent the same as the Tor Browser (Otherwise fingerprinting would be easy).
2. Stream isolation should be enforced, otherwise a single exit can watch all traffic.
3. First party isolation should be enforced.
5. ...etc
Of course there's already the Tor Browser design documentation, but it doesn't address this question directly, and more importantly those folks don't want to make an alternative Tor Browser, rather just a "Tor mode" to their private browsing that can enable true privacy by design.
What do you think of such an idea?
Note that this finds its parallel with little-t-tor in another ticket that I couldn't find about alternative implementations of the tor client.website redesignhttps://gitlab.torproject.org/legacy/trac/-/issues/23313The trac "reply/edit/delete" comment buttons now require JavaScript2020-06-13T16:53:23ZteorThe trac "reply/edit/delete" comment buttons now require JavaScriptThis seems to have happened in the recent upgrade.
If we can revert the change that caused this, that would be great.This seems to have happened in the recent upgrade.
If we can revert the change that caused this, that would be great.Jens KubiezielJens Kubieziel