Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-15T23:32:37Zhttps://gitlab.torproject.org/legacy/trac/-/issues/18115Add "Mosaddegh" and "MaBishomarim" as new default obfs4 bridges2020-06-15T23:32:37ZNima FatemiAdd "Mosaddegh" and "MaBishomarim" as new default obfs4 bridgesThese are two (of 5) high capacity obfs4 bridges running on rethem infrastructure and maintained by me. Dedicated to act as default obfs4 bridges.
I'll add the other three later.
The patch is available on Github [2369667e50ecdc3a2778bb...These are two (of 5) high capacity obfs4 bridges running on rethem infrastructure and maintained by me. Dedicated to act as default obfs4 bridges.
I'll add the other three later.
The patch is available on Github [2369667e50ecdc3a2778bba470cf849b0dd8ac53](https://github.com/mrphs/tor-browser-bundle/commit/2369667e50ecdc3a2778bba470cf849b0dd8ac53) and [96f9323db67409b41200a62bce91d01e552b46dc](https://github.com/mrphs/tor-browser-bundle/commit/96f9323db67409b41200a62bce91d01e552b46dc) and also attached to this ticket. The patches are signed with my current key.
PS: I've added `Mosaddegh` on top of the list and `MaBishomarim` at the bottom, to do a little experiment and see if they get significantly different amount of traffic.https://gitlab.torproject.org/legacy/trac/-/issues/18104Add new default obfs4 bridge noether to Tor Browser2020-06-15T23:32:35ZIsis LovecruftAdd new default obfs4 bridge noether to Tor BrowserThere's another obfs4 bridge named `noether` for the default Tor Browser bridge list. It's 100MB/s and run also by the same person as #18071. We should add it to TB for the upcoming 5.5 release.There's another obfs4 bridge named `noether` for the default Tor Browser bridge list. It's 100MB/s and run also by the same person as #18071. We should add it to TB for the upcoming 5.5 release.Isis LovecruftIsis Lovecrufthttps://gitlab.torproject.org/legacy/trac/-/issues/18091Change port number for the ndnop3 obfs4 bridge and add a new obfs4 bridge, nd...2020-06-15T23:32:25ZDavid Fifielddcf@torproject.orgChange port number for the ndnop3 obfs4 bridge and add a new obfs4 bridge, ndnop5The bridge ndnop3 (#17747) is now listening on an additional port. It will continue listening on its previous port, but that port is known to be blocked in some places.
There is also a brand new, separate obfs4 bridge, ndnop5. We'd like...The bridge ndnop3 (#17747) is now listening on an additional port. It will continue listening on its previous port, but that port is known to be blocked in some places.
There is also a brand new, separate obfs4 bridge, ndnop5. We'd like it to be added at the same time as ndnop3's port changes for experimental control reasons.https://gitlab.torproject.org/legacy/trac/-/issues/18072Change Tor Browser's recommended bridge type to obfs42020-06-15T23:32:21ZIsis LovecruftChange Tor Browser's recommended bridge type to obfs4After #18071 is merged, I think we should change the recommended bridge type in Tor Browser to obfs4, given that we now have several high capacity obfs4 bridges and obfs4 is more likely to work in more regions than obfs3. Additionally, i...After #18071 is merged, I think we should change the recommended bridge type in Tor Browser to obfs4, given that we now have several high capacity obfs4 bridges and obfs4 is more likely to work in more regions than obfs3. Additionally, if we make it the default type, we're signalling to users that it's what they should be using. Also, obfs4 is the default PT type distributed by BridgeDB.https://gitlab.torproject.org/legacy/trac/-/issues/18071Add new obfs4 bridge riemann to Tor Browser2020-06-15T23:45:28ZIsis LovecruftAdd new obfs4 bridge riemann to Tor BrowserThere's a new default obfs4 bridge running on a 100MB/s connection. If possible, we should get it added to TB's default set before 25 January.There's a new default obfs4 bridge running on a 100MB/s connection. If possible, we should get it added to TB's default set before 25 January.https://gitlab.torproject.org/legacy/trac/-/issues/18064Changelog after update is empty on Windows2020-06-15T23:32:20ZMark SmithChangelog after update is empty on WindowsThis is a spinoff from ticket #17917 (there are two different problems). On Windows, the about:tbupdate page will never display the change log. This is due to a path separator bug in the code. Yes, Kathy and I should have tested this on ...This is a spinoff from ticket #17917 (there are two different problems). On Windows, the about:tbupdate page will never display the change log. This is due to a path separator bug in the code. Yes, Kathy and I should have tested this on Windows! Patch coming soon.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/18019Update on non-en-US alpha bundles results in empty dialog being shown2020-06-15T23:32:12ZGeorg KoppenUpdate on non-en-US alpha bundles results in empty dialog being shownIf I update a germen 5.5a5 to 5.5a6 I am greeted with the attached image. There is even no button to cancel this dialog which is pretty confusing. Closing it, though, leads to the changelog being shown.
I guess this dialog pops up in th...If I update a germen 5.5a5 to 5.5a6 I am greeted with the attached image. There is even no button to cancel this dialog which is pretty confusing. Closing it, though, leads to the changelog being shown.
I guess this dialog pops up in the first place because of the do-you-want-to-use-english-for-this-site-question which is supposed to be shown.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/18017Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575)2020-06-15T23:32:12ZGeorg KoppenSwitch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575)Mozilla thinks backporting the fix for CVE-2015-7575 is not important enough and does not do it. I think giving our context we should do it, though. Let's try switching to NSS 3.19.2.2 in the next release (end of January).Mozilla thinks backporting the fix for CVE-2015-7575 is not important enough and does not do it. I think giving our context we should do it, though. Let's try switching to NSS 3.19.2.2 in the next release (end of January).https://gitlab.torproject.org/legacy/trac/-/issues/18008Create a new MAR signing key and bake it into Tor Browser2020-06-15T23:32:10ZGeorg KoppenCreate a new MAR signing key and bake it into Tor BrowserWe want to deprecate the MAR signing key mostly used for signing our MAR files so far and embed a new one instead. This is the begin of a yearly-ish procedure as there is no good way of revoking a MAR signing key.We want to deprecate the MAR signing key mostly used for signing our MAR files so far and embed a new one instead. This is the begin of a yearly-ish procedure as there is no good way of revoking a MAR signing key.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/18004Remove donation banner from TBB about:tor page when campaign is finished2020-06-15T23:32:10ZArthur EdelsteinRemove donation banner from TBB about:tor page when campaign is finishedIn #17565, we introduced a donation banner to TBB's about:tor page. When the fundraising campaign is done, we should remove the banner from torbutton.git.In #17565, we introduced a donation banner to TBB's about:tor page. When the fundraising campaign is done, we should remove the banner from torbutton.git.https://gitlab.torproject.org/legacy/trac/-/issues/17917Changelog after update is empty if JS is disabled2020-06-15T23:31:58ZGeorg KoppenChangelog after update is empty if JS is disabledThere is no changelog shown after the update to 5.5a5-hardened and no link to the changelog on our blog either. I think this happens because it was the first changelog ever in this series. We might want to be a bit more lenient in this c...There is no changelog shown after the update to 5.5a5-hardened and no link to the changelog on our blog either. I think this happens because it was the first changelog ever in this series. We might want to be a bit more lenient in this case to have a future-proof mechanism for displaying the latest changes.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/17661Mac OS: whitelist the font .Helvetica Neue DeskInterface2020-06-15T23:31:35ZMark SmithMac OS: whitelist the font .Helvetica Neue DeskInterfaceIn Mac OS 10.10 (Yosemite), the system font is .Helvetica Neue DeskInterface. But this is not included in font.system.whitelist in TB 5.5a4. Unless doing so will cause fingerprinting concerns, we should add it. I will attach a screenshot...In Mac OS 10.10 (Yosemite), the system font is .Helvetica Neue DeskInterface. But this is not included in font.system.whitelist in TB 5.5a4. Unless doing so will cause fingerprinting concerns, we should add it. I will attach a screenshot that shows that buttons do not look good without it.https://gitlab.torproject.org/legacy/trac/-/issues/17428Remove Flashproxy from Tor Browser2020-06-13T04:53:23ZGeorg KoppenRemove Flashproxy from Tor BrowserWe should remove Flashproxy from Tor Browser as it basically has zero users. dcf and yawning are fine with that (see discussion in #16756 for more details).We should remove Flashproxy from Tor Browser as it basically has zero users. dcf and yawning are fine with that (see discussion in #16756 for more details).Erinn ClarkErinn Clarkhttps://gitlab.torproject.org/legacy/trac/-/issues/16940Implement loading (only) local change notes after a Tor Browser update2020-06-15T23:29:15ZGeorg KoppenImplement loading (only) local change notes after a Tor Browser updateIn #13512 we implemented showing change notes after a Tor Browser update. This is essentially done by loading the blog post on first start after the update. There were some concerns mainly over the reliability of this procedure which led...In #13512 we implemented showing change notes after a Tor Browser update. This is essentially done by loading the blog post on first start after the update. There were some concerns mainly over the reliability of this procedure which led to the idea to implement parts or all of this mechanism using local resources.https://gitlab.torproject.org/legacy/trac/-/issues/16672Text rendering allows font fingerprinting2020-06-16T00:42:42ZArthur EdelsteinText rendering allows font fingerprintingUsing dcf's font fingerprinting demo,
https://www.bamsoftware.com/talks/fc15-fontfp/fontfp.html#demo
gk [ticket:13313#comment:24 observed] that different operating systems render glyphs in the *same* font differently:
> I just tested...Using dcf's font fingerprinting demo,
https://www.bamsoftware.com/talks/fc15-fontfp/fontfp.html#demo
gk [ticket:13313#comment:24 observed] that different operating systems render glyphs in the *same* font differently:
> I just tested that on two 32bit Linux systems (one Ubuntu 12.04 and one Debian testing) and even there are differeces visible with bundled fonts (the diff is attached). I guess this means shipping the alpha with it is fine (it can't get worse wrt to the status quo :) ) but we might want to have an estimation about what the current solution really helps us for the stable series before we ship it there.
So I wonder whether it's possible to force Firefox/Tor Browser to use a cross-platform method for rendering fonts.Arthur EdelsteinArthur Edelsteinhttps://gitlab.torproject.org/legacy/trac/-/issues/16322Use duckduckgo hidden service instead of clearnet one2020-06-15T23:26:39ZcypherpunksUse duckduckgo hidden service instead of clearnet oneUse duckduckgo hidden service (3g2upl4pq6kufc4m.onion) instead clearnet oneUse duckduckgo hidden service (3g2upl4pq6kufc4m.onion) instead clearnet one