Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:27:00Zhttps://gitlab.torproject.org/legacy/trac/-/issues/33070Update website traffic fingerprinting section in tor browser design doc2020-06-16T01:27:00ZGeorg KoppenUpdate website traffic fingerprinting section in tor browser design docThe website traffic fingerprinting section needs to get updated as there have been a bunch of more or less recent developments that are not accounted for in it. In particular our [recent blog post](https://blog.torproject.org/new-low-cos...The website traffic fingerprinting section needs to get updated as there have been a bunch of more or less recent developments that are not accounted for in it. In particular our [recent blog post](https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations) about low cost attacks in this space could be a good starting point for getting the update going.https://gitlab.torproject.org/legacy/trac/-/issues/32715Document our downloads.json file2020-06-16T01:26:59ZGeorg KoppenDocument our downloads.json fileWe have https://aus1.torproject.org/torbrowser/update_3/release/downloads.json (and a similar URL for alpha (s/release/alpha)) for users/devs that want to keep a reliable way for grabbing the latest updates or pull the latest version inf...We have https://aus1.torproject.org/torbrowser/update_3/release/downloads.json (and a similar URL for alpha (s/release/alpha)) for users/devs that want to keep a reliable way for grabbing the latest updates or pull the latest version information so that they can see when new updates are available.
The JSON file got specifically created to be easily parsable in #16651. This seems to work pretty well from all we know but we never documented that feature nor specified it.
We think this should finally be mentioned on our dev portal and we should write kind of a retroactive proposal and put it into our proposal folder in `tor-browser-spec` so that we have something official we can link to.https://gitlab.torproject.org/legacy/trac/-/issues/25197Design document isn't precise about "Security" and "Privacy".2020-06-16T01:26:58ZArthur EdelsteinDesign document isn't precise about "Security" and "Privacy".In Tor Browser, we have a "Security" Slider and various "Privacy" features. But these words are not so easily distinguished. Maybe we could think of a better words?
In any case, we should defined the two concepts very clearly in the Des...In Tor Browser, we have a "Security" Slider and various "Privacy" features. But these words are not so easily distinguished. Maybe we could think of a better words?
In any case, we should defined the two concepts very clearly in the Design document, and we should make sure we don't mix them up. For example, section 2.1 is entitled "Security Requirements" but goes on to list what I would consider privacy properties and does not include the sort of security intended to be provided by the Slider.https://gitlab.torproject.org/legacy/trac/-/issues/25030Update release process document for Tor Browser 8.02020-06-16T00:43:38ZGeorg KoppenUpdate release process document for Tor Browser 8.0With Tor Browser 7.5 we switched to a reproducible build system based on `rbm`/`tor-browser-build`. We should update our release process document taking this change into account. Additionally, we should add all the things that got fixed ...With Tor Browser 7.5 we switched to a reproducible build system based on `rbm`/`tor-browser-build`. We should update our release process document taking this change into account. Additionally, we should add all the things that got fixed in Tor Browser 8.0https://gitlab.torproject.org/legacy/trac/-/issues/25021Update Tor Browser spec for 9.02020-06-16T01:26:57ZGeorg KoppenUpdate Tor Browser spec for 9.0Tor Browser 7.5 is out. We should update our design document to cover all the new issues that are showing up in it. Highlights are
1) Switch to rbm/tor-browser-build
2) The security slider copy update
...
Additionally, we should fold i...Tor Browser 7.5 is out. We should update our design document to cover all the new issues that are showing up in it. Highlights are
1) Switch to rbm/tor-browser-build
2) The security slider copy update
...
Additionally, we should fold in all the 8.0, 8.5, and 9.0 changes.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/21922Add our reasoning for dealing with the XPI signing to our design document2020-06-16T01:26:55ZGeorg KoppenAdd our reasoning for dealing with the XPI signing to our design documentWe missed to explain how we deal with the code-signing requirement for our own extensions. We should have that in our design document I think.We missed to explain how we deal with the code-signing requirement for our own extensions. We should have that in our design document I think.https://gitlab.torproject.org/legacy/trac/-/issues/21566Document Tor Browser hardening in the Tor Browser design document2020-06-16T01:26:55ZGeorg KoppenDocument Tor Browser hardening in the Tor Browser design documentWe compile Tor Browser with different hardening flags for different platforms we should document that in our design document.We compile Tor Browser with different hardening flags for different platforms we should document that in our design document.https://gitlab.torproject.org/legacy/trac/-/issues/21256Update tor browser spec for Tor Browser 7.02020-06-15T23:40:32ZArthur EdelsteinUpdate tor browser spec for Tor Browser 7.0We're doing more first party isolation in esr52, thanks to the hard work of our Mozilla friends. Let's update our design and implementation document to reflect the changes.We're doing more first party isolation in esr52, thanks to the hard work of our Mozilla friends. Let's update our design and implementation document to reflect the changes.https://gitlab.torproject.org/legacy/trac/-/issues/18820Integrate code signing into the release process2020-06-16T01:26:54ZGeorg KoppenIntegrate code signing into the release processWe should integrate the OS X code signing as good as we can into our release process. We have the following pieces at the moment
1) We create a .dmg file as the result of our build process
2) We have a signing machine where these files ...We should integrate the OS X code signing as good as we can into our release process. We have the following pieces at the moment
1) We create a .dmg file as the result of our build process
2) We have a signing machine where these files need to get transferred to
3) We need to sign the TorBrowser.app inside the .dmg file
4) We need to ship the .dmg file with the signed app
Taking these into account it seems quite cumbersome to automate this even a bit. But maybe there is something I am missing.
This ticket is not about signing/removing the signature in a reproducible fashion. Getting this going is very likely a separate fun task.https://gitlab.torproject.org/legacy/trac/-/issues/15988Update Tor Browser design documentation for 6.52020-06-16T01:28:04ZGeorg KoppenUpdate Tor Browser design documentation for 6.5We considerably changed Tor Browser behavior when moving from FQDN isolation to binding identifiers and circuits to the base domain. We should update the design document and include a motivation for this move.We considerably changed Tor Browser behavior when moving from FQDN isolation to binding identifiers and circuits to the base domain. We should update the design document and include a motivation for this move.Georg KoppenGeorg Koppen