Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T17:11:53Zhttps://gitlab.torproject.org/legacy/trac/-/issues/23721Put a banner when detecting old versions of the Tor Browser on the website ad...2020-06-13T17:11:53ZcypherpunksPut a banner when detecting old versions of the Tor Browser on the website advising to updateThis is in the same spirit that Mozilla does, for example: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/
```
Your Firefox is out-of-date.
Get the most recent version to keep browsing securely.
Update Firefox
```This is in the same spirit that Mozilla does, for example: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/
```
Your Firefox is out-of-date.
Get the most recent version to keep browsing securely.
Update Firefox
```website redesignHiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/23716Rename Operation section to Services2020-06-13T18:14:15ZKarsten LoesingRename Operation section to ServicesWhile writing a roadmap for the next 12 months of metrics team work it occurred to us that "Operation" as title might be misunderstood as everything around operating our services. But what we really want to include there are services tha...While writing a roadmap for the next 12 months of metrics team work it occurred to us that "Operation" as title might be misunderstood as everything around operating our services. But what we really want to include there are services that we provide that are related to operating the Tor network. It seemed like "Services" might be a better word here, because what we provide there are services.
However, I wonder if "Services" would still fit into the other categories then. We do provide services, but we don't provide development or research but instead information about development and information about research. Ideally, we'd find consistent names for these five or six (including About) categories.
Another concern that just came to mind: if we rename the category, we'll have to rename the web page from `/operation.html` to `/services.html` and install redirects. Not impossible, but we should be sure that we want to do it and not undo it shortly after.
iwakeh and irl, what do you think, should we rename it? And what do you think about the concerns above? Should we also ask the UX people? Or should we simply keep this unchanged for the moment?https://gitlab.torproject.org/legacy/trac/-/issues/23669Deploy survey microsite to tpo infrastructure2020-06-13T16:53:37ZHiroDeploy survey microsite to tpo infrastructureI'd like to deploy the survey microsite on tpo infrastructure or eventually get a tpo subdomain and deploy it from greenhost.
If we prefer to deploy it on tpo, we would have to consider that it is a rails app. I'd need postgres and li...I'd like to deploy the survey microsite on tpo infrastructure or eventually get a tpo subdomain and deploy it from greenhost.
If we prefer to deploy it on tpo, we would have to consider that it is a rails app. I'd need postgres and like to be able to install gem at user level. If possible I'd prefer to instal a local (user) version of ruby w/ rbenv.
Please let me know what we prefer regarding this and how I can help.https://gitlab.torproject.org/legacy/trac/-/issues/23668New git repository in Infrastructure and Administration /project for survey m...2020-06-13T16:53:37ZHiroNew git repository in Infrastructure and Administration /project for survey micrositeCan I get a tor git repository to host the code for the survey microsite?Can I get a tor git repository to host the code for the survey microsite?https://gitlab.torproject.org/legacy/trac/-/issues/23649Adapt the design of the Tor Launcher, Torbutton, ...etc and even the about:to...2020-06-15T23:47:40ZcypherpunksAdapt the design of the Tor Launcher, Torbutton, ...etc and even the about:tor page to the new Firefox Photon UXPhoton UX guidelines are available here http://design.firefox.com/photon/ e.g.
* colors: http://design.firefox.com/photon/visual/color.html
* fonts: http://design.firefox.com/photon/visual/typography.html
...etcPhoton UX guidelines are available here http://design.firefox.com/photon/ e.g.
* colors: http://design.firefox.com/photon/visual/color.html
* fonts: http://design.firefox.com/photon/visual/typography.html
...etchttps://gitlab.torproject.org/legacy/trac/-/issues/23554Build noscript-style toggle for svg disable?2020-06-15T23:47:29ZRoger DingledineBuild noscript-style toggle for svg disable?Right now things like javascript and other security-related options can be toggled per-tab via the noscript interface, but our svg block (when the security slider is set to high) has no such per-tab toggle.
Especially now that youtube h...Right now things like javascript and other security-related options can be toggled per-tab via the noscript interface, but our svg block (when the security slider is set to high) has no such per-tab toggle.
Especially now that youtube has decided that svg is the way of the future, we should figure out a more usable way for people to retain most of their security while still loading youtube if they want.
Options that come to mind:
A) Build our own per-tab toggle interface for the svg blocker.
B) Ask noscript to learn how to block svg, and then use its existing per-tab toggle interface to let you configure your svg hopes.
C) Finish thinking about the "per-tab security slider settings" idea, and decide to move forward with it.
(Idea came from discussions with Nima and Nicolas.)https://gitlab.torproject.org/legacy/trac/-/issues/23547Delete flexible space around address bar for FF60 esr2020-06-15T23:47:28ZcypherpunksDelete flexible space around address bar for FF60 esrBy default FF57 has flexible space around the address bar (and I assume this will be the case with FF59 esr too).
Onion addresses will be 52 characters long at that time, the window is also only 1000px width long, and so it may be bette...By default FF57 has flexible space around the address bar (and I assume this will be the case with FF59 esr too).
Onion addresses will be 52 characters long at that time, the window is also only 1000px width long, and so it may be better to delete that flexible space.
Tagging `ux-team` for their opinion :)https://gitlab.torproject.org/legacy/trac/-/issues/23545UX improvement: Tor Browser should handle bogus HSv3 addresses2020-06-16T01:10:51ZGeorge KadianakisUX improvement: Tor Browser should handle bogus HSv3 addressesHS v3 addresses are big but also contain a checksum. This means that Tor Browser could catch mistyped addresses and warn the user.
With current master and current Tor browser, if you mistype an hsv3 address you go to the _Unable to conn...HS v3 addresses are big but also contain a checksum. This means that Tor Browser could catch mistyped addresses and warn the user.
With current master and current Tor browser, if you mistype an hsv3 address you go to the _Unable to connect_ page:
```
Unable to connect
Firefox can’t establish a connection to the server at 4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqeflock.onion.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Tor Browser is permitted to access the Web.
```
In the logs you can see a parsing error:
```
[warn] Invalid onion hostname [scrubbed]; rejecting
```
which is a bit generic.
I wonder what's the best way to offer better UX here. How should the user be warned?
Also how should we implement this? Should the Browser do the checksum check itself? Or should Tor do the checksum check and inform Tor Browser somehow?
How to do this best?Tor: unspecifiedKathleen BradeKathleen Bradehttps://gitlab.torproject.org/legacy/trac/-/issues/23489Enhance about:tor design2020-06-15T23:47:24ZcypherpunksEnhance about:tor designI think the UX team should consider ways to enhance the `about:tor` page design, preferably using the same design ideas for the upcoming torproject.org design refresh. It should also respect if possible Photon (Firefox' new upcoming UI) ...I think the UX team should consider ways to enhance the `about:tor` page design, preferably using the same design ideas for the upcoming torproject.org design refresh. It should also respect if possible Photon (Firefox' new upcoming UI) design guidelines: http://design.firefox.com/photon/
I'm putting the `ff59-esr` keyword since such change will at best be for the next ESR release, and since `ff59-esr` should also offer a new design as mentioned above, so it's also the perfect occasion to refresh the `about:tor` design.https://gitlab.torproject.org/legacy/trac/-/issues/23486nice icons for the progress bar2020-06-13T17:43:47ZIsabela Fernandesnice icons for the progress barTicket asking if Antonela could make beautiful icons for us to use at the progress bar, representing different steps of configuration to connect to Tor network.
Attached is a screenshot of the current ones we have in the mock for refere...Ticket asking if Antonela could make beautiful icons for us to use at the progress bar, representing different steps of configuration to connect to Tor network.
Attached is a screenshot of the current ones we have in the mock for reference.Kathleen BradeKathleen Bradehttps://gitlab.torproject.org/legacy/trac/-/issues/23437newsletter archive, subscribe and unsubscribed pages2020-06-13T17:25:13ZIsabela Fernandesnewsletter archive, subscribe and unsubscribed pagesComms team is working on a newsletter for Tor Project. This ticket is not about the mailing part of it, but about the pages people will see if they:
1. Want to subscribe to the newsletter.
1. Unsubscribe action is successful - page yo...Comms team is working on a newsletter for Tor Project. This ticket is not about the mailing part of it, but about the pages people will see if they:
1. Want to subscribe to the newsletter.
1. Unsubscribe action is successful - page you see when you click on the link to unsubscribe.
1. Newsletters permanent page
1. Archive of previous newsletters
Example of a newsletter permanent page:[http://37.218.240.202/archive/2017-09-01-first-newsletter](http://37.218.240.202/archive/2017-09-01-first-newsletter)This is useful for us to have people referring to our newsletter on social media, blogs, articles.Attached is a mock done by Steph which we would like UX team to review:Archive will be just a table with one column for newsletter title and one column for the date it was sent/published.Here is an example of the archive (is not using the design from Steph's mock yet):http://37.218.240.202/archiveHiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/23411Creating a live style guide2020-06-13T17:25:11ZHiroCreating a live style guideHi,
It would be nice to start a live style guide in html/css. Since we have started to use bootstrap in a few projects now (metrics.tpo, blog.tpo), maybe the style guide could be based on bootstrap.
The idea is to create something l...Hi,
It would be nice to start a live style guide in html/css. Since we have started to use bootstrap in a few projects now (metrics.tpo, blog.tpo), maybe the style guide could be based on bootstrap.
The idea is to create something like:
- http://codeforamerica.clearleft.com/
or:
- https://duckduckgo.com/styleguide
I would be happy to create the html/css live page if the ux team could provide me with the styles and components to implement.https://gitlab.torproject.org/legacy/trac/-/issues/23383Apply Tor style guide to redesigned Tor Metrics website2020-06-13T18:14:11ZKarsten LoesingApply Tor style guide to redesigned Tor Metrics websiteLet's try to apply the Tor style guide even more to the redesigned [Tor Metrics website](https://metrics.torproject.org/). We already applied parts of it by using the colors and fonts suggested there. But we're still using our old logo r...Let's try to apply the Tor style guide even more to the redesigned [Tor Metrics website](https://metrics.torproject.org/). We already applied parts of it by using the colors and fonts suggested there. But we're still using our old logo rather than the redesigned onion and sub-brand qualifier.
Two questions to the designers and/or UX people:
- How would we make the purple logo work with the purple banner? I fear that the inverted purple logo looks a lot less official on the main Tor Metrics website, but I'm also afraid that giving up on our purple banner requires a bigger redesign than we can do without a web designer. What do you think?
- Where would we obtain the original image file of the redesigned logo? I'd rather avoid grabbing it from the PDF file if there's a PNG file or similar available.
- Do you have a web designer available in your team to make this hopefully minimal change? If not, and if it's more than we can do, we could probably ask the web designer who did the redesign last year, but that might require a bit of paperwork that I'd like to avoid, if possible.
Thanks in advance!https://gitlab.torproject.org/legacy/trac/-/issues/23376Build survey form for Onion Browser branding research2020-06-13T17:25:10ZIsabela FernandesBuild survey form for Onion Browser branding researchThe UX team is helping the Onion Browser team with user research, we will be performing a survey around the branding of the app at Apple app store.
This is a problem when users comes to the app store (which contains 20 different apps th...The UX team is helping the Onion Browser team with user research, we will be performing a survey around the branding of the app at Apple app store.
This is a problem when users comes to the app store (which contains 20 different apps that 'connects to Tor') and often are confuse and don't know which one Tor Project recommends (Onion Browser).
Surveys will be something that the UX team will probably do more often and because we want to be very careful with people's data when giving us information, we would like to host our own form instead of using a 3rd party solution out there.
However, this ticket will only talk about requirements for Onion Browser branding survey, not for a long term solution to scale the production and hosting of surveys :) but we would like to point out that this is not a 'one time ask'.
The survey mocks are available here: https://marvelapp.com/4h97d4g/
general tech requirements:
1. Should be hosted by tor
1. Should have a .onion option
1. Should preserve user privacy (no ips logs etc)
1. Should have an admin interface to browse answers
1. Answers should include which set was shown on first question (see below) and if user filled up a form from a .onion address or tpo address
1. Admin interface should have an option to download answers as .csv
Greeting and Thank You screens are pretty straight forward so we won't be talking about those here at this ticket.
Requirements for first survey 1st screen: https://marvelapp.com/4h97d4g/screen/31825745
1. progress bar at the top with first 1/3 complete
1. First question allows only 1 selection
1. First question choices presentation:
1. We will present a set of 5 choices - where one will always be onion browser - to each user answering the survey
1. (pending) Full list of apps to be presented to user
1. (pending) logic for it so we are not bias (how to guarantee one isn't shown more often than the others etc)
1. Each choice thumbnail should have a link to their respective Apple app store page (should we do it like that or should we just have the page screenshot be presented in a larger format, like if you click on the thumbnail image you see the bigger version of it)
1. (pending decision) Text box word count limitation or some limitation for input?
1. Missing from the mock that should be included - after second question we should have a 'next' button so folks can move to the next screen :)
Requirements for the end survey screen: https://marvelapp.com/4h97d4g/screen/31825746 1. Progress bar at the top now shows 2/3 completion
1. Only one answer allowed on first question
1. (pending decision) Text box word count limitation or some limitation for input?
1. Missing from the mock that should be included - after second question we should have a 'next' button so folks can move to the next screen :)
Requirements for 3rd survey screen: https://marvelapp.com/4h97d4g/screen/31825747
1. Progress bar at the top now shows 3/3 completion
1. Country list for drop-down menu could be standard ones (I believe you can easily get it from a l10n library or something)
1. Second question should allow only one answer
1. Submit button should save answers and take user to the 'thank you' screenHiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/23267Cross-platform brand and features consistency: make Android and iOS browsers ...2020-06-15T23:46:55ZLinda LeeCross-platform brand and features consistency: make Android and iOS browsers as good as TBB= Background =
Currently, when users go to the app store, they get a bunch of apps that are impersonating Tor. Here are [some examples](https://docs.google.com/presentation/d/1WoQyQPSqFWDQ2zHZsCajy6Nb8oVC9EPl7M0aFNtg7OI/edit?usp=sharin...= Background =
Currently, when users go to the app store, they get a bunch of apps that are impersonating Tor. Here are [some examples](https://docs.google.com/presentation/d/1WoQyQPSqFWDQ2zHZsCajy6Nb8oVC9EPl7M0aFNtg7OI/edit?usp=sharing). Choosing the right mobile browser endorsed by Tor is difficult, when the "official" browsers (tor on mobile for Android, and onionbrowser for iOS, both use different icons, are developed by people who are not Tor, and have different names).
Even if people manage to download the correct browser, the users don't get all of the security guarantees that the desktop browser provides, and the mobile application has a subset of the features that the desktop browser has. We should make sure that the security guarantees and functionalities are as equivalent as possible.
= Vision =
All the browsers that we endorse across platforms are called Tor Browser, use the same icons, are developed by us, have the same(ish) security guarentees, have the same(ish) set of features, deploy/update at the same time. That way, users aren't confused, and we get more mobile users!
# Scope
This project is more of an ongoing, multi-year effort to pour a lot of effort into mobile. Anything from improving brand consistency, adding features to mobile, and helping test the mobile apps count.https://gitlab.torproject.org/legacy/trac/-/issues/23266Carryover Tasks2020-06-13T17:25:07ZLinda LeeCarryover TasksThis page keeps track of things we need to fix in the old torproject.org that we'll still need to fix when we make a new version of torproject.org.This page keeps track of things we need to fix in the old torproject.org that we'll still need to fix when we make a new version of torproject.org.website redesignhttps://gitlab.torproject.org/legacy/trac/-/issues/23262implement integrated progress bar for new Tor Launcher UI2020-06-13T17:43:46ZMark Smithimplement integrated progress bar for new Tor Launcher UIThis ticket tracks implementation of integrated progress bar for the new Tor Launcher configuration UI, as found here: https://marvelapp.com/3f6102d/
The work to implement the new configuration UI is tracked in #23261.This ticket tracks implementation of integrated progress bar for the new Tor Launcher configuration UI, as found here: https://marvelapp.com/3f6102d/
The work to implement the new configuration UI is tracked in #23261.Kathleen BradeKathleen Bradehttps://gitlab.torproject.org/legacy/trac/-/issues/23261implement configuration portion of new Tor Launcher UI2020-06-13T17:43:45ZMark Smithimplement configuration portion of new Tor Launcher UIThis ticket tracks implementation of the configuration portion of the new Tor Launcher configuration UI, as found here: https://marvelapp.com/3f6102d/
The integrated progress bar is covered by #23262.This ticket tracks implementation of the configuration portion of the new Tor Launcher configuration UI, as found here: https://marvelapp.com/3f6102d/
The integrated progress bar is covered by #23262.Kathleen BradeKathleen Bradehttps://gitlab.torproject.org/legacy/trac/-/issues/23247Communicating security expectations for .onion: what to say about different p...2020-06-16T01:13:17ZIsabela FernandesCommunicating security expectations for .onion: what to say about different padlock states for .onion services= Background =
Firefox (and other browsers) have created a set of states a site can have in relationship with ssl certificates, and how to communicate that to the user.
Currently, Tor Browser doesn't communicate ideally to users that ...= Background =
Firefox (and other browsers) have created a set of states a site can have in relationship with ssl certificates, and how to communicate that to the user.
Currently, Tor Browser doesn't communicate ideally to users that visit onion sites--i.e. http + onion looks really scary with lots of warnings! This is something that was discussed under #21321. We then realized that we should look at all the different state + .onion combinations, and carefully communicate what these mean to the user.
= Objective =
The work on this ticket is to map all the current states Firefox has for ssl certificates on the padlock, and from there start to build a new way to communicate these states when they are related to a .onion sites. We started mapping them here:
https://docs.google.com/document/d/1KHkj2DpmFMB0mjHEfehD5ztY2L0lQzKNtZqct1TXbmg/edit
Is still pending the most difficult part of the work, which is to define what to do for .onion sites on those states.
# Final Version
https://docs.google.com/document/d/1bPrNLIl7Qy-sA7aTfElu80Xk2eXzTfH_5BGTOUDK8XU/editrichardrichardhttps://gitlab.torproject.org/legacy/trac/-/issues/23226GetTor help message could be more helpful2020-06-21T18:05:38ZTaylor YuGetTor help message could be more helpfulThe GetTor email help message says
```
This is how you can request a tor browser bundle link.
Send an email to: gettor@torproject.org
In the body of the email only write: <operating system> <language>.
We only support windows, osx and...The GetTor email help message says
```
This is how you can request a tor browser bundle link.
Send an email to: gettor@torproject.org
In the body of the email only write: <operating system> <language>.
We only support windows, osx and linux as operating systems.
```
Some things we can add:
- instructions on how to verify the signature
- instructions on how to get bridges?Cecylia BocovichCecylia Bocovich