Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:06:09Zhttps://gitlab.torproject.org/legacy/trac/-/issues/31351localization orfoxRIP2020-06-16T01:06:09Zemmapeellocalization orfoxRIPthe sunsetting app needs to be localized. the file to localize seems to be
https://github.com/guardianproject/Orfox/blob/final-migrate-app/app/src/main/res/values/strings.xml
translations are available at https://gitweb.torproject.org...the sunsetting app needs to be localized. the file to localize seems to be
https://github.com/guardianproject/Orfox/blob/final-migrate-app/app/src/main/res/values/strings.xml
translations are available at https://gitweb.torproject.org/translation.git/tree/?h=orfox-stringsxml_completedemmapeelemmapeelhttps://gitlab.torproject.org/legacy/trac/-/issues/31286Include bridge configuration into about:preferences2020-06-24T11:26:19ZGeorg KoppenInclude bridge configuration into about:preferencesTorbutton as a standalone extension is going away (#10760) and while doing so we restructure our toolbar making it more usable by exposing New Identity directly on it (#27511). However, we need to find a new home for the bridge configura...Torbutton as a standalone extension is going away (#10760) and while doing so we restructure our toolbar making it more usable by exposing New Identity directly on it (#27511). However, we need to find a new home for the bridge configuration as well if we want to remove the onion button from the toolbar. The current plan is to move it to `about:preferences` as a general setting. This ticket tracks that work.richardrichardhttps://gitlab.torproject.org/legacy/trac/-/issues/31269Objective O3: Improve Tor Browser experience for human rights defenders under...2021-07-09T14:26:05ZGabagaba@torproject.orgObjective O3: Improve Tor Browser experience for human rights defenders under censorship.All the activities related to objective 3.All the activities related to objective 3.Antonelaantonela@torproject.orgAntonelaantonela@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/31109Better gamify the UX for snowflake extension2020-06-13T18:20:34ZCecylia BocovichBetter gamify the UX for snowflake extensionHow do we make sure that users don't uninstall the extension if it seems like it isn't being used?
Sometimes usage is low due to bugs but other times it could be due to very few clients using the system. Is there a way to reassure peopl...How do we make sure that users don't uninstall the extension if it seems like it isn't being used?
Sometimes usage is low due to bugs but other times it could be due to very few clients using the system. Is there a way to reassure people that the extension is still working or will be useful in the future?
Related comments:
- https://trac.torproject.org/projects/tor/ticket/31100#comment:6https://gitlab.torproject.org/legacy/trac/-/issues/30994Provide advanced configuration UI2020-06-16T01:05:16ZMatthew FinkelProvide advanced configuration UILet's collect all of the relevant Android tickets here. This isn't specifically about feature parity with desktop, but maybe we will decide some of these advanced features should not be provided on any platforms.Let's collect all of the relevant Android tickets here. This isn't specifically about feature parity with desktop, but maybe we will decide some of these advanced features should not be provided on any platforms.https://gitlab.torproject.org/legacy/trac/-/issues/30941Need better instructions for requesting bridges via email2020-06-13T18:29:35ZPili GuerraNeed better instructions for requesting bridges via emailFor bridges obtained via email by emailing bridges@ it's not clear how/where to request bridges via email.
E.g the bridges.tpo website simply says to email bridges@ to get bridges
Emailing that address gives you a number of commands bu...For bridges obtained via email by emailing bridges@ it's not clear how/where to request bridges via email.
E.g the bridges.tpo website simply says to email bridges@ to get bridges
Emailing that address gives you a number of commands but doesn't specify where to send the commands (email subject, body...) I tried both and wasn't able to get it to work.
It also specifies that you can combine commands but it doesn't give any examples or indication of how to do so.
This was raised by a user and I also couldn't figure it out after trying for about 5 minutes :/Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/30939Use Firefox's Tracking Protection as a means for performance improvements2020-06-16T01:10:52ZGeorg KoppenUse Firefox's Tracking Protection as a means for performance improvementsWhen improving browser performance one of the low-hanging fruits we could think about is using at least some of the Enhanced Tracking Protection (ETP) feature for that purpose. This ticket is the parent ticket to track all the involved w...When improving browser performance one of the low-hanging fruits we could think about is using at least some of the Enhanced Tracking Protection (ETP) feature for that purpose. This ticket is the parent ticket to track all the involved work.
There are a number of questions involved that we need to discuss and decide how to proceed (and probably more than I came up with below):
a) Do we want to use the same message and UI of ETP as it is shipped right now in Firefox?
b) Do we want to enable the same lists as Mozilla is doing in the respective browsing modes?
c) Do we want to use the same list retrieval mechanism as Mozilla (using the safebrowsing protocol)?
d) Do we want to host the tracking protection lists ourselves?
e) Does the work in this ticket (and child tickets) is our answer to "ship an ad blocker" in Tor Browser? Or do we feel the need to still ship another blocking tool on top of ETP?https://gitlab.torproject.org/legacy/trac/-/issues/30915make sure new banner is localized2020-06-13T17:33:35Zemmapeelmake sure new banner is localizedi should prepare the localization, i can add the strings to other file in transifex, so it gets translated in more languages while we develop the banner,
it would be nice to know in which file this new translations are going to appear....i should prepare the localization, i can add the strings to other file in transifex, so it gets translated in more languages while we develop the banner,
it would be nice to know in which file this new translations are going to appear. last time the banner strings appeared *cough* 'organically' because they were added to some of the files we follow from transifex already.emmapeelemmapeelhttps://gitlab.torproject.org/legacy/trac/-/issues/30854Android: Downloads are confusing2020-06-16T01:05:04ZMatthew FinkelAndroid: Downloads are confusingDownloading files in Tor Browser on Android is sometimes confusing and not safe. There are two separate but related issues.
Problems:
1. Downloads are saved in the shared storage. See #26574 for more information about this and download...Downloading files in Tor Browser on Android is sometimes confusing and not safe. There are two separate but related issues.
Problems:
1. Downloads are saved in the shared storage. See #26574 for more information about this and downloading files into the app's internal storage.
2. When the app is restarted after downloading a file, the file is not listed in Tor Browser's Downloads list anymore. This is very confusing, especially because the file is still saved in the shared storage. I suspect this is because private browsing mode doesn't save state (including recent downloads).https://gitlab.torproject.org/legacy/trac/-/issues/30783End of Year Fundraising Campaign - about:tor2020-06-16T01:04:47ZPili GuerraEnd of Year Fundraising Campaign - about:torLet's update about:tor in Tor Browser 9.0 stable for the End of Year Campaign.
There will (potentially) be 2 rounds of updates:
- First round will happen around 2019-11-04 (9.0.1 release)
- Second round will happen around 2019-12-03 (...Let's update about:tor in Tor Browser 9.0 stable for the End of Year Campaign.
There will (potentially) be 2 rounds of updates:
- First round will happen around 2019-11-04 (9.0.1 release)
- Second round will happen around 2019-12-03 (9.0.2 first security release)https://gitlab.torproject.org/legacy/trac/-/issues/30756Android: Begin bootstrapping immediately after success2020-06-16T01:04:43ZMatthew FinkelAndroid: Begin bootstrapping immediately after successAfter Tor Browser successfully bootstraps once Tor-Launcher does not prompt the user to "connect" or "configure" the next time (or subsequent times, until there is a bootstrap failure). Android should provide a similar experience.
There...After Tor Browser successfully bootstraps once Tor-Launcher does not prompt the user to "connect" or "configure" the next time (or subsequent times, until there is a bootstrap failure). Android should provide a similar experience.
There is significantly more risk involved here, however, because (I assume) we are much more likely to "roam" onto a hostile network using a mobile device than when using a desktop or laptop.
Maybe we should make this opt-in as a config option in network settings?
I'm also a little worried about the conflict between safe-by-default and easy-to-use-by-default. Will a Firefox Focus user install Tor Browser and then configure it to automatically connect?https://gitlab.torproject.org/legacy/trac/-/issues/30664Tor Browser for Android icon scaling on device2020-06-16T01:04:29ZAadi BajpaiTor Browser for Android icon scaling on deviceThe icon has a semicircle object on the left that has a shadow behind it.
This is how it is supposed to look.
![https://i.imgur.com/vyPmRin.png](https://i.imgur.com/vyPmRin.png)
However on phones, the app icon is viewed in low resoluti...The icon has a semicircle object on the left that has a shadow behind it.
This is how it is supposed to look.
![https://i.imgur.com/vyPmRin.png](https://i.imgur.com/vyPmRin.png)
However on phones, the app icon is viewed in low resolutions, so the shadow looks like just a line and it's weird.
A fix would be to stretch the semicircle to encompass the whole left part so it looks like a globe (since it's a browser) with the oniony layers exposed inside it on the right. (I think is what's intended)
Here's what I mean.
![https://i.imgur.com/oJNFlJ2.png](https://i.imgur.com/oJNFlJ2.png)https://gitlab.torproject.org/legacy/trac/-/issues/30631Blurry Tor Browser icon on macOS app switcher2020-06-16T01:04:24ZTracBlurry Tor Browser icon on macOS app switcherHello,
Tor Browser's icon is blurred (not enough resolution) in macOS app switcher (⌘+Tab). I think it's most noticeable on Retina displays.
**Trac**:
**Username**: vjurHello,
Tor Browser's icon is blurred (not enough resolution) in macOS app switcher (⌘+Tab). I think it's most noticeable on Retina displays.
**Trac**:
**Username**: vjurrichardrichardhttps://gitlab.torproject.org/legacy/trac/-/issues/30599Cloudflare alt-svc onions cause a different exit to be used at each request2020-06-16T01:04:17ZcypherpunksCloudflare alt-svc onions cause a different exit to be used at each requestFor some websites, such as zerobin.net which use Cloudflare's new onions, each request might cause a different exit to be used. This is bad both from a load perspective as well as a fingerprinting perspective.
Steps to reproduce: Go to ...For some websites, such as zerobin.net which use Cloudflare's new onions, each request might cause a different exit to be used. This is bad both from a load perspective as well as a fingerprinting perspective.
Steps to reproduce: Go to zerobin.net and create a new paste with "allow discussion" enabled. Post several comments and observe that the visual hash of the IP often changes with each comment. Check the circuit display to verify.https://gitlab.torproject.org/legacy/trac/-/issues/30577Add Fundraising Banner with next TBB security update2020-06-16T01:04:14ZPili GuerraAdd Fundraising Banner with next TBB security updateLet's plan to add a fundraising banner with the next TBB security update (TBB 8.5.3) which should happen around 2019-07-09.
The banner should come off on the following TBB security update, which should happen around 2019-09-03.Let's plan to add a fundraising banner with the next TBB security update (TBB 8.5.3) which should happen around 2019-07-09.
The banner should come off on the following TBB security update, which should happen around 2019-09-03.https://gitlab.torproject.org/legacy/trac/-/issues/30570Implement per-site security settings support2020-06-16T01:04:10ZGeorg KoppenImplement per-site security settings supportThe native (without messing with the NoScript menu) per-site security settings support mentioned in proposal 101 (https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/101-security-controls-redesign.txt) is still missing. Thi...The native (without messing with the NoScript menu) per-site security settings support mentioned in proposal 101 (https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/101-security-controls-redesign.txt) is still missing. This ticket is for implementing it.richardrichardhttps://gitlab.torproject.org/legacy/trac/-/issues/30540Give TBA alpha users a link to stable2020-06-16T01:03:56ZMatthew FinkelGive TBA alpha users a link to stableGeKo mentioned we should tell current Tor Browser alpha users on Android there is now a stable version they can use. This seems wise.
Should we add this into the onboarding panels or should this be included on `about:tor`? It seems we s...GeKo mentioned we should tell current Tor Browser alpha users on Android there is now a stable version they can use. This seems wise.
Should we add this into the onboarding panels or should this be included on `about:tor`? It seems we should use the same download links here as discussed on #29955.https://gitlab.torproject.org/legacy/trac/-/issues/30497Add Donate link in about:tor2020-06-16T01:03:48ZAntonelaantonela@torproject.orgAdd Donate link in about:torThe Fundraising Team suggested to include a Donate link in `about:tor`.
This ticket aims to track also its implementation.The Fundraising Team suggested to include a Donate link in `about:tor`.
This ticket aims to track also its implementation.https://gitlab.torproject.org/legacy/trac/-/issues/30473update Tor Browser proposal 102 to account for Tails team feedback2020-06-13T17:44:19ZMark Smithupdate Tor Browser proposal 102 to account for Tails team feedbackWe need to update proposal 102 "Integration of Tor Launcher into Tor Browser Core" to account for feedback we received from the Tails team (intrigeri). See the discussion here:
https://lists.torproject.org/pipermail/tbb-dev/2019-February...We need to update proposal 102 "Integration of Tor Launcher into Tor Browser Core" to account for feedback we received from the Tails team (intrigeri). See the discussion here:
https://lists.torproject.org/pipermail/tbb-dev/2019-February/000962.html
https://lists.torproject.org/pipermail/tbb-dev/2019-February/000963.html
https://lists.torproject.org/pipermail/tbb-dev/2019-February/000964.htmlKathleen BradeKathleen Bradehttps://gitlab.torproject.org/legacy/trac/-/issues/30413Notification Bar to warn about xpinstall.signatures.required set to false2020-06-16T01:03:19ZTracNotification Bar to warn about xpinstall.signatures.required set to falsePlease warn with a notification bar if xpinstall.signatures.required is set to false.
This setting was recommended by the blog for users affected by #30388 . Such users are somewhat likely to forget to toggle it back to true, which co...Please warn with a notification bar if xpinstall.signatures.required is set to false.
This setting was recommended by the blog for users affected by #30388 . Such users are somewhat likely to forget to toggle it back to true, which could be a potential attack vector.
Quoted from comment 43 there:
> > Since the blog asked people to "Please remember to" re-enable security, and that's the kind of thing which is the bane of security when it comes to ordinary users, can a subsequent release please force this back to 'false' and alert the user if the flip is made?
> >
> > It's better to have people need to toggle it again than to leave people unintentionally unguarded. I realize both options are sub-optimal, but "fail safe" is better than "fail dangerous". Without such a change, it's very likely that some users will go on forever set to not validate addons - the typical user pattern is "fix it and forget it".
> >
> >
> >
> Replying to flowerpt:
>
> I don't think we can do that as our decisions don't overwrite user prefs. We could think about showing a notification bar, though, reminding the users of that problem and allow them to flip the pref back easily that way.
**Trac**:
**Username**: flowerpt