Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:03:17Zhttps://gitlab.torproject.org/legacy/trac/-/issues/30403Add bug reporting to Help Menu2020-06-16T01:03:17ZTracAdd bug reporting to Help MenuPlease add new position to Help menu: "File a bug", which simplify reporting of bugs.
The new position should open tab: http://ea5faa5po25cf7fb.onion/projects/tor/newticket
Additionally this subpage (if not logged) should contain shor...Please add new position to Help menu: "File a bug", which simplify reporting of bugs.
The new position should open tab: http://ea5faa5po25cf7fb.onion/projects/tor/newticket
Additionally this subpage (if not logged) should contain short info about reporting bugs and links to:
- login
- create account
After **creating** the account it should redirect to login site and then to http://ea5faa5po25cf7fb.onion/projects/tor/newticket (no redirect here now).
Most people probably do not know how to report a bug. The domain "ea5faa5po25cf7fb" is also difficult to remember so this important site should be available from the menu.
**Trac**:
**Username**: Crissy2https://gitlab.torproject.org/legacy/trac/-/issues/30381Provide control port commands to ADD/REMOVE/VIEW v3 client-auth2020-06-13T15:46:25ZGeorge KadianakisProvide control port commands to ADD/REMOVE/VIEW v3 client-authWe need control port commands so that TB can add/remove/view client auth credentials.
Furthermore, the 'add' command should be able to decrypt any existing non-decryptable descriptors in the cache (see #30382).We need control port commands so that TB can add/remove/view client auth credentials.
Furthermore, the 'add' command should be able to decrypt any existing non-decryptable descriptors in the cache (see #30382).Tor: 0.4.3.x-finalGeorge KadianakisGeorge Kadianakishttps://gitlab.torproject.org/legacy/trac/-/issues/30336Consider providing nodes restriction UI2020-06-16T01:03:02ZTracConsider providing nodes restriction UIOn Android 5.1.1 launching the browser gets you first warnings in the log:
WARNING: linker: /data/app/org.torproject.torbrowser_alpha-1/lib/arm/libTor.so: unused DT entry: type 0x6ffffffe arg 0x6e400
WARNING: linker: /data/app/org.tor...On Android 5.1.1 launching the browser gets you first warnings in the log:
WARNING: linker: /data/app/org.torproject.torbrowser_alpha-1/lib/arm/libTor.so: unused DT entry: type 0x6ffffffe arg 0x6e400
WARNING: linker: /data/app/org.torproject.torbrowser_alpha-1/lib/arm/libTor.so: unused DT entry: type 0x6ffffffe arg 0x3
Next success and notices but then:
WARN: failed to open GEOIP file /usr/local/share/tor/geoip.
WARN: We've been configuredto use (or avoid) nodes in certain countries, and we need GEOIP information to figure out which ones they are.
Then a lot of WARN: Problem bootstrapping and connecting
No connection ever gets done.
**Trac**:
**Username**: WinXAnd511https://gitlab.torproject.org/legacy/trac/-/issues/30272Gracefully Handle Loss of Connection on Startup2020-06-16T01:02:47ZShane IsbellGracefully Handle Loss of Connection on StartupIf I put in airplane mode, the logs will show that tor keeps trying to connect, saying its stuck at 0%. We should detect if app goes into airplane mode (or does not have a connection). The user-device interaction in this case is still un...If I put in airplane mode, the logs will show that tor keeps trying to connect, saying its stuck at 0%. We should detect if app goes into airplane mode (or does not have a connection). The user-device interaction in this case is still undefined.https://gitlab.torproject.org/legacy/trac/-/issues/30259Improve verify signature flow for Tor Browser2020-06-13T17:28:02ZAntonelaantonela@torproject.orgImprove verify signature flow for Tor BrowserVerifying signature is a painful process for regular and power users. This ticket aims to explore how we can improve it.Verifying signature is a painful process for regular and power users. This ticket aims to explore how we can improve it.Antonelaantonela@torproject.orgAntonelaantonela@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/30104browser onboarding: 8.5 security level image includes English text2020-06-16T01:02:19ZMark Smithbrowser onboarding: 8.5 security level image includes English textThe security level image that is shown on the "updated for Tor Browser 8.5" Security onboarding page includes a screenshot of the Security Level doorhanger that was taken when running in the en-US locale. That means we will show English ...The security level image that is shown on the "updated for Tor Browser 8.5" Security onboarding page includes a screenshot of the Security Level doorhanger that was taken when running in the en-US locale. That means we will show English text for all locales. We should find a different solution in the long run.
This is the image: https://gitweb.torproject.org/tor-browser.git/plain/browser/extensions/onboarding/content/img/figure_tor-security-level.png?h=tor-browser-60.6.1esr-8.5-1https://gitlab.torproject.org/legacy/trac/-/issues/30032Add warning or disable adding additional extensions2020-06-16T01:02:13ZWilliam BudingtonAdd warning or disable adding additional extensionsA few users of the Tor Browser have reached out to the EFF extension developers team wanting help with Privacy Badger. As we've explained in the past[1], installing Privacy Badger within Tor Browser can seriously impede the anonymity gu...A few users of the Tor Browser have reached out to the EFF extension developers team wanting help with Privacy Badger. As we've explained in the past[1], installing Privacy Badger within Tor Browser can seriously impede the anonymity guarantees of TB. Even extensions which under normal circumstances in mainline Firefox would increase privacy can be harmful in the TB context - for instance, canvas hash randomizers can move the browser from the relatively large anonymity pool of "TB users on Linux" to the much smaller pool of "TB users on Linux who have a canvas randomizer", since the fact that your canvas is randomized is able to be determined by any remote site. Users of TB are more likely to be power users and install additional addons as well.
Currently, installing an extension in TB is as easy as doing the same in Firefox. We should either disable the ability to install additional extensions or add a highly eye-catching warning alerting users to the fact that extensions, even ones that are privacy-oriented, can be harmful to anonymity.
1. https://tor.stackexchange.com/questions/15653/why-does-tor-not-pre-include-privacy-badger-or-disconnect-add-onshttps://gitlab.torproject.org/legacy/trac/-/issues/30025Objective 2, Activity 4: Better client-side errors2020-06-16T01:02:12ZPili GuerraObjective 2, Activity 4: Better client-side errorsThis is the parent ticket to hold any tickets under this activity, including:
- Improving Tor Browser behavior when an onion site supports HTTPS but the HTTPS is not from an approved certificate.
- Fixing inconsistent messages we are sho...This is the parent ticket to hold any tickets under this activity, including:
- Improving Tor Browser behavior when an onion site supports HTTPS but the HTTPS is not from an approved certificate.
- Fixing inconsistent messages we are showing to users accessing .onion sites with self-signed certificates-
- Improving Tor Browser’s user experience and error messages when a .onion link fails.
- Providing more informative error messages back to the user to better indicate whether the issue was on the service-side, on the client-side, or on the network-side.https://gitlab.torproject.org/legacy/trac/-/issues/30022Objective 2, Activity 2: Notify users about typo errors when entering .onion ...2020-06-16T01:02:09ZPili GuerraObjective 2, Activity 2: Notify users about typo errors when entering .onion addressesThis is the parent ticket to hold any tickets under this activity, including:
- Using the address format of onion services v3 that allows us to detect typos.
- Experimenting with the optimal user experience for this error case, e.g. off...This is the parent ticket to hold any tickets under this activity, including:
- Using the address format of onion services v3 that allows us to detect typos.
- Experimenting with the optimal user experience for this error case, e.g. offering a retry-button after explaining what went wrong.
- Implementing a special error page that tells the user the problem is a typo in the address.https://gitlab.torproject.org/legacy/trac/-/issues/29997Add a "?" besides setting that could help fingerprinting you if changed2020-06-16T01:02:06ZTracAdd a "?" besides setting that could help fingerprinting you if changedAn interactive GUI "What not to do" guide that explains what should be avoided.
A "(?)" beside a setting should explain what happens if you, for example. Remove all the Search Engines from the list, if that could create a unique fingerp...An interactive GUI "What not to do" guide that explains what should be avoided.
A "(?)" beside a setting should explain what happens if you, for example. Remove all the Search Engines from the list, if that could create a unique fingerprint. Or changing the Default Search Engine.
I recently figured out that the Bookmarks Toolbar was changing my Window Size without me knowing. That I have been using on websites for months. Changing the Bookmarks/History to a popup window would be better maybe? Or simply have the blank page after opening a new tab contain all your bookmarks.
**Trac**:
**Username**: namihttps://gitlab.torproject.org/legacy/trac/-/issues/29973Remove remaining stopOpenSecuritySettingsObserver() pieces2020-06-16T01:02:01ZGeorg KoppenRemove remaining stopOpenSecuritySettingsObserver() pieces`stopOpenSecuritySettingsObserver()` is not needed anymore with the changes in #25658. However, there are some pieces left of it that result in a browser console error. Noted on our blog: https://blog.torproject.org/comment/280343#commen...`stopOpenSecuritySettingsObserver()` is not needed anymore with the changes in #25658. However, there are some pieces left of it that result in a browser console error. Noted on our blog: https://blog.torproject.org/comment/280343#comment-280343https://gitlab.torproject.org/legacy/trac/-/issues/29955Final Orfox update2020-06-16T01:03:56ZMatthew FinkelFinal Orfox updateI'm debating how we should do this. Ideally, we want to migrate all Orfox users to TBA. In this ideal world, I would propose creating a very simple app as a replacement for Orfox where this new app simply says something like "Orfox is no...I'm debating how we should do this. Ideally, we want to migrate all Orfox users to TBA. In this ideal world, I would propose creating a very simple app as a replacement for Orfox where this new app simply says something like "Orfox is now Tor Browser for Android! Please install it from <app store link>". We can detect if the device has the Play store or F-droid installed and give the user one of the links. We can also offer a way to migrate the users bookmarks from Orfox to TBA.
The real world is more complicated than the ideal world. I worry about releasing an update of Orfox that completely replaces its current functionality with a simple-migration-tool. However, realistically, no one should be using Firefox 52esr now, so moving users away from that is important. With that being said, people should have a choice.
One problem is we can't easily release a new version of Orfox (based on 52esr) because Google Play won't accept it due to stricter requirements that went into effect last October. Therefore, we are in a not so great situation with this.https://gitlab.torproject.org/legacy/trac/-/issues/29893have a way to create forwards for the old links that are going to be broken w...2020-06-13T17:27:40Zemmapeelhave a way to create forwards for the old links that are going to be broken with the tpo website moveWe maybe can use an .htaccess file or another method, but we should map the links we are going to brake and make the corresponding forwards to the new links.We maybe can use an .htaccess file or another method, but we should map the links we are going to brake and make the corresponding forwards to the new links.website redesignHiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/29873TBA 60.6.0 UI breaks proxy compatibility2020-06-16T01:01:49ZTracTBA 60.6.0 UI breaks proxy compatibilityProblem:
TBA 60.6.0 doesn't allow to connect to SOCKS proxy and also doesn't allow bypass of built-in Orbot.
Why it is a problem:
I live in a country that blocks Tor so efficiently that I need comercial VPN services to connect to Tor.
I...Problem:
TBA 60.6.0 doesn't allow to connect to SOCKS proxy and also doesn't allow bypass of built-in Orbot.
Why it is a problem:
I live in a country that blocks Tor so efficiently that I need comercial VPN services to connect to Tor.
I don't trust the apps of those companies with a system wide VPN (which I also still need it for the separate Orbot VPN) and have it expose a SOCKS5 instead.
Before Upgrade:
TBA>separate Orbot SOCKS5>commercial VPN service app SOCKS5>internet
After I start TBA I use my phone's back button to bypass the built-in Orbot. I open about:config and change the SOCKS port to the one from the separate Orbot. Then I browse as normal.
After Upgrade:
The built-in Orbot can not be bypassed. I can also not connect it directly to the commercial app. I can not browse the internet.
**Trac**:
**Username**: aprilhttps://gitlab.torproject.org/legacy/trac/-/issues/29850localize sublinks so you stay on the current language2020-06-13T17:27:39Zemmapeellocalize sublinks so you stay on the current language* go to https://lektor-staging.torproject.org/tpo/staging/es/about/history/
* click on 'informes' on the menu under the title
* you are sent to /staging/about/reports/ , instead of /es/staging/about/reports/ (mind the /es).
what shou...* go to https://lektor-staging.torproject.org/tpo/staging/es/about/history/
* click on 'informes' on the menu under the title
* you are sent to /staging/about/reports/ , instead of /es/staging/about/reports/ (mind the /es).
what should happen:
* You stay navigating in /es/ as you have selected it previously.
note: it works ok for button About that is part of the menu at the top of the page: that button changes along with the selected language.website redesignHiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/29849first text is duplicated when browsing /about/* subpages2020-06-13T17:27:39Zemmapeelfirst text is duplicated when browsing /about/* subpagesWhen browsing pages on the new tpo site, the first two paragraphs are duplicated, see:
https://lektor-staging.torproject.org/tpo/staging/es/about/history/When browsing pages on the new tpo site, the first two paragraphs are duplicated, see:
https://lektor-staging.torproject.org/tpo/staging/es/about/history/website redesignHiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/29833about:logo still contains Firefox logos2020-06-16T01:01:43ZGeorg Koppenabout:logo still contains Firefox logosWe fixed a lot of Firefox logos by replacing them with their Tor Browser counterparts in #25702. However, `about:logo` still shows a combination of Firefox icon and Firefox related text. We'd want to have a respective Tor Browser logo/ic...We fixed a lot of Firefox logos by replacing them with their Tor Browser counterparts in #25702. However, `about:logo` still shows a combination of Firefox icon and Firefox related text. We'd want to have a respective Tor Browser logo/icon for that one as well. (Discovered while trying to figure out what the purpose of the unmodified icons in the mobile folder is; mobile is affected, too).
The icon in question is located in `browser/branding/$series/content/about.png` for desktop and `mobile/android/branding/$series/content/about.png` for mobile.https://gitlab.torproject.org/legacy/trac/-/issues/29695The captcha displayed while authenticating connecting to a tor bridge is unre...2020-09-02T17:52:43ZTracThe captcha displayed while authenticating connecting to a tor bridge is unreadableSteps:
1. Open "Tor Network Settings"
2. Select "Request a tor bridge from torproject.org"
3. Click on button "Request a new bridge"
The captcha displayed for verification on connecting to tor bridges is not readable. It has letters an...Steps:
1. Open "Tor Network Settings"
2. Select "Request a tor bridge from torproject.org"
3. Click on button "Request a new bridge"
The captcha displayed for verification on connecting to tor bridges is not readable. It has letters and characters merged in such a way that the probability of getting it right is very low(I have had a success rate of 1 out of 10 times).
**Trac**:
**Username**: cskhttps://gitlab.torproject.org/legacy/trac/-/issues/29664Create release notes page at torproject.org2020-06-13T17:27:36ZAntonelaantonela@torproject.orgCreate release notes page at torproject.orgOn #29440 we discussed the possibility to have release notes per each browser release outside the blog. That is useful for different reasons; one of them is having a centralized place to look for these notes.
I'd suggest including this ...On #29440 we discussed the possibility to have release notes per each browser release outside the blog. That is useful for different reasons; one of them is having a centralized place to look for these notes.
I'd suggest including this at
`torproject.org/torbrowser/%version%/releasenotes`
`torproject.org/torbrowserandroid/%version%/releasenotes`
We may want to automate it in many ways, the first iteration could be static as well.HiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/29646NoScript XSS user choices are persisted2020-06-16T01:28:26ZTracNoScript XSS user choices are persistedWhenever user chooses 'Always allow' or 'Always block' in one of the NoScript XSS popups the setting is persisted in `storage-sync.sqlite` file and this is never cleared on browser startup as the rest of NoScript preferences.
The full p...Whenever user chooses 'Always allow' or 'Always block' in one of the NoScript XSS popups the setting is persisted in `storage-sync.sqlite` file and this is never cleared on browser startup as the rest of NoScript preferences.
The full persisted object can be inspected via `about:debugging` -> Debug Noscript -> `browser.storage.sync.get('xssUserChoices')`.
I understand this is not intended behaviour, since NoScript default is to not persist user choices (clearing them up on browser start).
**Trac**:
**Username**: atac