Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:01:15Zhttps://gitlab.torproject.org/legacy/trac/-/issues/29590Smarter bootstrapping for Tor Browser taking censorship into account2020-06-16T01:01:15ZGeorg KoppenSmarter bootstrapping for Tor Browser taking censorship into accountRight now we don't offer the user much help when connecting wherever they are with their mobile phone. They get to make the choice to be on the safe side given their current context as to whether they want to connect directly or use a br...Right now we don't offer the user much help when connecting wherever they are with their mobile phone. They get to make the choice to be on the safe side given their current context as to whether they want to connect directly or use a bridge/PT.
However, we might be able to be smarter here and make at least suggestions or allow even some bridge selection behind the scenes helping with a more automated bootstrapping.
The desktop related tickets are #21951 and #24527.
See for a good summary on what the Briar folks do (with further links to tickets on their side): https://lists.torproject.org/pipermail/tor-dev/2019-February/013708.html.https://gitlab.torproject.org/legacy/trac/-/issues/29506<noscript> tag doesn't work when JS is blocked by security slider at Safer2020-06-16T01:01:05ZMicah Lee<noscript> tag doesn't work when JS is blocked by security slider at SaferThe <noscript> HTML tag is supposed to be hidden when JavaScript is enabled, and get displayed when it's disabled. Websites use it to inform users what things are broken without JavaScript.
When the security slider is set to Safest, all...The <noscript> HTML tag is supposed to be hidden when JavaScript is enabled, and get displayed when it's disabled. Websites use it to inform users what things are broken without JavaScript.
When the security slider is set to Safest, all JavaScript is disabled, and the <noscript> tag works like expected. But when it's set to Safer, JavaScript is disabled on non-HTTPS websites (including HTTP .onion sites), but the <noscript> tag doesn't display, but it should.https://gitlab.torproject.org/legacy/trac/-/issues/29440Update about:tor when Tor Browser is updated2020-06-16T01:00:58ZAntonelaantonela@torproject.orgUpdate about:tor when Tor Browser is updatedAs part of #25694, I suggested having "Tor Browser has been updated" as a title in `about:tor` when Tor Browser starts after an update.
The mockup is here
https://trac.torproject.org/projects/tor/attachment/ticket/25694/1.3C.jpg
For us...As part of #25694, I suggested having "Tor Browser has been updated" as a title in `about:tor` when Tor Browser starts after an update.
The mockup is here
https://trac.torproject.org/projects/tor/attachment/ticket/25694/1.3C.jpg
For users interested in view the changelog, we should discuss if an exclusive page for it is the best way to approach it.https://gitlab.torproject.org/legacy/trac/-/issues/29197remove use of overlays from Tor Launcher2020-06-13T17:44:17ZMark Smithremove use of overlays from Tor LauncherXUL overlay support was removed from Firefox beginning with Firefox 63. See https://bugzilla.mozilla.org/show_bug.cgi?id=1449791
Tor Launcher uses an overlay to allow configuration UI elements to be shared between the setup wizard and t...XUL overlay support was removed from Firefox beginning with Firefox 63. See https://bugzilla.mozilla.org/show_bug.cgi?id=1449791
Tor Launcher uses an overlay to allow configuration UI elements to be shared between the setup wizard and the Tor Network Settings dialog. We will need to replace this with a preprocessor #include strategy or just maintain two copies of the XUL.Kathleen BradeKathleen Bradehttps://gitlab.torproject.org/legacy/trac/-/issues/29031Tor Browser for Android (Alpha) does not accept Torrc Custom Config lines2022-07-08T19:06:39ZTracTor Browser for Android (Alpha) does not accept Torrc Custom Config linesAs of version 60.4.0, users of Tor Browser for Android (Alpha) can no longer use a custom Torrc. This is related to the fact that Tor Browser for Android (Alpha) no longer depends upon Orbot, which as of version 16.0.5-RC-2-tor-0.3.4.9 ...As of version 60.4.0, users of Tor Browser for Android (Alpha) can no longer use a custom Torrc. This is related to the fact that Tor Browser for Android (Alpha) no longer depends upon Orbot, which as of version 16.0.5-RC-2-tor-0.3.4.9 continues to support this feature faithfully.
Tor Browser for Android (Alpha) has a new startup screen that resembles Orbot. On this screen, there is a "hamburger" menu in the top right corner that has a dropdown menu containing an option "Settings" which, just like Orbot, contains an option called "Torrc Custom Config". However, unlike Orbot, lines entered herein are not copied to `app_bin/torrc.custom` and (presumably thus) have no effect.
**TO REPLICATE**
1. Install both Orbot 16.0.5-RC-2-tor-0.3.4.9 and Tor Browser for Android (Alpha) 60.4.0 side by side.
2. Start Orbot; from the hamburger menu choose Settings; then choose Torrc Custom Config. Enter some valid line (such as `ControlPort 9051`)).
3. Open a terminal on your android device and run:
```
# cat /data/data/org.torproject.android/app_bin/torrc.custom
```
4. Verify that your custom line appeared successfully.
5. Now start Tor Browser for Android (Alpha); from the hamburger menu choose Settings; then choose Torrc Custom Config. Enter some valid line (such as `ControlPort 9151`)).
6. Open a terminal on your android device and run:
```
# cat /data/data/org.torproject.torbrowser_alpha/app_bin/torrc.custom
```
7. Verify that your custom line did **NOT** appear.
**Trac**:
**Username**: cypherpunks8https://gitlab.torproject.org/legacy/trac/-/issues/28885notify users that update is downloading2020-06-16T00:59:43ZMark Smithnotify users that update is downloadingAn important improvement that was discussed in #25694 is to let users know when an update is in the process of being downloaded. Firefox does not show this information in an obvious way; users need to open about:preferences and look in t...An important improvement that was discussed in #25694 is to let users know when an update is in the process of being downloaded. Firefox does not show this information in an obvious way; users need to open about:preferences and look in the Updates section or open the about box. Tor Browser users are sometimes confused because they know an update is available but have no easy way to know if it is being downloaded, and downloading the MAR files can take a while over Tor.
We plan to add a new "Downloading Tor Browser update..." message that will be displayed in the hamburger menu. We will also ensure that the standard "update" icon is displayed on the hamburger menu toolbar icon so users know to look inside for more info.https://gitlab.torproject.org/legacy/trac/-/issues/28800Implement New Identity functionality for Tor Browser on Android2022-09-01T22:43:11ZGeorg KoppenImplement New Identity functionality for Tor Browser on AndroidWe want to have an easy to use New Identity functionality for Tor Browser for Android. Currently there is some New Identity-like functionality provided by Orbot but a) that's only responsible for circuit-switching and b) it is not clear ...We want to have an easy to use New Identity functionality for Tor Browser for Android. Currently there is some New Identity-like functionality provided by Orbot but a) that's only responsible for circuit-switching and b) it is not clear whether we stick to Orbot in our grand scheme of things.https://gitlab.torproject.org/legacy/trac/-/issues/28786Allow customizing Tor instance in Tor Browser on mobile2020-06-16T00:59:22ZTracAllow customizing Tor instance in Tor Browser on mobileCould you add an option to disable automatic startup of built-in Orbot in Tor Browser for Android?
I prefer do not use Orbot and use Termux's tor package instead.
**Trac**:
**Username**: dimquaCould you add an option to disable automatic startup of built-in Orbot in Tor Browser for Android?
I prefer do not use Orbot and use Termux's tor package instead.
**Trac**:
**Username**: dimquahttps://gitlab.torproject.org/legacy/trac/-/issues/28629Add Graphs section to the Styleguide2020-06-13T17:12:01ZAntonelaantonela@torproject.orgAdd Graphs section to the StyleguideWe want to have a trusted source for styling (colors and fonts) for teams who need to have data visualization.
Metrics is using this library https://ggplot2.tidyverse.org/.We want to have a trusted source for styling (colors and fonts) for teams who need to have data visualization.
Metrics is using this library https://ggplot2.tidyverse.org/.HiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/28628Introduce New Security Settings to users2020-06-16T00:58:39ZAntonelaantonela@torproject.orgIntroduce New Security Settings to usersThe proposal includes a section 3. which contemplates the way we are informing users about the new behavior.The proposal includes a section 3. which contemplates the way we are informing users about the new behavior.donutsdonutshttps://gitlab.torproject.org/legacy/trac/-/issues/28626Usability Research: Circuit Display - Uganda2020-06-13T17:07:41ZnyinzUsability Research: Circuit Display - Uganda**Methodology**
See file attached
Where: Tor Training in Kampala, Uganda
Participants: Seven (7)
**Results**
1.Summary of demographics
2.What users said
3.Conclusion
4.Recommendations
**1.**
The group consisted of 6 male users and 1 f...**Methodology**
See file attached
Where: Tor Training in Kampala, Uganda
Participants: Seven (7)
**Results**
1.Summary of demographics
2.What users said
3.Conclusion
4.Recommendations
**1.**
The group consisted of 6 male users and 1 female user aged 20-50
Most users are technologists day to day tech users who use Tor on specific situations only
**2.**
Q1 Can you tell me what “Guard” means?
Most users don’t know what the this question means although they relate this word it with ‘protecting’ or something ‘safe’ No user in this group is knowledgeable about the of different kinds of node roles and Guard node roles
Q2 Can you identify which node is your Guard?
-It is unclear to all the users what ‘node’ means
-The user’s hesitate for more than 3 seconds before responding
Q3 Did you need a new circuit before? Why? Can you ask for a New Circuit now? Do you know what it means?
-Most users responded with a “No”
-Users do not understand this and what UI helps on it
Q4 Do you need more information about Guards? If yes, can you tell me how to find it?
Most users do not know where to find this information
Quote: “I don’t know”
Users did not discover the Guard link and did not speak about Tor Browser User Manual explanation about how guards selection works
Q5 Can you identify if you are connected by a bridge?
Most users said they could identify this however their tone suggests that they are having trouble finding it
**3.**
The majority of users were confused by the terms used in this questionnaire like Guard/node/circuit
The group responses reveal that knowledge about circuit and bridge settings is severely limited. In addition, users are having a hard time locating information on the circuit display
** 4.**
-Users may be able to interact with the browser more easily if they could see how the different parts (guard/node/circuit/bridge) come together to provide secure internet access. Terminology could be revised for this purposenyinznyinzhttps://gitlab.torproject.org/legacy/trac/-/issues/28622Update Tor Browser Icon for Android2020-06-16T01:02:30ZPili GuerraUpdate Tor Browser Icon for AndroidNow that we have updated icon assets, let's update the TBA icon for Android alsoNow that we have updated icon assets, let's update the TBA icon for Android alsohttps://gitlab.torproject.org/legacy/trac/-/issues/28556Detect other installed circumvention tools and offer them as transports2020-06-16T00:53:04ZRoger DingledineDetect other installed circumvention tools and offer them as transportsIf the Tor Browser user has Lantern installed on the system too, and direct Tor traffic is blocked, wouldn't it be cool to offer the user the option to send their Tor traffic via Lantern into the Tor network?
More broadly, many tools f...If the Tor Browser user has Lantern installed on the system too, and direct Tor traffic is blocked, wouldn't it be cool to offer the user the option to send their Tor traffic via Lantern into the Tor network?
More broadly, many tools focus on "access" rather than Tor's more comprehensive goal of "safe access", and while each of them offers tradeoffs around performance, reliability, and safety, it seems like a net win to make it straightforward for Tor Browser (via the pluggable transport selection menu) to route through them if they're present.
One stumbling block: some of these access tools try to make it hard for other processes on the system to notice that they're present. I hear Lantern is one of those -- it uses simple techniques like randomizing its proxy port, but it doesn't currently use more sophisticated approaches like changing its process name. But "detecting apps that don't want to be detected" doesn't seem like a fun arms race for Tor Browser to get into.
Another stumbling block: some of these access tools are centralized, which makes it sketchier to route traffic through them. But we already accept exactly this tradeoff in the case of meek, so I'm ok with this angle.
So, to make this ticket more concrete:
* Let's make a list of other "access" tools in our space that we'd like to play well with.
* Then let's ask each of them if they'd like to offer some API for us to detect their presence and learn how exactly to use them (similar to Tor's "ControlPortWriteToFile" config option, which writes out a file with parameters on how to interact with the running Tor).
* Assuming the resulting set isn't empty, let's teach Tor Launcher how to configure Tor to use them, and add the option(s) to Tor Browser's pluggable transport menu.
(The VPN interfaces are I think different from this idea, since in that world they already have the notion of either selecting what apps to capture traffic from, or they just ask to capture all traffic. So there's nothing the Tor Browser needs to do for those cases. Unless I'm wrong?)https://gitlab.torproject.org/legacy/trac/-/issues/2854012/11 release Banner text2020-06-16T00:53:02ZSarah Stevenson12/11 release Banner textPlease create the following 6 banners where:
[Line 1, non-variable] Tor: Strength in Numbers
[Line 2, variable]
1. Keep Tor strong. Give today, and Mozilla will match your donation. https://marvelapp.com/a131e34/screen/48876408
2. ...Please create the following 6 banners where:
[Line 1, non-variable] Tor: Strength in Numbers
[Line 2, variable]
1. Keep Tor strong. Give today, and Mozilla will match your donation. https://marvelapp.com/a131e34/screen/48876408
2. Mozilla is matching every donation until 2019. Give now, and your gift becomes twice as strong.
^^ please notice that the 'Give today, and Mozilla will match your donation" phrase will change here and be: "Give now, and your gift becomes twice as strong."
3. Support internet freedom. Give today, and Mozilla will match your donation.
4. Defend the open web. Give today, and Mozilla will match your donation.
5. Support privacy and freedom online. Give today, and Mozilla will match your donation.
6. We need your support. Every dollar counts. Give today, and Mozilla will match your donation.
[Button]:
“Count me in.” To be used in English.
“Donate now.” To be used for all other languages.https://gitlab.torproject.org/legacy/trac/-/issues/28532Map link changes from current tpo to lektor projects2020-06-13T17:27:17ZtraumschuleMap link changes from current tpo to lektor projectsTo port tpo and wiki content to lektor it helps to document where content of current pages reappears and to concentrate scattered info a bit. This eventually can be useful for rewrite rules.
The goal is to create a list of pages with a ...To port tpo and wiki content to lektor it helps to document where content of current pages reappears and to concentrate scattered info a bit. This eventually can be useful for rewrite rules.
The goal is to create a list of pages with a link to the old and new locations.
* Overview: #21222, [[Website/MainSiteRedesign]]
* Sitemap: #10591, #25637, #25638
- #24131: https://torproject.org - outline: #22198, sitemap: #25637, #25638
- #24129: https://support.torproject.org - sketches: #22200
- [/projects/tor/query?status=!closed&component=Community%2FTor+Browser+Manual tb-manual]: https://tb-manual.torproject.org
- #24133: https://community.torproject.org - sketches: comment:5:issue:24133
- #24132: https://dev.torproject.org - structure: #22199
Previews: https://lektor-staging.torproject.org/website redesignhttps://gitlab.torproject.org/legacy/trac/-/issues/28531Publish a snapshot of what PTs are needed for successful Tor use in each country2020-06-13T18:29:47ZRoger DingledinePublish a snapshot of what PTs are needed for successful Tor use in each countrySeveral countries have deployed censorship that includes trying to block Tor in various ways. And places change their censorship over time. What does the big picture look like today?
We have a scattering of resources on this topic curre...Several countries have deployed censorship that includes trying to block Tor in various ways. And places change their censorship over time. What does the big picture look like today?
We have a scattering of resources on this topic currently, e.g.:
* OONI has "vanilla Tor" measurements in some countries.
* We have anecdotal stories from talking to users in various places.
* There's the censorship wiki: https://trac.torproject.org/projects/tor/wiki/doc/OONI/censorshipwiki (#6149)
* metrics-timeline has something similar: https://trac.torproject.org/projects/tor/wiki/doc/MetricsTimeline
* And the Berkeley folks wrote up their own Tor censorship timeline: https://www.icsi.berkeley.edu/~sadia/tor_timeline.pdf
But what is the situation, this month, in every country? Which ones block the Tor directory authorities, which ones block the public relays, which ones block the default (i.e. included in tor browser) bridges, which ones enumerate bridges from bridges.torproject.org and block them by IP address, which ones use DPI to detect and cut various pluggable transport connections, which ones throttle protocols they don't want, etc?
When Venezuela's CANTV ISP did their IP address based blocking, they also blocked the default obfs4 bridges, which led to confusion and then unfortunate headlines like the one from Access: "Venezuela blocks Tor". (Tor worked fine if you got a fresh bridge, even a vanilla bridge.)
In Taipei I talked to some central asia experts who told me about how Tor only works in a degraded way in Belarus in the default configuration "because a few years ago they blocked all the relay IP addresses, but they haven't updated their block since then".
We need up-to-date information about Tor blocking to provide advice to our users when they ask for support, and also we want it for preemptively including good advice in Tor Launcher's UI. Knowing historical trends will help us prioritize the development of new pluggable transports vs new distribution methods of existing transports.
So, how do we get this information?
One option is that in the glorious future, the standard OONI decks will have all of these tools built-in. But that future is a long way off, and maybe it should never even arrive, since some Tor transports are huge and have no business being bundled into a little mobile testing app.
I think we instead want some combination of the following two plans:
* We have on-the-ground contacts in many countries, and it's often not just individuals but whole NGOs full of Tor enthusiasts. We should pull together our knowledge of who we know in each place, and ask them what they think the current situation is in their country, and talk to them regularly. We can prioritize the various countries that we think were, are, or might be trying to block Tor. Having these on-the-ground experts is going to be necessary no matter what else we add to the plan, and it's why I picked 'community outreach' as the ticket component.
* We should build automated tools to assist people in assessing Tor censorship on their network -- to increase the accuracy of reports that we get, and to make the reports come with actual data that we can compare over time. This idea is #23839.
This ticket is for pulling together one big-picture report. But once we have one, we will want to find ways of keeping ourselves up to date over time.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/28381Oreo adaptive icon shape2020-06-16T00:52:51ZTracOreo adaptive icon shapePlease add support for icon shape
https://developer.android.com/guide/practices/ui_guidelines/icon_design_adaptive
https://material.io/guidelines/style/icons.html
**Trac**:
**Username**: cepxuoPlease add support for icon shape
https://developer.android.com/guide/practices/ui_guidelines/icon_design_adaptive
https://material.io/guidelines/style/icons.html
**Trac**:
**Username**: cepxuohttps://gitlab.torproject.org/legacy/trac/-/issues/28329Design TBA+Orbot configuration UI/UX2020-06-16T01:01:46ZMatthew FinkelDesign TBA+Orbot configuration UI/UXI now have TBA and Orbot glued together. They co-exist, but I'm not sure how they should look or interact together. Where in the TBA app/screen should we have a button that switches to the Orbot screen? Do we want Orbot's onboarding UX o...I now have TBA and Orbot glued together. They co-exist, but I'm not sure how they should look or interact together. Where in the TBA app/screen should we have a button that switches to the Orbot screen? Do we want Orbot's onboarding UX or do we want our own?
Please help :)https://gitlab.torproject.org/legacy/trac/-/issues/28259Is not saving history hurting Tor Browser retention rates?2020-06-16T00:52:36ZArthur EdelsteinIs not saving history hurting Tor Browser retention rates?The main unique value that Tor Browser provides is network privacy. But we also enable private browsing mode by default, which means history and passwords are not saved.
That's actually pretty inconvenient for a modern web browser. Ever...The main unique value that Tor Browser provides is network privacy. But we also enable private browsing mode by default, which means history and passwords are not saved.
That's actually pretty inconvenient for a modern web browser. Every time the user starts Tor Browser, they don't get the convenience of Restore Session, auto-login, recent pages, history-based completion, importing user data from other browsers, and Sync. This issue was raised in [Gallagher et al 2018](https://lists.torproject.org/pipermail/ux/attachments/20180921/c901ae9f/attachment-0001.pdf)
So, we could consider allowing users to open a "normal browsing" window, that retains history and passwords and even uses "Firefox Sync". They would still get the benefit of network privacy. Saved state could be locked behind a master password, or we could remind users to use whole-disk encryption.
My hypothesis is that this approach could help retain users and enable more users to use Tor Browser as their "main browser". But it would require an analysis of the pros and cons and a careful redesign. We also would need to fix all unpatched network privacy in normal browsing.
So in this ticket I'm proposing we analyze this idea: figure out the best possible design, and determine if the benefits outweigh the costs.https://gitlab.torproject.org/legacy/trac/-/issues/28187Change Tor Circuit display icon to an onion2020-06-16T00:52:26ZArthur EdelsteinChange Tor Circuit display icon to an onionRight now the Tor Circuit display shows a "relay" icon, but we'd like to change it to an onion to make it more clearly a "Tor" feature. The onion icon is the same one we use in torbutton.Right now the Tor Circuit display shows a "relay" icon, but we'd like to change it to an onion to make it more clearly a "Tor" feature. The onion icon is the same one we use in torbutton.