Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T17:26:52Zhttps://gitlab.torproject.org/legacy/trac/-/issues/27304Fedora 26 reached EOL in May 2018, remove it from download-unix2020-06-13T17:26:52ZtraumschuleFedora 26 reached EOL in May 2018, remove it from download-unixhttps://fedoraproject.org/wiki/End_of_life
Since the last version of Fedora reached its EOL it is a bad recommendation to run Tor on a computer without security support. I suppose we should remove the fedora logo from the table at
https...https://fedoraproject.org/wiki/End_of_life
Since the last version of Fedora reached its EOL it is a bad recommendation to run Tor on a computer without security support. I suppose we should remove the fedora logo from the table at
https://www.torproject.org/download/download-unix.html.entraumschuletraumschulehttps://gitlab.torproject.org/legacy/trac/-/issues/23001On the website, in the 'bridges' section, update references from 'obfs3' to '...2020-06-13T17:25:01ZTracOn the website, in the 'bridges' section, update references from 'obfs3' to 'obfs4'I noticed that in the 'bridges' section on the website, the recommended default pluggable transport still was obfs3. While elsewhere obfs4 is the recommended PT. I guess it's quite minor, but I'd think people get a bit jittery when they ...I noticed that in the 'bridges' section on the website, the recommended default pluggable transport still was obfs3. While elsewhere obfs4 is the recommended PT. I guess it's quite minor, but I'd think people get a bit jittery when they are presented with slightly off information about what obfuscation technique they should actually be using to protect against inspection of their anonymous connection.
So I made a commit (and branch) to remedy this:
https://github.com/stuij/tor-site/commit/ad38186eceabd733efd67d60485aed9da22e3f99
Pull if you think it's worth the trouble (and I didn't mildly or wholly misunderstood something).
Also, I noticed that the 'pluggable transport page' on trac suffered from the same affliction. I updated it slightly where it matters. There's also a section on composing pluggable transports where obfs3 is used, but I didn't dare touch that bit, as the whole section looks a bit outdated:
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports#Combiningpluggabletransports
**Trac**:
**Username**: snoekwebsite redesignTommy CollisonTommy Collisonhttps://gitlab.torproject.org/legacy/trac/-/issues/22958Update website FAQ about padding defenses2020-06-13T17:24:59ZGeorge KadianakisUpdate website FAQ about padding defensesSomeone in the blog pointed out that our FAQ is quite negative towards padding, even tho the latest tor actually does send netflow padding: https://blog.torproject.org/comment/269842#comment-269842
We should probs update the FAQ to avoi...Someone in the blog pointed out that our FAQ is quite negative towards padding, even tho the latest tor actually does send netflow padding: https://blog.torproject.org/comment/269842#comment-269842
We should probs update the FAQ to avoid spreading confusion:
https://www.torproject.org/docs/faq.html.en#SendPaddingwebsite redesigntraumschuletraumschulehttps://gitlab.torproject.org/legacy/trac/-/issues/22637Find a more maintainable approach for the signing-keys page2020-06-13T17:24:53ZRoger DingledineFind a more maintainable approach for the signing-keys pageRight now we have this page:
https://www.torproject.org/docs/signing-keys
which is supposed to provide an official set of keys that have signed various Tor packages in the past.
We pointed to it from
https://www.torproject.org/docs/veri...Right now we have this page:
https://www.torproject.org/docs/signing-keys
which is supposed to provide an official set of keys that have signed various Tor packages in the past.
We pointed to it from
https://www.torproject.org/docs/verifying-signatures
among other places.
But people keep generating new subkeys, so the text on that page goes out of date after a month or so.
We should come up with a better way to distribute these keys, in a way that provides good enough authenticity while being easy to automate.
Maybe that's a script that gets run every so often to generate the page automatically? Maybe that's creating a gpg keyring with the right keys on it, and getting rid of the webpage?
We can think of this as part of the grand website redo, but also we can think of it as a bitesized improvement that needs to be made and can be independent of the grand website redo.website redesignhttps://gitlab.torproject.org/legacy/trac/-/issues/22611Make TB uninstall instructions more detailed in FAQ2020-06-13T17:24:51ZpastlyMake TB uninstall instructions more detailed in FAQmacOS requires special treatment.
See https://github.com/pastly/webwml branch macos-tb-uninstallmacOS requires special treatment.
See https://github.com/pastly/webwml branch macos-tb-uninstallwebsite redesignLinda LeeLinda Leehttps://gitlab.torproject.org/legacy/trac/-/issues/22609Fix 3 links in FAQ "What would The Tor Project do with more funding?"2020-06-13T17:24:50ZpastlyFix 3 links in FAQ "What would The Tor Project do with more funding?"See https://github.com/pastly/webwml branch usage-link-fixes
Update to fix metrics.tp.o links.See https://github.com/pastly/webwml branch usage-link-fixes
Update to fix metrics.tp.o links.Linda LeeLinda Leehttps://gitlab.torproject.org/legacy/trac/-/issues/22522Fix broken links2020-06-13T17:24:47ZTracFix broken linkshttps://www.torproject.org/about/torusers.html.en
This page is crucial to understand user cases.
It contains links to external resources, some of them are dead.
One way to fix it, I guess, is to use WaybackMachine’s copies.
## Journali...https://www.torproject.org/about/torusers.html.en
This page is crucial to understand user cases.
It contains links to external resources, some of them are dead.
One way to fix it, I guess, is to use WaybackMachine’s copies.
## Journalists and their audience use Tor
Citizens and journalists in [Internet black holes]
## Activists & Whistleblowers use Tor
[Canadian ISP blocked access to a union website used by their own employees] to help organize a strike.
## Bloggers use Tor
Frequently we hear about bloggers who are [sued]
## Bottom of the page
[adoption services]
**Trac**:
**Username**: FlemingLinda LeeLinda Leehttps://gitlab.torproject.org/legacy/trac/-/issues/22487Add https version of `deb.torproject.org` repository install instructions2020-06-13T17:24:47ZanadahzAdd https version of `deb.torproject.org` repository install instructionsAdd https version of `deb.torproject.org` repository in the install section of [Tor on Ubuntu or Debian](https://www.torproject.org/docs/debian.html.en#ubuntu).
Using the HTTPS transport for APT (package manager) will overcome censorshi...Add https version of `deb.torproject.org` repository in the install section of [Tor on Ubuntu or Debian](https://www.torproject.org/docs/debian.html.en#ubuntu).
Using the HTTPS transport for APT (package manager) will overcome censorship/blocking from DPIs and filtering equipment that block on the HTTP protocol.HiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/22427Link to Linus's nightly builds from somewhere?2020-06-13T17:24:46ZRoger DingledineLink to Linus's nightly builds from somewhere?Tor Browser has nightly builds! Did you know?
If you ask search engines for "tor browser nightly" or "tor browser nightly builds", you won't find them though.
I found the link in an old tbb-dev archive. Here it is:
https://people.torpr...Tor Browser has nightly builds! Did you know?
If you ask search engines for "tor browser nightly" or "tor browser nightly builds", you won't find them though.
I found the link in an old tbb-dev archive. Here it is:
https://people.torproject.org/~linus/builds/
Unless, who knows, maybe that is not the best link to use.
In any case, it would seem smart to have a way for users to find this directory.Linda LeeLinda Leehttps://gitlab.torproject.org/legacy/trac/-/issues/22412Add "How report bad tor relays" info to www.torproject.org2020-06-13T17:24:45ZcypherpunksAdd "How report bad tor relays" info to www.torproject.org
http://www.hackerfactor.com/blog/index.php?/archives/763-The-Continuing-Tor-Attack.html
```
Unfortunately, there are no official methods for reporting bad Tor nodes to the Tor Project. The official contact methods do not work.
```
It ...
http://www.hackerfactor.com/blog/index.php?/archives/763-The-Continuing-Tor-Attack.html
```
Unfortunately, there are no official methods for reporting bad Tor nodes to the Tor Project. The official contact methods do not work.
```
It is fairly easy to find (first search result for 'report bad tor relays'):
https://blog.torproject.org/blog/how-report-bad-relays
If that email currently does not send an auto-reply with "thanks, we got your report, we will get back to you within .. days" that might make sense to add.Linda LeeLinda Leehttps://gitlab.torproject.org/legacy/trac/-/issues/22163Make it more obvious how to report security related bugs2020-06-13T17:24:40ZGeorg KoppenMake it more obvious how to report security related bugsWe had a report about a bug reporter getting different (and partly) conflicting advice on how to report security sensitive bugs. The canonical way of doing so is mailing to tor-security@lists.torproject.org. However, that seems to be not...We had a report about a bug reporter getting different (and partly) conflicting advice on how to report security sensitive bugs. The canonical way of doing so is mailing to tor-security@lists.torproject.org. However, that seems to be not found easily. We should change that on our website.HiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/21808show Windows `gpg --verify` command on one line2020-06-13T17:24:30ZTracshow Windows `gpg --verify` command on one lineThe [How to verify signatures for packages](https://www.torproject.org/docs/verifying-signatures.html.en) shows the `gpg --verify` command split into three lines. [This appears to confuse users inexperienced with the command line](https:...The [How to verify signatures for packages](https://www.torproject.org/docs/verifying-signatures.html.en) shows the `gpg --verify` command split into three lines. [This appears to confuse users inexperienced with the command line](https://tor.stackexchange.com/questions/14384/failed-signature-verification).
I believe it would be best to simply show it on one line:
https://github.com/pgerber/tor-webwml
An alternative might be to use \ at the end of each line (if that actually works on Windows.)
**Trac**:
**Username**: pegewebsite redesignHiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/20688OpenBSD missing from systems that 'work best' with relays2020-06-13T17:24:11ZTracOpenBSD missing from systems that 'work best' with relaysThe URL:
https://www.torproject.org/docs/tor-doc-relay.html.en#setup
states:
> You can run a Tor relay on pretty much any operating system. Tor relays work best on current distributions of Linux, FreeBSD, NetBSD, and Windows Server...The URL:
https://www.torproject.org/docs/tor-doc-relay.html.en#setup
states:
> You can run a Tor relay on pretty much any operating system. Tor relays work best on current distributions of Linux, FreeBSD, NetBSD, and Windows Server.
OpenBSD is notably missing from the list even though it provides a way to run a tor relay. Is there a reason for this?
**Trac**:
**Username**: mulanderWebsiteV3https://gitlab.torproject.org/legacy/trac/-/issues/19841BridgeDB website: surprising choices and no language switcher2020-06-15T23:47:35ZTracBridgeDB website: surprising choices and no language switcherBrowsing to https://bridges.torproject.org/ from Germany using an English Firefox, I am served a page that shows headlines in English, but the rest (as far as I checked) is in German. This language choice is surprising to me as I think t...Browsing to https://bridges.torproject.org/ from Germany using an English Firefox, I am served a page that shows headlines in English, but the rest (as far as I checked) is in German. This language choice is surprising to me as I think the browser’s language as transmitted in the HTTP headers should be the main factor. Strangely, using the Tor Browser and declining the question whether I want to request English content for improved anonymity, I get a page that is fully German despite my exit node being in the UK, so geolocating can not be the sole criterion for this language choice either. This might become a problem because the website does not seem to offer a means for switching the language.
**Trac**:
**Username**: sebalishttps://gitlab.torproject.org/legacy/trac/-/issues/18925Add instructions for removing the code signing parts of OS X bundles and MAR ...2021-09-15T19:45:15ZGeorg KoppenAdd instructions for removing the code signing parts of OS X bundles and MAR filesWe start with code signing on OS X now and should have instructions on our website for getting rid of the code signing parts to make it easier for comparing the things we ship with the things we built.We start with code signing on OS X now and should have instructions on our website for getting rid of the code signing parts to make it easier for comparing the things we ship with the things we built.https://gitlab.torproject.org/legacy/trac/-/issues/18870add the tor animation video to the top of the overview page?2020-06-13T17:23:46ZRoger Dingledineadd the tor animation video to the top of the overview page?It occurred to me while talking to Nima that we might take the embedded video on
https://www.torproject.org/press/video
and put it on the top of
https://www.torproject.org/about/overview
This will not solve all of our website problems (...It occurred to me while talking to Nima that we might take the embedded video on
https://www.torproject.org/press/video
and put it on the top of
https://www.torproject.org/about/overview
This will not solve all of our website problems (and we should avoid getting bogged down here in broader discussions about fixing up the website).
But if somebody wants to do up a patch to make this one work, I'll take it. :) (or you can just merge it yourself, depending on who you are)HiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/18695We should have a repository list that includes important external repositories2020-06-13T17:23:45ZNick MathewsonWe should have a repository list that includes important external repositoriesMany developers like using github or personal repository
Many developers' github repositories are nontrivial to find.
Let's index them on our website or wiki somewhere?Many developers like using github or personal repository
Many developers' github repositories are nontrivial to find.
Let's index them on our website or wiki somewhere?WebsiteV3cypherpunkscypherpunkshttps://gitlab.torproject.org/legacy/trac/-/issues/17805The website should support "stable" and "oldstable" tor releases2020-06-13T17:23:27ZNick MathewsonThe website should support "stable" and "oldstable" tor releasesRight now we have "alpha" and "stable". But sometimes we want to have an extra stable listed as well.
No hurry on this one.Right now we have "alpha" and "stable". But sometimes we want to have an extra stable listed as well.
No hurry on this one.WebsiteV3cypherpunkscypherpunkshttps://gitlab.torproject.org/legacy/trac/-/issues/17413Usability of MacOS installation process2020-06-13T17:23:18ZcypherpunksUsability of MacOS installation processUsability of MacOS installation process
Consequence: User is unable to verify package signature
Steps to reproduce:
1. Download Tor browser
2. Go to https://www.torproject.org/docs/verifying-signatures.html.en for instructions.
3...Usability of MacOS installation process
Consequence: User is unable to verify package signature
Steps to reproduce:
1. Download Tor browser
2. Go to https://www.torproject.org/docs/verifying-signatures.html.en for instructions.
3. Read the block of text for MacOS and Linux.
4. Follow the link at the bottom of that section to:
https://www.gnupg.org/documentation/
5. Struggle with the information on that page.
6. Try to go to the SourceForge link there for GPG Mac download.
uBlock Origin blockade: uBlock Origin has prevented the following page from loading:http://macgpg.sourceforge.net/
Because of the following filter
| sourceforge.net^$other^ |
|-------------------------|
Found in: uBlock filters – Badware risks
7. Give up.
----
What should have happened:
Follow the GPGTools link at the top of the Tor page's Mac/Linux instruction block.
https://www.torproject.org/docs/verifying-signatures.html.en
----
Suggested fixes:
* Divide the MacOS instructions from the Linux instructions.
* Add numbers to the procedures... something like this, for the MacOS:
1. Download Tor Browser and save the signature.asc to your Desktop.
1. Download and install GPGTools.
1. Open a Terminal window (Terminal is in /Applications/Utilities or find it with search)
1. Paste the following into the terminal: [... ...]
...adding links appropriately in the procedure
* Use link colors to help people visually scan through the pages. Take advantage of the human tendency to skim over text and just read the bold, colored stuff:
-Use a color with better contrast against black (the green is wonderful but too dark for good contrast)
-Include more keywords in links
* Related installation issue that probably belongs somewhere else:
Opening the DMG and installing the Tor Browser: The application file shows a file modification date of Dec 31, 1999, so it's difficult to know whether the downloaded one is newer than one I have already.
No version number is in the file name.
Get Info (cmd-I) (which not every Mac user knows about) does show a version number, and it also shows the file has a creation date of Dec 31, 2000, which is before the mod date. The weird dates might cause version control issues but are also likely to worry people who see them.WebsiteV3traumschuletraumschulehttps://gitlab.torproject.org/legacy/trac/-/issues/17342Update hidden service website page with Unix socket info2020-06-13T17:23:16ZDavid Gouletdgoulet@torproject.orgUpdate hidden service website page with Unix socket infoWe should update the https://www.torproject.org/docs/tor-hidden-service page with some information on how to setup an hidden service with Unix socket.
Since 0.2.6, both `SocksPort` and `HiddenServicePort` support Unix socket. Example:
...We should update the https://www.torproject.org/docs/tor-hidden-service page with some information on how to setup an hidden service with Unix socket.
Since 0.2.6, both `SocksPort` and `HiddenServicePort` support Unix socket. Example:
```
HiddenServiceDir /your/HS/dir
HiddenServicePort 80 unix:/path/to/socket
```
For service that supports unix socket like nginx (http://nginx.org/en/docs/http/ngx_http_core_module.html#listen), you only need to point it to "/path/to/socket".HiroHiro