Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T10:19:29Zhttps://gitlab.torproject.org/legacy/trac/-/issues/32560can not get orbot to connect lately, (never filled out one of these forms befor)2020-06-13T10:19:29ZTraccan not get orbot to connect lately, (never filled out one of these forms befor)here's a 2 logs I've been getting a lot latley, before 2 weeks ago no problems, same device
---------
checking binary version: null
upgrading binaries to latest version: 0.4.1.5-openssl1.0.2p
Waiting for control port...
Set backgroun...here's a 2 logs I've been getting a lot latley, before 2 weeks ago no problems, same device
---------
checking binary version: null
upgrading binaries to latest version: 0.4.1.5-openssl1.0.2p
Waiting for control port...
Set background service to FOREGROUND
checking binary version: 0.4.1.5-openssl1.0.2p
updating settings in Tor service
updating torrc custom configuration...
success.
Orbot is starting…
Tor configuration VERIFIED.
Waiting for control port...
checking binary version: 0.4.1.5-openssl1.0.2p
updating settings in Tor service
updating torrc custom configuration...
success.
Orbot is starting…
Tor configuration VERIFIED.
Waiting for control port...
Connecting to control port: 40960
SUCCESS connected to Tor control port.
SUCCESS connected to Tor control port.
Unable to start Tor: org.torproject.android.control.TorControlError: Error reply: Authentication failed: Authentication cookie did not match expected value.
TorService is shutting down
Using control port to shutdown Tor
sending HALT signal to Tor process
Orbot is deactivated
Set background service to FOREGROUND
----------
checking binary version: 0.4.1.5-openssl1.0.2p
updating settings in Tor service
updating torrc custom configuration...
success.
Orbot is starting…
Tor configuration VERIFIED.
Waiting for control port...
Connecting to control port: 59158
SUCCESS connected to Tor control port.
---------
Orbot will not go farther than this, won't begin the bootstrapping process
if I reinstall I can get one session, once I close and reopen orbort the above happens again.
using a rooted Acer b1770 tablet with tor alpha.
tor alpha will connect without orbot, just worried about the lack of extra layers.
**Trac**:
**Username**: freehatNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/32341parallel orbot cannot resolve hidden services2020-06-13T10:15:15ZTracparallel orbot cannot resolve hidden servicesI am currently using work and personal profiles with orbot running in vpn mode on both in parallel. Generally they get along well, since they have different SOCKS and HTTP ports, and android sets up two VPN configurations. As such, I do ...I am currently using work and personal profiles with orbot running in vpn mode on both in parallel. Generally they get along well, since they have different SOCKS and HTTP ports, and android sets up two VPN configurations. As such, I do not see issues with public web traffic. However routing to hidden services only works on one orbot at a time, usually the primary profile. On the other profile, usually work, I get the following tor log line and connection failure within a VPNed app:
WARN: Missing mapping for virtual address [SCRUBBED]. Refusing.
This appears to be caused by the app from the work profile resolving the .onion domain against the personal orbot's DNSPort. I am able to reproduce the failure in the profile of my choosing by setting that orbot to use DNSPort 5401, and the other orbot to use 5400 (the default value). This does not appear to be a hardcoded port issue though, because if 5401 and 5402 are set, one of the two orbots wins and can route .onion addresses while the other still cannot.
**Trac**:
**Username**: urandomNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/31975Orbot on Kitkat stuck at "Orbot is starting..." after update. Device overheat...2020-06-13T10:07:35ZTracOrbot on Kitkat stuck at "Orbot is starting..." after update. Device overheating.
Upgraded to the latest version of Orbot using F-Droid (16.1.2-RC-2-tor-0.4.1.5-rc (116123000)
Orbot does not get beyond "Orbot is starting...", including in the Log.
The phone also overheats.
Tried resetting the phone, but to no avai...
Upgraded to the latest version of Orbot using F-Droid (16.1.2-RC-2-tor-0.4.1.5-rc (116123000)
Orbot does not get beyond "Orbot is starting...", including in the Log.
The phone also overheats.
Tried resetting the phone, but to no avail. Device is now basically unusable.
**Trac**:
**Username**: torloveNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/31836Idea for the realization of chats via the Tor network2020-06-13T10:04:51ZTracIdea for the realization of chats via the Tor networkHello.
If some Tor server operators also support a feature to receive messages from chat users in a chat group and then send them to the chat recipient in the chat group, I can imagine programming a client to do so.
1 - There should be...Hello.
If some Tor server operators also support a feature to receive messages from chat users in a chat group and then send them to the chat recipient in the chat group, I can imagine programming a client to do so.
1 - There should be a registry where you can create a chat group to get an anonymous group ID. If you have to visit a website whose address ends with ".onion", that would be fine too. But then a code would have to be downloaded before, which would encrypt the data for the registry completely by means of a password, which the caller enters, before it is sent to the registry. So that unwanted can see neither the ID, nor the name of the chat group, nor the description of the chat group.
2 - Once at least one chat user in the chat group logs in using a key received from the chat group creator, the registrar must encourage the selection of a Tor server that supports this chat communication. Always after a certain amount of time, you must switch to a different Tor server. This must happen from the registrar, the previous Tor server must not know the new Tor server. So the information must be sent directly from the registrar to all chat members, or encrypted in the usual way via the Tor server to be left. The clients of chat members who are not online at this moment will then be notified of the current Tor server as usual the next time they go online.
3 - All chat users in the chat group who are logged in must be sent the ID of the Tor server through which the chat communication is currently being transported.
4 - I will program the chat client so that before sending the text message, the message is encrypted using the key from the chat group creator. Only recipients who have this key can decrypt the message. So I will program the client so that after the receipt, before the message is displayed, it is decrypted again. Which of course only works if you have the right key. If you don't have the right key, you don't know the ID in the registry, you can't see which Tor server the communication is running on and you don't even see the chat users of the chat group.
5 - The chat group creator must set a secure password to create a chat group, which is used for encrypted communication between him and the registrar and authorizes him to administer and then upload a key that he gives to all chat users who are supposed to be able to see his chat group and communicate there.
6 - It is not necessary for the members of the chat group to be in the registry and it is much safer. Each member of the chat group authorizes himself each time with the key to log in. If the chat group creator wants to expel a member without sending a new key to all desired members of the chat group, he can enter it in the registry as "not authorized". If the now excluded chatter then logs on, he will not get the address of the current Tor server over which the communication is transported once more from the registry. However, if the user changes his or her user ID, this protection no longer applies. As a countermeasure, I can imagine that the chat group creator can request a new key via the registry, but the old key will continue to apply until the clients of all chat members have received the new key. The chat user to be excluded will be excluded.
**Trac**:
**Username**: Researching girlhttps://gitlab.torproject.org/legacy/trac/-/issues/31824Orfox RIP bookmark export crashes app instantly2020-06-13T10:04:40ZTracOrfox RIP bookmark export crashes app instantlyThe bookmark export button in Orfox RIP crashes the app instantly.
This might be related to the fact that I have a LOT of bookmarks? Like, thousands...?
It's not really versioned, so I can't say which "version" of Orfox-Final-RIP this ...The bookmark export button in Orfox RIP crashes the app instantly.
This might be related to the fact that I have a LOT of bookmarks? Like, thousands...?
It's not really versioned, so I can't say which "version" of Orfox-Final-RIP this is.
**Trac**:
**Username**: patbernierhttps://gitlab.torproject.org/legacy/trac/-/issues/31816VPN mode is kept on after switching off the main control2020-06-13T10:04:26ZcypherpunksVPN mode is kept on after switching off the main controlThis doesn't seem to make sense from a regular user's respective - the main switch is considered a global control, so users will think about it when they want or no longer want the app's functionality, and turning something off should tu...This doesn't seem to make sense from a regular user's respective - the main switch is considered a global control, so users will think about it when they want or no longer want the app's functionality, and turning something off should turn it off completely. Currently the VPN switch and the main switch are mostly independent entities, with the exception of switching on the VPN automatically activates the main switch. While the automatic activation might be useful, it's simpler and less confusing for the VPN switch to act just as a configuration toggle, where it only takes effect when the main switch is on. It might be technically not the case if tor operates independently, but it would probably be a regular user's expectation if they use the Orbot as a standalone vpn (read: censorship circumvent) app.
ps. I can only come up with using it as a kill-switch to justify the current behaviour, but Android now provides Always On VPN so advanced users should be able to use that.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/31744Orbot for Android opens tcp ports for good2020-06-13T10:03:02ZTracOrbot for Android opens tcp ports for goodI have installed orbot on my Android Moto E5 play and every time I start the application it opens a new TCP port qconnect however when I exit it doesn't close the TCP port. this is an issue because now I have seven open TCP ports and it ...I have installed orbot on my Android Moto E5 play and every time I start the application it opens a new TCP port qconnect however when I exit it doesn't close the TCP port. this is an issue because now I have seven open TCP ports and it keeps opening new ones every time I start the VPN.
**Trac**:
**Username**: MagikNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/31341TorBirdy does not support Thunderbird 682020-06-13T10:24:49ZTracTorBirdy does not support Thunderbird 68TorBirdy 0.2.6 could not be installed because it is not compatible with Thunderbird 68. I tested this with Thunderbird 68.0b5.
**Trac**:
**Username**: ozozozTorBirdy 0.2.6 could not be installed because it is not compatible with Thunderbird 68. I tested this with Thunderbird 68.0b5.
**Trac**:
**Username**: ozozozSukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/31049Orbot Using Tor Android Service2020-06-13T09:48:03ZShane IsbellOrbot Using Tor Android ServiceI'd like to get some discussion of whether we want to have Orbot start using Tor Android Service/TOPL. It's stable now so worth a look.
I have a pull request with some refactoring that would help with eventual integration if we go that...I'd like to get some discussion of whether we want to have Orbot start using Tor Android Service/TOPL. It's stable now so worth a look.
I have a pull request with some refactoring that would help with eventual integration if we go that route.
https://github.com/guardianproject/orbot/pull/240
I'm tracking issues with #31042 to align the code with the latest changes so we don't get out of sync.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/30982Torbirdy preset keyserver2020-06-13T09:46:36ZcypherpunksTorbirdy preset keyserverThe preset keyserver must be removed. Nowhere can keys be manipulated more easy than on a key server. Through the preset the contact to a distinct keyserver is mandatory, which leads to identification of Torbirdy users, see Fingerprint, ...The preset keyserver must be removed. Nowhere can keys be manipulated more easy than on a key server. Through the preset the contact to a distinct keyserver is mandatory, which leads to identification of Torbirdy users, see Fingerprint, #30981, and a single point of attack.Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/30981Torbrowser/Torbirdy insecure settings2020-06-13T09:46:35ZcypherpunksTorbrowser/Torbirdy insecure settingsDescribed for Torbirdy, applicable in the same way to Torbrowser.
security.OCSP.enabled must be 0, after program restart 1
Leak of used https-certificates, also leak of certificates used to check signatures of e-mails, thus history of u...Described for Torbirdy, applicable in the same way to Torbrowser.
security.OCSP.enabled must be 0, after program restart 1
Leak of used https-certificates, also leak of certificates used to check signatures of e-mails, thus history of used certificates (i.e. website, signatures, keys, if tied to a certificate).
furthermore leak of fingerprint (in case of Torbirdy, should be secured with Torbrowser)
Accept:
Accept-Language:
Accept-Encoding:
...Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/30980Torbirdy changes config settings to insecure values2020-06-13T09:46:35ZcypherpunksTorbirdy changes config settings to insecure valuesnetwork.http.sendRefererHeader should be 0, after progam restart 2
permissions.default.image should be 2, after program restart 3
network.cookie.cookieBehavior; should be 2, according to torbirdy restore setting (extensions.torbirdy.re...network.http.sendRefererHeader should be 0, after progam restart 2
permissions.default.image should be 2, after program restart 3
network.cookie.cookieBehavior; should be 2, according to torbirdy restore setting (extensions.torbirdy.restore.network.cookie.cookieBehavior;2), after program restart 1Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/30811orbot and torbrowser fail2020-06-13T09:43:02ZTracorbot and torbrowser failClosed 2 streams for service [scrubbed].onion for reason resolve failed. Fetch status: No more HSDir available to query.
this is the log there are become when i open a new onion site
please help me
i use android and orbot
**Trac**: ...Closed 2 streams for service [scrubbed].onion for reason resolve failed. Fetch status: No more HSDir available to query.
this is the log there are become when i open a new onion site
please help me
i use android and orbot
**Trac**:
**Username**: jug39Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/30619Orbot reporting wrong bandwidth label units bit/s instead byte/s2020-06-13T09:38:57ZcypherpunksOrbot reporting wrong bandwidth label units bit/s instead byte/s1. in orbot it shows under the onion icon bit/s instead byte/s. If you have traffic of 1MBYTE per second it shows: 1 Mbit/s
same for kbyte/s value with Kbit/s label and so on
2. in orbot notification it reads "kbps" or "mbps" while the...1. in orbot it shows under the onion icon bit/s instead byte/s. If you have traffic of 1MBYTE per second it shows: 1 Mbit/s
same for kbyte/s value with Kbit/s label and so on
2. in orbot notification it reads "kbps" or "mbps" while the unit is KBYTE/s or MBYTE/s
easily reproduce by downloading something... and for example compare traffic with traffic the torbrowser reports. download
please fix by changing labels, because users think tor is slower by factor 8 while it is actually not.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/30535Не меняется язык2020-06-13T09:36:53ZTracНе меняется языкПроблема такая, запускаю orbot, перехожу в настройки, меняю язык на русский, и ничего не происходит, orbot по прежнему остаётся на английском языке, а на все другие языки меняется без проблем.
**Trac**:
**Username**: dnd99Проблема такая, запускаю orbot, перехожу в настройки, меняю язык на русский, и ничего не происходит, orbot по прежнему остаётся на английском языке, а на все другие языки меняется без проблем.
**Trac**:
**Username**: dnd99Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/302482 Bugs (possibly related) - Mozilla addon Search & Cardbook CardDav-server co...2020-06-13T09:30:58ZTrac2 Bugs (possibly related) - Mozilla addon Search & Cardbook CardDav-server connection issueWhen torbirdy is active and working, for the first time if you try and connect Cardbook to a carddav server - it fails with "validation failed"
If you disable torbirdy - the connection to a carddav server from Cardbook works perfectly an...When torbirdy is active and working, for the first time if you try and connect Cardbook to a carddav server - it fails with "validation failed"
If you disable torbirdy - the connection to a carddav server from Cardbook works perfectly and connects successfully.
Looking at the logs of Cardbook, i have filed a similar bug on Cardbook issue tracker.
Please see here: https://gitlab.com/CardBook/CardBook/issues/573
It seems as if there is a secure connection issue "Connection status : Failed : SecurityUnsupportedTLSVersionError"
There is also a second bug that COULD be related to the carddav server bug.
When attempting to search in the addons search for any addon such as "Cardbook", it returns an error on Mozilla page with "Oops! We had an error. We'll get to fixing that soon." Now you would think this is a Mozilla issue, but its not. If you disable torbirdy it then returns search results successfully. This issue has been on-going for about 4 months now
PLEASE can you fix these two issues, especially the carddav secure connection issue.
I also tried contacting you on @tor but you were not available.
**Trac**:
**Username**: jovi234Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/30246Torrc settings create errors within Orbot2020-06-13T09:30:57ZTracTorrc settings create errors within OrbotFollowing .Torrc settings create errors within Orbot:
IsolateClientAddr
IsolateSOCKSAuth
IsolateClientProtocol
IsolateDestPort
IsolateDestAddr
KeepAliveIsolateSOCKSAuth
IPv6Traffic
PreferIPv6
NoDNSRequest
Error messages returned:
[wa...Following .Torrc settings create errors within Orbot:
IsolateClientAddr
IsolateSOCKSAuth
IsolateClientProtocol
IsolateDestPort
IsolateDestAddr
KeepAliveIsolateSOCKSAuth
IPv6Traffic
PreferIPv6
NoDNSRequest
Error messages returned:
[warn] Failed to parse/validate config: Unknown option 'IsolateClientAddr'. Failing.
[warn] Failed to parse/validate config: Unknown option 'IsolateSOCKSAuth'. Failing.
[warn] Failed to parse/validate config: Unknown option 'IsolateClientProtocol'. Failing.
[warn] Failed to parse/validate config: Unknown option 'IsolateDestPort'. Failing.
[warn] Failed to parse/validate config: Unknown option 'KeepAliveIsolateSOCKSAuth'. Failing.
[warn] Failed to parse/validate config: Unknown option 'IPv6Traffic'. Failing.
[warn] Failed to parse/validate config: Unknown option 'NoDNSRequest'. Failing.
Apr 03 08:18:41.431 [err] Reading config failed--see warnings above.
WARN: Your application (using socks5 to port 443) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS. Rejecting.
Without settings, Orbot functions desirably.
As well, Orfox cannot connect to onion sites with following settings contained within .torrc file:
StrictNodes
**Trac**:
**Username**: untiedlacesNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/30178Orbot: VPN mode breaks wifi calling2020-06-13T09:29:26ZTracOrbot: VPN mode breaks wifi callingOn samsung note 8 with android v9, trying to use at&t wifi calling while orbot vpn mode is on.
Disabling VPN mode in orbot re-enables at&t wifi calling. When i try to disable several programs in the vpn mode options to try to isolate w...On samsung note 8 with android v9, trying to use at&t wifi calling while orbot vpn mode is on.
Disabling VPN mode in orbot re-enables at&t wifi calling. When i try to disable several programs in the vpn mode options to try to isolate which service that wifi calling is using that is getting rerouted out of country over tor, orbot re-enables the vpn mode on those programs so not only cant i use wifi calling in vpn mode, i cant disable vpn mode for whatever program that wifi calling is using to register. This is quite a hassle since i use wifi calling most of the time, and now vpn mode cant be enabled if i want to get or make any phone calls.
**Trac**:
**Username**: DavenportNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/30177Orbot: v3 Hidden Service Client Authorization Support2020-06-13T10:52:12ZTracOrbot: v3 Hidden Service Client Authorization SupportIn the latest v3 torspec a hidden service may require an authorization token: [HIDSERVDIR-FORMAT](https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n2289).
Lack of support for this authorization method in Orbot renders thi...In the latest v3 torspec a hidden service may require an authorization token: [HIDSERVDIR-FORMAT](https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt#n2289).
Lack of support for this authorization method in Orbot renders this feature largely useless if your intent is to use an authorized hidden service from a mobile device.
Is upgrading tor and adding this support to Orbot on the present roadmap?
**Trac**:
**Username**: DavenportNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/30134reEnable IPv6 routing by Orbot add back Route to handle IPv62020-06-13T09:28:40ZcypherpunksreEnable IPv6 routing by Orbot add back Route to handle IPv6
I wondered why Orbot does not use IPv6 routing but Tor Browser access IPv6 sites fine, while both android and badvpn support it very well.
After looking into code i found the line at:
https://github.com/n8fr8/orbot/blob/56917567cd21a7...
I wondered why Orbot does not use IPv6 routing but Tor Browser access IPv6 sites fine, while both android and badvpn support it very well.
After looking into code i found the line at:
https://github.com/n8fr8/orbot/blob/56917567cd21a734a35f3bee0e56ba23793b6887/orbotservice/src/main/java/org/torproject/android/service/vpn/OrbotVpnManager.java#L327
commented out :( :
```
//handle ipv6
//builder.addAddress("fdfe:dcba:9876::1", 126);
//builder.addRoute("::", 0);
```
Tor Browser speaks directly to socks5 of tor with IPv6 and not over tun2socks vpn translation. That's why you can actually access IPv6 Websites but not for tunneling any other application connection to IPv6.
tun2socks just requires argument:
```
--netif-ip6addr fdfe:dcba:9876::2
```
if
```
fdfe:dcba:9876::1
```
will be address of virtual interfaceNathan FreitasNathan Freitas