Team issueshttps://gitlab.torproject.org/tpo/applications/team/-/issues2024-03-25T09:00:48Zhttps://gitlab.torproject.org/tpo/applications/team/-/issues/14Make list of software and associated licenses published by Application's team2024-03-25T09:00:48ZrichardMake list of software and associated licenses published by Application's teamFrom meeting: https://pad.riseup.net/p/licenses-tor-Bo4uj-keep (archived in https://nc.torproject.net/f/436603).
We should build a list of software we build/support and figure out what licenses we are using.From meeting: https://pad.riseup.net/p/licenses-tor-Bo4uj-keep (archived in https://nc.torproject.net/f/436603).
We should build a list of software we build/support and figure out what licenses we are using.richardrichardhttps://gitlab.torproject.org/tpo/applications/team/-/issues/25Background color for "Tor Browser for Android" icon is different than the bac...2023-10-30T17:02:33ZclairehurstBackground color for "Tor Browser for Android" icon is different than the background color for "Tor Browser" icon for macAndroid
![Screenshot_2023-10-27_at_16.24.22](/uploads/a773845f1aac5ae1a4936cafc69b90ff/Screenshot_2023-10-27_at_16.24.22.png)
Mac
![Screenshot_2023-10-27_at_16.24.32](/uploads/b43a71c5477492faefa4a917d248c2b2/Screenshot_2023-10-27_a...Android
![Screenshot_2023-10-27_at_16.24.22](/uploads/a773845f1aac5ae1a4936cafc69b90ff/Screenshot_2023-10-27_at_16.24.22.png)
Mac
![Screenshot_2023-10-27_at_16.24.32](/uploads/b43a71c5477492faefa4a917d248c2b2/Screenshot_2023-10-27_at_16.24.32.png)https://gitlab.torproject.org/tpo/applications/team/-/issues/24Move TorBrowser launcher to Tor's Gitlab server2023-09-27T14:53:12ZGabagaba@torproject.orgMove TorBrowser launcher to Tor's Gitlab serverMicahflee reached out to us about the Tor Browser Launcher's project. He wants to move it to TPO and eventually deprecate it if we find a better option for Tor Browser in Linux distros.
The project right now: https://github.com/micahfle...Micahflee reached out to us about the Tor Browser Launcher's project. He wants to move it to TPO and eventually deprecate it if we find a better option for Tor Browser in Linux distros.
The project right now: https://github.com/micahflee/torbrowser-launcher
Next steps will be:
1. Move the project to gitlab.torproject.org/tpo/applications and mirror it in micahflee's github project (https://github.com/micahflee/torbrowser-launcher)
2. Somebody in the @tpo/applications 's team can be responsible of maintaining with micah's help.
3. Deprecate it for TB 14.0 when we can package TB for Linux distros directly.Gabagaba@torproject.orgGabagaba@torproject.orghttps://gitlab.torproject.org/tpo/applications/team/-/issues/1Organizing triaging new issues for the applications group2023-09-27T14:47:43ZGabagaba@torproject.orgOrganizing triaging new issues for the applications groupWe need a better process and shifts for triaging tickets so it does not fall only in one person or does not get done:
- [ ] process - how we are doing triage - where the tickets go to - define criteria for triaging a ticket into a miles...We need a better process and shifts for triaging tickets so it does not fall only in one person or does not get done:
- [ ] process - how we are doing triage - where the tickets go to - define criteria for triaging a ticket into a milestone
- [ ] who is doing it when
- [ ] add documentation to https://gitlab.torproject.org/tpo/applications/teamGabagaba@torproject.orgGabagaba@torproject.orghttps://gitlab.torproject.org/tpo/applications/team/-/issues/7Migrate and update the documentation from old wikis2023-08-26T06:06:23ZPier Angelo VendrameMigrate and update the documentation from old wikisA few months ago, we decided to move all the documentation that is spread everywhere to the wiki of tpo/applications/team.A few months ago, we decided to move all the documentation that is spread everywhere to the wiki of tpo/applications/team.richardrichardhttps://gitlab.torproject.org/tpo/applications/team/-/issues/23Onboard clairehurst2023-08-18T18:31:29ZrichardOnboard clairehurstThere is a lot to do!
- [x] Verify+Sign PGP key
- [x] Open ticket with TPA to:
- create LDAP account
- add new email alias
- setup: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/email
- add to team mailing list...There is a lot to do!
- [x] Verify+Sign PGP key
- [x] Open ticket with TPA to:
- create LDAP account
- add new email alias
- setup: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/email
- add to team mailing list
- add dev to allowed users on `tb-build-04` and `tb-build-05`
- add to next cloud
- [x] direct dev to create user work accounts:
- oftc irc: https://oftc.net/
- `/msg NickServ HELP REGISTER`
- tpo gitlab: https://gitlab.onionize.space/
- [ ] add to Applications Team as 'Developer'
- mozilla bugzilla: https://bugzilla.mozilla.org/createaccount.cgi
- google account
- github account
- SSH public/private keypair
- [x] 'Welcome to the Team' meeting with the apps team
- [x] Onboarding meeting with some of apps team:
- [x] TPO organization
- org chart: https://nc.torproject.net/apps/files/?dir=/TPI&openfile=482729
- [x] Processes/Admin
- IRC
- mailing lists: https://lists.torproject.org/cgi-bin/mailman/listinfo
- PTO/AFK calendar/flex-fridays
- Weekly Applications meeting
- Weekly(ish) All Hands
- Sponsor Meetings
- [x] Project History/Background/High Level View
- tor-launcher, torbutton, no-script, firefox
- Tor Browser, tor-browser-build
- Tor Browser Android orbot/fennic/fenix
- Mullvad Browser
- Links:
- Vision doc: https://nc.torproject.net/apps/onlyoffice/471898?filePath=%2FApplications%20Team%2F2023%20Applications%20Team%20Vision%20by%20Richard.docx
- Wiki: https://gitlab.torproject.org/tpo/applications/team/-/wikis/home
- [x] Threat Model
- ~"Disk Leak"
- ~"Proxy Bypass"
- ~Linkability
- Links
- browser design doc (out of date): https://2019.www.torproject.org/projects/torbrowser/design/
- User personas: https://community.torproject.org/user-research/personas/
- [x] Gitlab
- issues, board, labels, templates
- merge request, release prep issuesrichardrichardhttps://gitlab.torproject.org/tpo/applications/team/-/issues/6Consider next steps to improve applications QA2023-07-14T15:17:44ZdonutsConsider next steps to improve applications QAWe completed a survey of the tor-qa mailing list in https://gitlab.torproject.org/tpo/ux/research/-/issues/67, which didn't receive much engagement unfortunately. Either way, it's a sign that we should move on. Here's a list of the next ...We completed a survey of the tor-qa mailing list in https://gitlab.torproject.org/tpo/ux/research/-/issues/67, which didn't receive much engagement unfortunately. Either way, it's a sign that we should move on. Here's a list of the next steps as I see them:
**Tests**
- [ ] Produce a new manual test script based on the old [Quality Assurance wiki page](https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Quality-Assurance)
- [ ] Put in place some process to review the list of manual tests before each major release
- [ ] Test and fix all current automated tests (that we want to continue using): see [applications/tor-browser-bundle-testsuite](https://gitlab.torproject.org/tpo/applications/tor-browser-bundle-testsuite/-/issues)
- [ ] Review and update the [testsuite wiki/documentation](https://gitlab.torproject.org/tpo/applications/tor-browser-bundle-testsuite/-/tree/master/doc) if necessary
- [ ] Put in place some process to regularly run and maintain the testsuite
**Recruitment campaign**
- [x] Discuss the timing of running a mini-campaign on social media, the forum and email to recruit to Alpha testers
- [x] Create graphics and messaging to support the campaign: https://gitlab.torproject.org/tpo/operations/communications/-/issues/64
- [x] Review and improve the [tor-qa landing page](https://community.torproject.org/user-research/become-tester/): https://gitlab.torproject.org/tpo/web/community/-/issues/269
- [x] Write a template for "what to test" section to go in Alpha release posts
- [x] Write a blog post for the campaign: https://gitlab.torproject.org/tpo/operations/communications/-/issues/65
- [x] Prepare tweets and other social media messaging
- [x] Create forum badges for Alpha testers: https://gitlab.torproject.org/tpo/community/support/-/issues/40076 & https://gitlab.torproject.org/tpo/community/support/-/issues/40075
- [x] Update the sticky post in the [Alpha feedback category](https://forum.torproject.net/c/feedback/tor-browser-feedback/7)
- [x] Figure out what to do with release posts (e.g. cross-post them into the Alpha feedback category): https://gitlab.torproject.org/tpo/community/support/-/issues/40077
- [x] Select some (or all) of the above for translation into RU
- [x] Launch the campaign and onboard new Alpha testers
**QA party**
- [ ] Schedule an internal QA party during an all-hands approx 1-1.5 months before stable release
- [ ] Work with User Support to create a format for this session
- [ ] Host the QA party and translate the results into tickets
**Other**
- [x] Include a test-banner on `about:tor` on Nightly and Alpha releases: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40886
- [ ] Begin collecting metrics on the platforms we're receiving feedback on to identify gaps in our QA
- [ ] Review our [Nightly](https://nightlies.tbb.torproject.org/nightly-builds/tor-browser-builds/) and [Alpha](https://www.torproject.org/download/alpha/) /download pages, and potentially combine thesehttps://gitlab.torproject.org/tpo/applications/team/-/issues/22Enforce 2FA for applications group in gitlab2023-06-29T06:22:03ZGabagaba@torproject.orgEnforce 2FA for applications group in gitlabThere is an option at the group level to enforce 2FA. Is @tpo/applications ok for us to check it so 2FA is enforced for all members in the group?
The option is in settings/permissions/All users in this group must set up two-factor authe...There is an option at the group level to enforce 2FA. Is @tpo/applications ok for us to check it so 2FA is enforced for all members in the group?
The option is in settings/permissions/All users in this group must set up two-factor authenticationrichardrichardhttps://gitlab.torproject.org/tpo/applications/team/-/issues/21Different GPG Key listed on People page for nicob2023-05-09T17:25:45ZnicobDifferent GPG Key listed on People page for nicobHi TPA, it was brought to my attention that what I believe is my old GPG key is attached to my profile on the public people page. Before updating it to my current key, I was recommended to reach out to you to make sure there wouldn't be ...Hi TPA, it was brought to my attention that what I believe is my old GPG key is attached to my profile on the public people page. Before updating it to my current key, I was recommended to reach out to you to make sure there wouldn't be any issue with other settings that may still be attached to this old key that I'm unaware of.
Thanks! :)https://gitlab.torproject.org/tpo/applications/team/-/issues/17Make human summary of Tor Browser design doc2023-01-09T00:15:50ZMike PerryMake human summary of Tor Browser design docWe should create a brief human-readable summary of the privacy properties of TBB, based on the Design Requirements.
We should probably include this in the short user manual, or on the download page, or both.
See also https://lists.torp...We should create a brief human-readable summary of the privacy properties of TBB, based on the Design Requirements.
We should probably include this in the short user manual, or on the download page, or both.
See also https://lists.torproject.org/pipermail/tor-talk/2012-January/022899.html.https://gitlab.torproject.org/tpo/applications/team/-/issues/19Is not saving history hurting Tor Browser retention rates?2023-01-09T00:12:11ZArthur EdelsteinIs not saving history hurting Tor Browser retention rates?The main unique value that Tor Browser provides is network privacy. But we also enable private browsing mode by default, which means history and passwords are not saved.
That's actually pretty inconvenient for a modern web browser. Ever...The main unique value that Tor Browser provides is network privacy. But we also enable private browsing mode by default, which means history and passwords are not saved.
That's actually pretty inconvenient for a modern web browser. Every time the user starts Tor Browser, they don't get the convenience of Restore Session, auto-login, recent pages, history-based completion, importing user data from other browsers, and Sync. This issue was raised in [Gallagher et al 2018](https://lists.torproject.org/pipermail/ux/attachments/20180921/c901ae9f/attachment-0001.pdf)
So, we could consider allowing users to open a "normal browsing" window, that retains history and passwords and even uses "Firefox Sync". They would still get the benefit of network privacy. Saved state could be locked behind a master password, or we could remind users to use whole-disk encryption.
My hypothesis is that this approach could help retain users and enable more users to use Tor Browser as their "main browser". But it would require an analysis of the pros and cons and a careful redesign. We also would need to fix all unpatched network privacy in normal browsing.
So in this ticket I'm proposing we analyze this idea: figure out the best possible design, and determine if the benefits outweigh the costs.https://gitlab.torproject.org/tpo/applications/team/-/issues/20Tracking related preferences mentioned in Tor Browser Design Document not set...2023-01-05T18:15:51ZAnonymousResearcherTracking related preferences mentioned in Tor Browser Design Document not set in Tor Browser<!--
* Use this issue template for reporting a new bug.
-->
### Summary
I apologize if this is already discussed in another place. I tried looking for some explanation of this topic, but the closest I found was tor-browser#40783 which d...<!--
* Use this issue template for reporting a new bug.
-->
### Summary
I apologize if this is already discussed in another place. I tried looking for some explanation of this topic, but the closest I found was tor-browser#40783 which discusses other preferences that are currently included. If this should be a comment of that issue, please let me know.
The 2019 version of the [Tor Browser Design Document](https://2019.www.torproject.org/projects/torbrowser/design/) mentions many Firefox preference changes that were implemented to avoid tracking on the web. Though this document never left the draft stage and is not reflective of the current Tor Browser, it lays out multiple reasons for the FF preferences that it mentions, and the ways in which they attempt to prevent tracking on the web. However, in the process of performing some research on the Tor Browser I found that many of the FF preferences have changed. Though most of these changes are reasonable and either explained or explainable (such as these preferences no longer being used in FF), a few preferences that appear to be related to tracking disappeared from TB. These include setting the following browser preferences:
1. javascript.options.asmjs to false (mentioned here: tor-browser#19400, tor-browser#21298, but none relating to tracking)
2. browser.cache.offline.enable to false
3. security.ssl.disable_session_identifiers to false
4. network.http.altsvc.enabled to false
5. dom.gamepad.enabled to false (mentioned here: tor-browser#13023, tor-browser#10750)
6. ui.use_standins_for_native_colors to true
7. webgl.min_capability_mode to true
8. media.webspeech.synth.enabled to false
9. dom.battery.enabled to false
10. dom.enable_performance to false
11. media.video_stats.enabled to false
12. dom.maxHardwareConcurrency to 1
13. reader.parse-on-load.enabled to false
14. browser.uitour.enabled to false
15. dom.sensors.enabled to false
Is this a bug, or are there reasons to believe that these no longer cause a tracking issue?
### Steps to reproduce:
**How one can reproduce the issue - this is very important.**
1. Open Tor Browser
2. Go to about:config
3. Accept the warning.
4. Search for the above listed preferences
### What is the current bug behavior?
The above preferences do not show the expected vales from the Tor Browser Design Document.
### What is the expected behavior?
The above preferences should show the expected values from the Tor Browser Design Document to avoid tracking.
### Environment
Ubuntu 22.10
From distribution tarball.
### Relevant logs and/or screenshots
N/Ahttps://gitlab.torproject.org/tpo/applications/team/-/issues/18Document auditing setups for testers to use2023-01-05T18:15:17ZMike PerryDocument auditing setups for testers to useWe've got a TBB AppArmor profile at https://trac.torproject.org/projects/tor/wiki/doc/AppArmorForTBB. On legacy/trac#5741, some dude named unknown posted iptables rules that log violations. I hear there is also an OSX Seatbelt policy flo...We've got a TBB AppArmor profile at https://trac.torproject.org/projects/tor/wiki/doc/AppArmorForTBB. On legacy/trac#5741, some dude named unknown posted iptables rules that log violations. I hear there is also an OSX Seatbelt policy floating around somewhere that may also be useful.
We should create a meta document, or perhaps just describe on https://trac.torproject.org/projects/tor/wiki/doc/build/BuildSignoff how to use these things to test for disk leaks, proxy issues, oddities, and other violations.https://gitlab.torproject.org/tpo/applications/team/-/issues/16Create Style Guides2023-01-05T18:14:59ZMatthew FinkelCreate Style GuidesFollowing legacy/trac#26184, we should document our coding style preferences. We should consider documenting all Tor Browser-related projects.Following legacy/trac#26184, we should document our coding style preferences. We should consider documenting all Tor Browser-related projects.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/team/-/issues/15Review and expand the stakeholders we communicate major changes to2022-12-09T16:55:11ZdonutsReview and expand the stakeholders we communicate major changes to@richard has created this checklist as part of the release process (which is awesome):
```
### notify stakeholders
* [ ] Email tor-qa mailing list: [tor-qa@lists.torproject.org](mailto:tor-qa@lists.torproject.org)
* [ ] Provide links...@richard has created this checklist as part of the release process (which is awesome):
```
### notify stakeholders
* [ ] Email tor-qa mailing list: [tor-qa@lists.torproject.org](mailto:tor-qa@lists.torproject.org)
* [ ] Provide links to unsigned builds on `$(BUILD_SERVER)`
* [ ] Call out any new functionality which needs testing
* [ ] Link to any known issues
* [ ] Email Tails dev mailing list: [tails-dev@boum.org](mailto:tails-dev@boum.org)
* [ ] Provide links to unsigned builds on `$(BUILD_SERVER)`
```
And also:
```
### tor-announce mailing list
* [ ] Send an email to [tor-announce@lists.torproject.org](mailto:tor-announce@lists.torproject.org), using the same content as the blog post and subject "Tor Browser $version is released".
```
However it looks like we caught torbrowser-launcher unawares with the 12.0 release: https://github.com/micahflee/torbrowser-launcher/issues/659
We should take the opportunity to review how we notify external stakeholders during development, and expand this list to include Micah Lee & The Guardian Project at minimum (who don't necessarily have the time to read every tor-qa or tor-announce email).https://gitlab.torproject.org/tpo/applications/team/-/issues/12Delete various master branches after automated build/testing scripts are updated2022-09-23T22:56:32ZrichardDelete various master branches after automated build/testing scripts are updated`main` branches added to the following for 12.0a1
* [x] Tor Browser Build
- [x] delete `master` on gitlolite
- [x] delete `master` on gitlab
- [x] block `master` on gitlab
* [x] RBM
- [x] delete `master` on gitlolite
- [x] de...`main` branches added to the following for 12.0a1
* [x] Tor Browser Build
- [x] delete `master` on gitlolite
- [x] delete `master` on gitlab
- [x] block `master` on gitlab
* [x] RBM
- [x] delete `master` on gitlolite
- [x] delete `master` on gitlab
- [x] block `master` on gitlab
* [x] Torbutton
- [x] delete `master` on gitlolite
- [x] delete `master` on gitlab
- [x] block `master` on gitlab
* [x] Tor Launcher
- [x] delete `master` on gitlolite
- [x] delete `master` on gitlab
- [x] block `master` on gitlab
* [x] Tor Android Service
- [x] delete `master` on gitlolite
- [x] delete `master` on gitlab
- [x] block `master` on gitlab
* [x] Tor Browser Bundle Testsuite
- [x] delete `master` on gitlolite
- [x] delete `master` on gitlab
- [x] block `master` on gitlab
* [x] Tor Browser Spec
- [x] delete `master` on gitlolite
- [x] delete `master` on gitlab
- [x] block `master` on gitlab
In theory we should be done with `torbutton` and `tor-launcher` after 12.0 stable is released but we'll see.Sponsor 131 - Phase 3 - Major ESR 102 Migrationrichardrichardhttps://gitlab.torproject.org/tpo/applications/team/-/issues/3Rename git master to main2022-08-11T17:25:25ZMatthew FinkelRename git master to mainFollowing tpo/core/team#2 as a template: let's (finally) do this.
We don't have this problem in the following projects:
- Tor Browser
- Fenix
- Android Components
We should rename the default branch of:
- [x] Tor Browser Build
- [...Following tpo/core/team#2 as a template: let's (finally) do this.
We don't have this problem in the following projects:
- Tor Browser
- Fenix
- Android Components
We should rename the default branch of:
- [x] Tor Browser Build
- [x] RBM
- [x] Torbutton
- [x] Tor Launcher
- [x] Tor Android Service
- [x] Tor Browser Bundle Testsuite
- [x] Tor Browser Spec
See also:
- tpo/tpa/gitlab#75
- tpo/web/tpo#90
- https://gitlab.com/anarcat/scripts/-/blob/master/git-rename-to-mainrichardrichardhttps://gitlab.torproject.org/tpo/applications/team/-/issues/11Update QA and Testing content on our HACKING document2022-06-23T22:20:56ZGeorg KoppenUpdate QA and Testing content on our HACKING documentOur QA and Testing content on our HACKING page needs some update.Our QA and Testing content on our HACKING page needs some update.https://gitlab.torproject.org/tpo/applications/team/-/issues/10Add mozregression support for Tor Browser2022-06-23T18:42:59ZrichardAdd mozregression support for Tor BrowserSo an old trac user suggested bisecting an issue with the `mozregression` tool in tor-browser#24934
This tool automates the bisection process when attempting to identify when an issue become an issue in Firefox (and other Mozilla produ...So an old trac user suggested bisecting an issue with the `mozregression` tool in tor-browser#24934
This tool automates the bisection process when attempting to identify when an issue become an issue in Firefox (and other Mozilla products). It would be nice to have Tor Browser support, or to implement something similar.
- https://mozilla.github.io/mozregression/quickstart.htmlhttps://gitlab.torproject.org/tpo/applications/team/-/issues/8wikis/Hacking/Hacking is not found by Trac redirect2022-06-06T21:41:26ZDavid Fifielddcf@torproject.orgwikis/Hacking/Hacking is not found by Trac redirectOriginal comment: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40233#note_2809321
The old Trac TorBrowser/Hacking wiki URL is still fairly prominent, for example appearing in a web search for "Tor Browser hacking":
https://trac....Original comment: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40233#note_2809321
The old Trac TorBrowser/Hacking wiki URL is still fairly prominent, for example appearing in a web search for "Tor Browser hacking":
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking
There is an HTTP redirect rule installed, but it goes to the wrong place ("This project has no wiki pages"):
https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Hacking
The correct current location of the wiki page is actually:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Hacking/Hacking
I [posted a comment](https://gitlab.torproject.org/tpo/tpa/team/-/issues/40233#note_2809321) about fixing the redirect, but @anarcat asked whether the team might not prefer to move wikis/Hacking/Hacking to wikis/Hacking instead.