tor-browser-spec issueshttps://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues2021-06-14T13:57:18Zhttps://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/16820Torbutton design page outdated for 4 years2021-06-14T13:57:18ZcypherpunksTorbutton design page outdated for 4 yearshttps://www.torproject.org/docs/torbutton/en/design/
This page has not been updated in over 4 years....really needs one.https://www.torproject.org/docs/torbutton/en/design/
This page has not been updated in over 4 years....really needs one.https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/21922Add our reasoning for dealing with the XPI signing to our design document2022-12-09T13:20:15ZGeorg KoppenAdd our reasoning for dealing with the XPI signing to our design documentWe missed to explain how we deal with the code-signing requirement for our own extensions. We should have that in our design document I think.We missed to explain how we deal with the code-signing requirement for our own extensions. We should have that in our design document I think.https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/30072andlabs.org, linked from tor browser design doc, seems gone2022-12-09T13:19:35ZRoger Dingledineandlabs.org, linked from tor browser design doc, seems gonehttps://2019.www.torproject.org/projects/torbrowser/design/
in Section 3 of "Specific Fingerprinting Defenses in the Tor Browser" links to
http://www.andlabs.org/tools/jsrecon.html
which seems to have become a parked domain.https://2019.www.torproject.org/projects/torbrowser/design/
in Section 3 of "Specific Fingerprinting Defenses in the Tor Browser" links to
http://www.andlabs.org/tools/jsrecon.html
which seems to have become a parked domain.https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/33971Document Authenticode code signing certificate renewal process2022-12-09T13:19:27ZGeorg KoppenDocument Authenticode code signing certificate renewal processWhile it is still fresh we should document the process of renewing our Windows code signing certificate.While it is still fresh we should document the process of renewing our Windows code signing certificate.Tor Browser: 11.0 Issues with previous releasehttps://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/25197Design document isn't precise about "Security" and "Privacy".2022-12-09T13:20:19ZArthur EdelsteinDesign document isn't precise about "Security" and "Privacy".In Tor Browser, we have a "Security" Slider and various "Privacy" features. But these words are not so easily distinguished. Maybe we could think of a better words?
In any case, we should defined the two concepts very clearly in the Des...In Tor Browser, we have a "Security" Slider and various "Privacy" features. But these words are not so easily distinguished. Maybe we could think of a better words?
In any case, we should defined the two concepts very clearly in the Design document, and we should make sure we don't mix them up. For example, section 2.1 is entitled "Security Requirements" but goes on to list what I would consider privacy properties and does not include the sort of security intended to be provided by the Slider.https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/24945Tor Browser design doc says it whitelists flash and gnash as plugins2024-02-13T20:04:29ZRoger DingledineTor Browser design doc says it whitelists flash and gnash as pluginsThe Tor Browser design doc says "we also patch the Firefox source code to prevent the load of any plugins except for Flash and Gnash. Even for Flash and Gnash, we also patch Firefox to prevent loading them into the address space until th...The Tor Browser design doc says "we also patch the Firefox source code to prevent the load of any plugins except for Flash and Gnash. Even for Flash and Gnash, we also patch Firefox to prevent loading them into the address space until they are explicitly enabled."
If this is so, we should probably change Tor Browser to just prevent all plugins, including Flash and Gnash.
And if it is no longer so, we should fix the wrong statement in the design doc.
Noticed in legacy/trac#10885.https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/33070Update website traffic fingerprinting section in tor browser design doc2023-11-08T20:48:06ZGeorg KoppenUpdate website traffic fingerprinting section in tor browser design docThe website traffic fingerprinting section needs to get updated as there have been a bunch of more or less recent developments that are not accounted for in it. In particular our [recent blog post](https://blog.torproject.org/new-low-cos...The website traffic fingerprinting section needs to get updated as there have been a bunch of more or less recent developments that are not accounted for in it. In particular our [recent blog post](https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations) about low cost attacks in this space could be a good starting point for getting the update going.