Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2022-11-08T14:01:23Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41054Improve color contrast of purple elements in connection settings in dark theme2022-11-08T14:01:23ZdonutsImprove color contrast of purple elements in connection settings in dark themeThe purple check in the connection status strip in `about:preferences#connection` could do with higher contrast in dark theme:
- [connection-status](/uploads/841682da9722abc61e7f83c3f35a9e6b/connection-status.png)
The same also applies...The purple check in the connection status strip in `about:preferences#connection` could do with higher contrast in dark theme:
- [connection-status](/uploads/841682da9722abc61e7f83c3f35a9e6b/connection-status.png)
The same also applies to the "Connected" pill present on bridge cards, which uses two tones of purple:
- [connected-pill](/uploads/b56e147826f343f285ccc01203d55dcf/connected-pill.png)Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & TibetPier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40259Inform users in Tor Browser of which settings are best for them based on thei...2022-04-04T17:11:17ZArturo FilastòInform users in Tor Browser of which settings are best for them based on their countryTor Browser Launcher would, for countries where we know Tor to either work for sure or not work for sure, advise users on whether to use a bridge or not.
This does open the question of "How does Tor Launcher know the country of the user...Tor Browser Launcher would, for countries where we know Tor to either work for sure or not work for sure, advise users on whether to use a bridge or not.
This does open the question of "How does Tor Launcher know the country of the user"?
I think this is at the end of the day a UX question, that can have various ways of doing it. For example you can have the user input their country (but that is maybe a bit sketchy from the users perspective) or you could show them a list of countries where tor is known to work OK and a list of where it's known to not work.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetrichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41081Users find it difficult to differentiate between Tor Browser's various bridge...2022-09-30T20:05:34ZdonutsUsers find it difficult to differentiate between Tor Browser's various bridge optionsDuring usability testing of Connection Settings conducted in tpo/ux/research#52 & tpo/ux/research#78 participants who elected to select a bridge manually tended to try the various options at random.
For the most part, the options are pl...During usability testing of Connection Settings conducted in tpo/ux/research#52 & tpo/ux/research#78 participants who elected to select a bridge manually tended to try the various options at random.
For the most part, the options are placed in the order it's most useful to try them in:
1. Select a built-in bridge
1. obfs4
2. snowflake
3. meek-azure
2. Request a bridge from torproject.org
3. Provide a bridge manually
However we don't communicate that explicitly to the user.
The redesign conducted in https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41080 also attempted to improve the UX by tidying away the inputs into separate dialogues, and by has provided extra space for descriptions to accompany each bridge option within the dialogues themselves. I think it would be worthwhile reviewing the descriptions added for built-in-bridges, looking for potential improvements, and to consider adding similar descriptions to the request a bridge and provide a bridge dialogues.Sponsor 30 - Objective 3.5donutsdonutshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41058Hide `currentBridges` description when the section itself is hidden2023-03-16T14:50:11ZdonutsHide `currentBridges` description when the section itself is hiddenThe `torPreferences-currentBridges-description` string is currently visible even when the "Your Current Bridges" section is hidden:
![bridges-section-hidden](/uploads/18e4336bb46598599876da689f7ef574/bridges-section-hidden.png)
When th...The `torPreferences-currentBridges-description` string is currently visible even when the "Your Current Bridges" section is hidden:
![bridges-section-hidden](/uploads/18e4336bb46598599876da689f7ef574/bridges-section-hidden.png)
When the section is enabled however, it does appear in its proper place:
![bridges-section-visible](/uploads/852664254f3c206e77d4158fe50ebeb0/bridges-section-visible.png)
Can we hide this string when the section itself is not present please? I'm not sure if this is a bug or is intentional, but "too much text" was a point of feedback we received in user testing with prior designs of this page, and I'd prefer to progressively reveal this string instead to break it up a little.
Thanks!Sponsor 30 - Objective 3.5Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41602Designing the User Interface of Conjure in Tor Browser2023-05-30T21:43:51ZrichardDesigning the User Interface of Conjure in Tor BrowserFollowing https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41361 we need to do the UX work for exposing this feature to users.
@cohosh can you reply with a blurb about how conjure works/differs from other bridges, tra...Following https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41361 we need to do the UX work for exposing this feature to users.
@cohosh can you reply with a blurb about how conjure works/differs from other bridges, tradeoffs, etc so we get a string written for the bridge selection UX ( see https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41583#note_2870062 for reference).Sponsor 30 - Objective 2.3https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41483Tor Browser says Firefox timed out, confusing users2022-12-07T08:44:31ZHackerNCoderhackerncoder@encryptionin.spaceTor Browser says Firefox timed out, confusing usersIf a connection times out, Tor Browser will display the default Firefox page stating "Firefox can’t establish a connection to the server". At least two people I have talked to have been confused by this, thinking it had something to do w...If a connection times out, Tor Browser will display the default Firefox page stating "Firefox can’t establish a connection to the server". At least two people I have talked to have been confused by this, thinking it had something to do with a separate Firefox installation. Please consider whether to change this.Sponsor 131 - Phase 2 - Privacy Browserhenryhenryhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41361Integrate the Conjure PT into alpha versions of Tor Browser2023-06-29T17:45:14ZCecylia BocovichIntegrate the Conjure PT into alpha versions of Tor BrowserLooks like it's going to be easily done on all platforms. See https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/14Looks like it's going to be easily done on all platforms. See https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/issues/14Sponsor 30 - Objective 2.3Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41350Move the implementation of Bug 19273 out of Torbutton2023-04-18T17:46:38ZPier Angelo VendrameMove the implementation of Bug 19273 out of TorbuttonBug #19273 (e.g., 2cce8efa3cede0324b58e2e9a6b2b40e5a48bb87) has a part in Torbutton.
We should move it outside of it, and possibly move it before other Tor patches.
Uplifting it would be lovely, but very unlikely (since it explicitly s...Bug #19273 (e.g., 2cce8efa3cede0324b58e2e9a6b2b40e5a48bb87) has a part in Torbutton.
We should move it outside of it, and possibly move it before other Tor patches.
Uplifting it would be lovely, but very unlikely (since it explicitly says to use only Tor or Tails).
Finally, the title is a bit misleading, we could reword it to say it's the external app warning dialog, rather than saying "prevent JS from hijacking", even though this was the original reason for that ticket.Sponsor 131 - Phase 2 - Privacy BrowserDan BallardDan Ballardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40928Mullvad Browser branding patches in mullvad-browser branch2022-12-09T14:18:20ZrichardMullvad Browser branding patches in mullvad-browser branchWe need to identify all of the branding we have replaced in tor-browser, and make an equivalent branding commit in mullvad-browser that replaces with Mullvad provided icons, colors, etc, etcWe need to identify all of the branding we have replaced in tor-browser, and make an equivalent branding commit in mullvad-browser that replaces with Mullvad provided icons, colors, etc, etcSponsor 131 - Phase 2 - Privacy Browserdonutsdonutshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26978Add comments to TBB translation files2022-07-09T03:33:44ZArthur EdelsteinAdd comments to TBB translation filesLet's go through our translation files and add comments to strings to help translators with context. Things like accelerator keys, jargon definitions, menu items can do with clarification.Let's go through our translation files and add comments to strings to help translators with context. Things like accelerator keys, jargon definitions, menu items can do with clarification.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41401Missing some mozilla icons because we still loading them from "chrome://brows...2022-10-27T17:56:38ZhenryMissing some mozilla icons because we still loading them from "chrome://browser/skin" rather than "chrome://global/skin/icons"I noticed that the "Onion Services Keys" prefernces dialog is missing its warning icon because it still uses "chrome://browser/skin/warning.svg" rather than "chrome://global/skin/icons/warning.svg". I'm guessing these icon paths were cha...I noticed that the "Onion Services Keys" prefernces dialog is missing its warning icon because it still uses "chrome://browser/skin/warning.svg" rather than "chrome://global/skin/icons/warning.svg". I'm guessing these icon paths were changed in mozilla-central. Some have been converted in our patches, but not all.Sponsor 131 - Phase 3 - Major ESR 102 Migrationhenryhenryhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41317Tor Browser leaks banned ports in network.security.ports.banned2023-02-22T14:54:12Zcypherpunks1Tor Browser leaks banned ports in network.security.ports.bannedIn Tor Browser linux releases, the start-tor-browser script suggests modifying the network.security.ports.banned preference when using a system-installed Tor process.
However, the ports banned using this preference are leaked by the bro...In Tor Browser linux releases, the start-tor-browser script suggests modifying the network.security.ports.banned preference when using a system-installed Tor process.
However, the ports banned using this preference are leaked by the browser and custom preferences can be detected. For example, Tails users can be easily identified due to using a custom preference.
Code to detect banned ports can be found here:
https://pseudo-flaw.net/tor/torbutton/detect-banned-ports.html
https://privacycheck.sec.lrz.de/active/fp_je/fp_js_echo.htmlSponsor 131 - Phase 3 - Major ESR 102 Migrationma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41144Review Mozilla 1752906: Enable WebMIDI2023-09-25T16:51:31ZrichardReview Mozilla 1752906: Enable WebMIDI## https://bugzilla.mozilla.org/show_bug.cgi?id=1752906
A new feature, a new potential fingerprinting vector. We need to review this and see whether we want it enabled or not.
@thorin, @tom and thoughts on this?## https://bugzilla.mozilla.org/show_bug.cgi?id=1752906
A new feature, a new potential fingerprinting vector. We need to review this and see whether we want it enabled or not.
@thorin, @tom and thoughts on this?Sponsor 131 - Phase 3 - Major ESR 102 Migrationma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41140Review Mozilla 1751366: Disable tab unloading in private windows (Firefox up...2022-10-25T18:21:20ZrichardReview Mozilla 1751366: Disable tab unloading in private windows (Firefox update coupled with tabs unloading can cause loss of tabs in private browsing)## https://bugzilla.mozilla.org/show_bug.cgi?id=1751366
This sent up warning flags since Tor Browser is always in private browsing mode, but there may be nothing for us to worry about here given that we use a different update process.## https://bugzilla.mozilla.org/show_bug.cgi?id=1751366
This sent up warning flags since Tor Browser is always in private browsing mode, but there may be nothing for us to worry about here given that we use a different update process.Sponsor 131 - Phase 3 - Major ESR 102 Migrationma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41139Review Mozilla 1637922: Consider disabling dom.netinfo.enabled on mobile2022-10-25T22:16:40ZrichardReview Mozilla 1637922: Consider disabling dom.netinfo.enabled on mobile## https://bugzilla.mozilla.org/show_bug.cgi?id=1637922
Not sure what this is but we should investigate and see if we also want it disabled## https://bugzilla.mozilla.org/show_bug.cgi?id=1637922
Not sure what this is but we should investigate and see if we also want it disabledSponsor 131 - Phase 3 - Major ESR 102 Migrationrichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41135Review Mozilla 1749323: Allow shipping OffscreenCanvas via a pref-based hostn...2022-10-18T19:46:36ZrichardReview Mozilla 1749323: Allow shipping OffscreenCanvas via a pref-based hostname allowlist## https://bugzilla.mozilla.org/show_bug.cgi?id=1749323
We should make sure this feature is disabled when privacy.resistFingerprinting is enabled or that it triggers the expected canvas fingerprinting protections UX.
cc @duncan
relat...## https://bugzilla.mozilla.org/show_bug.cgi?id=1749323
We should make sure this feature is disabled when privacy.resistFingerprinting is enabled or that it triggers the expected canvas fingerprinting protections UX.
cc @duncan
related: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18599Sponsor 131 - Phase 3 - Major ESR 102 MigrationDan BallardDan Ballardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41134Review Mozilla 1749501: "Use system proxy settings" no longer uses all define...2022-10-23T23:38:48ZrichardReview Mozilla 1749501: "Use system proxy settings" no longer uses all defined exceptionsWe need to make sure this change is interacting correctly with our proxy bypass expections. If there's any fixes required they should be gated behind MOZ_PROXY_BYPASS_PROTECTION and uplifted.We need to make sure this change is interacting correctly with our proxy bypass expections. If there's any fixes required they should be gated behind MOZ_PROXY_BYPASS_PROTECTION and uplifted.Sponsor 131 - Phase 3 - Major ESR 102 Migrationma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41130Review Mozilla 1741428: Bump the MinGW version2022-10-24T22:44:58ZrichardReview Mozilla 1741428: Bump the MinGW version## https://bugzilla.mozilla.org/show_bug.cgi?id=1741428
So it seems there is a bug in latest widl where enums aren't forward declared correctly in C++:
- https://bugs.winehq.org/show_bug.cgi?id=53431
We will need to either patch the m...## https://bugzilla.mozilla.org/show_bug.cgi?id=1741428
So it seems there is a bug in latest widl where enums aren't forward declared correctly in C++:
- https://bugs.winehq.org/show_bug.cgi?id=53431
We will need to either patch the mingw headres (firefox approach) or we can go fix widl (iirc this should be an easy-ish fix)
cc @tom, @boklm, @pierovSponsor 131 - Phase 3 - Major ESR 102 Migrationrichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41129Review Mozilla 1740840: "Always Open Similar Files" availability is intermittent2022-10-23T22:08:54ZrichardReview Mozilla 1740840: "Always Open Similar Files" availability is intermittent## https://bugzilla.mozilla.org/show_bug.cgi?id=1740840
We should make sure this functionality is consistent with how we want opening downloads to work (with regards to opening files in external programs)
cc @duncan## https://bugzilla.mozilla.org/show_bug.cgi?id=1740840
We should make sure this functionality is consistent with how we want opening downloads to work (with regards to opening files in external programs)
cc @duncanSponsor 131 - Phase 3 - Major ESR 102 Migrationma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41126Review Mozilla 1734262: Rewrite pingsender as a Gecko Background Task2022-10-24T06:48:45ZrichardReview Mozilla 1734262: Rewrite pingsender as a Gecko Background TaskWe disable building the pingsender executable (part of the vanilla updater iirc) entirely. We should ensure any funcitonality we don't want here is disabled.We disable building the pingsender executable (part of the vanilla updater iirc) entirely. We should ensure any funcitonality we don't want here is disabled.Sponsor 131 - Phase 3 - Major ESR 102 Migrationma1ma1