Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2023-02-10T23:45:48Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41421about:manual semantic and accessibility problems2023-02-10T23:45:48Zhenryabout:manual semantic and accessibility problemsI didn't look through all the "about:manual" pages, but I noticed a few semantic and accessibility issues which I imagine are common to most pages. A few of these issues would apply to https://tb-manual.torproject.org/ as well https://gi...I didn't look through all the "about:manual" pages, but I noticed a few semantic and accessibility issues which I imagine are common to most pages. A few of these issues would apply to https://tb-manual.torproject.org/ as well https://gitlab.torproject.org/tpo/web/manual/-/issues/132.
1. The top page "about:manual" uses `<h3>` for the "Topics" heading even though it is the top-most heading.
2. The list of links in "about:manual" uses `<li><h4><a></a></h4><p></p></li>`. Using both `<li>`, `<h4>` and `<a>` for the heading makes this noisier than necessary on a screen reader. Plus, this page is less "headings with paragraphs" and more a navigation page.
3. The sub-pages start with a `<h2>` heading, rather than `<h1>`.
4. The `<nav>` element at the top of the page could perhaps use `<ul>` to separate the links. The "ยป" symbol should be visual only.
5. The alt text for `<img>` elements are not very descriptive of the image. A lot of these are screenshots, but don't describe themselves as screenshots.
6. Some of the text is geared towards users who can see the screenshots.
An example for point 6 would be in the "about:manual#running-tor-browser" page. We have
> ## CONFIGURE
>
> Tor Browser will take you through a series of configuration options.
>
> The Connection Assist informs you about the state of your Internet connection and your connection to the Tor network.
>
> [image]
>
> [image]
>
> The first checkbox is 'Quickstart'. If selected, every time you open Tor Browser, it will try to connect with your previous network settings.
There's no indication that this "configure" is in the settings page, or that "Connection" and "Quickstart" are sections of this page. Using good alt text would help a little, but making the text clearer would help clarify things for all users. Generally, you want something that you could directly read over the phone to help someone on the other end.
Moreover, the use of "Connection Assist" is confusing because the section just before is called "CONNECTION ASSIST", which is something else.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41808We need a new/updated design document/threat model2023-07-24T15:07:51ZPier Angelo VendrameWe need a new/updated design document/threat modelWe have talked about this for a while now.
So, creating an issue, to make it official :slight_smile:.We have talked about this for a while now.
So, creating an issue, to make it official :slight_smile:.richardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41431Document all of the things that are enabled by privacy.resistFingerprinting pref2023-08-22T19:17:11ZrichardDocument all of the things that are enabled by privacy.resistFingerprinting prefOver time many of our patches have been uplifted or reimplemented in Firefox and enabled by the catch-all `privacy.resistFingerprinting` pref. We should maintain a doc outlining all of these changes so we don't lose our memory of these c...Over time many of our patches have been uplifted or reimplemented in Firefox and enabled by the catch-all `privacy.resistFingerprinting` pref. We should maintain a doc outlining all of these changes so we don't lose our memory of these changes.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41430Document prefs in 000-tor-browser.js and 001-base-profile.js2023-08-22T19:17:18ZrichardDocument prefs in 000-tor-browser.js and 001-base-profile.jsMullvad are going to want to communicate with their users the difference between Firefox ESR 102 and Privacy Browser. To start with, we should ( after https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40783 and https://...Mullvad are going to want to communicate with their users the difference between Firefox ESR 102 and Privacy Browser. To start with, we should ( after https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40783 and https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40014 ) ensure each pref (or batch of prefs) are associated with a gitlab ticket and have a description of what pref does and why we set it.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41299Add links to the manual in the connection assistant2022-11-30T16:30:48ZPier Angelo VendrameAdd links to the manual in the connection assistantWe may want to add links to the manual in the various error panels on the connection wizard, so that users can get more information there.
/cc @duncanWe may want to add links to the manual in the various error panels on the connection wizard, so that users can get more information there.
/cc @duncanhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41253Include compile instructions in our tor-android-service repo2022-11-29T13:38:38ZGeorg KoppenInclude compile instructions in our tor-android-service repoThe `README.md` file in `tor-android-service` says currently
```
# tor-android-service
Android Service For Intalling and Running Tor
```
. We should be a bit more verbose to help others using this new tool and getting it built outside of...The `README.md` file in `tor-android-service` says currently
```
# tor-android-service
Android Service For Intalling and Running Tor
```
. We should be a bit more verbose to help others using this new tool and getting it built outside of Tor Browser.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41249In tor-android-services, document where the code we imported comes from2022-09-01T23:00:00ZboklmIn tor-android-services, document where the code we imported comes fromIn `tor-android-service`, we have commit tor-android-service@36f9873ff075253f4c1c9e394c91031fd4ba9d4a which is adding a bunch of code:
https://gitweb.torproject.org/tor-android-service.git/commit/?id=36f9873ff075253f4c1c9e394c91031fd4ba9...In `tor-android-service`, we have commit tor-android-service@36f9873ff075253f4c1c9e394c91031fd4ba9d4a which is adding a bunch of code:
https://gitweb.torproject.org/tor-android-service.git/commit/?id=36f9873ff075253f4c1c9e394c91031fd4ba9d4a
However it seems that this code has been taken from various other places, but there is no indication of where.
Ideally we would have kept history of the projects we imported code from (for example with `git filter-branch`), or just used sub-modules if we did not modify them. But since we didn't do that, I think we should at least put somewhere the information about where all the code we include comes from.
For example the `jsocksAndroid` directory seems to be imported from https://github.com/guardianproject/jsocks or maybe https://github.com/ravn/jsocks, but there is no indication of that, or which commit was used. The directory `service/` looks similar to https://github.com/guardianproject/orbot/tree/master/orbotservice, but there is no indication that it was imported from there, or which commit was used.
I am also wondering why we have both `jsocksAndroid/` and `external/jsocks/`.
We also have a `LICENSE` file containing the Apache License, but it is unclear to what it applies since this is neither the license of Orbot of jsocks.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41189Automate and document local dev build for Fenix2022-11-29T12:36:57ZaguestuserAutomate and document local dev build for Fenix# Context
- currently, the only documented way to build tbb-android is through torbrowser-build, which works but takes several hours for a clean build
- we would like to be able to run a quicker build to iterate on code changes in androi...# Context
- currently, the only documented way to build tbb-android is through torbrowser-build, which works but takes several hours for a clean build
- we would like to be able to run a quicker build to iterate on code changes in android studio, but this is hard b/c we need to inject artifacts for all of our patched layers (`tor-android-service`, `tor-onion-proxy-library`, `android-components`, and `geckoview`) into the gradle cache in order for the build to run correctly
- SO: here we will (1) write down all the steps necessary to perform such injections, (2) script them to the extent possible to make it easier to update injected artifacts as patches to underlying layers are updatedDan BallardDan Ballardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40234Create wiki entry for developing mobile Tor Browser with Android Studio2022-11-30T16:20:22ZGeorg KoppenCreate wiki entry for developing mobile Tor Browser with Android StudioIt would be helpful for potential contributors to get some guidance on
how to set up an Andriod Studio build and hack environment for all
things needed for mobile Tor Browser development.It would be helpful for potential contributors to get some guidance on
how to set up an Andriod Studio build and hack environment for all
things needed for mobile Tor Browser development.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30604Describe why Tor Browser requests each permission on Android2022-11-29T13:07:02ZMatthew FinkelDescribe why Tor Browser requests each permission on AndroidTor Browser requests a few "risky" permissions, we should describe how each of them is used. This is especially important information for people on older Android devices where permissions are not optional (they must allow all permissions...Tor Browser requests a few "risky" permissions, we should describe how each of them is used. This is especially important information for people on older Android devices where permissions are not optional (they must allow all permissions at installation time or they don't install the app).
I'll start with Google Play, but we should add this information on our website (and F-Droid, in the future), too.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20811Should users be able to set Tor Browser as their default browser?2023-01-05T17:04:13ZRoger DingledineShould users be able to set Tor Browser as their default browser?A really common user request lately has been how to set up Tor Browser as their default browser, e.g. when they click on urls in their email in thunderbird.
I'm under the impression that the current Tor Browser team answer is "don't do ...A really common user request lately has been how to set up Tor Browser as their default browser, e.g. when they click on urls in their email in thunderbird.
I'm under the impression that the current Tor Browser team answer is "don't do that, it's dangerous". Is that right? If so we should write it down explicitly, along with some intuitions for why it's dangerous so people will understand why.
And if not, we should write up some heuristics or hints or guides or something for how to do it most safely.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15797Add some explanation of certificate storage being disabled2023-01-05T16:57:13ZTracAdd some explanation of certificate storage being disabledIn Tor Browser 4.0.8 (windows) I was unable to import certificates until I changed preference security.nocertdb to false (legacy/trac#13366). I tried the directions in legacy/trac#13353 but disabling private browsing mode didn't work to...In Tor Browser 4.0.8 (windows) I was unable to import certificates until I changed preference security.nocertdb to false (legacy/trac#13366). I tried the directions in legacy/trac#13353 but disabling private browsing mode didn't work to enable the certificate storage.
There is no warning that certificate storage is disabled. When you add a certificate nothing happens. Also when you view a site with an unrecognized certificate the 'Confirm Security Exception' button does nothing. Please consider making some changes to add a message box "This feature will not work with the current settings because foo. To enable this feature do bar."
Thanks
**Trac**:
**Username**: supermariohttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15690Document how other extensions should ask to isolate their streams2023-01-05T15:50:05ZRoger DingledineDocument how other extensions should ask to isolate their streamsI'm talking to a Firefox extension developer who is installing his extension into Tor Browser and giving the resulting bundle to his users.
His extension makes network requests, and it occurred to me that the new per-tab stream isolatio...I'm talking to a Firefox extension developer who is installing his extension into Tor Browser and giving the resulting bundle to his users.
His extension makes network requests, and it occurred to me that the new per-tab stream isolation feature in Tor Browser probably lumps the requests from his extension into the catch-all circuit.
Is there a URL I can send him to that explains how his extension should set its socks username/password (or whatever it needs to do) to request its own isolation from Tor?