Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2024-03-19T17:46:34Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42467compat: don't mismatch userAgent headers in Mac/Linux2024-03-19T17:46:34ZThorincompat: don't mismatch userAgent headers in Mac/LinuxTB version of https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/234
recap:
- check progress MB
- assuming we want this for TB, decide if we want it for all slider settings or just safest
adding under ~Fingerprinti...TB version of https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/234
recap:
- check progress MB
- assuming we want this for TB, decide if we want it for all slider settings or just safest
adding under ~Fingerprinting although we're not actually addressing thathttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42362"New window" missing from File menu on macOS2024-01-10T07:30:30Zdonuts"New window" missing from File menu on macOSAt some point we seem to have lost the option to open a new window via the File menu on macOS.
[macos-file-menu](/uploads/aa06119db881fb40797f7500c3057e1c/macos-file-menu.png)At some point we seem to have lost the option to open a new window via the File menu on macOS.
[macos-file-menu](/uploads/aa06119db881fb40797f7500c3057e1c/macos-file-menu.png)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42347Add a banner warning users about the upcoming EOL for Win ≤8.1 and macOS ≤10.142024-02-01T14:39:44ZPier Angelo VendrameAdd a banner warning users about the upcoming EOL for Win ≤8.1 and macOS ≤10.1413.5 will be the last Windows version, Mozilla bumped the requirement to Windows 10.
We could add a warning to Windows 7 users somewhere, e.g., in about:tor.
We can check the version of the OS with `Services.sysinfo.getProperty("versio...13.5 will be the last Windows version, Mozilla bumped the requirement to Windows 10.
We could add a warning to Windows 7 users somewhere, e.g., in about:tor.
We can check the version of the OS with `Services.sysinfo.getProperty("version")`. It's `10.0` in my Windows 10 VM, and `6.1` in my Windows 7 VM.
Maybe the first versions of Windows 10 also use 6.1, but if that's the case, they're unsupported too.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42200Command+mouse-scroll no longer Zooms In/Out the text, page, or image size upo...2023-11-01T20:02:14ZjenknessCommand+mouse-scroll no longer Zooms In/Out the text, page, or image size upon update to v13.0 on MacMacOS 10.13
Tor Browser version 13.0
1) Go to any Web page, or open image in separate page or tab.
2) Put mouse pointer over page or image.
3) Hold Command key and use scroll wheel. Text and / or image no longer zooms in or out.
Qui...MacOS 10.13
Tor Browser version 13.0
1) Go to any Web page, or open image in separate page or tab.
2) Put mouse pointer over page or image.
3) Hold Command key and use scroll wheel. Text and / or image no longer zooms in or out.
Quick-fix Solution: Use keyboard shortcut instead, or go back to any version before 13.0 and prevent updates, then mouse-scroll-zoom functionality returns.clairehurstclairehursthttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42197TBB 13.0 startup issue on MacOS 13.4 - Cc[aContract] is undefined2023-12-20T20:55:34ZSilvio RhattoTBB 13.0 startup issue on MacOS 13.4 - Cc[aContract] is undefinedAn user reported the following error when opening TBB 1.3 on MacOS Ventura 13.4:
```
Tor exited during startup. This might be due to an error in your torrc file,
a bug in Tor or another program on your system, or faulty hardware.
Until ...An user reported the following error when opening TBB 1.3 on MacOS Ventura 13.4:
```
Tor exited during startup. This might be due to an error in your torrc file,
a bug in Tor or another program on your system, or faulty hardware.
Until you fix the underlying problem and restart Tor, Tor Browser will not start.
```
They also opened the browser console (Ctrl+Shift+J on Windows/Linux) and shared the details:
```
TorProvider: Cannot connect to the control port Error: The tor process exited before the first connection
<anonymous> resource://gre/modules/TorProvider.sys.mjs:613
<anonymous> resource://gre/modules/TorProvider.sys.mjs:488
#processExitedUnexpectedly resource://gre/modules/TorProcess.sys.mjs:215
#watchProcess resource://gre/modules/TorProcess.sys.mjs:197
TorProvider.sys.mjs:196
Error: The tor process exited before the first connection TorProvider.sys.mjs:613:16
TypeError: Cc[aContract] is undefined
XPCOMUtils.sys.mjs:137:9
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41872Make IPC default again on Linux and macOS2024-02-07T09:02:11ZPier Angelo VendrameMake IPC default again on Linux and macOSAt a certain point, Tor Browser switched to Unix sockets both for SOCKS and control where supported (Linux and macOS): #20111.
Then TCP was restored to reuse the same tor daemon for TorBirdy: tor-launcher@485ba9456724e38b661c90dccc90322...At a certain point, Tor Browser switched to Unix sockets both for SOCKS and control where supported (Linux and macOS): #20111.
Then TCP was restored to reuse the same tor daemon for TorBirdy: tor-launcher@485ba9456724e38b661c90dccc90322c74fa405f.
Also, Tor Browser had some problems when `+` and `__` weren't yet a thing for the control port and socks port parameters: #20761.
Now, these aren't problems anymore, amd IPC still seems a good idea (easier to audit for leaks, or less leaks in general - according to @JeremyRand - and allows for multiple Tor Browsers at the same time, since the default branch tries to make a unique filename).
Also, everything is already in place, we just need to flip `extensions.torlauncher.control_port_use_ipc` and `extensions.torlauncher.socks_port_use_ipc`.
**We should make them `sticky`, so that any previous user value is kept in `user.js`.**
The differences in code between Windows and the other OS's are minimal:
- the control port uses `nsISocketTransportService.createUnixDomainTransport` instead of `nsISocketTransportService.createTransport`, but both return the same type of abstraction (`nsISocketTransport`);
- for SOCKS, `network.proxy.socks` is set to `file:///....`, instead of having the IP address/hostname;
- different `+__ControlPort` and `+__SocksPort` are passed to `tor`.
I think it should be pretty safe to use them. I've been doing that on my developer build in these days and everything kept working (but I also have a number of other changes for the torbutton refactor/removal).
So, in today's meeting we decided to prioritize this preference flip ASAP, already for 13.0a1, to have this in test for the 3 months before the 13.0 release.
I will do after !694 is merged.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41839Figure out how to run multiple release channels on MacOS2024-02-08T16:26:56ZdonutsFigure out how to run multiple release channels on MacOSBy default, each Tor Browser release channel has the same app name. This makes it challenging to keep multiple versions installed and running in MacOS' applications folder.
Other browsers use distinct app names based on their release ch...By default, each Tor Browser release channel has the same app name. This makes it challenging to keep multiple versions installed and running in MacOS' applications folder.
Other browsers use distinct app names based on their release channel, e.g.
Firefox:
- Firefox
- Firefox Beta
- Firefox Nightly
Chrome:
- Google Chrome
- Google Chrome Beta
- Google Chrome Canary
Brave:
- Brave Browser
- Brave Browser Beta
- Brave Browser Nightly
So I have two questions:
1. What's a short-term workaround that allows me to keep multiple release channels installed with different library files (e.g. TorBrowser-Data folders), other than renaming the app manually, which seems to break things?
2. Would renaming each release channel to Tor Browser; Tor Browser Alpha and Tor Browser Nightly fix this problem in the long term?https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41685macOS can open links in new tabs when set as default browser (despite remotin...2023-03-21T14:30:03ZrichardmacOS can open links in new tabs when set as default browser (despite remoting being disabled)Haven't had a chance to debug too deeply, but the best guess is that the relevant code path is here:
- https://searchfox.org/mozilla-central/source/toolkit/components/remote/nsMacRemoteServer.mm#34
This code should likely be checking fo...Haven't had a chance to debug too deeply, but the best guess is that the relevant code path is here:
- https://searchfox.org/mozilla-central/source/toolkit/components/remote/nsMacRemoteServer.mm#34
This code should likely be checking for the MOZ_NO_REMOTE env variable or something at that entry point and bailing early if it is present. I'm 90% sure this is an upstream bug so we should uplift once we have a patch.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41405Win ≤8.1 and macOS ≤10.14 not supported in ESR 1282024-02-01T14:37:30ZThorinWin ≤8.1 and macOS ≤10.14 not supported in ESR 128Official support articles:
* Windows: [Firefox users on Windows 7, 8 and 8.1 moving to Extended Support Release](https://support.mozilla.org/en-US/kb/firefox-users-windows-7-8-and-81-moving-extended-support)
* MacOS: [Firefox users on m...Official support articles:
* Windows: [Firefox users on Windows 7, 8 and 8.1 moving to Extended Support Release](https://support.mozilla.org/en-US/kb/firefox-users-windows-7-8-and-81-moving-extended-support)
* MacOS: [Firefox users on macOS 10.12, 10.13 and 10.14 moving to Extended Support Release](https://support.mozilla.org/en-US/kb/firefox-users-macos-1012-1013-1014-moving-to-extended-support)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41402Resolve ja-JP-mac locale exceptions2023-10-11T12:24:01ZhenryResolve ja-JP-mac locale exceptionsThe patch from https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/401 included an exception for the ja-JP-mac locale to address https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41372.
We opene...The patch from https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/401 included an exception for the ja-JP-mac locale to address https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41372.
We opened a mozilla bug for that specific issue https://bugzilla.mozilla.org/show_bug.cgi?id=1796161 If that is resolved, we would no longer require the ja-JP-mac exception added in the above patch.
There is also a more generic mozilla bug to remove the ja-JP-mac distinction entirely by renaming the packaged locale to ja-JP-macos https://bugzilla.mozilla.org/show_bug.cgi?id=1726586 If that is resolved, then we similarly won't need our exception, but there may also be other places where we can remove ja-JP-mac exceptions.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41382mac: investigate font smoothing2022-11-30T16:19:33ZThorinmac: investigate font smoothinghttps://caniuse.com/font-smooth
IDK enough about macs, might be similar to clearType entropy on windows @pierov another `Font` issuehttps://caniuse.com/font-smooth
IDK enough about macs, might be similar to clearType entropy on windows @pierov another `Font` issueSponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41373subpixels: radiusX and radiusY affected by retina display in synthesized touc...2023-11-04T01:28:33Zrichardsubpixels: radiusX and radiusY affected by retina display in synthesized touch eventsTouch Events on macOS indirectly leak user's screen DPI.
Original discussion: https://gitlab.torproject.org/legacy/trac/-/issues/10286
Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1364969
There has not been any traction upstr...Touch Events on macOS indirectly leak user's screen DPI.
Original discussion: https://gitlab.torproject.org/legacy/trac/-/issues/10286
Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1364969
There has not been any traction upstream for quite awhile, so we should consider fixing this ourselve and upstreaming.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41045Phantom update notification in Tor Browser Alpha2022-11-30T15:26:53ZninaPhantom update notification in Tor Browser Alpha<!--
* Use this issue template for reporting a new bug.
-->
### Summary
After opening TB Alpha the browser informed about the existing update. However, failed to update automatically. So I deleted existing TB Alpha an re-installed from ...<!--
* Use this issue template for reporting a new bug.
-->
### Summary
After opening TB Alpha the browser informed about the existing update. However, failed to update automatically. So I deleted existing TB Alpha an re-installed from the TP web site. However, I started browser anew I got an update reminder again. Then I checked for updates in Settings. And it said the browser was up to date. The update notification dissipated
But after I restart the update notification showed up again. And it did not disappeared after checking for updates.
I restarted again and got the red screen. Then I restarted again and got new update notification
### Steps to reproduce:
**How one can reproduce the issue - this is very important.**
1. Open TB Alpha
### Environment
MacOS Monterey
TB Alpha 11.5a13
### Relevant logs and/or screenshots
![Screenshot_2022-07-06_at_11.48.10](/uploads/22295fbbcb7521a4c60026b0b6c21e5a/Screenshot_2022-07-06_at_11.48.10.png)
![Screenshot_2022-07-06_at_11.38.20](/uploads/572e815c141108d2e7f04b85b1031039/Screenshot_2022-07-06_at_11.38.20.png)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40989Clicking the 'new Identity' button in full screen on macOS causes the top and...2022-10-04T19:21:35ZTracClicking the 'new Identity' button in full screen on macOS causes the top and bottom of the browser to show white bars that do not go awayFull-screening TorBrowser then clicking the 'new Identity' button causes tor browser to come out of full screen and the top and bottom of the browser have large white bars.
1. Open TorBrowser 9.0a8 on macOS 10.15 and click the green full...Full-screening TorBrowser then clicking the 'new Identity' button causes tor browser to come out of full screen and the top and bottom of the browser have large white bars.
1. Open TorBrowser 9.0a8 on macOS 10.15 and click the green full screen button.
2. Click the 'new Identity' button and choose to have a new Identity. Image attached showing the white bars.
**Trac**:
**Username**: DbryrtfbcbhgfSponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40976On macOS a list of downloaded files is kept on disk and survives New Identity2022-11-29T13:39:51ZGeorg KoppenOn macOS a list of downloaded files is kept on disk and survives New IdentityOn macOS a list of downloaded files is kept and survives New Identity. It might affect other platforms, too:
```
Mac [...] keeps a list of all the downloaded files. From which app(browser) and which website.
Location:
sqlite3 ~/Library/...On macOS a list of downloaded files is kept and survives New Identity. It might affect other platforms, too:
```
Mac [...] keeps a list of all the downloaded files. From which app(browser) and which website.
Location:
sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV* 'select * from LSQuarantineEvent’
52FA128A-42E1-41E6-A0DD-5A58FB21ED7A|550679062.0|org.torproject.torbrowser|TorBrowser.app|https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSP6KTk9o7luHrlg5CoeGFLiH2RpKwEcywcgdDeVQpciZzytjaafDzkKL0v|||0||https://www.google.com/search?q=snowmountains&tbm=isch&sa=G&gbv=1&sei=h3oiW_DkC8yFgAadrJLQBQ|
```Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40975Disk leak on macOS due to Notification API2023-10-12T11:29:31ZGeorg KoppenDisk leak on macOS due to Notification APIKonark Modi reported a while ago a disk leak at least on macOS due to the Notification API. Here is the bug report:
```
The leak is cause by: https://www.w3.org/TR/notifications/ API.
Steps to reproduce:
1. Visit http://www.bennish.net/...Konark Modi reported a while ago a disk leak at least on macOS due to the Notification API. Here is the bug report:
```
The leak is cause by: https://www.w3.org/TR/notifications/ API.
Steps to reproduce:
1. Visit http://www.bennish.net/web-notifications.html
2. Temporarily allow JS.
3. Click on Authorize button.
4. Click on Show button.
5. Notification should occur.
macOS by default saves these notification in`/private/var/folders/qs/54swlb5d1fx4hq969vdqg4rr0000gn/0/com.apple.notificationcenter/db` . It dumps the content of the notification and the website name.
This location can be found using:
Activity Monitor -> Search for process user noted -> Open files and ports -> Notifications DB.
Now, although the user opted in to these notifications, but this is an intended leak from OS level.
```Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26444macOS 10.14 adds persisted-to-disk permission prompts for WebCam/Mic access2022-11-29T14:31:31ZTom Rittertom@ritter.vgmacOS 10.14 adds persisted-to-disk permission prompts for WebCam/Mic accessmacOS 10.14 Beta has added OS-level permission prompts for Mic/Camera access. According to Mozilla's prelimimary testing the behavior was:
> The description I found said the OS should cache the results of the prompt. Did a quick test - ...macOS 10.14 Beta has added OS-level permission prompts for Mic/Camera access. According to Mozilla's prelimimary testing the behavior was:
> The description I found said the OS should cache the results of the prompt. Did a quick test - 1st try: get the the Firefox dialog then two OS dialogs for the "Firefox" process (camera and mic), 2nd try: get OS dialog for "plugin-container", 3rd try: no OS dialogs
I requested we file a bug about persisting this to disk in Private Browsing mode (and what, if anything we could do about that...) but I wanted to get this bug on file for Tor Browser.
It seems like a user who uses Tor Browser and uses the mic or camera will create a disk persistence that they had done so, with timestamp.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/23431Command+Shift+L unexpectedly Googles selected text in non-Tor browser2022-11-29T21:26:51ZTracCommand+Shift+L unexpectedly Googles selected text in non-Tor browserI am using Tor Browser 7.0.5 on OS X 10.12.6 and I noticed a bug.
If I select some text, and then press Command+Shift+L, instead of switching to a new Tor circuit, like the keyboard shortcut usually does, it opens Safari and does a Goog...I am using Tor Browser 7.0.5 on OS X 10.12.6 and I noticed a bug.
If I select some text, and then press Command+Shift+L, instead of switching to a new Tor circuit, like the keyboard shortcut usually does, it opens Safari and does a Google search for what I selected.
Sometimes, even if I don't have any text selected, Command+Shift+L opens Safari with text I have selected a few minutes ago. I don't know what exactly is triggering this bug but I'm able to reliably reproduce it by selecting text.
I think this is a serious bug because it can cause the user to accidentally reveal sensitive information to the clearnet (with their Google session cookies if they are logged into Google).
**Trac**:
**Username**: eliasSponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22642TorBrowser 7.x Mac - Disable kMDItemWhereFroms extended attributes at least i...2022-11-29T14:13:04ZcypherpunksTorBrowser 7.x Mac - Disable kMDItemWhereFroms extended attributes at least in Private Browsing ModeIn late 2016, Mozilla developers implemented kMDItemWhereFroms extended attribute metadata on macOS to behave more like Safari (however Safari, rather surprisingly for Apple, doesn't write xattrs in private browsing).
When files are do...In late 2016, Mozilla developers implemented kMDItemWhereFroms extended attribute metadata on macOS to behave more like Safari (however Safari, rather surprisingly for Apple, doesn't write xattrs in private browsing).
When files are downloaded, Firefox (v51+) writes the URL of downloaded files to a kMDItemWhereFroms entry in the file's extended attribute, even in Private Browsing mode. This metadata can be viewed using "xattr -l <file>" and removed using "xattr -rc <file>", but on later versions of 10.12 this metadata is usually also written to ~Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2
I plan to file a bug on bugzilla and ask the devs who implemented it whether they could add an about:config pref or disable the functionality in private browsing, but in case they don't respond, I thought I'd file a ticket here too since TorBrowser is now on v52ESR.
Here's the bugzilla bug where the developers originally implemented the kMDItemWhereFroms functionality.
https://bugzilla.mozilla.org/show_bug.cgi?id=337051https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20941Tor browser will resize it self after the dock is enabled and the browser is ...2024-03-12T09:04:02ZTracTor browser will resize it self after the dock is enabled and the browser is dragged to a new locationTor browser will resize it self after the dock is enabled and the browser is dragged to a new location, this could cause the user to be fingerprinted because the browser is a different size than other tor browser users.
To cause this bug...Tor browser will resize it self after the dock is enabled and the browser is dragged to a new location, this could cause the user to be fingerprinted because the browser is a different size than other tor browser users.
To cause this bug, first make sure the dock is hidden in macOS. next open torbrowser 6.5a4. When tor browser is finished loading unhide the dock by checking the box in settings. and drag tor browser to a new location and it will resize it self to a size smaller than its default size. I attached a video showing the bug being reproduced.
**Trac**:
**Username**: Dbryrtfbcbhgf