Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2020-06-27T14:35:19Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27200about:tor favicon should be the tb icon2020-06-27T14:35:19ZTracabout:tor favicon should be the tb iconabout:tor favicon is non-existent in tb 8.0a10
**Trac**:
**Username**: ProTipGuyFWIWWeLoveARMAabout:tor favicon is non-existent in tb 8.0a10
**Trac**:
**Username**: ProTipGuyFWIWWeLoveARMAhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27196TB 8a10 and panopticlick: your browser has a unique fingerprint2022-01-11T19:31:57ZtraumschuleTB 8a10 and panopticlick: your browser has a unique fingerprintThe bundle works fine, thanks for your great work!
I am surprised by the new yellow blinking triangle over the onion settings button. What does it mean? (The tooltip only says "Tor Enabled")
= Update NoScript to 10.1.8.16
In NoScript p...The bundle works fine, thanks for your great work!
I am surprised by the new yellow blinking triangle over the onion settings button. What does it mean? (The tooltip only says "Tor Enabled")
= Update NoScript to 10.1.8.16
In NoScript preferences the list of per-site definitions was empty, I added a site and clicked on reset: a lot of whitelisted domains appeared (legacy/trac#26517).
= Trackers
As discussed before (legacy/trac#12958), [blocking content allows fingerprinting](https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/Support_discuss#CanIinstallanewadd-onorextensioninTorBrowserlikeAdBlockPlusoruBlockOrigin), instead [[comment:4:ticket:12958|you suggest]] "an identical blocklist for every user. For example, AdBlock Plus with a fixed set of filters." Do you have plans to do this? (I am aware of your answers for [[comment:1:ticket:15279|uMatrix]] and [[comment:54:ticket:17569|ublock origin]] and spare you to repost everything :)
(mentioning [Riseup's recommendations](https://riseup.net/en/security/network-security/better-web-browsing) + requestblock for a balanced perspective, because I do not follow the conclusion that external requests should be accepted just not to be finger-printable. For me personally it's worse, when trackers know that I visited a site.)
legacy/trac#14924 sounds reasonable.
= EFF/Panopticlick
wants me to install privacybadger (not voting for it here, because of legacy/trac#12958)
Is your browser blocking tracking ads? ⚠ partial protection
Is your browser blocking invisible trackers? ⚠ partial protection
Does your blocker stop trackers that are included in the so-called “acceptable ads” whitelist? ✗ no
Does your browser unblock 3rd parties that promise to honor Do Not Track? ✗ no
Does your browser protect from fingerprinting? ✗
your browser has a unique fingerprint
https://share.riseup.net/#3RwdPLNSuFFZcK9MA_6l8g
I consider the defaults dangerous ([[comment:3:ticket:25451|window size]]). Why not setting the security slider to "Safest" per default?Erinn ClarkErinn Clarkhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27129Add ca, ga, id, is, nb locales for Tor Browser2020-06-27T14:35:21ZArthur EdelsteinAdd ca, ga, id, is, nb locales for Tor BrowserAccording to our monitoring at https://torpat.ch/locales, these 5 locales are 100% translated.According to our monitoring at https://torpat.ch/locales, these 5 locales are 100% translated.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/270982018 "Monthly Giving" Tor Browser banner2020-06-27T14:35:22ZArthur Edelstein2018 "Monthly Giving" Tor Browser bannerOur fundraising team is proposing a browser banner for September 2018 encouraging monthly donors. We'll need text and a design very soon to get it ready for the September 4 release. This ticket is to review copy, design and code.Our fundraising team is proposing a browser banner for September 2018 encouraging monthly donors. We'll need text and a design very soon to get it ready for the September 4 release. This ticket is to review copy, design and code.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27097Add "Tor News" newsletter signup link in Tor Browser2020-06-27T14:35:22ZArthur EdelsteinAdd "Tor News" newsletter signup link in Tor BrowserAs part of our community building and fundraising, we would like to add a link to make it easy for users to join Tor's email list. We'll need final text, a URL, and a design.As part of our community building and fundraising, we would like to add a link to make it easy for users to join Tor's email list. We'll need final text, a URL, and a design.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27028UX: Indicate current download progress2022-06-23T22:25:24ZTracUX: Indicate current download progress**Issue**:
While training journalists on the use of SecureDrop, which heavily uses Tor Browser as its primary interface, users consistently confuse the arrow flash animation over the hamburger menu in the Tor Browser as a sign that the ...**Issue**:
While training journalists on the use of SecureDrop, which heavily uses Tor Browser as its primary interface, users consistently confuse the arrow flash animation over the hamburger menu in the Tor Browser as a sign that the download they started has _completed_, rather than simply having been _started._ They panic when a partial file they prematurely copied fails to open, and someone ends up having to make a house call to let them know the file wasn't finished downloading.
**Proposal**:
Vanilla Firefox makes a nominal effort to address this with an arrow button appearing in the toolbar aside from the hamburger menu which indicates download progress. Including this existing Firefox feature into the Tor Browser would be a useful first step, however, other browsers have solved the potential for this kind of user confusion by showing individual download progress in a new toolbar. Copying what Brave Browser does (see image here: https://imgur.com/LZU7hAo), for example, would much more effectively help prevent confusion on the user's end and should be implemented in Tor Browser, then pushed upstream to Firefox.
**Trac**:
**Username**: huertanixhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26847Tor Browser 8.0, noscript pops up a full-browser-size window to warn me about...2020-06-27T14:35:28ZRoger DingledineTor Browser 8.0, noscript pops up a full-browser-size window to warn me about x-site scriptingWhen I go to certain sites in the Tor Browser 8.0, I get a new window popping up, which is the same size as my current browser window, which looks like it comes from noscript. It says "NoScript XSS Warning" at the top, and the window tit...When I go to certain sites in the Tor Browser 8.0, I get a new window popping up, which is the same size as my current browser window, which looks like it comes from noscript. It says "NoScript XSS Warning" at the top, and the window title is moz-extension://4536b558-.... NoScript XSS Warning", and there's a bit of text towards the top that says
```
NoScript detected a potential Cross-Site Scripting attack
from http://www.espn.com to https://8397396.fls.doubleclick.net.
Suspicious data:
(URL) https://8397396.fls.doubleclick.net/activityi;src=8397396;type=espng0;cat=espna0;u1=http://www.espn.com/mlb/story/_/id/24116616/mlb-bryce-harper-brings-house-epic-derby-comeback;u2=[s.products];u3=[c.promocode];u4=[payment method];u5=[c.SWID];u6=[c.UNID];u7=[c.NavMethod];u8=[Trial/Monthly/Annual];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9016327828417.457?
```
and towards the bottom I have the options to block, always block, allow, always allow, and then an ok button.
The example url in this case was
http://www.espn.com/mlb/story/_/id/24116616/mlb-bryce-harper-brings-house-epic-derby-comeback
(I've noticed the behavior happens pretty consistently with espn urls.)
I'm not sure quite what behavior I would expect instead, but "making a new huge window that's mostly whitespace and that prevents me from doing anything on any tab until I've made the window go away" was not it. :)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26765Add Tor Browser indicator where Firefox PB indicator is2022-06-23T22:03:38ZArthur EdelsteinAdd Tor Browser indicator where Firefox PB indicator isWe need to keep Tor Browser looking distinct from other browsers. One way is to show an indicator the way Firefox has a "private browsing indicator" (an eyemask on a purple background, in a circular icon):
![ticket:25693:pbm.png](upload...We need to keep Tor Browser looking distinct from other browsers. One way is to show an indicator the way Firefox has a "private browsing indicator" (an eyemask on a purple background, in a circular icon):
![ticket:25693:pbm.png](uploads/ticket:25693:pbm.png)
The PB icon file (24x24 svg) is here:
https://dxr.mozilla.org/mozilla-central/raw-rev/085cdfb90903d4985f0de1dc7786522d9fb45596/browser/themes/shared/icons/private-browsing.svg
The code that sets it is here:
https://dxr.mozilla.org/mozilla-central/rev/085cdfb90903d4985f0de1dc7786522d9fb45596/browser/themes/shared/browser.inc.css#145
We'll need a new icon to fit there. I would suggest using a different color so it's easy to distinguish from Firefox PBM even in the user's peripheral vision.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26629Prompt users to install missing video codecs2024-03-06T09:01:37ZArthur EdelsteinPrompt users to install missing video codecsMissing video codecs are a way to fingerprint users, even if Media Capabilities object has been sanitized for fingerprinting. Tor Browser could detect when codecs are missing and suggest to user that they install them.Missing video codecs are a way to fingerprint users, even if Media Capabilities object has been sanitized for fingerprinting. Tor Browser could detect when codecs are missing and suggest to user that they install them.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26612increase the TLS handshake timeout2023-01-05T17:28:19ZMark Smithincrease the TLS handshake timeoutAs of Firefox 58, the browser implements a TLS handshake timeout with a default value of 30 seconds. Previously, the timeout was a lot longer (maybe the same as the system TCP connect timeout, which is typically on the order of 10 minute...As of Firefox 58, the browser implements a TLS handshake timeout with a default value of 30 seconds. Previously, the timeout was a lot longer (maybe the same as the system TCP connect timeout, which is typically on the order of 10 minutes). We should decide whether we need a longer timeout for Tor-based browsing, e.g., 2 or 3 minutes. See:
https://bugzilla.mozilla.org/show_bug.cgi?id=1393691https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26491Onion+cert UI text is black with Tor Browser 8.0a9 - it should be green2022-06-23T21:33:17ZcypherpunksOnion+cert UI text is black with Tor Browser 8.0a9 - it should be green![https://i.stack.imgur.com/v9o05.png](https://i.stack.imgur.com/v9o05.png)
Compare it with this screenshot:
![https://trac.torproject.org/projects/tor/raw-attachment/ticket/26322/v3onion_circuit_display.png](https://trac.torproject.or...![https://i.stack.imgur.com/v9o05.png](https://i.stack.imgur.com/v9o05.png)
Compare it with this screenshot:
![https://trac.torproject.org/projects/tor/raw-attachment/ticket/26322/v3onion_circuit_display.png](https://trac.torproject.org/projects/tor/raw-attachment/ticket/26322/v3onion_circuit_display.png)
(Platform: Debian, xfce)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26429Add native OnionShare support2022-07-13T23:07:43ZMatthew FinkelAdd native OnionShare supportNeeds further thought. I'm mostly thinking about mobile, but it may be worth adding this in Tor Browser, in general.
This would be a nice way we can share downloaded files.Needs further thought. I'm mostly thinking about mobile, but it may be worth adding this in Tor Browser, in general.
This would be a nice way we can share downloaded files.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25898Youtube videos don't play automatically anymore2020-06-27T14:36:02ZGeorg KoppenYoutube videos don't play automatically anymoreWe got reports that videos on Youtube don't play anymore automatically in Tor Browser when loaded (see: https://blog.torproject.org/comment/274954#comment-274954). Rather, one has to pause them first and then start playing them.We got reports that videos on Youtube don't play anymore automatically in Tor Browser when loaded (see: https://blog.torproject.org/comment/274954#comment-274954). Rather, one has to pause them first and then start playing them.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25872When Clicking more information when visiting a V3 onion some of the buttons a...2022-11-30T16:39:10ZTracWhen Clicking more information when visiting a V3 onion some of the buttons are cut offWhen Clicking more information when visiting a V3 onion some of the buttons are cut off.
1. go to http://sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion
2. click the "!" next to the URL and click ">" then click more inform...When Clicking more information when visiting a V3 onion some of the buttons are cut off.
1. go to http://sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion
2. click the "!" next to the URL and click ">" then click more information.
3.The "View cookies" and "View saved passwords" buttons are cut off.
I attached a photo showing the buttons cut off.
Tor Browser 7.5.3
**Trac**:
**Username**: Dbryrtfbcbhgfhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25850Eval error on content include via iframe2022-06-23T20:19:47ZTracEval error on content include via iframeHi,
https://linc.cnil.fr/une-cartographie-des-outils-et-pratiques-de-protection-de-la-vie-privee include https://framindmap.org/c/maps/438273/embed?zoom=1 with an iframe.
On Firefox 52.7.3esr both works fine.
On TorBrowser 7.5.3,
- ht...Hi,
https://linc.cnil.fr/une-cartographie-des-outils-et-pratiques-de-protection-de-la-vie-privee include https://framindmap.org/c/maps/438273/embed?zoom=1 with an iframe.
On Firefox 52.7.3esr both works fine.
On TorBrowser 7.5.3,
- https://framindmap.org/c/maps/438273/embed?zoom=1 works fine
- https://linc.cnil.fr/une-cartographie-des-outils-et-pratiques-de-protection-de-la-vie-privee which try to include https://framindmap.org/c/maps/438273/embed?zoom=1 via an iframe does not print the content. Eval errors are displayed in the console.
**Trac**:
**Username**: gebhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25795Decide which settings to hide in Tor Browser2022-03-31T17:37:17ZArthur EdelsteinDecide which settings to hide in Tor BrowserTor Browser exposes a lot of settings and menu items in Firefox, some of which are dangerous for users to change.
So which settings should we be hiding from users? I have in mind about:preferences and various menu items. I would propose...Tor Browser exposes a lot of settings and menu items in Firefox, some of which are dangerous for users to change.
So which settings should we be hiding from users? I have in mind about:preferences and various menu items. I would propose going through each item for ESR60 and deciding which ones to keep and which ones to hide.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25765TBA - Communicating security expectations for .onion: what to say about diffe...2020-06-27T14:36:06ZAntonelaantonela@torproject.orgTBA - Communicating security expectations for .onion: what to say about different padlock states for .onion servicesTBA work on parent ticketTBA work on parent tickethttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25743Orfox users are not able to open cloudflare protected sites2020-06-27T14:36:06ZIgor OliveiraOrfox users are not able to open cloudflare protected sitesWhen an user using the Tor Network tries to access CloudFlare protected websites such as laravel.com and upwork.com a captcha website opens however the captcha image doesn't render.When an user using the Tor Network tries to access CloudFlare protected websites such as laravel.com and upwork.com a captcha website opens however the captcha image doesn't render.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25735Tor Browser stalls while loading Facebook login page (Waiting for static.xx.f...2020-06-27T14:36:07ZTracTor Browser stalls while loading Facebook login page (Waiting for static.xx.fbcdn.net)Problem:
After opening the Tor Browser and typing in facebook.com, page loading hangs, status bar showing "Waiting for static.xx.fbcdn.net"
HTTP GET requests for small images from static.xx.fbcdn.net stall in the "Blocked" state for mi...Problem:
After opening the Tor Browser and typing in facebook.com, page loading hangs, status bar showing "Waiting for static.xx.fbcdn.net"
HTTP GET requests for small images from static.xx.fbcdn.net stall in the "Blocked" state for minutes - viewed in Developer tools / Network / request / Timing (see attached screenshot Step2.png).
When a different website is opened in a new tab, HTTP requests continue loading successfully - seems to be some livelock within the browser.
This is **not a network issue**, connectivity in the browser works fine, also verifed without a SOCKS proxy (direct connection without Tor).
Reproducibility: nearly 100%
Environment:
- Windows 10 Pro, 64bit
- Tor Browser 7.5.3 for Windows, english
- Tor Browser 8.0a5 for Windows, english
**Trac**:
**Username**: uzihttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25702Activity 1.1 Update Tor Browser icon to follow design guidelines.2020-06-27T14:36:08ZIsabela FernandesActivity 1.1 Update Tor Browser icon to follow design guidelines.update the globe and any other old icons - download page and website icons will be updated with the redesign work. this is just about the icons at the product.update the globe and any other old icons - download page and website icons will be updated with the redesign work. this is just about the icons at the product.