Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2022-03-31T17:37:17Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25795Decide which settings to hide in Tor Browser2022-03-31T17:37:17ZArthur EdelsteinDecide which settings to hide in Tor BrowserTor Browser exposes a lot of settings and menu items in Firefox, some of which are dangerous for users to change.
So which settings should we be hiding from users? I have in mind about:preferences and various menu items. I would propose...Tor Browser exposes a lot of settings and menu items in Firefox, some of which are dangerous for users to change.
So which settings should we be hiding from users? I have in mind about:preferences and various menu items. I would propose going through each item for ESR60 and deciding which ones to keep and which ones to hide.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25765TBA - Communicating security expectations for .onion: what to say about diffe...2020-06-27T14:36:06ZAntonelaantonela@torproject.orgTBA - Communicating security expectations for .onion: what to say about different padlock states for .onion servicesTBA work on parent ticketTBA work on parent tickethttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25743Orfox users are not able to open cloudflare protected sites2020-06-27T14:36:06ZIgor OliveiraOrfox users are not able to open cloudflare protected sitesWhen an user using the Tor Network tries to access CloudFlare protected websites such as laravel.com and upwork.com a captcha website opens however the captcha image doesn't render.When an user using the Tor Network tries to access CloudFlare protected websites such as laravel.com and upwork.com a captcha website opens however the captcha image doesn't render.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25735Tor Browser stalls while loading Facebook login page (Waiting for static.xx.f...2020-06-27T14:36:07ZTracTor Browser stalls while loading Facebook login page (Waiting for static.xx.fbcdn.net)Problem:
After opening the Tor Browser and typing in facebook.com, page loading hangs, status bar showing "Waiting for static.xx.fbcdn.net"
HTTP GET requests for small images from static.xx.fbcdn.net stall in the "Blocked" state for mi...Problem:
After opening the Tor Browser and typing in facebook.com, page loading hangs, status bar showing "Waiting for static.xx.fbcdn.net"
HTTP GET requests for small images from static.xx.fbcdn.net stall in the "Blocked" state for minutes - viewed in Developer tools / Network / request / Timing (see attached screenshot Step2.png).
When a different website is opened in a new tab, HTTP requests continue loading successfully - seems to be some livelock within the browser.
This is **not a network issue**, connectivity in the browser works fine, also verifed without a SOCKS proxy (direct connection without Tor).
Reproducibility: nearly 100%
Environment:
- Windows 10 Pro, 64bit
- Tor Browser 7.5.3 for Windows, english
- Tor Browser 8.0a5 for Windows, english
**Trac**:
**Username**: uzihttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25702Activity 1.1 Update Tor Browser icon to follow design guidelines.2020-06-27T14:36:08ZIsabela FernandesActivity 1.1 Update Tor Browser icon to follow design guidelines.update the globe and any other old icons - download page and website icons will be updated with the redesign work. this is just about the icons at the product.update the globe and any other old icons - download page and website icons will be updated with the redesign work. this is just about the icons at the product.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25697Create UI for Torbutton (prefs, security slider...)2020-06-27T14:36:08ZIsabela FernandesCreate UI for Torbutton (prefs, security slider...)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25696Design of alpha onboarding for Tor Browser for Android2020-06-27T14:36:08ZIsabela FernandesDesign of alpha onboarding for Tor Browser for AndroidThis can be a temporary onboarding until all the experience has been built and we can do a final one covering all the features.This can be a temporary onboarding until all the experience has been built and we can do a final one covering all the features.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25695Activity 5.1: Redesign Tor Browser homepage ("about:tor") - create an user on...2020-06-27T14:36:08ZIsabela FernandesActivity 5.1: Redesign Tor Browser homepage ("about:tor") - create an user onboard**Redesign Tor Browser homepage ("!about:tor") to inform users about various Tor features and settings they can use to customize their experience.**
We are not taking advantage of the best opportunity to educate users about Tor’s featur...**Redesign Tor Browser homepage ("!about:tor") to inform users about various Tor features and settings they can use to customize their experience.**
We are not taking advantage of the best opportunity to educate users about Tor’s features and settings. The “!about:tor” page is the first thing a user sees once they successfully launch Tor Browser and connect to the Tor network. At this moment, they are ready to start browsing; therefore, it is a great opportunity for us to build an educational moment to teach them about Tor Browser security features and how to use them.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25694Activity 3.1: Improve the user experience of updating Tor Browser2020-06-27T14:36:09ZIsabela FernandesActivity 3.1: Improve the user experience of updating Tor BrowserFirst thing here is to review usability tickets for the updater:
* https://trac.torproject.org/projects/tor/ticket/13309
* https://trac.torproject.org/projects/tor/ticket/17594
* https://trac.torproject.org/projects/tor/ticket/1817...First thing here is to review usability tickets for the updater:
* https://trac.torproject.org/projects/tor/ticket/13309
* https://trac.torproject.org/projects/tor/ticket/17594
* https://trac.torproject.org/projects/tor/ticket/18179
* https://trac.torproject.org/projects/tor/ticket/18193
* https://trac.torproject.org/projects/tor/ticket/18948
* https://trac.torproject.org/projects/tor/ticket/19270
* https://trac.torproject.org/projects/tor/ticket/20083
All these tickets were selected back in the day when we were creating sponsor17 proposal.
So we should read what is going on at these tickets to define the problems we will try to fix.
Once we have the problems defined is when we will start drafting solutions.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25693Activity 1.2: Make sure Firefox Photon UI works with our style guidelines2020-06-27T14:36:09ZIsabela FernandesActivity 1.2: Make sure Firefox Photon UI works with our style guidelinesFirefox Photon UI is part of upcoming changes to the Firefox ESR Browser, upon which Tor Browser is based. This activity will make sure that we review it to make sure it follows our design guidelines.
!https://design.firefox.com/photon...Firefox Photon UI is part of upcoming changes to the Firefox ESR Browser, upon which Tor Browser is based. This activity will make sure that we review it to make sure it follows our design guidelines.
!https://design.firefox.com/photon/welcome.htmlhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25660Remove "New Private Window" option from Tor Browser or make it a separate ses...2023-02-02T09:30:38ZstephwRemove "New Private Window" option from Tor Browser or make it a separate sessionIt doesn't do anything that I can tell. If it does, we should have more of an explanation to set user expectation.
For instance, I thought perhaps when I was logged into Twitter in another tab, it might isolate a separate session, but i...It doesn't do anything that I can tell. If it does, we should have more of an explanation to set user expectation.
For instance, I thought perhaps when I was logged into Twitter in another tab, it might isolate a separate session, but it does not. If I go to twitter.com in a "New Private Window", I am still logged into the same account.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25658Improve user understanding and user control by clarifying Tor Browser's secur...2022-12-08T15:15:27ZIsabela FernandesImprove user understanding and user control by clarifying Tor Browser's security featuresThis work is related to the following proposal:
https://lists.torproject.org/pipermail/tbb-dev/2018-March/000799.html
There should also be an experience for Android. (maybe create a child ticket to track that?)This work is related to the following proposal:
https://lists.torproject.org/pipermail/tbb-dev/2018-March/000799.html
There should also be an experience for Android. (maybe create a child ticket to track that?)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25580Torbutton should trigger Tor Browser auto update when it starts and it knows ...2022-06-23T19:55:06ZRoger DingledineTorbutton should trigger Tor Browser auto update when it starts and it knows it's out of dateWhen I start my Tor Browser 7.5, it starts up, and gives me an about:tor page with a black arrow trying to get me to click on stuff.
Shouldn't it instead just say "oh, you need to update, I'm doing that for you now"?
When I close down ...When I start my Tor Browser 7.5, it starts up, and gives me an about:tor page with a black arrow trying to get me to click on stuff.
Shouldn't it instead just say "oh, you need to update, I'm doing that for you now"?
When I close down my Tor Browser 7.5 and start it up again, I get the same black arrow, even though it could have already known from last time that it was going to be out of date.
(I've gotten used to the choices that yawning made in the sandboxed tor browser, where it checks for an update on startup, and if there is one, it updates me then.)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25566Include or add an option to close connection to Cloudflare.2022-01-11T19:31:56ZcypherpunksInclude or add an option to close connection to Cloudflare.When we create ESR60 version of Tor Browser, we could include "Block Cloudflare MiTM Attack" add-on's functionality.
I'd like to see an option to block/close connection to any cloudflare websites for better privacy. Besides Cloudflare is...When we create ESR60 version of Tor Browser, we could include "Block Cloudflare MiTM Attack" add-on's functionality.
I'd like to see an option to block/close connection to any cloudflare websites for better privacy. Besides Cloudflare is known to block Tor IPs. By blocking Cloudflare by default, I can save time by choosing not to solve captcha or "Please wait" bouncing icon and search for alternative websites. Do consider.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25204Switch security.insecure_connection_* prefs to warn users about insecure HTTP...2022-06-21T14:52:24ZcypherpunksSwitch security.insecure_connection_* prefs to warn users about insecure HTTP in FF60-esrThese prefs are much more eye grabbing as they display both the broken padlock and the "Not Secure" text, which is really important in TB context:
![https://web.archive.org/web/20180210095051if_/https://i.stack.imgur.com/lY6e4.jpg](http...These prefs are much more eye grabbing as they display both the broken padlock and the "Not Secure" text, which is really important in TB context:
![https://web.archive.org/web/20180210095051if_/https://i.stack.imgur.com/lY6e4.jpg](https://web.archive.org/web/20180210095051if_/https://i.stack.imgur.com/lY6e4.jpg)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25166Clipboard may be cleared or modified by websites2023-01-05T17:22:02ZGeorg KoppenClipboard may be cleared or modified by websitesThings like `document.execCommand('copy')` allows websites to mess with the clipboard. We might want to think to either warn users when this happens or just disable that feature by flipping the `dom.allow_cut_copy` preference. See: https...Things like `document.execCommand('copy')` allows websites to mess with the clipboard. We might want to think to either warn users when this happens or just disable that feature by flipping the `dom.allow_cut_copy` preference. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1012662 for the original implementation and discussion about exposing the preference.
Thanks to xiaoyinl who reported that issue in our bug bounty program.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25155Blank page in sandboxed 8.0a1, sandbox 0.0.16, linux x86_642020-06-27T14:36:22ZLinus Nordberglinus@torproject.orgBlank page in sandboxed 8.0a1, sandbox 0.0.16, linux x86_64This URL renders blank in my TB (see summary for version), js enabled: https://prat.dataskydd.net/
It used not to.This URL renders blank in my TB (see summary for version), js enabled: https://prat.dataskydd.net/
It used not to.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25151Update Tor Browser branding on installation2020-06-27T14:36:22ZstephwUpdate Tor Browser branding on installationThe installation package still calls Tor Browser Tor Browser Bundle and includes outdated branding.
- Match branding to new Tor Launcher: Tor | Browser logo
- Add space to application name: s/TorBrowser/Tor BrowserThe installation package still calls Tor Browser Tor Browser Bundle and includes outdated branding.
- Match branding to new Tor Launcher: Tor | Browser logo
- Add space to application name: s/TorBrowser/Tor Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25023visually mark alpha tor browser2020-06-27T14:36:25Zakreyvisually mark alpha tor browserThe alpha and stable tor browser bundle look exactly alike, making it hard to track which one you are using.
We could have an alpha sign on the green onion left to the url bar, or use a different color instead of the green there. (Viole...The alpha and stable tor browser bundle look exactly alike, making it hard to track which one you are using.
We could have an alpha sign on the green onion left to the url bar, or use a different color instead of the green there. (Violet comes to mind.)
The same goes for the application switcher and task bar in windows (green/gray? globe logo).https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/24993about:support option strips TBB down to Firefox2022-12-30T15:26:43Zcypherpunksabout:support option strips TBB down to Firefox-go to about:support
-click "Refresh Tor Browser"
-now you're fucked
This option should restore the Tor Browser Bundle to it's default config, meantime as the Tor Browser. Instead it "restores" it to more or less FIrefox.
I used it onc...-go to about:support
-click "Refresh Tor Browser"
-now you're fucked
This option should restore the Tor Browser Bundle to it's default config, meantime as the Tor Browser. Instead it "restores" it to more or less FIrefox.
I used it once where I not only didn't have Tor locally installed, but didn't have safe access to updates or downloads, and suddenly found myself stranded without web access over tor.
I understand some users may need to manually re-install the Tor Browser Button, etc. But at the very least this path needs to be better marked.