Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2024-01-21T20:34:40Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40337Dark mode in Tor Browser2024-01-21T20:34:40ZsukhmanDark mode in Tor BrowserI want to enable **full dark mode** (all websites become dark) in the tor browser, not just a theme, as I am sensitive to white light. I can't use the tor browser for more than 2 hours (approx.) because of this white light. Is there any ...I want to enable **full dark mode** (all websites become dark) in the tor browser, not just a theme, as I am sensitive to white light. I can't use the tor browser for more than 2 hours (approx.) because of this white light. Is there any way to enable it without using any external add-on(s)?
What I'd tried?
I can see there is a setting, in _about:config_, named as "_widget.content.allow-gtk-dark-theme._"But when I enable it nothing happens.
Edit: I know it is more like a question, not an issue but, in my case, I can count it as an issue.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42436Allow for multiple configured (front, reflector) domain fronting pairs in Moa...2024-03-06T18:39:12ZCecylia BocovichAllow for multiple configured (front, reflector) domain fronting pairs in Moat moduleIt's happened twice now that the domain fronting settings for Moat have stopped working:
- [when `cdn.sstatic.net` moved to CloudFlare](https://lists.torproject.org/pipermail/anti-censorship-team/2023-September/000314.html)
- [when Fastl...It's happened twice now that the domain fronting settings for Moat have stopped working:
- [when `cdn.sstatic.net` moved to CloudFlare](https://lists.torproject.org/pipermail/anti-censorship-team/2023-September/000314.html)
- [when Fastly stopped supporting domain fronting and `foursquare.com` renewed its cert](https://github.com/net4people/bbs/issues/309)
When Moat stops working, it leaves us scrambling to find new front domains, the update process requires a new release, and it can be difficult for users to receive updates or connect if Connection Assist is unreachable. It's also difficult to choose a single front domain that will work in almost every place. Even though Connect Assist allows us offer country-specific circumvention settings, we have only a single setting for using Connect Assist itself.
Ideally, we could provide multiple (front, reflector) pairs, and iterate through them until a working pair is found. That pair can be saved for future use until it stops working and the module will re-iterate through the list until a new pair is found.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42226Reduce Customisability of default fonts and colours2023-11-30T08:57:19ZrichardReduce Customisability of default fonts and coloursWe should provide some pre-defined 'themes' that are inline with user's accessibility needs in order to minimize the number of potential fingerprinting buckets.
This would require a few parts:
- identifying which sets of default provid...We should provide some pre-defined 'themes' that are inline with user's accessibility needs in order to minimize the number of potential fingerprinting buckets.
This would require a few parts:
- identifying which sets of default provided 'themes' we should provide
- it seems some set of options could be:
- default || dark mode
- default || high-contrast
- default || large text
- new UX for this entire section of about:preferences:
![afbeelding](/uploads/8c681c883216218f7aaf91cdf6aef275/afbeelding.png)
/cc @henry @donuts @thorinhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40100Tor Browser waits for the page to fully finish loading before showing Onion L...2023-03-02T16:23:08ZRoger DingledineTor Browser waits for the page to fully finish loading before showing Onion Location pillI just loaded a nytimes.com page, and it had a bunch of little tracking/whatever links embedded in it. It took 30 seconds or something for one of those extraneous links to finish loading. The browser had rendered (most of) the page quite...I just loaded a nytimes.com page, and it had a bunch of little tracking/whatever links embedded in it. It took 30 seconds or something for one of those extraneous links to finish loading. The browser had rendered (most of) the page quite early in that 30 seconds, but the purple Onion-Location pill didn't show up until the page had entirely and completely finished rendering.
We knew there was an onion-location header when we got the headers for the main html response, so we knew very early in the process. Does that mean we can put up the pill (or automatically switch, if that's what the user has configured) much earlier too?https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40885Update tb-manual to Tor Browser's content style when bundled2024-03-05T19:03:02ZdonutsUpdate tb-manual to Tor Browser's content style when bundledWe decided in #31539 and #11698 to proceed with bundling the tb-manual in Tor Browser 11.5 (if possible). This ticket is a reminder to explore lightly restyling the page so it looks native to the browser, and less like a torproject.org w...We decided in #31539 and #11698 to proceed with bundling the tb-manual in Tor Browser 11.5 (if possible). This ticket is a reminder to explore lightly restyling the page so it looks native to the browser, and less like a torproject.org website.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32324Help users identify and understand letterboxing2024-03-07T16:16:47ZAntonelaantonela@torproject.orgHelp users identify and understand letterboxingWe enabled letterboxing by default in TB9.0, and some users were confused about it.
https://blog.torproject.org/comment/284569#comment-284569
https://blog.torproject.org/comment/284575#comment-284575
This ticket aims to collect the ef...We enabled letterboxing by default in TB9.0, and some users were confused about it.
https://blog.torproject.org/comment/284569#comment-284569
https://blog.torproject.org/comment/284575#comment-284575
This ticket aims to collect the efforts to explain to users what this feature does and why it is relevant.ma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42039Make the warning of about:config not skippable2023-11-04T01:42:54ZThorinMake the warning of about:config not skippableWe think we could force release users to always see the `about:config` warning, to remind that it can be dangerous.
We thought of:
- always show the warning (by locking `browser.aboutConfig.showWarning` = true)
- remove the warning che...We think we could force release users to always see the `about:config` warning, to remind that it can be dangerous.
We thought of:
- always show the warning (by locking `browser.aboutConfig.showWarning` = true)
- remove the warning checkbox
- spruce up about:config interstitial (FF example below)
- use TB colors?
- change warning to at least mention fingerprinting (and drop `performance` to keep it short)
- maybe a learn more to the about:manual entry
- we need some RED somewhere ... RED WINDOW OF DEATH sounds good
![FF](/uploads/3e6dafea04251f19575243ecee8f8bf4/FF.png)
from https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41797#note_2934868
cc: @pierov @donutshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41902Add "New Circuit" to right-click context menu2023-07-20T17:00:02ZdonutsAdd "New Circuit" to right-click context menuSee [this suggestion](https://forum.torproject.org/t/suggestion-right-click-on-tab-and-offer-new-tor-circuit-for-this-site-option/8352) from a forum user.
The natural position would seem to be below "Reload" in the context menu. We shou...See [this suggestion](https://forum.torproject.org/t/suggestion-right-click-on-tab-and-offer-new-tor-circuit-for-this-site-option/8352) from a forum user.
The natural position would seem to be below "Reload" in the context menu. We should probably use the existing string in title case (i.e. "New Tor Circuit For This Site"), however that's very wordy and I think "...For This Site" can be inferred based on the context, so I'd be in favor of slimming it down to "New Circuit" here.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41753newwin: lock default titlebar | maybe lock out compact density2024-03-12T09:04:47ZThorinnewwin: lock default titlebar | maybe lock out compact densityA number of chrome elements can cause variance in the remaining height
on all desktop
- lock density to normal
- lock bookmarks toolbar to always on (I know it eats height real estate)
- menu bar should be off on all platforms, we could...A number of chrome elements can cause variance in the remaining height
on all desktop
- lock density to normal
- lock bookmarks toolbar to always on (I know it eats height real estate)
- menu bar should be off on all platforms, we could reset that on app start (personally I would also like to block the Alt key toggling it)
on windows/mac
- lock title bar off
on linux
- lock title bar on
This should help reduce variance in inner window sizes on same resolutions to less buckets. I'm doing some fuzzy what if analysis based on resolutions, system scaling, docker/taskbar size + position, density, bookmarks toolbar, and titlebar ... and OMG the menu bar
This issue is a reminder for me to decide if it's worth it after I do my nested nested nested nested nested nested nested loop analysis - we probably have lots of users in most buckets anyway, so it may not make any difference ... that and @donuts will most likely say no because user choice and usability on lower res machineshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41723RFP when switching windows to fullscreen without letterboxing2024-03-12T09:04:02Zma1RFP when switching windows to fullscreen without letterboxingAt this moment we show the maximization warning after user is back from fullscreen with F11.
The warning being shown is an implementation artifact that's always been there: notification bars cannot be shown in fullscreen mode: we either...At this moment we show the maximization warning after user is back from fullscreen with F11.
The warning being shown is an implementation artifact that's always been there: notification bars cannot be shown in fullscreen mode: we either need to change the widget implementation or to keep the existing behavior.
Another option would be prompting for per-site permission before proceeding with fullscreen, which is something which we've been also considering for content-triggered fullscreen (not explicitly initiated by user interaction with the browser UI) as an alternative to letterboxing.
/cc @thorin , @donutshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41716Figure out how to display conflux circuits in Tor Browser's UI2024-01-29T19:26:13Zmicahmicah@torproject.orgFigure out how to display conflux circuits in Tor Browser's UINow that circuit display was literally just re-implemented...
When 0.4.8 becomes stabilized (this will take a few months still), conflux will come to the network. Conflux will open a new world with tor circuits: circuits are no longer n...Now that circuit display was literally just re-implemented...
When 0.4.8 becomes stabilized (this will take a few months still), conflux will come to the network. Conflux will open a new world with tor circuits: circuits are no longer necessarily static, now they can be dynamic, the TCP circuits can change paths, and can have multiple paths, and doing so can bring some nice improvements for people.
We need to start thinking about how we want to communicate to the user in TB. Specifically that the circuit(s) are conflux circuits. Users knowing that they are using a conflux circuit will provide valuable information to them (and their feedback to us as well).
Because the circuits can now change paths, this could have a lot of UI visualization implications, such as reflecting that there are these paths that are now ready, or that there is a new circuit leg available. That would be the nice (but complicated) signal to users, but starting with something simple by just indicating in the UI that this is a conflux circuit (eg. literally just writing the word 'conflux' in green or something) would be a good first signal step. So there is a UX question here.
For the dev side of things, right now its possible (in 0.4.8) to get from the control port that a circuit is a conflux circuit, but it doesn't have any advanced information that would be useful for multi-leg displays, but if we want to show those types of things, we will need to talk about what would be needed to be added to tor to extract that information.
perhaps we can have a ad-hoc session at our in-person meeting to brief folks on what conflux means and its benefits.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41656Site info panel for internal pages is misaligned vs the identity block2023-06-01T17:13:43ZdonutsSite info panel for internal pages is misaligned vs the identity blockSee this screenshot for reference:
![identity-block-internal-resource](/uploads/4833fe0b4d0eaf339fb485b3489bb25b/identity-block-internal-resource.png)
It should be aligned to the left of the identity block instead. Curiously, this seem...See this screenshot for reference:
![identity-block-internal-resource](/uploads/4833fe0b4d0eaf339fb485b3489bb25b/identity-block-internal-resource.png)
It should be aligned to the left of the identity block instead. Curiously, this seems to only be affecting internal pages – and external pages are fine.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41541Update builtin bridges from Circumvention Settings API2024-03-27T15:25:34Zmeskiomeskio@torproject.orgUpdate builtin bridges from Circumvention Settings APIRight now to update the builtin bridges we need to make a Tor Browser release, it would be nice if TB automatically updates them using [Circumvention Settings API](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/m...Right now to update the builtin bridges we need to make a Tor Browser release, it would be nice if TB automatically updates them using [Circumvention Settings API](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/moat.md#circumventionbuiltin).
There are two concerns I have about it:
* Users will not be happy with TB making a call to an external API without giving some consent about it.
* We don't want to make easier for censors to notice you are using Tor because of that.
I think it makes sense to update when we do other connections to moat (Connect Assist, captcha bridges, ...), I assume user has already consent to do a request to the API on those cases and having an extra connection over the domain fronting should not make it more noticeable than it already is. We could store when was the last time we had updated them, and don't update them is they are fresh (maybe 24h is a good freshness).
An extra that would be nice is to ask the user if they want to refresh the builtin bridges when they click on Settings to *Select a Built-In Bridge*. I think we should only ask if bridges hasn't being refreshed for a while (maybe 7days). The confirmation popup could have a check box with 'remember that option' or something like that, so the following times they enable builtin bridges we refresh or not without asking (if the bridges hasn't being refreshed in 7days).Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibetma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41421about:manual semantic and accessibility problems2023-02-10T23:45:48Zhenryabout:manual semantic and accessibility problemsI didn't look through all the "about:manual" pages, but I noticed a few semantic and accessibility issues which I imagine are common to most pages. A few of these issues would apply to https://tb-manual.torproject.org/ as well https://gi...I didn't look through all the "about:manual" pages, but I noticed a few semantic and accessibility issues which I imagine are common to most pages. A few of these issues would apply to https://tb-manual.torproject.org/ as well https://gitlab.torproject.org/tpo/web/manual/-/issues/132.
1. The top page "about:manual" uses `<h3>` for the "Topics" heading even though it is the top-most heading.
2. The list of links in "about:manual" uses `<li><h4><a></a></h4><p></p></li>`. Using both `<li>`, `<h4>` and `<a>` for the heading makes this noisier than necessary on a screen reader. Plus, this page is less "headings with paragraphs" and more a navigation page.
3. The sub-pages start with a `<h2>` heading, rather than `<h1>`.
4. The `<nav>` element at the top of the page could perhaps use `<ul>` to separate the links. The "»" symbol should be visual only.
5. The alt text for `<img>` elements are not very descriptive of the image. A lot of these are screenshots, but don't describe themselves as screenshots.
6. Some of the text is geared towards users who can see the screenshots.
An example for point 6 would be in the "about:manual#running-tor-browser" page. We have
> ## CONFIGURE
>
> Tor Browser will take you through a series of configuration options.
>
> The Connection Assist informs you about the state of your Internet connection and your connection to the Tor network.
>
> [image]
>
> [image]
>
> The first checkbox is 'Quickstart'. If selected, every time you open Tor Browser, it will try to connect with your previous network settings.
There's no indication that this "configure" is in the settings page, or that "Connection" and "Quickstart" are sections of this page. Using good alt text would help a little, but making the text clearer would help clarify things for all users. Generally, you want something that you could directly read over the phone to help someone on the other end.
Moreover, the use of "Connection Assist" is confusing because the section just before is called "CONNECTION ASSIST", which is something else.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41396Empty formAutofillGroupBox not hidden in Privacy preferences2022-11-30T16:11:12ZhenryEmpty formAutofillGroupBox not hidden in Privacy preferencesThe `#formAutofillGroupBox` groupbox in the Privacy pane is not hidden, even though it has no children.
I noticed this when going through with a screen reader (Orca) the empty groupbox was announced as "blank". From a visual perspective...The `#formAutofillGroupBox` groupbox in the Privacy pane is not hidden, even though it has no children.
I noticed this when going through with a screen reader (Orca) the empty groupbox was announced as "blank". From a visual perspective, this creates an extra space after our "Onion Services Authentication" preferences:
![Screenshot of highlighted extra space after Onion Services Authentication preferences](/uploads/d22215319a394553339966edcf6d1407/Screenshot_from_2022-10-25_16-09-50.png)Sponsor 131 - Phase 2 - Privacy Browserhenryhenryhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41395Change description for Onion Location preference2023-01-05T15:38:34ZPier Angelo VendrameChange description for Onion Location preferenceWe currently have «Prioritize .onion sites when known.», which doesn't sound too good.
«Prioritize .onion sites when available.» sounds better.
Otherwise also something like «when possible».We currently have «Prioritize .onion sites when known.», which doesn't sound too good.
«Prioritize .onion sites when available.» sounds better.
Otherwise also something like «when possible».https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41068"HTTPS-Only Mode Alert Secure Connection Not Available" gets triggered when l...2023-01-06T15:55:38ZRoger Dingledine"HTTPS-Only Mode Alert Secure Connection Not Available" gets triggered when loading is slow, and it's scaring usersLoad your Tor Browser, then move to a network where Tor can't connect, e.g. because it is firewalled or because you're captive portaled or etc.
Then type a non-existent domain into the url bar (I picked dffffogifdgoise.org) and hit ente...Load your Tor Browser, then move to a network where Tor can't connect, e.g. because it is firewalled or because you're captive portaled or etc.
Then type a non-existent domain into the url bar (I picked dffffogifdgoise.org) and hit enter.
After a few minutes, Tor will give up trying to find a circuit for that domain, and it will give you an error page.
In the old days, we'd get the "We can’t connect to the server at www.dffffogifdgoise.org." error page.
But now (Tor Browser 11.5) we get a new page, telling the user "You've enabled HTTPS-Only Mode for enhanced security, and a HTTPS version of dffffogifdgoise.org is not available." and then "Most likely, the website simply does not support HTTPS."
I'm attaching a screenshot of "I failed to reach news.google.com" which mistakenly/misleadingly turned into the https-only mode warning:
![Screenshot_2022-07-20_22-42-52](/uploads/e36a4ef34e54dc51cd0fe16a9a77787a/Screenshot_2022-07-20_22-42-52.png)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41062Assume internet is online when connected to Tor2022-11-30T18:21:48ZcypherpunksAssume internet is online when connected to TorIn Connection settings, where Internet and Tor statuses are shown, Tor might be displayed as connected while Internet as unknown. That's weird - it implies working Inet.In Connection settings, where Internet and Tor statuses are shown, Tor might be displayed as connected while Internet as unknown. That's weird - it implies working Inet.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40659Raise the "Get Involved" text to its own line in about:tor2022-11-30T16:24:43ZRoger DingledineRaise the "Get Involved" text to its own line in about:torRight now about:tor in Tor Browser has an obvious line for Donate Now, another obvious line for Check Out The Manual, a third one for Sign up for Tor News, and then there's this tiny font thing at the bottom with a whole lot of words and...Right now about:tor in Tor Browser has an obvious line for Donate Now, another obvious line for Check Out The Manual, a third one for Sign up for Tor News, and then there's this tiny font thing at the bottom with a whole lot of words and a tiny little 'get involved' link at the very end.
I propose we leave the tiny-font thing at the bottom, but rescue "Get Involved" from it and turn it into its own line right above that.
[Suggested by a nice person on #tor-project]https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40656Identify fingerprintable preferences2023-11-04T01:36:58ZMatthew FinkelIdentify fingerprintable preferencesLet's identify all of the preferences (`about:preferences`) that are fingerprinting vectors. When that is complete, we should make that risk clear, and provide a recommendation.Let's identify all of the preferences (`about:preferences`) that are fingerprinting vectors. When that is complete, we should make that risk clear, and provide a recommendation.Sponsor 131 - Phase 2 - Privacy Browser