torbutton issueshttps://gitlab.torproject.org/tpo/applications/torbutton/-/issues2022-03-17T22:28:16Zhttps://gitlab.torproject.org/tpo/applications/torbutton/-/issues/18231Torbutton keeps forgetting which cookies I would like to protect2022-03-17T22:28:16ZTracTorbutton keeps forgetting which cookies I would like to protectWould be great to remove all cookies frequently if trustworthy cookies are easily protected, but it isn't helpful if the "Cookie Protections..." wizard always shows them as "false".
I can open up "Cookie Protections...", set useful cook...Would be great to remove all cookies frequently if trustworthy cookies are easily protected, but it isn't helpful if the "Cookie Protections..." wizard always shows them as "false".
I can open up "Cookie Protections...", set useful cookie protection to "true", then leave the wizard. If I immediately open it again, it will have forgotten which cookies I cared to protect - making this feature close to useless.
Unlike legacy/trac#10824 I unselected Torbutton's own "Don't record history…" switch in Privacy Settings (I don't need to distrust my own computer or fear law enforcement). Have not checked what happens if I flick that switch since in that case I would expect it to indeed not persist the choice of cookies.
I am using TBB 5.0.7 from the gentoo torbrowser overlay. install.rdf from torbutton xpi says I am using 1.9.3.7.
Thanks in advance for looking into this, Mike. Was great meeting you in Berlin!
**Trac**:
**Username**: vynXhttps://gitlab.torproject.org/tpo/applications/torbutton/-/issues/18138Two circuits for one domain (Circuit visualizer sometimes shows the "wrong" e...2022-05-18T23:29:09ZcypherpunksTwo circuits for one domain (Circuit visualizer sometimes shows the "wrong" exit node)Making an arbitrary number of new circuits (either with the new identity button or when the Tor client creates circuits while browsing) eventually causes the circuit view in Torbutton to show the wrong exit node.
I have noticed this in ...Making an arbitrary number of new circuits (either with the new identity button or when the Tor client creates circuits while browsing) eventually causes the circuit view in Torbutton to show the wrong exit node.
I have noticed this in Tor Browser 5.0.3 through Tor Browser 5.0.7
A far as I can tell, this is not related to architecture or OS nor to my network or even to machines owned by me. Also the problem is not limited to any particular website and it has nothing to do with JavaScript. I noticed this on Linux 64-bit and 32-bit on every Tor Browser version above and Windows 64-bit and 32-bit on version 5.0.3 (I've not checked since then). However I have not tested this in Mac OS X at all.
When testing this I found that the number of new circuits that are needed to reproduce this varies. Sometimes it happened first time I visited check.torproject.org, other times I spent 10-15 minutes creating new identities.
A screenshot can be found on stack exchange. https://tor.stackexchange.com/questions/9460/why-does-torbutton-circuit-view-not-consistently-show-the-correct-exit-nodehttps://gitlab.torproject.org/tpo/applications/torbutton/-/issues/18090Torcrazybutton eats all memory and crashes Tor Browser2022-03-17T22:22:51ZbugzillaTorcrazybutton eats all memory and crashes Tor BrowserWhen playing mp4 video not on whitelisted youtube, 2 tabs with videos are opened (autoplay, 'cause Temporary allow for site only by NoScript), one tab is closing by user, switch to another, no response, memory is growing, crash...
The mo...When playing mp4 video not on whitelisted youtube, 2 tabs with videos are opened (autoplay, 'cause Temporary allow for site only by NoScript), one tab is closing by user, switch to another, no response, memory is growing, crash...
The most suspicious component: NoScript (another one string-handling bug?)
Continuing investigation...
Log:
Faulting application name: firefox.exe, version: 38.5.0.0, time stamp: 0x00000000
Faulting module name: mozalloc.dll, version: 38.5.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00001582
Faulting process id: 0xf64
Faulting application path: C:\%REMOVED%\Tor Browser\Browser\firefox.exe
Faulting module path: C:\%REMOVED%\Tor Browser\Browser\mozalloc.dll
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7601.2.1.0.256.1
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=0a9e
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=0a9e372d3b4ad19135b953a78882e789
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=0a9e
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=0a9e372d3b4ad19135b953a78882e789https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/18044Prompt if Tor Browser is zoomed2022-05-18T23:26:28ZbugzillaPrompt if Tor Browser is zoomedDon't we need to display some kind of toolbar message or otherwise warn the user against zooming their Tor Browser window like in legacy/trac#7255?
Because zooming changes resolution to very rare values.Don't we need to display some kind of toolbar message or otherwise warn the user against zooming their Tor Browser window like in legacy/trac#7255?
Because zooming changes resolution to very rare values.https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/18040Torbutton showed Tor as disabled randomly2022-03-17T22:16:57ZcypherpunksTorbutton showed Tor as disabled randomlyI was browsing the bug tracker and suddenly my torbutton said Tor is disabled and torbutton had a big X. Using TBB on Unix 64 with all default settings + high security slider. Didn't investigate further as I closed TBB and didn't want to...I was browsing the bug tracker and suddenly my torbutton said Tor is disabled and torbutton had a big X. Using TBB on Unix 64 with all default settings + high security slider. Didn't investigate further as I closed TBB and didn't want to be deanonymized. After restart TBB is normal.
This never happened before and I have no idea why it happened.https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/17584Disable bookmark backups (easy fix) (!)2022-05-18T23:21:56ZcypherpunksDisable bookmark backups (easy fix) (!)Tor browser shouldn't backup bookmarks at all and even when bookmarks are deleted, old backups remain in:
/Browser/TorBrowser/Data/Browser/profile.default/bookmarkbackupsTor browser shouldn't backup bookmarks at all and even when bookmarks are deleted, old backups remain in:
/Browser/TorBrowser/Data/Browser/profile.default/bookmarkbackupshttps://gitlab.torproject.org/tpo/applications/torbutton/-/issues/17073TorButton says Tor is disabled when it's not2021-07-14T17:01:00ZTracTorButton says Tor is disabled when it's notTor Browser Bundle 5.0.2 -- Tor Button 1.9.3.2. On Linux systems:
I use a Tor relay on my local network, to which I connect to through a stunnel (spawned by xinetd on the client side, and spawned by systemd on the server side - where th...Tor Browser Bundle 5.0.2 -- Tor Button 1.9.3.2. On Linux systems:
I use a Tor relay on my local network, to which I connect to through a stunnel (spawned by xinetd on the client side, and spawned by systemd on the server side - where the relay is). I have set a password in the start-tor-browser script, and modified the values as instructed in that script. When I then start Tor, I'm greeted by the "Something Went Wrong!
Tor is not working in this browser." screen, and the Tor button is grayed out. Yet, I can surf to onion sites, and the Tor button shows the Tor circuit for the site I'm on. I assume that at least anonymous surfing is working well, but it's confusing and induces quite a bit of insecurity when the browser reports that it's all disabled.
**Trac**:
**Username**: tamjanhttps://gitlab.torproject.org/tpo/applications/torbutton/-/issues/16936Circuit display should show original circuit for each tab2022-05-18T23:20:55ZArthur EdelsteinCircuit display should show original circuit for each tabInstead of storing circuits per credentials, let's store them per-tab and then display the original circuit for each tab, even if that circuit has since closed and been replaced under the same credentials.Instead of storing circuits per credentials, let's store them per-tab and then display the original circuit for each tab, even if that circuit has since closed and been replaced under the same credentials.https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/16621Can we merge torbutton_do_new_identity with Clear Private Data?2022-05-18T23:15:15ZMike PerryCan we merge torbutton_do_new_identity with Clear Private Data?Instead of maintaining our own way of clearing browser state, can we turn it into an API in Firefox, or merge it with the existing Firefox Clear Private Data code?Instead of maintaining our own way of clearing browser state, can we turn it into an API in Firefox, or merge it with the existing Firefox Clear Private Data code?https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/16220Torbutton/Torlauncher flips out if TOR_SKIP_LAUCH is set without TOR_SOCKS_PORT2022-05-18T23:14:43ZYawning AngelTorbutton/Torlauncher flips out if TOR_SKIP_LAUCH is set without TOR_SOCKS_PORTMight be kind of hard to test since I encountered this with some kind of sketchy alpha code I'm writing.
What I do:
* Run my own control port implementation (basically a modified or-ctl-filter) on `127.0.0.1:9151`. This implementation...Might be kind of hard to test since I encountered this with some kind of sketchy alpha code I'm writing.
What I do:
* Run my own control port implementation (basically a modified or-ctl-filter) on `127.0.0.1:9151`. This implementation returns `250-net/listeners/socks="127.0.0.1:9150"\r\n250 OK\r\n` in response to a `GETINFO net/listeners/socks` request.
* Run my own SOCKS5 implementation on `127.0.0.1:9150`.
* Set `TOR_SKIP_LAUNCH=1` (as the only Tor Browser env var).
What I expect to happen: Tor Browser should think that Tor is running.
What I get: The "Something went wrong" grey screen.
Setting `TOR_SOCKS_PORT=9150` in the env var makes everything work, which puzzles me.https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/16149The newChannel() API is deprecated and broken in Tor Browser based on ESR 602021-07-09T18:33:17ZGeorg KoppenThe newChannel() API is deprecated and broken in Tor Browser based on ESR 60https://bugzilla.mozilla.org/show_bug.cgi?id=1162657 makes the use of `newChannel()` obsolete. We should switch in our code to `newChannel2()` instead.https://bugzilla.mozilla.org/show_bug.cgi?id=1162657 makes the use of `newChannel()` obsolete. We should switch in our code to `newChannel2()` instead.https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/15474Quantize innerWidth/Height when pages are zoomed2022-03-17T21:14:07ZArthur EdelsteinQuantize innerWidth/Height when pages are zoomedFollow up to legacy/trac#14429Follow up to legacy/trac#14429https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/14947Torbrowser 4.0.3 lacks required "user_pref" preferences of TorButton on fresh...2022-03-17T21:05:24ZTracTorbrowser 4.0.3 lacks required "user_pref" preferences of TorButton on fresh extension's installation.This may be hard to reproduce but start tor browser with a blank profile, an EMPTY folder and run "firefox.exe -p" to create it, copying the "extensions" folder to that profile from the tor browser bundle "tor browser\data\browser\pro...This may be hard to reproduce but start tor browser with a blank profile, an EMPTY folder and run "firefox.exe -p" to create it, copying the "extensions" folder to that profile from the tor browser bundle "tor browser\data\browser\profile.default\extensions..." so that it adds https-everywhere, noscript, and torbutton back in the profile.
When torbutton installs itself, it doesn't add the following settings as user_pref's:
* extensions.torbutton.socks_remote_dns [true/false]
* extensions.torbutton.saved.socks_remote_dns [true/false]
* extensions.torbutton.custom.socks_remote_dns [true/false]
* extensions.torbutton.custom.socks_version ![4/5]
* extensions.torbutton.socks_version", ![4/5]
* (extensions.torbutton.saved.socks_version does get installed)
I understand the reason these settings may not be there at first is because no one has configured torbutton to have any "custom" settings; however, when someone does specify custom custom proxies in tor button, they don't get put there at that time either.
These settings should be put in torbrowser when torbutton installs/reinstalls itself; they can even be left set as NULL until they are configured/used by tor button.
By not doing so, it can cause torbrowser (firefox.exe itself) to panic and have a hard time making connections in ssl, specifically https://addons.mozilla.org, and cause these SSL connections to time out. It will also cause connections in standard http to crawl while causing torbutton to not have control of the connection settings in tor browser without hitting "restore defaults" in torbutton.
----
As said, for testing, there are no other extensions than noscript,torbutton, and https-everywhere. Flash was set to "always ask" (thus diabling option in torbutton to 'disable Plugins') along with private mode (first option in torbutton preferences) NOT being enabled. **Other than setting custom proxies in torbutton, not one other setting is changed from default in tor brower or tor button.**
Torbutton settings are set to redundantly use either one of the five running tor NT services remotely over the lan on the domain controller, automatically load balanced by the domain contollers. Whether or not the client work stations utilize tor brower, they all use tor for tunneling recursive lookups to the root nameservers. Tor's dns server function are listening on port 153 and forwarded queries by the real dns server for the domain.
__I understand this is not how people normally use tor browser, having a clean profile instead of using the one that comes with tor browser bundle and accessing tor's client services over the lan, not running tor.exe locally; however, this is for RFC whitepaper purposes for deploying tor browser over a domain.__ You always make it uniform for deployment to work in the scenarios you don't expect it to; I already have another ticket open for tor browser itself not wanting to parse windows variables, in order to deploy this over the windows domain.
So, all it takes for this bug is someone creating a new profile using torbrowser in their windows user profile (once we hopefully get the other bug fixed to allow the use of "%profile%" in the profiles.ini path) and our domain controller copying a $h/preferences/extension_overrides.js from our default skeleton (so that they will be able to use our tor services), along with the 3 default extensions to $h/extensions. Then, because preferences torbutton looks for to modify and then copy over to torbrowser's preferences are missing, those preferences of torbrowser don't get created and, thus, seem to cause torbrowser to have intermittent connection problems.
When first starting torbrowser and configuring it as described above (and attached below), it won't resolv dns. When you clear cache and restart it to try to remedy any issues with cache, it resolves dns but now takes a while, along with crawling connections, __even when the connection is set in tor button/firefox OR the proxy server to bypass tor for that specific domain__ (i.e. lan web server).
Fixing this should be as simple as making tor button install the settings defined above and, as said, they can even be set to null or anything you like, just as long as they're there.
**Trac**:
**Username**: johnakabeanhttps://gitlab.torproject.org/tpo/applications/torbutton/-/issues/14089Google Drive/Docs do not work in Tor Browser2022-02-03T18:37:53ZTracGoogle Drive/Docs do not work in Tor Browser## Versions
Tor Browser 4.0.2 (Firefox 31.3.0) on Mac OS 10.9.5
## STR
1. Open new Tor Browser session.
2. Navigate to drive.google.com and log in with a valid Google Account.
## Expected Result
The page loads without errors. I am a...## Versions
Tor Browser 4.0.2 (Firefox 31.3.0) on Mac OS 10.9.5
## STR
1. Open new Tor Browser session.
2. Navigate to drive.google.com and log in with a valid Google Account.
## Expected Result
The page loads without errors. I am able to use the features of Google Drive, such as creating new documents and editing existing documents.
## Actual Result
After the page loads, I see an error message, "There were some problems loading your apps" displayed on the page in a red notification box directly underneath the "Search Drive" input field. After some time elapses, this message changes to "Data load timed out."
Beyond these explicit error messages, the site is generally unusable. It is not possible to create new documents because New > New File doesn't list any file types, as it does in a normal browser. It is not possible to edit existing documents - when double-clicked, there is no "Open" button in the subsequent lightbox view of the document, so the document cannot be opened in Google Docs for editing.
In the Browser Console, I note multiple instances of "[01-02 20:25:10] Torbutton NOTE: Removing 3rd party HTTP auth for url [scrubbed]" which seems related to my activity on Google Drive. As I continue to try to use the site, an increasing amount of these errors are logged.
## Additional notes
I have been able to reproduce these errors with the following configurations:
1. Tor Browser with HTTPS-Everywhere disabled
2. Tor Browser with NoScript disabled
3. Tor Browser with HTTPS-Everywhere and NoScript disabled
I have been //unable// to reproduce the errors from the STR in:
1. Firefox ESR 31.3.0
This suggests that the errors are not due to any of the following:
1. Bugs in the Firefox ESR that Tor is based on
2. Lack of support from Google for the older version of Firefox that Tor Browser is based on
3. HTTPS-Everywhere
4. NoScript
The messages in the Browser Console suggest that TorButton may be involved.
**Trac**:
**Username**: garrettrhttps://gitlab.torproject.org/tpo/applications/torbutton/-/issues/13834please remove trailing spaces from source files2022-03-17T21:01:00Zproperplease remove trailing spaces from source filesIn TorButton (aboutTor.js, torbutton-logger.js, and others) there are a lot trailing spaces. It's best practice to remove them.
Just open all files in an editor that removes trailing spaces upon saving. (Such as Kate when configured to ...In TorButton (aboutTor.js, torbutton-logger.js, and others) there are a lot trailing spaces. It's best practice to remove them.
Just open all files in an editor that removes trailing spaces upon saving. (Such as Kate when configured to do so.)
I could provide a git branch for this "fix" if you like, but I guess it's simpler for someone with commit access.https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/13198clean up torbutton use of Mozilla services2022-03-17T21:00:24ZArthur Edelsteinclean up torbutton use of Mozilla servicesMost of the invocations to `Cc...getService` in the torbutton JS code are unnecessary. Writing a patch to clean it up.Most of the invocations to `Cc...getService` in the torbutton JS code are unnecessary. Writing a patch to clean it up.https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/12683Permissions in nsIPermissionManager aren't cleared with TorButton's "New Iden...2022-03-17T20:59:06ZIsis LovecruftPermissions in nsIPermissionManager aren't cleared with TorButton's "New Identity"When TorButton's "New Identity" button is pressed, the permissions stored with `nsIPermissionManager` aren't cleared, even though `nsIPermissionManager.removeAll()` is called.
From `torbutton_do_new_identity()` in `src/chrome/content/t...When TorButton's "New Identity" button is pressed, the permissions stored with `nsIPermissionManager` aren't cleared, even though `nsIPermissionManager.removeAll()` is called.
From `torbutton_do_new_identity()` in `src/chrome/content/torbutton.js`:
```
torbutton_log(3, "New Identity: Clearing permissions");
let pm = Cc["@mozilla.org/permissionmanager;1"].
getService(Ci.nsIPermissionManager);
pm.removeAll();
torbutton_log(3, "New Identity: Sending NEWNYM");
```
There's a ton of info stored in this thing, including how many time the site has been visited, if popups are allowed, if a site can access offline storage, etc. For me, several dozen sites are listed after clicking "New Identity". It seems to have been keeping these permissions for quite a while, as some of my sites are reported to have hundreds of visits.
To reproduce, do some stuff in TorBrowser for a while, then click "TorButton > New Identity", then navigate to `about:permissions`.boklmboklmhttps://gitlab.torproject.org/tpo/applications/torbutton/-/issues/12514Tor Button does not work unless Navigation toolbar is enabled2021-07-23T14:57:59ZTracTor Button does not work unless Navigation toolbar is enabledJust letting you know that the Tor Button does not have any functionality unless the Navigation toolbar is enabled. I like to customize my layout for maximum content viewing area and I do this by dragging certain buttons off of the Navi...Just letting you know that the Tor Button does not have any functionality unless the Navigation toolbar is enabled. I like to customize my layout for maximum content viewing area and I do this by dragging certain buttons off of the Navigation toolbar and putting them elsewhere. All of the other buttons seem to work fine but not the Tor Button and its most important feature, the ability to choose a New Identity.
Thanks. Tim
**Trac**:
**Username**: pursuit81https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/12511Skip German exits when using Youtube2021-07-09T18:33:17ZcypherpunksSkip German exits when using YoutubeCould Tor skip German exit nodes for youtube domains to improve usability.
The reason is that a big part of Youtube is unavailable on German IPs, due to licensing problems.Could Tor skip German exit nodes for youtube domains to improve usability.
The reason is that a big part of Youtube is unavailable on German IPs, due to licensing problems.https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/10952Tor Browser leaves developer windows open after New Identity2021-07-23T14:47:11ZTracTor Browser leaves developer windows open after New IdentityWhen you open menu entry "View Page Source" from a web page, a new window will open showing the source code.
Then, when you select new identity from the onion menu, all tabs are cleared BUT that page/window with source code will stay the...When you open menu entry "View Page Source" from a web page, a new window will open showing the source code.
Then, when you select new identity from the onion menu, all tabs are cleared BUT that page/window with source code will stay there, it's not closed.
Tor Browser 3.5.2
**Trac**:
**Username**: anon