community issueshttps://gitlab.torproject.org/tpo/web/community/-/issues2021-08-23T16:31:49Zhttps://gitlab.torproject.org/tpo/web/community/-/issues/117[Onion Services] How to launch a site w/ onionshare2021-08-23T16:31:49ZGus[Onion Services] How to launch a site w/ onionshareIn onionshare you can launch a static website. It would be nice to have this how to in onion services section.In onionshare you can launch a static website. It would be nice to have this how to in onion services section.Sponsor 84: Onion Guideshttps://gitlab.torproject.org/tpo/web/community/-/issues/213Come up with a better terminology for bridges2021-10-27T13:31:53ZPhilipp Winterphw@torproject.orgCome up with a better terminology for bridgesOur terminology for bridges is confusing:
* *Private* bridges are bridges that BridgeDB doesn't know about. Users may mistakenly conclude that if a bridge isn't private, it must be public, which is incorrect. Suggestions for other terms:...Our terminology for bridges is confusing:
* *Private* bridges are bridges that BridgeDB doesn't know about. Users may mistakenly conclude that if a bridge isn't private, it must be public, which is incorrect. Suggestions for other terms: unshared, exclusive, unlisted, unknown.
* *Default* bridges are part of Tor Browser. Conceptually, default bridges are more like obfs4-enabled guard relays. Suggestions for other terms: built-in (we may have been using that term occasionally), standard, public.
* We don't have a consistent term for bridges that are distributed by BridgeDB/rdsys. Perhaps we don't need a term because that's the default?
How can we improve the situation?
Copying @cohosh, @antonela, @arma, and @gus.
# Update
proposal is to change this terminology **everywhere**
- default bridges -> built-in bridges
- will not do private/public bridges anymore
- private bridges -> secret bridges
- public bridges -> distributed bridges
Everywhere means:
- [ ] documentation - needs tickets in each portal
- [ ] [Browser's UI](tpo/applications/tor-browser#40623)
- [ ] Code - needs ticketSponsor 30 - Objective 2.2GusGushttps://gitlab.torproject.org/tpo/web/community/-/issues/182Soft launch of the new section of community portal.2021-11-23T18:06:42ZGabagaba@torproject.orgSoft launch of the new section of community portal.The new section with partners's materials.The new section with partners's materials.Sponsor 9 - Phase 5 - Usability and Community Intervention on Support for Democracy and Human Rights2021-06-25https://gitlab.torproject.org/tpo/web/community/-/issues/341[Featured Onions] Add Amnesty International onionsite2024-03-06T17:41:16ZGus[Featured Onions] Add Amnesty International onionsiteLet's add Amnesty International onionsite to our curated list: https://community.torproject.org/onion-services/#featured-onions
"Amnesty International has today launched its global website as an .onion site on the Tor network, giving us...Let's add Amnesty International onionsite to our curated list: https://community.torproject.org/onion-services/#featured-onions
"Amnesty International has today launched its global website as an .onion site on the Tor network, giving users greater access to its ground-breaking work exposing and documenting human rights violations in areas where government censorship and digital surveillance are rife.
In recent years, a number of countries including Algeria, China, Iran, Russia and Viet Nam have blocked Amnesty International websites, according to the Open Observatory of Network Interference (OONI), in a deliberate attempt to suppress freedom of information and efforts to hold the powerful to account.
The new Amnesty onion site can be accessed using the Tor Browser through our secure onion address at: https://www.amnestyl337aduwuvpf57irfl54ggtnuera45ygcxzuftwxjvvmpuzqd.onion."
https://www.amnesty.org/en/latest/news/2023/12/global-amnesty-international-website-launches-on-tor-network-to-help-universal-access/GusGushttps://gitlab.torproject.org/tpo/web/community/-/issues/340(relay) Broken link on technical considerations page2024-02-05T19:32:52ZGus(relay) Broken link on technical considerations pageReported on the Tor Forum: https://forum.torproject.org/t/broken-link-on-technical-considerations-page/11180
New link: https://asrank.caida.org/Reported on the Tor Forum: https://forum.torproject.org/t/broken-link-on-technical-considerations-page/11180
New link: https://asrank.caida.org/GusGushttps://gitlab.torproject.org/tpo/web/community/-/issues/306Increase the image size on the Snowflake landing page2023-04-05T18:43:41Zdevilkiller-agIncrease the image size on the Snowflake landing page### The image giving Snowflake Schematic and showing the selection of Snowflake in 'Select a Built-In Bridges Prompt' are displayed with very small size on Android and IOS devices making it harder to see and understand.
### Steps to rep...### The image giving Snowflake Schematic and showing the selection of Snowflake in 'Select a Built-In Bridges Prompt' are displayed with very small size on Android and IOS devices making it harder to see and understand.
### Steps to reproduce:
1. Visit [Snowflake Landing Page](https://snowflake.torproject.org/) on Android or IOS device.
2. Notice the Image Size of Snowflake Schematic Diagram Image.
3. Scroll down to 'Use Snowflake to bypass censorship' section and notice the size of image displaying 'Select a Built-In Bridges Prompt'.
### What is the current bug behavior?
![WhatsApp_Image_2023-03-06_at_22.29.58](/uploads/6007f2d9a7333bd463e796d8c20abc91/WhatsApp_Image_2023-03-06_at_22.29.58.jpg)
![WhatsApp_Image_2023-03-06_at_22.02.46](/uploads/f9df2b3dcd3d8ede699485f968526cab/WhatsApp_Image_2023-03-06_at_22.02.46.jpg)
### What is the expected behavior?
![Screenshot__36_](/uploads/b3715a83442f8b260628039199eb6b7e/Screenshot__36_.png)
![Screenshot__37_](/uploads/f8f70ede1cd00642cd730e29a7672459/Screenshot__37_.png)
### Environment
- Operating system: Android 13
### Possible fixes:
Change the padding of images with class `.diagram and .screenshot` from
`
.diagram, .screenshot {
padding: 2.6rem 5.2rem;
}
` to
`
.diagram, .screenshot {
padding: 1rem 1rem;
}
`
for the devices with viewport width less than 425px (i.e, for mobile devices).devilkiller-agdevilkiller-aghttps://gitlab.torproject.org/tpo/web/community/-/issues/305Update relay docs to the new possible amount of relays per IP2023-02-21T15:49:19ZGusUpdate relay docs to the new possible amount of relays per IPRelay operator docs should reflect the new limit of possible amount of relays per IP (2 -> 4):
```
Hello everyone!
You might recall that Tor is restricting the possible amount of Tor
relays per IP address to 2, mainly for Sybil preven...Relay operator docs should reflect the new limit of possible amount of relays per IP (2 -> 4):
```
Hello everyone!
You might recall that Tor is restricting the possible amount of Tor
relays per IP address to 2, mainly for Sybil prevention reasons.[1]
Given that Tor on the relay side at least is not multithreaded yet (and
will likely not be for the near and medium future) that's wasting a lot
of useful resources as many servers can easily handle more than 2
relays. Additionally, IPv4 addresses are scarce/expensive.
I have good news for you, though. Thanks to a push by our relay operator
community we raised that limit to 4 with the help of the directory
authorities (by having set `AuthDirMaxServersPerAddr 4` on a majority of
them) and, depending on how that experiment goes, consider raising it
even to 8.
Thus from now one should be able to run 4 relays per IP address. We are
looking very much forward to seeing a bunch of additional relays
entering the network and making it stronger. :)
For more details, information and discussion see: tor#40744.[2]
Thanks,
Georg
https://lists.torproject.org/pipermail/tor-relays/2023-February/020999.html
```GusGushttps://gitlab.torproject.org/tpo/web/community/-/issues/284Update oudated Proton link2022-08-02T02:52:04Zal smithUpdate oudated Proton linkThere is an outdated link on this page: https://community.torproject.org/onion-services/talk/ in this paragraph:
> Other providers like [ProtonMail](https://protonmail.com/blog/protonmail-tor-censorship/) allow users to read and send th...There is an outdated link on this page: https://community.torproject.org/onion-services/talk/ in this paragraph:
> Other providers like [ProtonMail](https://protonmail.com/blog/protonmail-tor-censorship/) allow users to read and send their e-mail securely and anonymously over their webclient that serves an onion site.
"ProtonMail" should be updated to "Proton"
The link should be updated from https://protonmail.com/blog/protonmail-tor-censorship/ to https://proton.me/news/protonmail-tor-censorshipGusGushttps://gitlab.torproject.org/tpo/web/community/-/issues/258[Relays] Update enn.lu status in relay association page2022-04-22T20:59:51ZGus[Relays] Update enn.lu status in relay association pageThis week Enn.lu [announced](https://twitter.com/FrennVunDerEnn/status/1496129197064007692) that they are closing their operations.
We could remove them from the relay association page or create an 'inactive' table.
https://community.to...This week Enn.lu [announced](https://twitter.com/FrennVunDerEnn/status/1496129197064007692) that they are closing their operations.
We could remove them from the relay association page or create an 'inactive' table.
https://community.torproject.org/relay/community-resources/relay-associations/GusGushttps://gitlab.torproject.org/tpo/web/community/-/issues/236Relay operations is missing from secondary navbar2021-10-29T19:59:35ZemmapeelRelay operations is missing from secondary navbarThe secondary navbar that we have on the different sections of the website is missing the Relay Operations link. See the 6 sections on the homepage:
![all-sections.cleaned](/uploads/97700a38f46adaa78a4d2dd8354bfd21/all-sections.cleaned....The secondary navbar that we have on the different sections of the website is missing the Relay Operations link. See the 6 sections on the homepage:
![all-sections.cleaned](/uploads/97700a38f46adaa78a4d2dd8354bfd21/all-sections.cleaned.png)
And only 5 sections on the navbar:
![missig-relays.cleaned](/uploads/bd7a13aa9b381de314f5fd257c43a558/missig-relays.cleaned.png)https://gitlab.torproject.org/tpo/web/community/-/issues/235Top navigation bar does not change links when changing locale (but this works...2021-10-29T20:00:34ZemmapeelTop navigation bar does not change links when changing locale (but this works on other lektors)Reported by translator Kaya Zeren, confirmed by me.
It seems something needs to be done for the Community portal to provide the locale specific links for different languages.
Steps to reproduce:
- Open https://community.torproject.org...Reported by translator Kaya Zeren, confirmed by me.
It seems something needs to be done for the Community portal to provide the locale specific links for different languages.
Steps to reproduce:
- Open https://community.torproject.org/tr/
- if you hover over the links to Support, about, and community, they come in English.
- Open https://support.torproject.org/tr/
- if you hover over the same links, you can see that they show the Turkish locale (https://community.torproject.org/tr/ , https://www.torproject.org/tr/about/history/ etc)
This links should be generated from the lego file https://gitlab.torproject.org/tpo/web/lego/-/blob/master/databags/links.ini , but the community portal is ignoring it.https://gitlab.torproject.org/tpo/web/community/-/issues/204some errors on user-research/guidelines/2021-06-16T13:50:35Zemmapeelsome errors on user-research/guidelines/Some errors found in https://community.torproject.org/user-research/guidelines/ :
- "Get in here to read some suggestions about being a better listener and make a great research experience." - but there is no link. where should the rea...Some errors found in https://community.torproject.org/user-research/guidelines/ :
- "Get in here to read some suggestions about being a better listener and make a great research experience." - but there is no link. where should the reader get ?
- in the section "Describe and Ask for consent" we have an empty link in "You should take [this material] with you on the day of your research, distribute it among participants, and answer their questions about how to fill it in if they have any." - This material does not link anywhere.
- in the section 'How to submit your findings' we say on the 3rd point: `Create issues in the Research repository`. The research repository links to the readme file. Maybe we should change the link to https://gitlab.torproject.org/tpo/ux/research/-/issues, and say to create an issue on the `Research project` instead of repository? In other page we say: "After choosing which study to run, open an issue in our [GitLab page](https://gitlab.torproject.org/tpo/ux/research)."donutsdonutshttps://gitlab.torproject.org/tpo/web/community/-/issues/201Add link on "HTTPS for your onion" to "certificate for your onion" blog post2021-06-28T19:02:59ZcypherpunksAdd link on "HTTPS for your onion" to "certificate for your onion" blog postAsked [on the blog](https://blog.torproject.org/comment/291409#comment-291409).
Please on this guide page:
https://community.torproject.org/onion-services/advanced/https/
add a link to this:
https://blog.torproject.org/tls-certificate-f...Asked [on the blog](https://blog.torproject.org/comment/291409#comment-291409).
Please on this guide page:
https://community.torproject.org/onion-services/advanced/https/
add a link to this:
https://blog.torproject.org/tls-certificate-for-onion-site
You're [setting it up to be forgotten](https://blog.torproject.org/comment/291287#comment-291287).GusGushttps://gitlab.torproject.org/tpo/web/community/-/issues/184[Onion Services] Update HTTPS onion services page with new DV Onion certifica...2021-06-25T15:32:16ZGus[Onion Services] Update HTTPS onion services page with new DV Onion certificate (Harica)HARICA now issues DV certs for onions: https://www.harica.gr/Products/ServerCertificate
"SSL DV Onion (Domain Validated - Onion): SSL/TLS Server Certificate that includes one or more Onion domains (e.g. www.4gmrlefxkq4mtan6a2lqwfwa7un4b...HARICA now issues DV certs for onions: https://www.harica.gr/Products/ServerCertificate
"SSL DV Onion (Domain Validated - Onion): SSL/TLS Server Certificate that includes one or more Onion domains (e.g. www.4gmrlefxkq4mtan6a2lqwfwa7un4brjlatka75nwdczemqqwn3wznnad.onion, mysite.4gmrlefxkq4mtan6a2lqwfwa7un4brjlatka75nwdczemqqwn3wznnad.onion)"
We will need to add that information in this page:
https://community.torproject.org/onion-services/advanced/https/https://gitlab.torproject.org/tpo/web/community/-/issues/130[Onion Services][SSL][Vanity] FR: writeup about authentication for onion site...2021-03-25T15:07:32ZJim Newsome[Onion Services][SSL][Vanity] FR: writeup about authentication for onion sites. SSL certs, vanity addresses, etc.Context - I was reaching out to the owners of securityinabox.org about their onion address https://bpo4ybbs2apk4sk4.onion/, which presents a cert for a completely different domain. I looked for but couldn't find authoritative docs about ...Context - I was reaching out to the owners of securityinabox.org about their onion address https://bpo4ybbs2apk4sk4.onion/, which presents a cert for a completely different domain. I looked for but couldn't find authoritative docs about best practices around SSL for onion sites.
It'd at least be nice to have a short writeup about the recent movement about not requiring EV certs (https://cabforum.org/pipermail/servercert-wg/2020-February/001637.html).
At the risk of scope creep it'd perhaps be even better to have a more comprehensive writeup about best practices around proving authenticity for onion addresses. e.g. perhaps also mention why vanity addresses aren't helpful, alternatives to certs you *can* do (link from something else already securely tied to your identity), etc.
FWIW here's what I sent to the securityinabox folks:
FYI the onion address (http://bpo4ybbs2apk4sk4.onion) linked from your 'about' page (https://securityinabox.org/en/about) appears to be broken. It presents a certificate for common-name "api-test.ttc.io", which results in browser warnings. Unfortunately even if the user clicks through the warnings, the server then just returns a 502 error.
I wanted to mention a few things about the cert in particular, but I should preface with: I'm a developer at the Tor Project; I'm somewhat familiar with this subject but to be clear I'm new and this is outside my primary area
The Tor protocol itself already provides encryption and authentication. Most of the potential value in a certificate would be to link the onion address to your clear-web domain name, but a cert for some other domain, as your server is presenting, doesn't do that either.
A cert for "securityinabox.org" might be a little better - it'd still cause a warning, but at least on inspection would prove that this onion address really belongs to the owner of that domain. OTOH simply having a link to your onion site from an SSL/TLS clear-web page you own, which you already do, already does that in a less obscure way.
A cert that includes the onion address itself would get rid of the warning. Until recently this required getting an expensive EV cert, but this is changing now (https://cabforum.org/pipermail/servercert-wg/2020-February/001637.html).
Assuming you don't have much resources to dedicate to this, the best short-term course of action might be to just drop the cert (and hence SSL/TLS) for now to get ride of the warnings (and thus not either scare people away or train them to click away the warnings).