tpo issueshttps://gitlab.torproject.org/tpo/web/tpo/-/issues2022-06-16T04:34:36Zhttps://gitlab.torproject.org/tpo/web/tpo/-/issues/311Latest Tor Browser download2022-06-16T04:34:36ZTracLatest Tor Browser downloadI've needed to go through the Tor Browser installation process several times, on mostly Ubuntu machines.
Instead of navigating to the website from Firefox, downloading the tarball in /download, and extracting it with the Archive Manager...I've needed to go through the Tor Browser installation process several times, on mostly Ubuntu machines.
Instead of navigating to the website from Firefox, downloading the tarball in /download, and extracting it with the Archive Manager, it would be so much simpler to do something like this from the terminal:
```
wget https://www.torproject.org/dist/torbrowser/latest/tor-browser_en-US.tar.xz -O - | tar xz
```
This is not possible right now, because the URL for the latest Tor Browser on the website is tied to a specific version. If the Tor installation is added to a script, the script will be outdated as soon as a new version comes out.
Could we create a permanent URL for the latest stable version of Tor Browser? Since installing variants of Tor Browser via package managers is discouraged, it would be nice to make a scripted installation process a bit simpler.
**Trac**:
**Username**: robinmetralhttps://gitlab.torproject.org/tpo/web/tpo/-/issues/308have a permanent link to RecommendedTBBVersions2022-06-15T07:47:13Zproperhave a permanent link to RecommendedTBBVersionsPeople use downloaders/scripts to Download TBB. (There is [torbrowser-launcher](https://github.com/micahflee/torbrowser-launcher) as well as [tb-updater](https://github.com/Whonix/tb-updater) and perhaps more.)
Would be nice if the do...People use downloaders/scripts to Download TBB. (There is [torbrowser-launcher](https://github.com/micahflee/torbrowser-launcher) as well as [tb-updater](https://github.com/Whonix/tb-updater) and perhaps more.)
Would be nice if the download location for RecommendedTBBVersions was finalized. Otherwise each time it changes, these downloaders break.
In past it was hosted [here](https://check.torproject.org/RecommendedTBBVersions), currently it is hosted [here](https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions), perhaps you want to move it to archive.torproject.org one day?
Perhaps, as a solution, could you please introduce a subdomain `RecommendedTBBVersions.torproject.org` and then have that redirect to whatever location you prefer?https://gitlab.torproject.org/tpo/web/tpo/-/issues/307finalize RecommendedTBBVersions format2022-06-15T07:46:52Zproperfinalize RecommendedTBBVersions formatPeople use downloaders/scripts to Download TBB. (There is [torbrowser-launcher](https://github.com/micahflee/torbrowser-launcher) as well as [tb-updater](https://github.com/Whonix/tb-updater) and perhaps more.)
The problem is, the [Reco...People use downloaders/scripts to Download TBB. (There is [torbrowser-launcher](https://github.com/micahflee/torbrowser-launcher) as well as [tb-updater](https://github.com/Whonix/tb-updater) and perhaps more.)
The problem is, the [RecommendedTBBVersions](https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions) format is currently undocumented and unfinalized. It changed very often in past and therefore broke these TBB downloaders. This is non-ideal. This is a feature request to finalize the RecommendedTBBVersions format to keep these downloaders functional.https://gitlab.torproject.org/tpo/web/tpo/-/issues/148Add pagination to to Coverage table on tpo.org/press2021-01-15T18:28:40ZdonutsAdd pagination to to Coverage table on tpo.org/pressThe [press coverage table](https://www.torproject.org/press/) could use some kind of pagination – either numbered, or tabs (e.g. by year) to reduce its length.
We could reuse this pattern elsewhere too.The [press coverage table](https://www.torproject.org/press/) could use some kind of pagination – either numbered, or tabs (e.g. by year) to reduce its length.
We could reuse this pattern elsewhere too.https://gitlab.torproject.org/tpo/web/tpo/-/issues/147Verifying-signatures needs some work2020-12-21T17:12:26ZMike PerryVerifying-signatures needs some workhttps://www.torproject.org/docs/verifying-signatures.html.en is ridiculously complicated and stuffed with tons of irrelevant information.
We should break it into 2 pages. The list of keys that signs sub-components and/or email should be...https://www.torproject.org/docs/verifying-signatures.html.en is ridiculously complicated and stuffed with tons of irrelevant information.
We should break it into 2 pages. The list of keys that signs sub-components and/or email should be on a completely separate page. The only keys on this page should be those that actually sign user-facing packages: TBB and (maybe) the vidalia expert bundles.
The page should walk the user through verifying a signature of a specific package for each platform. The page should focus on only one key and only one package. This package should probably be TBB.
Also, much of the material on this page is out of date. For example, the Mac utilities are completely different now, are hosted at a new URL, and now have a GUI that handles the key import process (but sadly not package signature verification). They do at least put the gpg binary into the system path, so you no longer have to grovel through /Applications in order to find it.Roger DingledineRoger Dingledinehttps://gitlab.torproject.org/tpo/web/tpo/-/issues/145Make the various javascript on Tor sites be LibreJS-compatible?2021-09-08T19:45:54ZRoger DingledineMake the various javascript on Tor sites be LibreJS-compatible?On reading https://www.gnu.org/software/repo-criteria.html (as pointed out on tor-talk), I came across "B0": "All code sent to the user's browser must be free software and labeled for LibreJS or other suitable free automatic license anal...On reading https://www.gnu.org/software/repo-criteria.html (as pointed out on tor-talk), I came across "B0": "All code sent to the user's browser must be free software and labeled for LibreJS or other suitable free automatic license analyzer".
I don't know anything about the politics behind libre JS or the like, but I know some of the Tor sites use JavaScript, and I also know we're not meaning to keep any of it non-free.
Is there some enthusiastic free software zealot out there who wants to inventory the javascript used on various Tor sites, and move us closer to labeling it all as free?traumschuletraumschulehttps://gitlab.torproject.org/tpo/web/tpo/-/issues/144Move CSP style attributes into external stylesheets2021-09-15T19:12:01ZcypherpunksMove CSP style attributes into external stylesheetsSuggested by the Mozilla Observatory https://observatory.mozilla.org/analyze.html?host=torproject.org
> Your current CSP policy allows the use of `'unsafe-inline'` inside of `style-src`. Moving `style` attributes into external styleshee...Suggested by the Mozilla Observatory https://observatory.mozilla.org/analyze.html?host=torproject.org
> Your current CSP policy allows the use of `'unsafe-inline'` inside of `style-src`. Moving `style` attributes into external stylesheets not only makes you safer, but also makes your code easier to maintain.https://gitlab.torproject.org/tpo/web/tpo/-/issues/141adjust text shown on screen based on size of text2021-04-13T00:09:46ZTracadjust text shown on screen based on size of textWhen viewing this web page I find I have to increase the size of text because I have poor vision.
If I use the control-+ to increase the text size, your web page forces me to scroll the window left to right to read lines of text.
Use t...When viewing this web page I find I have to increase the size of text because I have poor vision.
If I use the control-+ to increase the text size, your web page forces me to scroll the window left to right to read lines of text.
Use the method that wikipedia.com uses for displaying the screen.
wikipedia.com adjusts the text to fit within the displayed window by making lines shorter as text size increases and making lines longer as text size increases.
Go to wikipedia.com and view any entry. Then do a control-+ to increase text size and see what it does. Then do a control-- to reduce size of text and see what it does. NOTE: I am using Ubuntu 16.04 - hence my control-+ increases text size and control-- will decrease text size. I don't know what keys are used to do this with other operating systems.
Just an idea from a 71 year old with bad eyes.
**Trac**:
**Username**: efitterytraumschuletraumschulehttps://gitlab.torproject.org/tpo/web/tpo/-/issues/138Add instructions for removing the code signing parts of OS X bundles and MAR ...2023-01-11T16:52:32ZGeorg KoppenAdd instructions for removing the code signing parts of OS X bundles and MAR filesWe start with code signing on OS X now and should have instructions on our website for getting rid of the code signing parts to make it easier for comparing the things we ship with the things we built.We start with code signing on OS X now and should have instructions on our website for getting rid of the code signing parts to make it easier for comparing the things we ship with the things we built.https://gitlab.torproject.org/tpo/web/tpo/-/issues/137Usability of MacOS installation process2021-02-26T12:37:36ZcypherpunksUsability of MacOS installation processUsability of MacOS installation process
Consequence: User is unable to verify package signature
Steps to reproduce:
1. Download Tor browser
2. Go to https://www.torproject.org/docs/verifying-signatures.html.en for instructions.
3...Usability of MacOS installation process
Consequence: User is unable to verify package signature
Steps to reproduce:
1. Download Tor browser
2. Go to https://www.torproject.org/docs/verifying-signatures.html.en for instructions.
3. Read the block of text for MacOS and Linux.
4. Follow the link at the bottom of that section to:
https://www.gnupg.org/documentation/
5. Struggle with the information on that page.
6. Try to go to the SourceForge link there for GPG Mac download.
uBlock Origin blockade: uBlock Origin has prevented the following page from loading:http://macgpg.sourceforge.net/
Because of the following filter
| sourceforge.net^$other^ |
|-------------------------|
Found in: uBlock filters – Badware risks
7. Give up.
----
What should have happened:
Follow the GPGTools link at the top of the Tor page's Mac/Linux instruction block.
https://www.torproject.org/docs/verifying-signatures.html.en
----
Suggested fixes:
* Divide the MacOS instructions from the Linux instructions.
* Add numbers to the procedures... something like this, for the MacOS:
1. Download Tor Browser and save the signature.asc to your Desktop.
1. Download and install GPGTools.
1. Open a Terminal window (Terminal is in /Applications/Utilities or find it with search)
1. Paste the following into the terminal: [... ...]
...adding links appropriately in the procedure
* Use link colors to help people visually scan through the pages. Take advantage of the human tendency to skim over text and just read the bold, colored stuff:
-Use a color with better contrast against black (the green is wonderful but too dark for good contrast)
-Include more keywords in links
* Related installation issue that probably belongs somewhere else:
Opening the DMG and installing the Tor Browser: The application file shows a file modification date of Dec 31, 1999, so it's difficult to know whether the downloaded one is newer than one I have already.
No version number is in the file name.
Get Info (cmd-I) (which not every Mac user knows about) does show a version number, and it also shows the file has a creation date of Dec 31, 2000, which is before the mod date. The weird dates might cause version control issues but are also likely to worry people who see them.traumschuletraumschulehttps://gitlab.torproject.org/tpo/web/tpo/-/issues/135Create "Learn More" Landing Page for TBA2021-06-11T15:12:09ZMatthew FinkelCreate "Learn More" Landing Page for TBAWhen TBA is first launched there is a "Learn More" link the user can click. We should take advantage of this and create a useful webpage where the user can learn more. (Orfox currently has this, too, and the link goes to [[Guardian Proje...When TBA is first launched there is a "Learn More" link the user can click. We should take advantage of this and create a useful webpage where the user can learn more. (Orfox currently has this, too, and the link goes to [[Guardian Project's Orfox page](https://guardianproject.info/apps/orfox|the)].https://gitlab.torproject.org/tpo/web/tpo/-/issues/134Add link to Tor SlackBuild on download-unix.html.en2021-09-08T12:48:25ZcypherpunksAdd link to Tor SlackBuild on download-unix.html.enI thought it would be nice to add link to the [Tor SlackBuild](https://slackbuilds.org/repository/14.2/network/tor/) on [download-unix.html.en](https://www.torproject.org/download/download-unix.html.en). The SlackBuild works fine and is ...I thought it would be nice to add link to the [Tor SlackBuild](https://slackbuilds.org/repository/14.2/network/tor/) on [download-unix.html.en](https://www.torproject.org/download/download-unix.html.en). The SlackBuild works fine and is updated regularly.
The code would be something like this:
```
<tr class="beige">
<td align="center"><img src="$(IMGROOT)/distros/slackware.png" alt="Slackware"></td>
<td>Slackware</td>
<td colspan="2"><a href="https://slackbuilds.org/repository/14.2/network/tor/">SlackBuilds.org</a></td>
<td>
<a href="<page docs/tor-doc-unix>">Linux/BSD/Unix</a><br>
</td>
</tr>
```
If nobody wants to design a new logo, there's generic.png in /images/distros/ folderhttps://gitlab.torproject.org/tpo/web/tpo/-/issues/133Introduce TLS MITM Detection on Tor Project websites2021-09-15T19:15:00ZnaifIntroduce TLS MITM Detection on Tor Project websitesThis ticket is to implement the feature of TLS MITM detection on Tor Project websites in the same way caddy webserver is doing it https://caddyserver.com/docs/mitm-detection on the basis of this paper https://jhalderm.com/pub/papers/inte...This ticket is to implement the feature of TLS MITM detection on Tor Project websites in the same way caddy webserver is doing it https://caddyserver.com/docs/mitm-detection on the basis of this paper https://jhalderm.com/pub/papers/interception-ndss17.pdf .
Collecting data on who's maybe trying to attempt to MITM Tor Project website access can be a valuable adversarial intelligence resourcehttps://gitlab.torproject.org/tpo/web/tpo/-/issues/132Add a security.txt file to torproject.org2023-02-17T20:00:09ZteorAdd a security.txt file to torproject.orgsecurity.txt files give people the information they need to contact Tor when they find a security issue.
It's an IETF draft, and Google has done it, so maybe we should too:
https://securitytxt.org/
We can use the existing information a...security.txt files give people the information they need to contact Tor when they find a security issue.
It's an IETF draft, and Google has done it, so maybe we should too:
https://securitytxt.org/
We can use the existing information at:
https://www.torproject.org/about/contact#security
And we might want to:
* add a PGP key file
* add a signature
* maybe add a policy or acknowledgements when we decide how they workhttps://gitlab.torproject.org/tpo/web/tpo/-/issues/131Publish policy documents on www.torproject.org2023-11-07T23:00:29ZJulius MittenzweiPublish policy documents on www.torproject.org**Background**
In the past years we worked on many policy documents (CoC, membership policy, etc). We should make them available on a prominent page on torproject.org.
**Current situation**
The policy documents are published in the gi...**Background**
In the past years we worked on many policy documents (CoC, membership policy, etc). We should make them available on a prominent page on torproject.org.
**Current situation**
The policy documents are published in the gitweb: https://gitweb.torproject.org/community/policies.git/tree/
Some other bylaws can be found here:
https://www.torproject.org/about/financials.html.en
**Expected situation**
Create a section within "About Tor" named "Policies". With a general text describing our current policies.
I would also suggest that we inline describe our current values, how membership works, how voting works, etc.
Create formatted versions of:
- CoC
- Membership guidelines
- statement of values
- voting system
- board documents (like bylaws)
- ...
and link them from the main policy page.
*Timeline*
I would suggest that we collect ideas within this ticket and make a meeting in Mexico :-)https://gitlab.torproject.org/tpo/web/tpo/-/issues/126Improve verify signature flow for Tor Browser2021-09-15T19:46:04ZAntonelaantonela@torproject.orgImprove verify signature flow for Tor BrowserVerifying signature is a painful process for regular and power users. This ticket aims to explore how we can improve it.Verifying signature is a painful process for regular and power users. This ticket aims to explore how we can improve it.https://gitlab.torproject.org/tpo/web/tpo/-/issues/83Make it easier to find tb-manual2023-08-01T12:14:03ZcypherpunksMake it easier to find tb-manualIt is hard to find tb-manual.torproject.org from www.torproject.org. I found only one link, anywhere. On the webpage for downloading, scroll halfway down to find it in a sentence in the middle of similar looking paragraphs. I found the m...It is hard to find tb-manual.torproject.org from www.torproject.org. I found only one link, anywhere. On the webpage for downloading, scroll halfway down to find it in a sentence in the middle of similar looking paragraphs. I found the manuals on 2019.www.torproject.org from the www.torproject.org Documentation heading much faster than I found tb-manual.torproject.org.
It is easy to find support.torproject.org because it is on every page in the heading.https://gitlab.torproject.org/tpo/web/tpo/-/issues/68Download page content displays poorly on small screen devices2023-08-15T19:00:08ZGusDownload page content displays poorly on small screen devicesWe received this feedback and solution on Download page.
---
I had noticed that on the download page there are some issues with content displaying inappropriately on smaller screen sizes. The circular download logo button sections for ...We received this feedback and solution on Download page.
---
I had noticed that on the download page there are some issues with content displaying inappropriately on smaller screen sizes. The circular download logo button sections for Windows, OS X, Linux, and Android are overlapping each other for various reasons, on various screen sizes. I have reworked the code to make this section display appropriately for all mobile screen sizes.
Here is my solution (NOTE: I will refer to the page source code lines (view-source:https://www.torproject.org/download/) for your reference.):
* [ ] 1. Space the circular download button sections evenly widthwise by adding the Class "mx-auto" to <div class="oval-2 bg-darker"> on the following lines: 120, 141, 162.
* [ ] 2. Remove the "py-3" Class from class="col-sm-6 col-md-3 py-3" on the following lines: 119, 140, 161, 182
The reason for removing the Class "py-3" is because if the padding values associated with this class are edited it changes the padding on the download link text section which uses the same Class below the circular download buttons section. Removing this Class from the mentioned lines doesn't remove any "needed" CSS.
* [ ] 3. For fixing the spacing issues between the 4 circular download buttons add {padding: 2em 1em 5em 1em;} as an inline style to the divs on the following lines: 119, 140, 161, 182
* [ ] 4. For styling the space around the download text links section remove the Class p-5 from <div class="row p-5"> and add {padding: 1em 3em 0 3em !important;} as an inline style to the <div> on line 192.
![feedback-download-page-before](/uploads/dcece67d2271550d1ca3cff2c8a066ea/feedback-download-page-before.png)
![feedback-download-page-after](/uploads/4b2eb70e3f7764491df23706e86b6976/feedback-download-page-after.png)
* [ ] 5. For fixing the overlapping rectangular buttons (Download for Windows, Download for OS X, etc...) in the circular downloads buttons section, an easy fix, I found is removing the word "for" from the button which will shorten the width of the button so that it doesn't overlap the button next to it. To make the text read nicer, reverse the word "Download" with the manufacture name (Windows). - For example instead of using the existing text "Download for Windows" do, "Windows Download".
![before](/uploads/e6c89eb0fba22254d3c65476fe0798d7/before.png)
![after](/uploads/1b59ad26a97ee083c8e10004bf9bd283/after.png)donutsdonutshttps://gitlab.torproject.org/tpo/web/tpo/-/issues/52make some sort of tag in markdown for current tor browser release2021-09-15T19:32:13Zemmapeelmake some sort of tag in markdown for current tor browser releaseThere are parts of our documentation when we mention the version number of Tor Browser, for example when talking about a file. This number should be automatically updated to current Tor Browser, so we can save some time.
This should be ...There are parts of our documentation when we mention the version number of Tor Browser, for example when talking about a file. This number should be automatically updated to current Tor Browser, so we can save some time.
This should be available from the markdown directly, for example with **!tor-browser-current-version-number**.
Example of use: https://github.com/torproject/support/pull/101/files