[tor-bugs] #19209 [Core Tor/Tor]: torrc: Comments Need Clarifying

[Tor Bug Tracker & Wiki]

#19209: torrc: Comments Need Clarifying
--+--
 Reporter:  huertanix |  Owner:
 Type:  defect| Status:  new
 Priority:  Low   |  Milestone:
Component:  Core Tor/Tor  |Version:  Tor: 0.2.7.6
 Severity:  Trivial   |   Keywords:  torrc
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 I've written a guide on how to set up a Tor relay, but I ran into some
 confusion from readers on some initial drafts on a few areas which I
 clarified on the final guide (see: https://motherboard.vice.com/read/how-
 you-can-help-make-tor-faster-for-10-a-month). However, it'd be great to
 see some clarifications in the comments in /etc/tor/torrc.

 Specifically...

 Update:
 ## Uncomment this if you run more than one Tor relay, and add the identity
 ## key fingerprint of each Tor relay you control, even if they're on
 ## different networks. Include the "$" with each key ID.

 Update:
 ## Don't forget the < and >.
 #ContactInfo Random Person 

 Update:
 ## A handle for your relay, so people don't have to refer to it by key.
 ## Only alphanumeric characters, A-Z, a-z, 0-1 allowed. No unicode, no
 emoji.

 I assume this might be easy, but that it might trigger some package
 management systems to bug the user into asking which config they want if
 they already have the tor package installed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #19208 [Applications/Tor Browser]: add searx search engine

[Tor Bug Tracker & Wiki]

#19208: add searx search engine
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Low   |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Minor |   Keywords:  searx
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 I'm using this meta search engine for some time now. It is not perfect,
 but it exists. I would be happy to see it in the tbb's list of search
 engines.

 Overview:
 Searx is a free software internet metasearch engine which aggregates
 results from other search engines, while not storing information about its
 users. Searx does not track or profile its users, nor does it share its
 users’ data with third parties. Additionally, searx can be used over Tor
 for online anonymity.

 List of running instances:
 https://github.com/asciimoo/searx/wiki/Searx-instances
 some of them are available as hidden service !


 Cheers !

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19181 [Applications/Tor Browser]: Firefox >= 48 ships with an ICU pre-compiled blob

[Tor Bug Tracker & Wiki]

#19181: Firefox >= 48 ships with an ICU pre-compiled blob
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff52-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by bugzilla):

 It was a surprise that you'd decided to fix #13419 not by backporting this
 solution. And now there is this strange ticket about trust to Mozilla...
 Of course, if you don't trust, then you'll run "update-icu script to do a
 local ICU build with configure+make to generate a new data file when
 updating to a new ICU." And ship the blob.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18382 [Applications/Tor Browser]: Tor Browser should offer an option to clear history in PBM

[Tor Bug Tracker & Wiki]

#18382: Tor Browser should offer an option to clear history in PBM
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  enhancement   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-torbutton |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by bugzilla):

 Users ask you for an option to clear "history" on a per-site basis.
 And, yep, TBB has an option to clear history in PBM ;)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19199 [Applications/Tor Browser]: Completely disable canvas content and related warning popup based on Security Slider setting

[Tor Bug Tracker & Wiki]

#19199: Completely disable canvas content and related warning popup based on
Security Slider setting
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  closed
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:  wontfix
 Keywords:  privacy, anonymity, fingerprinting  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by bugzilla):

 The rationale here is: "present the icon in the address bar so that it can
 be enabled manually, on a per-site or per-page basis, if a user needs this
 feature." instead of annoying popup.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19200 [Applications/Tor Browser]: HTML5 video not blocked with placeholder, plays automatically

[Tor Bug Tracker & Wiki]

#19200: HTML5 video not blocked with placeholder, plays automatically
--+--
 Reporter:  potato|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-security-slider   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by bugzilla):

 Thanks for filing a separate ticket for
 https://trac.torproject.org/projects/tor/ticket/18937#comment:14. Maybe,
 this will help to raise attention of devs to the problem.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19180 [Core Tor/Tor]: Add new compiler warnings

[Tor Bug Tracker & Wiki]

#19180: Add new compiler warnings
--+--
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  029-proposed  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by bugzilla):

 FWIW, Tor Browser is compiled with
 {{{
 -Wdeclaration-after-statement
 -Wpointer-to-int-cast
 -Wcast-align
 }}}
 (The "GCC 3-" annotations mean "GCC 3 or earlier" ;)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13018 [Applications/Tor Browser]: Math routines are OS fingerprintable

[Tor Bug Tracker & Wiki]

#13018: Math routines are OS fingerprintable
-+-
 Reporter:  mikeperry|  Owner:  tbb-
 Type:  defect   |  team
 Priority:  Medium   | Status:  new
Component:  Applications/Tor Browser |  Milestone:
 Severity:  Normal   |Version:
 Keywords:  tbb-fingerprinting-os-version, tbb-  | Resolution:
  easy, ff31-esr |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mikeperry):

 This may also be the cause of the fingerprintability of the WebAudio stuff
 in #13017 (or at least part of that fingerprintability). See
 https://trac.torproject.org/projects/tor/ticket/13017#comment:27 for a
 useful test.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13017 [Applications/Tor Browser]: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector

[Tor Bug Tracker & Wiki]

#13017: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting 
vector
-+-
 Reporter:  mikeperry|  Owner:
 Type:  task |  arthuredelstein
 Priority:  Very High| Status:
Component:  Applications/Tor Browser |  assigned
 Severity:  Critical |  Milestone:
 Keywords:  tbb-fingerprinting-os, tbb-easy, |Version:
  TorBrowserTeam201605   | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-

Comment (by mikeperry):

 I have two points for further experimentation either here or #13018:
 1. Can we find two Linux systems that have the same bit-width but
 different fingerprints here (Ie: debian/stable vs Fedora, or something
 with a large time difference between releases and differences in base
 system)
 2. If so, a useful test would be testing if simply copying the same
 libm.so (found in either /lib/x86_64-linux-gnu/libm.so.6 or
 /usr/lib/x86_64-linux-gnu/libm.so on my system) onto both TBB's
 TorBrowser/Tor/ directory to see if the fingerprints here become identical
 again. That Tor directory should be in LD_LIBRARY_PATH, overriding the
 /lib search. You can check /proc/pid/maps to see if it got loaded.

 This simple test would help us determine if we're just looking at math
 routine differences. In which case, we could ship the equivalent of a
 uniform set of math routines for all platforms for TBB, and use those
 instead.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #19207 [- Select a component]: Received http status code 504

[Tor Bug Tracker & Wiki]

#19207: Received http status code 504
--+-
 Reporter:  chftthtorrelay|  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 Hello

 In my relay log i always see this: May 30 18:27:57.000 [warn] Received
 http status code 504 ("Gateway Time-out") from server '154.35.175.225:80'
 while fetching "/tor/server/d/8D002A5E87E27A32F501080CEFF8E88DBEE7E725.z".
 I'll try again soon.

 Is this a problem on my side?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19180 [Core Tor/Tor]: Add new compiler warnings

[Tor Bug Tracker & Wiki]

#19180: Add new compiler warnings
--+--
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  029-proposed  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by nickm):

 * status:  new => needs_review


Comment:

 Okay. `bug19180_easy` now has all of the easy fixes, including the
 "tricky" ones that were pretty easy to fix.  I'll write up a synopsis of
 the remaining tricky ones before too long.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19206 [Applications/Tor Browser]: SOCKS isolation should include a process identifier.

[Tor Bug Tracker & Wiki]

#19206: SOCKS isolation should include a process identifier.
--+--
 Reporter:  yawning   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by arthuredelstein):

 Another possible option would be to use a random string per first-party
 domain (such as a random UUID for the password). That would mean we don't
 have to obtain the PID.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19206 [Applications/Tor Browser]: SOCKS isolation should include a process identifier.

[Tor Bug Tracker & Wiki]

#19206: SOCKS isolation should include a process identifier.
--+--
 Reporter:  yawning   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by mcs):

 * cc: brade, mcs (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #19206 [Applications/Tor Browser]: SOCKS isolation should include a process identifier.

[Tor Bug Tracker & Wiki]

#19206: SOCKS isolation should include a process identifier.
--+--
 Reporter:  yawning   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 This isn't an issue when using Tor Browser with "tor-launcher forks/execs
 the tor process" model, but is relevant to all other use cases,
 particularly with a system tor instance.

 The SOCKS username/password isolation should include a instance identifier
 such that each invocation of Tor Browser ends up using difference circuits
 (Currently, the isolation tags will get reused).

 The current format is `domain:counter`.  The naive implementation of this
 would be something like `domain:pid:counter`.  `pid` could be expanded to
 include process launch time information or similar to handle the PID reuse
 case, but I'm not sure how likely that is (the entire PID space needs to
 be consumed before PIDs are reused on Linux).

 I filed #18125 a while ago with similar rationale in mind, but doing it
 this way is better, so feel free to kill off the older ticket in favor of
 this one.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19192 [Applications/Tor Browser]: untrust bluecoat CA

[Tor Bug Tracker & Wiki]

#19192: untrust bluecoat CA
--+--
 Reporter:  mrphs |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 See: https://bugzilla.mozilla.org/show_bug.cgi?id=1276146 for the upstream
 bug. We should closely follow it and take Mozilla's reasoning into
 account. I am still not convinced we should go into the "which CA is evil"
 business and agree with comment:2.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19043 [Core Tor/Tor]: Implementation of prop224 ESTABLISH_INTRO cell

[Tor Bug Tracker & Wiki]

#19043: Implementation of prop224 ESTABLISH_INTRO cell
-+
 Reporter:  alec.heif|  Owner:
 Type:  enhancement  | Status:  needs_revision
 Priority:  Medium   |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, prop224, 6.s194  |  Actual Points:
Parent ID:  #17241   | Points:  3
 Reviewer:  asn, dgoulet |Sponsor:  SponsorR-must
-+
Changes (by dgoulet):

 * points:   => 3


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #6418 [Core Tor/Tor]: Drop support for older versions of the hidden service protocol

[Tor Bug Tracker & Wiki]

#6418: Drop support for older versions of the hidden service protocol
--+--
 Reporter:  nickm |  Owner:
 Type:  enhancement   | Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:  SponsorR-can
--+--
Changes (by dgoulet):

 * points:  1 =>
 * milestone:  Tor: 0.2.9.x-final => Tor: 0.2.???


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18923 [Applications/Tor Browser]: Add a script in tor-browser.git to run all of our TBB-specific regression tests

[Tor Bug Tracker & Wiki]

#18923: Add a script in tor-browser.git to run all of our TBB-specific 
regression
tests
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by boklm):

 * cc: boklm (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15621 [Core Tor/Tor]: Kill the pre-version 3 intro protocol code with fire.

[Tor Bug Tracker & Wiki]

#15621: Kill the pre-version 3 intro protocol code with fire.
--+
 Reporter:  yawning   |  Owner:  dgoulet
 Type:  enhancement   | Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs|  Actual Points:
Parent ID:  #6418 | Points:  1
 Reviewer:  asn   |Sponsor:  SponsorR-can
--+
Changes (by dgoulet):

 * keywords:  tor-hs, TorCoreTeam-postponed-201604 => tor-hs
 * status:  needs_information => needs_revision
 * milestone:  Tor: 0.2.9.x-final => Tor: 0.2.???


Comment:

 Moving this out of 029 because we seem to want this to be rolled out once
 224 is rolled out with a consensus params. No chance for this to be in
 029. Adding `prop224` keyword so we know about it once we deploy next-gen
 HS.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17241 [Core Tor/Tor]: prop224: Implement relay side support (was: Implement relay side support of proposal 224)

[Tor Bug Tracker & Wiki]

#17241: prop224: Implement relay side support
--+
 Reporter:  dgoulet   |  Owner:
 Type:  enhancement   | Status:  new
 Priority:  High  |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs|  Actual Points:
Parent ID:  #12424| Points:
 Reviewer:  asn, dgoulet  |Sponsor:  SponsorR-must
--+
Changes (by dgoulet):

 * points:  6 =>


Comment:

 Renaming for clearer title and removing points which should be in the
 child ticket.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16943 [Core Tor/Tor]: Implement prop250 (Random Number Generation During Tor Voting)

[Tor Bug Tracker & Wiki]

#16943: Implement prop250 (Random Number Generation During Tor Voting)
---+---
 Reporter:  asn|  Owner:  dgoulet
 Type:  enhancement| Status:  needs_review
 Priority:  High   |  Milestone:  Tor:
Component:  Core Tor/Tor   |  0.2.9.x-final
 Severity:  Normal |Version:
 Keywords:  tor-hs, TorCoreTeam201605  | Resolution:
Parent ID:  #8244  |  Actual Points:
 Reviewer:  nickm  | Points:  6
   |Sponsor:  SponsorR-must
---+---
Changes (by dgoulet):

 * points:   => 6


Comment:

 Hrm wait, putting points back on this one since this is related to a huge
 chunk of code.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17238 [Core Tor/Tor]: prop224: Implement HSDir support

[Tor Bug Tracker & Wiki]

#17238: prop224: Implement HSDir support
-+
 Reporter:  dgoulet  |  Owner:
 Type:  enhancement  | Status:  new
 Priority:  High |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, prop224  |  Actual Points:
Parent ID:  #12424   | Points:
 Reviewer:   |Sponsor:  SponsorR-must
-+
Changes (by dgoulet):

 * points:  6 =>


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16943 [Core Tor/Tor]: Implement prop250 (Random Number Generation During Tor Voting)

[Tor Bug Tracker & Wiki]

#16943: Implement prop250 (Random Number Generation During Tor Voting)
---+---
 Reporter:  asn|  Owner:  dgoulet
 Type:  enhancement| Status:  needs_review
 Priority:  High   |  Milestone:  Tor:
Component:  Core Tor/Tor   |  0.2.9.x-final
 Severity:  Normal |Version:
 Keywords:  tor-hs, TorCoreTeam201605  | Resolution:
Parent ID:  #8244  |  Actual Points:
 Reviewer:  nickm  | Points:
   |Sponsor:  SponsorR-must
---+---
Changes (by dgoulet):

 * points:  6 =>


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #2615 [HTTPS Everywhere/HTTPS Everywhere: Chrome]: ttdnsd crash

[Tor Bug Tracker & Wiki]

#2615: ttdnsd crash
-+-
 Reporter:  ioerror  |  Owner:  Ady1994
 Type:  defect   | Status:
 Priority:  Immediate|  accepted
Component:  HTTPS Everywhere/HTTPS Everywhere:   |  Milestone:  ttdnsd:
  Chrome |  0.8
 Severity:  Normal   |Version:
 Keywords:  dns  | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:  C
 |Sponsor:
-+-
Changes (by dgoulet):

 * sponsor:  SponsorR-must =>


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19024 [Core Tor/Tor]: prop224: Refactor rend_data_t so be able to use multiple HS version

[Tor Bug Tracker & Wiki]

#19024: prop224: Refactor rend_data_t so be able to use multiple HS version
-+
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  enhancement  | Status:  accepted
 Priority:  Medium   |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, prop224  |  Actual Points:
Parent ID:  #17238   | Points:  1
 Reviewer:   |Sponsor:  SponsorR-must
-+
Changes (by dgoulet):

 * status:  new => accepted
 * points:   => 1


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19045 [Core Tor/Tor]: Keep trying to form a new shared random value during the next commit phase

[Tor Bug Tracker & Wiki]

#19045: Keep trying to form a new shared random value during the next commit 
phase
-+
 Reporter:  teor |  Owner:
 Type:  enhancement  | Status:  needs_revision
 Priority:  Medium   |  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, prop250  |  Actual Points:
Parent ID:   | Points:  0.2
 Reviewer:  dgoulet  |Sponsor:  SponsorR-can
-+
Changes (by dgoulet):

 * keywords:  029-nickm-unsure, 029-teor-yes, tor-hs => tor-hs, prop250
 * sponsor:  SponsorR-must => SponsorR-can
 * parent:  #16943 =>
 * milestone:  Tor: 0.2.9.x-final => Tor: 0.2.???


Comment:

 Removing parent ID here else we won't be able to close #16943 once it's
 merged. Also, removing it from 029 because our 029 milestone has too many
 things and this can possibly wait. I did a cleanup of the keywords as
 well. It's now tagged `prop250` and `tor-hs` so this won't be lost in the
 darkness of trac.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #19205 [Core Tor/Tor]: prop224: HSDir fetch/store implementation

[Tor Bug Tracker & Wiki]

#19205: prop224: HSDir fetch/store implementation
---+
 Reporter:  dgoulet|  Owner:
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal |   Keywords:  tor-hs, prop224
Actual Points: |  Parent ID:  #17238
   Points:  2  |   Reviewer:
  Sponsor:  SponsorR-must  |
---+
 Ticket for the HSDir fetch/store implementation that is the code using the
 HSDir cache (#18572) and adding the support to the directory subsystem.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18291 [Applications/Tor Browser]: Don't use libfaketime anymore for building the Firefox part of Tor Browser

[Tor Bug Tracker & Wiki]

#18291: Don't use libfaketime anymore for building the Firefox part of Tor 
Browser
-+-
 Reporter:  gk   |  Owner:  tbb-
 Type:  defect   |  team
 Priority:  Medium   | Status:
Component:  Applications/Tor Browser |  needs_review
 Severity:  Normal   |  Milestone:
 Keywords:  tbb-gitian, ff45-esr,|Version:
  TorBrowserTeam201605R, GeorgKoppen201605   | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-
Changes (by boklm):

 * keywords:  tbb-gitian, ff45-esr, TorBrowserTeam201605, GeorgKoppen201605
 => tbb-gitian, ff45-esr, TorBrowserTeam201605R, GeorgKoppen201605
 * status:  new => needs_review


Comment:

 The branch bug_18291-v2 in my repo has a patch for this:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 bundle.git/commit/?h=bug_18291-v2=596a8f6d3bb586712f5895ba6daf7ff7e8033afc

 I have been building this branch twice and got the same result.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19186 [Applications/Tor Browser]: KeyboardEvents are only rounding to 100ms

[Tor Bug Tracker & Wiki]

#19186: KeyboardEvents are only rounding to 100ms
-+-
 Reporter:  arthuredelstein  |  Owner:
 Type:  defect   |  arthuredelstein
 Priority:  Medium   | Status:
Component:  Applications/Tor Browser |  needs_review
 Severity:  Normal   |  Milestone:
 Keywords:  tbb-fingerprinting,  |Version:
  TorBrowserTeam201605R  | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-

Comment (by arthuredelstein):

 Replying to [comment:3 gk]:
 > Is that a regression due to changes in ESR 45 or did we already have
 this problem with ESR38-bases Tor Browsers?

 Turns out it was already there -- I see this problem in Tor Browser 5.5.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19202 [Applications/Tor Browser]: Use cdn.tpo in mar files URLs (was: Use cdn-fastly.tpo in mar files URLs)

[Tor Bug Tracker & Wiki]

#19202: Use cdn.tpo in mar files URLs
--+--
 Reporter:  boklm |  Owner:  boklm
 Type:  task  | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201605R |  Actual Points:
Parent ID:  #19137| Points:
 Reviewer:|Sponsor:
--+--

Old description:

> We should update tools/update-responses/config.yml to use cdn-fastly.tpo
> for the mar files URLs.

New description:

 We should update tools/update-responses/config.yml to use cdn.tpo for the
 mar files URLs.

--

Comment (by boklm):

 I pushed a new version of the patch in branch `bug_19202-v2`, using
 `cdn.tpo` rather than `cdn-fastly.tpo`:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 bundle.git/commit/?h=bug_19202-v2

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19204 [Core Tor/Tor]: Make rend_service_descriptor_t struct immutable

[Tor Bug Tracker & Wiki]

#19204: Make rend_service_descriptor_t struct immutable
--+--
 Reporter:  arma  |  Owner:
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:  SponsorR-can
--+--
Description changed by arma:

Old description:

> Nick suggested that as part of our prop#224 work, we will be happier if
> the rend_service_descriptor_t structure accurately describes what we
> uploaded to the hsdirs, and doesn't have extra baggage inside of it that
> is essentially keeping unrelated state.
>
> This is the meta ticket for accomplishing the task.

New description:

 Nick suggested that as part of our prop224 work, we will be happier if the
 rend_service_descriptor_t structure accurately describes what we uploaded
 to the hsdirs, and doesn't have extra baggage inside of it that is
 essentially keeping unrelated state.

 This is the meta ticket for accomplishing the task.

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17175 [Applications/Tor Browser]: Site is able to detect locale in some way

[Tor Bug Tracker & Wiki]

#17175: Site is able to detect locale in some way
--+---
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by cypherpunks):

 * status:  new => needs_information
 * severity:   => Major


Comment:

 Maybe related to #8725?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19022 [Core Tor/Tor]: Extract intro_nodes status tracking from rend_service_descriptor_t

[Tor Bug Tracker & Wiki]

#19022: Extract intro_nodes status tracking from rend_service_descriptor_t
--+--
 Reporter:  arma  |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #19204| Points:
 Reviewer:|Sponsor:  SponsorR-can
--+--
Changes (by arma):

 * parent:   => #19204


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #19204 [Core Tor/Tor]: Make rend_service_descriptor_t struct immutable

[Tor Bug Tracker & Wiki]

#19204: Make rend_service_descriptor_t struct immutable
--+--
 Reporter:  arma  |  Owner:
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:  SponsorR-can  |
--+--
 Nick suggested that as part of our prop#224 work, we will be happier if
 the rend_service_descriptor_t structure accurately describes what we
 uploaded to the hsdirs, and doesn't have extra baggage inside of it that
 is essentially keeping unrelated state.

 This is the meta ticket for accomplishing the task.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information

[Tor Bug Tracker & Wiki]

#8725: resource:// URIs leak information
-+-
 Reporter:  holizz   |  Owner:  tbb-
 Type:  defect   |  team
 Priority:  Very High| Status:  new
Component:  Applications/Tor Browser |  Milestone:
 Severity:  Major|Version:
 Keywords:  tbb-fingerprinting, tbb-rebase-  | Resolution:
  regression, tbb-testcase, tbb-firefox-patch|  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 I have a workaround for this.
 Can you please look at https://addons.mozilla.org/en-US/firefox/addon/no-
 resource-uri-leak/ ?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16521 [Obfuscation/BridgeDB]: Adresse mail pour ponts relais

[Tor Bug Tracker & Wiki]

#16521: Adresse mail pour ponts relais
--+
 Reporter:  Pitmylove |  Owner:  isis
 Type:  defect| Status:  closed
 Priority:  High  |  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal| Resolution:  worksforme
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by isis):

 * status:  needs_information => closed
 * resolution:   => worksforme
 * severity:   => Normal


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18949 [Obfuscation/BridgeDB]: Update BridgeDB's CI to run tests with next version of Twisted

[Tor Bug Tracker & Wiki]

#18949: Update BridgeDB's CI to run tests with next version of Twisted
---+
 Reporter:  isis   |  Owner:  isis
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Obfuscation/BridgeDB   |Version:
 Severity:  Minor  | Resolution:  fixed
 Keywords:  isis201605 bridgedb-0.3.6  |  Actual Points:
Parent ID: | Points:  small
 Reviewer: |Sponsor:
---+
Changes (by isis):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 Patches in my fix/18949 branch, merged for 0.3.6.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18237 [Obfuscation/BridgeDB]: BridgeDB should clean up unparseable descriptor files at some regular interval

[Tor Bug Tracker & Wiki]

#18237: BridgeDB should clean up unparseable descriptor files at some regular
interval
---+
 Reporter:  isis   |  Owner:  isis
 Type:  enhancement| Status:  closed
 Priority:  High   |  Milestone:
Component:  Obfuscation/BridgeDB   |Version:
 Severity:  Minor  | Resolution:  fixed
 Keywords:  isis201605 bridgedb-0.3.6  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by isis):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Merged for 0.3.6

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19203 [Core Tor/Tor]: node_get_by_nickname() fails to give warning on unique-but-unnamed node.

[Tor Bug Tracker & Wiki]

#19203: node_get_by_nickname() fails to give warning on unique-but-unnamed node.
---+---
 Reporter:  nickm  |  Owner:  nickm
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:  Tor:
Component:  Core Tor/Tor   |  0.2.9.x-final
 Severity:  Normal |Version:
 Keywords:  028-backport 027-backport  | Resolution:
Parent ID:  #19180 |  Actual Points:
 Reviewer: | Points:
   |Sponsor:
---+---
Changes (by nickm):

 * keywords:  028-backport => 028-backport 027-backport
 * status:  new => needs_review


Comment:

 There is also a reversed check inside that body.  I've written a fix in my
 branch `bug19203_027`, which we should consider for backport.  I'm also
 rolling it up inside my #19180 work, as necessary for the new warning to
 to pass.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18967 [Metrics/Onionoo]: Add UUID to families in Onionoo

[Tor Bug Tracker & Wiki]

#18967: Add UUID to families in Onionoo
-+-
 Reporter:  seansaito|  Owner:
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  persistence, |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by seansaito):

 Hi Karsten,

 I'm wondering whether it's possible to create a Family Document scheme for
 Onionoo. This Document will aggregate every relay within an extended
 family, including stats such as bandwidth, consensus weight, country, etc.
 It will also be able to fetch Family Documents from the past (where the
 largest / oldest fingerprint becomes the identifier). This way we don't
 need family IDs at all, though we still need to decide how to deal with
 the issues you mentioned above.

 A sample implementation of aggregating relays can be found here (it's a
 script I use for Roster):
 https://github.com/seansaito/Roster/blob/master/app/models/family_aggregator.py

 Basically each family will be stored in a JSON dictionary, where the key
 is the oldest/largest fingerprint.

 If a creation of a Family Document seems too time/effort consuming, I can
 first implement a similar scheme specifically for Roster and see how it
 goes. What do you think?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #19203 [Core Tor/Tor]: node_get_by_nickname() fails to give warning on unique-but-unnamed node.

[Tor Bug Tracker & Wiki]

#19203: node_get_by_nickname() fails to give warning on unique-but-unnamed node.
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  028-backport
Actual Points:|  Parent ID:  #19180
   Points:|   Reviewer:
  Sponsor:|
--+
 There are two checks in node_get_by_nickname for listing an unnamed router
 by name.  One checks for `(smartlist_len(matches)>1 && warn_if_unnamed)`,
 whereas the other one also checks for `(smartlist_len(matches)>1 &&
 warn_if_unnamed)`.  Whoops.

 The impact is that if there is one match, no warning will be produced,
 even though it arguably should (now that Naming is no longer a thing).

 Found by GCC6 with -Wduplicated-cond as part of #19180.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19202 [Applications/Tor Browser]: Use cdn-fastly.tpo in mar files URLs

[Tor Bug Tracker & Wiki]

#19202: Use cdn-fastly.tpo in mar files URLs
--+--
 Reporter:  boklm |  Owner:  boklm
 Type:  task  | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201605R |  Actual Points:
Parent ID:  #19137| Points:
 Reviewer:|Sponsor:
--+--
Changes (by boklm):

 * status:  new => needs_review
 * keywords:   => TorBrowserTeam201605R


Comment:

 The branch `bug_19202` in my repo has a patch for this:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 bundle.git/commit/?h=bug_19202=44cbae95385c66203cfd761998c3b25007ed3c5b

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #19202 [Applications/Tor Browser]: Use cdn-fastly.tpo in mar files URLs

[Tor Bug Tracker & Wiki]

#19202: Use cdn-fastly.tpo in mar files URLs
--+
 Reporter:  boklm |  Owner:  boklm
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:  #19137
   Points:|   Reviewer:
  Sponsor:|
--+
 We should update tools/update-responses/config.yml to use cdn-fastly.tpo
 for the mar files URLs.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19012 [Core Tor/Tor]: Refactor code that looks at voted-on parameters during voting

[Tor Bug Tracker & Wiki]

#19012: Refactor code that looks at voted-on parameters during voting
+
 Reporter:  nickm   |  Owner:  nickm
 Type:  defect  | Status:  merge_ready
 Priority:  Medium  |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  029-nickm-says-yes  |  Actual Points:  0
Parent ID:  #16943  | Points:  0.1
 Reviewer:  asn |Sponsor:
+
Changes (by asn):

 * status:  needs_review => merge_ready


Comment:

 Nice readable code with tests included. Looks good to me.

 I think we can consider this ready to merge as part of the prop250 branch?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15842 [Applications/Tor Browser]: Refactor and upstream patch for #10280 (was: Refactor #10280 patch for ESR-38)

[Tor Bug Tracker & Wiki]

#15842: Refactor and upstream patch for #10280
--+--
 Reporter:  cypherpunks   |  Owner:  gk
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201605  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * cc: arthuredelstein (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15842 [Applications/Tor Browser]: Refactor #10280 patch for ESR-38

[Tor Bug Tracker & Wiki]

#15842: Refactor #10280 patch for ESR-38
--+--
 Reporter:  cypherpunks   |  Owner:  gk
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201605  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:  ff45-esr, GeorgKoppen201506, TorBrowserTeam201605 =>
 TorBrowserTeam201605
 * severity:   => Normal


Comment:

 No specific esr45 item (anymore).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19021 [Metrics/CollecTor]: improve configuration process

[Tor Bug Tracker & Wiki]

#19021: improve configuration process
---+--
 Reporter:  iwakeh |  Owner:  iwakeh
 Type:  enhancement| Status:  needs_review
 Priority:  High   |  Milestone:
Component:  Metrics/CollecTor  |Version:
 Severity:  Normal | Resolution:
 Keywords:  ctip operation |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by iwakeh):

 * status:  needs_revision => needs_review


Comment:

 Please review the corrected
 [https://gitweb.torproject.org/user/iwakeh/collector.git/commit/?h=task-19021
 -improve-conf-process=8767c73d0826dfa9aa21e70a2d857c8a2d77e524 new
 branch].

 I had this running for quite a few hours on the mirror; it produces the
 same directories as master.

 Once it is reviewed, I'd suggest waiting for the merge to master and merge
 it together with the (still open) scheduler implementation.

 Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15910 [Applications/Tor Browser]: Figure out what to do with OpenH264 (downloads) in Tor Browser

[Tor Bug Tracker & Wiki]

#15910: Figure out what to do with OpenH264 (downloads) in Tor Browser
+--
 Reporter:  gk  |  Owner:  gk
 Type:  task| Status:  reopened
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ff52-esr, TorBrowserTeam201605  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by gk):

 * keywords:  ff45-esr, TorBrowserTeam201605 => ff52-esr,
   TorBrowserTeam201605


Comment:

 This is still WebRTC only (see
 https://bugzilla.mozilla.org/show_bug.cgi?id=1057646). Moving this to
 ff52-esr to keep an eye on it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19201 [Applications/Tor Browser]: Update Tor Browser release procedure: upload mar files to cdn.tpo

[Tor Bug Tracker & Wiki]

#19201: Update Tor Browser release procedure: upload mar files to cdn.tpo
--+--
 Reporter:  boklm |  Owner:  boklm
 Type:  task  | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201605R |  Actual Points:
Parent ID:  #19137| Points:
 Reviewer:|Sponsor:
--+--
Changes (by boklm):

 * keywords:   => TorBrowserTeam201605R
 * cc: gk, tbb-team (added)
 * status:  new => needs_review


Comment:

 I attached a patch to do that.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #19201 [Applications/Tor Browser]: Update Tor Browser release procedure: upload mar files to cdn.tpo

[Tor Bug Tracker & Wiki]

#19201: Update Tor Browser release procedure: upload mar files to cdn.tpo
--+
 Reporter:  boklm |  Owner:  boklm
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:  #19137
   Points:|   Reviewer:
  Sponsor:|
--+
 We need to update the release procedure to add the upload of mar files to
 cdn.tpo.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17650 [Applications/Tor Browser]: Cannot login to Youtube

[Tor Bug Tracker & Wiki]

#17650: Cannot login to Youtube
--+---
 Reporter:  mansdt|  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-usability-website |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by privadvo):

 Same error for me, no difference at all.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19164 [Applications/Tor Browser]: Backport - Remove support for SHA-1 HPKP pins

[Tor Bug Tracker & Wiki]

#19164: Backport - Remove support for SHA-1 HPKP pins
+--
 Reporter:  bugzilla|  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-security, TorBrowserTeam201605  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by gk):

 * keywords:  tbb-security => tbb-security, TorBrowserTeam201605


Comment:

 Might be a thing for the alphas to test.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18946 [Applications/Tor Browser]: Investigate fingerprinting potential of enabling H.264 on Linux

[Tor Bug Tracker & Wiki]

#18946: Investigate fingerprinting potential of enabling H.264 on Linux
-+-
 Reporter:  gk   |  Owner:  tbb-
 Type:  defect   |  team
 Priority:  Medium   | Status:  new
Component:  Applications/Tor Browser |  Milestone:
 Severity:  Normal   |Version:
 Keywords:  tbb-fingerprinting,  | Resolution:
  TorBrowserTeam201605   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  ff45-esr, tbb-fingerprinting, TorBrowserTeam201605 => tbb-
 fingerprinting, TorBrowserTeam201605


Comment:

 No particular ESR45 item (anymore).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16443 [Applications/Tor Browser]: Audit tiles targeting (was: Audit tiles targeting in FF45esr)

[Tor Bug Tracker & Wiki]

#16443: Audit tiles targeting
--+--
 Reporter:  mikeperry |  Owner:  tbb-team
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:  ff45-esr =>


Old description:

> in #16316, we disabled tiles in FF38esr to avoid confusion about the
> feature, even though the tiles weren't targeted yet. However, in FF45-esr
> we should audit this feature and make an official statement about its
> behavior.

New description:

 in #16316, we disabled tiles in FF38esr to avoid confusion about the
 feature, even though the tiles weren't targeted yet. However, we should
 audit this feature and make an official statement about its behavior.

--

Comment:

 Removing from the specific ESR45 radar.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16221 [Applications/Tor Browser]: Investiate WebRTC with TCP-ICE and hidden services

[Tor Bug Tracker & Wiki]

#16221: Investiate WebRTC with TCP-ICE and hidden services
--+--
 Reporter:  mikeperry |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:  ff45-esr =>
 * severity:   => Normal


Comment:

 While this is worthwhile this is not related to ESR45 in particular.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18860 [Applications/Tor Browser]: Text on reply button in Trac is not visible on Linux (was: Text on reply button in Trac is not visible)

[Tor Bug Tracker & Wiki]

#18860: Text on reply button in Trac is not visible on Linux
-+-
 Reporter:  gk   |  Owner:  tbb-
 Type:  defect   |  team
 Priority:  Medium   | Status:
Component:  Applications/Tor Browser |  reopened
 Severity:  Normal   |  Milestone:
 Keywords:  ff45-esr, tbb-usability, |Version:
  TorBrowserTeam201605 tbb-fingerprinting-   | Resolution:
  fonts, tbb-regression  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * cc: arthuredelstein (added)
 * keywords:  ff45-esr, tbb-usability, TorBrowserTeam201605 =>
 ff45-esr, tbb-usability, TorBrowserTeam201605 tbb-fingerprinting-
 fonts, tbb-regression


Comment:

 This is related to our font fingerprinting defense. Commenting out
 {{{
 export FONTCONFIG_PATH="${HOME}/TorBrowser/Data/fontconfig"
 }}}
 solves the problem for me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19200 [Applications/Tor Browser]: HTML5 video not blocked with placeholder, plays automatically

[Tor Bug Tracker & Wiki]

#19200: HTML5 video not blocked with placeholder, plays automatically
--+--
 Reporter:  potato|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-security-slider   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:  6.0a5, video, media, mse, mediasource, noscript, placeholder
 => tbb-security-slider
 * priority:  Very High => High


Comment:

 Well, the slider got implemented based on a study concerning past
 vulnerabilities. And MSE haven't been a thing back then. Thus, it is not
 surprising that they are not accounted for in the settings. We plan to
 look again at past vulnerabilities in Firefox code in the coming weeks and
 adjust the slider accordingly. This might be a good ticket to consider
 then.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17650 [Applications/Tor Browser]: Cannot login to Youtube

[Tor Bug Tracker & Wiki]

#17650: Cannot login to Youtube
--+---
 Reporter:  mansdt|  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-usability-website |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * status:  new => needs_information


Comment:

 Does Tor Browser 6.0 solve this (see:
 https://people.torproject.org/~gk/builds/6.0 if the bundles are not out
 yet)?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19199 [Applications/Tor Browser]: Completely disable canvas content and related warning popup based on Security Slider setting

[Tor Bug Tracker & Wiki]

#19199: Completely disable canvas content and related warning popup based on
Security Slider setting
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  closed
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:  wontfix
 Keywords:  privacy, anonymity, fingerprinting  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by gk):

 * status:  new => closed
 * resolution:   => wontfix
 * parent:  #18027 =>


Comment:

 It's a security slider and no privacy slider. And that is on purpose.
 Mixing both things is not a good idea as this makes communicating the goal
 of the slider harder and analysis of its effect as well.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19186 [Applications/Tor Browser]: KeyboardEvents are only rounding to 100ms

[Tor Bug Tracker & Wiki]

#19186: KeyboardEvents are only rounding to 100ms
-+-
 Reporter:  arthuredelstein  |  Owner:
 Type:  defect   |  arthuredelstein
 Priority:  Medium   | Status:
Component:  Applications/Tor Browser |  needs_review
 Severity:  Normal   |  Milestone:
 Keywords:  tbb-fingerprinting,  |Version:
  TorBrowserTeam201605R  | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-

Comment (by gk):

 Is that a regression due to changes in ESR 45 or did we already have this
 problem with ESR38-bases Tor Browsers?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13017 [Applications/Tor Browser]: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector

[Tor Bug Tracker & Wiki]

#13017: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting 
vector
-+-
 Reporter:  mikeperry|  Owner:
 Type:  task |  arthuredelstein
 Priority:  Very High| Status:
Component:  Applications/Tor Browser |  assigned
 Severity:  Critical |  Milestone:
 Keywords:  tbb-fingerprinting-os, tbb-easy, |Version:
  TorBrowserTeam201605   | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-

Comment (by cypherpunks):

 Replying to [comment:25 arthuredelstein]:
 > The Web Audio API looks to me like something that would only have
 occasional legitimate uses. Most sites using audio do not need to do any
 sound processing on the fly. Many games need only to play sound samples,
 which can be done with  elements and don't require Web Audio. Uses
 for Web Audio I can think of include 3D games or other immersive content,
 music sequencers or audio/video editing apps. So, because these are fairly
 unusual, I think one efficient defense would be to prompt the user before
 allowing content to instantiate an AudioContext object, very similar to
 how we prompt before HTML5 Canvas image extraction (#6253).

 I think the prompt is a good solution if indeed the Web Audio API reveals
 more about a browser/machine/OS than the JS Math interface. If not, fixing
 the JS Math interface should fix this problem? Not sure...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13017 [Applications/Tor Browser]: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector

[Tor Bug Tracker & Wiki]

#13017: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting 
vector
-+-
 Reporter:  mikeperry|  Owner:
 Type:  task |  arthuredelstein
 Priority:  Very High| Status:
Component:  Applications/Tor Browser |  assigned
 Severity:  Critical |  Milestone:
 Keywords:  tbb-fingerprinting-os, tbb-easy, |Version:
  TorBrowserTeam201605   | Resolution:
Parent ID:   |  Actual Points:
 Reviewer:   | Points:
 |Sponsor:
-+-

Comment (by arthuredelstein):

 I've done some investigation of the fingerprinting via the Web Audio API.
 As far as I can tell, the source code for the Web Audio audio processing
 alogrithms, in mozilla-central's dom/media/webaudio/ directory, is doing
 computations that run on the cpu/fpu only. That is, I don't see any
 evidence for acceleration of these algorithms on audio hardware, gpus, or
 other special platform-specific tricks.

 I also specifically examined the API calls used for fingerprinting in
 view-source:https://audiofingerprint.openwpm.com/, and tracked down their
 C/C++ implementations and the helper libraries they depend on (primarily
 Kiss FFT and libav/FFT) in the Firefox codebase . There's nothing I found
 that indicates OS- or hardware-specific algorithms.

 So that suggests to me that we shouldn't expect radically more
 fingerprinting than is already observed via the JS Math API (as we discuss
 in #13018). And, if we are able to find partial defenses for Math-based
 fingerprinting, such as bundling our own math libraries or setting certain
 compiler flags, then I would expect these would help to defend against Web
 Audio fingerprinting attacks as well.

 It is possible, however, that the Web Audio API provides an efficient way
 to sample the space of floating point arithmetic operations to find
 differences between platforms that would be difficult to find manually.
 It's also possible that extensive use of somewhat complex numerical
 algorithms in the Web Audio source code and helper libraries provide more
 possibilities for floating point discrepancies than can be observed in the
 relatively simple JS Math interface. So in that sense this API might be a
 little extra dangerous.

 The Web Audio API looks to me like something that would only have
 occasional legitimate uses. Most sites using audio do not need to do any
 sound processing on the fly. Many games need only to play sound samples,
 which can be done with  elements and don't require Web Audio. Uses
 for Web Audio I can think of include 3D games or other immersive content,
 music sequencers or audio/video editing apps. So, because these are fairly
 unusual, I think one efficient defense would be to prompt the user before
 allowing content to instantiate an AudioContext object, very similar to
 how we prompt before HTML5 Canvas image extraction (#6253).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs