Re: [tor-bugs] #21272 [Metrics]: Onionperf deployment

[Tor Bug Tracker & Wiki]

#21272: Onionperf deployment
-+--
 Reporter:  hiro |  Owner:  metrics-team
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Metrics  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by robgjansen):

 Replying to [comment:56 karsten]:
 > Regarding ports, are you certain that the `--tgen-connect-port` will be
 included and not the `--tgen-listen-port`?  I believe hiro changed all
 op-* instances to download from port 80, but where would I find that port
 80 in the [https://collector.torproject.org/recent/torperf/ .tpf files]?

 It looks like your recent torperf files are not including all of the keys
 that OnionPerf produces. Here is an example of the output produced by my
 node:
 http://phantomtrain.robgjansen.com:8081/phantomtrain-5242880-2017-03-19.tpf

 I think either your data is coming from a Torperf instance, or the output
 of OnionPerf is being filtered to remove some of the key=value entries.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

[Tor Bug Tracker & Wiki]

#7501: Audit PDF.js
-+-
 Reporter:  mikeperry|  Owner:  gk
 Type:  task | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-linkability,  |  Actual Points:
  ff52-esr   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by cypherpunks):

 * keywords:  tbb-usability, ff31-esr => tbb-usability, tbb-linkability,
 ff52-esr


Comment:

 Review with every ESR.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #9570 [Applications/Tor Browser]: Many changes to private browsing code of Firefox happened since 17esr out

[Tor Bug Tracker & Wiki]

#9570: Many changes to private browsing code of Firefox happened since 17esr out
+
 Reporter:  cypherpunks |  Owner:  mikeperry
 Type:  defect  | Status:  needs_revision
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ff52-esr, MikePerry201312R  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+
Changes (by cypherpunks):

 * keywords:  ff24-esr, MikePerry201312R => ff52-esr, MikePerry201312R
 * component:  TorBrowserButton => Applications/Tor Browser
 * severity:   => Normal


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13575 [Applications/Tor Browser]: Disable randomised Firefox HTTP cache decay user test groups

[Tor Bug Tracker & Wiki]

#13575: Disable randomised Firefox HTTP cache decay user test groups
-+-
 Reporter:  isis |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-pref, tbb-fingerprinting,|  Actual Points:
  ff52-esr   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by cypherpunks):

 * keywords:  tbb-pref, tbb-fingerprinting => tbb-pref, tbb-fingerprinting,
 ff52-esr


Comment:

 We don't need any experiments active in Tor Browser.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21797 [Applications/Tor Browser]: Disable Firefox Telemetry experiments in Tor Browser

[Tor Bug Tracker & Wiki]

#21797: Disable Firefox Telemetry experiments in Tor Browser
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  ff52-esr
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:  Sponsor4  |
--+--
 We don't need any Telemetry experiments active in Tor Browser. Flipping
 the extperiments.* prefs should be enough for this.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21795 [Applications/Tor Browser]: Tor Browser is crashing on github.com on Windows

[Tor Bug Tracker & Wiki]

#21795: Tor Browser is crashing on github.com on Windows
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Critical  | Resolution:
 Keywords:  TorBrowserTeam201703  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 https://help.github.com/assets/javascripts/application.js
 Tor Browser with High Security is not affected, Win XP is not affected.
 Is this the SSP in action?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21736 [Applications/Tor Messenger]: Do not keep account/timestamp when copy-pasting message containing an URL

[Tor Bug Tracker & Wiki]

#21736: Do not keep account/timestamp when copy-pasting message containing an 
URL
+-
 Reporter:  dgoulet |  Owner:
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Messenger  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-

Comment (by arlolra):

 Are you highlighting the account and timestamp though?  From my
 experience, it only copies what you highlight.

 Can you re-check that and confirm?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21272 [Metrics]: Onionperf deployment

[Tor Bug Tracker & Wiki]

#21272: Onionperf deployment
-+--
 Reporter:  hiro |  Owner:  metrics-team
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Metrics  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by karsten):

 hiro, I just made op-hk measurements available on CollecTor and Tor
 Metrics.  Thanks!

 robgjansen, thanks for making your data available under the new URL.  I
 can download the files just fine, but I ran into problems with some files
 containing measurements from other dates than what the file name
 indicates.  I sent you details via email.

 Regarding the local IP address I see how this might be problematic.  We
 should figure out something there though, because measurement results
 highly depend on the location, and we need to include that somehow.

 Regarding ports, are you certain that the `--tgen-connect-port` will be
 included and not the `--tgen-listen-port`?  I believe hiro changed all
 op-* instances to download from port 80, but where would I find that port
 80 in the [https://collector.torproject.org/recent/torperf/ .tpf files]?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10281 [Applications/Tor Browser]: Investigate usage of alternate memory allocators and memory hardening options

[Tor Bug Tracker & Wiki]

#10281: Investigate usage of alternate memory allocators and memory hardening
options
-+-
 Reporter:  mikeperry|  Owner:
 |  arthuredelstein
 Type:  enhancement  | Status:
 |  reopened
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-security, tbb-hardened,  |  Actual Points:
  TorBrowserTeam201612R  |
Parent ID:  #20955   | Points:
 Reviewer:   |Sponsor:
 |  SponsorU
-+-
Changes (by adrelanos):

 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 Since Tor Browser {{{7.0a2}}} it does no longer start. (Qubes-Whonix)

 {{{
 user@host:~/.tb/tor-browser$ ./start-tor-browser.desktop --debug
 Launching './Browser/start-tor-browser --detach --debug'...
 Using system Tor process.
 : Corrupt redzone 0 bytes after 0x7f0503ede9d0 (size 80),
 byte=0x0
 : Corrupt redzone 1 byte after 0x7f0503ede9d0 (size 80),
 byte=0x0
 : Corrupt redzone 2 bytes after 0x7f0503ede9d0 (size 80),
 byte=0x0
 : Corrupt redzone 3 bytes after 0x7f0503ede9d0 (size 80),
 byte=0x0
 : Corrupt redzone 4 bytes after 0x7f0503ede9d0 (size 80),
 byte=0x0
 : Corrupt redzone 5 bytes after 0x7f0503ede9d0 (size 80),
 byte=0x0
 : Corrupt redzone 6 bytes after 0x7f0503ede9d0 (size 80),
 byte=0x0
 : Corrupt redzone 7 bytes after 0x7f0503ede9d0 (size 80),
 byte=0x0
 ./Browser/start-tor-browser: line 368:  2593 Segmentation fault
 TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser"
 -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
 user@host:~/.tb/tor-browser$ echo $?
 139
 }}}

 Something in the system config or environment seems to trigger this. Any
 idea?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21795 [Applications/Tor Browser]: Tor Browser is crashing on github.com on Windows

[Tor Bug Tracker & Wiki]

#21795: Tor Browser is crashing on github.com on Windows
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Critical  | Resolution:
 Keywords:  TorBrowserTeam201703  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arthuredelstein):

 * cc: arthuredelstein@… (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19048 [Applications/Tor Browser]: Review Firefox Developer Docs and Undocumented bugs since FF45esr

[Tor Bug Tracker & Wiki]

#19048: Review Firefox Developer Docs and Undocumented bugs since FF45esr
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201703, GeorgKoppen201703|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by mcs):

 Replying to [comment:28 gk]:
 > > b) We should verify that the new `` types do not leak locale
 information, e.g., ``, `type="date"`, `type="week"`,
 etc.
 > >  https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input
 >
 > Hm. The docs say these are not implemented yet and the linked bug
 (https://bugzilla.mozilla.org/show_bug.cgi?id=888320) seems to second
 that. What made you believe they are wrong?

 I don't remember what we saw, but you are correct: the implementation
 seems to be a work in progress and the new input types are disabled via a
 `dom.forms.datetime` pref.

 > > d) HTTP Opportunistic Security may add some linkability risks,
 although it seems okay at a glance.
 > >  http://httpwg.org/http-extensions/opsec.html
 > >  https://bugzilla.mozilla.org/show_bug.cgi?id=1301117
 >
 > It seems that needs HTTP2/Alternative Services being enabled which is
 both not the case for us?

 Yes, I think #16673 took care of disabling it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21796 [Core Tor/Tor]: missing evutil_secure_rng_add_bytes()

[Tor Bug Tracker & Wiki]

#21796: missing evutil_secure_rng_add_bytes()
--+-
 Reporter:  cypherpunks   |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 CC   src/common/compat_libevent.o
 src/common/compat_libevent.c:234:3: error: implicit declaration of
 function
   'evutil_secure_rng_add_bytes' is invalid in C99
   [-Werror,-Wimplicit-function-declaration]
   evutil_secure_rng_add_bytes(buf, 32);
   ^
 src/common/compat_libevent.c:234:3: note: did you mean
   'evutil_secure_rng_get_bytes'?
 /tmp/include/event2/util.h:808:6: note: 'evutil_secure_rng_get_bytes'
 declared
   here
 void evutil_secure_rng_get_bytes(void *buf, size_t n);
  ^
 src/common/compat_libevent.c:234:3: error: this function declaration is
 not a
   prototype [-Werror,-Wstrict-prototypes]
   evutil_secure_rng_add_bytes(buf, 32);
   ^
 2 errors generated.
 Makefile:4834: recipe for target 'src/common/compat_libevent.o' failed

 as of libevent git commit 6541168d7037457b8e5c51cc354f11bd94e618b6, the
 function evutil_secure_rng_add_bytes() is only exposed for platforms with
 arc4random_addrandom().

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21328 [Applications/Tor Browser]: Move to clang 3.8.0 for Tor Browser's clang-based macOS toolchain

[Tor Bug Tracker & Wiki]

#21328: Move to clang 3.8.0 for Tor Browser's clang-based macOS toolchain
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-gitian, ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201703, GeorgKoppen201703|
Parent ID:  #21147   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by cypherpunks):

 #16472?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21795 [Applications/Tor Browser]: Tor Browser is crashing on github.com on Windows

[Tor Bug Tracker & Wiki]

#21795: Tor Browser is crashing on github.com on Windows
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Critical  | Resolution:
 Keywords:  TorBrowserTeam201703  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 kidding?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21747 [Applications/Tor Browser]: Requesting a new circuit for a site is not working in ESR 52 based Tor Browser

[Tor Bug Tracker & Wiki]

#21747: Requesting a new circuit for a site is not working in ESR 52 based Tor
Browser
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, ff52-esr, |  Actual Points:
  tbb-7.0-must, TorBrowserTeam201703R|
Parent ID:  #21201   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by arthuredelstein):

 Here's a new version on top of the updated 21745 patch.
 https://github.com/arthuredelstein/torbutton/commit/21747+1

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21328 [Applications/Tor Browser]: Move to clang 3.8.0 for Tor Browser's clang-based macOS toolchain

[Tor Bug Tracker & Wiki]

#21328: Move to clang 3.8.0 for Tor Browser's clang-based macOS toolchain
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-gitian, ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201703, GeorgKoppen201703|
Parent ID:  #21147   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by gk):

 It seems moving to the new toolchain has reproducibility problems as a
 result. :( I just bumped the Debian distro to Jessie and put clang
 together according to https://bugzilla.mozilla.org/show_bug.cgi?id=1273981
 and the resulting dmgs don't match anymore. Using the old clang compiler
 does not have the same problems.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21745 [Applications/Tor Browser]: Catch-all circuits are not working properly in ESR 52 based Tor Browser

[Tor Bug Tracker & Wiki]

#21745: Catch-all circuits are not working properly in ESR 52 based Tor Browser
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, tbb-7.0-must, |  Actual Points:
  ff52-esr, TorBrowserTeam201703R|
Parent ID:  #21201   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by arthuredelstein):

 * status:  needs_revision => needs_review
 * keywords:  tbb-torbutton, tbb-7.0-must, ff52-esr, TorBrowserTeam201703 =>
 tbb-torbutton, tbb-7.0-must, ff52-esr, TorBrowserTeam201703R


Comment:

 Replying to [comment:6 gk]:
 > Replying to [comment:5 arthuredelstein]:
 > > Here's a patch for review:
 > > https://github.com/arthuredelstein/torbutton/commit/21745+1
 >
 > That breaks the circuit display for me. After applying the patch on top
 of the other ones in `21201+3` no circuits are shown in the display
 anymore.

 Phooey. Thanks for catching this mistake. Here's a new version that
 doesn't break the circuit display.
 https://github.com/arthuredelstein/torbutton/commit/21745+2

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21795 [Applications/Tor Browser]: Tor Browser is crashing on github.com on Windows

[Tor Bug Tracker & Wiki]

#21795: Tor Browser is crashing on github.com on Windows
--+
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Critical  |   Keywords:
  |  TorBrowserTeam201703
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 A user reported that Tor Browser on Windows is crashing reliably when
 going to https://help.github.com/categories/writing-on-github/. This
 happens with Tor Browser 6.5.1.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19048 [Applications/Tor Browser]: Review Firefox Developer Docs and Undocumented bugs since FF45esr

[Tor Bug Tracker & Wiki]

#19048: Review Firefox Developer Docs and Undocumented bugs since FF45esr
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201703, GeorgKoppen201703|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by gk):

 Replying to [comment:26 mcs]:
 > Here are the items that Kathy and I found for Firefox 52:
 >
 > a) As I mentioned in comment:4, captive portal detection is enabled in
 FF52. It won't be useful over Tor, so we should disable it via `network
 .captive-portal-service.enabled = false`. I thought we already had a
 ticket for this, but I cannot find it.
 >  https://bugzilla.mozilla.org/show_bug.cgi?id=1313706

 #21790.

 > b) MediaError has gained a message property that may include system
 diagnostic
 > information. We should make sure it does not provide fingerprintable
 information
 > about the user's computer.
 >  https://developer.mozilla.org/en-US/docs/Web/API/MediaError
 >  https://bugzilla.mozilla.org/show_bug.cgi?id=1322606

 This is #21792.

 > c) Kathy and I don't fully understand what was done in the following bug
 and
 > how it affects our use of the --disable-eme configure flag:
 >   https://bugzilla.mozilla.org/show_bug.cgi?id=1300654
 > Maybe the difference is that now the framework that supports EME is
 always
 > built and --disable-eme only skips building the bundled providers?

 Yeah, I had a similar impression. I'll make a note in #16285.

 > d) The CustomElementRegistry.get() method of the Web Components API has
 been implemented. It looks like all of the custom element features are
 disabled via `dom.webcomponents.customelements.enabled = false`, but
 eventually we should make sure that these APIs do not introduce any
 linkability problems
 >  https://bugzilla.mozilla.org/show_bug.cgi?id=1275838

 I opened #21793.

 > e) A note related to e10s: use of accessibility tools is no longer a
 reason to disable e10s (it was for Firefox 48-51, as I noted in
 comment:11):
 >  https://bugzilla.mozilla.org/show_bug.cgi?id=1312100
 >  https://bugzilla.mozilla.org/show_bug.cgi?id=1310788
 >  https://bugzilla.mozilla.org/show_bug.cgi?id=1322606

 The last link is probably a copy-and-paste error? In any case, it seems
 the a11y+e10s support got at least backed out for Windows again:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1325690

 Additionally, I have

 f) We want to clear preloaded state (dynamic pins) in SiteSecurityService
 as well on `New Identity`
 (https://bugzilla.mozilla.org/show_bug.cgi?id=1306471) which is #21794.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21794 [Applications/Tor Browser]: Clear dynamic pin preloads as well on New Identity

[Tor Bug Tracker & Wiki]

#21794: Clear dynamic pin preloads as well on New Identity
-+-
 Reporter:  gk   |  Owner:  tbb-team
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  ff52-esr, tbb-
 Severity:  Normal   |  torbutton, tbb-newnym
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:  Sponsor4 |
-+-
 Not everything is cleared anymore by calling `clearAll()` despite its
 name, we need to clear preloaded security state as well with
 `clearPreloads()`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21793 [Applications/Tor Browser]: Keep an eye on the CustomElementRegistry API

[Tor Bug Tracker & Wiki]

#21793: Keep an eye on the CustomElementRegistry API
-+-
 Reporter:  gk   |  Owner:  tbb-team
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  ff52-esr, tbb-
 Severity:  Normal   |  linkability
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Custom Elements (https://developer.mozilla.org/en-
 US/docs/Web/Web_Components/Custom_Elements) can get registered,
 manipulated and queried by web content. We should make sure there are no
 linkability risks are associated with that.

 For ESR 52 this seems to be still disabled by
 `dom.webcomponents.customelements.enabled = false`. We should check that,
 though.

 The tracking bug is https://bugzilla.mozilla.org/show_bug.cgi?id=889230.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21792 [Applications/Tor Browser]: Make sure MediaError.message does not aid to fingerprinting

[Tor Bug Tracker & Wiki]

#21792: Make sure MediaError.message does not aid to fingerprinting
-+-
 Reporter:  gk   |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  ff52-esr, tbb-
 Severity:  Normal   |  fingerprinting
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 `MediaError` got a new property `message` that might contain system
 information, see: https://bugzilla.mozilla.org/show_bug.cgi?id=1322606 and
 https://github.com/mdn/dom-examples/blob/master/media/mediaerror/main.js.

 We should find out whether that's the case and if so probably just remove
 that part.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21790 [Applications/Tor Browser]: Disable captive portal detection in Tor Browser based on ESR52

[Tor Bug Tracker & Wiki]

#21790: Disable captive portal detection in Tor Browser based on ESR52
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff52-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 https://bugzilla.mozilla.org/show_bug.cgi?id=1313706 has the preference
 flip making captive portal detection available in non-nightly builds as
 well.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20796 [Metrics/pytorctl]: TorFlow's ScanHandler can divide by zero when there are no unmeasured nodes

[Tor Bug Tracker & Wiki]

#20796: TorFlow's ScanHandler can divide by zero when there are no unmeasured 
nodes
--+-
 Reporter:  teor  |  Owner:  aagbsn
 Type:  defect| Status:  merge_ready
 Priority:  Medium|  Milestone:
Component:  Metrics/pytorctl  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by teor):

 * status:  needs_review => merge_ready


Comment:

 Replying to [comment:3 tom]:
 > I'm ready to accept this patch but I don't have the ability to commit to
 pytorctl.

 I opened #21791 for this.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21791 [Internal Services/Service - git]: Give tjr permission to commit to pytorctl

[Tor Bug Tracker & Wiki]

#21791: Give tjr permission to commit to pytorctl
-+
 Reporter:  teor |  Owner:  tor-gitadm
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - git  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+
 mikeperry: do you have permission to commit to TorFlow?
 Like in #21616, tjr needs it to commit my patch in #20796.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21790 [Applications/Tor Browser]: Disable captive portal detection in Tor Browser based on ESR52

[Tor Bug Tracker & Wiki]

#21790: Disable captive portal detection in Tor Browser based on ESR52
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  ff52-esr
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Firefox ships now with a captive portal detection feature. That's a thing
 we don't need and that phones home to Mozilla unnecessarily requesting
 http://detectportal.firefox.com/success.txt.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20796 [Metrics/pytorctl]: TorFlow's ScanHandler can divide by zero when there are no unmeasured nodes

[Tor Bug Tracker & Wiki]

#20796: TorFlow's ScanHandler can divide by zero when there are no unmeasured 
nodes
--+--
 Reporter:  teor  |  Owner:  aagbsn
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Metrics/pytorctl  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by teor):

 * component:  Metrics/Torflow => Metrics/pytorctl


Comment:

 Replying to [comment:2 tom]:
 > This is in testing. (I'm surprised we don't have a pytorctl component.)

 We do now. (I hope karsten doesn't mind me adding it.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21789 [Core Tor/Tor]: Use cached address values more often

[Tor Bug Tracker & Wiki]

#21789: Use cached address values more often
--+
 Reporter:  teor  |  Owner:
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:  3 |   Reviewer:
  Sponsor:|
--+
 arma said in #20423:

 Once we get this one in, we might in 0.3.0 consider changing many more of
 these calls to cache_only=1. In fact, if we leave
 check_descriptor_ipaddress_changed() calling resolve_my_address() once a
 minute, maybe we're all set and the whole of
 router_pick_published_address() can just look at the cached values? I
 didn't want to make an invasive change like that in 0.2.9 though, since
 there are probably edge cases we care about, e.g. where
 getinfo_helper_misc() calls router_pick_published_address() and we're not
 a relay so we've never called resolve_my_address() before that very
 moment.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20423 [Core Tor/Tor]: Clock jumps on relay due to hostname lookup timeouts

[Tor Bug Tracker & Wiki]

#20423: Clock jumps on relay due to hostname lookup timeouts
--+
 Reporter:  Felixix   |  Owner:
 Type:  defect| Status:  reopened
 Priority:  High  |  Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.2.9.10
 Severity:  Normal| Resolution:
 Keywords:  regression|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by teor):

 * status:  closed => reopened
 * version:  Tor: 0.2.8.9 => Tor: 0.2.9.10
 * resolution:  fixed =>
 * milestone:  Tor: 0.2.9.x-final => Tor: 0.3.0.x-final


Comment:

 A relay operator reports that this is still happening in 0.2.9.10:
 https://lists.torproject.org/pipermail/tor-relays/2017-March/012140.html

 We should probably try and fix it in 0.3.0.

 I also opened #21789 in 0.3.1 for arma's 'once we get this in...'.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21745 [Applications/Tor Browser]: Catch-all circuits are not working properly in ESR 52 based Tor Browser

[Tor Bug Tracker & Wiki]

#21745: Catch-all circuits are not working properly in ESR 52 based Tor Browser
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, tbb-7.0-must, |  Actual Points:
  ff52-esr, TorBrowserTeam201703 |
Parent ID:  #21201   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * keywords:  tbb-torbutton, tbb-7.0-must, ff52-esr, TorBrowserTeam201703R
 => tbb-torbutton, tbb-7.0-must, ff52-esr, TorBrowserTeam201703
 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:5 arthuredelstein]:
 > Here's a patch for review:
 > https://github.com/arthuredelstein/torbutton/commit/21745+1

 That breaks the circuit display for me. After applying the patch on top of
 the other ones in `21201+3` no circuits are shown in the display anymore.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21747 [Applications/Tor Browser]: Requesting a new circuit for a site is not working in ESR 52 based Tor Browser

[Tor Bug Tracker & Wiki]

#21747: Requesting a new circuit for a site is not working in ESR 52 based Tor
Browser
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, ff52-esr, |  Actual Points:
  tbb-7.0-must, TorBrowserTeam201703R|
Parent ID:  #21201   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * keywords:  tbb-torbutton, ff52-esr, tbb-7.0-must, TorBrowserTeam201703 =>
 tbb-torbutton, ff52-esr, tbb-7.0-must, TorBrowserTeam201703R
 * status:  needs_revision => needs_review


Comment:

 Replying to [comment:5 gk]:
 > Replying to [comment:3 arthuredelstein]:
 > > Here's my patch:
 > >
 > > https://github.com/arthuredelstein/torbutton/commit/21747
 >
 > That breaks the circuit display for me. After applying the patch on top
 of the other ones in `21201+3` no circuits are shown in the display
 anymore.

 Err, wrong bug.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21747 [Applications/Tor Browser]: Requesting a new circuit for a site is not working in ESR 52 based Tor Browser

[Tor Bug Tracker & Wiki]

#21747: Requesting a new circuit for a site is not working in ESR 52 based Tor
Browser
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, ff52-esr, |  Actual Points:
  tbb-7.0-must, TorBrowserTeam201703 |
Parent ID:  #21201   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * keywords:  tbb-torbutton, ff52-esr, tbb-7.0-must, TorBrowserTeam201703R
 => tbb-torbutton, ff52-esr, tbb-7.0-must, TorBrowserTeam201703
 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:3 arthuredelstein]:
 > Here's my patch:
 >
 > https://github.com/arthuredelstein/torbutton/commit/21747

 That breaks the circuit display for me. After applying the patch on top of
 the other ones in `21201+3` no circuits are shown in the display anymore.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs