Re: [tor-bugs] #26456 [Applications/Tor Browser]: HTTP .onion sites inherit previous page's certificate information

[Tor Bug Tracker & Wiki]

#26456: HTTP .onion sites inherit previous page's certificate information
-+-
 Reporter:  pospeselr|  Owner:  pospeselr
 Type:  defect   | Status:
 |  needs_review
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808R  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arthuredelstein):

 I am unsure what the comment
 {{{
  // Ignore GetSSLStatus result
 }}}
 means. It seems like you are saving the result of GetSSLStatus, not
 ignoring it.

 This line:
 {{{
 mSSLStatus = nullptr;
 }}}
 could be moved inside the if block above it.

 Otherwise the code looks good to me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24056 [Applications/Tor Browser]: UI locale is detectable by button width

[Tor Bug Tracker & Wiki]

#24056: UI locale is detectable by button width
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  tbb-fingerprinting,  |  Actual Points:
  TorBrowserTeam201808R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * keywords:  tbb-fingerprinting, TorBrowserTeam201808 => tbb-
 fingerprinting, TorBrowserTeam201808R
 * status:  needs_revision => needs_review


Comment:

 Replying to [comment:4 pospeselr]:

 Thanks for the review!

 > Looking at the code, there doesn't *seem* to be any reason why
 gPropertiesFile can't be:
 > {{{
 > static const char* gPropertiesFile[nsContentUtils::PropertiesFile[COUNT]
 > }}}
 >
 > The CreateBundle method each of those strings is passed to expects a
 const char* with no hard-coded expectation of length.  It's static so the
 symbol can't be resolved outside this cpp.

 Good point. Following your suggestion I changed the line to
 {{{
 static const char* gPropertiesFiles[nsContentUtils::PropertiesFile_COUNT]
 = {
 }}}

 > Why is the setting to enable 2 rather than 1?

 From [https://dxr.mozilla.org/mozilla-
 
esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/browser/app/profile/firefox.js#585
 firefox.js]:

 {{{
 // If Accept-Language should be spoofed by en-US
 // 0 - will prompt
 // 1 - don't spoof
 // 2 - spoof
 pref("privacy.spoof_english", 0);
 }}}

 > Apart from that it looks fine to me.

 Here's the revised patch:
 https://github.com/arthuredelstein/tor-browser/commit/24056+1

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #2340 [Applications/Tor Browser]: protect users against freeze, replay and version-rollback attacks (was: GPG signatures do not authenticate filenames)

[Tor Bug Tracker & Wiki]

#2340: protect users against freeze, replay  and version-rollback attacks
--+--
 Reporter:  rransom   |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security  |  Actual Points:
Parent ID:  #3893 | Points:
 Reviewer:|Sponsor:
--+--
Changes (by traumschule):

 * parent:   => #3893


Comment:

 pulling this up again (ranking 2nd among
 
[https://trac.torproject.org/projects/tor/query?status=!closed=Very+High
 Very High] priority, since how long? :)

 want to learn crypto a little later:
 - https://blog.packagecloud.io/eng/2018/02/21/attacks-against-secure-apt-
 repositories/
  - for example replay attack: a malicious actor performing a MitM against
 your machine has saved the metadata with the vulnerable version. The
 malicious actor replays that metadata to your system, preventing your
 system from seeing the newly patched libEXAMPLE. This gives the attacker
 up until the `Valid-Until` date to attempt to launch an attack against
 you.

 What I learned:
 - we know downloading executable files from a website is unsafe unless the
 authenticity is checked (by verifying the issuer of the TLS certificate),
 assuming the used encryption is not vulnerable to a
 [https://www.schneier.com/blog/archives/2015/03/freak_security_.html
 rollback attack] or the server has not been compromised in another way
 - to protect against this, files need to be signed with the release key
 which is kept offline (not anywhere near the production environment),
 trusting the signer's opsec
 - it is better to go "the debian way" (or [https://fedoramagazine.org
 /fedora-secures-package-delivery/ fedora's]
 [https://fedoraproject.org/wiki/Create_release_signing_key#fedora-release
 signing architecture]) by pooling all files in a trusted infrastructure
 (though this is not failprove, see link above)
 - package repositories should provide an sufficiently low expiration time
 (implemented for
 [http://deb.torproject.org/torproject.org/dists/sid/Release sid], good!),
 to protect against distribution of vulnerable older versions (fedora uses
 3 days)
 - signatures should always be created with
 [https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-
 Options.html --default-sig-expire] (esoteric warning!) to set a
 [https://tools.ietf.org/html/rfc4880#section-5.2.3.6 signature expiration
 time] - the date will be shown on verification,
 [http://deb.torproject.org/torproject.org/dists/sid/Release.gpg not
 implemented]:

 {{{
 curl http://deb.torproject.org/torproject.org/dists/sid/Release > Release
 curl http://deb.torproject.org/torproject.org/dists/sid/Release.gpg >
 Release.sig
 $ gpg --verify Release.sig
 gpg: assuming signed data in 'Release'
 gpg: Signature made Fri 10 Aug 2018 01:28:01 PM CEST
 gpg:using RSA key 2265EB4CB2BF88D900AE8D1B74A941BA219EC810
 gpg: Good signature from "deb.torproject.org archive signing key"
 [unknown]
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:  There is no indication that the signature belongs to the
 owner.
 Primary key fingerprint: A3C4 F0F9 79CA A22C DBA8  F512 EE8C BC9E 886D
 DD89
  Subkey fingerprint: 2265 EB4C B2BF 88D9 00AE  8D1B 74A9 41BA 219E
 C810
 $ gpg --list-packets Release.sig # just for reference
 # off=0 ctb=89 tag=2 hlen=3 plen=307
 :signature packet: algo 1, keyid 74A941BA219EC810
 version 4, created 1533900481, md5len 0, sigclass 0x00
 digest algo 8, begin of digest a8 9f
 hashed subpkt 33 len 21 (issuer fpr v4
 2265EB4CB2BF88D900AE8D1B74A941BA219EC810)
 hashed subpkt 2 len 4 (sig created 2018-08-10)
 subpkt 16 len 8 (issuer key ID 74A941BA219EC810)
 data: [2048 bits]
 }}}
 When a signature has an expiration date however it is shown at the end:
 {{{
 gpg: Signature expires Wed 14 Aug 2019 03:37:29 AM CEST
 $ en gpg --list-packets vanguards/TODO.txt.sig
 # off=0 ctb=89 tag=2 hlen=3 plen=441
 :signature packet: algo 1, keyid AA84FDED4E218633
 version 4, created 1534210649, md5len 0, sigclass 0x00
 digest algo 10, begin of digest 54 c3
 hashed subpkt 33 len 21 (issuer fpr v4
 D32C227073F822651EAD8F5DAA84FDED4E218633)
 hashed subpkt 2 len 4 (sig created 2018-08-14)
 critical hashed subpkt 3 len 4 (sig expires after 1y0d0h0m)
 subpkt 16 len 8 (issuer key ID AA84FDED4E218633)
 data: [3070 bits]
 }}}
 Question is what a user is supposed to do, when the signature has been
 expired.

--
Ticket URL: 
Tor Bug Tracker & Wiki 

Re: [tor-bugs] #12095 [Community/Translations]: Remove dead Transifex teams from translation.git branches

[Tor Bug Tracker & Wiki]

#12095: Remove dead Transifex teams from translation.git branches
+--
 Reporter:  phoul   |  Owner:  emmapeel
 Type:  defect  | Status:  assigned
 Priority:  Medium  |  Milestone:
Component:  Community/Translations  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by arthuredelstein):

 It will be good to get rid of bn from translation.git, because a file from
 that locale is overriding the same file in bn-BD and causing the error
 reported in #26498. I will fix the problem in torbutton, but it will be
 safer not to have the bn locale at all.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26824 [Webpages/Website]: Please remove/deactivate Fundraising Director job posting on website

[Tor Bug Tracker & Wiki]

#26824: Please remove/deactivate Fundraising Director job posting on website
--+
 Reporter:  ewyatt|  Owner:  (none)
 Type:  task  | Status:  closed
 Priority:  Very High |  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by traumschule):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 reading logs helps :)
 
https://gitweb.torproject.org/project/web/webwml.git/commit/about/en/jobs.wml?id=769769bdf307374fbf4311b4c6ee635f0ebbd00e

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27132 [Webpages/Website]: find Tor-friendly payment site

[Tor Bug Tracker & Wiki]

#27132: find Tor-friendly payment site
-+-
 Reporter:  traumschule  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
 |  WebsiteV3
Component:  Webpages/Website |Version:
 Severity:  Normal   | Resolution:
 Keywords:  www-team, website, donations |  Actual Points:
  enhancement sebastian-0115-triaged defer-new-  |
  website, ux-team   |
Parent ID:  #11569   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by traumschule):

 For reference: [https://riseup.net/en/donate Riseup promotes] mail and
 different flavors of bitcoin.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27132 [Webpages/Website]: find Tor-friendly payment site

[Tor Bug Tracker & Wiki]

#27132: find Tor-friendly payment site
-+-
 Reporter:   |  Owner:  (none)
  traumschule|
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  WebsiteV3
Component:   |Version:
  Webpages/Website   |   Keywords:  www-team, website, donations
 Severity:  Normal   |  enhancement sebastian-0115-triaged defer-new-
 |  website, ux-team
Actual Points:   |  Parent ID:  #11569
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 From parent #11569
 > it seems the clear next step is to find one not-totally-unusable payment
 site that doesn't hate Tor users, and drive all the traffic there.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27131 [Webpages/Website]: Tor download link links to TBB download page

[Tor Bug Tracker & Wiki]

#27131: Tor download link links to TBB download page
--+-
 Reporter:  traumschule   |  Owner:  traumschule
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal|   Keywords:  tor
Actual Points:|  Parent ID:
   Points:|   Reviewer:  hiro
  Sponsor:|
--+-
 Some pages link to download TBB instead of Tor
 * [https://www.torproject.org/docs/tor-doc-unix.html.en tor-doc-unix] >
 https://www.torproject.org/download/download.html.en
 * [https://www.torproject.org/index.html.en torproject.org] >
 https://www.torproject.org/download/download-easy.html.en
 * maybe others

 Instead they should link to https://www.torproject.org/download/download-
 unix.html.en

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27045 [Applications/Tor Browser]: Add option for firefox incremental builds

[Tor Bug Tracker & Wiki]

#27045: Add option for firefox incremental builds
+--
 Reporter:  boklm   |  Owner:  tbb-team
 Type:  task| Status:  needs_review
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-rbm, TorBrowserTeam201808R  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by pospeselr):

 This looks awesome, particularly being able to point the firefox build to
 your own tor-browser directory without having to repeatedly update
 firefox's build and config files.  I'll try this out tonight when I get
 home.  Assuming it all works this patch looks great to me!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26381 [Applications/Tor Browser]: about:tor page does not load on first start in localized Windows bundle

[Tor Bug Tracker & Wiki]

#26381: about:tor page does not load on first start in localized Windows bundle
-+-
 Reporter:  gk   |  Owner:
 |  pospeselr
 Type:  defect   | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, ff60-esr, |  Actual Points:
  TorBrowserTeam201808   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * cc: tbb-team (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26381 [Applications/Tor Browser]: about:tor page does not load on first start in localized Windows bundle

[Tor Bug Tracker & Wiki]

#26381: about:tor page does not load on first start in localized Windows bundle
-+-
 Reporter:  gk   |  Owner:
 |  pospeselr
 Type:  defect   | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, ff60-esr, |  Actual Points:
  TorBrowserTeam201808   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by pospeselr):

 * status:  new => assigned
 * owner:  tbb-team => pospeselr


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27130 [Core Tor/Tor]: rust dependency updating instructions don't work

[Tor Bug Tracker & Wiki]

#27130: rust dependency updating instructions don't work
--+--
 Reporter:  cyberpunks|  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:  Tor: 0.3.3.9
 Severity:  Normal| Resolution:
 Keywords:  rust,doc  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cyberpunks):

 See branch 'rust-dependencies1' at https://gitgud.io/onionk/tor.git

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27130 [Core Tor/Tor]: rust dependency updating instructions don't work

[Tor Bug Tracker & Wiki]

#27130: rust dependency updating instructions don't work
--+--
 Reporter:  cyberpunks|  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:  Tor: 0.3.3.9
 Severity:  Normal|   Keywords:  rust,doc
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 None of the instructions mention updating `Cargo.lock`, which is required.
 The script `updateRustDependencies.sh` doesn't update that file, either.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #3893 [Webpages/Website]: Verifying-signatures needs some work

[Tor Bug Tracker & Wiki]

#3893: Verifying-signatures needs some work
--+--
 Reporter:  mikeperry |  Owner:  arma
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:  website redesign
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by traumschule):

 * status:  assigned => needs_review


Comment:

 remove full path from windows gpg command (comment:7)
 ​https://github.com/torproject/webwml/pull/7

 Riseup's devs are similarly happy to keep their
 [https://riseup.net/en/security/network-security/certificates
 certificates] and [https://riseup.net/en/security/network-security/riseup-
 ca CA] pages up to date.

 If these patches get merged i might look into an automated solution. Feel
 free to assign me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27091 [Core Tor/Tor]: Configure jenkins with CARGO_HOME in a writeable directory

[Tor Bug Tracker & Wiki]

#27091: Configure jenkins with CARGO_HOME in a writeable directory
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  032-backport, 033-backport,  |  Actual Points:
  034-backport   |
Parent ID:  #24629   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by Hello71):

 Replying to [comment:2 teor]:
 > We should do whatever other Rust packages do.

 As I said in #26038, "I think most C+Rust projects still use the global
 cache. I tried searching GitHub
 (​https://github.com/search?q=%22CARGO_HOME%22+extension%3Aam=Code).
 I found that tor is the only project that does not. for users who do not
 care, using the global cache will save download time and bandwidth on
 repeat builds, and for those who do care, my patch prints a warning so
 they will know. (maybe it should be downgraded to NOTICE?)". (fwiw, I
 checked librsvg just now and found that they override CARGO_HOME only for
 gitlab-ci builds)

 > If there's no clear answer, I suggest that we make the build directory
 CARGO_HOME if:
 > * CARGO_HOME is unset or not writeable, and
 > * HOME is unset or not writeable

 I think this sounds acceptable, but indicates a broken build environment.
 I know Gentoo sets HOME to a private temporary directory for each package
 build. I believe all of the presently used standardized Debian build
 scripts do so as well.

 Replying to [comment:4 catalyst]:
 > If we build in offline mode, does cargo need to write to `CARGO_HOME` or
 `HOME` at all?

 Not as far as I know. I believe Cargo presently stores only configuration,
 registry information, and package source in CARGO_HOME. The first one is
 manually created by the user (another solid reason to not override
 CARGO_HOME now that I think about it), and the other two are vendored.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22637 [Webpages/Website]: Find a more maintainable approach for the signing-keys page

[Tor Bug Tracker & Wiki]

#22637: Find a more maintainable approach for the signing-keys page
--+
 Reporter:  arma  |  Owner:  hiro
 Type:  defect| Status:  accepted
 Priority:  Medium|  Milestone:  website
  |  redesign
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:  website-content, website-bug  |  Actual Points:
Parent ID:  #3893 | Points:
 Reviewer:|Sponsor:
--+
Changes (by traumschule):

 * parent:   => #3893


Comment:

 It makes sense to think this together with #3893 as it suggests:
 >The list of keys that signs sub-components and/or email should be on a
 completely separate page.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24629 [Core Tor/Tor]: Activate osx builds on travis, at low priority

[Tor Bug Tracker & Wiki]

#24629: Activate osx builds on travis, at low priority
-+-
 Reporter:  teor |  Owner:  teor
 Type:  enhancement  | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  not-just-linux, tor-ci, teor-was-|  Actual Points:
  assigned, 034-triage-20180328, |
  034-removed-20180328, 034-backport,|
  035-removed-20180711, fast-fix |
Parent ID:   | Points:  0.5
 Reviewer:  catalyst |Sponsor:
-+-
Changes (by catalyst):

 * status:  needs_review => needs_information


Comment:

 Overall this looks very good! I think this is a lot of work and will make
 things more maintainable in the future.

 I would like to know if it ends up being significantly slower to default
 to using offline builds for most `--enable-rust` builds instead of cached
 online builds. I think the more places we use `--enable-cargo-online-
 mode`, the more places we can have trouble with a transient network
 failure.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21808 [Webpages/Website]: show Windows `gpg --verify` command on one line

[Tor Bug Tracker & Wiki]

#21808: show Windows `gpg --verify` command on one line
--+--
 Reporter:  pege  |  Owner:  hiro
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  website redesign
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:  website-content   |  Actual Points:
Parent ID:  #3893 | Points:
 Reviewer:|Sponsor:
--+--
Changes (by traumschule):

 * status:  assigned => needs_review
 * parent:   => #3893


Comment:

 ​https://github.com/torproject/webwml/pull/7

 > ​The path to gpg appears to be outdated too. Would be great if someone
 with access to a Windows machine could look into it.
 +1

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27129 [Applications/Tor Browser]: Add ca, ga, id, nb, pt locales for Tor Browser

[Tor Bug Tracker & Wiki]

#27129: Add ca, ga, id, nb, pt locales for Tor Browser
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-localization
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 According to our monitoring at https://torpat.ch/locales, these 5 locales
 are 100% translated.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #9809 [Applications/Tor Browser]: Re-disable Ctypes in TBB 7.0

[Tor Bug Tracker & Wiki]

#9809: Re-disable Ctypes in TBB 7.0
+--
 Reporter:  mikeperry   |  Owner:  tbb-team
 Type:  enhancement | Status:  new
 Priority:  High|  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-3.0, tbb-firefox-patch  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by ct):

 Replying to [comment:5 gk]:
 > Replying to [comment:4 ct]:
 > > Didn't Mozilla fix it in esr60?
 >
 > Fix what?
 What this ticket is about. Now it seems to be disabled by default (the
 only positive thing of switching to WebExtensions, heh).
 > Which Mozilla bug number do you have in mind?
 For example, https://bugzilla.mozilla.org/show_bug.cgi?id=1215067?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26910 [Core Tor/Tor]: Could tor drop privileges even earlier? (before trying to access anything on the filesystem beyond its torrc files)

[Tor Bug Tracker & Wiki]

#26910: Could tor drop privileges even earlier? (before trying to access 
anything
on the filesystem beyond its torrc files)
--+--
 Reporter:  nusenu|  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  035-roadmap-proposed  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_revision
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201808   |
Parent ID:  #25735   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24056 [Applications/Tor Browser]: UI locale is detectable by button width

[Tor Bug Tracker & Wiki]

#24056: UI locale is detectable by button width
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  tbb-fingerprinting,  |  Actual Points:
  TorBrowserTeam201808   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by pospeselr):

 * status:  needs_review => needs_revision
 * keywords:  tbb-fingerprinting, TorBrowserTeam201808R => tbb-
 fingerprinting, TorBrowserTeam201808


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24056 [Applications/Tor Browser]: UI locale is detectable by button width

[Tor Bug Tracker & Wiki]

#24056: UI locale is detectable by button width
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  tbb-fingerprinting,  |  Actual Points:
  TorBrowserTeam201808R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by pospeselr):

 Looking at the code, there doesn't *seem* to be any reason why
 gPropertiesFile can't be:
 {{{
 static const char* gPropertiesFile[nsContentUtils::PropertiesFile[COUNT]
 }}}

 The CreateBundle method each of those strings is passed to expects a const
 char* with no hard-coded expectation of length.  It's static so the symbol
 can't be resolved outside this cpp.  Also, fwiw the new max length string
 in that array is 75, not 78 (including null-terminator).

 Why is the setting to enable 2 rather than 1?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26369 [Core Tor/Tor]: Re-fetch onion service descriptor for isolated request

[Tor Bug Tracker & Wiki]

#26369: Re-fetch onion service descriptor for isolated request
-+-
 Reporter:  sysrqb   |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, tor-client, 035-roadmap- |  Actual Points:
  proposed, tbb-needs|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26961 [Applications/Tor Browser]: implement new user onboarding

[Tor Bug Tracker & Wiki]

#26961: implement new user onboarding
--+--
 Reporter:  mcs   |  Owner:  mcs
 Type:  defect| Status:  needs_review
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201808R |  Actual Points:
Parent ID:  #25695| Points:
 Reviewer:|Sponsor:
--+--

Comment (by antonela):

 Replying to [comment:5 mcs]:
 > Here are a few notes for the UX Team / Antonela:

 > * The onboarding requires a window that is at least 960 pixels wide;
 otherwise, it is not shown. Hopefully most of our users have a display
 that is wide enough.

 Is this a Firefox's media query break up? What happens with smaller
 screens? We could think in a responsive version for next iteration :)

 > * We need a "watermark" icon (64x64 PNG). This is shown on about:tor
 after the user has completed all of the onboarding tasks. For now, Kathy
 and I put in a grayscale version of the Tor Browser globe icon (we know
 that a new browser icon is coming, so we didn't spend much time on this).
 The image that Firefox uses is here: https://dxr.mozilla.org/mozilla-
 esr60/source/browser/extensions/onboarding/content/img/watermark.svg

 Great, perfect. Thanks.

 > * Firefox has a small icon for each of the onboarding tasks, shown to
 the left of the task name (see a screenshot here) https://techdows.com/wp-
 content/uploads/2017/06/Firefox-Photon-onboarding-tour-min.png). Your
 design has no icons, so we omitted them (but they could be added).

 Yes, we can think about to include them or not on the next iteration.

 > * The Firefox onboarding code adds a checkmark to the left of the
 completed task's titles. Kathy and I made a PNG that is 15x15 pixels from
 Mozilla's image: https://dxr.mozilla.org/mozilla-
 esr60/source/browser/extensions/onboarding/content/img/icons_tour-
 complete.svg

 Ok.

 > * We disabled onboarding notifications since we do not have a
 specification for the text (if enabled, these would appear at the bottom
 of the about:tor window to prompt users to look at onboarding tasks). Do
 we want notifications in a future version of this feature? We would need a
 notification title and message for each of the onboarding tasks. The
 English strings used by Firefox ESR60 are in the following file (search
 for `onboarding.notification.onboarding-tour`): https://dxr.mozilla.org
 /mozilla-esr60/source/browser/extensions/onboarding/locales/en-
 US/onboarding.properties There is also a button for each notification but
 in all cases Firefox ESR60 uses "Learn More" as the label (from
 `onboarding.button.learnMore` in that same properties file).

 We might do it. I'll keep it in mind for the next iteration.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21818 [Core Tor/Tor]: tor's handling of SIGHUP considered harmful

[Tor Bug Tracker & Wiki]

#21818: tor's handling of SIGHUP considered harmful
--+--
 Reporter:  cypherpunks   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  035-roadmap-proposed  |  Actual Points:
Parent ID:  #25510| Points:
 Reviewer:|Sponsor:
--+--
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14209 [Core Tor/Tor]: Implement SOCKSPort windows:path for named pipes

[Tor Bug Tracker & Wiki]

#14209: Implement SOCKSPort windows:path for named pipes
-+-
 Reporter:  anon |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-client, needs-libevent-patches,  |  Actual Points:
  hard, win32, windows, 036-proposed, 035|
  -roadmap-proposed  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27127 [Applications/Tor Browser]: Audit and enable HTTP/2 push

[Tor Bug Tracker & Wiki]

#27127: Audit and enable HTTP/2 push
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-linkability, tbb-performance  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arthuredelstein):

 * keywords:  tbb-linkability => tbb-linkability, tbb-performance


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27128 [Applications/Tor Browser]: Consider homogenizing HTTP/2 Settings prefs.

[Tor Bug Tracker & Wiki]

#27128: Consider homogenizing HTTP/2 Settings prefs.
--+
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-
  |  fingerprinting-os
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 From #14592:

 > * SETTINGS_HEADER_TABLE_SIZE depends on the "network.http.spdy.default-
 hpack-buffer" pref. In Firefox it is set by default to 65536 on desktop
 and 4096 on mobile.
 > * SETTINGS_ENABLE_PUSH and SETTINGS_MAX_CONCURRENT_STREAMS depend on
 "network.http.spdy.allow-push" pref, which is "true" by default.
 > * SETTINGS_INITIAL_WINDOW_SIZE depends on "network.http.spdy.push-
 allowance", which is 131072 on desktop and 32768 on mobile by default.
 > * SETTINGS_MAX_FRAME_SIZE is always set to 0x4000.
 >
 > The above prefs don't provide significant entropy, unless the user has
 modified the one or more of them from their default value. Otherwise they
 mainly serve to distinguish different browsers or platforms.

 We could consider making these prefs all the same, to avoid this extra
 distinction between platforms. But are there performance drawbacks?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27088 [Core Tor/Tor]: Pass MODULES_OPTIONS in DISTCHECK_CONFIGURE_FLAGS

[Tor Bug Tracker & Wiki]

#27088: Pass MODULES_OPTIONS in DISTCHECK_CONFIGURE_FLAGS
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.4.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  not-just-linux, tor-ci, teor-was-|  Actual Points:
  assigned, 034-triage-20180328, |
  034-removed-20180328, 034-backport,|
  035-removed-20180711, fast-fix |
Parent ID:  #24629   | Points:
 Reviewer:  catalyst |Sponsor:
-+-
Changes (by catalyst):

 * status:  needs_review => merge_ready


Comment:

 Looks good! I'm not sure I like passing configure options that begin with
 `--` as the first argument to `echo`. Maybe put some text that doesn't
 start with a dash first? Like `echo configuring with flags
 $CONFIGURE_FLAGS`?

 On the other hand, I think the shells that Travis uses on all its
 platforms will tolerate it, so maybe we can let that remain.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27127 [Applications/Tor Browser]: Audit and enable HTTP/2 push

[Tor Bug Tracker & Wiki]

#27127: Audit and enable HTTP/2 push
--+-
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-linkability
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 In #14592 we plan to enable HTTP/2, but we are postponing enabling HTTP/2
 push in case there are potential privacy concerns. Let's investigate any
 concerns here and hopefully enable push in the future.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27090 [Core Tor/Tor]: Travis: enable lzma and zstd in configure, if available

[Tor Bug Tracker & Wiki]

#27090: Travis: enable lzma and zstd in configure, if available
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.1.5-alpha
 Severity:  Normal   | Resolution:
 Keywords:  not-just-linux, tor-ci, teor-was-|  Actual Points:
  assigned, 034-triage-20180328, |
  034-removed-20180328, 034-backport,|
  035-removed-20180711, fast-fix |
Parent ID:  #24629   | Points:
 Reviewer:  nickm|Sponsor:
-+-
Changes (by nickm):

 * status:  needs_review => merge_ready


Comment:

 The patch (e4d7f2667c6c4660ad9663a39fbdef7d3e2961cd) looks plausible to
 me.  Looking at the build logs on travis, I can confirm that Tor is
 detecting and building with zstd and lzma on OSX, and with lzma on ubuntu.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23586 [Webpages/Website]: fingerprint in documentation is wrong

[Tor Bug Tracker & Wiki]

#23586: fingerprint in documentation is wrong
--+--
 Reporter:  kkuehl@…  |  Owner:  traumschule
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  website redesign
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:  gpg fingerprint   |  Actual Points:
Parent ID:  #3893 | Points:
 Reviewer:  hiro  |Sponsor:
--+--
Changes (by traumschule):

 * status:  assigned => needs_review
 * parent:   => #3893


Comment:

 https://github.com/torproject/webwml/pull/7

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25695 [Applications/Tor Browser]: Activity 5.1: Redesign Tor Browser homepage ("about:tor") - create an user onboard

[Tor Bug Tracker & Wiki]

#25695: Activity 5.1: Redesign Tor Browser homepage ("about:tor") - create an 
user
onboard
---+---
 Reporter:  isabela|  Owner:  antonela
 Type:  defect | Status:
   |  needs_information
 Priority:  Very High  |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201808  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor17
---+---

Comment (by antonela):

 Oh, thanks for the heads up. Updated version here:
 
https://trac.torproject.org/projects/tor/attachment/ticket/25695/figure_welcome.zip

 Replying to [comment:36 mcs]:
 > This looks good, except `figure_welcome.png` appears to be clipped on
 the bottom and right sides (e.g., part of the magnifying glass handle is
 missing). Is that intentional?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25695 [Applications/Tor Browser]: Activity 5.1: Redesign Tor Browser homepage ("about:tor") - create an user onboard

[Tor Bug Tracker & Wiki]

#25695: Activity 5.1: Redesign Tor Browser homepage ("about:tor") - create an 
user
onboard
---+---
 Reporter:  isabela|  Owner:  antonela
 Type:  defect | Status:
   |  needs_information
 Priority:  Very High  |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201808  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor17
---+---
Changes (by antonela):

 * Attachment "figure_welcome.zip" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26497 [Core Tor/Tor]: set CARGO_HOME correctly or stop using it

[Tor Bug Tracker & Wiki]

#26497: set CARGO_HOME correctly or stop using it
-+-
 Reporter:  catalyst |  Owner:  (none)
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.1.5-alpha
 Severity:  Normal   | Resolution:
 Keywords:  rust, tor-ci, 035-removed-20180711,  |  Actual Points:
  035-roadmap-proposed   |
Parent ID:  #24629   | Points:
 Reviewer:  catalyst |Sponsor:
-+-
Changes (by catalyst):

 * status:  needs_review => merge_ready


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27093 [Core Tor/Tor]: Consistently use ${abs_top_srcdir:-../../..} in test_rust.sh

[Tor Bug Tracker & Wiki]

#27093: Consistently use ${abs_top_srcdir:-../../..} in test_rust.sh
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.4.3-alpha
 Severity:  Normal   | Resolution:
 Keywords:  not-just-linux, tor-ci, teor-was-|  Actual Points:
  assigned, 034-triage-20180328, |
  034-removed-20180328, 034-backport,|
  035-removed-20180711, fast-fix |
Parent ID:  #24629   | Points:
 Reviewer:  catalyst |Sponsor:
-+-
Changes (by catalyst):

 * status:  needs_review => merge_ready


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16406 [Webpages/Website]: "Tor" is not listed as a project on torproject.org

[Tor Bug Tracker & Wiki]

#16406: "Tor" is not listed as a project on torproject.org
+--
 Reporter:  arthuredelstein |  Owner:
|  cypherpunks
 Type:  enhancement | Status:
|  needs_review
 Priority:  Medium  |  Milestone:
|  WebsiteV3
Component:  Webpages/Website|Version:
 Severity:  Normal  | Resolution:
 Keywords:  defer-new-website, website-content  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  hiro|Sponsor:
+--
Changes (by traumschule):

 * status:  needs_information => needs_review


Comment:

 https://github.com/torproject/webwml/pull/6

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27091 [Core Tor/Tor]: Configure jenkins with CARGO_HOME in a writeable directory

[Tor Bug Tracker & Wiki]

#27091: Configure jenkins with CARGO_HOME in a writeable directory
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  032-backport, 033-backport,  |  Actual Points:
  034-backport   |
Parent ID:  #24629   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by catalyst):

 Replying to [comment:2 teor]:
 > If there's no clear answer, I suggest that we make the build directory
 CARGO_HOME if:
 > * CARGO_HOME is unset or not writeable, and
 > * HOME is unset or not writeable
 If we build in offline mode, does cargo need to write to `CARGO_HOME` or
 `HOME` at all?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #5489 [Webpages/Website]: Write up a "how to report bugs and security issues, and what happens then" post or FAQ

[Tor Bug Tracker & Wiki]

#5489: Write up a "how to report bugs and security issues, and what happens 
then"
post or FAQ
---+---
 Reporter:  nickm  |  Owner:  nickm
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:  WebsiteV3
Component:  Webpages/Website   |Version:
 Severity:  Normal | Resolution:
 Keywords:  defer-new-website  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by traumschule):

 also relevant: [[org/teams/NetworkTeam/SecurityPolicy]]

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26628 [Applications/Tor Browser]: Consider backporting fix for crash in originattributes

[Tor Bug Tracker & Wiki]

#26628: Consider backporting fix for crash in originattributes
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  tbb-crash, TorBrowserTeam201808R  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Thanks, applied to `tor-browser-60.1.0esr-8.0-1` (commits
 82446eff1db658db8dae23443deac036b164b769 and
 7d9decc785bdc42443ee9835e0244f082d6911fb).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26833 [Applications/Tor Browser]: Include IP addresses in First Party Isolation (FPI)

[Tor Bug Tracker & Wiki]

#26833: Include IP addresses in First Party Isolation (FPI)
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-linkability, |  Actual Points:
  TorBrowserTeam201808R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Thanks, applied to `tor-browser-60.1.0esr-8.0-1` (commit
 a8a7f63745d822670462bde4c8db8cbb2ccc397c and
 a75945d96b2d8903a86ac1c9016a8d300028b79f).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27126 [Webpages]: tor-browser/user-manual: secure-connections.page includes source of tor-and-https.svg

[Tor Bug Tracker & Wiki]

#27126: tor-browser/user-manual: secure-connections.page includes source of tor-
and-https.svg
-+
 Reporter:  traumschule  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Webpages |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+
 At the bottom of https://tb-manual.torproject.org/en-US/secure-
 connections.html the [https://gitweb.torproject.org/tor-browser/user-
 manual.git/tree/C/media/tor-and-https.svg image source] linked in
 [https://gitweb.torproject.org/tor-browser/user-manual.git/tree/C/secure-
 connections.page secure-connections.page] is inserted:

 > Specify "ltr" for left-to-right languages or "rtl" for right-to-left
 languages (e.g. Arabic or Hebrew). Keep it short: 7em max. Seven times the
 capital letter "M". Keep it short: 8em is ok, 9em is max. Keep it short:
 3em max. Keep it short: 4em max. Tor and HTTPS image/svg+xmlTor and
 HTTPShttps://gitweb.torproject.org/user/lunar/tor-and-https.gitEFFEFF
 Lunar

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25695 [Applications/Tor Browser]: Activity 5.1: Redesign Tor Browser homepage ("about:tor") - create an user onboard

[Tor Bug Tracker & Wiki]

#25695: Activity 5.1: Redesign Tor Browser homepage ("about:tor") - create an 
user
onboard
---+---
 Reporter:  isabela|  Owner:  antonela
 Type:  defect | Status:
   |  needs_information
 Priority:  Very High  |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201808  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor17
---+---
Changes (by mcs):

 * status:  new => needs_information


Comment:

 Replying to [comment:35 antonela]:
 > Illustrations for the onboarding attached here
 > https://trac.torproject.org/projects/tor/attachment/ticket/25695
 /onboarding-illos.zip
 >
 > Please, remove metadata and let me know if you need any different
 format. Thanks!

 This looks good, except `figure_welcome.png` appears to be clipped on the
 bottom and right sides (e.g., part of the magnifying glass handle is
 missing). Is that intentional?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27080 [Core Tor/Tor]: bridges fail on Tor 0.3.4.1-alpha and later

[Tor Bug Tracker & Wiki]

#27080: bridges fail on Tor 0.3.4.1-alpha and later
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.4.1-alpha
 Severity:  Major| Resolution:
 Keywords:  034-must, 035-must, regression,  |  Actual Points:
  tor-bridge 034-backport|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * priority:  Medium => High
 * cc: dgoulet (added)
 * severity:  Normal => Major


Comment:

 Somebody should find out whether this affects bridges and/or bridge
 clients on the real network, or whether it is a chutney-only bug.  That
 will determine whether it is super-high-priority or just regular high-
 priority.

 I've reproduced this on a Fedora system, and tried to bisect.  My result
 was that the first bad commit is ed89bb32535fbf354b406a36f3176380a4e226bf"
 "Specialize the periodic events on a per-role basis." So I would guess
 that this does affect real users.  I've attached my "git bisect" log, in
 case I messed up somewhere.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27080 [Core Tor/Tor]: bridges fail on Tor 0.3.4.1-alpha and later

[Tor Bug Tracker & Wiki]

#27080: bridges fail on Tor 0.3.4.1-alpha and later
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.4.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  034-must, 035-must, regression,  |  Actual Points:
  tor-bridge 034-backport|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * Attachment "27080_bisect.log" added.

 git bisect log (nickm)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23588 [Core Tor/Tor]: Write fascist_firewall_choose_address_ls() and use it in hs_get_extend_info_from_lspecs()

[Tor Bug Tracker & Wiki]

#23588: Write fascist_firewall_choose_address_ls() and use it in
hs_get_extend_info_from_lspecs()
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  prop224, tor-hs, single-onion,   |  Actual Points:
  ipv6, 034-triage-20180328, |
  034-removed-20180328   |
Parent ID:  #23493   | Points:  1
 Reviewer:  teor |Sponsor:
-+-

Comment (by neel):

 Replying to [comment:31 teor]:
 > Replying to [comment:30 teor]:
 > > I think you might be expecting fascist_firewall_choose_address_base()
 to always return a valid address. But sometimes, there won't be any
 reachable addresses. If there aren't any reachable addresses, we need the
 3-hop fallback code, which hasn't been written yet.
 >
 > You can log a BUG() warning and fail the connection when there's no
 reachable address. We can write the 3-hop fallback code later in #23818.

 I plan to do this after have reverted my address choosing code and
 switched back to `fascist_firewall_choose_address_base()`.

 I do have a question: where should I put the `BUG()` warning when there's
 no reachable address?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26833 [Applications/Tor Browser]: Include IP addresses in First Party Isolation (FPI)

[Tor Bug Tracker & Wiki]

#26833: Include IP addresses in First Party Isolation (FPI)
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  merge_ready
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, |  Actual Points:
  TorBrowserTeam201808R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * status:  needs_review => merge_ready


Comment:

 Looks good to me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26628 [Applications/Tor Browser]: Consider backporting fix for crash in originattributes

[Tor Bug Tracker & Wiki]

#26628: Consider backporting fix for crash in originattributes
--+
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:
  |  merge_ready
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-crash, TorBrowserTeam201808R  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by arthuredelstein):

 * status:  needs_review => merge_ready


Comment:

 Looks good to me. Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25696 [Applications/Tor Browser]: Design of alpha onboarding for Tor Browser for Android

[Tor Bug Tracker & Wiki]

#25696: Design of alpha onboarding for Tor Browser for Android
-+-
 Reporter:  isabela  |  Owner:
 |  antonela
 Type:  defect   | Status:
 |  needs_review
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tbb-mobile, |  Actual Points:
  TorBrowserTeam201808   |
Parent ID:  #26531   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by arthuredelstein):

 Replying to [comment:23 sysrqb]:
 > Replying to [comment:22 emmapeel]:
 > > I have added it to transifex at
 https://www.transifex.com/otf/torproject/tba-android_stringsdtd/
 > >
 > > and it checks the file at
 > >
 > > https://gitweb.torproject.org/tor-
 browser.git/plain/mobile/android/base/locales/en-US/android_strings.dtd
 >
 > Hrm. Does this duplicate work from Mozilla? That file is currently
 localized by Mozilla, too. As an example, es-ES: https://hg.mozilla.org
 /l10n-central/es-ES/file/tip/mobile/android/base/android_strings.dtd
 >
 > I agree Tor Browser-specific strings must be localized, but will
 translators localize all strings in that file? Even if we only add a few
 new strings?

 Looks like we don't want this file in Transifex. I opened #27125 for
 fixing this issue.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27125 [Applications/Tor Browser]: Remove superfluous strings on tba-android_stringsdtd branch

[Tor Bug Tracker & Wiki]

#27125: Remove superfluous strings on tba-android_stringsdtd branch
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-localization
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 The current Tor Browser Android translation.git branch seems to contain
 all Fennec strings from  https://hg.mozilla.org/mozilla-
 central/file/812e732d0928/mobile/android/base/locales/en-
 US/android_strings.dtd, which is unnecessary because these strings are
 already continuously updated and translated by Mozilla.

 So we should remove
 https://gitweb.torproject.org/translation.git/tree/en/android_strings.dtd?h
 =tba-android_stringsdtd

 Probably most Tor Browser strings are shared between Desktop and Android.
 So we should not duplicate these either. We could introduce a .dtd for
 TBA-only strings. Or we could share .dtd and .properties files between
 Desktop and Android. Any strings only needed for Desktop can be ignored by
 Android and vice versa.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27124 [Metrics/Onionoo]: Reading node statuses pointlessly initialises first seen millis as last seen millis

[Tor Bug Tracker & Wiki]

#27124: Reading node statuses pointlessly initialises first seen millis as last
seen millis
-+--
 Reporter:  irl  |  Owner:  metrics-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+--
 {{{
   long firstSeenMillis = lastSeenMillis;
   firstSeenMillis = DateTimeHelper.parse(parts[15] + " " + parts[16]);
 }}}

 
https://gitweb.torproject.org/onionoo.git/tree/src/main/java/org/torproject/onionoo/docs/NodeStatus.java#n568

 Maybe this was done for a reason and later broken, or maybe it was never
 needed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26655 [Applications/Tor Browser]: onion button is wrong size and color

[Tor Bug Tracker & Wiki]

#26655: onion button is wrong size and color
-+--
 Reporter:  arthuredelstein  |  Owner:  antonela
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff60-esr, TorBrowserTeam201808R  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by gk):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Thanks! Merged to `master` (commit
 e9b4af29d8acf595bd0da4253336db0783ad5b24).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26655 [Applications/Tor Browser]: onion button is wrong size and color

[Tor Bug Tracker & Wiki]

#26655: onion button is wrong size and color
-+-
 Reporter:  arthuredelstein  |  Owner:  antonela
 Type:  defect   | Status:  merge_ready
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808R  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * status:  needs_review => merge_ready


Comment:

 I built and tested it and it looks good to me. Thanks, antonela and gk!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25485 [Applications/Tor Browser]: Browser/TorBrowser/Tor/libstdc++.so.6: version `CXXABI_1.3.11' not found (required by /usr/lib/x86_64-linux-gnu/libmirclient.so.9)

[Tor Bug Tracker & Wiki]

#25485: Browser/TorBrowser/Tor/libstdc++.so.6: version `CXXABI_1.3.11' not found
(required by /usr/lib/x86_64-linux-gnu/libmirclient.so.9)
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  reopened
 Priority:  Very High   |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by mcs):

 Replying to [comment:41 sukhbir]:
 > I am not sure but doesn't that break the updater as well? Or would it
 simply replace the Firefox executable with the script and add the new
 binary?

 That should not break updates. Patching, adding, and removing files should
 be handled correctly.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26476 [Applications/Tor Browser]: Tor Browser candidates for 8.0a9 on Windows don't start anymore

[Tor Bug Tracker & Wiki]

#26476: Tor Browser candidates for 8.0a9 on Windows don't start anymore
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Immediate|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  TorBrowserTeam201806,|  Actual Points:
  GeorgKoppen201806, tbb-rbm |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by pospeselr):

 * cc: pospeselr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19930 [Webpages/Website]: web site menu needlessly jumps around

[Tor Bug Tracker & Wiki]

#19930: web site menu needlessly jumps around
+--
 Reporter:  chadmiller  |  Owner:  cypherpunks
 Type:  defect  | Status:
|  needs_information
 Priority:  Medium  |  Milestone:  WebsiteV3
Component:  Webpages/Website|Version:
 Severity:  Minor   | Resolution:
 Keywords:  defer-new-website, ux-team  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by traumschule):

 * status:  assigned => needs_information


Comment:

 With TBB 7.5.6 (52.9, 32bit, js enabled or not) the font switches to bold
 on hover and back unhovering. Is this the described behavior? Otherwise I
 am not sure to understand

 > Because* your mouse-pointer is there, the location of things near it is
 different! Where you wanted to click changed because you tried to click.

 If it's about the colour I can create a PR. Which color do you prefer,
 {{{#4e6a20}}}, the [https://www.torproject.org/images/sidenav-active.png
 menu background of the active page], or anything else?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27121 [Metrics/ExoneraTor]: Release ExoneraTor 3.0.0

[Tor Bug Tracker & Wiki]

#27121: Release ExoneraTor 3.0.0
+--
 Reporter:  karsten |  Owner:  karsten
 Type:  task| Status:  needs_review
 Priority:  Medium  |  Milestone:
Component:  Metrics/ExoneraTor  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by karsten):

 * status:  assigned => needs_review


Comment:

 ExoneraTor branch:
 
​​​https://gitweb.torproject.org/user/karsten/exonerator.git/log/?h=task-27121

 Pre-release tarball:
 
​​​https://people.torproject.org/~karsten/volatile/exonerator-3.0.0-pre0.tar.gz

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27123 [Applications/Tor Browser]: Investigate PING/SETTINGS-related timing side-channels

[Tor Bug Tracker & Wiki]

#27123: Investigate PING/SETTINGS-related timing side-channels
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 We are auditing HTTP/2 for tracking vectors in #14592. But a more
 difficult question for HTTP/2 (and potentially HTTP 1.x) are timing side
 channels.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26189 [Applications/Tor Browser]: Remove our content policy hack for #8725

[Tor Bug Tracker & Wiki]

#26189: Remove our content policy hack for #8725
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-torbutton, |  Actual Points:
  TorBrowserTeam201808R  |
Parent ID:  #26544   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * keywords:  ff60-esr, tbb-torbutton, TorBrowserTeam201808 => ff60-esr,
 tbb-torbutton, TorBrowserTeam201808R
 * status:  new => needs_review


Comment:

 Here's my patch for review:

 https://github.com/arthuredelstein/torbutton/commit/26189

 I tested this patch with:
 * https://www.ducksong.com/misc/b2.html
 * https://arthuredelstein.github.io/tordemos/resource-locale.html
 * https://browserleaks.com/firefox
 and confirmed that no information is leaking, as far as these patches can
 tell.

 I also confirmed that
 https://trac.torproject.org/projects/tor/ticket/26544 is fixed with this
 patch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26376 [Core Tor/Tor]: add cross compiling docs

[Tor Bug Tracker & Wiki]

#26376: add cross compiling docs
--+--
 Reporter:  Hello71   |  Owner:  Hello71
 Type:  enhancement   | Status:  needs_revision
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:  catalyst  |Sponsor:
--+--
Changes (by catalyst):

 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:4 Hello71]:
 > ahf said that MXE "sounds cool" and presumably would like to not
 maintain https://github.com/ahf/tor-win32/. additionally, the MXE option
 supports zstd and xz. therefore, I would like to keep those. if you or ahf
 could test those it would be great.
 >
 > already fixed TOR_RUST_TARGET in an earlier revision.
 >
 > changed jenkins wording to be more critical.
 Thanks. Please delete mentions of MXE for now. We can look at that in a
 separate ticket. Also, what do you mean by this:
 > Jenkins is not a part of the Tor infrastructure

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21900 [Core Tor/Tor]: evdns fails when resolv.conf is missing, but succeeds when resolv.conf is empty

[Tor Bug Tracker & Wiki]

#21900: evdns fails when resolv.conf is missing, but succeeds when resolv.conf 
is
empty
-+-
 Reporter:  teor |  Owner:  rl1987
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  technical-debt, dns, crash, tor- |  Actual Points:
  relay, macos, 032-unreached|
Parent ID:   | Points:  2
 Reviewer:   |Sponsor:
-+-
Changes (by rl1987):

 * status:  accepted => needs_review


Comment:

 https://github.com/torproject/tor/pull/273

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27122 [Applications/Quality Assurance and Testing]: tbb-testsuite: fix the slider_settings tests for esr60

[Tor Bug Tracker & Wiki]

#27122: tbb-testsuite: fix the slider_settings tests for esr60
-+-
 Reporter:  boklm|  Owner:  boklm
 Type:  task | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:   |Version:
  Applications/Quality Assurance |
  and Testing|   Keywords:  boklm201808,
 Severity:  Normal   |  TorBrowserTeam201808, tbb-testsuite
Actual Points:   |  Parent ID:  #27105
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 We need to fix the slider_settings tests for the new security slider
 prefs.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27106 [Applications/Quality Assurance and Testing]: tbb-testsuite: stop using preferences/extension-overrides.js

[Tor Bug Tracker & Wiki]

#27106: tbb-testsuite: stop using preferences/extension-overrides.js
-+-
 Reporter:  boklm|  Owner:  boklm
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Quality Assurance and   |Version:
  Testing|
 Severity:  Normal   | Resolution:  fixed
 Keywords:  boklm201808, TorBrowserTeam201808,   |  Actual Points:
  tbb-testsuite  |
Parent ID:  #27105   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 This is fixed by commit `ca3b8ff55123f52de040dbaa47c6a909bb51d9be`.

 Instead of `preferences/extension-overrides.js` we are now using the
 `user.js` file in the profile directory. We are also using `user_pref()`
 instead of `pref()` to make sure we override the values of prefs defined
 in other preference files.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27119 [UX/Research]: Usability Research: Support Portal Feedback (was: User feedback survey-support portal)

[Tor Bug Tracker & Wiki]

#27119: Usability Research: Support Portal Feedback
-+--
 Reporter:  nyinz|  Owner:  nyinz
 Type:  project  | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  UX/Research  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team  |  Actual Points:
Parent ID:  #27010   | Points:
 Reviewer:  antonela |Sponsor:
-+--
Changes (by antonela):

 * status:  new => assigned
 * cc: nyinz (removed)
 * owner:  antonela => nyinz
 * reviewer:   => antonela
 * type:  defect => project


Old description:

> **Survey questions**
>
> -What Tor related product do you use? (Drop down list: I don’t use
> Tor,Tor Browser,Orbot,Orfox,etc)
>
> -Gender(Drop down list: I’d rather not say,Female,male,other...
> -Age (Drop down list: I’d rather not say,Less than 20,20-30,30-40,older)
>
> -Did you find what you were looking for?
> **OR**
> Was your question(s) answered? Do you have additional questions?
>
> -How would you rate your experience with this website?
> **OR**
> -What would you like to share with us about your experience here today?
>
> -Was this platform helpful? How so?
>
> -Closing note: Your feedback has been received. Thank you!
> **
> General suggestions**
>
> -Have a button for feedback on each page! This button can have 2 breaks:
> Make a comment about this page (Specific feedback)
> **OR**
> Make a comment about the website(General feedback)
>
> -Create the opportunity for users to give visual feedback, for example:
> by clicking on an emoji
> **OR**
> choosing a color that best describes how they feel
> **OR**
> taking a screenshot at the exact pain point

New description:

 Work in progress

 https://storm.torproject.org/shared/QdG2JSM8J4ehcEeGNZ1i19r_mT1J7AWnZWYZe6qXZ-4

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25485 [Applications/Tor Browser]: Browser/TorBrowser/Tor/libstdc++.so.6: version `CXXABI_1.3.11' not found (required by /usr/lib/x86_64-linux-gnu/libmirclient.so.9)

[Tor Bug Tracker & Wiki]

#25485: Browser/TorBrowser/Tor/libstdc++.so.6: version `CXXABI_1.3.11' not found
(required by /usr/lib/x86_64-linux-gnu/libmirclient.so.9)
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  reopened
 Priority:  Very High   |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by sukhbir):

 Replying to [comment:39 mcs]:

 > In general, I think we are putting too many important things inside
 start-tor-browser. Or to put it another way: after an update the browser
 should be started the same way as when users start the browser. In an
 ideal world, ./firefox would do everything necessary. We could move all of
 the start-tor-browser code into a script named firefox and rename the
 actual binary to something else)... but I don't know what that would
 break.

 I am not sure but doesn't that break the updater as well? Or would it
 simply replace the Firefox executable with the script and add the new
 binary?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27120 [Applications/Quality Assurance and Testing]: tbb-testsuite: marionette tests are failing when using strace

[Tor Bug Tracker & Wiki]

#27120: tbb-testsuite: marionette tests are failing when using strace
-+-
 Reporter:  boklm|  Owner:  boklm
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Applications/Quality Assurance and   |Version:
  Testing|
 Severity:  Normal   | Resolution:
 Keywords:  boklm201808, TorBrowserTeam201808,   |  Actual Points:
  tbb-testsuite  |
Parent ID:  #27105   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by boklm):

 Commit `2407d36e4f34cf9df3e334a8179db51e397e9adc` is temporarily disabling
 the `use_strace` option.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27121 [Metrics/ExoneraTor]: Release ExoneraTor 3.0.0

[Tor Bug Tracker & Wiki]

#27121: Release ExoneraTor 3.0.0
+--
 Reporter:  karsten |  Owner:  karsten
 Type:  task| Status:  assigned
 Priority:  Medium  |  Milestone:
Component:  Metrics/ExoneraTor  |Version:
 Severity:  Normal  |   Keywords:
Actual Points:  |  Parent ID:
   Points:  |   Reviewer:
  Sponsor:  |
+--
 Let's put out ExoneraTor 3.0.0, which will include the #23549 change.  I'm
 going to prepare a release branch and pre-release tarball today.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27120 [Applications/Quality Assurance and Testing]: tbb-testsuite: marionette tests are failing when using strace

[Tor Bug Tracker & Wiki]

#27120: tbb-testsuite: marionette tests are failing when using strace
-+-
 Reporter:  boklm|  Owner:  boklm
 Type:  defect   | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:   |Version:
  Applications/Quality Assurance |
  and Testing|   Keywords:  boklm201808,
 Severity:  Normal   |  TorBrowserTeam201808, tbb-testsuite
Actual Points:   |  Parent ID:  #27105
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 In the marionette tests that we run from the testsuite, we are running the
 browser with strace in order to check the system calls and detect possible
 files created outside the browser directory, and direct network
 connections.

 When running the testsuite on an esr60 based Tor Browser, the browser
 window does not open and an strace process takes a lot of cpu, until we
 get the following timeout error:
 {{{
 Using workspace for temporary data: "/home/user/tbb-
 testsuite/reports/r/FmdSZphWEU/results-tor-browser-linux64-8.0a9_es-
 ES.tar.xz/slider_settings_1_ws"
 mozversion application_buildid: 20180204020101
 mozversion application_display_name: Tor Browser
 mozversion application_id: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
 mozversion application_name: Firefox
 mozversion application_remotingname: firefox
 mozversion application_vendor: Mozilla
 mozversion application_version: 60.1.0
 mozversion platform_buildid: 20180204020101
 mozversion platform_version: 60.1.0
 Application command: /home/user/tbb-testsuite/tmp/_VycbfqfU2/tor-
 browser_es-ES/Browser/ff_slider_settings_1 -no-remote -marionette -profile
 /home/user/tbb-testsuite/reports/r/FmdSZphWEU/results-tor-browser-
 linux64-8.0a9_es-ES.tar.xz/slider_settings_1_ws/profile.default-1534170518
  2:00.17 LOG: MainThread ERROR Failure during harness execution
 Traceback (most recent call last):

   File "/home/user/tbb-testsuite/virtualenv-
 marionette-4.3.0/local/lib/python2.7/site-
 packages/marionette_harness-4.3.0-py2.7.egg/marionette_harness/runtests.py",
 line 92, in cli
 failed = harness_instance.run()

   File "/home/user/tbb-testsuite/virtualenv-
 marionette-4.3.0/local/lib/python2.7/site-
 packages/marionette_harness-4.3.0-py2.7.egg/marionette_harness/runtests.py",
 line 72, in run
 runner.run_tests(tests)

   File "/home/user/tbb-testsuite/virtualenv-
 marionette-4.3.0/local/lib/python2.7/site-
 packages/marionette_harness-4.3.0-py2.7.egg/marionette_harness/runner/base.py",
 line 837, in run_tests
 self.marionette = self.driverclass(**self._build_kwargs())

   File "/home/user/tbb-testsuite/virtualenv-
 marionette-4.3.0/local/lib/python2.7/site-
 packages/marionette_driver-2.5.0-py2.7.egg/marionette_driver/marionette.py",
 line 621, in __init__
 self.start_binary(self.startup_timeout)

   File "/home/user/tbb-testsuite/virtualenv-
 marionette-4.3.0/local/lib/python2.7/site-
 packages/marionette_driver-2.5.0-py2.7.egg/marionette_driver/marionette.py",
 line 633, in start_binary
 self.raise_for_port(timeout=timeout)

   File "/home/user/tbb-testsuite/virtualenv-
 marionette-4.3.0/local/lib/python2.7/site-
 packages/marionette_driver-2.5.0-py2.7.egg/marionette_driver/marionette.py",
 line 710, in raise_for_port
 self.host, self.port))

 IOError: Process killed after 120s because no connection to Marionette
 server could be established. Check gecko.log for errors
 }}}

 Disabling the use of strace is fixing the issue.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27118 [UX/Research]: Usability Research: Onions - Valencia (was: Usability Research Results-Onions-Valencia)

[Tor Bug Tracker & Wiki]

#27118: Usability Research: Onions - Valencia
-+--
 Reporter:  nyinz|  Owner:  nyinz
 Type:  project  | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  UX/Research  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team  |  Actual Points:
Parent ID:  #27010   | Points:
 Reviewer:  antonela |Sponsor:
-+--
Changes (by antonela):

 * status:  new => assigned
 * cc: nyinz (removed)
 * owner:  antonela => nyinz
 * reviewer:   => antonela
 * type:  defect => project


Old description:

> Methodology: See attached
> Where: IFF18 Valencia, Spain
> Participants: Five (5) >this report shows results for 4 because a
> translation for the 5th user is required
>
> Results:
> 1.Summary of demographics
> 2.What users said
> 3.Conclusion
>
> **1.**
> The group consisted of 2 female and 3 male users aged 20-50
> Most of them use Tor daily and referred to themselves as ‘Technologist
> that has a good understanding of tools and how things work
>
> **2.**
> Q1 **What do you think you the onion means**?
>
> The interviewer was very engaging so and responses were sincere. Most
> users had 2-3 seconds delay but they see the onion as a safety icon
> Quote:
> “Green onion means that Tor is connected and working”
>
> Q2 **Why do you think these icons are different**?
>
> -Most users can tell that there’s a difference in level security say the
> onion with a lock is secure
> -They answered this question less confidently than Qn 1 (above)
>
> Q3 **What do you think this icon means**?
>
> Most users are skeptical about the safety of this icon and identify that
> there is a problem
> Quote:
> "It means hey be cautious!"
>
> Q4 **What do you think this icon means**?
>
> Most users answered  tentatively to this question and give mildly
> different responses, more like ‘guesses’. They don’t know what is going
> on, but they know it’s bad...
> Quote:
> "I would think the FBI is attacking my computer right now"
>

> Q5 **Order these icons from less secure to more secure**
>
> Most users understand that there are different levels of security and
> correctly ordered the icons
> They all seem excited to answer this question
>
> **3.**
>
> The sample group is well represented by males and females giving a
> broader view into how the icons are interpreted by the two sexes. They
> all have experience with technology and most are current users of the
> product.
> Users can identify the different states of icons. This is plus for the
> design team who worked hard on creating particular graphics for this
> purpose.

New description:

 Methodology:
 
[https://trac.torproject.org/projects/tor/attachment/ticket/27118/User%20testing%20.onion%20states%20icons%20Methodology.pdf
 See Attachments]
 Where: IFF18 Valencia, Spain
 Participants: Five (5)*

 *This report shows results for 4 because a translation for the 5th user is
 required.

 **Results:**

 1. Summary of demographics
 2. What users said
 3. Conclusion

 **1.**

 - The group consisted of 2 female and 3 male users aged 20-50.
 - Most of them use Tor daily and referred to themselves as ‘Technologist
 that has a good understanding of tools and how things work.

 **2.**

 Q1 What do you think you the onion means?

 - The interviewer was very engaging so and responses were sincere. Most
 users had 2-3 seconds delay but they see the onion as a safety icon
 - Quote: “Green onion means that Tor is connected and working”

 Q2 Why do you think these icons are different?

 - Most users can tell that there’s a difference in level security say the
 onion with a lock is secure.
 - They answered this question less confidently than Qn 1 (above).

 Q3 What do you think this icon means?

 - Most users are skeptical about the safety of this icon and identify that
 there is a problem
 - Quote: "It means hey be cautious!"

 Q4 What do you think this icon means?

 - Most users answered tentatively to this question and give mildly
 different responses, more like ‘guesses’. They don’t know what is going
 on, but they know it’s bad...
 - Quote: "I would think the FBI is attacking my computer right now"

 Q5 Order these icons from less secure to more secure

 - Most users understand that there are different levels of security and
 correctly ordered the icons.
 - They all seem excited to answer this question.

 **3.**

 The sample group is well represented by males and females giving a broader
 view of how the icons are interpreted by the two sexes. They all have
 experience with technology and most are current users of the product.
 Users can identify the different states of icons. This is plus for the
 design team who worked hard on creating particular graphics for this
 purpose.

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 

Re: [tor-bugs] #23549 [Metrics/Website]: Move ExoneraTorServlet to metrics-web

[Tor Bug Tracker & Wiki]

#23549: Move ExoneraTorServlet to metrics-web
-+-
 Reporter:  karsten  |  Owner:  karsten
 Type:  enhancement  | Status:  merge_ready
 Priority:  Medium   |  Milestone:
Component:  Metrics/Website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  metrics-2018 |  Actual Points:
Parent ID:   | Points:
 Reviewer:  irl  |Sponsor:
-+-

Comment (by karsten):

 As discussed earlier today, let's call the next version 3.0.0, which
 should be a clear enough indication this is a backward-incompatible
 change. I'll open a new ticket for the release.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16406 [Webpages/Website]: "Tor" is not listed as a project on torproject.org

[Tor Bug Tracker & Wiki]

#16406: "Tor" is not listed as a project on torproject.org
+--
 Reporter:  arthuredelstein |  Owner:
|  cypherpunks
 Type:  enhancement | Status:
|  needs_information
 Priority:  Medium  |  Milestone:
|  WebsiteV3
Component:  Webpages/Website|Version:
 Severity:  Normal  | Resolution:
 Keywords:  defer-new-website, website-content  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  hiro|Sponsor:
+--
Changes (by traumschule):

 * status:  assigned => needs_information
 * reviewer:   => hiro


Comment:

 Will do it in no time if we agree on what to link as the project page. I
 see these options:
 - https://trac.torproject.org/projects/tor/
 - https://www.torproject.org/about/overview.html.en
 - https://www.torproject.org/docs/tor-manual.html.en
 - https://www.torproject.org/

 I lean towards the third because it is three clicks away from the
 frontpage and offers the most valuable menu links from a user's
 perspective (although it probably looks terrible for non-technical
 users?).

 The main page has already "What is Tor?" with a link to the overview page.
 Still add again to projects? Then the number of projects would be uneven
 and we could add another - any idea which?

 Did anyone notice that it says "Download Tor" and links to the Tor Browser
 download page? If I fix this it might break the design.

 The proposed code for the projects page (Where gets the path of  defined?):

 {{{
 
 
 Tor Tor is free software and an open network
 that helps you defend against traffic analysis, a form of network
 surveillance that threatens personal freedom and privacy, confidential
 business activities and relationships, and state security.
 
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27117 [UX/Research]: Usability Research: Onions - Uganda (was: Usability Research Results: .Onions- Uganda)

[Tor Bug Tracker & Wiki]

#27117: Usability Research: Onions - Uganda
-+--
 Reporter:  nyinz|  Owner:  nyinz
 Type:  project  | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  UX/Research  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team  |  Actual Points:
Parent ID:  #27010   | Points:
 Reviewer:  antonela |Sponsor:
-+--
Changes (by antonela):

 * status:  new => assigned
 * cc: nyinz (removed)
 * owner:  antonela => nyinz
 * reviewer:   => antonela
 * type:  defect => project


Old description:

> Methodology:
> See attached
> Test: https://docs.google.com/document/d
> /17KQUGURJ7FwnaYana_0lDskKHgV1PFvnAI-NnitPgRI
> Where: Tor Training in Kampala, Uganda
> Participants: Four (4)
>
> Results:
> 1.Summary of demographics
> 2.What users said
> 3.Conclusion
>
> **1.**
> The group consisted of **4 male** users aged **20-50**
> Most of the people described themselves as day to day technology users
> who have not used Tor before
>
> **2.**
> Q0 **Can you recognize the padlock? What do you think it means**?
> For most, this is not a difficult question and they related the padlock
> to a secure website
> Quote:
> “This website is safe, you can trust it”
>
> Q1 **What do you think the onion means**?
> Most users said it is a logo for Tor browser and feel that it is a secure
> site
> The positive/trust feeling described in the methodology seems to be
> received by the users
>
> Q2 **Why do you think these icons are different**?
> Most users seemed confused about this question but eager to give an
> answer anyway. It is unclear though where they see a difference or
> whether one is implied by the question
>
> Q3 **What do you think this icon means**?
> Most of the users are less confidence now than the other questions. They
> are unsure about what the icon means
>
> Q4 **What do you think this icon means**?
> Most of the users are aware that there is risk implied with  this icon
>
> Q5 **Order these icons from less secure to more secure**
> Data summary pending...
>
> **3.**
> The user group is unique because of their limited knowledge and usage of
> Tor and Tor products, However, their responses shed light on the
> implications of using icons with a similar shape and color scheme. We
> found that users cannot correctly identify what each icon means; why and
> how they are different other than by color
>
> This group represents a sample of the community who could benefit greatly
> from using Tor but are limited by the knowledge of its tools/products

New description:

 Methodology:
 
[https://trac.torproject.org/projects/tor/attachment/ticket/27117/User%20testing%20.onion%20states%20icons%20Methodology.pdf
 See Attachments]
 Test: https://docs.google.com/document/d
 /17KQUGURJ7FwnaYana_0lDskKHgV1PFvnAI-NnitPgRI
 Where: Tor Training in Kampala, Uganda
 Participants: Four (4)

 **Results:**

 1. Summary of demographics
 2. What users said
 3. Conclusion

 **1.**

 - The group consisted of 4 male users aged 20-50.
 - Most of the people described themselves as day to day technology users
 who have not used Tor before.

 **2.**

 Q0 Can you recognize the padlock? What do you think it means?

 - For most, this is not a difficult question and they related the padlock
 to a secure website.
 - Quote: “This website is safe, you can trust it”.

 Q1 What do you think the onion means?

 - Most users said it is a logo for Tor browser and feel that it is a
 secure site.
 - The positive/trust feeling described in the methodology seems to be
 received by the users.

 Q2 Why do you think these icons are different?

 - Most users seemed confused about this question but eager to give an
 answer anyway. It is unclear though where they see a difference or whether
 one is implied by the question

 Q3 What do you think this icon means?

 - Most of the users are less confidence now than the other questions. They
 are unsure about what the icon means

 Q4 What do you think this icon means?

 - Most of the users are aware that there is risk implied with this icon.

 Q5 Order these icons from less secure to more secure

 Data summary pending...

 **3.**

 The user group is unique because of their limited knowledge and usage of
 Tor Browser and Tor products, However, their responses shed light on the
 implications of using icons with a similar shape and color scheme. We
 found that users cannot correctly identify what each icon means; why and
 how they are different other than by color.
 This group represents a sample of the community who could benefit greatly
 from using Tor Browser but are limited by the knowledge of its
 tools/products.

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online

Re: [tor-bugs] #27039 [Metrics/Onionoo]: Timestamps in graph history documents are incorrectly formatted

[Tor Bug Tracker & Wiki]

#27039: Timestamps in graph history documents are incorrectly formatted
-+-
 Reporter:  starlight|  Owner:  karsten
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:  irl  |Sponsor:
-+-

Comment (by karsten):

 Replying to [comment:19 Vort]:
 > **@karsten**, one more 500 error popped out:
 [https://metrics.torproject.org/userstats-relay-
 country.png?start=2018-05-15=2018-08-13=all=off link].
 Is it related to this report or separate report is needed?

 Oops, fixed. It was indeed unrelated.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27116 [UX/Research]: Usability Research: Onions - Mumbai (was: Usability Research Results - Onions - Mumbai)

[Tor Bug Tracker & Wiki]

#27116: Usability Research: Onions - Mumbai
-+--
 Reporter:  nyinz|  Owner:  nyinz
 Type:  project  | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  UX/Research  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team  |  Actual Points:
Parent ID:  #27010   | Points:
 Reviewer:  antonela |Sponsor:
-+--
Changes (by antonela):

 * status:  new => assigned
 * cc: nyinz (removed)
 * owner:  antonela => nyinz
 * reviewer:   => antonela
 * type:  defect => project


Old description:

> Methodology: See attached
> Test: https://docs.google.com/document/d
> /17KQUGURJ7FwnaYana_0lDskKHgV1PFvnAI-NnitPgRI
> Where: Tor Meetup in Mumbai, India
> Participants: Six (6)
> Results:
>
> 1.Summary of demographics
> 2.What users said
> 3.Conclusion
>
> **1.**
> The group consisted of 6 male users aged 20-50
> Most users are technologists that have a good understanding of tools and
> how things work and hackers
> The majority of users have not used Tor before
>
> **2.**
> Q1 **What do you think you the onion means**?
>
> Most of the users relate this onion with a secure connection
> Quote:“It’s a Money bag?”
>
> Q2 **Why do you think these icons are different**?
> Most users said the 2nd onion (with a lock) indicates HTTPS indicating
> that they understand that a level of security exists
>
> Q3 **What do you think this icon means**?
> Most users say (confidently) that this icon means a security issue is
> present.
>
> Q4 **What do you think this icon means**?
> The majority of users feel its insecure and say Tor is not connected in
> this web page. They could identify that a risk was implied with this
> icon.
> Quote:
> “Something completely wrong”
>
> Q5 **Order these icons from less secure to more secure**
>
> Most users understand there are different levels of security and ordered
> the icons correctly although it took a few seconds for each user to
> respond
>
> **3.**
> This group is only represented by male users therefore responses may not
> accurately represent the Tor community in Mumbai.
> User are familiar with the term HTTPS and have a good idea about what the
> different icons represent in terms of security.

New description:

 Methodology:
 
[https://trac.torproject.org/projects/tor/attachment/ticket/27116/User%20testing%20.onion%20states%20icons%20Methodology.pdf
 See Attachments]
 Test: https://docs.google.com/document/d
 /17KQUGURJ7FwnaYana_0lDskKHgV1PFvnAI-NnitPgRI
 Where: Tor Meetup in Mumbai, India
 Participants: Six (6)

 **Results:**

 1. Summary of demographics
 2. What users said
 3. Conclusion

 **1.**

 - The group consisted of 6 male users aged 20-50.
 - Most users are technologists that have a good understanding of tools and
 how things work and hackers.
 - The majority of users have not used Tor Browser before.

 **2.**

 Q1 What do you think the onion means?

 - Most of the users relate this onion with a secure connection
 - Quote: “It’s a Money bag?”

 Q2 Why do you think these icons are different?
 - Most users said the 2nd onion (with a lock) indicates HTTPS indicating
 that they understand that a level of security exists.

 Q3 What do you think this icon means?
 - Most users say (confidently) that this icon means a security issue is
 present.

 Q4 What do you think this icon means?
 - The majority of users feel its insecure and say Tor is not connected to
 this web page. They could identify that a risk was implied with this icon.
 - Quote: “Something completely wrong”

 Q5 Order these icons from less secure to more secure

 - Most users understand there are different levels of security and ordered
 the icons correctly although it took a few seconds for each user to
 respond.

 **3.**

 This group is only represented by male users, therefore, responses may not
 accurately represent the Tor community in Mumbai.
 Users are familiar with the term HTTPS and have a good idea about what the
 different icons represent in terms of security.

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_revision
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201808   |
Parent ID:  #25735   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Oh, and 6): What about `dom.push.http2.*`? Are we getting the code behind
 those as well and if so, are we good with it?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_revision
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201808   |
Parent ID:  #25735   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:
 tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
 TorBrowserTeam201808R
 =>
 tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
 TorBrowserTeam201808
 * status:  needs_review => needs_revision


Comment:

 Nice, thanks for the investigation. Some first thoughts while reading
 through your notes:

 1) Is the disk avoidance requirement respected in case there is some
 caching going on?
 2) Does New Identity give us a clean slate with HTTP/2 enabled?
 3) I don't see why we want to have server push enabled. Let's try with
 that disabled first.
 4) I am fine leaving possible PING/SETTINGS-related timing side-channels
 for a different bug for now. If so, please open a new one.
 5) I am not overly happy about the different values of some of the prefs
 you mentioned above depending on being on a desktop/mobile platform we
 should investigate the impact of shipping the same configuration for both
 of them. After all, `tbb-fingerprinting-os` bugs are still bugs. I guess
 this can be done in a new bug as well.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27053 [Core Tor/Stem]: Check controller's event error handling

[Tor Bug Tracker & Wiki]

#27053: Check controller's event error handling
---+--
 Reporter:  atagar |  Owner:  atagar
 Type:  defect | Status:  reopened
 Priority:  Very High  |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Major  | Resolution:
 Keywords:  controller |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by atagar):

 Huh, pity. Since I can't repro this would you mind looking into this,
 Dave?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27119 [UX/Research]: User feedback survey-support portal

[Tor Bug Tracker & Wiki]

#27119: User feedback survey-support portal
-+--
 Reporter:  nyinz|  Owner:  antonela
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  UX/Research  |Version:
 Severity:  Normal   |   Keywords:  ux-team
Actual Points:   |  Parent ID:  #27010
   Points:   |   Reviewer:
  Sponsor:   |
-+--
 **Survey questions**

 -What Tor related product do you use? (Drop down list: I don’t use Tor,Tor
 Browser,Orbot,Orfox,etc)

 -Gender(Drop down list: I’d rather not say,Female,male,other...
 -Age (Drop down list: I’d rather not say,Less than 20,20-30,30-40,older)

 -Did you find what you were looking for?
 **OR**
 Was your question(s) answered? Do you have additional questions?

 -How would you rate your experience with this website?
 **OR**
 -What would you like to share with us about your experience here today?

 -Was this platform helpful? How so?

 -Closing note: Your feedback has been received. Thank you!
 **
 General suggestions**

 -Have a button for feedback on each page! This button can have 2 breaks:
 Make a comment about this page (Specific feedback)
 **OR**
 Make a comment about the website(General feedback)

 -Create the opportunity for users to give visual feedback, for example: by
 clicking on an emoji
 **OR**
 choosing a color that best describes how they feel
 **OR**
 taking a screenshot at the exact pain point

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25485 [Applications/Tor Browser]: Browser/TorBrowser/Tor/libstdc++.so.6: version `CXXABI_1.3.11' not found (required by /usr/lib/x86_64-linux-gnu/libmirclient.so.9)

[Tor Bug Tracker & Wiki]

#25485: Browser/TorBrowser/Tor/libstdc++.so.6: version `CXXABI_1.3.11' not found
(required by /usr/lib/x86_64-linux-gnu/libmirclient.so.9)
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  reopened
 Priority:  Very High   |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by boklm):

 Replying to [comment:39 mcs]:
 > Replying to [comment:37 boklm]:
 > > Ah this is a good point, the browser will probably fail to restart on
 the systems where our version of `libstdc++` is required.
 >
 > Kathy and I agree that this change will cause the browser to fail to
 start after an update on systems that require our bundled libstdc++. A
 good catch by gk.

 Alternatively we could keep our bundled libstdc++ in the default path, and
 add a new directory containing links to all libraries except libstdc++ to
 use it on systems with a recent libstdc++. This would fix the issue on
 systems where our bundled libstdc++ is required, but would cause issues on
 systems affected by #26589 so it is not clear if it is better.

 >
 > > I am wondering if we could update `LD_LIBRARY_PATH` in the same way as
 the start script, during the update process, before restarting the
 browser.
 >
 > The problem with this suggestion is that the updater that will be used
 is already on people's systems, so we cannot make changes to it :)
 >
 > In general, I think we are putting too many important things inside
 start-tor-browser. Or to put it another way: after an update the browser
 should be started the same way as when users start the browser. In an
 ideal world, ./firefox would do everything necessary. We could move all of
 the start-tor-browser code into a script named firefox and rename the
 actual binary to something else)... but I don't know what that would
 break.

 Setting `LD_LIBRARY_PATH` in a script named firefox sounds like a good
 thing to try.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #5489 [Webpages/Website]: Write up a "how to report bugs and security issues, and what happens then" post or FAQ

[Tor Bug Tracker & Wiki]

#5489: Write up a "how to report bugs and security issues, and what happens 
then"
post or FAQ
---+---
 Reporter:  nickm  |  Owner:  nickm
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:  WebsiteV3
Component:  Webpages/Website   |Version:
 Severity:  Normal | Resolution:
 Keywords:  defer-new-website  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by traumschule):

 There is [[doc/community/HowToReportBugFeedback]]

 [[WikiStart]] says 'Please create a New Ticket to create a new bug report
 or feature request.'

 What about adding links at the top of
 https://trac.torproject.org/projects/tor/newticket on how to report
 tickets and what to report where.

 < https://www.torproject.org/docs/faq#SupportMail
 How can I get support? See the Support section on the contact page.
 Is there a Tor forum? We have a StackExchange page that is currently in
 public beta.

 Those could unload the bug tracker when users are sent to the forum for
 usage related issues.

 On the original issue to describe the security process I found only the
 more technical topic [https://blog.torproject.org/deterministic-builds-
 part-one-cyberwar-and-global-compromise deterministic builds].
 [[org/process/TorOnTrac]], [[org/teams/NetworkTeam/CoreTorReleases|Support
 Policy]] and [[org/teams/NetworkTeam#Howwework]] hold valuable info as
 well. With a little outlook on
 [[org/meetings/2018Rome/Notes/NetworkTeam|Rust]] this could make a good
 blog post?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25485 [Applications/Tor Browser]: Browser/TorBrowser/Tor/libstdc++.so.6: version `CXXABI_1.3.11' not found (required by /usr/lib/x86_64-linux-gnu/libmirclient.so.9)

[Tor Bug Tracker & Wiki]

#25485: Browser/TorBrowser/Tor/libstdc++.so.6: version `CXXABI_1.3.11' not found
(required by /usr/lib/x86_64-linux-gnu/libmirclient.so.9)
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:  reopened
 Priority:  Very High   |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by mcs):

 Replying to [comment:37 boklm]:
 > Ah this is a good point, the browser will probably fail to restart on
 the systems where our version of `libstdc++` is required.

 Kathy and I agree that this change will cause the browser to fail to start
 after an update on systems that require our bundled libstdc++. A good
 catch by gk.

 > I am wondering if we could update `LD_LIBRARY_PATH` in the same way as
 the start script, during the update process, before restarting the
 browser.

 The problem with this suggestion is that the updater that will be used is
 already on people's systems, so we cannot make changes to it :)

 In general, I think we are putting too many important things inside start-
 tor-browser. Or to put it another way: after an update the browser should
 be started the same way as when users start the browser. In an ideal
 world, ./firefox would do everything necessary. We could move all of the
 start-tor-browser code into a script named firefox and rename the actual
 binary to something else)... but I don't know what that would break.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21900 [Core Tor/Tor]: evdns fails when resolv.conf is missing, but succeeds when resolv.conf is empty

[Tor Bug Tracker & Wiki]

#21900: evdns fails when resolv.conf is missing, but succeeds when resolv.conf 
is
empty
-+-
 Reporter:  teor |  Owner:  rl1987
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  technical-debt, dns, crash, tor- |  Actual Points:
  relay, macos, 032-unreached|
Parent ID:   | Points:  2
 Reviewer:   |Sponsor:
-+-

Comment (by rl1987):

 To reproduce, run:

 {{{
 src/app/tor -ORPort 4430 -ServerDNSResolvConfFile no_such_file -SOCKSPort
 9053 -Log debug
 }}}
 and

 {{{
 src/app/tor -ORPort 4430 -ServerDNSResolvConfFile /dev/null -SOCKSPort
 9053 -Log debug
 }}}

 The latter yields (on my macOS system):

 {{{
 Aug 13 17:07:34.000 [debug] configure_nameservers: stat()ing /dev/null
 Aug 13 17:07:34.000 [info] configure_nameservers: Parsing resolver
 configuration in '/dev/null'
 Aug 13 17:07:34.000 [info] eventdns: Parsing resolv.conf file /dev/null
 Aug 13 17:07:34.000 [info] eventdns: Added nameserver 127.0.0.1:53 as
 0x7fa1201bc490
 Aug 13 17:07:34.000 [warn] Unable to parse '/dev/null', or no nameservers
 in '/dev/null' (6)
 Aug 13 17:07:34.000 [info] mark_my_descriptor_dirty: Decided to publish
 new relay descriptor: dns resolvers failed
 Aug 13 17:07:34.000 [warn] Couldn't set up any working nameservers.
 Network not up yet?  Will try again soon.
 }}}

 Note that empty resolv.conf is still treated as error condition - by
 libevent code, not by tor. Libevent also falls back to including 127.0.0.1
 as default DNS server. See
 https://github.com/libevent/libevent/blob/master/evdns.c#L3649

 So I suppose we should:

  * When resolv.conf is empty or non-existant:
* Don't `goto err`
* Add 127.0.0.1 to list of DNS servers.
* Print a scary warning.
* Mention the above behavior in manpage.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27117 [UX/Research]: Usability Research Results: .Onions- Uganda

[Tor Bug Tracker & Wiki]

#27117: Usability Research Results: .Onions- Uganda
-+--
 Reporter:  nyinz|  Owner:  antonela
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  UX/Research  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team  |  Actual Points:
Parent ID:  #27010   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by nyinz):

 * Attachment "User testing .onion states icons Methodology.pdf" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27118 [UX/Research]: Usability Research Results-Onions-Valencia

[Tor Bug Tracker & Wiki]

#27118: Usability Research Results-Onions-Valencia
-+--
 Reporter:  nyinz|  Owner:  antonela
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  UX/Research  |Version:
 Severity:  Normal   |   Keywords:  ux-team
Actual Points:   |  Parent ID:  #27010
   Points:   |   Reviewer:
  Sponsor:   |
-+--
 Methodology: See attached
 Where: IFF18 Valencia, Spain
 Participants: Five (5) >this report shows results for 4 because a
 translation for the 5th user is required

 Results:
 1.Summary of demographics
 2.What users said
 3.Conclusion

 **1.**
 The group consisted of 2 female and 3 male users aged 20-50
 Most of them use Tor daily and referred to themselves as ‘Technologist
 that has a good understanding of tools and how things work

 **2.**
 Q1 **What do you think you the onion means**?

 The interviewer was very engaging so and responses were sincere. Most
 users had 2-3 seconds delay but they see the onion as a safety icon
 Quote:
 “Green onion means that Tor is connected and working”

 Q2 **Why do you think these icons are different**?

 -Most users can tell that there’s a difference in level security say the
 onion with a lock is secure
 -They answered this question less confidently than Qn 1 (above)

 Q3 **What do you think this icon means**?

 Most users are skeptical about the safety of this icon and identify that
 there is a problem
 Quote:
 "It means hey be cautious!"

 Q4 **What do you think this icon means**?

 Most users answered  tentatively to this question and give mildly
 different responses, more like ‘guesses’. They don’t know what is going
 on, but they know it’s bad...
 Quote:
 "I would think the FBI is attacking my computer right now"


 Q5 **Order these icons from less secure to more secure**

 Most users understand that there are different levels of security and
 correctly ordered the icons
 They all seem excited to answer this question

 **3.**

 The sample group is well represented by males and females giving a broader
 view into how the icons are interpreted by the two sexes. They all have
 experience with technology and most are current users of the product.
 Users can identify the different states of icons. This is plus for the
 design team who worked hard on creating particular graphics for this
 purpose.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27118 [UX/Research]: Usability Research Results-Onions-Valencia

[Tor Bug Tracker & Wiki]

#27118: Usability Research Results-Onions-Valencia
-+--
 Reporter:  nyinz|  Owner:  antonela
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  UX/Research  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team  |  Actual Points:
Parent ID:  #27010   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by nyinz):

 * Attachment "User testing .onion states icons Methodology.pdf" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27110 [Applications/Tor Browser]: TBB segfaults on I/O error and silently fails to restart

[Tor Bug Tracker & Wiki]

#27110: TBB segfaults on I/O error and silently fails to restart
--+---
 Reporter:  traumschule   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * status:  new => needs_information


Comment:

 Tor Browser 8.0a9 ships with OpenSSL 1.0.2o which is used when starting
 Tor Browser regularly via the usual start script (which is for instance
 setting `LD_LIBRARY_PATH` to point to the OpenSSL lib we actually ship).

 Regarding the segfault and I/O errors: What is a vanilla Firefox 60 ESR
 doing in your example scenario? If it behaves the same please file
 upstream bugs (and link to them from this ticket) for Mozilla being at
 least aware of this issue.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27117 [UX/Research]: Usability Research Results: .Onions- Uganda

[Tor Bug Tracker & Wiki]

#27117: Usability Research Results: .Onions- Uganda
-+--
 Reporter:  nyinz|  Owner:  antonela
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  UX/Research  |Version:
 Severity:  Normal   |   Keywords:  ux-team
Actual Points:   |  Parent ID:  #27010
   Points:   |   Reviewer:
  Sponsor:   |
-+--
 Methodology:
 See attached
 Test: https://docs.google.com/document/d
 /17KQUGURJ7FwnaYana_0lDskKHgV1PFvnAI-NnitPgRI
 Where: Tor Training in Kampala, Uganda
 Participants: Four (4)

 Results:
 1.Summary of demographics
 2.What users said
 3.Conclusion

 **1.**
 The group consisted of **4 male** users aged **20-50**
 Most of the people described themselves as day to day technology users who
 have not used Tor before

 **2.**
 Q0 **Can you recognize the padlock? What do you think it means**?
 For most, this is not a difficult question and they related the padlock to
 a secure website
 Quote:
 “This website is safe, you can trust it”

 Q1 **What do you think the onion means**?
 Most users said it is a logo for Tor browser and feel that it is a secure
 site
 The positive/trust feeling described in the methodology seems to be
 received by the users

 Q2 **Why do you think these icons are different**?
 Most users seemed confused about this question but eager to give an answer
 anyway. It is unclear though where they see a difference or whether one is
 implied by the question

 Q3 **What do you think this icon means**?
 Most of the users are less confidence now than the other questions. They
 are unsure about what the icon means

 Q4 **What do you think this icon means**?
 Most of the users are aware that there is risk implied with  this icon

 Q5 **Order these icons from less secure to more secure**
 Data summary pending...

 **3.**
 The user group is unique because of their limited knowledge and usage of
 Tor and Tor products, However, their responses shed light on the
 implications of using icons with a similar shape and color scheme. We
 found that users cannot correctly identify what each icon means; why and
 how they are different other than by color

 This group represents a sample of the community who could benefit greatly
 from using Tor but are limited by the knowledge of its tools/products

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20260 [Applications/Tor Browser]: Add mitigating action to window size warning

[Tor Bug Tracker & Wiki]

#20260: Add mitigating action to window size warning
-+-
 Reporter:  lunar|  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-torbutton, tbb-   |  Actual Points:
  fingerprinting-resolution  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-usability, tbb-torbutton => tbb-usability, tbb-torbutton,
 tbb-fingerprinting-resolution


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27116 [UX/Research]: Usability Research Results - Onions - Mumbai

[Tor Bug Tracker & Wiki]

#27116: Usability Research Results - Onions - Mumbai
-+--
 Reporter:  nyinz|  Owner:  antonela
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  UX/Research  |Version:
 Severity:  Normal   |   Keywords:  ux-team
Actual Points:   |  Parent ID:  #27010
   Points:   |   Reviewer:
  Sponsor:   |
-+--
 Methodology: See attached
 Test: https://docs.google.com/document/d
 /17KQUGURJ7FwnaYana_0lDskKHgV1PFvnAI-NnitPgRI
 Where: Tor Meetup in Mumbai, India
 Participants: Six (6)
 Results:

 1.Summary of demographics
 2.What users said
 3.Conclusion

 **1.**
 The group consisted of 6 male users aged 20-50
 Most users are technologists that have a good understanding of tools and
 how things work and hackers
 The majority of users have not used Tor before

 **2.**
 Q1 **What do you think you the onion means**?

 Most of the users relate this onion with a secure connection
 Quote:“It’s a Money bag?”

 Q2 **Why do you think these icons are different**?
 Most users said the 2nd onion (with a lock) indicates HTTPS indicating
 that they understand that a level of security exists

 Q3 **What do you think this icon means**?
 Most users say (confidently) that this icon means a security issue is
 present.

 Q4 **What do you think this icon means**?
 The majority of users feel its insecure and say Tor is not connected in
 this web page. They could identify that a risk was implied with this icon.
 Quote:
 “Something completely wrong”

 Q5 **Order these icons from less secure to more secure**

 Most users understand there are different levels of security and ordered
 the icons correctly although it took a few seconds for each user to
 respond

 **3.**
 This group is only represented by male users therefore responses may not
 accurately represent the Tor community in Mumbai.
 User are familiar with the term HTTPS and have a good idea about what the
 different icons represent in terms of security.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27116 [UX/Research]: Usability Research Results - Onions - Mumbai

[Tor Bug Tracker & Wiki]

#27116: Usability Research Results - Onions - Mumbai
-+--
 Reporter:  nyinz|  Owner:  antonela
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  UX/Research  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team  |  Actual Points:
Parent ID:  #27010   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by nyinz):

 * Attachment "User testing .onion states icons Methodology.pdf" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16982 [Applications/Tor Browser]: Resizing Tor Browser only issues warning if maximized fully

[Tor Bug Tracker & Wiki]

#16982: Resizing Tor Browser only issues warning if maximized fully
---+--
 Reporter:  cypherpunks|  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-fingerprinting-resolution  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by gk):

 * keywords:   => tbb-fingerprinting-resolution


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27101 [Applications/Tor Browser]: Error building tor in tor browser nightly builds

[Tor Bug Tracker & Wiki]

#27101: Error building tor in tor browser nightly builds
+--
 Reporter:  boklm   |  Owner:  tbb-team
 Type:  defect  | Status:  closed
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:  fixed
 Keywords:  TorBrowserTeam201808R, tbb-rbm  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Looks good. Merged to `master` as commit
 3ba2bd456ac69f81ffbf5f0baa403ad005aeff34.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27027 [Community/Relays]: TorRelayGuide/NetBSD: set ORPort to 443 where that works out of the box

[Tor Bug Tracker & Wiki]

#27027: TorRelayGuide/NetBSD: set ORPort to 443 where that works out of the box
---+--
 Reporter:  nusenu |  Owner:  egypcio
 Type:  enhancement| Status:  reopened
 Priority:  Medium |  Milestone:
Component:  Community/Relays   |Version:
 Severity:  Normal | Resolution:
 Keywords:  bsd netbsd tdp torbsd  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by egypcio):

 Hello there, any updates on this one?
 Do we miss anything here (related to get 443 as default `ORPort` for
 NetBSD on its wiki page)?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27077 [Metrics/Relay Search]: Metadata is not displayed on top relays page

[Tor Bug Tracker & Wiki]

#27077: Metadata is not displayed on top relays page
--+
 Reporter:  irl   |  Owner:  irl
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Metrics/Relay Search  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by irl):

 * status:  merge_ready => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27113 [Metrics/Onionoo]: Release Onionoo 6.2-1.16.1

[Tor Bug Tracker & Wiki]

#27113: Release Onionoo 6.2-1.16.1
-+-
 Reporter:  karsten  |  Owner:  karsten
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by irl):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 This is now announced at https://lists.torproject.org/pipermail/tor-
 dev/2018-August/013390.html

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26670 [Applications/Tor Browser]: Cannot allow Canvas Image Extract in tbb 8.0a9

[Tor Bug Tracker & Wiki]

#26670: Cannot allow Canvas Image Extract in tbb 8.0a9
--+---
 Reporter:  Ephraim   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff60-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by gk):

 FWIW: https://people.torproject.org/~brade/tests/canvasTest.html has some
 tests. We might want to look at the `pointInStroke()` one figuring out why
 it is failing both in the data access allowed case and in the case where
 access is prohibited.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27101 [Applications/Tor Browser]: Error building tor in tor browser nightly builds

[Tor Bug Tracker & Wiki]

#27101: Error building tor in tor browser nightly builds
+--
 Reporter:  boklm   |  Owner:  tbb-team
 Type:  defect  | Status:  needs_review
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  TorBrowserTeam201808R, tbb-rbm  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by boklm):

 * status:  needs_revision => needs_review
 * keywords:  TorBrowserTeam201808, tbb-rbm => TorBrowserTeam201808R, tbb-
   rbm


Comment:

 I pushed a new version of the patch in branch `bug_27101_v2` doing what
 you suggested:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 build.git/commit/?h=bug_27101_v2=3ba2bd456ac69f81ffbf5f0baa403ad005aeff34

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27039 [Metrics/Onionoo]: Timestamps in graph history documents are incorrectly formatted

[Tor Bug Tracker & Wiki]

#27039: Timestamps in graph history documents are incorrectly formatted
-+-
 Reporter:  starlight|  Owner:  karsten
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:  irl  |Sponsor:
-+-
Changes (by irl):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 This is merged and deployed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs