Re: [tor-bugs] #27207 [Core Tor/Tor]: CodingStandardsRust.md is wrong

[Tor Bug Tracker & Wiki]

#27207: CodingStandardsRust.md is wrong
--+
 Reporter:  cyberpunks|  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  rust, doc |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by Killer2514):

 Replying to [ticket:27207 cyberpunks]:
 > The section on `CString` is incorrect:
 >
 > - `CString::new("bl\x00ah").unwrap().into_raw()` will panic in the
 'unwrap' call, it will never return a pointer of any kind, dangling or
 otherwise.
 >
 > Also,
 
[https://gitweb.torproject.org/tor.git/commit/doc/HACKING/CodingStandardsRust.md?id=12cf04646c571646b726e697d66ecafad7886cf2
 12cf04646c571646b726e697d66ecafad7886cf2] seems to be the result of some
 miscommunication with [https://github.com/withoutboats withoutboats]:
 >
 > - `.expect()` is [https://doc.rust-
 lang.org/std/result/enum.Result.html#method.expect literally]
 '`.unwrap()`, but with a custom panic message,' it doesn't return an
 `Option` and is no safer than unwrap, but it is self-documenting.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23512 [Core Tor/Tor]: Bandwidth stats watermark can be induced using OOM killer

[Tor Bug Tracker & Wiki]

#23512: Bandwidth stats watermark can be induced using OOM killer
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-bug-bounty, congestion-attack,   |  Actual Points:
  research, watermark, tor-stats, guard- |
  discovery-stats, 034-triage-20180328,  |
  034-removed-20180328   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  SponsorQ
-+-
Changes (by mikeperry):

 * status:  new => needs_review
 * cc: dgoulet (added)


Comment:

 Ok what do we think about this: https://github.com/torproject/tor/pull/324

 I made that branch off of 0.3.2, because yesterday dgoulet told me that
 the network is still experiencing continuous OOM attacks, trigging circuit
 oomkiller. This very well could be (one of) the reasons for such attacks.
 So I think we should backport. Certainly plenty of relays are experiencing
 circuit OOMs and reporting asymmetric stats.

 Instead of trying to guess when the bytes arrived and subtract them from
 the appropriate read totals, I just report that we wrote them instead.
 Much simpler, easier to backport, etc.

 Downsides of this fix (and probably any other fix): We don't know how many
 bytes the TLS headers took  up. For this reason, I also didn't bend over
 backwards to count bytes for var cells, wide circ ids, etc. Do we think
 that is sufficient? Should we lie and add ~1 TLS header of bytes per cell?

 Are there other places where we kill circuits like this?

 Dgoulet - what about the DoS/DESTROY queue handling?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19757 [Applications/Tor Browser]: Make a menu to add onion and auth-cookie to TB

[Tor Bug Tracker & Wiki]

#19757: Make a menu to add onion and auth-cookie to TB
+--
 Reporter:  mrphs   |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ux-team, tbb-usability, tor-hs  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by traumschule):

 > where is it documented
 not yet (#25277, #27680), but a user gave me this link on irc:
 comment:1:ticket:27680

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25277 [Core Tor/Tor]: Summarise the format of v3 hidden service addresses in the Tor man page

[Tor Bug Tracker & Wiki]

#25277: Summarise the format of v3 hidden service addresses in the Tor man page
-+-
 Reporter:  ageisp0lis   |  Owner:
 |  traumschule
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.2.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  prop224, tor-hs, tor-doc,|  Actual Points:
  034-triage-20180328, 034-removed-20180328  |
Parent ID:   | Points:  0.1
 Reviewer:   |Sponsor:
-+-
Changes (by traumschule):

 * owner:  (none) => traumschule
 * status:  new => assigned


Comment:

 Created #27680 for the website part. Can give both a try, feel free to
 jump in.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27655 [Applications/Tor Browser]: TB 8.5a1 fails to load reachable onion services

[Tor Bug Tracker & Wiki]

#27655: TB 8.5a1 fails to load reachable onion services
--+---
 Reporter:  traumschule   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by traumschule):

 0.3.5.0-alpha-dev

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27659 [Applications/Tor Browser]: Automatically use another guard when an onion service appears unreachable

[Tor Bug Tracker & Wiki]

#27659: Automatically use another guard when an onion service appears 
unreachable
--+---
 Reporter:  traumschule   |  Owner:  tbb-team
 Type:  enhancement   | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #27655| Points:
 Reviewer:|Sponsor:
--+---
Changes (by traumschule):

 * cc: asc, dgoulet (added)


Comment:

 > for an onion service, the descriptor is fetched from a hsdir, which is
 (roughly) a stable, relay in the tor network that (hopefully) isn't your
 guard
 Is there anything we can do when hsdirs are missing descriptors (from a
 user / TB perspective)?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27659 [Applications/Tor Browser]: Automatically use another guard when an onion service appears unreachable

[Tor Bug Tracker & Wiki]

#27659: Automatically use another guard when an onion service appears 
unreachable
--+---
 Reporter:  traumschule   |  Owner:  tbb-team
 Type:  enhancement   | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #27655| Points:
 Reviewer:|Sponsor:
--+---
Changes (by sysrqb):

 * status:  new => needs_information


Comment:

 If this is related to establishing a connection with an onion service,
 then changing the guard should  not solve the problem (in general). Using
 more guards is also something tor tries very hard not to do, so anything
 like this requires more discussion.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27655 [Applications/Tor Browser]: TB 8.5a1 fails to load reachable onion services

[Tor Bug Tracker & Wiki]

#27655: TB 8.5a1 fails to load reachable onion services
--+---
 Reporter:  traumschule   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by sysrqb):

 * cc: dgoulet, asn (added)


Comment:

 I wonder if it's related to the version of tor bundled with 8.5a1. I know
 dgoulet and asn have been troubleshooting this off and on. Looks like
 [https://gitweb.torproject.org/builders/tor-browser-
 build.git/tree/projects/tor/config?h=tbb-8.5a1-build1#n3 tor-0.3.4.7-rc].
 What version is your local tor service (where you connect using torsocks)?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #26181, #4522, #9460, #9461, ...

[Tor Bug Tracker & Wiki]

Batch modification to #26181, #4522, #9460, #9461, #4280, #5767, #5791, #6560, 
#7008, #10943, #10970, #12941, #13160, #13716, #16714, #16782, #18294, #21436, 
#22331, #22860, #19426 by traumschule:


Comment:
group tickets related to [[AppArmorForTBB]]/tor packages

--
Tickets URL: 

Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27682 [Webpages/Support]: Verifying signatures on Android

[Tor Bug Tracker & Wiki]

#27682: Verifying signatures on Android
--+
 Reporter:  towiw3|  Owner:  hiro
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Support  |Version:
 Severity:  Normal|   Keywords:  tbb-mobile
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 Currently [https://www.torproject.org/docs/verifying-signatures.html.en
 documentation for verifying signatures] doesn't have steps for verifying
 signatures on Android. We can verify signatures using Termux app available
 on F-Droid and Play store. We can basically follow the steps for Linux
 after installing Termux.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27141 [Applications/Tor Browser]: Backport TLS1.3 patches

[Tor Bug Tracker & Wiki]

#27141: Backport TLS1.3 patches
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  enhancement   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security, tls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by sysrqb):

 * status:  closed => reopened
 * resolution:  duplicate =>


Comment:

 Unlike #27535, this ticket is related to backporting the standards-track
 TLS 1.3 implementation. Mozilla should be landing that soon, but they
 won't backport it to 60esr. This ticket is for deciding if we should try
 backporting it, or keep the current draft implementation. #27535 and
 #27681 are related to Tor Browser 8 disabling the TLS 1.3 draft
 implementation currently available in 60esr.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27681 [Applications/Tor Browser]: Tor Browser fail to load TLS1.3 websites SSL_ERROR_PROTOCOL_VERSION_ALERT

[Tor Bug Tracker & Wiki]

#27681: Tor Browser fail to load TLS1.3 websites 
SSL_ERROR_PROTOCOL_VERSION_ALERT
--+---
 Reporter:  cypherpunks3  |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Critical  | Resolution:  duplicate
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by sysrqb):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 This is a duplicate of #27535. Thanks for reporting!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27669 [Webpages/Website]: Replace recommendations to use tor-ramdisk with something better

[Tor Bug Tracker & Wiki]

#27669: Replace recommendations to use tor-ramdisk with something better
--+
 Reporter:  traumschule   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #13703| Points:
 Reviewer:|Sponsor:
--+

Comment (by cypherpunks3):

 Replying to [comment:1 traumschule]:
 > Might not be necessary anymore: https://gitweb.torproject.org/tor-
 ramdisk.git/commit/

 Permalink: https://gitweb.torproject.org/tor-
 ramdisk.git/commit/?id=e529786939bd4de67ef3c516377d86e48c292e4b

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27141 [Applications/Tor Browser]: Backport TLS1.3 patches

[Tor Bug Tracker & Wiki]

#27141: Backport TLS1.3 patches
--+---
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  enhancement   | Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  duplicate
 Keywords:  tbb-security, tls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by cypherpunks3):

 Replying to [comment:3 traumschule]:
 > #27681 looks like a duplicate of this and #27535

 Probably didn't mean to set this ticket as the dupe then?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27141 [Applications/Tor Browser]: Backport TLS1.3 patches

[Tor Bug Tracker & Wiki]

#27141: Backport TLS1.3 patches
--+---
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  enhancement   | Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  duplicate
 Keywords:  tbb-security, tls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by traumschule):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 #27681 looks like a duplicate of this and #27535

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27681 [Applications/Tor Browser]: Tor Browser fail to load TLS1.3 websites SSL_ERROR_PROTOCOL_VERSION_ALERT

[Tor Bug Tracker & Wiki]

#27681: Tor Browser fail to load TLS1.3 websites 
SSL_ERROR_PROTOCOL_VERSION_ALERT
--+--
 Reporter:  cypherpunks3  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Critical  | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by traumschule):

 saw that one before: #27141

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27680 [Webpages/Website]: Explain how to use auth cookie for onion services

[Tor Bug Tracker & Wiki]

#27680: Explain how to use auth cookie for onion services
--+
 Reporter:  traumschule   |  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by traumschule):

 example: https://www.home-assistant.io/docs/ecosystem/tor/#tor-client-
 access-setup

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27681 [Applications/Tor Browser]: Tor Browser fail to load TLS1.3 websites SSL_ERROR_PROTOCOL_VERSION_ALERT

[Tor Bug Tracker & Wiki]

#27681: Tor Browser fail to load TLS1.3 websites 
SSL_ERROR_PROTOCOL_VERSION_ALERT
--+--
 Reporter:  cypherpunks3  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Critical  |   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
--+--
 https://tls13.crypto.mozilla.org/
 https://www.tls13.net/

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27680 [Webpages/Website]: Explain how to use auth cookie for onion services

[Tor Bug Tracker & Wiki]

#27680: Explain how to use auth cookie for onion services
--+
 Reporter:  traumschule   |  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 https://www.torproject.org/docs/tor-manual.html.en#HidServAuth
 https://www.torproject.org/docs/tor-onion-service.html.en
 #19757

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27678 [Core Tor/Tor]: Emit CIRC_BW event early for dropped cells

[Tor Bug Tracker & Wiki]

#27678: Emit CIRC_BW event early for dropped cells
--+
 Reporter:  mikeperry |  Owner:  (none)
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by mikeperry):

 * status:  new => needs_review


Comment:

 Ok, this is a very simple change:
 https://github.com/torproject/tor/pull/323

 Even though it is simple, tests for it are unfortunately pretty
 complicated to do, because we don't currently seem to test this codepath.
 Doing so means creating a fake channel, valid circuitmuxes, valid cpaths
 with working circuit crypto, and probably some other things. I filed
 #27679 for that. I can do that one separately, but I might need someone to
 help me, and it will probably take a while.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27679 [Core Tor/Tor]: Test dropped cell counting from command_process_relay_cell()

[Tor Bug Tracker & Wiki]

#27679: Test dropped cell counting from command_process_relay_cell()
--+
 Reporter:  mikeperry |  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 It would be ideal to test the dropped cell account all the way from
 command_process_relay_cell(). To do this, we need to set up fake channels,
 circuitmuxes, and circuits with fully valid cpaths, which is a fair amount
 of work.

 As far as I know, nothing tests cell processing all the way through
 command_process_relay_cell(). So this might be useful for other tests,
 too.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27678 [Core Tor/Tor]: Emit CIRC_BW event early for dropped cells

[Tor Bug Tracker & Wiki]

#27678: Emit CIRC_BW event early for dropped cells
--+
 Reporter:  mikeperry |  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 While reviewing the dropmark paper
 (https://petsymposium.org/2018/files/papers/issue2/popets-2018-0011.pdf)
 and asking the authors to test it against vanguards's dropped cell
 detection, I realized that since we only normally emit CIRC_BW events once
 per second, the attack may still have enough time succeed against
 vanguards.

 The fix is to emit the CIRC_BW event as soon as we get a relay cell that
 does not cause us to update our delivered or overhead byte counts. It's
 pretty simply to do this. Patch incoming.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27655 [Applications/Tor Browser]: TB 8.5a1 fails to load reachable onion services

[Tor Bug Tracker & Wiki]

#27655: TB 8.5a1 fails to load reachable onion services
--+---
 Reporter:  traumschule   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by traumschule):

 This is hard to reproduce without a guard known to have outdated
 descriptors.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks3):

 Replying to [comment:49 fufufufufufufu]:
 > Replying to [comment:47 arthuredelstein]:
 >> Here is a pure CSS demo for detecting the OS:
 >> https://arthuredelstein.github.io/tordemos/os-detection-font-css.html
 > I have a few extra addons in my Tor Browser (8.0) install, but this
 doesn't work for me even with all of them disabled and JS enabled. It
 simply displays all 3 OS names simultaneously. It makes no network
 requests beyond the initial page loading either.

 This trick is defeated by disabling external fonts, for example enabling
 `noscript.forbidFonts` in NoScript 5, which is something Tor Browser
 should always have done, to hell with the broken sites and their users.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #12381 [Obfuscation/Obfsproxy]: Pluggable Transports + proxy is not working on Windows with TBB 3.6.2

[Tor Bug Tracker & Wiki]

#12381: Pluggable Transports + proxy is not working on Windows with TBB 3.6.2
---+-
 Reporter:  gk |  Owner:  asn
 Type:  defect | Status:  closed
 Priority:  High   |  Milestone:
Component:  Obfuscation/Obfsproxy  |Version:
 Severity:  Normal | Resolution:  wontfix
 Keywords:  tbb-helpdesk-frequent  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+-
Changes (by traumschule):

 * status:  needs_revision => closed
 * resolution:   => wontfix


Comment:

 who uses TBB 3.6.2 should not.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20015 [Internal Services/Service - dist]: Vidalia relay bundles being run accidentally by Tor users

[Tor Bug Tracker & Wiki]

#20015: Vidalia relay bundles being run accidentally by Tor users
--+
 Reporter:  donncha   |  Owner:  (none)
 Type:  enhancement   | Status:  closed
 Priority:  Medium|  Milestone:
Component:  Internal Services/Service - dist  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by traumschule):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 torbutton: #21263
 win32?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21263 [Applications/Tor Browser]: Torbutton's readme still talks about toggling

[Tor Bug Tracker & Wiki]

#21263: Torbutton's readme still talks about toggling
--+--
 Reporter:  arma  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-torbutton |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by traumschule):

 can this be archived?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23377 [Webpages/Webtools]: Some reorg suggestion for media.tpo

[Tor Bug Tracker & Wiki]

#23377: Some reorg suggestion for media.tpo
---+---
 Reporter:  isabela|  Owner:  hiro
 Type:  defect | Status:  needs_information
 Priority:  Medium |  Milestone:
Component:  Webpages/Webtools  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by traumschule):

 we could keep them available using RewriteRule

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by traumschule):

 We collected two more duplicates today (#27671, #27672). Can somebody bump
 the score, please?

 From ​https://arthuredelstein.github.io/tordemos/os-detection-font-
 css.html:
 > Your likely operating system is: Linux Mac Windows
 I'm fine with that.

 > Also I'm curious about how you use media streaming to detect the OS.
 Me not so much. My focus would be to educate users that all kind of media
 can harm their anonymity (#13543) and it's best to use the feature filter
 (aka "Safest"). There are better programs to watch videos than your
 browser. VLC accepts youtube links and if the terminal is your friend,
 youtube-dl and mpsyt make your day. libs to decode mp3 and other media are
 prone to all kinds of exploits to take over your browser. no way around
 it.

 Someone with time could look into
 https://github.com/pyllyukko/user.js/issues/316
 (i hope this won't fall an my feet later)

 I suggest (to myself) not to wait for a decision, but to produce something
 that works. I am confident it will earn positive feedback.

 - #20842 is the place to go for fonts.
 - libm seems unfixable, better keep js turned off (#13018 #15473).
 - i propose to disable power management completely (#23627). This will
 break things and this is the goal.
 - #23701 confuses me
 - #27128 seems untouched
 Did i forget anything?

 I vote for: One UA for all Desktop OS with an option to disclose info for
 selected (by the user) apps.
 (Knowing that voting doesn't help much).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by fufufu):

 Replying to [comment:47 arthuredelstein]:

 > Here is a pure CSS demo for detecting the OS:
 > https://arthuredelstein.github.io/tordemos/os-detection-font-css.html

 I have a few extra addons in my Tor Browser (8.0) install, but this
 doesn't work for me even with all of them disabled and JS enabled. It
 simply displays all 3 OS names simultaneously.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26635 [Core Tor/Tor]: Finalize vanguard implementation in python

[Tor Bug Tracker & Wiki]

#26635: Finalize vanguard implementation in python
-+-
 Reporter:  nickm|  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  035-roadmap-master, 035-triaged- |  Actual Points:
  in-20180711|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  SponsorV
-+-

Comment (by traumschule):

 this still smells fresh
 - blog: https://blog.torproject.org/announcing-vanguards-add-onion-
 services
 - readme: https://github.com/mikeperry-tor/vanguards/blob/master/README.md
 - tests: https://github.com/mikeperry-tor/vanguards/tree/master/tests
 done?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27669 [Webpages/Website]: Replace recommendations to use tor-ramdisk with something better

[Tor Bug Tracker & Wiki]

#27669: Replace recommendations to use tor-ramdisk with something better
--+
 Reporter:  traumschule   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #13703| Points:
 Reviewer:|Sponsor:
--+

Comment (by traumschule):

 Might not be necessary anymore: https://gitweb.torproject.org/tor-
 ramdisk.git/commit/

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27668 [Community]: Wikipedia wants more attention

[Tor Bug Tracker & Wiki]

#27668: Wikipedia wants more attention
-+
 Reporter:  traumschule  |  Owner:  alison
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Community|Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by traumschule):

 Some [https://lists.torproject.org/pipermail/tor-community-
 team/2018-June/000174.html suggestions from the list]. It's generally good
 to prepare changes with references to a credible source (not our pages)
 and get in contact at #wikipedia when in doubt.
 > I recently reviewed the English Tor Wikipedia page as per our
 conversation at the last meeting. All and all, it was accurate; there were
 probably some parts that were understated and others that were overstated,
 but there was nothing too glaring. I'm not sure who will be dealing with
 the changes, but I can chat with them as well if further information is
 needed.
 > I did have a few suggestions, though they mostly pertain to formatting
 and elaborating on existing content:
 > 1. 'Tor Browser' header could use a more concise explanation and feature
 list
 > 2. 'Third party applications' subheader could use some loving as you can
 see
 > 3. 'Levels of Security' header - why is this a million miles below the
 browser section? Could use revisions as well
 > 4. 'Tor Messenger' bar should be removed - as it's no longer current or
 reccomended, it would be better to not showcase it any longer.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27490 [Core Tor/Tor]: When ClientPreferIPv6ORPort is set to auto, and a relay is being chosen for a directory or orport connection, prefer IPv4 or IPv6 at random

[Tor Bug Tracker & Wiki]

#27490: When ClientPreferIPv6ORPort is set to auto, and a relay is being chosen 
for
a directory or orport connection, prefer IPv4 or IPv6 at random
--+
 Reporter:  neel  |  Owner:  neel
 Type:  enhancement   | Status:  needs_revision
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #17835| Points:
 Reviewer:  teor  |Sponsor:
--+

Comment (by neel):

 Replying to [comment:4 teor]:
 > What happens when you don't set EntryNodes?
 I default to an IPv4 guard.

 > Some Tor developers have native IPv6 on their servers, and they can give
 shell + compiler access.

 I also have a lot of servers myself (home servers and VPS servers) so I am
 fine on my own for this patch.


 I will work on the changes needed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27546 [Applications/Tor Browser]: Vertical scrollbar is broken on Linux in Tor Browser 8 with Gtk3

[Tor Bug Tracker & Wiki]

#27546: Vertical scrollbar is broken on Linux in Tor Browser 8 with Gtk3
+--
 Reporter:  gk  |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-8.0-issues, tbb-regression  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by gapegas7uftp):

 Also experiencing this issue on Linux.  Expected behavior is
  left click = scroll 1 page up / down;
  middle-click = warp.
 Other GTK application on my system work this way, but not tor browser.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks3):

 Replying to [comment:46 fufufu]:
 > Replying to [comment:45 cypherpunks3]:
 > > I believe the reason was to preserve the look and feel of the
 operating system. I think there are also technical issues that make it
 hard to ship the same fonts, including size constraints (correct me if I'm
 wrong). It's not too big of a deal though, since the font set is not
 recorded by the average access log, whereas the user agent is.
 >
 > But according to some possible font detection is the reason that we're
 supposed to consider our OSes compromised anyway. This whole issue is
 starting to seem a lot like an invented problem.

 The thing is that it requires active detection (whether CSS or JS) to
 identify the platform, whereas user agent is always sent and is passively
 recorded by every site out there.

 > Also it seems obvious to me that fingerprinting defenses should take
 precedence over aesthetics in any case.

 I agree, but I think size constraints are also a bigger problem. I am not
 sure, though.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arthuredelstein):

 Replying to [comment:40 tom]:
 > Replying to [comment:37 fufufu]:
 > >  I can only find a small reference in Whonix documentation to
 detecting fonts via "CSS introspection". Can gk or somebody else provide
 more information about how this works?

 > A CSS trick to do this would be something like
 https://arthuredelstein.github.io/tordemos/media-query-fingerprint.html
 but I bet you can d the same in canvas and in SVG.

 Here is a pure CSS demo for detecting the OS:
 https://arthuredelstein.github.io/tordemos/os-detection-font-css.html

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by fufufu):

 Replying to [comment:45 cypherpunks3]:
 > I believe the reason was to preserve the look and feel of the operating
 system. I think there are also technical issues that make it hard to ship
 the same fonts, including size constraints (correct me if I'm wrong). It's
 not too big of a deal though, since the font set is not recorded by the
 average access log, whereas the user agent is.

 But according to some possible font detection is the reason that we're
 supposed to consider our OSes compromised anyway. This whole issue is
 starting to seem a lot like an invented problem.

 Also it seems obvious to me that fingerprinting defenses should take
 precedence over aesthetics in any case.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks3):

 Replying to [comment:44 fufufu]:
 > Well this is probably another dumb question, but is there any reason
 that all platforms can't ship the same fonts? Or would the differences in
 rendering them between the various platforms make this pointless anyway?

 I believe the reason was to preserve the look and feel of the operating
 system. I think there are also technical issues that make it hard to ship
 the same fonts, including size constraints (correct me if I'm wrong). It's
 not too big of a deal though, since the font set is not recorded by the
 average access log, whereas the user agent is.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27673 [Webpages/Website]: We should have more about ARM on our download page

[Tor Bug Tracker & Wiki]

#27673: We should have more about ARM on our download page
--+
 Reporter:  traumschule   |  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by traumschule):

 [[doc/arm]] got dusty

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19042 [Applications/Tor Browser]: segfault while building torbrowser tor-browser-45.1.0esr-6.0-1-build3 on debian jessie, arch armhf

[Tor Bug Tracker & Wiki]

#19042: segfault while building torbrowser tor-browser-45.1.0esr-6.0-1-build3 on
debian jessie, arch armhf
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  wontfix
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by traumschule):

 * status:  new => closed
 * resolution:   => wontfix


Comment:

 nobody compiles tb 6.0-1 anymore i guess/hope

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27677 [Core Tor/Tor]: document minimum required python versions

[Tor Bug Tracker & Wiki]

#27677: document minimum required python versions
--+--
 Reporter:  catalyst  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  tor-doc
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 It looks like at least sometimes we end up using python constructs that
 require python >=2.7 or >= 3.1.  (See #27675 for an example.)  We should
 document this somewhere, possibly in doc/HACKING.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27675 [Core Tor/Tor]: test_rebind.py depends on python >=2.7 or >=3.1 (was: test_rebind.py breaks on macOS, depends on python >=2.7 or >=3.1)

[Tor Bug Tracker & Wiki]

#27675: test_rebind.py depends on python >=2.7 or >=3.1
--+
 Reporter:  catalyst  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Old description:

> It looks like test_rebind.py added as part of #17873 doesn't work for me
> on macOS 10.12.6, which has python 2.6.  test_rebind.py uses
> `str.format()` without a field name or number, which is new in python 2.7
> or 3.1.  It also tries to run with python3 (for unknown reasons), but
> ends up not necessarily doing so because test_rebind.sh explicitly runs
> `$PYTHON` or `python`.
>
> Replacing instances of `{}` in format strings with `{0}` seems to work.
>
> What is our minimum required python version anyway?

New description:

 It looks like test_rebind.py added as part of #17873 doesn't work for me
 ~~on macOS 10.12.6, which has~~ with python 2.6.  test_rebind.py uses
 `str.format()` without a field name or number, which is new in python 2.7
 or 3.1.  It also tries to run with python3 (for unknown reasons), but ends
 up not necessarily doing so because test_rebind.sh explicitly runs
 `$PYTHON` or `python`.

 Replacing instances of `{}` in format strings with `{0}` seems to work.

 What is our minimum required python version anyway?

--

Comment (by catalyst):

 I had a wayward python 2.6 in my PATH in front of /usr/bin.  It looks like
 macOS 10.12 has python 2.7.

 It might still be a good idea to delete the misleading
 `#!/usr/bin/python3` from test_rebind.py.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21530 [Core Tor/Tor]: Make ExitRelay 0 the default when there is no exit policy

[Tor Bug Tracker & Wiki]

#21530: Make ExitRelay 0 the default when there is no exit policy
-+-
 Reporter:  teor |  Owner:  neel
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-exit tor-relay configuration |  Actual Points:
  usability expectations |
Parent ID:   | Points:  1
 Reviewer:  mikeperry|Sponsor:
-+-
Changes (by mikeperry):

 * status:  needs_review => merge_ready


Comment:

 This looks good to me. Nice and simple. Thanks Neel!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27670 [Core Tor/Tor]: Memleak on tor master 95fcad4088eba52e

[Tor Bug Tracker & Wiki]

#27670: Memleak on tor master 95fcad4088eba52e
---+---
 Reporter:  dgoulet|  Owner:  (none)
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.5.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  regression, memleak, 035-must  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by dgoulet):

 * status:  new => needs_review


Comment:

 Memleak fix in `ticket27670_035_01` (which includes your fix nickm).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27531 [Applications/Tor Browser]: Tor Browser 8 crashes trying to print on Linux

[Tor Bug Tracker & Wiki]

#27531: Tor Browser 8 crashes trying to print on Linux
-+-
 Reporter:  mikeperry|  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-crash, tbb.8.0-issues, tbb-  |  Actual Points:
  regression |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mikeperry):

 Yeah I need debug symbols. The crashes seem to be coming from libxul now.

 Also I tried this build on a fedora 26 system and it did not crash. It
 seems to be something that changed in FC28 that is causing it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27675 [Core Tor/Tor]: test_rebind.py breaks on macOS, depends on python >=2.7 or >=3.1

[Tor Bug Tracker & Wiki]

#27675: test_rebind.py breaks on macOS, depends on python >=2.7 or >=3.1
--+
 Reporter:  catalyst  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by nickm):

 From IRC: we require 2.7 or later.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27670 [Core Tor/Tor]: Memleak on tor master 95fcad4088eba52e

[Tor Bug Tracker & Wiki]

#27670: Memleak on tor master 95fcad4088eba52e
---+---
 Reporter:  dgoulet|  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.5.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  regression, memleak, 035-must  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by nickm):

 My branch `ticket27670` should fix the fmt_addrport() thing.  Please feel
 free to add the memory leak fixes?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27676 [Applications/Tor Browser]: On Linux the Tor Browser .desktop launcher sets wrong path for icon

[Tor Bug Tracker & Wiki]

#27676: On Linux the Tor Browser .desktop launcher sets wrong path for icon
--+--
 Reporter:  yaomtc|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Minor |   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 This line has the wrong path:

 {{{
 Icon=/home/chris/Software/tor-browser-linux64-8.0_en-US/tor-browser_en-
 US/Browser/browser/icons/mozicon128.png
 }}}

 the location is /browser/chrome/icons/default, not /browser/icons/.
 Corrected:


 {{{
 Icon=/home/chris/Software/tor-browser-linux64-8.0_en-US/tor-browser_en-
 US/Browser/browser/chrome/icons/default/mozicon128.png
 }}}


 I don't know how to fix this in the .desktop file without it being
 rewritten with the wrong path.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27649 [Core Tor/Tor]: rust protover double-counts protocol versions

[Tor Bug Tracker & Wiki]

#27649: rust protover double-counts protocol versions
-+-
 Reporter:  cyberpunks   |  Owner:  (none)
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  rust, protover, 034-backport,|  Actual Points:
  033-backport   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * keywords:  rust, protover, 034-backport => rust, protover, 034-backport,
 033-backport


Comment:

 (merged to 0.3.3 and forward, that is)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27649 [Core Tor/Tor]: rust protover double-counts protocol versions

[Tor Bug Tracker & Wiki]

#27649: rust protover double-counts protocol versions
--+
 Reporter:  cyberpunks|  Owner:  (none)
 Type:  defect| Status:  closed
 Priority:  High  |  Milestone:  Tor:
  |  0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  rust, protover, 034-backport  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * status:  needs_review => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27649 [Core Tor/Tor]: rust protover double-counts protocol versions

[Tor Bug Tracker & Wiki]

#27649: rust protover double-counts protocol versions
--+
 Reporter:  cyberpunks|  Owner:  (none)
 Type:  defect| Status:  needs_review
 Priority:  High  |  Milestone:  Tor:
  |  0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  rust, protover, 034-backport  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by nickm):

 Tests pass, changes seem okay.  Merging.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27675 [Core Tor/Tor]: test_rebind.py breaks on macOS, depends on python >=2.7 or >=3.1

[Tor Bug Tracker & Wiki]

#27675: test_rebind.py breaks on macOS, depends on python >=2.7 or >=3.1
--+
 Reporter:  catalyst  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 It looks like test_rebind.py added as part of #17873 doesn't work for me
 on macOS 10.12.6, which has python 2.6.  test_rebind.py uses
 `str.format()` without a field name or number, which is new in python 2.7
 or 3.1.  It also tries to run with python3 (for unknown reasons), but ends
 up not necessarily doing so because test_rebind.sh explicitly runs
 `$PYTHON` or `python`.

 Replacing instances of `{}` in format strings with `{0}` seems to work.

 What is our minimum required python version anyway?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27670 [Core Tor/Tor]: Memleak on tor master 95fcad4088eba52e

[Tor Bug Tracker & Wiki]

#27670: Memleak on tor master 95fcad4088eba52e
---+---
 Reporter:  dgoulet|  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.5.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  regression, memleak, 035-must  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by dgoulet):

 So the leak is one thing, easy to fix.

 The weird log is from commit: `27c868eff19dbcc208f6db66ec3e2de2104fa754`.
 We need to not use `fmt_addrport()` if it is a Unix path. Or ditch that
 commit.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27655 [Applications/Tor Browser]: TB 8.5a1 fails to load reachable onion services

[Tor Bug Tracker & Wiki]

#27655: TB 8.5a1 fails to load reachable onion services
--+---
 Reporter:  traumschule   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by gk):

 What happens in a new Tor Browser 8.5a1 installed at a different location?
 Do you see the same problems?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13005 [Webpages/Website]: Please document Tor Browser environment variables

[Tor Bug Tracker & Wiki]

#13005: Please document Tor Browser environment variables
--+-
 Reporter:  mttp  |  Owner:  traumschule
 Type:  enhancement   | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:  faq   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by traumschule):

 * owner:  tbb-team => traumschule
 * keywords:   => faq
 * status:  new => assigned
 * component:  Applications/Tor Browser => Webpages/Website
 * type:  defect => enhancement


Comment:

 If this is about the Website FAQ the component was wrong, otherwise:
 #27674

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27674 [Applications/Tor Browser]: Add README to Tor Browser

[Tor Bug Tracker & Wiki]

#27674: Add README to Tor Browser
--+--
 Reporter:  traumschule   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 I am struck that there is none.

 {{{
 tor-browser8.5a1$ find |grep -i readme
 ./Browser/TorBrowser/Docs/Obfsproxy/README
 ./Browser/TorBrowser/Docs/fteproxy/README.md
 ./Browser/TorBrowser/Docs/meek/README
 ./Browser/TorBrowser/Docs/libfte/README.md
 ./Browser/TorBrowser/Docs/snowflake/README.md
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27264 [Applications/Tor Browser]: Bookmark items are not visible on the bookmarks toolbar

[Tor Bug Tracker & Wiki]

#27264: Bookmark items are not visible on the bookmarks toolbar
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-8.0-issues, tbb-regression,  |  Actual Points:
  tbb-8.0.1-can, GeorgKoppen201809   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-8.0-issues, tbb-regression, tbb-8.0.1-can =>
 tbb-8.0-issues, tbb-regression, tbb-8.0.1-can, GeorgKoppen201809


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27649 [Core Tor/Tor]: rust protover double-counts protocol versions

[Tor Bug Tracker & Wiki]

#27649: rust protover double-counts protocol versions
--+
 Reporter:  cyberpunks|  Owner:  (none)
 Type:  defect| Status:  needs_review
 Priority:  High  |  Milestone:  Tor:
  |  0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  rust, protover, 034-backport  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by catalyst):

 Replying to [comment:5 cyberpunks]:
 > Pushed fix to the changes file.
 Updated the pull request so CI can run on the updated changes file.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27165 [Core Tor/Tor]: CID 1438153 unlikely overflow in predicted_ports_prediction_time_remaining()

[Tor Bug Tracker & Wiki]

#27165: CID 1438153 unlikely overflow in
predicted_ports_prediction_time_remaining()
--+
 Reporter:  catalyst  |  Owner:  rl1987
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  coverity  |  Actual Points:
Parent ID:| Points:
 Reviewer:  mikeperry |Sponsor:
--+
Changes (by nickm):

 * milestone:  Tor: unspecified => Tor: 0.3.5.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27165 [Core Tor/Tor]: CID 1438153 unlikely overflow in predicted_ports_prediction_time_remaining()

[Tor Bug Tracker & Wiki]

#27165: CID 1438153 unlikely overflow in
predicted_ports_prediction_time_remaining()
--+--
 Reporter:  catalyst  |  Owner:  rl1987
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  coverity  |  Actual Points:
Parent ID:| Points:
 Reviewer:  mikeperry |Sponsor:
--+--
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 ok; merged!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #8336 [Applications/Tor Browser]: TOR_SOCKS_HOST, TOR_SOCKS_PORT regression

[Tor Bug Tracker & Wiki]

#8336: TOR_SOCKS_HOST, TOR_SOCKS_PORT regression
-+-
 Reporter:  proper   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rebase-regression, tbb-  |  Actual Points:
  torbutton  |
Parent ID:  #10160   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by traumschule):

 * parent:   => #10160


Comment:

 It's easy to test if this still happens, but i don't want to close my
 browser right now :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27670 [Core Tor/Tor]: Memleak on tor master 95fcad4088eba52e

[Tor Bug Tracker & Wiki]

#27670: Memleak on tor master 95fcad4088eba52e
---+---
 Reporter:  dgoulet|  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.5.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  regression, memleak, 035-must  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by nickm):

 Ooh.  This is probably the result of the new #17873 code.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27673 [Webpages/Website]: We should have more about ARM on our download page

[Tor Bug Tracker & Wiki]

#27673: We should have more about ARM on our download page
--+
 Reporter:  traumschule   |  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 In #12631 users / developers reported how they built TB on their RaPI, so
 it is definitively doable and we should encourage it more, or even offer
 binaries!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10469 [Applications/Tor Browser]: Tor skip line

[Tor Bug Tracker & Wiki]

#10469: Tor skip line
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  needs-triage  |  Actual Points:
Parent ID:  #10160| Points:
 Reviewer:|Sponsor:
--+--
Changes (by traumschule):

 * parent:   => #10160


Comment:

 Maybe duplicate of #10160?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by fufufu):

 Replying to [comment:40 tom]:

 > Anything that triggers a conditional load based on the size of other
 objects could be used to communicate it back. But it's more work and not
 as fun to program so I'm not surprised it's not common in POCs.
 >
 > A CSS trick to do this would be something like
 https://arthuredelstein.github.io/tordemos/media-query-fingerprint.html
 but I bet you can d the same in canvas and in SVG.
 >
 > Besides Fonts, another JS-free ways to detect platform could be media
 support/streaming. But yea, without using JS it definetly gets tougher.
 (There are a lot more network-level tricks that Tor is immune to but
 affects Firefox.)

 Well this is probably another dumb question, but is there any reason that
 all platforms can't ship the same fonts? Or would the differences in
 rendering them between the various platforms make this pointless anyway?

 Also I'm curious about how you use media streaming to detect the OS. Is
 the way the video is rendered, detection of the audio/video interface
 names, or what?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27671 [Applications/Tor Browser]: User-agent OS info leak

[Tor Bug Tracker & Wiki]

#27671: User-agent OS info leak
--+---
 Reporter:  time_attacker |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Immediate |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Blocker   | Resolution:  duplicate
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by time_attacker):

 Why did the Tor Browser team release Tor Broswer 8.0 with such a critical
 bug?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27672 [Applications/Tor Browser]: User-agent OS info leak

[Tor Bug Tracker & Wiki]

#27672: User-agent OS info leak
--+---
 Reporter:  time_attacker |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Immediate |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Blocker   | Resolution:  duplicate
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * status:  new => closed
 * resolution:   => duplicate


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27671 [Applications/Tor Browser]: User-agent OS info leak

[Tor Bug Tracker & Wiki]

#27671: User-agent OS info leak
--+---
 Reporter:  time_attacker |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Immediate |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Blocker   | Resolution:  duplicate
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by time_attacker):

 I suspect Windows/MacOS version is leaked through UA.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27672 [Applications/Tor Browser]: User-agent OS info leak

[Tor Bug Tracker & Wiki]

#27672: User-agent OS info leak
--+--
 Reporter:  time_attacker |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Immediate |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Blocker   | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by time_attacker):

 sorry for duplicate https://trac.torproject.org/projects/tor/ticket/27671

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27671 [Applications/Tor Browser]: User-agent OS info leak

[Tor Bug Tracker & Wiki]

#27671: User-agent OS info leak
--+---
 Reporter:  time_attacker |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Immediate |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Blocker   | Resolution:  duplicate
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by traumschule):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Hi time_attacker, you are late to the party, but you can easily catch up
 if you want: #26146

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27672 [Applications/Tor Browser]: User-agent OS info leak

[Tor Bug Tracker & Wiki]

#27672: User-agent OS info leak
--+--
 Reporter:  time_attacker |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Immediate |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Blocker   |   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Tor Browser 8.0 on Linux has user-agent
 Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0

 I also suspect Windows/MacOS version is leaked through UA. This behavior
 can aid fingerprinting or vulnerability exploitation.

 Tor Browser 7.x.x and before had one single Windows user-agent even on
 Linux platforms, only Android (Orfox) had other UA.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27671 [Applications/Tor Browser]: User-agent OS info leak

[Tor Bug Tracker & Wiki]

#27671: User-agent OS info leak
--+--
 Reporter:  time_attacker |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Immediate |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Blocker   |   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Tor Browser 8.0 on Linux has user-agent
 Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0

 This behavior can aid fingerprinting or vulnerability exploitation.

 Tor Browser 7.x.x and before had one single Windows user-agent even on
 Linux platforms, only Android (Orfox) had other UA.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27535 [Applications/Tor Browser]: TLS 1.3 is disabled in Tor Browser

[Tor Bug Tracker & Wiki]

#27535: TLS 1.3 is disabled in Tor Browser
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-8.0-issues, tbb-8.0.1-can,   |  Actual Points:
  GeorgKoppen201809, TorBrowserTeam201809R   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-8.0-issues, tbb-8.0.1-can, GeorgKoppen201809 =>
 tbb-8.0-issues, tbb-8.0.1-can, GeorgKoppen201809,
 TorBrowserTeam201809R
 * status:  new => needs_review


Comment:

 `bug_27535` (https://gitweb.torproject.org/user/gk/tor-
 browser.git/commit/?h=bug_27535=dc3519d999329f06042409786568e8e871503a92)
 in my public tor-browser repo has a fix for this bug up for review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13703 [Community]: Adding doc/HARDENING

[Tor Bug Tracker & Wiki]

#13703: Adding doc/HARDENING
-+-
 Reporter:  mmcc |  Owner:  Jaruga
 Type:  enhancement  | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Community|Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  hardening, security, opsec, docs,|  Actual Points:
  lorax, tor-relay, tor-doc  |
Parent ID:   | Points:
 Reviewer:  isis |Sponsor:
-+-

Comment (by traumschule):

 Jaruga, if you still want to work on it, i'm happy to join! There also is
 [[doc/OperationalSecurity]] and i created a child to keep an eye on tor-
 ramdisk (#27669).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27623 [Applications/Tor Browser]: wrong default pref values in Tor Browser 8.0

[Tor Bug Tracker & Wiki]

#27623: wrong default pref values in Tor Browser 8.0
-+-
 Reporter:  mcs  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-8.0-issues,|  Actual Points:
  tbb-8.0.1-can  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:4 mcs]:
 > Replying to [comment:3 gk]:
 > > Do we want that for 8.0.1? I am a bit wary to break things while
 switching to `MOZILLA_OFFICIAL`. What we should do at any rate is looking
 at the differences `MOZILLA_OFFICIAL` is causing and check whether the
 current status of Tor Browser 8 (i.e. not setting it) is problematic. If
 not, then we could give it a round of testing in 8.5a2 maybe? If we think
 we are good got 8.0.1, though, I am happy to take it for that point
 release.
 >
 > Whether to take this for 8.0.1 is a difficult decision. Looking at the
 following, I am more concerned about the lack of `MOZILLA_OFFICIAL` than
 what will happen if we enable it:
 > https://dxr.mozilla.org/mozilla-esr60/search?q=MOZILLA_OFFICIAL
 >
 > For example, `browser/base/content/browser-development-helpers.js` is
 loaded, which adds a surprising "restart the browser now" shortcut key of
 Ctrl+Alt+R (Cmd+Alt+R)on macOS).

 Yes, but that should be a safe thing (even if unexpected), right?

 > On the other hand, we have probably made all ESR60-based Tor Browser
 builds so far without it, so there may be some unexpected problems :(
 >
 > Maybe that argues for trying it in 8.5a2.

 If you feel there is nothing that is potentially harmful then I'd take the
 safe approach and ship 8.5a2 with it first.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27604 [Applications/Tor Browser]: Relocating the Tor Browser directory is broken with Tor Browser 8 on Linux

[Tor Bug Tracker & Wiki]

#27604: Relocating the Tor Browser directory is broken with Tor Browser 8 on 
Linux
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-8.0-issues, tbb-regression,  |  Actual Points:
  tbb-8.0.1-can  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 Kathy and I cannot reproduce the crash, but any action that causes the
 browser profile to be renamed or moved breaks things. The specific problem
 which we observed on both macOS and Linux is that Torbutton and Tor
 Launcher are not loaded after a rename or move.

 A workaround is to delete the `extensions.json` file, which contains full
 paths. Probably that file is supposed to be recreated automatically when
 the profile is moved. Webextensions do not seem to suffer the same fate
 even though extensions.json contains their paths as well (which are
 outdated after the profile move).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:42 mcs]:
 > A question for gk: Do we want to try this change in Tor Browser?
 Secondarily, should Kathy and I work on a patch this week or someone else
 or should we wait?

 Yes, this looks promising in the sense that we can avoid the breakage AND
 the splitting of our desktop users based on User Agent. And, yes, I'd like
 to have a fix for this in 8.0.1 if possible, so please have a look at it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27670 [Core Tor/Tor]: Memleak on tor master 95fcad4088eba52e

[Tor Bug Tracker & Wiki]

#27670: Memleak on tor master 95fcad4088eba52e
--+---
 Reporter:  dgoulet   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  regression, memleak, 035-must
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+---
 On latest master, normal client starts with a Ctrl+C. Notice the "Listener
 on ???:0" which seems to me the end of a list we fail to recognize? And
 then the memleak.

 {{{
 Sep 12 15:21:48.615 [notice] Tor 0.3.5.0-alpha-dev (git-95fcad4088eba52e)
 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.0h, Zlib 1.2.11,
 Liblzma 5.2.2, and Libzstd N/A.
 Sep 12 15:21:48.615 [notice] Tor can't help you if you use it wrong! Learn
 how to be safe at https://www.torproject.org/download/download#warning
 Sep 12 15:21:48.615 [notice] This version is not a stable Tor release.
 Expect more bugs than usual.
 Sep 12 15:21:48.615 [notice] Read configuration file
 "/home/dgoulet/temp/tor/torrc".
 Sep 12 15:21:48.618 [warn] ControlPort is open, but no authentication
 method has been configured.  This means that any program on your computer
 can reconfigure your Tor.  That's bad!  You should upgrade your Tor
 controller as soon as possible.
 Sep 12 15:21:48.619 [notice] Opening Socks listener on 127.0.0.1:9250
 Sep 12 15:21:48.620 [notice] Opened Socks listener on 127.0.0.1:9250
 Sep 12 15:21:48.620 [notice] Opening Socks listener on
 /home/dgoulet/temp/tor/client/socks.sock
 Sep 12 15:21:48.620 [notice] Opened Socks listener on ???:0
 Sep 12 15:21:48.620 [notice] Opening Control listener on 127.0.0.1:9051
 Sep 12 15:21:48.620 [notice] Opened Control listener on 127.0.0.1:9051
 Sep 12 15:21:48.620 [notice] Opening Control listener on
 /home/dgoulet/temp/tor/client/control.sock
 Sep 12 15:21:48.620 [notice] Opened Control listener on ???:0
 ^C
 =
 ==22622==ERROR: LeakSanitizer: detected memory leaks

 Direct leak of 16 byte(s) in 1 object(s) allocated from:
 #0 0x7fd64617ef30 in __interceptor_malloc (/usr/lib/x86_64-linux-
 gnu/libasan.so.5+0xedf30)
 #1 0x555bb37c2caa in tor_malloc_ src/lib/malloc/malloc.c:45
 #2 0x555bb37be8e5 in smartlist_new
 src/lib/smartlist_core/smartlist_core.c:28
 #3 0x555bb3689c2d in retry_all_listeners
 src/core/mainloop/connection.c:2831
 #4 0x555bb312bcbd in retry_listeners_callback
 src/core/mainloop/main.c:2342
 #5 0x555bb31427fe in periodic_event_dispatch
 src/core/mainloop/periodic.c:56
 #6 0x7fd645ab4a10  (/usr/lib/x86_64-linux-
 gnu/libevent-2.1.so.6+0x1ea10)

 Direct leak of 16 byte(s) in 1 object(s) allocated from:
 #0 0x7fd64617ef30 in __interceptor_malloc (/usr/lib/x86_64-linux-
 gnu/libasan.so.5+0xedf30)
 #1 0x555bb37c2caa in tor_malloc_ src/lib/malloc/malloc.c:45
 #2 0x555bb37be8e5 in smartlist_new
 src/lib/smartlist_core/smartlist_core.c:28
 #3 0x555bb3689c2d in retry_all_listeners
 src/core/mainloop/connection.c:2831
 #4 0x555bb363108b in options_act_reversible
 src/app/config/config.c:1493
 #5 0x555bb363108b in set_options src/app/config/config.c:903
 #6 0x555bb363b827 in options_init_from_string
 src/app/config/config.c:5466
 #7 0x555bb363ce10 in options_init_from_torrc
 src/app/config/config.c:5230
 #8 0x555bb31401d8 in tor_init src/core/mainloop/main.c:3540
 #9 0x555bb3141b00 in tor_run_main src/core/mainloop/main.c:4275
 #10 0x555bb312b9ab in tor_main src/feature/api/tor_api.c:164
 #11 0x555bb31268bb in main src/app/main/tor_main.c:32
 #12 0x7fd64443309a in __libc_start_main (/lib/x86_64-linux-
 gnu/libc.so.6+0x2409a)

 Indirect leak of 128 byte(s) in 1 object(s) allocated from:
 #0 0x7fd64617ef30 in __interceptor_malloc (/usr/lib/x86_64-linux-
 gnu/libasan.so.5+0xedf30)
 #1 0x555bb37c2caa in tor_malloc_ src/lib/malloc/malloc.c:45
 #2 0x555bb37c2d41 in tor_malloc_zero_ src/lib/malloc/malloc.c:71
 #3 0x555bb37be999 in smartlist_new
 src/lib/smartlist_core/smartlist_core.c:31
 #4 0x555bb3689c2d in retry_all_listeners
 src/core/mainloop/connection.c:2831
 #5 0x555bb312bcbd in retry_listeners_callback
 src/core/mainloop/main.c:2342
 #6 0x555bb31427fe in periodic_event_dispatch
 src/core/mainloop/periodic.c:56
 #7 0x7fd645ab4a10  (/usr/lib/x86_64-linux-
 gnu/libevent-2.1.so.6+0x1ea10)

 Indirect leak of 128 byte(s) in 1 object(s) allocated from:
 #0 0x7fd64617ef30 in __interceptor_malloc (/usr/lib/x86_64-linux-
 gnu/libasan.so.5+0xedf30)
 #1 0x555bb37c2caa in tor_malloc_ src/lib/malloc/malloc.c:45
 #2 0x555bb37c2d41 in tor_malloc_zero_ src/lib/malloc/malloc.c:71
 #3 0x555bb37be999 in smartlist_new
 

Re: [tor-bugs] #26769 [Core Tor/Tor]: We should make HSv3 desc upload less frequent

[Tor Bug Tracker & Wiki]

#26769: We should make HSv3 desc upload less frequent
--+
 Reporter:  asn   |  Owner:  neel
 Type:  defect| Status:
  |  merge_ready
 Priority:  Medium|  Milestone:  Tor:
  |  0.3.6.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs network-health easy hsdir  |  Actual Points:
Parent ID:| Points:
 Reviewer:  asn   |Sponsor:
--+

Comment (by dgoulet):

 Agree with asn. Going to the 180 minutes line might be dicy considering
 some unresolved issues we have right now with descriptor being rejected by
 the HSDir.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27668 [Community]: Wikipedia wants more attention

[Tor Bug Tracker & Wiki]

#27668: Wikipedia wants more attention
-+
 Reporter:  traumschule  |  Owner:  alison
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Community|Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by traumschule):

 at least i was thinking of #27669

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27535 [Applications/Tor Browser]: TLS 1.3 is disabled in Tor Browser

[Tor Bug Tracker & Wiki]

#27535: TLS 1.3 is disabled in Tor Browser
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-8.0-issues, tbb-8.0.1-can,   |  Actual Points:
  GeorgKoppen201809  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-8.0-issues, tbb-8.0.1-can => tbb-8.0-issues,
 tbb-8.0.1-can, GeorgKoppen201809


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26555 [Applications/Tor Browser]: New circuit display shows bridge address (e.g. 0.0.3.0 for snowflake PT, 0.0.2.0 for meek) when it doesn't in previous version

[Tor Bug Tracker & Wiki]

#26555: New circuit display shows bridge address (e.g. 0.0.3.0 for snowflake PT,
0.0.2.0 for meek) when it doesn't in previous version
-+-
 Reporter:  cypherpunks  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, tbb-circuit-display,  |  Actual Points:
  tbb-8.0-issues, tbb-8.0.1-can  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-torbutton, tbb-circuit-display, tbb-8.0-issues => tbb-
 torbutton, tbb-circuit-display, tbb-8.0-issues, tbb-8.0.1-can


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27669 [Webpages/Website]: Replace recommendations to use tor-ramdisk with something better

[Tor Bug Tracker & Wiki]

#27669: Replace recommendations to use tor-ramdisk with something better
--+
 Reporter:  traumschule   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:  #13703
   Points:|   Reviewer:
  Sponsor:|
--+
 arma lately mentioned that it is probably not a good idea anymore to use
 tor-ramdisk. I am looking into alternatives.

 Currently tor-ramdisk is mentioned on the new (coming) community projects
 list (#16576) and the volunteer page:
 http://expyuzz4wqqyqhjn.onion/projects/projects.html.en
 https://github.com/torproject/webwml/pull/38

 Also the wiki links it at several places:
 [[AutomationInventory]]
 [[doc/VM]]
 [[doc/EmbeddedTips]]

 Wikipedia has a page about it (#27668).

 Adding #13703 as parent to let them know of each other.

 Which are good alternatives (in use)?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27668 [Community]: Wikipedia wants more attention

[Tor Bug Tracker & Wiki]

#27668: Wikipedia wants more attention
-+
 Reporter:  traumschule  |  Owner:  alison
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Community|Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by atagar):

 Hi traumschule, I'd suggest being careful. Wikipedia has made it pretty
 clear in the past that they don't want us to take a hand in maintaining
 tor related pages. Roger has had frustrations on this front, and my
 account got banned when I corrected links for one of my projects...

 
https://en.wikipedia.org/w/index.php?title=User_talk:Alexf=658485347#Blocked_User_(atagar)

 Personally I'm still pissed with that Alexf guy. Eventually by serendipity
 I crossed paths with a couple other (much friendlier) Wikipedia admins at
 a tech meetup that unblocked my account but cautioned me that we should
 only leave notes on the talk pages - not directly edit pages ourselves.

 https://en.wikipedia.org/wiki/User_talk:Atagar#Suggestion_for_unblock_request

 To their credit they've been phenomenally responsive when we do that. For
 example...

 https://en.wikipedia.org/wiki/Talk:Tor_(anonymity_network)#Arm_renamed

 What kind of 'more attention' did you have in mind? Seems to me they've
 pretty clearly told us to generally stay away. :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27660 [Applications/Tor Browser]: Investigate Gnuzilla as base for Tor Browser

[Tor Bug Tracker & Wiki]

#27660: Investigate Gnuzilla as base for Tor Browser
--+--
 Reporter:  traumschule   |  Owner:  tbb-team
 Type:  project   | Status:  closed
 Priority:  Very Low  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  wontfix
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * status:  new => closed
 * resolution:   => wontfix


Comment:

 Well, IceCat is based on Firefox, too, thus we could just keep Firefox as
 a base and add the GNU things we want. (I think there are none, though,
 right now). I see therefore no reason to build directly on the GNU
 version.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by mcs):

 * status:  new => needs_information


Comment:

 Replying to [comment:39 tom]:
 > I'm not sure what OSCPU is supposed to be without fingerprinting; but in
 RFP mode, it's the same as User Agent. So if RFP is enabled; you could go
 grab the value from Navigator::GetOscpu and return that instead of
 querying the HTTP header...

 Maybe I am misunderstanding something, but we need the entire, unspoofed
 user agent string. As far as I can tell, the only code that knows how to
 construct such a string is here:
 https://searchfox.org/mozilla-
 central/source/netwerk/protocol/http/nsHttpHandler.cpp#909

 Unfortunately, when `privacy.resistFingerprinting` is true, there is no
 way for code outside of `nsHttpHandler.cpp` to access the string. One
 possible solution would be to add a new attribute to
 `nsIHttpProtocolHandler` such as `unspoofedUserAgent`.

 A question for tom: Is Mozilla likely to switch to this approach and
 accept such a patch?
 A question for gk: Do we want to try this change in Tor Browser?
 Secondarily, should Kathy and I work on a patch this week or someone else
 or should we wait?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27623 [Applications/Tor Browser]: wrong default pref values in Tor Browser 8.0

[Tor Bug Tracker & Wiki]

#27623: wrong default pref values in Tor Browser 8.0
-+-
 Reporter:  mcs  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-8.0-issues,|  Actual Points:
  tbb-8.0.1-can  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 Replying to [comment:3 gk]:
 > Do we want that for 8.0.1? I am a bit wary to break things while
 switching to `MOZILLA_OFFICIAL`. What we should do at any rate is looking
 at the differences `MOZILLA_OFFICIAL` is causing and check whether the
 current status of Tor Browser 8 (i.e. not setting it) is problematic. If
 not, then we could give it a round of testing in 8.5a2 maybe? If we think
 we are good got 8.0.1, though, I am happy to take it for that point
 release.

 Whether to take this for 8.0.1 is a difficult decision. Looking at the
 following, I am more concerned about the lack of `MOZILLA_OFFICIAL` than
 what will happen if we enable it:
 https://dxr.mozilla.org/mozilla-esr60/search?q=MOZILLA_OFFICIAL

 For example, `browser/base/content/browser-development-helpers.js` is
 loaded, which adds a surprising "restart the browser now" shortcut key of
 Ctrl+Alt+R (Cmd+Alt+R)on macOS).

 On the other hand, we have probably made all ESR60-based Tor Browser
 builds so far without it, so there may be some unexpected problems :(

 Maybe that argues for trying it in 8.5a2.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27427 [Applications/Tor Browser]: [PATCH] Fix NoScript IPC for about:blank by whitelisting messages

[Tor Bug Tracker & Wiki]

#27427: [PATCH] Fix NoScript IPC for about:blank by whitelisting messages
-+-
 Reporter:  rustybird|  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  TorBrowserTeam201809R,   |  Actual Points:
  tbb-8.0.1-can  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * status:  needs_review => assigned
 * owner:  tbb-team => arthuredelstein


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27273 [Core Tor/Tor]: ASan fails to link on Travis due to rustc and linker arguments

[Tor Bug Tracker & Wiki]

#27273: ASan fails to link on Travis due to rustc and linker arguments
--+
 Reporter:  alexcrichton  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  rust  |  Actual Points:
Parent ID:  #25386| Points:
 Reviewer:|Sponsor:
--+

Comment (by cypherpunks3):

 Replying to [comment:3 alexcrichton]:
 > Ah yeah I tried to pass -defaultlibs in the hopes that it would work,
 but unfortunately I also was unable to get it working. We also
 unfortunately don't have a way to disable this behavior in rustc (passing
 -nodefaultlibs), but we probably should...

 Is there a github issue for that?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27668 [Community]: Wikipedia wants more attention

[Tor Bug Tracker & Wiki]

#27668: Wikipedia wants more attention
-+
 Reporter:  traumschule  |  Owner:  alison
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Community|Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+
 There's probably more to do, but these stubs are a starting point:
 https://en.wikipedia.org/wiki/Category:Tor_(anonymity_network)_stubs

 (was not sure if Webpages are a better place, if you don't like to have
 it, feel free to move :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27539 [Applications/Tor Browser]: Create plan for releasing on F-Droid

[Tor Bug Tracker & Wiki]

#27539: Create plan for releasing on F-Droid
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26318| Points:
 Reviewer:|Sponsor:
--+--

Comment (by TUTAtuta):

 Also interested!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by traumschule):

 Replying to [comment:37 fufufu]:
 > Can gk or somebody else provide more information about how this works?
 #18097 in the os fingerprinting keyword family has some.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18708 [Core Tor/Nyx]: Welcome page

[Tor Bug Tracker & Wiki]

#18708: Welcome page
--+
 Reporter:  atagar|  Owner:  atagar
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Nyx  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by atagar):

 Looks good! Thanks aegis2501, only thoughts are...

 > if CONFIG!['shown_welcome'] is False:

 This works, but rather be "if not CONFIG!['shown_welcome']". For a
 description of what's up (and why you should generally avoid the 'is'
 keyword) please see...

 https://trac.torproject.org/projects/tor/ticket/27350#comment:3

 Also, this should not be done in draw's while loop since this is a one-
 time notice. Please also invert this so the preference is 'show_welcome'.
 This way users can set 'show_welcome true' in their nyxrc if they'd like
 to always see the prompt.

 > config.set('shown_welcome', 'true')

 We also need to save the configuration, otherwise this won't be a one-time
 prompt (this flag will always be 'false' when starting). This will take a
 little work because we presently have two configurations...

 * User configuration (~/.nyx/conifg). This usually isn't present.
 * Built in configuration defaults
 (https://gitweb.torproject.org/nyx.git/tree/nyx/settings). These are read-
 only.

 This flag is going to necessitate a third category.

 * Persisted settings from Nyx's last run (~/.nyx/runtime_cache).

 Besides this flag we will likely end up using this to remember changes
 made as we run (for instance sort ordering, logging filters, etc).

 One complication is that we'll need to keep these separate from the other
 settings. Presently we load user and built-in preferences into the same
 configuration object. This works because built-in preferences are read-
 only...

 built-in preference loading:
 https://gitweb.torproject.org/nyx.git/tree/nyx/__init__.py#n167
 user preference loading:
 https://gitweb.torproject.org/nyx.git/tree/nyx/starter.py#n73

 As such we'll want a new pair of helper methods in nyx/!__init!__.py,
 their rough psudo code looking something like...

 {{{
 RUNTIME_PREFERNCES = stem.util.conf.Config()

 @uses_settings
 def runtime_preference(user_config, key):
   if key in user_config:
 # if the user explicitly specifies this in their user configuration
 # it always takes precedence

 return user_config.get(key)
   else:
 return RUNTIME_PREFERNCES.get(key)

 def save_runtime_preference(key, value):
   runtime_preference_path = data_directory(runtime_cache)

   RUNTIME_PREFERNCES.set(key, value)
   RUNTIME_PREFERNCES.save(runtime_preference_path)
 }}}

 One last thing is that we'll want to add test coverage for this popup when
 it's fully implemented (test/popups.py has examples we can follow).

 Sorry! Kinda silly this reply is longer than the code ya wrote. I
 completely forgot we'd need runtime preferences for this. :P

 If this gives you any trouble or you'd prefer for me to take care of that
 side of it just say the word and I'll whip it up.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27547 [Core Tor/Tor]: hs-v3: Client authorization feature needs a changes file and man page

[Tor Bug Tracker & Wiki]

#27547: hs-v3: Client authorization feature needs a changes file and man page
--+
 Reporter:  dgoulet   |  Owner:  (none)
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs, 035-must  |  Actual Points:
Parent ID:  #27544| Points:
 Reviewer:|Sponsor:
--+
Changes (by dgoulet):

 * cc: asn, haxxpop (added)
 * status:  new => needs_review


Comment:

 See branch: `ticket27547_035_01`.

 I'm not entirely satisfied with the man page so a second opinion/help
 would be nice. I've actually added a "subsection" to the Hidden Service
 section in the manpage to explain a little bit how to configure client
 authorization.

 Also, at this stage, we have no tools (not even "tor") to create client
 authorization keys and configuration thus why I haven't mentioned anything
 on how to create keys.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27274 [Core Tor/Tor]: ASan on OSX Travis is incompatible with Rust's santiziers

[Tor Bug Tracker & Wiki]

#27274: ASan on OSX Travis is incompatible with Rust's santiziers
--+
 Reporter:  alexcrichton  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  rust  |  Actual Points:
Parent ID:  #25386| Points:
 Reviewer:|Sponsor:
--+

Comment (by alexcrichton):

 Oh sure! I've opened https://github.com/rust-lang/rust/issues/54134 to
 track this

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by tom):

 Replying to [comment:37 fufufu]:
 > As a Tor Browser user highly concerned with this change, I have two
 questions based on the dialogue I'm seeing on the comments section of the
 Tor blog about this subject:
 >
 > 1. The biggest reason this change seems to be promoted by some
 (particularly gk) as "not a big deal anyway", even in the context of
 disabled Javascript where potential OS detection methods are minimized, is
 because your OS can apparently be detected anyway by what fonts you have
 (as Tor Browser ships with different fonts depending on the version it
 seems). My question is how the server communicates this information back
 to itself after detection without using Javascript. I can find no website,
 browser uniqueness analyzer, fingerprint analyzer, anonymity analyzer,
 Panopticlick-style test, etc. that can actually detect anything about my
 fonts with Javascript disabled in Tor Browser. I can only find a small
 reference in Whonix documentation to detecting fonts via "CSS
 introspection". Can gk or somebody else provide more information about how
 this works?

 Anything that triggers a conditional load based on the size of other
 objects could be used to communicate it back. But it's more work and not
 as fun to program so I'm not surprised it's not common in POCs.

 A CSS trick to do this would be something like
 https://arthuredelstein.github.io/tordemos/media-query-fingerprint.html
 but I bet you can d the same in canvas and in SVG.

 Besides Fonts, another JS-free ways to detect platform could be media
 support/streaming. But yea, without using JS it definetly gets tougher.
 (There are a lot more network-level tricks that Tor is immune to but
 affects Firefox.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by tom):

 Replying to [comment:38 mcs]:
 > I am not sure what the next step is; it looks like it will not be
 trivial to create a shippable patch (since `Navigator::GetUserAgent()`
 expects to get the userAgent string from the HTTP protocol handle, but we
 want HTTP to use a spoofed `User-Agent`).


 I'm not sure what OSCPU is supposed to be without fingerprinting; but in
 RFP mode, it's the same as User Agent. So if RFP is enabled; you could go
 grab the value from Navigator::GetOscpu and return that instead of
 querying the HTTP header...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27407 [Applications/Tor Browser]: FireJail + TBB alpha breaks it

[Tor Bug Tracker & Wiki]

#27407: FireJail + TBB alpha breaks it
--+---
 Reporter:  bo0od |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by bo0od):

 according to the upstream they said to:

 {{{
 Fixes for tor browser aren't part of 0.9.54, they will be in 0.9.56. For
 now you may copy profiles manually:
 https://github.com/netblue30/firejail/blob/master/etc/start-tor-
 browser.profile
 https://github.com/netblue30/firejail/blob/master/etc/torbrowser-
 launcher.profile
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18080 [Applications/Tor Browser]: CORS header 'Access-Control-Allow-Origin' missing

[Tor Bug Tracker & Wiki]

#18080: CORS header 'Access-Control-Allow-Origin' missing
-+-
 Reporter:  cypherpunks  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  tbb-usability-website, ff60-esr- |  Actual Points:
  will-have  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by rnoir):

 I'm seeing these errors on stocktwits.com:
 {{{
 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the
 remote resource at
 
https://api.stocktwits.com/api/2/streams/watchlist/static.json?since=137020866=top.
 (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
 }}}
 This is running 8.5a1 on Ubuntu 18.04. If I click "New Tor Circuit for
 this Site", sometimes I'll get a few minutes of browsing before the errors
 come back.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs