date:20180418

Re: [tor-bugs] #25153 [Core Tor/Tor]: Specify how PrivCount in Tor statistics are configured and interpreted

2018-04-18 Thread Tor Bug Tracker & Wiki

#25153: Specify how PrivCount in Tor statistics are configured and interpreted
-+-
 Reporter:  teor |  Owner:  teor
 Type:  task | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  needs-proposal, privcount,   |  Actual Points:
  034-triage-20180328, 034-removed-20180328  |
Parent ID:  #22898   | Points:  5
 Reviewer:   |Sponsor:
 |  SponsorQ
-+-

Comment (by teor):

 I think I have worked out how we can do PrivCount in Tor version upgrades.

 We can safely add counters to an existing PrivCount in Tor deployment if
 we increase the noise added by older versions (or turn them off if they
 are too old). If we specify a noise ratio for each stats version in the
 consensus, then we can increase the noise in older versions each time we
 release a new version. If we removed counters, we would just accept the
 excess noise (which is safe), or not increase the noise as much when we
 add the next counter.

 Two further thoughts on PrivCount in Tor:

 1. Each counter we add will add more noise. To get the same relative
 noise, we can add more collecting relays. I wonder if we can calculate how
 much consensus weight we need to add per counter.

 2. We can discover relays that submit out of range data without
 specialised oblivious computation:
 a) the tally reporters do an aggregation round where each relay is in its
 own partition
 b) to protect relays which actually reported statistics, each tally
 reporter adds enough noise to hide the largest valid relay
 c) if a relay's total is large enough (4 or 5 sigmas away from the mean,
 positive or negative), it is probably bad. 4 sigmas is 1 in 16,000, or a
 38% probability of a false positive for 6000 relays. So we might need 5
 sigma if we ever deploy to the whole network. See
 
https://en.m.wikipedia.org/wiki/Normal_distribution#Standard_deviation_and_coverage

 If we ran out of bounds detection before every aggregation, we could use
 it to detect grossly inadequate noise. Which would make it safe to collect
 protocol warnings even if we get the action bounds (expected activity for
 a single client) wrong.

 But per-relay partitions enable an attack where you push a client's
 activity on a guard over the threshold, so the guard is excluded from the
 stats. We could set the exclusion threshold so high that it's physically
 impossible to have that many events.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25845 [Applications/Tor Browser]: TBA - Audit Progressive Web App (PWA) Implementation

2018-04-18 Thread Tor Bug Tracker & Wiki

#25845: TBA - Audit Progressive Web App (PWA) Implementation
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #5709 | Points:
 Reviewer:|Sponsor:
--+--

Comment (by sysrqb):

 Oh, and these homescreen icons are cleaned up/deleted when the app is
 uninstalled, right?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #25845 [Applications/Tor Browser]: TBA - Audit Progressive Web App (PWA) Implementation

2018-04-18 Thread Tor Bug Tracker & Wiki

#25845: TBA - Audit Progressive Web App (PWA) Implementation
--+
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-mobile
Actual Points:|  Parent ID:  #5709
   Points:|   Reviewer:
  Sponsor:|
--+
 [[https://en.wikipedia.org/wiki/Progressive_Web_Apps | Progressive Web
 Apps]] allow "installing" a webapp (some minimal version of a website) as
 an app on a phone/tablet (Android, iOS, ...). Basically, they're platform
 independent apps, using HTML/CSS/JS. This sounds useful, but if a user
 installs a PWA using TBA and then clicks the icon on their homescreen,
 does it open in TBA or in Firefox or does it let the user choose? This
 blog [1] shows there is a difference between the PWA homescreen-icon
 created by Chrome and created by Firefox, so the homescreen-icon probably
 links to the app that originally installed it, but we should make sure
 these nifty little programs don't introduce a complete proxy bypass
 because the user installs the app with TBA and then opens it with Fennec.

 [0] https://en.wikipedia.org/wiki/Progressive_Web_Apps
 [1] https://www.thurrott.com/mobile/android/146189/pwa-support-coming-
 firefox-android?sfw=pass1524109090
 [2] https://developer.mozilla.org/en-US/Apps/Progressive
 [3] https://developer.mozilla.org/en-US/Apps/Progressive/Installable_PWAs

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25386 [Core Tor/Tor]: fix rust tests

2018-04-18 Thread Tor Bug Tracker & Wiki

#25386: fix rust tests
-+-
 Reporter:  Hello71  |  Owner:  Hello71
 Type:  defect   | Status:
 |  needs_revision
 Priority:  High |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.3.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  rust, tor-test, 033-backport,|  Actual Points:
  review-group-34, 034-triage-20180328,  |
  034-included-20180401  |
Parent ID:   | Points:  3
 Reviewer:  isis |Sponsor:
 |  SponsorQ
-+-

Comment (by Hello71):

 latest iteration:

 1. still need to build a shared library

 2. still needs cleanup, i.e. splitting commits. current state of code
 LGTM, good if people want to review Tor on meson vs autotools :)

 3. needs testing on Mac and Windows (Rust should work on Windows now!)

 4. cargo testing a single directory is once again unsupported. should be
 possible without *too* much work, but I need to think of a good interface.
 I think this is not a huge issue though, since cargo doesn't rebuild
 everything anymore. Definitely shouldn't block this bug, anyways.

 5. everything works except rustdoc with asan due to aforementioned Rust
 bug. even Rust is built with asan, so it should catch everything asan can
 catch (within Rust limits, e.g. libstd is not instrumented). filed #25841
 for actually checking that this works.

 the basic architecture of this solution is fairly simple, and I tried to
 make minimal changes to the existing crate layout. it's basically 1. build
 a shared library, 2. get Rust to link with that shared library at compile-
 time, 3. use `LD_LIBRARY_PATH` so it can find it at run-time. the rest is
 finicky stuff to deal with Rust bugs like https://github.com/rust-
 lang/rust/issues/41807.

 "minimal changes" means build scripts instead of `links` key in manifest.
 the latter might be preferable since it means the build scripts don't need
 to know anything about where they're being built. however, because `links`
 keys may not be duplicated in a dependency tree, that requires all Rust ->
 C definitions to be in a single crate, which is better handled in #25639.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25790 [Applications/Tor Browser]: Orfox lists external apps when the user clicks and holds an Android URI in a WebPage

2018-04-18 Thread Tor Bug Tracker & Wiki

#25790: Orfox lists external apps when the user clicks and holds an Android URI 
in
a WebPage
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #25703| Points:
 Reviewer:|Sponsor:
--+--

Comment (by igt0):

 Mozilla bug used to track this bug:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1455165

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25814 [Core Tor/Tor]: Should Travis use "make distcheck"?

2018-04-18 Thread Tor Bug Tracker & Wiki

#25814: Should Travis use "make distcheck"?
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-ci, 034-roadmap-subtask  |  Actual Points:
Parent ID:  #25550   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * cc: isis, catalyst (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25814 [Core Tor/Tor]: Should Travis use "make distcheck"?

2018-04-18 Thread Tor Bug Tracker & Wiki

#25814: Should Travis use "make distcheck"?
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-ci, 034-roadmap-subtask  |  Actual Points:
Parent ID:  #25550   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * status:  accepted => needs_review


Comment:

 I have a patch here in a branch called `travis_distcheck_029`.

 We should also make sure that the distributed bundles work with Rust, and
 I have a branch for that as `travis_distcheck_031`.  However, we shouldn't
 merge that branch into 0.3.1: "make distcheck" doesn't work with Rust
 until 0.3.3!  I have merged that branch forward as `travis_distcheck_033`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25147 [Applications/Tor Browser]: Backport of fix shipped in Firefox 58.0.1?

2018-04-18 Thread Tor Bug Tracker & Wiki

#25147: Backport of fix shipped in Firefox 58.0.1?
--+---
 Reporter:  gk|  Owner:  pospeselr
 Type:  task  | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201804R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by pospeselr):

 * keywords:  TorBrowserTeam201804 => TorBrowserTeam201804R


Comment:

 So the innerHTML property has been changed such that all existing
 assignments will automatically sanitize the HTML if it's running within
 the system context.  The new UnsafeSetInnerHTML method that has replaced
 some of the innerHTML = X statements is meant to circumvent this check for
 known cases where firefox needs to hand craft some HTML within the system
 context.

 Any issues here with this patch would result in breaking functionality,
 rather than making system context pages less safe.

 I've gone through all the dependent bugs against
 [https://bugzilla.mozilla.org/show_bug.cgi?id=1432966 #1432966] and
 verified they either don't apply or have already been brought down to our
 latest branch ( origin/tor-browser-52.7.3esr-8.0-1 )

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24309 [Applications/Tor Browser]: Activity 4.1: Improve how circuits are displayed to the user

2018-04-18 Thread Tor Bug Tracker & Wiki

#24309: Activity 4.1: Improve how circuits are displayed to the user
---+---
 Reporter:  isabela|  Owner:  tbb-team
 Type:  defect | Status:
   |  needs_revision
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201804  |  Actual Points:
Parent ID: | Points:
 Reviewer:  antonela   |Sponsor:
---+---

Comment (by arthuredelstein):

 Replying to [comment:49 gk]:
 > On my Windows 7 box I can only open the circuit display every second
 time. Getting the display shown alternates with the display flashing up in
 the upper left corner of the browser (chrome) window. There is nothing
 visible in the error console.
 >
 > Arthur, let me know if you can reproduce that on any of your systems. If
 not, I'll try to track this down on my end.

 I can reproduce it! I'm looking into how to fix it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23354 [Core Tor/Tor]: Remove deterministic download schedule code and configs

2018-04-18 Thread Tor Bug Tracker & Wiki

#23354: Remove deterministic download schedule code and configs
-+-
 Reporter:  teor |  Owner:  nickm
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  refactor, s8-perf, technical-debt,   |  Actual Points:
  tor-bootstrap, 034-triage-20180328, fast-fix   |
Parent ID:   | Points:  0.1
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by teor):

 There is an extra commit c9c26d0 at the start of this branch.

 I wonder if it is ok that our coverage dropped slightly.
 But I think that's ok, because we removed 50 lines of code.

 When did we stop using deterministic schedules?
 I think it was 0.2.9. Do we want to say 0.2.9 in the changes file?

 The rest seems sensible to me, but I would like someone else to review
 this too.

 I opened #25844 for the relevant chutney changes.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23354 [Core Tor/Tor]: Remove deterministic download schedule code and configs

2018-04-18 Thread Tor Bug Tracker & Wiki

#23354: Remove deterministic download schedule code and configs
-+-
 Reporter:  teor |  Owner:  nickm
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  refactor, s8-perf, technical-debt,   |  Actual Points:
  tor-bootstrap, 034-triage-20180328, fast-fix   |
Parent ID:   | Points:  0.1
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-
Changes (by teor):

 * status:  needs_review => needs_revision


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #25844 [Core Tor/Chutney]: Ignore DownloadSchedule deprecation warnings in chutney

2018-04-18 Thread Tor Bug Tracker & Wiki

#25844: Ignore DownloadSchedule deprecation warnings in chutney
--+--
 Reporter:  teor  |  Owner:  teor
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 After #23354 is merged, we will need to ignore the download schedule
 warnings in chutney.
 Perhaps this is a good time to add the InitialDelay equivalents, if that
 doesn't also result in a warning,

 Once 0.2.5 is obsolete, we will not need any items in the schedule past
 the first item.
 So we should delete those, too.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24804 [Core Tor/Fallback Scripts]: Run an opt-in process for relay operators to become fallbacks

2018-04-18 Thread Tor Bug Tracker & Wiki

#24804: Run an opt-in process for relay operators to become fallbacks
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  task | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Fallback Scripts|Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, 034-triage-20180328,   |  Actual Points:
  034-removed-20180328   |
Parent ID:  #24786   | Points:  2
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * owner:  teor => (none)


Comment:

 I hope the relay support,coordinator will do this

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24805 [Core Tor/Fallback Scripts]: Update fallback whitelist and blacklist

2018-04-18 Thread Tor Bug Tracker & Wiki

#24805: Update fallback whitelist and blacklist
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Fallback Scripts|Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, 034-triage-20180328,   |  Actual Points:
  034-removed-20180328   |
Parent ID:  #24786   | Points:  0.5
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * owner:  teor => (none)


Comment:

 Anyone can do this

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24838 [Core Tor/Fallback Scripts]: Just have relay fingerprints in the fallback whitelist

2018-04-18 Thread Tor Bug Tracker & Wiki

#24838: Just have relay fingerprints in the fallback whitelist
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Fallback Scripts|Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, 034-triage-20180328,   |  Actual Points:
  034-removed-20180328, fast-fix |
Parent ID:  #24786   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * owner:  teor => (none)


Comment:

 Anyone can do this

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24953 [Core Tor/Fallback Scripts]: In check_existing mode, log "fallback list", not "whitelist"

2018-04-18 Thread Tor Bug Tracker & Wiki

#24953: In check_existing mode, log "fallback list", not "whitelist"
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Fallback Scripts|Version:
 Severity:  Normal   | Resolution:
 Keywords:  fast-fix, fallback,  |  Actual Points:
  034-triage-20180328, 034-removed-20180328  |
Parent ID:  #24786   | Points:  0.2
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * keywords:  fallback, 034-triage-20180328, 034-removed-20180328 => fast-
 fix, fallback, 034-triage-20180328, 034-removed-20180328
 * milestone:  Tor: unspecified => Tor: 0.3.4.x-final


Comment:

 This is a really fast fix, so let's do it in 0.3.4.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24839 [Core Tor/Tor]: Add a torrc option and descriptor line to opt-in as a FallbackDir

2018-04-18 Thread Tor Bug Tracker & Wiki

#24839: Add a torrc option and descriptor line to opt-in as a FallbackDir
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  needs-proposal, fallback, tor-spec,  |  Actual Points:
  034-triage-20180328, 034-removed-20180328  |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * parent:  #24786 =>


Comment:

 This is not part of the minimal fallback rebuild in 0.3.4.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24787 [Core Tor/Fallback Scripts]: Revise the fallback stability requirements based on current network load

2018-04-18 Thread Tor Bug Tracker & Wiki

#24787: Revise the fallback stability requirements based on current network load
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Fallback Scripts|Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, 034-triage-20180328,   |  Actual Points:
  034-removed-20180328   |
Parent ID:  #24786   | Points:  0.5
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * milestone:  Tor: unspecified => Tor: 0.3.4.x-final


Comment:

 This ticket is part of the minimal fallback rebuild, but we seem to have
 picked a food stability threshold, so it might not need to change:
 https://trac.torproject.org/projects/tor/ticket/24786#comment:4

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19129 [Core Tor/Fallback Scripts]: Allow Fallback Directories with no DirPort

2018-04-18 Thread Tor Bug Tracker & Wiki

#19129: Allow Fallback Directories with no DirPort
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Low  |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Fallback Scripts|Version:
 Severity:  Minor| Resolution:
 Keywords:  tor-client, fallback-directory,  |  Actual Points:
  needs-design, reachability, bootstrap, |
  034-triage-20180328, 034-removed-20180328  |
Parent ID:   | Points:  2
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * parent:  #24786 =>


Comment:

 This ticket is not part of the minimal fallback rebuild, and it depends on
 stem's ORPort support stabilising.
 Also, I would do fallback opt-ins in relay torrcs (#24839) before this
 ticket.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22760 [Core Tor/Tor]: Fix extra-info flags on fallbacks

2018-04-18 Thread Tor Bug Tracker & Wiki

#22760: Fix extra-info flags on fallbacks
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Low  |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.8.1-alpha
 Severity:  Minor| Resolution:
 Keywords:  fallback, 034-triage-20180328,   |  Actual Points:
  034-removed-20180328   |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * status:  assigned => new
 * parent:  #24786 =>


Comment:

 This ticket is not part of the minimal fallback rebuild.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24818 [Core Tor/Tor]: Make the hard-coded authorities into a separate include file with a standard format

2018-04-18 Thread Tor Bug Tracker & Wiki

#24818: Make the hard-coded authorities into a separate include file with a
standard format
-+-
 Reporter:  teor |  Owner:  teor
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  torspec, tor-dirauth,|  Actual Points:
  034-triage-20180328|
Parent ID:   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * parent:  #24786 =>
 * milestone:  Tor: 0.3.4.x-final => Tor: unspecified


Comment:

 This isn't part of any milestone in 0.3.4, and now that #24854 is done,
 metrics, ooni, stem, and fusion can easily get the list of authorities and
 fallbacks. (The formats aren't consistent with each other, but they are
 standardised and parseable.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24786 [Core Tor/Fallback Scripts]: Rebuild the fallback list for 0.3.4 or 0.3.5

2018-04-18 Thread Tor Bug Tracker & Wiki

#24786: Rebuild the fallback list for 0.3.4 or 0.3.5
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Fallback Scripts|Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, 029-backport, 031  |  Actual Points:
  -backport-maybe, 032-backport-maybe,   |
  033-backport, 034-backport, 034-roadmap-   |
  master, 034-triage-20180328,   |
  034-included-20180328  |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+-

Comment (by teor):

 I am very happy with the current set of fallbacks, which we generated in
 January 2018 using a minimum 90 day stability period.
 (The previous stability period was 30 days, which was too low - it led to
 a rebuild after ~6 months,)

 We have only lost 8 falllbacks after ~3 months:
 https://consensus-health.torproject.org/graphs.html

 At this rate, it will take us ~14 months to lose 25% of our 150 original
 fallbacks (or ~38 fallbacks).
 But we also want to rebuild the list every 12 months, so let's rebuild in
 January 2019 at the latest, or 0.3.6:
 
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases#Current

 If we're still doing well with fallbacks in 3-6 months' time, let's send
 out an email to thank all the fallback operators.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24790 [Core Tor/Fallback Scripts]: When 0.2.5 is EOL, remove the fallback script comment that refers to 0.2.8 and earlier

2018-04-18 Thread Tor Bug Tracker & Wiki

#24790: When 0.2.5 is EOL, remove the fallback script comment that refers to 
0.2.8
and earlier
-+-
 Reporter:  teor |  Owner:  nickm
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Fallback Scripts|Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, easy, doc, |  Actual Points:
  034-triage-20180328, fast-fix  |
Parent ID:  #24786   | Points:  0.1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * status:  needs_review => merge_ready


Comment:

 This patch is fine, let's merge it when 0.2.5 is obsolete, which is 1 May
 2018 on the schedule:
 
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases#Current

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25840 [Webpages/Website]: Please remove/deactivate job postings on website

2018-04-18 Thread Tor Bug Tracker & Wiki

#25840: Please remove/deactivate job postings on website
--+-
 Reporter:  ewyatt|  Owner:  (none)
 Type:  task  | Status:  closed
 Priority:  High  |  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:  implemented
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by arma):

 * status:  new => closed
 * resolution:   => implemented


Comment:

 It is done:
 
https://gitweb.torproject.org/project/web/webwml.git/commit/?id=1a192cdcbd4db2925037106322ec2564d2b2cf13

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25814 [Core Tor/Tor]: Should Travis use "make distcheck"?

2018-04-18 Thread Tor Bug Tracker & Wiki

#25814: Should Travis use "make distcheck"?
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  defect   | Status:  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-ci, 034-roadmap-subtask  |  Actual Points:
Parent ID:  #25550   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * status:  new => accepted
 * owner:  (none) => nickm


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25841 [Core Tor/Tor]: Write test for Rust fragile hardening

2018-04-18 Thread Tor Bug Tracker & Wiki

#25841: Write test for Rust fragile hardening
--+--
 Reporter:  Hello71   |  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  rust  |  Actual Points:
Parent ID:  #25386| Points:
 Reviewer:|Sponsor:
--+--
Changes (by dgoulet):

 * keywords:   => rust
 * milestone:   => Tor: unspecified


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25842 [Core Tor/Tor]: 'GETINFO exit-policy/full' fails when disconnected

2018-04-18 Thread Tor Bug Tracker & Wiki

#25842: 'GETINFO exit-policy/full' fails when disconnected
---+
 Reporter:  atagar |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  High   |  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  fast-fix, tor-control  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by dgoulet):

 * keywords:   => fast-fix, tor-control
 * milestone:   => Tor: 0.3.4.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22981 [Applications/Tor Browser]: Don't block audio/video on https sites under Medium Security

2018-04-18 Thread Tor Bug Tracker & Wiki

#22981: Don't block audio/video on https sites under Medium Security
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-security-slider,  |  Actual Points:
  ux-team|
Parent ID:  #23150   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arthuredelstein):

 To explain a little more, the idea here is to essentially make the
 security settings for HTTP and HTTPS independent. That results in three
 security levels:

 Low: HTTP unprotected, HTTPS unprotected
 Medium: HTTP protected, HTTPS unprotected
 High: HTTP protected, HTTPS protected

 This has usability benefits because it simplifies user's understanding of
 what protections are at each level. And on Medium Security, the usability
 has improved while still protecting against hostile injections on HTTP
 sites.

 It also has fingerprinting benefits by making Medium and High Security
 look the same on HTTP sites and Low and Medium look the same on HTTPS
 sites.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25843 [Core Tor/Tor]: Make NumEntryGuards consistent with #271 consensus params

2018-04-18 Thread Tor Bug Tracker & Wiki

#25843: Make NumEntryGuards consistent with #271 consensus params
--+
 Reporter:  mikeperry |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by mikeperry):

 Here's a list of things we're trying to learn from this testing:
 1. How often does the code decide that one of these two primaries is
 "down" when it is not?
 2. How often does the code prefer one guard over the other? (They should
 be split roughly 50/50 with this patch as-is, unless you get unlucky with
 path restrictions.. does that happen a lot?).
 3. How often do we decide to use guards other than our two primaries with
 this patch?
 4. What circumstances cause us to use guards other than our two primaries
 with this patch?
 5. Do we use the same two directory guards as our primary guards?
 6. Do we ever have microdescriptor shortages or 503 directory busy issues
 with this patch?
 7. What happens when we wander into the uncharted "sampled guard"
 territory of prop271?
 8. Do our failure modes for the above/other issues ever result in complete
 downtime for the client? (Can we fix that easily?)
 9. Can the client be induced to spam or otherwise thrash on its guards
 when it thinks one or both are down/unreachable?
 10. How does the vanguard controller behave with this patch?

 I think asn has some of this information already.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25799 [Metrics]: Utilize all Onionoo instances

2018-04-18 Thread Tor Bug Tracker & Wiki

#25799: Utilize all Onionoo instances
-+--
 Reporter:  iwakeh   |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  High |  Milestone:
Component:  Metrics  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by karsten):

 Wait, I think it's not that the case that RS only requests data from the
 main Onionoo instance. IIUC, onionoo.tpo sometimes goes to omeiense and
 sometimes to oo-hetzner-03. Or rather, it goes to one of the several
 caches which in turn use both backends. The effect is that some requests
 made by RS are answered by the first instance, directly or indirectly, and
 some by the next. This switch may even happen in the middle of a user
 session.

 Regarding your second suggestion to have RS fetch data from several
 instances, I think that wouldn't scale. Remember that it's really the
 clients/browsers making those requests. So, basically, that would double
 the number of requests.

 Regarding your first suggestion, I don't really know how the DNS round-
 robin thing works or how we would change that to detect stale data. It
 might be that this requires some programming/configuration effort, too.

 What else could we do? How about we teach Onionoo instances to detect when
 their data has become stale. In that case they could check whether other
 instances have more recent data and reply with redirects to other
 instances until their data is not stale anymore.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20351 [Metrics/CollecTor]: Turn the updateindex module into a function that runs after each module run

2018-04-18 Thread Tor Bug Tracker & Wiki

#20351: Turn the updateindex module into a function that runs after each module 
run
---+---
 Reporter:  iwakeh |  Owner:  iwakeh
 Type:  enhancement| Status:  needs_information
 Priority:  Medium |  Milestone:  CollecTor 1.6.0
Component:  Metrics/CollecTor  |Version:
 Severity:  Normal | Resolution:
 Keywords:  metrics-2018   |  Actual Points:
Parent ID:  #20518 | Points:
 Reviewer: |Sponsor:
---+---
Changes (by karsten):

 * status:  needs_review => needs_information


Comment:

 I just did a quick review of commit 7aa8984, and I think this can work. I
 did not try it out, though. We'll indeed have to do #20350 first before
 merging this. Not sure if this is the right thing to do, but I'm setting
 this ticket to needs_information until #20350 is resolved. Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #25843 [Core Tor/Tor]: Make NumEntryGuards consistent with #271 consensus params

2018-04-18 Thread Tor Bug Tracker & Wiki

#25843: Make NumEntryGuards consistent with #271 consensus params
--+
 Reporter:  mikeperry |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 Right now, NumEntryGuards tries to do some magic to set "guard-n-primary-
 guards-to-use" to the torrc value, and "guard-n-primary-guards" to twice
 that value.

 This prevents us from testing our current favored Proposal 291 params (2
 for each). So the torrc option could either be changed to set both of
 those values to the same, or we could make two torrc options.

 We should also ensure that whatever we do, we have the ability to set the
 torrc such that we could get the same behavior as *all* existing clients
 would get, with those consensus params, if we wanted. This includes
 directory guards (which we currently believe will and should be the same
 as the two primary guards).

 asn has a testing branch here:
 https://github.com/asn-d6/tor/tree/prop291_testing. This is not ready for
 merge, be could be adapted into a mergable, backportable thing.

 He also has a useful guard log promotion patch here:
 https://github.com/asn-d6/tor/tree/guard_monitor

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25762 [Core Tor/Tor]: Make periodic events array with flags including when they are enabled/disabled

2018-04-18 Thread Tor Bug Tracker & Wiki

#25762: Make periodic events array with flags including when they are
enabled/disabled
-+-
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  034-roadmap-subtask, client, |  Actual Points:
  s8-perf|
Parent ID:  #25500   | Points:
 Reviewer:  nickm|Sponsor:
 |  Sponsor8
-+-
Changes (by dgoulet):

 * status:  assigned => needs_review
 * reviewer:   => nickm


Comment:

 Ok unit tests added. I've rebased on latest master, merge fixup commits,
 cleaned up the commit list to make them nicer.

 Branch: `ticket25762_034_04`
 PR: https://github.com/torproject/tor/pull/56

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25764 [Applications/Tor Browser]: TBA - Activity 4.1: Improve how circuits are displayed to the user

2018-04-18 Thread Tor Bug Tracker & Wiki

#25764: TBA - Activity 4.1: Improve how circuits are displayed to the user
---+--
 Reporter:  antonela   |  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201804  |  Actual Points:
Parent ID:  #24309 | Points:
 Reviewer: |Sponsor:
---+--
Changes (by antonela):

 * Attachment "24309 - tba - tablets.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25543 [Applications/Tor Browser]: Rebase Tor Browser patches for ESR60

2018-04-18 Thread Tor Bug Tracker & Wiki

#25543: Rebase Tor Browser patches for ESR60
--+-
 Reporter:  gk|  Owner:  arthuredelstein
 Type:  task  | Status:  assigned
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201804  |  Actual Points:
Parent ID:  #25741| Points:
 Reviewer:|Sponsor:
--+-
Changes (by mcs):

 * Attachment "bug10280-fixup.patch" added.

 another small fixup

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25764 [Applications/Tor Browser]: TBA - Activity 4.1: Improve how circuits are displayed to the user

2018-04-18 Thread Tor Bug Tracker & Wiki

#25764: TBA - Activity 4.1: Improve how circuits are displayed to the user
---+--
 Reporter:  antonela   |  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201804  |  Actual Points:
Parent ID:  #24309 | Points:
 Reviewer: |Sponsor:
---+--

Comment (by antonela):

 Mobile UI iteration based on last week comments

 
https://trac.torproject.org/projects/tor/attachment/ticket/25764/24309%20-%20tba.2.png

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25764 [Applications/Tor Browser]: TBA - Activity 4.1: Improve how circuits are displayed to the user

2018-04-18 Thread Tor Bug Tracker & Wiki

#25764: TBA - Activity 4.1: Improve how circuits are displayed to the user
---+--
 Reporter:  antonela   |  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201804  |  Actual Points:
Parent ID:  #24309 | Points:
 Reviewer: |Sponsor:
---+--
Changes (by antonela):

 * Attachment "24309 - tba.2.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25764 [Applications/Tor Browser]: TBA - Activity 4.1: Improve how circuits are displayed to the user

2018-04-18 Thread Tor Bug Tracker & Wiki

#25764: TBA - Activity 4.1: Improve how circuits are displayed to the user
---+--
 Reporter:  antonela   |  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201804  |  Actual Points:
Parent ID:  #24309 | Points:
 Reviewer: |Sponsor:
---+--

Comment (by antonela):

 Tablet UI attached

 
https://trac.torproject.org/projects/tor/attachment/ticket/25764/24309%20-%20tba%20-%20tablets.png

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25764 [Applications/Tor Browser]: TBA - Activity 4.1: Improve how circuits are displayed to the user

2018-04-18 Thread Tor Bug Tracker & Wiki

#25764: TBA - Activity 4.1: Improve how circuits are displayed to the user
---+--
 Reporter:  antonela   |  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201804  |  Actual Points:
Parent ID:  #24309 | Points:
 Reviewer: |Sponsor:
---+--
Changes (by antonela):

 * Attachment "24309 - tba - tablets.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25727 [Core Tor/Tor]: Add bool types to Rust coding standards guidelines

2018-04-18 Thread Tor Bug Tracker & Wiki

#25727: Add bool types to Rust coding standards guidelines
-+
 Reporter:  isis |  Owner:  isis
 Type:  enhancement  | Status:  needs_revision
 Priority:  Medium   |  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  torspec, rust, fast-fix  |  Actual Points:
Parent ID:   | Points:  .1
 Reviewer:  catalyst |Sponsor:  SponsorM-can
-+
Changes (by catalyst):

 * status:  needs_review => needs_revision


Comment:

 Summarizing yesterday's IRC discussion:
 * Rust has debated whether Rust's `bool` is identical to C99's `_Bool` for
 a while.
 * Rust now [https://github.com/rust-lang/rust/pull/46156 specifies] that
 its `bool` is one byte.
 * There is a [https://github.com/rust-lang/rfcs/pull/954 postponed RFC] to
 define Rust's `bool` and C99's `_Bool` to be FFI-compatible.
 We should either postpone merging this until Rust decides to accept RFC
 954 or point to that RFC (and maybe the follow up RFC 992) in our doc.
 There seems to be a consensus that it should be accepted but it seems they
 haven't gone through the formalities yet.

 This patch also adds a non-ASCII character in a file that previously had
 none.  I think we lack a style guide that covers the acceptability of non-
 ASCII in various files, but this is a change.  On the other hand
 CodingStandardsRust.md already had some non-ASCII characters in it so
 maybe we don't actually care that much?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25423 [Core Tor/Stem]: Treat 'ExitRelay 0' as a reject-all policy

2018-04-18 Thread Tor Bug Tracker & Wiki

#25423: Treat 'ExitRelay 0' as a reject-all policy
---+--
 Reporter:  atagar |  Owner:  dmr
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer:  atagar |Sponsor:
---+--

Comment (by atagar):

 Fixed the 'ProtocolError when disconnected' issue you caught...

 https://gitweb.torproject.org/stem.git/commit/?id=f61e913

 ... and filed #25842 for getting that fixed in tor. Think the last thing
 left for this ticket is invalidating our exit policy and address caches
 when our address changes.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #25842 [Core Tor/Tor]: 'GETINFO exit-policy/full' fails when disconnected

2018-04-18 Thread Tor Bug Tracker & Wiki

#25842: 'GETINFO exit-policy/full' fails when disconnected
--+
 Reporter:  atagar|  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 On #25423 dmr noticed that 'GETINFO exit-policy/full' fails when tor lacks
 an address...

 {{{
 ProtocolError: GETINFO response didn't have an OK status:
 router_get_my_routerinfo returned NULL
 }}}

 No big whoop, but for this method to be useful I need for it to always
 tell us what our effective policy is (maybe that's 'reject *:*' when
 disconnected?). In the meantime Stem is using the following as a
 workaround...

 https://gitweb.torproject.org/stem.git/commit/?id=f61e913

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #25841 [Core Tor/Tor]: Write test for Rust fragile hardening

2018-04-18 Thread Tor Bug Tracker & Wiki

#25841: Write test for Rust fragile hardening
--+
 Reporter:  Hello71   |  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:  #25386
   Points:|   Reviewer:
  Sponsor:|
--+
 We should write some tests to ensure that asan is working to check memory
 leaks, dangling pointers, and so on. I know that #25386 links asan, but I
 don't know if it actually checks stuff that we want checked. We should
 check that it checks what we want checked.

 I envision this looking like a `test_fragile_hardening.c` (or a series of
 such files) and some helper Rust code that does some bad behavior and a
 wrapper that ensures that it crashes.

 Landing this requires #25386, but writing it does not; just assume that
 Rust and C can arbitrarily call each other (with the proper boilerplate),
 and asan is supposed to catch everything that it catches in C.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25543 [Applications/Tor Browser]: Rebase Tor Browser patches for ESR60

2018-04-18 Thread Tor Bug Tracker & Wiki

#25543: Rebase Tor Browser patches for ESR60
--+-
 Reporter:  gk|  Owner:  arthuredelstein
 Type:  task  | Status:  assigned
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201804  |  Actual Points:
Parent ID:  #25741| Points:
 Reviewer:|Sponsor:
--+-

Comment (by mcs):

 Thanks for posting all of the patch details.

 I just attached a couple of patches that are fixups: `libmdns.patch`
 fixes a compile error on macOS, and `packaging.patch` fixes errors that
 prevented `./mach package` from finishing. Kathy and I are still working
 off your 25543_volatile+4 branch for the moment, but it looks like your
 25543+6 branch needs these changes too.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25543 [Applications/Tor Browser]: Rebase Tor Browser patches for ESR60

2018-04-18 Thread Tor Bug Tracker & Wiki

#25543: Rebase Tor Browser patches for ESR60
--+-
 Reporter:  gk|  Owner:  arthuredelstein
 Type:  task  | Status:  assigned
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201804  |  Actual Points:
Parent ID:  #25741| Points:
 Reviewer:|Sponsor:
--+-
Changes (by mcs):

 * Attachment "libmdns.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25543 [Applications/Tor Browser]: Rebase Tor Browser patches for ESR60

2018-04-18 Thread Tor Bug Tracker & Wiki

#25543: Rebase Tor Browser patches for ESR60
--+-
 Reporter:  gk|  Owner:  arthuredelstein
 Type:  task  | Status:  assigned
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201804  |  Actual Points:
Parent ID:  #25741| Points:
 Reviewer:|Sponsor:
--+-
Changes (by mcs):

 * Attachment "packaging.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #4902 [Firefox Patch Issues]: Change the default search engine in TBB

2018-04-18 Thread Tor Bug Tracker & Wiki

#4902: Change the default search engine in TBB
---+---
 Reporter:  phobos |  Owner:  mikeperry
 Type:  enhancement| Status:  closed
 Priority:  Medium |  Milestone:  TorBrowserBundle 2.3.x-stable
Component:  Firefox Patch  |Version:
  Issues   |
 Severity:  Blocker| Resolution:  worksforme
 Keywords: |  Actual Points:  1
  MikePerry201204  |
Parent ID: | Points:  1
 Reviewer: |Sponsor:
---+---

Comment (by cypherpunks):

 Replying to [comment:41 heyjoe]:
 > Interesting. Here it is the default SE in TBB and it shows me no
 captchas.
 I wasn't talking about an earlier time, and you can also reproduce it if
 they block some particular exit (I did happen on a case once where I had a
 captcha with startpage with TB not so long ago).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #4902 [Firefox Patch Issues]: Change the default search engine in TBB

2018-04-18 Thread Tor Bug Tracker & Wiki

#4902: Change the default search engine in TBB
---+---
 Reporter:  phobos |  Owner:  mikeperry
 Type:  enhancement| Status:  closed
 Priority:  Medium |  Milestone:  TorBrowserBundle 2.3.x-stable
Component:  Firefox Patch  |Version:
  Issues   |
 Severity:  Blocker| Resolution:  worksforme
 Keywords: |  Actual Points:  1
  MikePerry201204  |
Parent ID: | Points:  1
 Reviewer: |Sponsor:
---+---

Comment (by heyjoe):

 > Startpage puts up captchas to Tor users when it was enabled as default
 not so long ago IIRC. (Can't find the relevant comments.)

 Interesting. Here it is the default SE in TBB and it shows me no captchas.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25543 [Applications/Tor Browser]: Rebase Tor Browser patches for ESR60

2018-04-18 Thread Tor Bug Tracker & Wiki

#25543: Rebase Tor Browser patches for ESR60
--+-
 Reporter:  gk|  Owner:  arthuredelstein
 Type:  task  | Status:  assigned
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201804  |  Actual Points:
Parent ID:  #25741| Points:
 Reviewer:|Sponsor:
--+-

Comment (by arthuredelstein):

 Replying to [comment:7 gk]:
 > Okay, I'll skimmed the list and have some comments:
 >
 > {{{
 > N 2c74c1e6b2c7 Bug 5282: Randomize HTTP request order and pipeline
 depth.
 > }}}
 > That should be an "O" instead of an "N". There is no pipelining code
 anymore in ESR60, and thus the patch is obsolete.

 OK! I will edit the list in comment:6 to fix that.

 > {{{
 > K 2e0a54b89593 Bug 24052: Streamline handling of file:// resources
 > }}}
 > What does "K" mean here? It makes me a bit nervous given that this was
 one of our fixes to close a cricital hole in Firefox.

 Including this patch causes a runtime error that prevents the browser from
 starting up properly. We will need to debug this problem.

 > I assume "F*" means "still work in progress but essentially done"?

 Yes, the patch seems to work, but there is a problem with the unit test
 that I would like to fix to be more sure.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25834 [Applications/Tor Browser]: Use compiler dependent spec files for mingw-w64

2018-04-18 Thread Tor Bug Tracker & Wiki

#25834: Use compiler dependent spec files for mingw-w64
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, ff60-esr,   |  Actual Points:
  TorBrowserTeam201804R  |
Parent ID:  #24631   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * status:  new => needs_review
 * keywords:  tbb-rbm, ff60-esr => tbb-rbm, ff60-esr, TorBrowserTeam201804R


Comment:

 Replying to [comment:1 boklm]:
 > I am now testing a build with this patch:
 > https://gitweb.torproject.org/user/boklm/tor-browser-
 build.git/commit/?h=bug_25834=6e4643e22c7beefc8c5c2d79e086c9416b9c330b

 The build finished, and both the 32bit and 64bit versions are starting
 correctly in my Windows VM.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25816 [Metrics/Onionoo]: Release Onionoo 6.0-1.13.0

2018-04-18 Thread Tor Bug Tracker & Wiki

#25816: Release Onionoo 6.0-1.13.0
-+
 Reporter:  karsten  |  Owner:  karsten
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:  Onionoo 1.13.0
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:  implemented
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by iwakeh):

 * status:  merge_ready => closed
 * resolution:   => implemented


Comment:

 All fine and [https://lists.torproject.org/pipermail/tor-
 dev/2018-April/013079.html announced].

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25831 [Metrics/Library]: Release metrics-lib 2.3.0

2018-04-18 Thread Tor Bug Tracker & Wiki

#25831: Release metrics-lib 2.3.0
-+---
 Reporter:  karsten  |  Owner:  karsten
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:  metrics-lib 2.3.0
Component:  Metrics/Library  |Version:
 Severity:  Normal   | Resolution:  implemented
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:  iwakeh   |Sponsor:
-+---
Changes (by iwakeh):

 * status:  merge_ready => closed
 * resolution:   => implemented


Comment:

 All done and the [https://lists.torproject.org/pipermail/tor-
 dev/2018-April/013079.html word spread].
 Closing.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25124 [Core Tor/Stem]: Self-generated v3 Onion Service keys and addresses

2018-04-18 Thread Tor Bug Tracker & Wiki

#25124: Self-generated v3 Onion Service keys and addresses
---+
 Reporter:  Dbryrtfbcbhgf  |  Owner:  atagar
 Type:  enhancement| Status:  closed
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by atagar):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 Hi maqp, I think I'm gonna close this. Unless I'm missing something the
 only outstanding request was being able to generate HS keys without tor.
 If this is in the spec I'd be happy to take a patch but I can't say it's a
 feature I plan to implement myself. For what it's worth you might find the
 second example in the following useful...

 https://stem.torproject.org/tutorials/over_the_river.html#ephemeral-
 hidden-services

 Feel free to reopen if you'd care to discuss this more.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25353 [Core Tor/Tor]: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.

2018-04-18 Thread Tor Bug Tracker & Wiki

#25353: Configure fails with some OpenSSL 1.1.0 built with no-deprecated.
-+-
 Reporter:  laomaiweng   |  Owner:  nickm
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  openssl, tor-ssl,|  Actual Points:
  034-triage-20180328, 034-must, compatibility,  |
  build, 034-included-20180405   |
Parent ID:  #19429   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * status:  accepted => needs_review


Comment:

 (See parent ticket -- I have adapted the patch from the gentoo bugtracker
 above to work on 0.3.4, fixed some other cases of similar problems, and
 merged it with the work from this ticket.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19429 [Core Tor/Tor]: Clean up our OpenSSL 1.1 support.

2018-04-18 Thread Tor Bug Tracker & Wiki

#19429: Clean up our OpenSSL 1.1 support.
-+-
 Reporter:  yawning  |  Owner:  nickm
 Type:  enhancement  | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.8.4-rc
 Severity:  Normal   | Resolution:
 Keywords:  tor-crypto openssl refactor future-  |  Actual Points:
  proof  |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * owner:  yawning => nickm
 * status:  new => accepted
 * milestone:  Tor: unspecified => Tor: 0.3.4.x-final


Comment:

 I've adapted the patch on https://bugs.gentoo.org/630380 to support this,
 along with the patch from #25353.  See branch `ticket19429_034`.  Since
 this is a new feature, I suggest no backport.  Pull request at
 https://github.com/torproject/tor/pull/55

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19429 [Core Tor/Tor]: Clean up our OpenSSL 1.1 support.

2018-04-18 Thread Tor Bug Tracker & Wiki

#19429: Clean up our OpenSSL 1.1 support.
-+-
 Reporter:  yawning  |  Owner:  nickm
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.8.4-rc
 Severity:  Normal   | Resolution:
 Keywords:  tor-crypto openssl refactor future-  |  Actual Points:
  proof  |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * status:  accepted => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25838 [Internal Services/Service - lists]: Create mailing list for tor network alerts concerning bad relays

2018-04-18 Thread Tor Bug Tracker & Wiki

#25838: Create mailing list for tor network alerts concerning bad relays
---+
 Reporter:  dgoulet|  Owner:  qbi
 Type:  task   | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Internal Services/Service - lists  |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by qbi):

 * status:  new => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features

2018-04-18 Thread Tor Bug Tracker & Wiki

#25658: Activity 2.1: Improve user understanding and user control by clarifying 
Tor
Browser's security features
---+---
 Reporter:  isabela|  Owner:  antonela
 Type:  project| Status:  assigned
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201804  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor17
---+---

Comment (by cypherpunks):

 Replying to [comment:13 antonela]:
 >
 
https://trac.torproject.org/projects/tor/attachment/ticket/25658/25658%20-%202.png
 It wouldn't be possible to replicate the "Safer" - "Medium" setting with
 that proposal (block JS just for non-encrypted websites, ...etc).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #25840 [Webpages/Website]: Please remove/deactivate job postings on website

2018-04-18 Thread Tor Bug Tracker & Wiki

#25840: Please remove/deactivate job postings on website
--+
 Reporter:  ewyatt|  Owner:  (none)
 Type:  task  | Status:  new
 Priority:  High  |  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 {{{
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA512


 Hello. Please remove/deactivate the following job postings from the
 website:

 1. User Research Coordinator
 2. Community Liaison
 3. Executive Director

 One position has been filled (announcement coming soon) and the other two
 are proceeding with screening. Thank you!

 -BEGIN PGP SIGNATURE-
 Comment: GPGTools - https://gpgtools.org

 iQIzBAEBCgAdFiEENecqn2ZVRfkstmYkugyUAPgPkc4FAlrXakcACgkQugyUAPgP
 kc550A/+KsfOxZFF6egUdvvRazoPsPX8f0llNXt2Gn/MYGOgQiTs6zLq/jplBxyc
 XFZEKP0TXyAyeQLhEyYSTbOeXDWVTV9aHNOzqtv4b92HFtV3rzQPhQ5ayBzsoRUr
 +V4NcAohwdDQ/aZPj01cN0Hps1mCtmMGcd8277RdfQFhn8SnHzyAOwXlWgVrXJhI
 aIkE/BDZFHAq6vxK4r858FNMwEQzazeRCwT93TlN9OMpFdqN0r9zGwMqJbgBWsVB
 2awySNevhF6vTjQfIhmzMWtjPrKnrv8MdzonJlyP/cNWPKGwh6sef/kKB/qt3T4E
 gk8z1s0iNWKP4YCbLkCGXu/WVZdyjC6deOZPcMgH+Bd88SCBBAhJZs+IqzN90NSw
 pYIJEClz3UkChMVuCKwi3QN4C5qfPKqtZNezINwyYPqHWYSiJM9TtBm6H+V5FZiX
 kwvxIM6BGlWLAaNnbty9dZb/TN6AYwlTeVUGU+DklDRexiNRtDAM9V7JntCF7hQs
 ul/5gsahzr6yOxo/udIfPO5mzGOgCWqfb7ib4soIe0luD3H3QfsV2nMpvaLWAZJh
 lZsilrlB2ZXZBYKn3epP156duWJnLILHH5m80qVXq3th9QI1dVD9Hyd7JyLmrrUn
 Bf6jFHSOo8GZvCuwIXRZBdTsKKjdsCpP0pGE4Sr3uswAZ+2ltks=
 =RJ/E
 -END PGP SIGNATURE-
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25373 [Core Tor/Tor]: Avoid needless wakeups for token bucket refills.

2018-04-18 Thread Tor Bug Tracker & Wiki

#25373: Avoid needless wakeups for token bucket refills.
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  034-roadmap-subtask, |  Actual Points:
  034-triage-20180328, 034-included-20180328 |
Parent ID:  #25500   | Points:
 Reviewer:  dgoulet  |Sponsor:
 |  Sponsor8
-+-
Changes (by nickm):

 * status:  needs_revision => needs_review


Comment:

 replied on the PR!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23354 [Core Tor/Tor]: Remove deterministic download schedule code and configs

2018-04-18 Thread Tor Bug Tracker & Wiki

#23354: Remove deterministic download schedule code and configs
-+-
 Reporter:  teor |  Owner:  nickm
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  refactor, s8-perf, technical-debt,   |  Actual Points:
  tor-bootstrap, 034-triage-20180328, fast-fix   |
Parent ID:   | Points:  0.1
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-
Changes (by nickm):

 * status:  accepted => needs_review


Comment:

 As requested, this is done in `ticket23354`.  Pull request at
 https://github.com/torproject/tor/pull/54

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #25839 [Core Tor/Tor]: conn: Move connection bandwidth stuff into its own file

2018-04-18 Thread Tor Bug Tracker & Wiki

#25839: conn: Move connection bandwidth stuff into its own file
--+--
 Reporter:  dgoulet   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  easy, refactor
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 In connection.c, we have the connection's bw management which means there
 are lots of functions only dealing with the {{{global_bucket}}} and per-
 connection rw bucket.

 We could move all this to its own file like {{{connection_bw.c}}} to
 offload connection.c making it nicer, clearer and more modularized.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25762 [Core Tor/Tor]: Make periodic events array with flags including when they are enabled/disabled

2018-04-18 Thread Tor Bug Tracker & Wiki

#25762: Make periodic events array with flags including when they are
enabled/disabled
-+-
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  034-roadmap-subtask, client, |  Actual Points:
  s8-perf|
Parent ID:  #25500   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by dgoulet):

 Replying to [comment:6 nickm]:
 > This needs unit tests, and I also want to review these remaining things
 that I didn't check when I was reviewing the initial branch:
 >* Did we accidentally "lose" any periodic callbacks?

 Yah... I think this means someone needs to go over commit f9370609e49e72d0
 and make sure I didn't forget one :S.

 >* Are all of the flags set correctly?

 Indeed. Same commit from above. It is possible an event applies to a role
 I failed to notice...

 >
 > Also:
 >* We should decide how this approach will handle events that turn off
 when DisableNetwork is set.

 I think we can do this part of #25376 and not within this branch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features

2018-04-18 Thread Tor Bug Tracker & Wiki

#25658: Activity 2.1: Improve user understanding and user control by clarifying 
Tor
Browser's security features
---+---
 Reporter:  isabela|  Owner:  antonela
 Type:  project| Status:  assigned
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201804  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor17
---+---

Comment (by antonela):

 Replying to [comment:14 tom]:

 > Anyway, I just wanted to point out that that one in particular jumped
 out to me and felt the most right of the icons you had initially explored.

 Thanks for jumping here tom! What do you think about to have just two
 options?
 
https://trac.torproject.org/projects/tor/attachment/ticket/25658/25658%20-%202.png

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25834 [Applications/Tor Browser]: Use compiler dependent spec files for mingw-w64

2018-04-18 Thread Tor Bug Tracker & Wiki

#25834: Use compiler dependent spec files for mingw-w64
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-rbm, ff60-esr |  Actual Points:
Parent ID:  #24631| Points:
 Reviewer:|Sponsor:
--+--
Changes (by tom):

 * cc: tom (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25837 [Applications/Tor Browser]: Integrate fxc2 into our build setup for Windows Tor Browser builds

2018-04-18 Thread Tor Bug Tracker & Wiki

#25837: Integrate fxc2 into our build setup for Windows Tor Browser builds
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-rbm, ff60-esr |  Actual Points:
Parent ID:  #24631| Points:
 Reviewer:|Sponsor:
--+--
Changes (by tom):

 * cc: tom (added)


Comment:

 An unfortunate aspect of this is it still uses a closed-source MSFT dll.
 For trustworthiness purposes, you'll probably want to agree upon the hash
 of that dll. You can consider the existing one in the repo my vote for the
 correct version.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features

2018-04-18 Thread Tor Bug Tracker & Wiki

#25658: Activity 2.1: Improve user understanding and user control by clarifying
Tor
Browser's security features
---+---
Reporter: isabela| Owner: antonela
Type: project| Status: assigned
Priority: High | Milestone:
Component: Applications/Tor Browser |Version:
Severity: Normal | Resolution:
Keywords: ux-team, TorBrowserTeam201804 | Actual Points:
Parent ID: | Points:
Reviewer: |Sponsor: Sponsor17
---+---

Comment (by tom):

Hm. Perhaps I'm focusing on the wrong part of your comment;, but as I was
looking through

https://trac.torproject.org/projects/tor/attachment/ticket/25658/25658-exploration%202.png
I was in agreement that none of them really illustrated the visual
feedback.

The one with the words Standard / Safer / Safest did of course; because
it's making it explicit.

The rest of them had no indicator to me that
a) This state was 'partial' - e.g. that there was a better state to be in.
b) That this state was 'the best'.

Okay 3 dots is better than 1 dot. How do I know that there is something
better than 1 dot? How do I know there is not a four-dot setting?

Shield, half-shield... and the checkerboard shield... these could both be
stylist choices. I don't know the shield is supposed to be full.

Until I saw the grey shield on the far right. Th one where it looks like
it's filling a progress bar. That one immediately resonated with me
(personally at least.) It's a progress bar. It fills up.

If you make the full shield have the small white lines so it's indicative
of three 'bars' that filled up it's more apparent. It might be even more
apparent if you render it in stark color (black or purple, with the
unfilled boxes being light grey.

Heck, if we want to animate it, we could blink the filled or unfilled
progress bars.

Anyway, I just wanted to point out that that one in particular jumped out
to me and felt the most right of the icons you had initially explored.

--
Ticket URL:
Tor Bug Tracker & Wiki
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25373 [Core Tor/Tor]: Avoid needless wakeups for token bucket refills.

2018-04-18 Thread Tor Bug Tracker & Wiki

#25373: Avoid needless wakeups for token bucket refills.
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  034-roadmap-subtask, |  Actual Points:
  034-triage-20180328, 034-included-20180328 |
Parent ID:  #25500   | Points:
 Reviewer:  dgoulet  |Sponsor:
 |  Sponsor8
-+-
Changes (by dgoulet):

 * status:  needs_review => needs_revision


Comment:

 Commented on the PR!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25816 [Metrics/Onionoo]: Release Onionoo 6.0-1.13.0

2018-04-18 Thread Tor Bug Tracker & Wiki

#25816: Release Onionoo 6.0-1.13.0
-+
 Reporter:  karsten  |  Owner:  karsten
 Type:  task | Status:  merge_ready
 Priority:  Medium   |  Milestone:  Onionoo 1.13.0
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by karsten):

 Okay, as far as I know, everything's done here. Please close whenever you
 want.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25831 [Metrics/Library]: Release metrics-lib 2.3.0

2018-04-18 Thread Tor Bug Tracker & Wiki

#25831: Release metrics-lib 2.3.0
-+---
 Reporter:  karsten  |  Owner:  karsten
 Type:  task | Status:  merge_ready
 Priority:  Medium   |  Milestone:  metrics-lib 2.3.0
Component:  Metrics/Library  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:  iwakeh   |Sponsor:
-+---

Comment (by karsten):

 Okay, as far as I know, everything's done here. Please close whenever you
 want.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24790 [Core Tor/Fallback Scripts]: When 0.2.5 is EOL, remove the fallback script comment that refers to 0.2.8 and earlier

2018-04-18 Thread Tor Bug Tracker & Wiki

#24790: When 0.2.5 is EOL, remove the fallback script comment that refers to 
0.2.8
and earlier
-+-
 Reporter:  teor |  Owner:  nickm
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Fallback Scripts|Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, easy, doc, |  Actual Points:
  034-triage-20180328, fast-fix  |
Parent ID:  #24786   | Points:  0.1
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * status:  accepted => needs_review


Comment:

 The branch `ticket24790` is ready for 15 May.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25831 [Metrics/Library]: Release metrics-lib 2.3.0

2018-04-18 Thread Tor Bug Tracker & Wiki

#25831: Release metrics-lib 2.3.0
-+---
 Reporter:  karsten  |  Owner:  karsten
 Type:  task | Status:  merge_ready
 Priority:  Medium   |  Milestone:  metrics-lib 2.3.0
Component:  Metrics/Library  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:  iwakeh   |Sponsor:
-+---

Comment (by karsten):

 Alright, the tarball is here now: https://dist.torproject.org/metrics-
 lib/2.3.0/

 Regarding the metrics-web update: I'm going to do that as part of #25816.
 So, if the plan is to announce both, then metrics-web will have the most
 recent javadoc for metrics-lib 2.3.0. (If not, please let me know.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25646 [Core Tor/Tor]: Incorporate discussion outcomes into prop249 (wide create cells)

2018-04-18 Thread Tor Bug Tracker & Wiki

#25646: Incorporate discussion outcomes into prop249 (wide create cells)
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-cell, tor-circuit, trunnel, 034  |  implemented
  -roadmap-subtask, 034-triage-20180328, |  Actual Points:
  034-included-20180328  |
Parent ID:  #24986   | Points:  .2
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * status:  accepted => closed
 * resolution:   => implemented


Comment:

 It appears that Isis already did this on 13-14 Dec 2017, immediately after
 the meeting in question.  Thanks, Isis!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25804 [Obfuscation/Snowflake]: Domain fronting to App Engine stopped working

2018-04-18 Thread Tor Bug Tracker & Wiki

#25804: Domain fronting to App Engine stopped working
---+
 Reporter:  dcf|  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords:  moat   |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+

Comment (by cypherpunks):

 >  It seems worthwhile in a general sense to try to salvage domain
 fronting with appengine if it's easy to do.

 SNI-less or *.appspot.com (like generated randomly)?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25762 [Core Tor/Tor]: Make periodic events array with flags including when they are enabled/disabled

2018-04-18 Thread Tor Bug Tracker & Wiki

#25762: Make periodic events array with flags including when they are
enabled/disabled
-+-
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  034-roadmap-subtask, client, |  Actual Points:
  s8-perf|
Parent ID:  #25500   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by nickm):

 This needs unit tests, and I also want to review these remaining things
 that I didn't check when I was reviewing the initial branch:
* Did we accidentally "lose" any periodic callbacks?
* Are all of the flags set correctly?

 Also:
* We should decide how this approach will handle events that turn off
 when DisableNetwork is set.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25762 [Core Tor/Tor]: Make periodic events array with flags including when they are enabled/disabled

2018-04-18 Thread Tor Bug Tracker & Wiki

#25762: Make periodic events array with flags including when they are
enabled/disabled
-+-
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  034-roadmap-subtask, client, |  Actual Points:
  s8-perf|
Parent ID:  #25500   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by dgoulet):

 Ok branch `ticket25762_034_03` has the latest from Nickm with couple of
 tweaks from me including a fixup commit.

 So imo, we are happy with the interface, this simply needs unit tests.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19665 [Core Tor/Tor]: Should *Port_set count sockets?

2018-04-18 Thread Tor Bug Tracker & Wiki

#19665: Should *Port_set count sockets?
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-control technical-debt config|  Actual Points:
  torrc startup  |
Parent ID:  #25762   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-
Changes (by dgoulet):

 * sponsor:   => Sponsor8
 * parent:   => #25762
 * milestone:  Tor: unspecified => Tor: 0.3.4.x-final


Comment:

 Parenting this ticket because we need to properly identify a "tor client"
 and using those `*_Set` variables is what should be done.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24969 [Core Tor/Tor]: Allow sleep() in the sandbox

2018-04-18 Thread Tor Bug Tracker & Wiki

#24969: Allow sleep() in the sandbox
-+-
 Reporter:  teor |  Owner:  nickm
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.5.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  tor-crash, 034-triage-20180328,  |  Actual Points:  0
  034-must fast-fix crash 029-backport   |
  031-backport 032-backport 033-backport |
Parent ID:   | Points:  0.2
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * keywords:  tor-crash, 034-triage-20180328, 034-must fast-fix crash =>
 tor-crash, 034-triage-20180328, 034-must fast-fix crash 029-backport
 031-backport 032-backport 033-backport
 * status:  accepted => needs_review
 * actualpoints:   => 0


Comment:

 Trivial fix in `bug24969_029`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25688 [Obfuscation/Snowflake]: proxy-go is still deadlocking occasionally

2018-04-18 Thread Tor Bug Tracker & Wiki

#25688: proxy-go is still deadlocking occasionally
---+
 Reporter:  dcf|  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Low|  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+

Comment (by arlolra):

 > Is there some strace or ptrace or gdb equivalent for go, that lets you
 figure out *where* it's deadlocking? :)

 I'm working on that, but since we don't have any more clients, it's
 becoming harder to produce.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25543 [Applications/Tor Browser]: Rebase Tor Browser patches for ESR60

2018-04-18 Thread Tor Bug Tracker & Wiki

#25543: Rebase Tor Browser patches for ESR60
--+-
 Reporter:  gk|  Owner:  arthuredelstein
 Type:  task  | Status:  assigned
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201804  |  Actual Points:
Parent ID:  #25741| Points:
 Reviewer:|Sponsor:
--+-

Comment (by gk):

 Okay, I'll skimmed the list and have some comments:
 {{{
 N 2c74c1e6b2c7 Bug 5282: Randomize HTTP request order and pipeline depth.
 }}}
 That should be an "O" instead of an "N". There is no pipelining code
 anymore in ESR60, and thus the patch is obsolete.

 {{{
 K 2e0a54b89593 Bug 24052: Streamline handling of file:// resources
 }}}
 What does "K" mean here? It makes me a bit nervous given that this was one
 of our fixes to close a cricital hole in Firefox.

 I assume "F*" means "still work in progress but essentially done"?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25832 [Applications/Tor Browser]: Enable pthread support for mingw-w64

2018-04-18 Thread Tor Bug Tracker & Wiki

#25832: Enable pthread support for mingw-w64
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, ff60-esr,   |  Actual Points:
  TorBrowserTeam201804R, GeorgKoppen201804   |
Parent ID:  #24631   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-rbm, ff60-esr, TorBrowserTeam201804, GeorgKoppen201804 =>
 tbb-rbm, ff60-esr, TorBrowserTeam201804R, GeorgKoppen201804
 * status:  new => needs_review


Comment:

 Replying to [comment:1 gk]:
 > I believe this bug is behind my build failure on my Linux boxes:
 > {{{
 > 1:34.88 In file included from /home/thomas/win60/tor-
 browser/media/libvpx/libvpx/vp8/decoder/onyxd_int.h:18:0,
 >  1:34.88  from /home/thomas/win60/tor-
 browser/media/libvpx/libvpx/vp8/decoder/decodeframe.c:14:
 >  1:34.90 /home/thomas/win60/tor-
 browser/media/libvpx/libvpx/vp8/common/threading.h:76:23: fatal error:
 semaphore.h: Datei oder Verzeichnis nicht gefunden
 >  1:34.91  #include 
 >  1:34.91
 > }}}
 > I am currently verifying that theory and am testing a potential fix.

 Yes, I was right. `bug_25832` (https://gitweb.torproject.org/user/gk/tor-
 browser-
 build.git/commit/?h=bug_25832=9ed4019319aec225d8b2bd163d0be5adea5d4573)
 has a potential fix that allows me to basically compile everything. (The
 Firefox is still not running for different reasons on Windows 7 and 8,
 which is interesting but different tickets).

 This should be reviewed once we switched to an ESR60-based tor-browser
 branch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #25838 [Internal Services/Service - lists]: Create mailing list for tor network alerts concerning bad relays

2018-04-18 Thread Tor Bug Tracker & Wiki

#25838: Create mailing list for tor network alerts concerning bad relays
---+-
 Reporter:  dgoulet|  Owner:  qbi
 Type:  task   | Status:  new
 Priority:  Medium |  Milestone:
Component:  Internal Services/Service - lists  |Version:
 Severity:  Normal |   Keywords:
Actual Points: |  Parent ID:
   Points: |   Reviewer:
  Sponsor: |
---+-
 {{{
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 IMPORTANT: This list needs to be private for now and invite-only. Needs to
 be
 reachable from the outside world as well.

 This list will only receive automatic emails from tools scanning the tor
 network alerting us of potential suspicious or malicious events. Thus the
 "auto:" in the description.

 Name: `tor-network-alerts@`
 Maintainer: `dgou...@torproject.org`
 Description: auto: Alerts related to bad relays detection.
 -BEGIN PGP SIGNATURE-

 iQEzBAEBCAAdFiEEt0QX7d8irJ+ekPSRQuhqKhH0jTYFAlrXSc8ACgkQQuhqKhH0
 jTag3Qf/QkOWlgki75ILCLP3qtdzetRzQIIDEuFyjgkrPyjGv1H7hjzFCNqlQ0VU
 vXu8LEGku2f9zm6Xmvtc20PFCEkI9qr5sAwCbK/cmlp4LVdIB4aldy1PRLbqoLO/
 Mw4G0oUx5dcfmPhsN3tIJXJezr1bhEKGeKTBMojcwjWYs9opAOEsWoSn8C0IVe39
 Gx/giy/zTYKCqVjyTWYhaUFLQJy62RjvKBego9nwqZTUR4dyGzUuox3nDI8uCpbE
 g5rsDOlyXAq7+To0z0iiqHgGC0Z2ExtFrmiUoTbs9zLCJ/ADjpWgwx4YUBeQ5JOC
 dHdSX+/iUfeVO3tyOINkIE4TmtjjTw==
 =26IH
 -END PGP SIGNATURE-
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25691 [Core Tor/Tor]: Bridges don't work: Non-fatal assertion !(exit_ei == NULL) failed in onion_pick_cpath_exit

2018-04-18 Thread Tor Bug Tracker & Wiki

#25691: Bridges don't work: Non-fatal assertion !(exit_ei == NULL) failed in
onion_pick_cpath_exit
-+-
 Reporter:  teor |  Owner:  nickm
 Type:  defect   | Status:
 |  needs_revision
 Priority:  High |  Milestone:  Tor:
 |  0.3.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  regression, 034-must 033-backport|  Actual Points:
  033-maybe-must |
Parent ID:   | Points:  0.5
 Reviewer:  dgoulet, teor|Sponsor:
-+-

Comment (by nickm):

 Thanks! I'll do another round of revisions once dgoulet has had a chance
 to review?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25554 [Applications/Tor Browser]: Bump mingw-w64 version for ESR 60

2018-04-18 Thread Tor Bug Tracker & Wiki

#25554: Bump mingw-w64 version for ESR 60
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, ff60-esr,   |  Actual Points:
  TorBrowserTeam201804R  |
Parent ID:  #24631   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  new => needs_review
 * keywords:  tbb-rbm, ff60-esr => tbb-rbm, ff60-esr, TorBrowserTeam201804R


Comment:

 The version in `bug_25554` (https://gitweb.torproject.org/user/gk/tor-
 browser-
 build.git/commit/?h=bug_25554=886597792c7b499745145b13b050d86df8e3f5e1)
 works for me and would work with a clang/mingw-w64 toolchain as far as we
 know.

 This should get reviewed once we switched to an ESR60 tor-browser branch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25552 [Core Tor/Tor]: prop224: Onion service rev counters are useless and actually harmful for scalability

2018-04-18 Thread Tor Bug Tracker & Wiki

#25552: prop224: Onion service rev counters are useless and actually harmful for
scalability
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.1.9
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs prop224 034-roadmap-proposed  |  Actual Points:
Parent ID:   | Points:  4
 Reviewer:   |Sponsor:
-+-

Comment (by asn):

 Replying to [comment:8 asn]:
 > Latest plan: According to RFC 8032:
 > {{{
 >Some systems assume signatures are not malleable: that is, given a
 >valid signature for some message under some key, the attacker can't
 >produce another valid signature for the same message and key.
 >
 >Ed25519 and Ed448 signatures are not malleable due to the
 >verification check that decoded S is smaller than l.  Without this
 >check, one can add a multiple of l into a scalar part and still pass
 >signature verification, resulting in malleable signatures.
 > }}}
 >
 > We should check if our ed25519 implementations do the above check. If
 they do, it should be possible to just replay cache the `ED25519_SIG_LEN`
 bytes of our `ed25519_signature_t`. I plan to look at our implementation
 this week to see if the aboce check is done, then send an email to Ian
 Goldberg, and if he agrees that it's legit, proceed with this plan.

 Progressed with plan: https://lists.torproject.org/pipermail/tor-
 dev/2018-April/013074.html

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25763 [Webpages/Styleguide]: Design a .onion icon

2018-04-18 Thread Tor Bug Tracker & Wiki

#25763: Design a .onion icon
-+--
 Reporter:  antonela |  Owner:  < antonela >
 Type:  enhancement  | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Webpages/Styleguide  |Version:
 Severity:  Major| Resolution:
 Keywords:  ux-team  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by antonela):

 >
 > The SVG are here:
 > https://demo.identihub.co/project/tor-evolutionion

 Thanksss, I'll work on it and I'll back here :)


 > I am mostly concerned about the inverted versions where it would need to
 be ideally outlined and not invert the actual shape simply. This was an
 issue I addressed in the initial styleguide but as this icon is simpler,
 need to be analyzed as well.

 Yep, the outlined version could be an option

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25572 [Applications/Tor Browser]: Update NoScript to 5.1.8.5

2018-04-18 Thread Tor Bug Tracker & Wiki

#25572: Update NoScript to 5.1.8.5
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  TorBrowserTeam201804  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by ma1):

 Replying to [comment:9 cypherpunks]:
 > Replying to [comment:8 cypherpunks]:
 > > Hint: let's disable updates.
 > Of course, you don't care, but anyway 2:
 > {{{
 > addons.update-checker WARNRequest failed:
 https://secure.informaction.com/download/classic/?v=5.1.8.5 -
 [Exception... "Certificate issuer is not built-in."  nsresult: "0x80004004
 (NS_ERROR_ABORT)"  location: "JS frame ::
 resource://gre/modules/CertUtils.jsm :: checkCert :: line 171"  data: no]
 > }}}

 Could you please elaborate a bit?
 secure.informaction.com has a Let's Encrypt certificate. Does it mean
 autoupdates are expected not to work for this kind of certificates? Is it
 a Tor Browser specific feature? (Auto-updates from secure.informaction.com
 seem to work fine in Firefox).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21537 [Applications/Tor Browser]: Consider ignoring secure cookies for .onion addresses

2018-04-18 Thread Tor Bug Tracker & Wiki

#21537: Consider ignoring secure cookies for .onion addresses
-+-
 Reporter:  micah|  Owner:  gk
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-usability,   |  Actual Points:
  TorBrowserTeam201804R, GeorgKoppen201804,  |
  tbb-backport   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-usability, TorBrowserTeam201804R, GeorgKoppen201804 =>
 tbb-usability, TorBrowserTeam201804R, GeorgKoppen201804, tbb-backport


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25721 [Applications/Tor Browser]: Backport patches for 1448771

2018-04-18 Thread Tor Bug Tracker & Wiki

#25721: Backport patches for 1448771
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  TorBrowserTeam201804R,   |  Actual Points:
  GeorgKoppen201804, tbb-backport|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  TorBrowserTeam201804R, GeorgKoppen201804 =>
 TorBrowserTeam201804R, GeorgKoppen201804, tbb-backport


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features

2018-04-18 Thread Tor Bug Tracker & Wiki

Comment (by antonela):

Hi! I have been working on creating an icon set that allows us to show
visual feedback for our three levels of security.
I tried hard the ideas we talked about last week.
You can lurk them here

https://trac.torproject.org/projects/tor/attachment/ticket/25658/25658-exploration%202.png

But nothing seems working.

So, I did an exercise, and I started to walk the user journey to
understand what are the user expectations when they downgrade or upgrade
their security settings.

Let's walk through this user journey:
- User wants to visit a risky site or a shared URL from an unknown source
- User slide up the Security Slider and set up the security at Safer or
Safest
- User types the URL and waits until the content load
- The content is not loading correctly because of settings.
- User can
a) downgrade their security level to make things work
b) use the website as it is because the nonloaded content is not
critical (e.g., fonts change, or an ad at sidebar blocked with js)

In both cases, probably an update of security won't fix the problem. In
the best situation, it will create a new content display problem. But in
the worst, users are exposed to leak information.

Also, seems like users don't even need to understand how the security
engine works, but how it benefits them[0]. We may make the decision easier
for them. And we can work with their expectations.

The slider UI was selected before for being a familiar pattern to set up a
stepped security level, pretty similar to Security Slider configuration on
Microsoft's IE. But now, we are experimenting the downsides of it.

So, can we simplify the choices? What if we have two levels of security
instead of three? Activated and Deactivated.

Maybe, we can increase TorBrowser default security by moving some medium
settings to default.

You can see the concept here

https://trac.torproject.org/projects/tor/attachment/ticket/25658/25658%20-%202.png

What do you think? Can we re-think this feature, so it works proactively
with user expectations? Can we offer a UX that is intuitive and
straightforward for regular users?

And for heavy users, can we allow them to set up specific content through
a granular configuration? How technically possible it is?

Is any tradeoff on removing medium security setting? Is it a lot of
development effort?

Will people downgrade their security because something is not
working/loading properly? If yes, is it not what users are doing right now
everytime they want to see a video, and someone is tracking them, and the
resistance app is blocking the content, and the content is not working?

[0] https://www.freehaven.net/anonbib/cache/usableTor.pdf

--
Ticket URL:
Tor Bug Tracker & Wiki
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25815 [Metrics/Onionoo]: Speed up hourly updater performance

2018-04-18 Thread Tor Bug Tracker & Wiki

#25815: Speed up hourly updater performance
-+--
 Reporter:  karsten  |  Owner:  iwakeh
 Type:  enhancement  | Status:  accepted
 Priority:  Medium   |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by iwakeh):

 * owner:  metrics-team => iwakeh
 * status:  assigned => accepted


Comment:

 Taking a look, too.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features

2018-04-18 Thread Tor Bug Tracker & Wiki

#25658: Activity 2.1: Improve user understanding and user control by clarifying 
Tor
Browser's security features
---+---
 Reporter:  isabela|  Owner:  antonela
 Type:  project| Status:  assigned
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201804  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor17
---+---
Changes (by antonela):

 * Attachment "25658-exploration 2.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #25837 [Applications/Tor Browser]: Integrate fxc2 into our build setup for Windows Tor Browser builds

2018-04-18 Thread Tor Bug Tracker & Wiki

#25837: Integrate fxc2 into our build setup for Windows Tor Browser builds
--+---
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-rbm, ff60-esr
Actual Points:|  Parent ID:  #24631
   Points:|   Reviewer:
  Sponsor:|
--+---
 Starting with https://bugzilla.mozilla.org/show_bug.cgi?id=1365859 Mozilla
 is using a closed-source tool, called fxc, during the build to autocreate
 D3D11 shaders during the build.

 We don't want to do that. So, tjr set down and wrote a tool, called fxc2
 (https://github.com/tomrittervg/fxc2), that we can compile and then use
 during the build via wine(!) to do the autogeneration for us. See:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1370007 for details.

 We need to integrate that setup into our Windows build process for Tor
 Browser 8.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25833 [Core Tor/Tor]: GEOIP of exit node returns country different from the one detected by a website. May be a MiTM

2018-04-18 Thread Tor Bug Tracker & Wiki

#25833: GEOIP of exit node returns country different from the one detected by a
website. May be a MiTM
--+---
 Reporter:  cypherpunks   |  Owner:  (none)
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  not a bug
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by teor):

 * status:  new => closed
 * component:  Core Tor => Core Tor/Tor
 * resolution:   => not a bug


Comment:

 Geoip is inaccurate, and different sources assign different countries to
 the same IP address.
 It is particularly inaccurate for tor relays, because most geoip services
 are used for targeted advertising for residential IP addresses.
 This is not a bug in tor, and it probably isn't a bug in the website
 either.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #25836 [Applications/Tor Browser]: Make NoScript work on the highest security level on protected Mozilla websites

2018-04-18 Thread Tor Bug Tracker & Wiki

#25836: Make NoScript work on the highest security level on protected Mozilla
websites
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  ff60-esr
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 https://bugzilla.mozilla.org/show_bug.cgi?id=1453988 raised awareness for
 a new mechanism to regulate webextension interference with priviledged
 Mozilla sites. We need to clear the whitelist that got implemented in
 https://bugzilla.mozilla.org/show_bug.cgi?id=1415644.
 https://bugzilla.mozilla.org/show_bug.cgi?id=1453988#c0 gives a good
 introduction about the trade-offs involved and we might think about a
 better solution while preparing our switch to ESR60 (or do so in a follow-
 up bug).

 One idea tjr had was to get a patch developed to make an exemption to that
 whitelist for Mozilla-signed extensions. We could then piggyback on that
 by signing all the extensions we ship which we thought about doing anyway.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #25835 [Applications/Tor Browser]: Move build dependencies from people.tpo

2018-04-18 Thread Tor Bug Tracker & Wiki

#25835: Move build dependencies from people.tpo
-+-
 Reporter:  boklm|  Owner:  tbb-team
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  TorBrowserTeam201804,
 Severity:  Normal   |  boklm201804, tbb-rbm
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Currently we are hosting some of the dependencies we use for building Tor
 Browser on people.torproject.org. However people.torproject.org is just
 one host, and it is sometimes down.

 I think we could maybe move those files to extra.torproject.org,
 dist.torproject.org, or ask tpa to create a new hostname for those files.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25834 [Applications/Tor Browser]: Use compiler dependent spec files for mingw-w64

2018-04-18 Thread Tor Bug Tracker & Wiki

#25834: Use compiler dependent spec files for mingw-w64
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-rbm, ff60-esr |  Actual Points:
Parent ID:  #24631| Points:
 Reviewer:|Sponsor:
--+--

Comment (by boklm):

 I am now testing a build with this patch:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 build.git/commit/?h=bug_25834=6e4643e22c7beefc8c5c2d79e086c9416b9c330b

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #4902 [Firefox Patch Issues]: Change the default search engine in TBB

2018-04-18 Thread Tor Bug Tracker & Wiki

#4902: Change the default search engine in TBB
---+---
 Reporter:  phobos |  Owner:  mikeperry
 Type:  enhancement| Status:  closed
 Priority:  Medium |  Milestone:  TorBrowserBundle 2.3.x-stable
Component:  Firefox Patch  |Version:
  Issues   |
 Severity:  Blocker| Resolution:  worksforme
 Keywords: |  Actual Points:  1
  MikePerry201204  |
Parent ID: | Points:  1
 Reviewer: |Sponsor:
---+---

Comment (by cypherpunks):

 Replying to [comment:39 heyjoe]:
 > > Correlate isn't that simple.
 >
 > I am not saying that it is simple per se but the more data there is, the
 easier it becomes to correlate it. Though I am unaware of starpage's
 infrastructure and relations, still we are all aware that Amazon is not
 our friend. Ideally we would have a decentralized search but AFAIK such is
 not available ATM.
 > > I don't see the gains from such a complex maneuver to be honest.
 >
 > Which is a complex maneuver?
 The complex maneuver of engineering a correlation mechanism that
 identifies unique users with their searches with low false positives and
 with only timing (and no fingerprinting) and content as input. It's
 probably impossible.

 > Setting another default search engine is easy. Though I am not familiar
 with any legal factors that may be preventing this (as in an expressed
 disagreement by Startpage).
 It's not easy when there are no alternatives (searx will get overwhelmed
 and their infrastructure won't be able to handle the load, bing, qwant,
 baidu and yahoo searches are really poor quality wise). It's not a legal
 problem, Startpage puts up captchas to Tor users when it was enabled as
 default not so long ago IIRC. (Can't find the relevant comments.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25831 [Metrics/Library]: Release metrics-lib 2.3.0

2018-04-18 Thread Tor Bug Tracker & Wiki

#25831: Release metrics-lib 2.3.0
-+---
 Reporter:  karsten  |  Owner:  karsten
 Type:  task | Status:  merge_ready
 Priority:  Medium   |  Milestone:  metrics-lib 2.3.0
Component:  Metrics/Library  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:  iwakeh   |Sponsor:
-+---

Comment (by iwakeh):

 For the release an update of metrics-web is necessary to also have the
 current javadoc for the api changes made.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #4902 [Firefox Patch Issues]: Change the default search engine in TBB

2018-04-18 Thread Tor Bug Tracker & Wiki

#4902: Change the default search engine in TBB
---+---
 Reporter:  phobos |  Owner:  mikeperry
 Type:  enhancement| Status:  closed
 Priority:  Medium |  Milestone:  TorBrowserBundle 2.3.x-stable
Component:  Firefox Patch  |Version:
  Issues   |
 Severity:  Blocker| Resolution:  worksforme
 Keywords: |  Actual Points:  1
  MikePerry201204  |
Parent ID: | Points:  1
 Reviewer: |Sponsor:
---+---

Comment (by heyjoe):

 > Correlate isn't that simple.

 I am not saying that it is simple per se but the more data there is, the
 easier it becomes to correlate it. Though I am unaware of starpage's
 infrastructure and relations, still we are all aware that Amazon is not
 our friend. Ideally we would have a decentralized search but AFAIK such is
 not available ATM.

 > I don't see the gains from such a complex maneuver to be honest.

 Which is a complex maneuver? Setting another default search engine is
 easy. Though I am not familiar with any legal factors that may be
 preventing this (as in an expressed disagreement by Startpage).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

1 2 >

1 - 100 of 137 matches

Mail list logo