Re: [tor-bugs] #20735 [Applications/Tor Browser]: Add snowflake pt to alpha linux builds

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20735: Add snowflake pt to alpha linux builds
--+--
 Reporter:  arlolra   |  Owner:  tbb-team
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201611R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by arlolra):

 > How about this: We get snowflake into the nightlies for now and plan to
 ship it into the alpha after the next one (which is due in January 2017).

 Sounds good.  To be clear, is it the next one that goes out in January, or
 the one after?  (Words are hard.)

 > And you are trying to take care of #20813 meanwhile?

 Yes, I've initiated a discussion with the team.

 > We need to freeze the code for the next alpha next week and it seems to
 me that timeframe might be too short to get #20813 done sufficiently. Or
 am I wrong in that regard?

 No, that's probably fair to say.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20818 [Applications/Tor Browser]: duckduckgo redirect to non-js in medium

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20818: duckduckgo redirect to non-js in medium
--+--
 Reporter:  i139  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * owner:   => tbb-team
 * component:  - Select a component => Applications/Tor Browser


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20348 [Metrics/Censorship analysis]: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf. cyberoam assists bloody dictatorships.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20348: kz no need tor, tor no need kz, if anybody want they can to use 
ultrasurf.
cyberoam assists bloody dictatorships.
-+-
 Reporter:  dcf  |  Owner:
 Type:  project  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:  invalid
 Keywords:  censorship block kz  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Vendor changes code on a fly, maybe. When this ticket started kz used to
 detect all connections, then updated and now it waits for some thresholds
 (global or local) to do stat analysis and then to apply simplified tests
 for known addr:port to prevent false positive based on addr:port only.
 It's has nothing to do with DLP or anything but perfect for mass
 censorship.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20735 [Applications/Tor Browser]: Add snowflake pt to alpha linux builds

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20735: Add snowflake pt to alpha linux builds
--+--
 Reporter:  arlolra   |  Owner:  tbb-team
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201611R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:12 arlolra]:
 > > I don't think so.
 >
 > Ok, I guess I was confused by your "propagate that to get the browser
 proxy more widely distributed".  The `snowflake-client` built here is
 independent of the proxy.  Anyways, we're on the same page.  Sorry.

 No worries, I should have framed it better. :)

 > > Yes, let's do that. What I want to avoid is alpha users having
 basically zero chances of getting a working Snowflake and coming instead
 to us claiming it is broken.
 >
 > Gotcha, see #20813

 Thanks. How about this: We get snowflake into the nightlies for now and
 plan to ship it into the alpha after the next one (which is due in January
 2017). And you are trying to take care of #20813 meanwhile? We need to
 freeze the code for the next alpha next week and it seems to me that
 timeframe might be too short to get #20813 done sufficiently. Or am I
 wrong in that regard?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20817 [Applications/Tor Browser]: NoScript show, "allow scripts globally" how break default settings

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20817: NoScript show, "allow scripts globally" how break default settings
--+---
 Reporter:  i139  |  Owner:
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  not a bug
 Keywords:  tbb-security-slider   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * status:  new => closed
 * resolution:   => not a bug
 * component:  - Select a component => Applications/Tor Browser
 * keywords:   => tbb-security-slider


Comment:

 Yes, choosing "Allow Scripts Globally (dangerous)" breaks high and medium
 settings and puts you in the custom mode. This is intended. And, no, the
 user won't be put into the low/default mode as the other preferences stay
 untouched.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13464 [Applications/Tor Browser]: NoScript blocks right-click searching of text

2016-11-28 Thread Tor Bug Tracker & Wiki 
#13464: NoScript blocks right-click searching of text
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  noscript, tbb-usability   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 Fixed in NoScript 2.9.5.2.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20772 [Applications/Tor Browser]: src="data: ; base64 images rendered when "Show images"="Blocked"

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20772: src="data:;base64 images rendered when "Show images"="Blocked"
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * priority:  High => Medium
 * status:  needs_review => assigned
 * severity:  Critical => Normal


Comment:

 I don't see a patch attached to this ticket or linked to in this ticket,
 especially none that cleanly applies to Tor Browser we are currently
 using, thus cancelling the review request.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20752 [Applications/Tor Browser]: Search box with DuckDuckGo (and other search engines) is broken on security level High and Medium-High

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20752: Search box with DuckDuckGo (and other search engines) is broken on 
security
level High and Medium-High
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-usability, TorBrowserTeam201611  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 Fixed with NoScript 2.9.5.2 it seems.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19210 [Applications/Tor Browser]: NoScript places WebM videos too late behind click-to-play in higher security levels

2016-11-28 Thread Tor Bug Tracker & Wiki 
#19210: NoScript places WebM videos too late behind click-to-play in higher
security levels
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:  fixed
 Keywords:  tbb-regression, tbb-security-|  Actual Points:
  slider, tbb-6.0-issues, noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_information => closed
 * resolution:   => fixed


Comment:

 Fixed with 2.9.5.2, thanks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20321 [Applications/Tor Browser]: Mac OS X - Quit Tor Browser Finder Menu Does Not Work from Tor Network Settings

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20321: Mac OS X - Quit Tor Browser Finder Menu Does Not Work from Tor Network
Settings
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Low   |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-usability |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * priority:  Medium => Low


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20819 [Core Tor]: Unable to access any website.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20819: Unable to access any website.
--+
 Reporter:  thoughtfulleader  |  Owner:
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Core Tor  |Version:
 Severity:  Normal| Resolution:  worksforme
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by arma):

 * status:  new => closed
 * cc: n8fr8 (added)
 * resolution:   => worksforme
 * severity:  Critical => Normal
 * priority:  Very High => Medium


Comment:

 All sorts of things could be wrong -- for example, your clock might be
 wrong.

 Alas, this sounds like an Orbot issue, not a Tor issue, so the Guardian
 project is the best place to ask:
 https://guardianproject.info/contact/

 Good luck!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20819 [Core Tor]: Unable to access any website.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20819: Unable to access any website.
--+-
 Reporter:  thoughtfulleader  |  Owner:
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Core Tor  |Version:
 Severity:  Critical  |   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 I can't get any website. Android 6.0.1. AT carrier. I go to purple.com
 in Firefox and it's subsecond. I try purple.com in Orfox and it times out.
 It times out on every website. I have orbot and orfox. Downloaded two
 weeks ago. I don't have any restrictions in settings.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20772 [Applications/Tor Browser]: src="data: ; base64 images rendered when "Show images"="Blocked"

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20772: src="data:;base64 images rendered when "Show images"="Blocked"
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Critical  | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * status:  new => needs_review
 * priority:  Medium => High
 * severity:  Normal => Critical


Comment:

 In light of all the past attacks on images, the length of time zero days
 can exist, the increased security focus of TBB compared to Firefox, the
 fact that Mozilla have all but markrd this WONTFIX (despite patches being
 provided, and the fact that soon it will be legal to hack everyone on
 Earth without restriction, might you possibly reconsider leaving this to
 Mozilla?

 Even if all you say is "pull requests welcome", that's far better than
 "WONTFIX". The patches in the Mozilla bug you linked to probably work as-
 is in TBB, but compiling a custom TBB would stand out eay to much. I beg
 you, please consider including one of the patches from
 https://bugzilla.mozilla.org/show_bug.cgi?id=331257

 Systems are routinely compromised by images; http://search.us-
 cert.gov/search?utf8=%E2%9C%93=advanced=us-cert
 =JPEG+GIF+PNG+BMP=10=off=31=9 therefor
 raising priority. Please forgive my stubborness on this, it just seems
 extremely dangerous.

 I can't compile it to test but the patches in the Mozilla thread lokely
 just need a brief review and merge, I hope.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20348 [Metrics/Censorship analysis]: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf. cyberoam assists bloody dictatorships.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20348: kz no need tor, tor no need kz, if anybody want they can to use 
ultrasurf.
cyberoam assists bloody dictatorships.
-+-
 Reporter:  dcf  |  Owner:
 Type:  project  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:  invalid
 Keywords:  censorship block kz  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by dcf):

 Replying to [comment:91 cypherpunks]:
 > > There could be another cause: for example suppose all the DPI boxes
 count connections to each IP address and upload the logs to a central
 place, then the firewalls only apply their timing/entropy heuristics to
 popular destinations. It wouldn't surprise me if a firewall vendor were
 uploading customer connection logs in order to do data mining on them.
 >
 > They no need to send it to central place, box can to count connections
 locally to skip all new addr:port. But then why need to count entropy
 every time for already known addr:port? Why so complex?

 The reason I mentioned sending logs to a central place is that the tor-
 talk commenter said that for them, too, well-used bridges were detected
 and unused bridges were not detected. I assumed that they did not have a
 lot of other users behind the firewall that were increasing connection
 counts for the default bridges, but I could be wrong about that
 assumption.
 https://lists.torproject.org/pipermail/tor-talk/2016-November/042592.html

 It might be just a blacklist that all firewalls share. Even then, I can't
 explain why they would seemingly be checking entropy and doing a lot of
 work, rather than just blocking the endpoints.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20348 [Metrics/Censorship analysis]: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf. cyberoam assists bloody dictatorships.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20348: kz no need tor, tor no need kz, if anybody want they can to use 
ultrasurf.
cyberoam assists bloody dictatorships.
-+-
 Reporter:  dcf  |  Owner:
 Type:  project  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:  invalid
 Keywords:  censorship block kz  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by dcf):

 Replying to [comment:93 cypherpunks]:
 > Was GreenBelt:5881 result of DNAT too? How can I test two DNATs for the
 same bridge with one public and another private ports?

 They are set up with iptables forwarding rules, yes. For example,
 GreenBelt:60873 is the actual listening obfs4port, and GreenBelt:1984 and
 GreenBelt:5881 forward to it. Mosaddegh:41835 is the actual obfs4port, and
 Mosaddege:1984 and Mosaddegh:80 forward to it.

 The reason there are so many forwarding rules is we have been rotating
 port the past few releases: #20092 #20296.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20818 [- Select a component]: duckduckgo redirect to non-js in medium

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20818: duckduckgo redirect to non-js in medium
--+-
 Reporter:  i139  |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 duckduckgo is redirecting to non-js in medium setting

 this is the problem

 before duckduckgo make a https connection it's redirect to the html
 version

 noscript just allow js in https

 its a timing problem

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20586 [Applications/Tor Browser]: Enforcement of browser window size breaks in awesome

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20586: Enforcement of browser window size breaks in awesome
---+--
 Reporter:  legind |  Owner:  tbb-team
 Type:  defect | Status:  closed
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords:  tbb-fingerprinting-resolution  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by legind):

 * status:  needs_information => closed
 * resolution:   => fixed


Comment:

 I can confirm that in Awesome using TB 6.5a4 the viewport width and height
 are reduced to the nearest multiple of 100 below the current window size.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20769 [Applications/Tor Browser]: TB on Windows: Fails to connect to socks proxy

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20769: TB on Windows: Fails to connect to socks proxy
--+---
 Reporter:  mrphs |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by mcs):

 Replying to [comment:4 mrphs]:
 > It indeed seems to be some user mistake, though I can't point it out. It
 might be a general proxy setting applied by some other circumvention tool
 or proxy. Does Tor Browser honor a generally set proxy in Windows?

 No, Tor Browser does not look at OS proxy settings (although doing so
 might make initial set up easier for some people).

 > As a side note, this makes me think maybe we should have better error
 handling when Tor doesn't connect. Tor itself writes pretty good logs, but
 Tor Browser doesn't necessarily communicates them with user in a tangible
 way that general user can understand. I can think of an error like this
 popping up and while saying Tor was unable to connect, asks users if
 they've any other application or proxy setup that is intervening.

 I think interpreting the Tor log messages is something that would be hard
 to get right. But we should at least make it easier to see the errors and
 warnings. Related tickets: #9516, #9675, #12733.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20816 [Internal Services/Service - git]: Add Alex de Joode (dizum) to the dirauth-conf git repository

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20816: Add Alex de Joode (dizum) to the dirauth-conf git repository
-+
 Reporter:  dgoulet  |  Owner:  tor-gitadm
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - git  |Version:
 Severity:  Normal   | Resolution:  invalid
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by dgoulet):

 * status:  new => closed
 * resolution:   => invalid


Comment:

 Nvm, "usura" user is on the ACL for dirauth-conf.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20813 [Obfuscation/Snowflake]: Start producing snowflakes

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20813: Start producing snowflakes
---+-
 Reporter:  arlolra|  Owner:
 Type:  defect | Status:  new
 Priority:  High   |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+-
Changes (by mcs):

 * cc: mcs (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20817 [- Select a component]: NoScript show, "allow scripts globally" how break default settings

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20817: NoScript show, "allow scripts globally" how break default settings
--+-
 Reporter:  i139  |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 this make the user break the high or medium setting slider, for a custom
 setting

 and also, when user want to allow scripts globally, user will be put in
 low setting

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20816 [Internal Services/Service - git]: Add Alex de Joode (dizum) to the dirauth-conf git repository

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20816: Add Alex de Joode (dizum) to the dirauth-conf git repository
-+
 Reporter:  dgoulet  |  Owner:  tor-gitadm
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - git  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+
 Turns out that Alex doesn't have access to the dirauth-conf repository so
 this ticket is about adding him to it.

 I'll let him provide an SSH key. Will send him information by email about
 how to submit it either here or by email and GPG signed in both cases.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20815 [Applications/Tor Browser]: UI dev work of security slider experience on Orfox

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20815: UI dev work of security slider experience on Orfox
--+--
 Reporter:  isabela   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile, android   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arthuredelstein):

 * cc: arthuredelstein (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20814 [Applications/Tor Browser]: Pick a more accurate name for the "hardened" Tor Browser

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20814: Pick a more accurate name for the "hardened" Tor Browser
--+--
 Reporter:  arma  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by arma):

 I know little here -- I'm just opening the ticket so the topic gets
 attention and a resolution.

 Folks on irc were talking about how asan and (I assume it was) aslr are
 not easily compatible, and/or how asan provides more predictable addresses
 for rop-style gadgets.

 I guess step zero here then is to find somebody who has a strong opinion
 about the topic and also is right? :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20815 [Applications/Tor Browser]: UI dev work of security slider experience on Orfox (was: FE part of security slider experience on Orfox)

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20815: UI dev work of security slider experience on Orfox
--+--
 Reporter:  isabela   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile, android   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20815 [Applications/Tor Browser]: FE part of security slider experience on Orfox

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20815: FE part of security slider experience on Orfox
--+
 Reporter:  isabela   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-mobile,
  |  android
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 Project reference:
 
https://trac.torproject.org/projects/tor/wiki/org/teams/ApplicationsTeam/TorBrowserAndroid/Roadmap

 Contract would start with 25hrs of work.

 UI Work description:
 Port or reimplement Tor Browser "Security Slider" user interface to
 Firefox Add-on SDK for user on Orfox/Firefox Android
 Design of user interface will need to be updated to support more
 "responsive" mobile design and layout
 Implementation will call into methods against dummy/skeleton code for
 actual logic
 UI must be internationalized/localized to support same string resources
 from TB Security Slider
 Test implementation within Orfox on Android

 Security Slider specs and docs can be found at:
 https://trac.torproject.org/projects/tor/ticket/9387#comment:82
 https://blog.torproject.org/blog/tor-browser-45-released
 https://people.torproject.org/~mikeperry/images/SecuritySlider.jpg

 Wireframes for the experience we want to build:
 https://trac.torproject.org/projects/tor/ticket/20291

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19675 [Applications/Tor Browser]: Merge Orfox patches into tor-browser

2016-11-28 Thread Tor Bug Tracker & Wiki 
#19675: Merge Orfox patches into tor-browser
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arthuredelstein):

 * cc: arthuredelstein (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20814 [Applications/Tor Browser]: Pick a more accurate name for the "hardened" Tor Browser

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20814: Pick a more accurate name for the "hardened" Tor Browser
--+--
 Reporter:  arma  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by yawning):

 > since asan is at odds with some of the address randomization stuff that
 we would want in a true hardened build.

 Is this "it doesn't run on grsec kernels because of PaX", or is there more
 that you're referring to here.

 (Since we're talking about the parts that are hardened, release/alpha do
 not build tor with seccomp support.  This would be good to have in alpha,
 though it will introduce a library dependency.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20782 [Applications/Tor Browser Sandbox]: Use a seccomp whitelist when the tor daemon is configured to use Bridges.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20782: Use a seccomp whitelist when the tor daemon is configured to use 
Bridges.
--+-
 Reporter:  yawning   |  Owner:  yawning
 Type:  enhancement   | Status:  closed
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser Sandbox  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by yawning):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 https://gitweb.torproject.org/tor-browser/sandboxed-tor-
 browser.git/commit/?id=7cf5fba78a7641043454f7f7d24edce4ed938197

 For now use a combined tor + obfs4prxy whitelist.  Seems to work in my
 test envs.  I'm going to tag this as fixed for now, and deal with
 decoupling the two later.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20782 [Applications/Tor Browser Sandbox]: Use a seccomp whitelist when the tor daemon is configured to use Bridges.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20782: Use a seccomp whitelist when the tor daemon is configured to use 
Bridges.
--+-
 Reporter:  yawning   |  Owner:  yawning
 Type:  enhancement   | Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser Sandbox  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-

Comment (by yawning):

 I missed a few calls when I wrote up my list of what's required, and since
 the tor profile now has mmap rules, there's even more stuff.

 `setsockopt` -> `arg1 == SOL_SOCKET && arg2 == SO_BROADCAST`, `arg1 ==
 SOL_IPV6 && arg2 == IPV6_V6ONLY`
 `mmap` -> `arg2 == PROT_NONE && (arg3 == MAP_PRIVATE|MAP_ANONYMOUS || arg3
 == MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS)`
 `getppid: 1`

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19210 [Applications/Tor Browser]: NoScript places WebM videos too late behind click-to-play in higher security levels

2016-11-28 Thread Tor Bug Tracker & Wiki 
#19210: NoScript places WebM videos too late behind click-to-play in higher
security levels
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  tbb-regression, tbb-security-|  Actual Points:
  slider, tbb-6.0-issues, noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by i139):

 tested;
 TBB 6.5a4
 NoScript 2.9.5.2rc4
 secure setting in high
 MSE enabled

 now all is working proper

 Thanks!!

 can close the ticket now

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20314 [Applications/Tor Browser]: Make SVG click-to-play

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20314: Make SVG click-to-play
--+--
 Reporter:  bugzilla  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  noscript, tbb-usability   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by i139):

 make a per domain block, like MSE videos was now.

 block per elements will still break the page.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20348 [Metrics/Censorship analysis]: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf. cyberoam assists bloody dictatorships.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20348: kz no need tor, tor no need kz, if anybody want they can to use 
ultrasurf.
cyberoam assists bloody dictatorships.
-+-
 Reporter:  dcf  |  Owner:
 Type:  project  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:  invalid
 Keywords:  censorship block kz  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 > Secret obfs4 bridges from bridges.torproject.org are also blocked. It
 seems to be dynamic detection, not a static blacklist.

 That was wrong generalization it seems, or something changed, or something
 something. Some bridges was tested for sure, and they was "detected" but I
 can't recall used addr:port and exact result of "detection". Fresh tested
 secret obfs4 bridges from bridges.torproject.org are works now, (all
 tested do reports of solid bandwidth and wasn't listen on 80 port).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20814 [Applications/Tor Browser]: Pick a more accurate name for the "hardened" Tor Browser

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20814: Pick a more accurate name for the "hardened" Tor Browser
--+--
 Reporter:  arma  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by arma):

 (One could argue that selfrando is indeed hardening. And that's great. If
 we think it's good for users, let's put that into the alpha version and
 eventually into the mainline version.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17380 [Applications/Tor Browser]: Splitting the build of each components

2016-11-28 Thread Tor Bug Tracker & Wiki 
#17380: Splitting the build of each components
--+---
 Reporter:  boklm |  Owner:  boklm
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #17379| Points:
 Reviewer:|Sponsor:
--+---

Comment (by boklm):

 I started a `dev` branch on https://gitweb.torproject.org/user/boklm/tor-
 browser-build.git/.
 I made a copy of the components from `tor-messenger-build` that we will
 use in Tor Browser, and will now start adding the missing Tor Browser
 components.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20814 [Applications/Tor Browser]: Pick a more accurate name for the "hardened" Tor Browser

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20814: Pick a more accurate name for the "hardened" Tor Browser
--+--
 Reporter:  arma  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 I learned last week that the "hardened" Tor Browser is potentially more
 vulnerable to attack than the vanilla one -- since asan is at odds with
 some of the address randomization stuff that we would want in a true
 hardened build.

 In particular, it sounds like the hardened version is intended to be used
 by developers and other people who are able to report bugs, since it will
 be more likely to crash and is hopefully better prepared to explain where
 the crash was.

 Then I saw https://trac.torproject.org/projects/tor/ticket/20773#comment:4
 today, where yawning's sandboxed tor browser has to open up some more
 surface area (specifically, /proc) for the hardened version to use asan
 correctly.

 At the same time, we have users who are eager to use the hardened version,
 because of how crappy Firefox's security is, and they are frustrated with
 us that we will only make a hardened version of tor browser available for
 linux users.

 Should we change its name to better reflect what it does and what it's
 for?

 "debugging"? "fragile"? "developer"?

 Who are your ideal users of this version, and are they using it?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20813 [Obfuscation/Snowflake]: Start producing snowflakes

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20813: Start producing snowflakes
---+-
 Reporter:  arlolra|  Owner:
 Type:  defect | Status:  new
 Priority:  High   |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal |   Keywords:
Actual Points: |  Parent ID:
   Points: |   Reviewer:
  Sponsor: |
---+-
 Once `snowflake-client` gets in the alpha Tor Browser builds (#20735),
 we're going to have some unhappy users if we don't have a sufficient
 number of proxies available.

 We should start ramping up production asap.

 Some ideas in,
 https://github.com/glamrock/cupcake
 https://github.com/keroserene/snowflake/issues/30

 We probably also want to close out the opt-in issue,
 https://github.com/keroserene/snowflake/issues/21

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20735 [Applications/Tor Browser]: Add snowflake pt to alpha linux builds

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20735: Add snowflake pt to alpha linux builds
--+--
 Reporter:  arlolra   |  Owner:  tbb-team
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201611R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by arlolra):

 > I don't think so.

 Ok, I guess I was confused by your "propagate that to get the browser
 proxy more widely distributed".  The `snowflake-client` built here is
 independent of the proxy.  Anyways, we're on the same page.  Sorry.

 > Yes, let's do that. What I want to avoid is alpha users having basically
 zero chances of getting a working Snowflake and coming instead to us
 claiming it is broken.

 Gotcha, see #20813

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20803 [Core Tor/Tor]: recommended-client-protocols and related are not in dir-spec

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20803: recommended-client-protocols and related are not in dir-spec
--+
 Reporter:  tom   |  Owner:
 Type:  defect| Status:  new
 Priority:  Low   |  Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-spec  |  Actual Points:
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+

Comment (by atagar):

 On a side note, please make an effort to keep the spec up to date soon
 after things go into tor. As far as I'm concerned the presence of fields
 like this in descriptors is a tor bug until they do.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20735 [Applications/Tor Browser]: Add snowflake pt to alpha linux builds

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20735: Add snowflake pt to alpha linux builds
--+--
 Reporter:  arlolra   |  Owner:  tbb-team
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201611R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:10 arlolra]:
 > > Wouldn't it be smarter to have, say, Snowflake in our nightly builds
 first for a while, propagate that to get the browser proxy more widely
 distributed and then ship it in alphas?
 >
 > Maybe there's a misunderstanding here.

 I don't think so.

 > The proxies (snowflakes) are run by random internet users in uncensored
 regions.  They just need to navigate to a certain website and then their
 browser takes over.  Distributing it widely means hosting the badge on
 say, torproject.org, or some other highly trafficked site.

 Yes, let's do that. What I want to avoid is alpha users having basically
 zero chances of getting a working Snowflake and coming instead to us
 claiming it is broken.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20749 [User Experience/Website]: Update press page with articles from Oct 2015 - Sept 2016

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20749: Update press page with articles from Oct 2015 - Sept 2016
-+
 Reporter:  isabela  |  Owner:  hiro
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  User Experience/Website  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by Sebastian):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 looks fine thanks [x]

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19877 [Core Tor/Tor]: Implement new guard selection algorithm of prop 271

2016-11-28 Thread Tor Bug Tracker & Wiki 
#19877: Implement new guard selection algorithm of prop 271
-+-
 Reporter:  andrea   |  Owner:  nickm
 Type:  task | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.0.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  isaremoved, nickwants029, tor-   |  Actual Points:
  guards-revamp, TorCoreTeam201611   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  SponsorU-must
-+-

Comment (by nickm):

 Replying to [comment:9 asn]:
 > Hello, I did a very rough initial review based on the WIP branch
 `prop271-wip`. Haven't run it yet. Great work so far, very excited about
 splitting bridge code to another file as well.
 >
 > Some of these comments might be too low level for this stage of
 implementation, so feel free to ignore them. Also, I have not re-loaded
 the whole proposal in my brain yet, so I didn't go too deep in the nitty
 gritty details.
 >
 > - There are a few big scary functions that could be splitted into
 smaller functions to make them more manageable. e.g.
 `sampled_guards_update_from_consensus()` and
 `entry_guards_update_primary`.
 >
 >   Also the fundamental function `select_entry_guard_for_circuit()` could
 be split into three smaller functions, each for one spec case.

 Ack.  I'll add a " can this split up" comment to those.

 > - Agreed that the `entry_guard_succeeded()` tristate is ugly and makes
 the `circuit_send_next_onion_skin()` logic harder to read. Perhaps the
 retval could be turned into an enum?

 Ack, will fix.

 > - If `add_bridge_as_entry_guard()` is a pub function of the entrynodes
 API, should it have a prefix? Or we are not at that level of tidyness yet?

 The entire bridge->entry interface is in flux; I hope we clean it up by
 the end.

 > - Why do we need the spaceless ISO time functions? Can't we use the
 spaceful ones for state? Or is it to maintain backwards compat?

 For the state format I chose, everything is spaceless.  That makes it much
 much easier.

 > - Parsing guards from state seems a bit of a pain now. For example,
 `entry_guard_parse_from_state()` does ad-hoc string parsing. Would it be
 possible to use the config parsing API for that?

 Oooh.  Interesting.  We'd have to make it recursive, so it can handle the
 values within a line rather than just handling lines.  Could be neat
 though.  Maybe as another ticket?

 > - Could `smartlist_remove_keeporder()` be implemented with
 `smartlist_pos()` and `smartlist_del_keeporder()` to avoid writing more
 smartlist code?

 Only in quadratic-time: smartlist_remove_keeporder() needs to remove every
 occurrence of the target element. So to emulate it with pos and
 del_keeporder, you'd need to say:
 {{{
 int idx;
 while ( (idx = smartlist_pos(sl, element)) >= 0) {
   smartlist_del_keeporder(sl, idx);
 }
 }}}

 > Finally, how should one robustly test this branch? Do you use iptable
 scripts or something?

 I've been doing ad-hoc iptable stuff, doing some of my hacking from nasty
 coffeeshop ISPs, etc.  I haven't figured out how to do a really thorough
 hostile-network integration test though.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20735 [Applications/Tor Browser]: Add snowflake pt to alpha linux builds

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20735: Add snowflake pt to alpha linux builds
--+--
 Reporter:  arlolra   |  Owner:  tbb-team
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201611R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by arlolra):

 > Wouldn't it be smarter to have, say, Snowflake in our nightly builds
 first for a while, propagate that to get the browser proxy more widely
 distributed and then ship it in alphas?

 Maybe there's a misunderstanding here.

 The proxies (snowflakes) are run by random internet users in uncensored
 regions.  They just need to navigate to a certain website and then their
 browser takes over.  Distributing it widely means hosting the badge on
 say, torproject.org, or some other highly trafficked site.

 It's the same model as flashproxy (https://crypto.stanford.edu/flashproxy
 /#how-it-works).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19877 [Core Tor/Tor]: Implement new guard selection algorithm of prop 271

2016-11-28 Thread Tor Bug Tracker & Wiki 
#19877: Implement new guard selection algorithm of prop 271
-+-
 Reporter:  andrea   |  Owner:  nickm
 Type:  task | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.0.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  isaremoved, nickwants029, tor-   |  Actual Points:
  guards-revamp, TorCoreTeam201611   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  SponsorU-must
-+-

Comment (by asn):

 Hello, I did a very rough initial review based on the WIP branch
 `prop271-wip`. Haven't run it yet. Great work so far, very excited about
 splitting bridge code to another file as well.

 Some of these comments might be too low level for this stage of
 implementation, so feel free to ignore them. Also, I have not re-loaded
 the whole proposal in my brain yet, so I didn't go too deep in the nitty
 gritty details.

 - There are a few big scary functions that could be splitted into smaller
 functions to make them more manageable. e.g.
 `sampled_guards_update_from_consensus()` and
 `entry_guards_update_primary`.

   Also the fundamental function `select_entry_guard_for_circuit()` could
 be split into three smaller functions, each for one spec case.

 - Agreed that the `entry_guard_succeeded()` tristate is ugly and makes the
 `circuit_send_next_onion_skin()` logic harder to read. Perhaps the retval
 could be turned into an enum?

 - If `add_bridge_as_entry_guard()` is a pub function of the entrynodes
 API, should it have a prefix? Or we are not at that level of tidyness yet?

 - Why do we need the spaceless ISO time functions? Can't we use the
 spaceful ones for state? Or is it to maintain backwards compat?

 - Parsing guards from state seems a bit of a pain now. For example,
 `entry_guard_parse_from_state()` does ad-hoc string parsing. Would it be
 possible to use the config parsing API for that?

 - Could `smartlist_remove_keeporder()` be implemented with
 `smartlist_pos()` and `smartlist_del_keeporder()` to avoid writing more
 smartlist code?

 Finally, how should one robustly test this branch? Do you use iptable
 scripts or something?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20803 [Core Tor/Tor]: recommended-client-protocols and related are not in dir-spec

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20803: recommended-client-protocols and related are not in dir-spec
--+
 Reporter:  tom   |  Owner:
 Type:  defect| Status:  new
 Priority:  Low   |  Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-spec  |  Actual Points:
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+
Changes (by asn):

 * keywords:  spec => tor-spec


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15056 [Core Tor/Tor]: Support ed25519 identities for circuit extension

2016-11-28 Thread Tor Bug Tracker & Wiki 
#15056: Support ed25519 identities for circuit extension
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  High |  Milestone:  Tor:
 |  0.3.0.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, ed25519, prop-220,|  Actual Points:
  027-triaged-1-in, 028-triaged, |
  201511-deferred, tor-crypto-identity, tor- |
  ed25519-proto, TorCoreTeam201609, nickm-   |
  deferred-20161005, review-group-12 |
Parent ID:  #15054   | Points:  parent
 Reviewer:  dgoulet  |Sponsor:
 |  SponsorU-must
-+-
Changes (by dgoulet):

 * reviewer:   => dgoulet


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20626 [Applications/Quality Assurance and Testing]: Update slider and settings tests following the changes from #20264 and #19417

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20626: Update slider and settings tests following the changes from #20264 and
#19417
-+-
 Reporter:  boklm|  Owner:  boklm
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Quality Assurance and   |Version:
  Testing|
 Severity:  Normal   | Resolution:  fixed
 Keywords:  TorBrowserTeam201611 |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 The slider_settings tests should now pass on 6.0, 6.5 and nightly versions
 of Tor Browser.

 * the slider_settings tests have been refactored in a similar way to what
 was done in torbutton in commit e59f6df84dcfde500f41eefb608dd878a7fc9d6b.
 * the `slider_settings_3` test is now disabled, except on Tor Browser
 6.0.* versions
 * `javascript.options.asmjs` is now removed from the slider settings tests
 * an option to add specific settings for 6.0.* versions has been added
 (but is not needed for now)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20812 [Internal Services]: svn access for hiro

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20812: svn access for hiro
---+-
 Reporter:  hiro   |  Owner:
 Type:  defect | Status:  new
 Priority:  Low|  Milestone:
Component:  Internal Services  |Version:
 Severity:  Normal |   Keywords:
Actual Points: |  Parent ID:
   Points: |   Reviewer:
  Sponsor: |
---+-
 Need access to act as PoC for the current svn.

 Username: hiro
 email: hiro at tpo

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20769 [Applications/Tor Browser]: TB on Windows: Fails to connect to socks proxy

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20769: TB on Windows: Fails to connect to socks proxy
--+---
 Reporter:  mrphs |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by mrphs):

 It indeed seems to be some user mistake, though I can't point it out. It
 might be a general proxy setting applied by some other circumvention tool
 or proxy. Does Tor Browser honor a generally set proxy in Windows?


 As a side note, this makes me think maybe we should have better error
 handling when Tor doesn't connect. Tor itself writes pretty good logs, but
 Tor Browser doesn't necessarily communicates them with user in a tangible
 way that general user can understand. I can think of an error like this
 popping up and while saying Tor was unable to connect, asks users if
 they've any other application or proxy setup that is intervening.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20769 [Applications/Tor Browser]: TB on Windows: Fails to connect to socks proxy

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20769: TB on Windows: Fails to connect to socks proxy
--+---
 Reporter:  mrphs |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by mrphs):

 I just double checked, they seem to be on Windows 10 using Tor Browser
 6.0.6.
 And they just shared the screen shot of the Tor Browser Network Settings,
 confirming no local proxy is set.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19210 [Applications/Tor Browser]: NoScript places WebM videos too late behind click-to-play in higher security levels

2016-11-28 Thread Tor Bug Tracker & Wiki 
#19210: NoScript places WebM videos too late behind click-to-play in higher
security levels
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  tbb-regression, tbb-security-|  Actual Points:
  slider, tbb-6.0-issues, noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ma1):

 OK, if "Forbid other plugins" was unchecked, "Forbid  / "
 was less effective than it should have been.
 I've never noticed that because I couldn't conceive someone would want to
 block HTML 5 media element while letting any random unknown plugin run,
 but the Security Slider doesn't share my POV :P
 It should be fixed in 2.9.5.2rc4, https://noscript.net/getit#devel

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20629 [Core Tor/Tor]: hs: Fix issues found by coverity

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20629: hs: Fix issues found by coverity
-+
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tor-hs, prop224  |  Actual Points:
Parent ID:   | Points:  0.1
 Reviewer:   |Sponsor:  SponsorR-must
-+
Changes (by dgoulet):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 I believe they are all done. I'll make it sure at the next coverity
 upload.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20811 [Applications/Tor Browser]: Document our recommendations for making Tor Browser the default browser

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20811: Document our recommendations for making Tor Browser the default browser
--+--
 Reporter:  arma  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 A really common user request lately has been how to set up Tor Browser as
 their default browser, e.g. when they click on urls in their email in
 thunderbird.

 I'm under the impression that the current Tor Browser team answer is
 "don't do that, it's dangerous". Is that right? If so we should write it
 down explicitly, along with some intuitions for why it's dangerous so
 people will understand why.

 And if not, we should write up some heuristics or hints or guides or
 something for how to do it most safely.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20810 [Core Tor/Tor]: protover: Using twice the same version for old tor

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20810: protover: Using twice the same version for old tor
--+
 Reporter:  dgoulet   |  Owner:
 Type:  defect| Status:  needs_review
 Priority:  High  |  Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.2.9.4-alpha
 Severity:  Normal| Resolution:
 Keywords:  029-backport  |  Actual Points:
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+
Changes (by dgoulet):

 * status:  new => needs_review


Comment:

 See branch `bug20810_030_01`

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20691 [Applications/Tor Browser]: Updates are not getting properly applied when trying to update to 6.5a4(-hardened) on Linux

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20691: Updates are not getting properly applied when trying to update to
6.5a4(-hardened) on Linux
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Immediate |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Critical  | Resolution:
 Keywords:  TorBrowserTeam201611R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mcs):

 Replying to [comment:27 gk]:
 > Looks good to me (I did not test the patch, though, assuming you did :)
 ).

 Yes we did.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20772 [Applications/Tor Browser]: src="data: ; base64 images rendered when "Show images"="Blocked"

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20772: src="data:;base64 images rendered when "Show images"="Blocked"
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mcs):

 Here is the corresponding Firefox bug:
  https://bugzilla.mozilla.org/show_bug.cgi?id=331257
 There has not been much recent activity though.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20810 [Core Tor/Tor]: protover: Using twice the same version for old tor

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20810: protover: Using twice the same version for old tor
--+
 Reporter:  dgoulet   |  Owner:
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.2.9.4-alpha
 Severity:  Normal|   Keywords:  029-backport
Actual Points:|  Parent ID:
   Points:  0.1   |   Reviewer:
  Sponsor:|
--+
 `protover_compute_for_old_tor()` checks twice `0.2.7.5` version leading to
 dead code.

 According to the comment and the spec, it should be `0.2.9.1-alpha`.

 {{{
   } else if (tor_version_as_new_as(version, "0.2.7.5")) {
 /* 0.2.9.1-alpha HSRend=2 */
 return "Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1-2 "
   "Link=1-4 LinkAuth=1 "
   "Microdesc=1-2 Relay=1-2";
 }}}

 Patch coming up.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20795 [Applications/Tor Browser]: Torbrowser crashes if it can't DNS resolve the Socks5Proxy host in torrc

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20795: Torbrowser crashes if it can't DNS resolve the Socks5Proxy host in torrc
--+---
 Reporter:  gaffer206 |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * status:  new => needs_information


Comment:

 Hm. What happens if you use Tor Browser's own means for configuring your
 proxy? You can do that on the launcher wizard (instead of connecting
 directly you need to choose the configure option). And later on if you
 don't have a proxy available you can remove that option on the wizard
 again as it is otherwise not connecting.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20769 [Applications/Tor Browser]: TB on Windows: Fails to connect to socks proxy

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20769: TB on Windows: Fails to connect to socks proxy
--+---
 Reporter:  mrphs |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by mcs):

 * status:  new => needs_information


Comment:

 Are they using a local proxy to access the Internet? Is it working? Based
 on their log, it looks like tor is trying (and failing) to connect to a
 proxy at 127.0.0.1:5048. Or am I misinterpreting the log?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20348 [Metrics/Censorship analysis]: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf. cyberoam assists bloody dictatorships.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20348: kz no need tor, tor no need kz, if anybody want they can to use 
ultrasurf.
cyberoam assists bloody dictatorships.
-+-
 Reporter:  dcf  |  Owner:
 Type:  project  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:  invalid
 Keywords:  censorship block kz  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 > Reproducible.
 > Still reproducible.

 It is depends kz net load it seems, it's non reproducible at time when as
 assumed most of kz users are online.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20784 [Applications/Tor Browser]: Tor Browser not working (was: TOR Not working)

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20784: Tor Browser not working
--+---
 Reporter:  devildevine   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  Torbrower,|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by mcs):

 * status:  new => needs_information


Comment:

 I am sorry that Tor Browser is not working correctly for you.

 What version of Tor Browser did you download? You can use Get Info on
 TorBrowser.app (in the Finder) to check.

 What happens if you try to load the following URL inside Tor Browser?
  https://check.torproject.org/

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #8298 [Core Tor/Tor]: Do not start write to connection if blocked on bw

2016-11-28 Thread Tor Bug Tracker & Wiki 
#8298: Do not start write to connection if blocked on bw
+--
 Reporter:  cypherpunks |  Owner:
 Type:  defect  | Status:
|  needs_revision
 Priority:  Low |  Milestone:  Tor: 0.3.???
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  kludgy, tor-relay, nickm-patch  |  Actual Points:
Parent ID:  | Points:  0.1
 Reviewer:  |Sponsor:
+--
Changes (by dgoulet):

 * keywords:  kludgy, tor-relay, 024-deferrable, nickm-patch => kludgy, tor-
 relay, nickm-patch
 * status:  needs_review => needs_revision
 * points:   => 0.1


Comment:

 I believe this should be as the definition of `write_blocked_on_bw`
 mentions that it's true iff we are allowed to write.

 {{{
 +  if (conn->write_event && conn->write_blocked_on_bw) {
 }}}

 {{{
   unsigned int write_blocked_on_bw:1; /**< Boolean: should we start
 writing
  * again once the bandwidth throttler allows
  * writes? */
 }}}

 `assert_connection_ok()` uses it that way.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20803 [Core Tor/Tor]: recommended-client-protocols and related are not in dir-spec

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20803: recommended-client-protocols and related are not in dir-spec
--+
 Reporter:  tom   |  Owner:
 Type:  defect| Status:  new
 Priority:  Low   |  Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  spec  |  Actual Points:
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+
Changes (by dgoulet):

 * keywords:   => spec
 * points:   => 0.1
 * milestone:   => Tor: 0.3.0.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20795 [Applications/Tor Browser]: Torbrowser crashes if it can't DNS resolve the Socks5Proxy host in torrc

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20795: Torbrowser crashes if it can't DNS resolve the Socks5Proxy host in torrc
--+--
 Reporter:  gaffer206 |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by dgoulet):

 * owner:   => tbb-team
 * component:  Core Tor/Tor => Applications/Tor Browser


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20809 [Applications/Tor Browser]: Use non-/html search engine URL for DuckDuckGo search plugins

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20809: Use non-/html search engine URL for DuckDuckGo search plugins
-+-
 Reporter:  gk   |  Owner:  tbb-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  TorBrowserTeam201611,
 Severity:  Normal   |  tbb-usability
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 The DuckDuckGo folks asked us to use https://duckduckgo.com instead of the
 /html variant as the former provides a better search experience. They
 implemented a redirect to the /html version for users that have JS
 disabled. Thus, we should be good to go. We should switch the .onion URL
 as well.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20727 [Applications/Tor Browser]: Site-specific zoom levels not kept on Tor Browser 6.5a4(-hardened)

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20727: Site-specific zoom levels not kept on Tor Browser 6.5a4(-hardened)
--+-
 Reporter:  cypherpunks   |  Owner:
 Type:  defect| Status:  closed
 Priority:  Low   |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Trivial   | Resolution:  wontfix
 Keywords:  tbb-usability |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by gk):

 * keywords:   => tbb-usability
 * component:  User Experience => Applications/Tor Browser


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20727 [User Experience]: Site-specific zoom levels not kept on Tor Browser 6.5a4(-hardened)

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20727: Site-specific zoom levels not kept on Tor Browser 6.5a4(-hardened)
-+-
 Reporter:  cypherpunks  |  Owner:
 Type:  defect   | Status:  closed
 Priority:  Low  |  Milestone:
Component:  User Experience  |Version:
 Severity:  Trivial  | Resolution:  wontfix
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Thanks, makes sense.

 What other settings does the privacy.resistFingerprinting toggle restrict?

 I accept being zoom-fingerprintable by the few sites where I change it but
 I still wish to prevent the other preferences controlled by
 resistFingerprinting from being modified.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20314 [Applications/Tor Browser]: Make SVG click-to-play

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20314: Make SVG click-to-play
--+--
 Reporter:  bugzilla  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  noscript, tbb-usability   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 See: #20807 which might help us thinking about how to implement that (if
 we do it at all).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20727 [User Experience]: Site-specific zoom levels not kept on Tor Browser 6.5a4(-hardened)

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20727: Site-specific zoom levels not kept on Tor Browser 6.5a4(-hardened)
-+-
 Reporter:  cypherpunks  |  Owner:
 Type:  defect   | Status:  closed
 Priority:  Low  |  Milestone:
Component:  User Experience  |Version:
 Severity:  Trivial  | Resolution:  wontfix
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  new => closed
 * resolution:   => wontfix


Comment:

 We won't fix this for the default mode of Tor Browser as site specific
 zoom is a great way to make your browser fingerprint more unique. However,
 you can disable that if you go to `about:preferences#privacy` and toggle
 the "Change details that distinguish you from other Tor Browser users"
 checkbox.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19210 [Applications/Tor Browser]: NoScript places WebM videos too late behind click-to-play in higher security levels

2016-11-28 Thread Tor Bug Tracker & Wiki 
#19210: NoScript places WebM videos too late behind click-to-play in higher
security levels
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  tbb-regression, tbb-security-|  Actual Points:
  slider, tbb-6.0-issues, noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ma1):

 This looks Security Slider-specific: I can reproduce with Tor Browser
 6.5a4 and "Medium", indeed, but not on Firefox ESR 45.5 in default
 NoScript configuration.
 Checking the differences...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20348 [Metrics/Censorship analysis]: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf. cyberoam assists bloody dictatorships.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20348: kz no need tor, tor no need kz, if anybody want they can to use 
ultrasurf.
cyberoam assists bloody dictatorships.
-+-
 Reporter:  dcf  |  Owner:
 Type:  project  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:  invalid
 Keywords:  censorship block kz  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 So maybe timings not so matter at least 6 req-answer is enough for already
 known addr:port.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20348 [Metrics/Censorship analysis]: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf. cyberoam assists bloody dictatorships.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20348: kz no need tor, tor no need kz, if anybody want they can to use 
ultrasurf.
cyberoam assists bloody dictatorships.
-+-
 Reporter:  dcf  |  Owner:
 Type:  project  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:  invalid
 Keywords:  censorship block kz  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Google returns result for Mosaddegh:1984, and nothing for GreenBelt:1984

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20775 [Applications/Tor Browser Sandbox]: Use Tor Browser's integrated `AF_LOCAL` support on alpha.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20775: Use Tor Browser's integrated `AF_LOCAL` support on alpha.
--+-
 Reporter:  yawning   |  Owner:  yawning
 Type:  enhancement   | Status:  new
 Priority:  Low   |  Milestone:
Component:  Applications/Tor Browser Sandbox  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by gk):

 * cc: gk (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20348 [Metrics/Censorship analysis]: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf. cyberoam assists bloody dictatorships.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20348: kz no need tor, tor no need kz, if anybody want they can to use 
ultrasurf.
cyberoam assists bloody dictatorships.
-+-
 Reporter:  dcf  |  Owner:
 Type:  project  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:  invalid
 Keywords:  censorship block kz  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Mosaddegh:1984 traffic stalled.
 GreenBelt:1984 works. GreenBelt:5881 traffic stalled. Still reproducible.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19210 [Applications/Tor Browser]: NoScript places WebM videos too late behind click-to-play in higher security levels

2016-11-28 Thread Tor Bug Tracker & Wiki 
#19210: NoScript places WebM videos too late behind click-to-play in higher
security levels
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  tbb-regression, tbb-security-|  Actual Points:
  slider, tbb-6.0-issues, noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:18 ma1]:
 > Please check 2.9.5.2rc3 from https://noscript.net/getit#devel
 > Thank you.

 Same result as in comment:17 for me, alas.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20348 [Metrics/Censorship analysis]: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf. cyberoam assists bloody dictatorships.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20348: kz no need tor, tor no need kz, if anybody want they can to use 
ultrasurf.
cyberoam assists bloody dictatorships.
-+-
 Reporter:  dcf  |  Owner:
 Type:  project  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:  invalid
 Keywords:  censorship block kz  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Was GreenBelt:5881 result of DNAT too? How can I test too DNATs for the
 same bridge with one public and another private ports?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20807 [Applications/Tor Browser]: Youtube video controls are not visible on highest security level in Tor Browser

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20807: Youtube video controls are not visible on highest security level in Tor
Browser
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-usability |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 FWICT this is caused by YouTube using SVG images for its video controls
 which are blocked with the High security level.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20808 [User Experience/Website]: Remove OONI UX job posting

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20808: Remove OONI UX job posting
-+---
 Reporter:  hellais  |  Owner:  Sebastian
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  User Experience/Website  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+---
 We have found a designer for the UX job posting.

 It should be removed from the job posting page:
 https://www.torproject.org/about/jobs-ooni-ux-designer.html.en.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20735 [Applications/Tor Browser]: Add snowflake pt to alpha linux builds

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20735: Add snowflake pt to alpha linux builds
--+--
 Reporter:  arlolra   |  Owner:  tbb-team
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201611R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:4 arlolra]:
 > > 3) Snowflake is not working:
 >
 > The browser proxy has not been distributed widely yet, so noone is
 coming along in time to answer your offer.  Try visiting
 https://keroserene.net/snowflake/snowflake.html in another browser
 simultaneously, or run one locally https://gitweb.torproject.org
 /pluggable-transports/snowflake.git/tree/proxy/README.md#n18

 So, how are users in our alphas then supposed to use Snowflake? Wouldn't
 it be smarter to have, say, Snowflake in our nightly builds first for a
 while, propagate that to get the browser proxy more widely distributed and
 then ship it in alphas? Right now all the users get is Snowflake not
 working which is sort of counterintuitive if we ship it in an alpha build
 (as showing it in the PT drop down box indicates that it is something
 which is actually usable).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20805 [Applications/Tor Browser]: Circuit display does not honor or use the UI font.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20805: Circuit display does not honor or use the UI font.
--+--
 Reporter:  yawning   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very Low  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux, tbb-circuit-display   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:  ux => ux, tbb-circuit-display


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20772 [Applications/Tor Browser]: src="data: ; base64 images rendered when "Show images"="Blocked"

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20772: src="data:;base64 images rendered when "Show images"="Blocked"
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * priority:  Immediate => Medium
 * severity:  Blocker => Normal


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20786 [Applications/Tor Browser]: Tor Browser crashing and not opening

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20786: Tor Browser crashing and not opening
--+---
 Reporter:  JuiceMann7414 |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * status:  new => needs_information


Comment:

 Hm. Which platform are you on? What exactly have you done? What version is
 shown in the upper-right corner of your `about:tor` page?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20800 [Applications/Tor Browser]: In-browser shortcuts involving Shift don't work.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20800: In-browser shortcuts involving Shift don't work.
--+--
 Reporter:  Mqrius|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-usability |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:   => tbb-usability


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20348 [Metrics/Censorship analysis]: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf. cyberoam assists bloody dictatorships.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20348: kz no need tor, tor no need kz, if anybody want they can to use 
ultrasurf.
cyberoam assists bloody dictatorships.
-+-
 Reporter:  dcf  |  Owner:
 Type:  project  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:  invalid
 Keywords:  censorship block kz  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 > GreenBelt
 > 1984

 Is extra port about iptables DNAT?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20807 [Applications/Tor Browser]: Youtube video controls are not visible on highest security level in Tor Browser

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20807: Youtube video controls are not visible on highest security level in Tor
Browser
--+---
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-usability
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+---
 Go to youtube.com with security slider level set to high and scripts
 allowed for youtube. Select a video (and if needed allow it to play) and
 while the video is running no video controls are visible.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20806 [Applications/Tor Browser Sandbox]: Add an option to disable including `libavcodec.so` in the firefox container.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20806: Add an option to disable including `libavcodec.so` in the firefox
container.
--+-
 Reporter:  yawning   |  Owner:  yawning
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser Sandbox  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 Right now, the firefox container explcitly includes the "best" libavcodec
 shared library (dlopen()ed by firefox), 100% of the time as a concession
 to usability.

 Since this is optional, and there are usage models that do not require
 video/audio playback, this should be made optional like how PulseAudio
 currently is, under the rationale that people who can live with omitting
 it, can gain reduced attack surface.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20348 [Metrics/Censorship analysis]: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf. cyberoam assists bloody dictatorships.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20348: kz no need tor, tor no need kz, if anybody want they can to use 
ultrasurf.
cyberoam assists bloody dictatorships.
-+-
 Reporter:  dcf  |  Owner:
 Type:  project  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:  invalid
 Keywords:  censorship block kz  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 > There could be another cause: for example suppose all the DPI boxes
 count connections to each IP address and upload the logs to a central
 place, then the firewalls only apply their timing/entropy heuristics to
 popular destinations. It wouldn't surprise me if a firewall vendor were
 uploading customer connection logs in order to do data mining on them.

 They no need to send it to central place, box can to count connections
 locally to skip all new addr:port. But then why need to count entropy
 every time for already known addr:port? Why so complex?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20773 [Applications/Tor Browser Sandbox]: Stop mounting `/proc` in the various containers once this is feasable.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20773: Stop mounting `/proc` in the various containers once this is feasable.
--+-
 Reporter:  yawning   |  Owner:  yawning
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser Sandbox  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-

Comment (by yawning):

 Asan requires `/proc/self/maps` at a minimum, so for the hardened series,
 the tor container yet again has `/proc/`.  Sad panda.

 https://gitweb.torproject.org/tor-browser/sandboxed-tor-
 browser.git/commit/?id=09b66528f6013c0ca5ee9be20ad91cadb3e901aa

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20800 [Applications/Tor Browser]: In-browser shortcuts involving Shift don't work.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20800: In-browser shortcuts involving Shift don't work.
--+--
 Reporter:  Mqrius|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * owner:   => tbb-team
 * component:  - Select a component => Applications/Tor Browser


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20348 [Metrics/Censorship analysis]: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf. cyberoam assists bloody dictatorships.

2016-11-28 Thread Tor Bug Tracker & Wiki 
#20348: kz no need tor, tor no need kz, if anybody want they can to use 
ultrasurf.
cyberoam assists bloody dictatorships.
-+-
 Reporter:  dcf  |  Owner:
 Type:  project  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:  invalid
 Keywords:  censorship block kz  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 > GreenBelt

 GreenBelt:1984 works. GreenBelt:5881 traffic stalled. Reproducible.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs