Re: [tor-bugs] #21609 [Applications/Tor Browser]: Investigate device sensor code for possible information leaks (was: Investigate updated device orientation code for possible information leaks)

[Tor Bug Tracker & Wiki]

#21609: Investigate device sensor code for possible information leaks
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha, tbb-   |  Actual Points:
  fingerprinting, TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by arthuredelstein):

 * cc: arthuredelstein (added)


Comment:

 We do have fingerprinting protection for "screen orientation" and related
 events, but in fact we never introduced specific protection for "device
 orientation" events. We did, however, disable device sensor readings in
 general in #15758 by setting "device.sensors.enabled" to `false`. These
 sensors may include:
 {{{
 TYPE_ORIENTATION = 0U,
 TYPE_ACCELERATION = 1U,
 TYPE_PROXIMITY = 2U,
 TYPE_LINEAR_ACCELERATION = 3U,
 TYPE_GYROSCOPE = 4U,
 TYPE_LIGHT = 5U,
 TYPE_ROTATION_VECTOR = 6U,
 TYPE_GAME_ROTATION_VECTOR = 7U
 }}}

 In TBB 7.0a3's JS console, I see four relevant APIs:
 * DeviceLightEvent
 * DeviceMotionEvent
 * DeviceOrientationEvent
 * DeviceProximityEvent

 Despite the presence of these interfaces, the Mozilla code appears to
 suggest that disabling "device.sensors.enabled" should result in no such
 events being generated from sensor hardware, because sensor observers are
 never registered. Unfortunately I don't currently have a laptop with such
 sensors (do these exist?) so I can't do a manual test. Maybe we can find a
 hook for simulating sensor data.

 Also, this should be a particularly useful thing to examine on Orfox.
 Ideally these sensors would be behind a permission that is requested if a
 content script calls, for example, `addEventListener("deviceorientation",
 ...)`.

 I have changed the title to cover all device sensor code.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22136 [Core Tor/Tor]: Make guards expire client connections

[Tor Bug Tracker & Wiki]

#22136: Make guards expire client connections
--+
 Reporter:  teor  |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:  0.3   |   Reviewer:
  Sponsor:|
--+
 This is a follow-up to #21406.

 Now that channel_is_client() works, we should use it instead of
 or_circuit_t.is_first_hop.

 This will make circuit_expire_old_circuits_serverside() actually expire
 circuits correctly.

 The rest of the changes are logging or refactoring, the checks are either
 correct, or have no impact. (In connection_exit_begin_conn(), we will
 change an end reason from MISC to TORPROTOCOL.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22131 [Core Tor/Chutney]: chutney should cope better when sockets are closed

[Tor Bug Tracker & Wiki]

#22131: chutney should cope better when sockets are closed
--+---
 Reporter:  teor  |  Owner:  teor
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal| Resolution:  duplicate
 Keywords:|  Actual Points:
Parent ID:| Points:  0.5
 Reviewer:|Sponsor:
--+---
Changes (by teor):

 * status:  needs_review => closed
 * resolution:   => duplicate


Comment:

 Closing this in favour of #22134.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22101 [Core Tor/Tor]: Can't have relative DataDirectory with CookieAuthentication enabled

[Tor Bug Tracker & Wiki]

#22101: Can't have relative DataDirectory with CookieAuthentication enabled
--+
 Reporter:  pastly|  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by teor):

 Replying to [comment:4 pastly]:
 > Replying to [comment:2 Jigsaw52]:
 > > There may more bugs similar to this, as any call to get_datadir_fname
 after CURRENT_DIR is changed will result in the wrong path when a relative
 path is used for the DataDirectory.
 >
 >
 > Replying to [comment:3 teor]
 > > I think we should make get_datadir_fname() return an absolute path. We
 need to do this when we change CURRENT_DIR, but maybe we should always do
 it for consistency.
 >
 >
 > (IMHO and without looking into it any more than the bug reports I've
 already made) it is starting to sound like this is also causing #22102.
 Perhaps there's a whole sea of buggy assumptions that could be squashed in
 one fell swoop.

 There's at least one more for the PidFile, too.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22131 [Core Tor/Chutney]: chutney should cope better when sockets are closed

[Tor Bug Tracker & Wiki]

#22131: chutney should cope better when sockets are closed
--+--
 Reporter:  teor  |  Owner:  teor
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  0.5
 Reviewer:|Sponsor:
--+--
Changes (by nickm):

 * status:  needs_revision => needs_review


Comment:

 Actually, I did split it -- see #22134

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22101 [Core Tor/Tor]: Can't have relative DataDirectory with CookieAuthentication enabled

[Tor Bug Tracker & Wiki]

#22101: Can't have relative DataDirectory with CookieAuthentication enabled
--+
 Reporter:  pastly|  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by pastly):

 Replying to [comment:2 Jigsaw52]:
 > There may more bugs similar to this, as any call to get_datadir_fname
 after CURRENT_DIR is changed will result in the wrong path when a relative
 path is used for the DataDirectory.


 Replying to [comment:3 teor]
 > I think we should make get_datadir_fname() return an absolute path. We
 need to do this when we change CURRENT_DIR, but maybe we should always do
 it for consistency.


 (IMHO and without looking into it any more than the bug reports I've
 already made) it is starting to sound like this is also causing #22102.
 Perhaps there's a whole sea of buggy assumptions that could be squashed in
 one fell swoop.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22101 [Core Tor/Tor]: Can't have relative DataDirectory with CookieAuthentication enabled

[Tor Bug Tracker & Wiki]

#22101: Can't have relative DataDirectory with CookieAuthentication enabled
--+
 Reporter:  pastly|  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by teor):

 * version:  Tor: 0.3.0.6 =>


Comment:

 Thanks for looking into this, Jigsaw52!

 I think we should make get_datadir_fname() return an absolute path. We
 need to do this when we change CURRENT_DIR, but maybe we should always do
 it for consistency.

 (Removing the version, because this bug has been in tor for a long time.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22131 [Core Tor/Chutney]: chutney should cope better when sockets are closed

[Tor Bug Tracker & Wiki]

#22131: chutney should cope better when sockets are closed
--+
 Reporter:  teor  |  Owner:  teor
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  0.5
 Reviewer:|Sponsor:
--+
Changes (by teor):

 * status:  new => needs_revision


Comment:

 This is nickm's patch for this, it should be split up into debug
 statements and code changes:
 https://paste.debian.net/930479/

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22135 [Core Tor/Chutney]: chutney should use python's loggging module

[Tor Bug Tracker & Wiki]

#22135: chutney should use python's loggging module
--+--
 Reporter:  nickm |  Owner:  teor
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Our current debug() function is a silly kludge, and our print() statements
 are not much better.  Python has built-in logging in its standard library,
 and perhaps we should just use that instead.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22128 [Core Tor/Tor]: Refactor body of connection_dir_client_reached_eof()

[Tor Bug Tracker & Wiki]

#22128: Refactor body of connection_dir_client_reached_eof()
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:  .1
Parent ID:  #21650| Points:  .1
 Reviewer:|Sponsor:  Sponsor4
--+
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Merging as a likely step forward.  Thanks for the review!

 Agreed with the logging calls.  The if-else chains will probably all get
 rewritten as part of ahf's #21667 work when he starts handling the new
 compression methods.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22134 [Core Tor/Chutney]: Several bugs encountered running "make test-network" on a fast desktop

[Tor Bug Tracker & Wiki]

#22134: Several bugs encountered running "make test-network" on a fast desktop
--+--
 Reporter:  nickm |  Owner:  teor
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by nickm):

 I've also attached a debug log from a failing run with this branch pplied.

 The branch fixes 2 bugs and adds a bunch of debugging calls

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22134 [Core Tor/Chutney]: Several bugs encountered running "make test-network" on a fast desktop

[Tor Bug Tracker & Wiki]

#22134: Several bugs encountered running "make test-network" on a fast desktop
--+--
 Reporter:  nickm |  Owner:  teor
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by nickm):

 * status:  new => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22134 [Core Tor/Chutney]: Several bugs encountered running "make test-network" on a fast desktop

[Tor Bug Tracker & Wiki]

#22134: Several bugs encountered running "make test-network" on a fast desktop
--+--
 Reporter:  nickm |  Owner:  teor
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by nickm):

 * cc: teor (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22134 [Core Tor/Chutney]: Several bugs encountered running "make test-network" on a fast desktop

[Tor Bug Tracker & Wiki]

#22134: Several bugs encountered running "make test-network" on a fast desktop
--+--
 Reporter:  nickm |  Owner:  teor
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Please see branch `misc_bugs` for fixes. Sorry for brevity of this ticket.

 These fixes take my "make test-network" success rate from 0% to about 60%.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20409 [Core Tor/Chutney]: When some chutney tors die, clean up the rest

[Tor Bug Tracker & Wiki]

#20409: When some chutney tors die, clean up the rest
--+--
 Reporter:  teor  |  Owner:  teor
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal| Resolution:
 Keywords:  easy  |  Actual Points:
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+--
Changes (by teor):

 * status:  new => needs_review


Comment:

 This is fixed in 5adda26 in my branch no-zombies:
 https://github.com/teor2345/chutney/commits/no-zombies

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21903 [Core Tor/Chutney]: Disable DNS in chutney by default, and add an option to enable it

[Tor Bug Tracker & Wiki]

#21903: Disable DNS in chutney by default, and add an option to enable it
--+--
 Reporter:  teor  |  Owner:  teor
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #19573| Points:  0.5
 Reviewer:|Sponsor:
--+--
Changes (by teor):

 * status:  new => needs_review


Comment:

 This is fixed in 5adda26 in my branch no-zombies:
 https://github.com/teor2345/chutney/commits/no-zombies

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22101 [Core Tor/Tor]: Can't have relative DataDirectory with CookieAuthentication enabled

[Tor Bug Tracker & Wiki]

#22101: Can't have relative DataDirectory with CookieAuthentication enabled
--+
 Reporter:  pastly|  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.0.6
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by Jigsaw52):

 I've looked into this for a bit and found the cause of the issue:

 In the function options_act (in config.c), finish_daemon is called and
 finish_daemon changes the current directory to the DataDirectory.

 Later on options_act, init_control_cookie_authentication is called, which
 will try to create the control_auth_cookie file inside the DataDirectory.

 Because DataDirectory is a relative path, it will try to create the
 control_auth_cookie file inside CURRENT_DIR/DataDirectory.

 The problem is that, because CURRENT_DIR was changed to DataDirectory by
 finish_daemon, it will try to create the control_auth_cookie file inside
 DataDirectory/DataDirectory which does not exist, resulting in the error
 we see on the logs.

 There may more bugs similar to this, as any call to get_datadir_fname
 after CURRENT_DIR is changed will result in the wrong path when a relative
 path is used for the DataDirectory.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22133 [Core Tor/Chutney]: When CHUTNEY_DEBUG is set, make tor log a debug log

[Tor Bug Tracker & Wiki]

#22133: When CHUTNEY_DEBUG is set, make tor log a debug log
--+--
 Reporter:  teor  |  Owner:  teor
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:  0.2   |   Reviewer:
  Sponsor:|
--+--
 We can do this using similar code to #20409 and #21903.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15418 [Core Tor/Chutney]: chutney: add debug command-line flag

[Tor Bug Tracker & Wiki]

#15418: chutney: add debug command-line flag
-+-
 Reporter:  teor |  Owner:  nickm
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Core Tor/Chutney |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tor-chutney-usability|  Actual Points:  0
  TorCoreTeam201605  |
Parent ID:  #16949   | Points:  .2
 Reviewer:   |Sponsor:
 |  SponsorS-can
-+-
Changes (by teor):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Thanks!
 Simple change that works on my machine, merged to master.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22132 [Core Tor/Chutney]: Chutney should avoid waiting for set times: wait for conditions instead

[Tor Bug Tracker & Wiki]

#22132: Chutney should avoid waiting for set times: wait for conditions instead
--+--
 Reporter:  teor  |  Owner:  teor
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:  2 |   Reviewer:
  Sponsor:|
--+--
 Chutney has a few places where it waits for hard-coded amounts of time. It
 should wait for events to happen instead.

 For example:
 * re-trying connections (#22131)
 * waiting for bootstrap
 * anywhere else we use sleep()

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22131 [Core Tor/Chutney]: chutney should cope better when sockets are closed

[Tor Bug Tracker & Wiki]

#22131: chutney should cope better when sockets are closed
--+--
 Reporter:  teor  |  Owner:  teor
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  0.5
 Reviewer:|Sponsor:
--+--
Description changed by teor:

Old description:

> At the moment, it just retires after a few seconds. We should be smarter
> than that.

New description:

 At the moment, it just re-tries the connection after a few seconds, then
 gives up after a few tries. We should be smarter than that.

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22131 [Core Tor/Chutney]: chutney should cope better when sockets are closed

[Tor Bug Tracker & Wiki]

#22131: chutney should cope better when sockets are closed
--+--
 Reporter:  teor  |  Owner:  teor
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Chutney  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:  0.5   |   Reviewer:
  Sponsor:|
--+--
 At the moment, it just retires after a few seconds. We should be smarter
 than that.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22128 [Core Tor/Tor]: Refactor body of connection_dir_client_reached_eof()

[Tor Bug Tracker & Wiki]

#22128: Refactor body of connection_dir_client_reached_eof()
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  .1
Parent ID:  #21650| Points:  .1
 Reviewer:|Sponsor:  Sponsor4
--+
Changes (by catalyst):

 * status:  needs_review => merge_ready


Comment:

 Looks good to me.  I do see some places that could use further
 refactoring, like some of the complicated logging calls.  Also the if-else
 chains dealing with stringifying compression methods could go into a
 switch-statement in a helper function.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15418 [Core Tor/Chutney]: chutney: add debug command-line flag

[Tor Bug Tracker & Wiki]

#15418: chutney: add debug command-line flag
-+-
 Reporter:  teor |  Owner:  nickm
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Core Tor/Chutney |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-chutney-usability|  Actual Points:  0
  TorCoreTeam201605  |
Parent ID:  #16949   | Points:  .2
 Reviewer:   |Sponsor:
 |  SponsorS-can
-+-
Changes (by nickm):

 * keywords:  tor-chutney-usability => tor-chutney-usability
   TorCoreTeam201605


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15418 [Core Tor/Chutney]: chutney: add debug command-line flag

[Tor Bug Tracker & Wiki]

#15418: chutney: add debug command-line flag
---+--
 Reporter:  teor   |  Owner:  nickm
 Type:  enhancement| Status:  needs_review
 Priority:  Medium |  Milestone:
Component:  Core Tor/Chutney   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-chutney-usability  |  Actual Points:  0
Parent ID:  #16949 | Points:  .2
 Reviewer: |Sponsor:  SponsorS-can
---+--
Changes (by nickm):

 * status:  assigned => needs_review
 * actualpoints:   => 0


Comment:

 See ticket15418 in my public repository?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15418 [Core Tor/Chutney]: chutney: add debug command-line flag

[Tor Bug Tracker & Wiki]

#15418: chutney: add debug command-line flag
---+--
 Reporter:  teor   |  Owner:  nickm
 Type:  enhancement| Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Core Tor/Chutney   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-chutney-usability  |  Actual Points:
Parent ID:  #16949 | Points:  .2
 Reviewer: |Sponsor:  SponsorS-can
---+--
Changes (by nickm):

 * owner:  andrea => nickm


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21406 [Core Tor/Tor]: The channel is_client flag is inaccurate

[Tor Bug Tracker & Wiki]

#21406: The channel is_client flag is inaccurate
--+
 Reporter:  teor  |  Owner:  teor
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.2.4.23
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:  0.5
Parent ID:| Points:  0.5
 Reviewer:  nickm |Sponsor:
--+
Changes (by nickm):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 > I pushed a fixup to connection-with-client-v2 that reverts the
 connection_or_check_valid_tls_handshake() change.

 Thank you!  squashed and merged!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21792 [Applications/Tor Browser]: Make sure MediaError.message does not aid to fingerprinting

[Tor Bug Tracker & Wiki]

#21792: Make sure MediaError.message does not aid to fingerprinting
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-fingerprinting,|  Actual Points:
  tbb-7.0-must-alpha, TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * keywords:  ff52-esr, tbb-fingerprinting, tbb-7.0-must-alpha,
 TorBrowserTeam201705 =>
 ff52-esr, tbb-fingerprinting, tbb-7.0-must-alpha,
 TorBrowserTeam201705R
 * status:  needs_revision => needs_review


Comment:

 Replying to [comment:13 gk]:
 > Replying to [comment:12 mcs]:
 > > Your patch looks okay, although it would be safer to return an empty
 string in aResult in the `privacy.resistFingerprinting = true` case.
 >
 > I agree. Could you please change that, Arthur?

 Yes, good point. Here is the changed patch:
 https://github.com/arthuredelstein/tor-browser/commit/21792+1

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22103 [Core Tor/Tor]: confparse.c checks pointer instead of value (!ok)

[Tor Bug Tracker & Wiki]

#22103: confparse.c checks pointer instead of value (!ok)
--+
 Reporter:  nullius   |  Owner:  catalyst
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 lgtm; tests pass; merging!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22046 [Metrics/Atlas]: Remove cruft

[Tor Bug Tracker & Wiki]

#22046: Remove cruft
---+---
 Reporter:  cypherpunks|  Owner:  irl
 Type:  defect | Status:  needs_information
 Priority:  Medium |  Milestone:
Component:  Metrics/Atlas  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by irl):

 * status:  needs_review => needs_information


Comment:

 I don't seem to be able to get this one to apply.

 I can see what's happening with the deletions, what's up with the renames?
 I can apply the diff manually if you can give some context on the renames.

 Thanks for your work on this, it's been bugging me for a while. (:

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22057 [Metrics/Atlas]: Add a link to the Atlas wiki page

[Tor Bug Tracker & Wiki]

#22057: Add a link to the Atlas wiki page
---+
 Reporter:  cypherpunks|  Owner:  irl
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Metrics/Atlas  |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by irl):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Merged. Thanks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22056 [Metrics/Atlas]: Replace the custom splash screen with Bootstrap's hero-unit

[Tor Bug Tracker & Wiki]

#22056: Replace the custom splash screen with Bootstrap's hero-unit
---+
 Reporter:  cypherpunks|  Owner:  irl
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Metrics/Atlas  |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by irl):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 I wasn't sure about this one, but I've gone ahead and merged it. It's not
 just a behind-the-scenes change and does change the presentation of the
 home page, but I figure this is useful for preparation for updating Atlas'
 bootstrap.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22047 [Metrics/Atlas]: Remove usage of the data-original-title attribute

[Tor Bug Tracker & Wiki]

#22047: Remove usage of the data-original-title attribute
---+
 Reporter:  cypherpunks|  Owner:  irl
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Metrics/Atlas  |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by irl):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Merged. Thanks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22130 [Applications/Tor Browser]: Use an "international" formatting for Dates etc, instead of US English locale (was: Use an "international" formatting for instead of English locale)

[Tor Bug Tracker & Wiki]

#22130: Use an "international" formatting for Dates etc, instead of US English
locale
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21608 [Applications/Tor Browser]: Investigate `DateTimeFormat.formatToParts` for fingerprintability issues

[Tor Bug Tracker & Wiki]

#21608: Investigate `DateTimeFormat.formatToParts` for fingerprintability issues
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha, tbb-   |  Actual Points:
  fingerprinting, TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by arthuredelstein):

 Replying to [comment:7 cypherpunks]:
 > Pref is `javascript.use_us_english_locale` ;)

 Oops; fixed the typo, thanks.

 > Also we need something `international` as `UTC`, but not `us_english`
 for american idiots only, like `12/17/2012` instead of dd.mm. or even
 .mm.dd, `3:00:42 PM` instead of 15:00:42, and so on.
 [https://en.wikipedia.org/wiki/International_System_of_Units System SI]
 has all we need.

 This American idiot agrees with you. I opened #22130.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22130 [Applications/Tor Browser]: Use an "international" formatting for instead of English locale

[Tor Bug Tracker & Wiki]

#22130: Use an "international" formatting for instead of English locale
--+
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-fingerprinting
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 Right now we use
 `javascript.use_us_english_locale`
 but this is not friendly to non-US users. We should use Date formats with
 maximum readability across locales. For example, the ISO 8061 is pretty
 good, although I don't like the T in the middle.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22127 [Applications/Tor Browser]: Think about a more elaborate defense against fingerprinting with `hardwareConcurrency`

[Tor Bug Tracker & Wiki]

#22127: Think about a more elaborate defense against fingerprinting with
`hardwareConcurrency`
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arthuredelstein):

 * cc: arthuredelstein (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22129 [- Select a component]: the new youtube layout dosen't work with high security setting

[Tor Bug Tracker & Wiki]

#22129: the new youtube layout dosen't work with high security setting
--+-
 Reporter:  i139  |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 use youtube.com/new for access new youtube layout

 the page don't apper anymore

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22103 [Core Tor/Tor]: confparse.c checks pointer instead of value (!ok)

[Tor Bug Tracker & Wiki]

#22103: confparse.c checks pointer instead of value (!ok)
--+
 Reporter:  nullius   |  Owner:  catalyst
 Type:  defect| Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by catalyst):

 * status:  needs_revision => merge_ready


Comment:

 Thanks. Updated with tests.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10227 [Core Tor/Stem]: Support descriptor generation

[Tor Bug Tracker & Wiki]

#10227: Support descriptor generation
--+
 Reporter:  atagar|  Owner:  atagar
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Stem |Version:
 Severity:  Normal| Resolution:
 Keywords:  descriptor, leekspin  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by atagar):

 Hi Patrick. Just a quick update that this weekend I added descriptor
 creation methods...

 https://stem.torproject.org/tutorials/mirror_mirror_on_the_wall.html#can-i
 -create-descriptors
 https://gitweb.torproject.org/stem.git/commit/?id=b2a54ad

 Note that this *doesn't* yet support signing descriptors. I'm looking into
 that next. Also reached out to Isis to see if there were any other aspects
 of leekspin we should incorporate...

 https://lists.torproject.org/pipermail/tor-dev/2017-May/012237.html

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21886 [Applications/Tor Browser]: Downloading of binary files stalls at 0/0 bytes in Tor Browser based on ESR52 with e10s off

[Tor Bug Tracker & Wiki]

#21886: Downloading of binary files stalls at 0/0 bytes in Tor Browser based on
ESR52 with e10s off
-+-
 Reporter:  gk   |  Owner:  gk
 Type:  defect   | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-7.0-must-alpha,   |  Actual Points:
  ff52-esr, TorBrowserTeam201705,|
  GeorgKoppen201705  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by mcs):

 Replying to [comment:12 gk]:
 > mcs/brade: This bug is not related to #21766 it seems. I'll put it back
 on my plate, feel free to focus (again) on #21766. I think I can figure
 our what is going wrong here tomorrow.

 That's fine. Kathy and I will be interested to see what you have learned.
 We just came up with a patch that seems to fix this ticket but not #21766.
 I will post it as an attachment for reference, although you may have a
 different fix in mind.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21272 [Metrics]: Onionperf deployment

[Tor Bug Tracker & Wiki]

#21272: Onionperf deployment
-+--
 Reporter:  hiro |  Owner:  metrics-team
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Metrics  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by irl):

 Looking at the .tpf output files from op-ab, it only seems to be testing
 Onion services and isn't doing any testing of the clearnet tgen instance,
 unless I'm misinterpreting the results.

 Any ideas what might have gone wrong?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21886 [Applications/Tor Browser]: Downloading of binary files stalls at 0/0 bytes in Tor Browser based on ESR52 with e10s off

[Tor Bug Tracker & Wiki]

#21886: Downloading of binary files stalls at 0/0 bytes in Tor Browser based on
ESR52 with e10s off
-+-
 Reporter:  gk   |  Owner:  gk
 Type:  defect   | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-7.0-must-alpha,   |  Actual Points:
  ff52-esr, TorBrowserTeam201705,|
  GeorgKoppen201705  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * owner:  mcs => gk


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21886 [Applications/Tor Browser]: Downloading of binary files stalls at 0/0 bytes in Tor Browser based on ESR52 with e10s off

[Tor Bug Tracker & Wiki]

#21886: Downloading of binary files stalls at 0/0 bytes in Tor Browser based on
ESR52 with e10s off
-+-
 Reporter:  gk   |  Owner:  mcs
 Type:  defect   | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-7.0-must-alpha,   |  Actual Points:
  ff52-esr, TorBrowserTeam201705,|
  GeorgKoppen201705  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * keywords:  tbb-usability, tbb-7.0-must-alpha, ff52-esr,
 TorBrowserTeam201705 =>
 tbb-usability, tbb-7.0-must-alpha, ff52-esr, TorBrowserTeam201705,
 GeorgKoppen201705


Comment:

 Replying to [comment:7 mcs]:
 > Replying to [comment:6 gk]:
 > > After looking a bit closer at it I think this is highly related to
 #21766. mcs/brade: would it be helpful to deal with that bug by looking
 closer at this issue?
 > We will look at this one at the same time as #21766.
 >
 > > Or do you feel you have a solution for #21766? If so you could test
 whether my assumption is right and this bug gets fixed with it, too.
 > We do not have a solution yet but are planning to work on that bug
 tomorrow.

 mcs/brade: This bug is not related to #21766 it seems. I'll put it back on
 my plate, feel free to focus (again) on #21766. I think I can figure our
 what is going wrong here tomorrow.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22103 [Core Tor/Tor]: confparse.c checks pointer instead of value (!ok)

[Tor Bug Tracker & Wiki]

#22103: confparse.c checks pointer instead of value (!ok)
--+
 Reporter:  nullius   |  Owner:  catalyst
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * status:  merge_ready => needs_revision


Comment:

 Okay; please put this back in merge_ready when you've got the tests.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22060 [Core Tor/Tor]: Remove deprecated options from 0.2.9.2-alpha

[Tor Bug Tracker & Wiki]

#22060: Remove deprecated options from 0.2.9.2-alpha
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  enhancement   | Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  config|  Actual Points:
Parent ID:| Points:  0.5
 Reviewer:  nickm |Sponsor:
--+
Changes (by nickm):

 * status:  needs_review => needs_revision


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22060 [Core Tor/Tor]: Remove deprecated options from 0.2.9.2-alpha

[Tor Bug Tracker & Wiki]

#22060: Remove deprecated options from 0.2.9.2-alpha
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  config|  Actual Points:
Parent ID:| Points:  0.5
 Reviewer:  nickm |Sponsor:
--+

Comment (by nickm):

 I argue more about 5df1535dc on the ticket.  I still think that branch
 should always be taken.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22127 [Applications/Tor Browser]: Think about a more elaborate defense against fingerprinting with `hardwareConcurrency`

[Tor Bug Tracker & Wiki]

#22127: Think about a more elaborate defense against fingerprinting with
`hardwareConcurrency`
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 
https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22127 [Applications/Tor Browser]: Think about a more elaborate defense against fingerprinting with `hardwareConcurrency`

[Tor Bug Tracker & Wiki]

#22127: Think about a more elaborate defense against fingerprinting with
`hardwareConcurrency`
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by tom):

 > The cost for those with computers with more than 1 core could be
 performance degradation.

 This will only (potentially) degrade performance for really sophisticated
 web applications though, right? Games that go "Oh, your PC has 4 cores so
 I'll spin up 3 WebWorkers to help with the ray tracing in my Canvas-based
 DOOM clone" or whatever.  It wouldn't affect the actual browser... right?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22128 [Core Tor/Tor]: Refactor body of connection_dir_client_reached_eof()

[Tor Bug Tracker & Wiki]

#22128: Refactor body of connection_dir_client_reached_eof()
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  .1
Parent ID:  #21650| Points:  .1
 Reviewer:|Sponsor:  Sponsor4
--+

Comment (by nickm):

 (If you're looking at diffs, make sure to use 'diff -b' or you will see
 lots of indentation changes)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22128 [Core Tor/Tor]: Refactor body of connection_dir_client_reached_eof()

[Tor Bug Tracker & Wiki]

#22128: Refactor body of connection_dir_client_reached_eof()
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  .1
Parent ID:  #21650| Points:  .1
 Reviewer:|Sponsor:  Sponsor4
--+
Changes (by nickm):

 * status:  new => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22128 [Core Tor/Tor]: Refactor body of connection_dir_client_reached_eof()

[Tor Bug Tracker & Wiki]

#22128: Refactor body of connection_dir_client_reached_eof()
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  .1
Parent ID:  #21650| Points:  .1
 Reviewer:|Sponsor:  Sponsor4
--+

Comment (by nickm):

 Please review `refactor_dir_client_handler` ?

 On gitlab at https://gitlab.com/nickm_tor/tor/merge_requests/20 .

 This is a pretty straightfoward mechanical refactoring that tries to leave
 as much of the code alone as possible.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22128 [Core Tor/Tor]: Refactor body of connection_dir_client_reached_eof()

[Tor Bug Tracker & Wiki]

#22128: Refactor body of connection_dir_client_reached_eof()
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:  .1|  Parent ID:  #21650
   Points:  .1|   Reviewer:
  Sponsor:  Sponsor4  |
--+
 What's this 630-line function doing in our codebase?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22104 [Applications/Tor Browser]: Adjust #19837 for ff52-esr

[Tor Bug Tracker & Wiki]

#22104: Adjust #19837 for ff52-esr
-+-
 Reporter:  cypherpunks  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-regression,  |  Actual Points:
  TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Replying to [comment:5 gk]:
 > Replying to [comment:4 cypherpunks]:
 > > Hmm, seems to be e10s off only. Confirmed on Win XP.
 >
 > Works for me as well on my Windows 7 machine. I set
 `browser.tabs.remote.autostart.2` to `false`, restarted Tor Browser and
 clicked the link. The controls are still visible. So, hrm.
 This is really hrm, because your STR gives
 [[Image(avctrls.png)]]
 on my Windows 7 machine.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22104 [Applications/Tor Browser]: Adjust #19837 for ff52-esr

[Tor Bug Tracker & Wiki]

#22104: Adjust #19837 for ff52-esr
-+-
 Reporter:  cypherpunks  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-regression,  |  Actual Points:
  TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:4 cypherpunks]:
 > Hmm, seems to be e10s off only. Confirmed on Win XP.

 Works for me as well on my Windows 7 machine. I set
 `browser.tabs.remote.autostart.2` to `false`, restarted Tor Browser and
 clicked the link. The controls are still visible. So, hrm.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22104 [Applications/Tor Browser]: Adjust #19837 for ff52-esr

[Tor Bug Tracker & Wiki]

#22104: Adjust #19837 for ff52-esr
-+-
 Reporter:  cypherpunks  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-regression,  |  Actual Points:
  TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Hmm, seems to be e10s off only. Confirmed on Win XP.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22123 [Core Tor/Tor]: baseXX API strictness

[Tor Bug Tracker & Wiki]

#22123: baseXX API strictness
--+--
 Reporter:  catalyst  |  Owner:  catalyst
 Type:  enhancement   | Status:  assigned
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #19531| Points:
 Reviewer:|Sponsor:
--+--
Changes (by catalyst):

 * status:  new => assigned
 * owner:   => catalyst
 * milestone:   => Tor: unspecified


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21792 [Applications/Tor Browser]: Make sure MediaError.message does not aid to fingerprinting

[Tor Bug Tracker & Wiki]

#21792: Make sure MediaError.message does not aid to fingerprinting
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-fingerprinting,|  Actual Points:
  tbb-7.0-must-alpha, TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => needs_revision
 * keywords:
 ff52-esr, tbb-fingerprinting, tbb-7.0-must-alpha,
 TorBrowserTeam201705R
 => ff52-esr, tbb-fingerprinting, tbb-7.0-must-alpha,
 TorBrowserTeam201705


Comment:

 Replying to [comment:12 mcs]:
 > Your patch looks okay, although it would be safer to return an empty
 string in aResult in the `privacy.resistFingerprinting = true` case.

 I agree. Could you please change that, Arthur?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21675 [Applications/Tor Browser]: Set window.navigator.hardwareConcurrency to a constant value

[Tor Bug Tracker & Wiki]

#21675: Set window.navigator.hardwareConcurrency to a constant value
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-fingerprinting, ff52-esr,|  Actual Points:
  tbb-7.0-must, TorBrowserTeam201705R|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 This is commit 29b3b7af8e3b9528204ae49a396af80b3e4c4d61 on `tor-
 browser-52.1.0esr-7.0-2`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21792 [Applications/Tor Browser]: Make sure MediaError.message does not aid to fingerprinting

[Tor Bug Tracker & Wiki]

#21792: Make sure MediaError.message does not aid to fingerprinting
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-fingerprinting,|  Actual Points:
  tbb-7.0-must-alpha, TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by mcs):

 * cc: brade, mcs (added)


Comment:

 Your patch looks okay, although it would be safer to return an empty
 string in aResult in the `privacy.resistFingerprinting = true` case.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21675 [Applications/Tor Browser]: Set window.navigator.hardwareConcurrency to a constant value

[Tor Bug Tracker & Wiki]

#21675: Set window.navigator.hardwareConcurrency to a constant value
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, ff52-esr,|  Actual Points:
  tbb-7.0-must, TorBrowserTeam201705R|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by gk):

 Replying to [comment:12 arthuredelstein]:
 > Replying to [comment:11 gk]:
 >
 > > Assuming this really gets traction and developers start to check this
 attribute to deliver better performance to users I was wondering whether
 we should follow the bucket approach here instead: we could then do
 something like giving back 1 core if there are less than 4 cores
 available, and 4 cores if there are more than 3 but less than 8 and 8 if
 there more than 7. Is that worth the trade-off? Keep in mind that there is
 a probabilistic approach possible (#18559) regardless whether we give a
 uniform value back or not.
 >
 > I like this idea. It also suggests to me that to mitigate the attack in
 #18559 we could somehow restrict the use of cores to match the value of
 `window.navigator.hardwareConcurrency` that we report. So to match the
 policy in your example, we would allow the use of 1 core if there are less
 than 4 cores available, and allow 4 cores to be used if there are more
 than 3 and less than 8, etc. I'm not sure how easy it would be to do this
 in practice, but it would give a consistent core count with the patch
 here, so we can claim to actually hide the number.

 OKay. Given the time-constraints for getting Tor Browser 7.0 out I'll take
 the patch you have right now and opened a ticket (#22127) for the more
 elaborate approach.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22127 [Applications/Tor Browser]: Think about a more elaborate defense against fingerprinting with `hardwareConcurrency`

[Tor Bug Tracker & Wiki]

#22127: Think about a more elaborate defense against fingerprinting with
`hardwareConcurrency`
--+
 Reporter:  gk|  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-fingerprinting
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 In #21675 we set `dom.maxHardwareConcurrency` to `1` making users uniform.
 The cost for those with computers with more than 1 core could be
 performance degradation. We could think about following a bucket approach
 here, too, to mitigate that while still providing fingerprinting
 protection: users with up to and including 3 cores report back 1 core,
 users with 4 and up to and including 7 cores report 4 back and users with
 8 or more cores report 8 back. It would be neat if we could apply that to
 #18559 as well although this might be an orthogonal problem.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22086 [Core Tor/Tor]: Make NO_METHOD a real legit compression method

[Tor Bug Tracker & Wiki]

#22086: Make NO_METHOD a real legit compression method
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  enhancement  | Status:  closed
 Priority:  Low  |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  implemented
 Keywords:  cleanup null-object-pattern  |  Actual Points:  0.1
Parent ID:   | Points:  0
 Reviewer:   |Sponsor:  Sponsor4
-+-
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => implemented


Comment:

 Squashed and merged!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22086 [Core Tor/Tor]: Make NO_METHOD a real legit compression method

[Tor Bug Tracker & Wiki]

#22086: Make NO_METHOD a real legit compression method
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  enhancement  | Status:  merge_ready
 Priority:  Low  |  Milestone:  Tor:
 |  0.3.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  cleanup null-object-pattern  |  Actual Points:  0.1
Parent ID:   | Points:  0
 Reviewer:   |Sponsor:  Sponsor4
-+-
Changes (by ahf):

 * status:  needs_review => merge_ready


Comment:

 Looks good with the tests!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22106 [Core Tor/Tor]: Initial Rust support

[Tor Bug Tracker & Wiki]

#22106: Initial Rust support
--+
 Reporter:  Sebastian |  Owner:
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by Sebastian):

 Wow. This took half a day and a lot of ugly hacks, but this is ready for
 review now. It can build without rust (default), with rust and locally
 supplied dependencies via submodule (default if using rust), with rust and
 locally supplied dependencies in a given directory (via configure env
 variable) or with rust and using crates.io (via configure switch).

 We detect Rust compiler version (requiring 1.14 as of now, which will be
 included in stretch) as well as the presence of all required crates during
 configure.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22106 [Core Tor/Tor]: Initial Rust support

[Tor Bug Tracker & Wiki]

#22106: Initial Rust support
--+
 Reporter:  Sebastian |  Owner:
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by Sebastian):

 * status:  needs_revision => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22104 [Applications/Tor Browser]: Adjust #19837 for ff52-esr

[Tor Bug Tracker & Wiki]

#22104: Adjust #19837 for ff52-esr
-+-
 Reporter:  cypherpunks  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-regression,  |  Actual Points:
  TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  new => needs_information


Comment:

 Replying to [comment:2 cypherpunks]:
 > STR:
 https://ia600201.us.archive.org/1/items/OrsonWellesMrBruns/381030.ogg
 > If you don't see OS, test it on Windoze ;)

 Works for me on my Windows 7 machine. Do you have steps to reproduce that?
 Does this happen with a freshly downloaded Tor Browser 7.0a3 (settings
 kept to the default ones)?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21940 [Applications/Tor Browser]: OSX updater: consider disabling privilege escalation

[Tor Bug Tracker & Wiki]

#21940: OSX updater: consider disabling privilege escalation
-+-
 Reporter:  mcs  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:5 mcs]:
 > Thanks Tim. One more scenario which I just tested: if a non-admin user
 installs Tor Browser into /Applications they are prompted to authenticate
 as an administrator. After they do that, TorBrowser.app is owned by the
 non-admin user (which surprises me a little). But that does mean that the
 non-admin user can update.
 >
 > Reading the first part of
 https://bugzilla.mozilla.org/show_bug.cgi?id=394984 again, the scenario
 mentioned there is that of Firefox being installed by an account that no
 longer exists. So maybe the need for privilege escalation is very limited,
 even if we fix #21779.

 So, do we think the risk of privilege escalation support is worth it? If
 not, how much work would it be to "back" this out?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22125 [Applications/Tor Browser]: Unit test for js locale

[Tor Bug Tracker & Wiki]

#22125: Unit test for js locale
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, ff52-esr,|  Actual Points:
  tbb-7.0-must   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by boklm):

 > Maybe boklm's testing framework can do this?

 Yes, we can set the LANG variable to different values before running a
 test.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21973 [Applications/Tor Browser]: Fonts settings changed badly in 7.0a3 on Win 7

[Tor Bug Tracker & Wiki]

#21973: Fonts settings changed badly in 7.0a3 on Win 7
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff52-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * status:  needs_information => new


Comment:

 When I switched content backend back to cairo, the situation improved:
 scrollbar on High only. But Tor Browser suddenly hangs on browser console
 now.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22122 [Metrics/metrics-lib]: Add support for six new key-value pairs added by OnionPerf

[Tor Bug Tracker & Wiki]

#22122: Add support for six new key-value pairs added by OnionPerf
-+---
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:  metrics-lib 1.7.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---

Comment (by karsten):

 Thanks, Rob, for the quick feedback!  I included as many of those details
 as possible while trying to leave out implementation specifics.  (I also
 considered my note to self above by reformatting JavaDocs and including
 `@since` tags.)  Now waiting for a review of the Java parts before this
 can go in.  Thanks again!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22126 [User Experience/Website]: Add communication director job posting to the website

[Tor Bug Tracker & Wiki]

#22126: Add communication director job posting to the website
-+
 Reporter:  hiro |  Owner:  hiro
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  User Experience/Website  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by hiro):

 * status:  new => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22126 [User Experience/Website]: Add communication director job posting to the website

[Tor Bug Tracker & Wiki]

#22126: Add communication director job posting to the website
-+--
 Reporter:  hiro |  Owner:  hiro
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  User Experience/Website  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+--
 Request from Erin

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21608 [Applications/Tor Browser]: Investigate `DateTimeFormat.formatToParts` for fingerprintability issues

[Tor Bug Tracker & Wiki]

#21608: Investigate `DateTimeFormat.formatToParts` for fingerprintability issues
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha, tbb-   |  Actual Points:
  fingerprinting, TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by cypherpunks):

 Pref is `javascript.use_us_english_locale` ;)
 Also we need something `international` as `UTC`, but not `us_english` for
 american idiots only, like `12/17/2012` instead of dd.mm. or even
 .mm.dd, `3:00:42 PM` instead of 15:00:42, and so on.
 [https://en.wikipedia.org/wiki/International_System_of_Units System SI]
 has all we need.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21675 [Applications/Tor Browser]: Set window.navigator.hardwareConcurrency to a constant value

[Tor Bug Tracker & Wiki]

#21675: Set window.navigator.hardwareConcurrency to a constant value
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, ff52-esr,|  Actual Points:
  tbb-7.0-must, TorBrowserTeam201705R|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by cypherpunks):

 Locking firefox.exe to one core is easy. Also you get load of 2 cores in
 e10s by this and more than 4 cores in e10s-multi.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16285 [Applications/Tor Browser]: Make sure EME is no tracking risk in Tor Browser

[Tor Bug Tracker & Wiki]

#16285: Make sure EME is no tracking risk in Tor Browser
-+-
 Reporter:  gk   |  Owner:  gk
 Type:  task | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-linkability,   |  Actual Points:
  GeorgKoppen201705, TorBrowserTeam201705,   |
  tbb-7.0-must-alpha |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:
 ff52-esr, tbb-linkability, GeorgKoppen201605, TorBrowserTeam201606,
 tbb-7.0-must-alpha
 =>
 ff52-esr, tbb-linkability, GeorgKoppen201705, TorBrowserTeam201705,
 tbb-7.0-must-alpha


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22044 [Applications/Tor Browser]: When I use the search box in the upper right it defaults to using youtube (on macOS) (was: when I use the search box in the upper right it defaults to

[Tor Bug Tracker & Wiki]

#22044: When I use the search box in the upper right it defaults to using 
youtube
(on macOS)
--+--
 Reporter:  Dbryrtfbcbhgf |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21762 [Applications/Tor Browser]: Check new Firefox favicon code for first-party isolation

[Tor Bug Tracker & Wiki]

#21762: Check new Firefox favicon code for first-party isolation
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * keywords:  ff52-esr, tbb-7.0-must-alpha => ff52-esr, tbb-7.0-must-alpha,
 TorBrowserTeam201705
 * priority:  Medium => High


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #16285, #21686, #21689, #21727, ...

[Tor Bug Tracker & Wiki]

Batch modification to #16285, #21686, #21689, #21727, #21762, #21790, #21797, 
#22044 by gk:
keywords to tbb-7.0-must-alpha

Comment:
Moving tickets onto our alpha radar.

--
Tickets URL: 

Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #16337, #16341, #18599, #21609, ...

[Tor Bug Tracker & Wiki]

Batch modification to #16337, #16341, #18599, #21609, #21688, #21886, #21879, 
#21999 by gk:
keywords to TorBrowserTeam201705

Comment:
Moving more tickets on our May 2015 radar.

--
Tickets URL: 

Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #16010, #16404, #20685, #21249

[Tor Bug Tracker & Wiki]

Batch modification to #16010, #16404, #20685, #21249 by gk:
keywords to GeorgKoppen201705

Comment:
Moving my tickets to May.

--
Tickets URL: 

Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #6119, #21625, #21766, #16010, ...

[Tor Bug Tracker & Wiki]

Batch modification to #6119, #21625, #21766, #16010, #16404, #21685, #21746, 
#21756, #21861, #21982, #17380, #18530, #18925, #20685, #20761, #21286, #21431, 
#21432, #21627, #21657, #21684, #21689, #21779, #21824, #21850, #21851, #21862, 
#21863, #21940, #22000, #22003, #22115 by gk:
keywords to TorBrowserTeam201705

Comment:
Moving our tickets to May 2017.

--
Tickets URL: 

Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18560 [Applications/Tor Browser]: WEBGL_debug_renderer_info extension may leak information about graphics driver

[Tor Bug Tracker & Wiki]

#18560: WEBGL_debug_renderer_info extension may leak information about graphics
driver
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff59-esr, tbb-fingerprinting  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:  None
--+--
Changes (by gk):

 * keywords:  ff52-esr, tbb-fingerprinting, tbb-7.0-must-alpha => ff59-esr,
 tbb-fingerprinting
 * status:  needs_review => assigned
 * priority:  High => Medium


Comment:

 Replying to [comment:4 arthuredelstein]:
 > In 52ESR, this extension [https://dxr.mozilla.org/mozilla-
 
esr52/rev/cb606065c4c1f021a03421eff069d64032cf9b4a/modules/libpref/init/all.js#4497
 remains disabled] in Beta and Release channels.

 Yes. This is gone with Firefox 53, though.

 > Moreover, in Tor Browser, we [https://gitweb.torproject.org/tor-
 browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-
 browser-52.1.0esr-7.0-2#n112 have] `pref("webgl.disable-extensions",
 true)`, which means that all webgl extensions are disabled (including
 WEBGL_debug_renderer_info).
 >
 > To be extra sure, I manually confirmed in TBB 7.0a3 that entering
 > {{{
 > document.createElement("canvas").getContext("experimental-
 webgl").getSupportedExtensions();
 > }}}
 > in a content JS console returns an empty array.
 >
 > We could postpone this ticket again to ff59-esr, but as long as we are
 disabling all extensions, I think the conclusion will be the same.

 I tend to agree. Might be worth, though, double-checking that this is
 actually the case (we could review the webgl extensions disabling code
 then).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22125 [Applications/Tor Browser]: Unit test for js locale

[Tor Bug Tracker & Wiki]

#22125: Unit test for js locale
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, ff52-esr,|  Actual Points:
  tbb-7.0-must   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * cc: boklm (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21793 [Applications/Tor Browser]: Keep an eye on the CustomElementRegistry API

[Tor Bug Tracker & Wiki]

#21793: Keep an eye on the CustomElementRegistry API
---+--
 Reporter:  gk |  Owner:  tbb-team
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ff59-esr, tbb-linkability  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by gk):

 * keywords:  ff59-esr, tbb-linkability, tbb-7.0-must-alpha,
 TorBrowserTeam201705R => ff59-esr, tbb-linkability
 * priority:  High => Medium
 * status:  needs_review => assigned


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22041 [Applications/Tor Browser]: libmozsandbox.so error on Debian jessie amd64 after upgrading to 7.0a3

[Tor Bug Tracker & Wiki]

#22041: libmozsandbox.so error on Debian jessie amd64 after upgrading to 7.0a3
-+-
 Reporter:  dcf  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Fixed with commit d70009f425f9da6a74413b286ef768ba97c899cd, thanks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13017 [Applications/Tor Browser]: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector

[Tor Bug Tracker & Wiki]

#13017: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting 
vector
--+-
 Reporter:  mikeperry |  Owner:  arthuredelstein
 Type:  task  | Status:  needs_review
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Critical  | Resolution:
 Keywords:  tbb-fingerprinting-os |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by gk):

 * keywords:  tbb-fingerprinting-os, ff52-esr, tbb-7.0-must,
 TorBrowserTeam201705R => tbb-fingerprinting-os


Comment:

 Pushed to `tor-browser-52.1.0esr-7.0-2` with commit
 ff923c1609c6bc4d9dd3a8b60f684d7c410a7399. Leaving this ticket open for a
 real fix, though.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #13017, #22041, #10286, #17965, ...

[Tor Bug Tracker & Wiki]

Batch modification to #13017, #22041, #10286, #17965, #21569, #21742, #21792, 
#18022, #20683, #21323, #21675 by gk:
keywords to TorBrowserTeam201705R

Comment:
Moving review tickets to May.

--
Tickets URL: 

Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs