Re: [tor-bugs] #29449 [Internal Services/Tor Sysadmin Team]: Please refresh the GPG key for irl in LDAP

[Tor Bug Tracker & Wiki]

#29449: Please refresh the GPG key for irl in LDAP
-+-
 Reporter:  irl  |  Owner:  tpa
 Type:  task | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by irl):

 
https://db.torproject.org/fetchkey.cgi?fingerprint=A8F7BA5041E19CBA169676D58093F540ABCD

 This seems to give the correct key, so I think that is all working.

 Why did it need pushed to git-rw?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27824 [Applications/Tor Browser]: TorBrowser or NoScript 10 prevents cookies even if cookie exceptions are present

[Tor Bug Tracker & Wiki]

#27824: TorBrowser or NoScript 10 prevents cookies even if cookie exceptions are
present
+--
 Reporter:  joebt   |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  Tor Browser, NoScript, cookies  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by Thorin):

 Replying to [comment:2 cypherpunks]:
 > Users shouldn't be forced to allow cookies globally, just to login one
 site
 Cookies are not the problem. All persistent local data of any kind
 (cookies, localStorage, sessionStorage, SSL Session IDs, site permissions,
 etc) is cleared when you close Tor Browser or get a new Identity. Note:
 appCache, indexedDB and serviceWorkers(cache) are not enabled in Tor
 Browser.

 > Even if session cookies are allowed, third party cookies shouldn't be
 enabled by default
 There's a *little* thing called First Party Isolation (FPI), read up on
 it.

 Don't play with your ~~food~~ settings. Be like all the other Tor Browser
 users and use the defaults. Also, sites are less likely to break.

 It is true that FPI doesn't protect against a repeat visit to a first
 party, but the visits are already linked via other means (IP, SSL Session
 IDs to name a couple)

 Learn some OpSec and use the New Identity button

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29431 [Core Tor/Nyx]: nyx tool not working

[Tor Bug Tracker & Wiki]

#29431: nyx tool not working
--+---
 Reporter:  cypherpunks   |  Owner:  atagar
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Core Tor/Nyx  |Version:  Tor: unspecified
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by cypherpunks):

 I used PIP to install. Didn't need to install stem separate (maybe already
 present)
 The problem I had was my ControlPort wasn't set because I run a relay and
 I never needed one. Set it to 9051 solved the problem.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29431 [Core Tor/Nyx]: nyx tool not working

[Tor Bug Tracker & Wiki]

#29431: nyx tool not working
--+--
 Reporter:  cypherpunks   |  Owner:  atagar
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Core Tor/Nyx  |Version:  Tor: unspecified
 Severity:  Major | Resolution:  not a bug
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * status:  needs_information => closed
 * resolution:   => not a bug


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29449 [Internal Services/Tor Sysadmin Team]: Please refresh the GPG key for irl in LDAP

[Tor Bug Tracker & Wiki]

#29449: Please refresh the GPG key for irl in LDAP
-+-
 Reporter:  irl  |  Owner:  tpa
 Type:  task | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by ln5):

 * status:  new => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29449 [Internal Services/Tor Sysadmin Team]: Please refresh the GPG key for irl in LDAP

[Tor Bug Tracker & Wiki]

#29449: Please refresh the GPG key for irl in LDAP
-+-
 Reporter:  irl  |  Owner:  tpa
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ln5):

 Updated key pushed to git-rw and alberti.
 I'm uncertain about the need of running anything on alberti before we're
 done.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29451 [Applications/Tor Browser]: document.body must not return null at document_end state

[Tor Bug Tracker & Wiki]

#29451: document.body must not return null at document_end state
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 A proof that this is a bug
 https://github.com/Tampermonkey/tampermonkey/issues/485

 'run-at document-end'
 https://user-images.githubusercontent.com/1324510/34437603-bed9b25e-ecda-
 11e7-9fda-202e413a25db.png

 Where's bugzilla report?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29451 [Applications/Tor Browser]: document.body must not return null at document_end state

[Tor Bug Tracker & Wiki]

#29451: document.body must not return null at document_end state
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 See https://via.hypothes.is/https://support.mozilla.org/en-
 US/questions/1249715

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29451 [Applications/Tor Browser]: document.body must not return null at document_end state

[Tor Bug Tracker & Wiki]

#29451: document.body must not return null at document_end state
-+--
 Reporter:  cypherpunks  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Component:  Applications/Tor Browser
  Version:   |   Severity:  Major
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
 Manifest: "content_scripts":[{ "all_frames": true, "matches":
 ["https://*/*;], "js": ["test.js"], "run_at": "document_end" }],

 test.js: document.body.addEventListener(...)

 And try to open this page:
 https://via.hypothes.is/https://lists.torproject.org/pipermail/tor-
 onions/2019-January/thread.html


 Final Result: "TypeError: document.body is null" in Browser Console.

 Expected result: No error, because the script run at document_end

 Tested on: Tor Browser 8.0.5

 May affect on: Firefox 60.5.0esr

 The reason why I post this here is bugzilla.mozilla.org doesn't let me
 create an account. Go easy on me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29431 [Core Tor/Nyx]: nyx tool not working

[Tor Bug Tracker & Wiki]

#29431: nyx tool not working
--+---
 Reporter:  cypherpunks   |  Owner:  atagar
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Core Tor/Nyx  |Version:  Tor: unspecified
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by atagar):

 * status:  reopened => needs_information


Comment:

 Yup, pip is the right way to go. Apt repos are very slow to upgrade...

 https://nyx.torproject.org/#no_apt_get

 I'd suggest installing both nyx *and* stem that way...

 {{{
 % sudo pip install stem
 % sudo pip install nyx
 }}}

 If that doesn't do the trick then please provide the error or stacktrace
 you are seeing.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27824 [Applications/Tor Browser]: TorBrowser or NoScript 10 prevents cookies even if cookie exceptions are present

[Tor Bug Tracker & Wiki]

#27824: TorBrowser or NoScript 10 prevents cookies even if cookie exceptions are
present
+--
 Reporter:  joebt   |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  Tor Browser, NoScript, cookies  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by cypherpunks):

 It's still not fixed in TBB 8.5.  No time?

 With Torbutton security slider at safest (standard) or Safer, and Cookies
 & Site Data = Block; entering a session cookie exception:
 https://trac.torproject.org (or any site) doesn't allow exception domains
 to set even 1st party cookies.

 It works correctly when cookies are blocked in Fx 60.4esr (linux) & Fx
 quantum - now v65.0 (linux).

 Users shouldn't be forced to allow cookies globally, just to login one
 site;
 nor have to switch Allow / Block cookies back & forth when they don't want
 cookies allowed globally.

 Even if session cookies are allowed, third party cookies shouldn't be
 enabled by default.
 At least, that's the 3rd party cookie setting when Cookies & Site Data is
 enabled.

 That directly contradicts efforts to prevent third party tracking.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29416 [Internal Services/Tor Sysadmin Team]: Decide whom to buy NC from and apply for resources

[Tor Bug Tracker & Wiki]

#29416: Decide whom to buy NC from and apply for resources
-+-
 Reporter:  ln5  |  Owner:  tpa
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #29415   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by GreenReaper):

 Consider LeaseWeb? Their dedicated servers are expensive in the USA, but
 virtual servers aren't (and are also on their "Premium" provider network,
 rather than "Volume"):
 https://www.leaseweb.us/cloud/virtual-server

 Machines are older once cycled out from hosting so you might get e.g.
 Nehalem-C, but you get all the CPU features, e.g. aes and up to sse4.2.

 Of course it depends on if what you want to put there fits into 40/60GB.
 Bear in mind that traffic is also the sum of in+out, unlike Hetzner - and
 overages are pricy, because it is that "Premium" transit.

 (If you get an extra bill, check that it's valid as they have had issues
 with double-counting days. Compare Virtual Server/All Datagraphs in the
 customer portal with the VPS's own Network tab on the Manage page - if it
 doesn't match, something's up!)

 Other options I have used: Vultr, UpCloud. I don't recommend SSDNodes,
 they aggressively overcommit on RAM and trim cache memory to ~1/8th of the
 promised size. OVH has also been spotty at times (and it's in Quebec which
 maybe isn't what you want).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29450 [- Select a component]: Option to view BridgeDB in English

[Tor Bug Tracker & Wiki]

#29450: Option to view BridgeDB in English
-+--
 Reporter:  gecko|  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Low  |  Component:  - Select a component
  Version:   |   Severity:  Normal
 Keywords:  bridgedb |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
 The website https://bridges.torproject.org/ seems to automatically show in
 a language it assumes the user knows. What if someone is connecting
 through a foreign country and does not know that particular language? Why
 is there no language-changer button, or even just a simple function to
 switch to English?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29356 [Internal Services/Service - git]: Create user/brade/tor-browser-spec repo

[Tor Bug Tracker & Wiki]

#29356: Create user/brade/tor-browser-spec repo
-+
 Reporter:  brade|  Owner:  tor-gitadm
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - git  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by irl):

 * status:  new => closed
 * type:  defect => task
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29346 [Metrics/Website]: Document why our CSV files are in tidy/long format and how to process them

[Tor Bug Tracker & Wiki]

#29346: Document why our CSV files are in tidy/long format and how to process 
them
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by irl):

 This sounds plausible, however I think we become the de facto maintainer
 for the pivottable plugin, which was developed as part of a fixed-term EU
 funding arrangement that seems to have ended in 2017. At least the
 JavaScript library it is a wrapper for seems to be currently maintained.
 There is probably also some pivot table function in LibreOffice that I've
 not seen so documenting the format is certainly helpful.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26763 [Metrics/Bot]: Generate tweets from Metrics news feed

[Tor Bug Tracker & Wiki]

#26763: Generate tweets from Metrics news feed
-+-
 Reporter:  irl  |  Owner:  irl
 Type:  enhancement  | Status:  closed
 Priority:  High |  Milestone:
Component:  Metrics/Bot  |Version:
 Severity:  Normal   | Resolution:  wontfix
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by irl):

 * status:  accepted => closed
 * resolution:   => wontfix


Comment:

 This concludes the experiment, I think for now we don't have the capacity
 to get this going.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26763 [Metrics/Bot]: Generate tweets from Metrics news feed

[Tor Bug Tracker & Wiki]

#26763: Generate tweets from Metrics news feed
-+--
 Reporter:  irl  |  Owner:  irl
 Type:  enhancement  | Status:  accepted
 Priority:  High |  Milestone:
Component:  Metrics/Bot  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by irl):

 There seems to be unicode errors in the output, so this wasn't working
 great.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29449 [Internal Services/Tor Sysadmin Team]: Please refresh the GPG key for irl in LDAP

[Tor Bug Tracker & Wiki]

#29449: Please refresh the GPG key for irl in LDAP
-+-
 Reporter:  irl  |  Owner:  tpa
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by irl):

 * Attachment "irl.asc" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29449 [Internal Services/Tor Sysadmin Team]: Please refresh the GPG key for irl in LDAP

[Tor Bug Tracker & Wiki]

#29449: Please refresh the GPG key for irl in LDAP
-+-
 Reporter:  irl  |  Owner:  tpa
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 The key is attached, I messed up and the key expires in 3 days so there is
 some urgency to this. I will try to do better next time.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28290 [Applications/Tor Browser]: Don't allow fingerprinting via navigator.userAgent

[Tor Bug Tracker & Wiki]

#28290: Don't allow fingerprinting via navigator.userAgent
--+--
 Reporter:  indigotime|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting-os |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by boklm):

 * cc: HenkAnon (added)


Comment:

 #29441 is a duplicate.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29441 [Applications/Tor Browser]: Certain websites detect OS as linux despite Windows NT UA

[Tor Bug Tracker & Wiki]

#29441: Certain websites detect OS as linux despite Windows NT UA
--+---
 Reporter:  HenkAnon  |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:  duplicate
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by boklm):

 * status:  new => closed
 * version:  Tor: unspecified =>
 * resolution:   => duplicate


Comment:

 Closing as duplicate of #28290.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22137 [Applications/Tor Browser]: Provide the same scrollbar size across different platforms

[Tor Bug Tracker & Wiki]

#22137: Provide the same scrollbar size across different platforms
---+--
 Reporter:  gk |  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-fingerprinting-resolution  |  Actual Points:
Parent ID:  #18283 | Points:
 Reviewer: |Sponsor:
---+--

Comment (by Thorin):

 > FYI: There will also be a test for this at
 https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#useragent
 - under `[scrollbar width] os` when added (soon), which incorporates
 detection of zoom (which is required to correctly calculate the scrollbar
 width if zoom is not 100%)

 Added it. I didn't bother to add the os logic yet, but have built
 detection of zoom (but not factored it to reverse the result - it's not
 very precise). Anyway, at least the test is there to return the width in
 tests. Zoom your page and refresh to see what I mean.

 Probably tomorrow I will add, if zoom is at 100%, an OS value as well
 (which isn't really the point, the actual width itself is the entropy)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29040 [Core Tor/Tor]: Tor crashes if ClientOnionAuthDir contains more than one private key for a hidden service

[Tor Bug Tracker & Wiki]

#29040: Tor crashes if ClientOnionAuthDir contains more than one private key 
for a
hidden service
-+-
 Reporter:  demfloro |  Owner:  haxxpop
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.5.7
 Severity:  Major| Resolution:  fixed
 Keywords:  040-proposed, tor-hs, crash, |  Actual Points:
  035-backport   |
Parent ID:   | Points:
 Reviewer:  dgoulet  |Sponsor:
-+-

Comment (by haxxpop):

 Oh I forgot about this. So sorry.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28816 [Core Tor/Tor]: Call a correct connection_buf_add* function based on compress_state of dir_connection_t

[Tor Bug Tracker & Wiki]

#28816: Call a correct connection_buf_add* function based on compress_state of
dir_connection_t
-+-
 Reporter:  teor |  Owner:  rl1987
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  technical-debt, tor-dir, tor-bwauth  |  Actual Points:
Parent ID:  #21377   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by rl1987):

 * status:  accepted => needs_review


Comment:

 https://github.com/torproject/tor/pull/696

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29362 [Applications/Tor Browser]: getting video error message

[Tor Bug Tracker & Wiki]

#29362: getting video error message
--+---
 Reporter:  releasetheclowns  |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-usability-website |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by releasetheclowns):

 I tried Beetvapp and that did not display the video either. Ok i have
 tried everything under the sun and i waving the white flag. Closing
 ticket.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29448 [Obfuscation/BridgeDB]: Provide a dir-spec implementation that serves sanitised descriptors

[Tor Bug Tracker & Wiki]

#29448: Provide a dir-spec implementation that serves sanitised descriptors
--+
 Reporter:  irl   |  Owner:  sysrqb
 Type:  project   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 The Metrics Team currently performs sanitizing of bridge descriptors
 before publishing them on CollecTor (and subsequently feeding them into
 other software).

 The published descriptors are detailed in:

 https://metrics.torproject.org/collector.html#bridge-descriptors

 The sanitizing steps are detailed here:

 https://metrics.torproject.org/bridge-descriptors.html

 The descriptors are transferred to the CollecTor host unsanitized by means
 of rsyncing a tarball. This violates one of the Tor Metrics principles in
 that this is a private interface and we are handling sensitive data. While
 the data is then sanitized and published, it is not possible for others to
 operate their own CollecTor instance that fetches data directly from the
 BridgeDB instance. Additionally, this increases code complexity in
 CollecTor as now we must treat the fetching of relay and bridge
 descriptors differently.

 Ideally the sanitizing steps would be performed by BridgeDB and then we
 would be able to reuse (at least large chunks of) CollecTor code that
 currently fetches relay descriptors.

 This is a project that would need co-ordination with the Metrics Team on
 the best way forward.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28816 [Core Tor/Tor]: Call a correct connection_buf_add* function based on compress_state of dir_connection_t (was: Call a correct connection_buf_add* function based on compress state

[Tor Bug Tracker & Wiki]

#28816: Call a correct connection_buf_add* function based on compress_state of
dir_connection_t
-+-
 Reporter:  teor |  Owner:  rl1987
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  technical-debt, tor-dir, tor-bwauth  |  Actual Points:
Parent ID:  #21377   | Points:
 Reviewer:   |Sponsor:
-+-

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28816 [Core Tor/Tor]: Call a correct connection_buf_add* function based on compress state of dir_connection_t (was: Log a bug for uncompressed data on a compressed connection)

[Tor Bug Tracker & Wiki]

#28816: Call a correct connection_buf_add* function based on compress state of
dir_connection_t
-+-
 Reporter:  teor |  Owner:  rl1987
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  technical-debt, tor-dir, tor-bwauth  |  Actual Points:
Parent ID:  #21377   | Points:
 Reviewer:   |Sponsor:
-+-

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27524 [Applications/Tor Browser]: Hide "New Identity" "New circuit" burger menu buttons if "extensions.torbutton.use_nontor_proxy" is true.

[Tor Bug Tracker & Wiki]

#27524: Hide "New Identity" "New circuit" burger menu buttons if
"extensions.torbutton.use_nontor_proxy" is true.
--+--
 Reporter:  cypherpunks3  |  Owner:  tbb-team
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 I need this.

 'extensions.torbutton.use_nontor_proxy' is true === Not Tor Browser mode

 Can't you just hide if 'extensions.torbutton.use_nontor_proxy' is true?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29447 [Applications/Tor Browser]: "Torbutton WARN: Version check failed!" should disappear if extensions.torbutton.use_nontor_proxy is true

[Tor Bug Tracker & Wiki]

#29447: "Torbutton WARN: Version check failed!" should disappear if
extensions.torbutton.use_nontor_proxy is true
-+--
 Reporter:  cypherpunks  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  High |  Component:  Applications/Tor Browser
  Version:   |   Severity:  Normal
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
 Many people I know use Tor Browser as better Firefox.

 When 'extensions.torbutton.use_nontor_proxy' is true, TorButton should
 stop version check and error message.

 Enabling 'extensions.torbutton.use_nontor_proxy' allows us to use
 TorBrowser with local proxy/nonproxy like a normal browser.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29446 [Applications/Tor Browser]: Tor Browser is phoning home to www.eff.org while the user disable HTTPS Everywhere from about:addons

[Tor Bug Tracker & Wiki]

#29446: Tor Browser is phoning home to www.eff.org while the user disable HTTPS
Everywhere from about:addons
-+--
 Reporter:  cypherpunks  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  High |  Component:  Applications/Tor Browser
  Version:   |   Severity:  Normal
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
 1. Disable HTTPS everywhere from addons.
 2. Watch the traffic.


 The problem is the addon is phoning home. It should stop because the state
 is disabled.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29445 [Applications/Tor Browser]: Tor Browser is denying ESR policies.json. This should work because TB is ESR fork.

[Tor Bug Tracker & Wiki]

#29445: Tor Browser is denying ESR policies.json. This should work because TB is
ESR fork.
-+--
 Reporter:  cypherpunks  |  Owner:  tbb-team
 Type:  task | Status:  new
 Priority:  High |  Component:  Applications/Tor Browser
  Version:   |   Severity:  Normal
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
 https://www.ghacks.net/2018/05/21/enterprise-policy-generator-add-on-for-
 firefox/

 What:
 Create a file "TorBrowser/distribution/policies.json" to disable telemetry
 and other annoyances

 Expected behavior:
 The browser obey policies.json because Tor Browser is based on Firefox ESR

 Actual result:
 "Only Allowed on ESR" error message on Browser Console

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29444 [- Select a component]: Unable to login from onion

[Tor Bug Tracker & Wiki]

#29444: Unable to login from onion
-+--
 Reporter:  cypherpunks  |  Owner:  (none)
 Type:  task | Status:  new
 Priority:  High |  Component:  - Select a component
  Version:   |   Severity:  Normal
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
 Error: Bad Request

 Missing or invalid form token. Secure cookies are enabled, you must use
 https to submit forms.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29120 [Applications/Tor Browser]: Default value of media.cache_size (0) causes some media to load extremely slowly or become unplayable

[Tor Bug Tracker & Wiki]

#29120: Default value of media.cache_size (0) causes some media to load 
extremely
slowly or become unplayable
-+-
 Reporter:  QZw2aBQoPyuEVXYVlBps |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-disk-leak, tbb-usability-|  Actual Points:
  website, TorBrowserTeam201902  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by QZw2aBQoPyuEVXYVlBps):

 Here is the result of loading a media file where the server gives a "0" as
 the content length:

 {{{
 [45086:Main Thread]: D/MemoryBlockCache 0x7f6f9075b340 MemoryBlockCache()
 MEMORYBLOCKCACHE_ERRORS='InitUnderuse'
 [45086:Main Thread]: D/MemoryBlockCache 0x7f6f9075b340 Init()
 [45086:Main Thread]: D/MediaCache GetMediaCache(0) -> Memory MediaCache
 0x7f6f99e24870
 [45086:MediaCache]: D/MediaCache Stream 0x7f6fa8857040 opened
 [45086:MediaCache]: D/MediaCache Stream 0x7f6fa8857040 feeding reader
 [45086:MediaCache]: D/MediaCache Stream 0x7f6fa8857040 DataStarted: 0
 aLoadID=1 aLength=0
 [45086:MediaCache]: D/MediaCache Stream 0x7f6fa8857040 at end of stream
 [45086:MediaCache]: D/MediaCache Stream 0x7f6fa8857040 at end of stream
 [45086:MediaCache]: D/MediaCache Stream 0x7f6fa8857040 at end of stream
 [Child 45086, MediaPlayback #1] WARNING: Decoder=7f6f92aa1e00
 state=DECODING_METADATA Decode metadata failed, shutting down decoder:
 file /var/tmp/build/firefox-
 4d0f9fa5fdd5/dom/media/MediaDecoderStateMachine.cpp, line 340
 [Child 45086, MediaPlayback #1] WARNING: Decoder=7f6f92aa1e00 Decode
 error: NS_ERROR_DOM_MEDIA_METADATA_ERR (0x806e0006) - static
 mozilla::MP4Metadata::ResultAndByteBuffer
 mozilla::MP4Metadata::Metadata(mozilla::ByteStream*): Cannot parse
 metadata: file /var/tmp/build/firefox-
 4d0f9fa5fdd5/dom/media/MediaDecoderStateMachine.cpp, line 3118
 [45086:MediaCache]: D/MediaCache Stream 0x7f6fa8857040 at end of stream
 [45086:MediaCache]: D/MediaCache Stream 0x7f6fa8857040 closed
 [45086:Main Thread]: D/MediaCache
 MediaCacheStream::~MediaCacheStream(this=0x7f6fa8857040)
 MEDIACACHESTREAM_LENGTH_KB=0
 [45086:Main Thread]: D/MediaCache ~MediaCache(Memory-backed MediaCache
 0x7f6f99e24870)
 [45086:Main Thread]: D/MemoryBlockCache 0x7f6f9075b340 ~MemoryBlockCache()
 - destroying buffer of size 0; combined sizes now 0
 }}}

 The end result for the user is a "No video with supported format and MIME
 type found." error message on the video. This result seems sane to me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29231 [Core Tor/Tor]: Relays vastly underreport write-total in padding-counts line in extrainfo descriptor

[Tor Bug Tracker & Wiki]

#29231: Relays vastly underreport write-total in padding-counts line in 
extrainfo
descriptor
---+
 Reporter:  arma   |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-relay padding  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+

Comment (by arma):

 Oh, I should probably say: credit to karsten and irl for finding the
 anomaly. I was just nearby at the hack meeting and overheard them talking
 about it and filed the ticket.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29362 [Applications/Tor Browser]: getting video error message

[Tor Bug Tracker & Wiki]

#29362: getting video error message
--+---
 Reporter:  releasetheclowns  |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-usability-website |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by beetv):

 I too got the video message error but now everything seems to be working
 pretty fine as I have been using beetv [https://beetvapp.com/] to watch
 movies and tv shows including the tor.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22260 [Internal Services/Schleuder]: Schleuder does not decrypt and re-encrypt attachments

[Tor Bug Tracker & Wiki]

#22260: Schleuder does not decrypt and re-encrypt attachments
-+-
 Reporter:  teor |  Owner:  hiro
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Schleuder  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by irl):

 * status:  needs_revision => needs_information


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29430 [Applications/Tor Browser]: Use uTLS for meek TLS camouflage in Tor Browser

[Tor Bug Tracker & Wiki]

#29430: Use uTLS for meek TLS camouflage in Tor Browser
--+--
 Reporter:  dcf   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  meek utls |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:5 yawning]:
 > Replying to [comment:4 mcs]:
 > > Kathy and I agree: if we are planning to switch to obfs4proxy's meek
 client implementation (which seems like a good option to us), we should
 change Tor Launcher to use SOCKS args with the meek PT that it spins up
 for Moat.
 > >
 > > Georg, is it worthwhile for us to do that work in Tor Launcher soon,
 or should we first resolve the "meek-client or obfs4proxy?" question?
 >
 > For what it's worth, I also think that changing Tor Launcher to do so is
 orthogonal from which meek implementation is being used, since the new
 code will work with both implementations (unless meek-client is doing
 something extremely surprising under the hood).

 Yep, that's what occurred to me as well. mcs/brade: aiming for the SOCKS
 args work to be ready for 9.0a1 seems like a good idea to me. Could you
 open a child ticket to this bug for that? We can then start shipping Tor
 Browser with uTLS support in the alphas shaking out bugs and have this
 ready for 9.0 later this year. However, we should have #28044 done first
 if possible.

 This is quite exciting as it gets rid of the additional browser profiles
 we ship, too, and brings us a step closer to a Tor Browser without
 extensions that need a signature requirement exception.

 So far I see no drawback of using `meek_lite`, so let's aim for that one.
 We can think a bit more about it, though, before we make a final decision
 in a couple of weeks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs