[tor-bugs] #30536 [Applications/Tor Browser]: Update go to 1.12.5

[Tor Bug Tracker & Wiki]

#30536: Update go to 1.12.5
-+-
 Reporter:  gk   |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-rbm, ff68-esr,
 Severity:  Normal   |  TorBrowserTeam201905
Actual Points:   |  Parent ID:  #30491
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 We should update to the go 1.12 series to be able to move our macOS builds
 to Debian Stretch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30532 [Applications/Tor Browser]: font FP reveals different Windows releases

[Tor Bug Tracker & Wiki]

#30532: font FP reveals different Windows releases
--+--
 Reporter:  Thorin|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting-fonts  |  Actual Points:
Parent ID:  #18097| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Replying to [ticket:30532 Thorin]:
 > So here are some results (8.0.9, 8.5a12)
 > - Win 7  32bit: `9e5d39b4542cd5e2a19f73b8fa566e679fa561e5` (62 fonts)
 My up-to-date config has `bcba63ce9e2983dd1b97cf221fc8f860a1a7617f` (61
 fonts)
 Arial, Arial Black, Arial Narrow, Batang, Cambria Math, Courier, Courier
 New, Euphemia, Gautami, Georgia, Gulim, GulimChe, Helvetica, Iskoola Pota,
 Kalinga, Kartika, Latha, Lucida Console, MS Gothic, MS Mincho, MS PGothic,
 MS PMincho, MV Boli, Malgun Gothic, Mangal, Meiryo, Meiryo UI, Microsoft
 Himalaya, Microsoft JhengHei, Microsoft YaHei, MingLiU, Noto Sans
 Buginese, Noto Sans Khmer, Noto Sans Lao, Noto Sans Myanmar, Noto Sans Yi,
 Nyala, PMingLiU, Plantagenet Cherokee, Raavi, Segoe UI, Segoe UI Light,
 Segoe UI Semibold, Shruti, SimSun, Sylfaen, Tahoma, Tunga, Verdana,
 Vrinda, 宋体, 微软雅黑, 新細明體, 楷体, 細明體, 굴림, 굴림체, 바탕, ＭＳ
 ゴシック, ＭＳ 明朝, ＭＳ Ｐゴシック

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30480 [Applications/rbm]: rbm should check that a signed tag object contains the expected tag name

[Tor Bug Tracker & Wiki]

#30480: rbm should check that a signed tag object contains the expected tag name
---+--
 Reporter:  boklm  |  Owner:  boklm
 Type:  task   | Status:  needs_review
 Priority:  Medium |  Milestone:
Component:  Applications/rbm   |Version:
 Severity:  Normal | Resolution:
 Keywords:  TorBrowserTeam201905R  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by boklm):

 In branch `bug_30480_v2` I updated the commit message to mention that the
 issue was reported by Santiago Torres-Arias and Keving Gallagher from NYU:
 
https://gitweb.torproject.org/user/boklm/rbm.git/commit/?h=bug_30480_v2&id=4981411ac1981ccc9080da75563a81b5c37c6ece

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30532 [Applications/Tor Browser]: font FP reveals different Windows releases

[Tor Bug Tracker & Wiki]

#30532: font FP reveals different Windows releases
--+--
 Reporter:  Thorin|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting-fonts  |  Actual Points:
Parent ID:  #18097| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Thorin):

 The diff again is just `Arial Narrow`. I wonder why some setups have
 `narrow` and others don't. The whitelist can't control that, it just has
 `Arial` as a "family" (if that's the right word".

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30534 [Applications/TorBirdy]: Torbirdy: While TorBirdy running cannot seem to get any Add-ons from the Add-on Manager

[Tor Bug Tracker & Wiki]

#30534: Torbirdy: While TorBirdy running cannot seem to get any Add-ons from the
Add-on Manager
---+-
 Reporter:  torlove|  Owner:  sukhbir
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/TorBirdy  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+-

Comment (by torlove):

 For others who may be experiencing this problem, the following install
 instructions may help:
 https://www.whonix.org/wiki/Encrypted_Email_with_Thunderbird_and_Enigmail

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30534 [Applications/TorBirdy]: Torbirdy: While TorBirdy running cannot seem to get any Add-ons from the Add-on Manager

[Tor Bug Tracker & Wiki]

#30534: Torbirdy: While TorBirdy running cannot seem to get any Add-ons from the
Add-on Manager
---+-
 Reporter:  torlove|  Owner:  sukhbir
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/TorBirdy  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+-

Comment (by torlove):

 I repeat, MAY HELP (did not help in my case).

 Very interesting.

 I now suspect that a vulnerability is built into the fetching of the Add-
 on itself, possibly a downgrading of the security such that a man-in-the-
 middle attack is possible.

 Is there a secure way to get the Enigmail?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30454 [Core Tor/Tor]: hs-v3: INTRODUCE1 trunnel code doensn't handle HS_INTRO_ACK_STATUS_CANT_RELAY

[Tor Bug Tracker & Wiki]

#30454: hs-v3: INTRODUCE1 trunnel code doensn't handle
HS_INTRO_ACK_STATUS_CANT_RELAY
-+-
 Reporter:  dgoulet  |  Owner:  (none)
 Type:  defect   | Status:
 |  merge_ready
 Priority:  High |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.0.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, 034-backport, 035-backport,  |  Actual Points:
  040-backport, 041-must, nickm-merge, network-  |
  team-roadmap-2019-Q1Q2, 0411-alpha |
Parent ID:   | Points:  1
 Reviewer:  asn  |Sponsor:
 |  Sponsor27-must
-+-
Changes (by asn):

 * status:  needs_review => merge_ready


Comment:

 Looks good to me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30536 [Applications/Tor Browser]: Update go to 1.12.5

[Tor Bug Tracker & Wiki]

#30536: Update go to 1.12.5
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, ff68-esr,   |  Actual Points:
  TorBrowserTeam201905R  |
Parent ID:  #30491   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-rbm, ff68-esr, TorBrowserTeam201905 => tbb-rbm, ff68-esr,
 TorBrowserTeam201905R
 * status:  new => needs_review


Comment:

 `bug_30536` (https://gitweb.torproject.org/user/gk/tor-browser-
 build.git/commit/?h=bug_30536&id=4674d8a76619eb05562d81b3f77756cce1ebfe9d)
 has the fix. Builds are still reproducible and I encountered to broken
 builds when building for the various platforms. I double-checked that the
 PTs on Windows and Linux are still working after the Go upgdade.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30532 [Applications/Tor Browser]: font FP reveals different Windows releases

[Tor Bug Tracker & Wiki]

#30532: font FP reveals different Windows releases
--+--
 Reporter:  Thorin|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting-fonts  |  Actual Points:
Parent ID:  #18097| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 My Win7 Ultimate x64 has 63 fonts
 (63b78ed9fe8ba9a932a2adfc924c2e2d49d04fce):
 Arial, Arial Black, Arial Narrow, Batang, Cambria Math, Courier, Courier
 New, Euphemia, Gautami, Georgia, Gulim, GulimChe, Helvetica, Iskoola Pota,
 Kalinga, Kartika, Latha, Lucida Console, MS Gothic, MS Mincho, MS PGothic,
 MS PMincho, MV Boli, Malgun Gothic, Mangal, Meiryo, Meiryo UI, Microsoft
 Himalaya, Microsoft JhengHei, Microsoft YaHei, MingLiU, Noto Sans
 Buginese, Noto Sans Khmer, Noto Sans Lao, Noto Sans Myanmar, Noto Sans Yi,
 Nyala, PMingLiU, Plantagenet Cherokee, Raavi, Segoe UI, Segoe UI Light,
 Segoe UI Semibold, Shruti, SimSun, Sylfaen, Tahoma, Times, Times New
 Roman, Tunga, Verdana, Vrinda, 宋体, 微软雅黑, 新細明體, 楷体, 細明體, 굴
 림, 굴림체, 바탕, ＭＳ ゴシック, ＭＳ 明朝, ＭＳ Ｐゴシック

 It includes both Arial Narrow, Cambria Math and 楷体

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30435 [Internal Services/Service - jenkins]: Lektor builds in jenkins sometimes fail with templates problems

[Tor Bug Tracker & Wiki]

#30435: Lektor builds in jenkins sometimes fail with templates problems
-+
 Reporter:  emmapeel |  Owner:  weasel
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - jenkins  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by hiro):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 The problem was rather with Lektor cache.

 This is how Lektor decides where it will store its cache:
 
https://github.com/lektor/lektor/blob/332b8e33a484634ed514ab2160804f7f19e8e4ef/lektor/utils.py#L638

 I have set the XDG_CACHE_HOME when plugins are reinstalled and when each
 project is built on jenkins so that the cache is local.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29800 [Applications/Tor Browser]: Tor for Android????

[Tor Bug Tracker & Wiki]

#29800: Tor for Android
--+---
 Reporter:  mwolfe|  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by mwolfe):

 I tried turning on obfs3, obfs4, and meek, but still can't get tor to
 reliably load on my Nokia 6.1 plus.

 One person warned me that Nokia will not run most Android apps, although I
 looked up 'best cheap smart phones' and the Nokia 6.1 plus was
 recommended, so I'm not sure if the warning was correct and it is Nokia
 that is the problem, or if the UAE blocks smartphones better than it
 blocks OSX and Windows.

 I avoided smart phones until my friend asked me to use WeChat which does
 not work on Windows or OSX, only on iOS and Android, so I found a cheap
 smart phone, but Tor, Windscribe, and WeChat don't seem to work.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30537 [Applications/Tor Browser]: WebGL fingerprint is different between Windows versions (and compared to non-Windows OSes)

[Tor Bug Tracker & Wiki]

#30537: WebGL fingerprint is different between Windows versions (and compared to
non-Windows OSes)
--+
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-fingerprinting
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 This is a spin-off of #30531 where it got realized that the Windows WebGL
 fingerprint measured e.g. by Pantopiclick is different from the Linux
 one(s).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30538 [- Select a component]: Unable to comment on The Independent Newspaper

[Tor Bug Tracker & Wiki]

#30538: Unable to comment on The Independent Newspaper
+--
 Reporter:  mwolfe  |  Owner:  (none)
 Type:  defect  | Status:  new
 Priority:  Medium  |  Component:  - Select a component
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
 I used to be able to comment on The Independent newspaper using Tor,
 www dot independent dot co dot uk, but now, when I try to comment, the
 comment button is disabled. I don't know if it's Noscript or something
 else, I just know the button is disabled if I use Tor.

 Also, Tor is no longer able to reach gocomics dot com for some reason. I
 suppose they might have gone to an anti-spam package that blocks all Tor
 exit nodes, but there is no 'Spam. Blocked' error message, just 'unable to
 connect'

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30537 [Applications/Tor Browser]: WebGL fingerprint is different between Windows versions (and compared to non-Windows OSes)

[Tor Bug Tracker & Wiki]

#30537: WebGL fingerprint is different between Windows versions (and compared to
non-Windows OSes)
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, tbb- |  Actual Points:
  fingerprinting-os  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-fingerprinting => tbb-fingerprinting, tbb-fingerprinting-
   os


Comment:

 comment:2:ticket:30531 reported `6992168724b997c74fc89f1e4a9301ce` (I
 guess that's a Windows 10 system?)

 I got the same on a Windows 10 system inside Virtualbox. On a Windows 7
 system both inside Virtualbox and on bare metal I get
 `224a8abee799ec6381e06293de4565f6`. All three test results are collected
 on the same laptop.

 So, it seems we have at least a fingerprint difference between major
 Windows versions (+ the OS difference). I wonder where this is coming
 from...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30531 [Applications/Tor Browser]: WebGL antialiasing support enabled iff. OpenGL is supported

[Tor Bug Tracker & Wiki]

#30531: WebGL antialiasing support enabled iff. OpenGL is supported
--+--
 Reporter:  intrigeri |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  AffectsTails, tbb-fingerprinting  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:2 cypherpunks]:
 > `6992168724b997c74fc89f1e4a9301ce` on Microsoft Basic Render Driver
 Direct3D11 vs_5_0 ps_5_0 :(

 That's likely a different issue. I've opened #30537 for it (I assume this
 fingerprint stems from a Windows 10 system, right?).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29800 [Applications/Tor Browser]: Tor for Android????

[Tor Bug Tracker & Wiki]

#29800: Tor for Android
--+---
 Reporter:  mwolfe|  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by gk):

 Replying to [comment:2 mwolfe]:
 > I tried turning on obfs3, obfs4, and meek, but still can't get tor to
 reliably load on my Nokia 6.1 plus.

 What does that mean? It works sometimes but not always? In cases it does
 not work swiping to the left should expose some log messages. What do you
 see in those cases?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10760 [Applications/Tor Browser]: Integrate TorButton to TorBrowser core to prevent users from disabling it

[Tor Bug Tracker & Wiki]

#10760: Integrate TorButton to TorBrowser core to prevent users from disabling 
it
-+-
 Reporter:  Rezonansowy  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  AffectsTails, tbb-parity,|  Actual Points:
  TorBrowserTeam201905, GeorgKoppen201905|
Parent ID:  #24855   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by anonym):

 Replying to [comment:41 intrigeri]:

 > Replying to [comment:40 mcs]:
 >
 >
 > > I guess I was thinking of the setup mode (where Tor Launcher is
 currently used as a standalone XUL app). In that case, if you use Tor
 Browser, you may not want the Torbutton code doing anything...
 > >
 > >
 >
 > Good catch! Indeed, Tor Launcher as we currently run it has no Torbutton
 extension available. I don't know what would happen if it had.

 First, I don't see why this should be any different than the "vanilla"
 (i.e. non-Tails) Tor Browser, where Torbutton and Tor Launcher are enabled
 at the same time.

 Second, Tails has a third use case for Tor Browser: the Unsafe Browser. It
 has direct Internet access (so users can deal with captive portals to get
 Tor working) and aims to look like a normal Firefox, so I guess we'd still
 want a way to disable Torbutton for it. But if we cannot for some reason
 that's actually not so bad: since we any way have all the Tor Browser
 patches applied it probably distinguishes itself quite a bit from a
 "normal" Firefox already, so adding Torbutton (but with disabled proxying)
 might not make things much worse.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27249 [Applications/Tor Browser]: Tor 8.0a won't let me log in to Disqus

[Tor Bug Tracker & Wiki]

#27249: Tor 8.0a won't let me log in to Disqus
-+-
 Reporter:  mwolfe   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability-website, tbb-  |  Actual Points:
  regression, tbb-8.0-issues |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mwolfe):

 I just checked on carpentries dot ort blog and I get a Captcha. Solving it
 produces another Captcha then another and another, but I finally got
 logged in.

 Disqus was getting a lot of Spam and put the Captcha on all sites, then
 dropped it for sites not known to be spam sites, so if one clicked 'New
 Exit Node' the Captcha would go away, but their new list of Spam sites
 includes all the Tor exit nodes. It is very tedious filling out Captcha
 after Captcha after Captcha, and sometimes, having gotten past the Captcha
 Tor changes its exit node, so when one tries to log in, one gets yet
 another series of Captchas.

 But at least it's not a total block, if one is willing to fill in enough
 Captchas, one eventually gets logged in to Disqus and can comment.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30538 [Applications/Tor Browser]: Unable to comment on The Independent Newspaper

[Tor Bug Tracker & Wiki]

#30538: Unable to comment on The Independent Newspaper
--+---
 Reporter:  mwolfe|  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-usability-website |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * status:  new => needs_information
 * keywords:   => tbb-usability-website
 * component:  - Select a component => Applications/Tor Browser
 * owner:  (none) => tbb-team


Comment:

 Gocomics works for me if I switch the circuits for a bit. It does indeed
 seem to be the case that they don't like some exit nodes.

 What do I have to do to reproduce the comment issue?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27249 [Applications/Tor Browser]: Tor 8.0a won't let me log in to Disqus

[Tor Bug Tracker & Wiki]

#27249: Tor 8.0a won't let me log in to Disqus
-+-
 Reporter:  mwolfe   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability-website, tbb-  |  worksforme
  regression, tbb-8.0-issues |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  new => closed
 * resolution:   => worksforme


Comment:

 Thanks, thus this does not seem to be a browser issue and is kind of
 working.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10633 [Metrics/Globe]: Globe should tell users that only the first 50 hits are displayed

[Tor Bug Tracker & Wiki]

#10633: Globe should tell users that only the first 50 hits are displayed
---+
 Reporter:  karsten|  Owner:  rndm
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Metrics/Globe  |Version:
 Severity: | Resolution:  fixed
 Keywords: |  Actual Points:
Parent ID: | Points:
---+

Comment (by BrooklynFeeney):

 You have not answered this question very effectively and your answer has
 even raised my hunger of knowing the answer of this question. Could you
 please check my article at http://findery.com/LenaCharles/favorites/
 source and elaborate your answer in much easier and comprehensive way?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30454 [Core Tor/Tor]: hs-v3: INTRODUCE1 trunnel code doensn't handle HS_INTRO_ACK_STATUS_CANT_RELAY

[Tor Bug Tracker & Wiki]

#30454: hs-v3: INTRODUCE1 trunnel code doensn't handle
HS_INTRO_ACK_STATUS_CANT_RELAY
-+-
 Reporter:  dgoulet  |  Owner:  (none)
 Type:  defect   | Status:
 |  merge_ready
 Priority:  High |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.0.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, 034-backport, 035-backport,  |  Actual Points:
  040-backport, 041-must, nickm-merge, network-  |
  team-roadmap-2019-Q1Q2, 0411-alpha |
Parent ID:   | Points:  1
 Reviewer:  asn  |Sponsor:
 |  Sponsor27-must
-+-

Comment (by nickm):

 Squashed as `ticket30454_034_01_squashed` with new PR at
 https://github.com/torproject/tor/pull/1036 .

 Could I please have a branch that merges this to 0.3.5?  It doesn't merge
 cleanly I am not 100% sure what to do with the conflict.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30361 [Core Tor/Tor]: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR

[Tor Bug Tracker & Wiki]

#30361: CID 1444908: MISSING_LOCK / CID 1444769: TAINTED_SCALAR
---+---
 Reporter:  asn|  Owner:  rl1987
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:  Tor:
   |  0.4.1.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords:  coverity, regression?, 041-should  |  Actual Points:
Parent ID: | Points:
 Reviewer:  ahf|Sponsor:
---+---
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Okay -- squashed and merged.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29898 [Core Tor/Tor]: How can we automatically add #else and #endif comments?

[Tor Bug Tracker & Wiki]

#29898: How can we automatically add #else and #endif comments?
+--
 Reporter:  teor|  Owner:  nickm
 Type:  defect  | Status:  accepted
 Priority:  Medium  |  Milestone:  Tor:
|  0.4.1.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  technical-debt, 041-should  |  Actual Points:
Parent ID:  | Points:  0.1
 Reviewer:  |Sponsor:  Sponsor31-can
+--
Changes (by nickm):

 * owner:  (none) => nickm
 * status:  new => accepted


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10760 [Applications/Tor Browser]: Integrate TorButton to TorBrowser core to prevent users from disabling it

[Tor Bug Tracker & Wiki]

#10760: Integrate TorButton to TorBrowser core to prevent users from disabling 
it
-+-
 Reporter:  Rezonansowy  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  AffectsTails, tbb-parity,|  Actual Points:
  TorBrowserTeam201905, GeorgKoppen201905|
Parent ID:  #24855   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by anonym):

 Replying to [comment:43 intrigeri]:
 > Replying to [comment:42 mcs]:
 > > Replying to [comment:41 intrigeri]:
 > > > Good catch! Indeed, Tor Launcher as we currently run it has no
 Torbutton extension available. I don't know what would happen if it had.
 Should I try, or would the results of testing the standalone XUL app be
 moot anyway?
 > >
 > > Probably it would not hurt to try.
 >
 > I'm afraid I don't know where I should put the Torbutton extension in
 the tree resulting from unpacking tor-launc...@torproject.org.xpi. Any
 idea?

 It should be extracted into the ''profile's''
 `extensions/torbut...@torproject.org` folder. I tested this (by making
 Tails' `/usr/local/bin/tor-browser` script extracting the xpi into the
 right place) and after Tor Launcher exited I could see in its `prefs.js`
 that the `extensions.torbutton.startup` pref was set, which I interpret as
 Torbutton successfully loading. And I could connect to the Tor network
 fine (both with and without bridges), so there seems to be no problem.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29782 [Core Tor]: Multiple SocksPort is broken, connects to entry node multiple times. Tor = NSA?

[Tor Bug Tracker & Wiki]

#29782: Multiple SocksPort is broken, connects to entry node multiple times. 
Tor =
NSA?
---+---
 Reporter:  cypherpunks|  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Immediate  |  Milestone:
Component:  Core Tor   |Version:
 Severity:  Blocker| Resolution:
 Keywords:  CIA, FBI, NSA  |  Actual Points:
Parent ID: | Points:
 Reviewer:  hiro   |Sponsor:  SponsorR-must
---+---

Comment (by som3bodi):

 Hello

 Any other ticket/subject about this ? This is Bug/Feature ?

 >> If I use multiple SocksPort, it connects to entry node multiple times,
 instead of one time.

 Could you share what analysis tools did you use ? I did some monitoring
 those past few days with several SocksPort (and flag IsolateClientAddr
 IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort IsolateDestAddr
 KeepAliveIsolateSOCKSAuth), did have more than 1 connection to the
 entrynode

 Thanks

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10760 [Applications/Tor Browser]: Integrate TorButton to TorBrowser core to prevent users from disabling it

[Tor Bug Tracker & Wiki]

#10760: Integrate TorButton to TorBrowser core to prevent users from disabling 
it
-+-
 Reporter:  Rezonansowy  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  AffectsTails, tbb-parity,|  Actual Points:
  TorBrowserTeam201905, GeorgKoppen201905|
Parent ID:  #24855   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by anonym):

 * cc: anonym (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30473 [Applications/Tor Launcher]: update Tor Browser proposal 102 to account for Tails team feedback

[Tor Bug Tracker & Wiki]

#30473: update Tor Browser proposal 102 to account for Tails team feedback
---+---
 Reporter:  mcs|  Owner:  brade
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Launcher  |Version:
 Severity:  Normal | Resolution:
 Keywords:  AffectsTails   |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by anonym):

 * cc: anonym (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30469 [Applications/Tor Browser]: Ship romanian Tor Browser in alpha series

[Tor Bug Tracker & Wiki]

#30469: Ship romanian Tor Browser in alpha series
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  TorBrowserTeam201905,|  Actual Points:
  GeorgKoppen201905  |
Parent ID:  #29935   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  TorBrowserTeam201905 => TorBrowserTeam201905,
   GeorgKoppen201905


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30468 [Applications/Tor Browser]: Ship macedonian Tor Browser in alpha series

[Tor Bug Tracker & Wiki]

#30468: Ship macedonian Tor Browser in alpha series
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  TorBrowserTeam201905, localization,  |  Actual Points:
  GeorgKoppen201905  |
Parent ID:  #29935   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  TorBrowserTeam201905, localization => TorBrowserTeam201905,
 localization, GeorgKoppen201905


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30330 [Internal Services/Service - nextcloud]: When do we upgrade to 16?

[Tor Bug Tracker & Wiki]

#30330: When do we upgrade to 16?
-+-
 Reporter:  ln5  |  Owner:  micah
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service -  |Version:
  nextcloud  |
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by micah):

 * status:  reopened => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29310 [Core Tor/Tor]: control-spec: "limits/max-mem-in-queues" appears to be undocumented

[Tor Bug Tracker & Wiki]

#29310: control-spec: "limits/max-mem-in-queues" appears to be undocumented
-+
 Reporter:  nusenu   |  Owner:  nickm
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  doc, 041-should  |  Actual Points:  0
Parent ID:   | Points:  0
 Reviewer:  mikeperry|Sponsor:
-+
Changes (by asn):

 * reviewer:   => mikeperry


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30150 [Core Tor/Tor]: Fix coverity warnings in tests

[Tor Bug Tracker & Wiki]

#30150: Fix coverity warnings in tests
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  041-should|  Actual Points:  .1
Parent ID:  #30146| Points:
 Reviewer:  dgoulet   |Sponsor:
--+
Changes (by asn):

 * reviewer:   => dgoulet


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29617 [Core Tor/Tor]: OOM manger wipes entire DNS cache

[Tor Bug Tracker & Wiki]

#29617: OOM manger wipes entire DNS cache
-+-
 Reporter:  pulls|  Owner:  nickm
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.4.0.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  035-backport, 040-backport, fast-|  Actual Points:  0
  fix, easy, 041-should  |
Parent ID:   | Points:  0
 Reviewer:  ahf  |Sponsor:
-+-
Changes (by asn):

 * reviewer:   => ahf


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29738 [Core Tor/Tor]: Deprecate RecommendedPackages torrc option, and remove the code for voting for packages

[Tor Bug Tracker & Wiki]

#29738: Deprecate RecommendedPackages torrc option, and remove the code for 
voting
for packages
--+
 Reporter:  teor  |  Owner:  irl
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-spec  |  Actual Points:
Parent ID:  #28465| Points:  1
 Reviewer:  nickm |Sponsor:
--+
Changes (by asn):

 * reviewer:   => nickm


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30525 [Metrics/CollecTor]: relaydescs sync module does not work for bandwidth files

[Tor Bug Tracker & Wiki]

#30525: relaydescs sync module does not work for bandwidth files
---+--
 Reporter:  irl|  Owner:  karsten
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:
Component:  Metrics/CollecTor  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:  1
 Reviewer:  irl|Sponsor:
---+--

Comment (by irl):

 karsten: Do you happen to know if syncing microdescriptors ever worked?
 I've noticed in testing that only microdescriptor consensuses are synced,
 but not the microdescriptors.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30532 [Applications/Tor Browser]: font FP reveals different Windows releases

[Tor Bug Tracker & Wiki]

#30532: font FP reveals different Windows releases
--+--
 Reporter:  Thorin|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting-fonts  |  Actual Points:
Parent ID:  #18097| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Replying to [comment:6 cypherpunks]:
 > Replying to [ticket:30532 Thorin]:
 > > So here are some results (8.0.9, 8.5a12)
 > > - Win 7  32bit: `9e5d39b4542cd5e2a19f73b8fa566e679fa561e5` (62 fonts)
 > My up-to-date config has `bcba63ce9e2983dd1b97cf221fc8f860a1a7617f` (61
 fonts)
 > Arial, Arial Black, Arial Narrow, Batang, Cambria Math, Courier, Courier
 New, Euphemia, Gautami, Georgia, Gulim, GulimChe, Helvetica, Iskoola Pota,
 Kalinga, Kartika, Latha, Lucida Console, MS Gothic, MS Mincho, MS PGothic,
 MS PMincho, MV Boli, Malgun Gothic, Mangal, Meiryo, Meiryo UI, Microsoft
 Himalaya, Microsoft JhengHei, Microsoft YaHei, MingLiU, Noto Sans
 Buginese, Noto Sans Khmer, Noto Sans Lao, Noto Sans Myanmar, Noto Sans Yi,
 Nyala, PMingLiU, Plantagenet Cherokee, Raavi, Segoe UI, Segoe UI Light,
 Segoe UI Semibold, Shruti, SimSun, Sylfaen, Tahoma, Tunga, Verdana,
 Vrinda, 宋体, 微软雅黑, 新細明體, 楷体, 細明體, 굴림, 굴림체, 바탕, ＭＳ
 ゴシック, ＭＳ 明朝, ＭＳ Ｐゴシック
 And the same as in comment:8 on 8.5a12. So, hrm...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30537 [Applications/Tor Browser]: WebGL fingerprint is different between Windows versions (and compared to non-Windows OSes)

[Tor Bug Tracker & Wiki]

#30537: WebGL fingerprint is different between Windows versions (and compared to
non-Windows OSes)
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, tbb- |  Actual Points:
  fingerprinting-os  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Replying to [comment:1 gk]:
 > comment:2:ticket:30531 reported `6992168724b997c74fc89f1e4a9301ce` (I
 guess that's a Windows 10 system?)
 Yes, the latest.
 > I got the same on a Windows 10 system inside Virtualbox.
 On every config without anti-aliasing support.
 > On a Windows 7 system both inside Virtualbox and on bare metal I get
 `224a8abee799ec6381e06293de4565f6`.
 BTW, the test gives a lot of
 {{{
 Error: WebGL warning: Exceeded 16 live WebGL contexts for this principal,
 losing the least recently used one.
 }}}
 > So, it seems we have at least a fingerprint difference between major
 Windows versions (+ the OS difference). I wonder where this is coming
 from...
 What is your renderer on Win 7? I got the same results on `Software
 Adapter Direct3D11 vs_5_0 ps_5_0`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30024 [Applications/Tor Browser]: Objective 2, Activity 3: Notify users if a current website they are visiting on Tor Browser has an onion service version

[Tor Bug Tracker & Wiki]

#30024: Objective 2, Activity 3: Notify users if a current website they are
visiting on Tor Browser has an onion service version
--+
 Reporter:  pili  |  Owner:  tbb-team
 Type:  project   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #30281| Points:
 Reviewer:|Sponsor:  Sponsor27-must
--+

Comment (by antonela):

 Hi. Making .onions discoverable is a must for Tor Browser.

 We have three different ways (for now) for routing Onion addresses. Each
 of them affects differently on two major UI components: The URL bar and
 the circuit display at the Identity doorhanger. I've started mapping each
 UX and describing how those UI components get affected:

 1. alt-svc
 2. alt-onion
 3. https-e

 **1. alt-svc**

 1. User type the known URL with a regular domain.
 2. On server-side, the user gets redirected.
 3. The Onion icon gets added at the URL bar. The URL could remain. The
 circuit display shows the Onion address [#27590]

 [[Image(https://trac.torproject.org/projects/tor/raw-
 attachment/ticket/30024/prompt-onion-1.gif,700)]]

 **2. alt-onion**

 When users are visiting a site which also has an Onion service available,
 the ideal user flow allows users to opt-in to visiting an onion. It is
 what alt-onion can offer to us, as follow:

 1. User type the known URL with a regular domain.
 2. If the Onion exists, the URL bar suggest an .onion.
 3. User click the suggestion
 1. Tor Browser should save this opt-in and only prompt first-time
 users
 4. The Onion Icon gets added at the URL bar. The URL could remain. The
 circuit display shows the Onion address.

 [[Image(https://trac.torproject.org/projects/tor/raw-
 attachment/ticket/30024/prompt-onion-2.gif,700)]]


 **3. https-e**

 With this option, we are introducing the opportunity to have a readable
 and memorable onion domain name. That option will make sense when we
 expose the .onion domain at the URL bar.

 1. User type the known URL with a regular domain.
 2. If the rule exists, the URL bar suggest a .onion
 1. If the rule doesn't exist, we could encourage users to add it. That
 will be discussed at [#30029].
 3. User click the suggestion
 1. Tor Browser should save this opt-in to only prompt first-time users
 4. The Onion Icon gets added at the URL bar. The URL changes to show the
 .onion domain. The circuit display shows the Onion address.

 **The case of the long Onion addresses**

 We will continue to have long Onion addresses for a while. What if we
 improve the way we are showing them at the circuit display? We reported
 some UI bugs, like #26322. I propose to try a truncated version of the URL
 that is also easy to verify and copy.

 `p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion →
 p53lf5fu5uqd.onion`

 Could we apply any heuristic that help us to define how many characters
 are smart to have at the start and and the end? Can we allow users to copy
 the full address from the circuit display?


 **Some general thoughts and questions:**

 - We should prioritize the exposure of Onion domains at the URL bar if
 they are readable and memorable for various reasons. On the product side,
 we should reinforce the communication about the benefits of using Onion
 services.

 - Onion addresses should get exposed at the circuit display *always*.

 - How valuable is for us showing Onion addresses at the URL in the alt-svc
 scenario?

 - What should we do with vanity domains? Do they become useless if any pet
 solution is available?

 - If as a user I'm logged in foo.com and I opt-in/getredirected to the
 .onion, will I lose my login? Should we notice users about this?

 - Can Tor Browser prompt users for opt-in to Onions just the first time
 they visit the site?

 - In a good world, we need a section at the Global Preferences
 `about:preferences#security` where users can 1. allow/deny Onions
 prioritization 2. See a list of mapped/saved onions.


 [[Image(https://trac.torproject.org/projects/tor/raw-
 attachment/ticket/30024/30024%20-%20TB9%20-%20onions.png,700)]]

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30539 [Core Tor/Tor]: Add an "autostyle" target to apply all of our automatic restyling things.

[Tor Bug Tracker & Wiki]

#30539: Add an "autostyle" target to apply all of our automatic restyling 
things.
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  technical-debt, 041-should
Actual Points:|  Parent ID:  #29898
   Points:|   Reviewer:
  Sponsor:|
--+
 Let's have a nice simple automatic styling target to run all of our code
 cleanup tools.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30539 [Core Tor/Tor]: Add an "autostyle" target to apply all of our automatic restyling things.

[Tor Bug Tracker & Wiki]

#30539: Add an "autostyle" target to apply all of our automatic restyling 
things.
+--
 Reporter:  nickm   |  Owner:  nickm
 Type:  defect  | Status:  assigned
 Priority:  Medium  |  Milestone:  Tor:
|  0.4.1.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  technical-debt, 041-should  |  Actual Points:
Parent ID:  #29898  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by nickm):

 See my branch `autostyle` with PR at
 https://github.com/torproject/tor/pull/1037 .

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30539 [Core Tor/Tor]: Add an "autostyle" target to apply all of our automatic restyling things.

[Tor Bug Tracker & Wiki]

#30539: Add an "autostyle" target to apply all of our automatic restyling 
things.
+--
 Reporter:  nickm   |  Owner:  nickm
 Type:  defect  | Status:  needs_review
 Priority:  Medium  |  Milestone:  Tor:
|  0.4.1.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  technical-debt, 041-should  |  Actual Points:  .1
Parent ID:  #29898  | Points:
 Reviewer:  |Sponsor:  Sponsor31-can
+--
Changes (by nickm):

 * status:  assigned => needs_review
 * sponsor:   => Sponsor31-can
 * actualpoints:   => .1


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30237 [Applications/Tor Browser]: Tor Browser: Improve TBB UI of hidden service client authorization

[Tor Bug Tracker & Wiki]

#30237: Tor Browser: Improve TBB UI of hidden service client authorization
--+---
 Reporter:  asn   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201905  |  Actual Points:
Parent ID:  #3| Points:
 Reviewer:|Sponsor:  Sponsor27-must
--+---
Changes (by mcs):

 * status:  new => needs_information


Comment:

 The mockups from comment:2 show a prompt that is contained entirely within
 the content area. How concerned should we be about the "line of death"
 issue (https://textslashplain.com/2017/01/14/the-line-of-death/)? It seems
 like a bad idea to implement a prompt that any site could easily spoof,
 but there are tradeoffs to consider.

 This question came up as Kathy and I looked at various options within the
 Firefox codebase for implementing the client auth prompt. We might be able
 to use a doorhanger that includes an arrow that overlaps the chrome area
 (thus avoiding the "line of death" problem). But doorhangers within
 Firefox are designed for optional interactions and entering a key for
 client auth is not optional.

 We could use the prompt service (which is what HTTP basic auth uses), but
 the prompts that are available to us are not very flexible. It might be a
 lot of work to achieve the look we want; for example, I am not sure how to
 implement the inline validation requirement.  A final option is to just
 implement an xhtml page (similar to what Firefox uses for network error
 pages) where the entire prompt is contained within the content area. That
 would give us the most flexibility, but of course "line of death" is an
 issue.

 Antonela and others: what do you think?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29898 [Core Tor/Tor]: How can we automatically add #else and #endif comments?

[Tor Bug Tracker & Wiki]

#29898: How can we automatically add #else and #endif comments?
+
 Reporter:  teor|  Owner:  nickm
 Type:  defect  | Status:  accepted
 Priority:  Medium  |  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  technical-debt  |  Actual Points:
Parent ID:  | Points:  0.1
 Reviewer:  |Sponsor:  Sponsor31-can
+
Changes (by nickm):

 * keywords:  technical-debt, 041-should => technical-debt


Comment:

 I think for 0.4.1 we should do the child ticket here, and look into
 automation later.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30540 [Applications/Tor Browser]: Give TBA alpha users a link to stable

[Tor Bug Tracker & Wiki]

#30540: Give TBA alpha users a link to stable
--+
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-mobile
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 GeKo mentioned we should tell current Tor Browser alpha users on Android
 there is now a stable version they can use. This seems wise.

 Should we add this into the onboarding panels or should this be included
 on `about:tor`? It seems we should use the same download links here as
 discussed on #29955.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30462 [Applications/Tor Browser]: Orbot, Tor Browser for Android (Alpha), Orfox don't work on Chrome OS

[Tor Bug Tracker & Wiki]

#30462: Orbot, Tor Browser for Android (Alpha), Orfox don't work on Chrome OS
--+---
 Reporter:  softwdensky   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by sysrqb):

 This looks like the ChromeOS device does not have an internet connection
 or you are connecting from a network that blocks Tor connections (the
 error message saying "Network is unreachable" is referring to one of the
 
[https://metrics.torproject.org/rs.html#details/9695DFC35FFEB861329B9F1AB04C46397020CE31
 directory authorities]).

 Were you able to browse the internet on the device when you tried running
 this app?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18279 [Applications/Tor Browser]: Javascript setTimeout can be used for high resolution clock

[Tor Bug Tracker & Wiki]

#18279: Javascript setTimeout can be used for high resolution clock
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #16110| Points:
 Reviewer:|Sponsor:
--+--
Changes (by Thorin):

 * Attachment "timing.png" added.

 sample of code run

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18279 [Applications/Tor Browser]: Javascript setTimeout can be used for high resolution clock

[Tor Bug Tracker & Wiki]

#18279: Javascript setTimeout can be used for high resolution clock
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #16110| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Thorin):

 This can be closed as resolved fixed: unless you wanted to test them over
 workers, service workers (which are disabled in Private Mode), iframes.
 Timing is clamped by RFP

 **setTimeout**
 {{{
 setTimeout
 
 setTimeout
 run again
 
 
 var counter=1; var r="";
 function logTime() {
   if (counter < 201) {
 var today = new Date();
 r = r+(today.getSeconds() +"."+ today.getMilliseconds() +"
 "+ counter +"\n");
 var t = setTimeout(logTime, 1);
 counter += 1;
 if (counter == 201)
 {document.getElementById("r").innerHTML=r}
 };
 };
 function run() {
 counter=1; r="";
 document.getElementById("r").innerHTML=r;
 logTime();
 };
 
 
 
 }}}

 **setInterval**
 {{{
 setInterval
 
 setInterval
 run again
 
 
 var counter = 1; var r="";
 function logTime() {
 setInterval(function(){
 if (counter < 201) {
 var today = new Date();
 r = r+(today.getSeconds() +"."+
 today.getMilliseconds() +" "+ counter +"\n");
 counter += 1;
 if (counter == 201)
 {document.getElementById("r").innerHTML=r;}
 };
 }, 10);
 };
 function run() {
 counter = 1; r="";
 document.getElementById("r").innerHTML=r;
 logTime();
 };
 
 
 
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16110 [Applications/Tor Browser]: Improve Time Resolution Defense

[Tor Bug Tracker & Wiki]

#16110: Improve Time Resolution Defense
-+-
 Reporter:  mikeperry|  Owner:  mikeperry
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting-time-highres  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by Thorin):

 I did some tests on #18279 and posted them there

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18279 [Applications/Tor Browser]: Javascript setTimeout can be used for high resolution clock

[Tor Bug Tracker & Wiki]

#18279: Javascript setTimeout can be used for high resolution clock
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #16110| Points:
 Reviewer:|Sponsor:
--+--
Changes (by Thorin):

 * Attachment "timing=noRFP.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18279 [Applications/Tor Browser]: Javascript setTimeout can be used for high resolution clock

[Tor Bug Tracker & Wiki]

#18279: Javascript setTimeout can be used for high resolution clock
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #16110| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Thorin):

 Added another image to illustrate what happens when RFP is disabled

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18279 [Applications/Tor Browser]: Javascript setTimeout can be used for high resolution clock

[Tor Bug Tracker & Wiki]

#18279: Javascript setTimeout can be used for high resolution clock
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #16110| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Thorin):

 FWIW I think you should lock RFP except in alpha

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30518 [Applications/Tor Browser]: Android - Add missing command line options

[Tor Bug Tracker & Wiki]

#30518: Android - Add missing command line options
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-8.5-must, tbb-mobile,|  Actual Points:
  TorBrowserTeam201905R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 This issue also came up in the Orbot project in a commit that occurred
 after forking to tor-android-service

 
https://github.com/guardianproject/orbot/commit/12b91c44f3af675dd0db5a3bacbf232c0f8d61f4

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29247 [Core Tor/Tor]: Channel padding statistics are incorrect

[Tor Bug Tracker & Wiki]

#29247: Channel padding statistics are incorrect
--+
 Reporter:  mikeperry |  Owner:  mikeperry
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  duplicate
 Keywords:  041-should|  Actual Points:
Parent ID:| Points:  1
 Reviewer:|Sponsor:
--+
Changes (by mikeperry):

 * status:  assigned => closed
 * resolution:   => duplicate


Comment:

 Oh yes, I fixed this in #29231.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18279 [Applications/Tor Browser]: Javascript setTimeout can be used for high resolution clock

[Tor Bug Tracker & Wiki]

#18279: Javascript setTimeout can be used for high resolution clock
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #16110| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:4 Thorin]:
 > This can be closed as resolved fixed: unless you wanted to test them
 over workers, service workers (which are disabled in Private Mode),
 iframes. Timing is clamped by RFP

 Hrm, you mean timing is not clamped in those cases?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29174 [Core Tor/Tor]: Guard Node can eclipse the hidden service

[Tor Bug Tracker & Wiki]

#29174: Guard Node can eclipse the hidden service
-+-
 Reporter:  TBD.Chen |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.0.1-alpha
 Severity:  Critical | Resolution:
 Keywords:  guard, hidden, service, security,|  Actual Points:
  041-longterm   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by asn):

 * priority:  Very High => Medium


Comment:

 I've been thinking of closing this ticket, mainly because this is a ticket
 we are aware of, and a tradeoff we took on purpose. I'm leaving it open
 just because it could be relevant to #25754.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29875 [Core Tor/Tor]: Going from obfs4 to snowflake using the Tor Network Settings from the Torbutton doesn't work

[Tor Bug Tracker & Wiki]

#29875: Going from obfs4 to snowflake using the Tor Network Settings from the
Torbutton doesn't work
-+-
 Reporter:  cypherpunks  |  Owner:  (none)
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.2.7-rc
 Severity:  Normal   | Resolution:
 Keywords:  tbb-needs, 034-backport, |  Actual Points:
  034-backport, 035-backport, 040-backport,  |
  041-should, network-team-roadmap-2019-Q1Q2 |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor19-must
-+-
Changes (by gaba):

 * keywords:
 tbb-needs, 034-backport, 034-backport, 035-backport, 040-backport,
 041-should
 =>
 tbb-needs, 034-backport, 034-backport, 035-backport, 040-backport,
 041-should, network-team-roadmap-2019-Q1Q2


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24367 [Core Tor/Tor]: Changing pluggable transports (during start-up) in Tor Browser is broken

[Tor Bug Tracker & Wiki]

#24367: Changing pluggable transports (during start-up) in Tor Browser is broken
-+-
 Reporter:  gk   |  Owner:  (none)
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.0.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  regression, tor-bridge-client,   |  Actual Points:
  033-triage-20180320, 033-removed-20180320, |
  031-unreached-backport, tbb-needs, |
  034-backport, 035-backport, 040-backport,  |
  041-should, network-team-roadmap-2019-Q1Q2 |
Parent ID:  #29875   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor19-must
-+-
Changes (by gaba):

 * keywords:
 regression, tor-bridge-client, 033-triage-20180320,
 033-removed-20180320, 031-unreached-backport, tbb-needs, 034-backport,
 035-backport, 040-backport, 041-should
 =>
 regression, tor-bridge-client, 033-triage-20180320,
 033-removed-20180320, 031-unreached-backport, tbb-needs, 034-backport,
 035-backport, 040-backport, 041-should, network-team-roadmap-2019-Q1Q2


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30537 [Applications/Tor Browser]: WebGL fingerprint is different between Windows versions (and compared to non-Windows OSes)

[Tor Bug Tracker & Wiki]

#30537: WebGL fingerprint is different between Windows versions (and compared to
non-Windows OSes)
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, tbb- |  Actual Points:
  fingerprinting-os  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by Thorin):

 **FWIW**:

 Win 7 64bit (bare metal) just 8.5a12 64bit
 - `224a8abee799ec6381e06293de4565f6`
 - 2x Error: WebGL warning: Exceeded 16 live WebGL contexts...

 Win 7 32bit (VM)
 - `224a8abee799ec6381e06293de4565f6`
 - 17x Error: WebGL warning: Disallowing antialiased backbuffers due to
 blacklisting
 - then 1x Error: WebGL warning: Exceeded 16 live WebGL contexts...
 - then 1x Error: WebGL warning: Disallowing antialiased backbuffers...
 - repeat the last two lines about a dozen times

 Win10 64bit (VM) 8.5.a12 64bit & 32bit
 - `6992168724b997c74fc89f1e4a9301ce`
 - a plethora of errors

 ---

 **Please advise**: I was going to open another ticket when I had done some
 more testing, but **readPixels** is not covered by RFP (see
 https://bugzilla.mozilla.org/show_bug.cgi?id=1428034 ) and using my tests
 [1], on windows I get entropy. Not sure if unique or just OS.

 - Windows 7 32bit
 `2ba61e7e8e370fdbcefb79456e7e944b060f34289af33732aa6eb75af61ff06c`
 - Windows 7 64bit
 `ac9aa378cd16219ecbcb6ec46b57d8a484ac8ad61cbe63c810b40fb2c741e7f3`
 - Windows10 64bit
 `c4ef81818ccaca2c4933f63c45bf5ffaaa7f2233f2761e3c6ba14a9e5cb82c25`

 It seems to be consistent on Linux, and Mac i have no idea: here's some
 data
 - Mint Cinnamon 32/64bit `not supported`
 - Ubuntu GNOME
 `5abc446cce2558be83bfe60baeb6dc7ff2a17635057c4612fe835649e7c77329`
 - Debian GNOME
 `5abc446cce2558be83bfe60baeb6dc7ff2a17635057c4612fe835649e7c77329`
 - Mac 10.14
 `96f2538daa8a0a180f77a13d80ad455a75ae17c5495ce90fa4fd4267cbfd5210`

 So besides windows OS entropy, theres at least two buckets for Linux?

 [1] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#canvas

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29830 [Core Tor/Tor]: Use UndefinedBehaviorSanitizer when the UBSan configure checks pass, rather than the ASan configure checks

[Tor Bug Tracker & Wiki]

#29830: Use UndefinedBehaviorSanitizer when the UBSan configure checks pass, 
rather
than the ASan configure checks
-+-
 Reporter:  teor |  Owner:  nickm
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  tor-ci, tor-test, 041-proposed,  |  Actual Points:  0.1
  041-should |
Parent ID:  #29528   | Points:  0.1
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * owner:  teor => nickm
 * status:  assigned => accepted


Comment:

 Maybe I can extract this from #29528 for a separate merge.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21600 [Core Tor/Tor]: Hidden service introduction point retries occur at 1 second intervals

[Tor Bug Tracker & Wiki]

#21600: Hidden service introduction point retries occur at 1 second intervals
-+-
 Reporter:  teor |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, single-onion, prop224,   |  Actual Points:
  034-triage-20180328, 034-removed-20180328, |
  041-should |
Parent ID:  #21446   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by asn):

 * milestone:  Tor: 0.4.1.x-final => Tor: 0.4.2.x-final


Comment:

 Defering to 042. We should make a plan here and fit it into 042. It's not
 really a bugfix for the frozen 041 release.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21600 [Core Tor/Tor]: Hidden service introduction point retries occur at 1 second intervals

[Tor Bug Tracker & Wiki]

#21600: Hidden service introduction point retries occur at 1 second intervals
-+-
 Reporter:  teor |  Owner:  asn
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, single-onion, prop224,   |  Actual Points:
  034-triage-20180328, 034-removed-20180328  |
Parent ID:  #21446   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by asn):

 * keywords:
 tor-hs, single-onion, prop224, 034-triage-20180328,
 034-removed-20180328, 041-should
 =>
 tor-hs, single-onion, prop224, 034-triage-20180328,
 034-removed-20180328


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30534 [Applications/TorBirdy]: Torbirdy: While TorBirdy running cannot seem to get any Add-ons from the Add-on Manager

[Tor Bug Tracker & Wiki]

#30534: Torbirdy: While TorBirdy running cannot seem to get any Add-ons from the
Add-on Manager
---+-
 Reporter:  torlove|  Owner:  sukhbir
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/TorBirdy  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+-

Comment (by torlove):

 ... or you can just go to www.enigmail.net to get the file.

 shasum -a 256 enigmail-2.0.10-tb.xpi
 = 1e182eb0ca4f8a30c282098c78dcb9b49211c564dc07d26fe3fc0aebef160dba

 Signed Sun 24 Mar 2019 22:48:58 ACDT
  using RSA key 4F9F89F5505AC1D1A260631CDB1187B9DD5F693B

 ---

 Please continue looking into this problem though, I do suspect an
 encryption downgrade attack could be the culprit at this time but I'm not
 proficient in identifying such.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18279 [Applications/Tor Browser]: Javascript setTimeout can be used for high resolution clock

[Tor Bug Tracker & Wiki]

#18279: Javascript setTimeout can be used for high resolution clock
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #16110| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Thorin):

 Tom did all the timing into the privacy.resistFingerprinting pref (that's
 what I call RFP). He put them behind two prefs (see at least
 https://bugzilla.mozilla.org/show_bug.cgi?id=1217238 &
 https://bugzilla.mozilla.org/show_bug.cgi?id=1369303 - in FF55/56)
 - privacy.resistFingerprinting.reduceTimerPrecision.jitter
 - privacy.resistFingerprinting.reduceTimerPrecision.microseconds

 `dom.enable_resource_timing` & `dom.enable_performance` are two prefs I
 can think of that no longer make a difference, when RFP = true. And
 `dom.event.highrestimestamp.enabled` must be true - that pref has just
 been removed anyway
 (https://bugzilla.mozilla.org/show_bug.cgi?id=1485264).

 > Hrm, you mean timing is not clamped in those cases

 **Absolutely**. What I'm saying is that that without RFP=true (and there
 is more tied behind it than just timing as you know), then you lose
 everything. Example: disable RFP, run the two timing tests, you leak high
 precision timing. Hence I think you should lock RFP :) Just saying

 Might pay to ask tom, because I'm not an expert

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30536 [Applications/Tor Browser]: Update go to 1.12.5

[Tor Bug Tracker & Wiki]

#30536: Update go to 1.12.5
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, ff68-esr,   |  Actual Points:
  TorBrowserTeam201905R  |
Parent ID:  #30491   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by dcf):

 It looks fine to me if it's okay with cohosh.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29267 [Circumvention]: CI for pluggable transports

[Tor Bug Tracker & Wiki]

#29267: CI for pluggable transports
--+---
 Reporter:  cohosh|  Owner:  (none)
 Type:  project   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Circumvention |Version:
 Severity:  Normal| Resolution:
 Keywords:  CI, PTs, anti-censorship-roadmap  |  Actual Points:
Parent ID:| Points:  13
 Reviewer:|Sponsor:  Sponsor19
--+---
Changes (by gaba):

 * keywords:  CI, PTs, network-team-roadmap-2019-Q1Q2 => CI, PTs, anti-
 censorship-roadmap


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30532 [Applications/Tor Browser]: font FP reveals different Windows releases

[Tor Bug Tracker & Wiki]

#30532: font FP reveals different Windows releases
--+--
 Reporter:  Thorin|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting-fonts  |  Actual Points:
Parent ID:  #18097| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Thorin):

 `bcba63ce9e2983dd1b97cf221fc8f860a1a7617f` is missing `Times New Roman` -
 that's seems very strange - but now two people said they have that config
 :headspin:

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18279 [Applications/Tor Browser]: Javascript setTimeout can be used for high resolution clock

[Tor Bug Tracker & Wiki]

#18279: Javascript setTimeout can be used for high resolution clock
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #16110| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Thorin):

 Sorry, you meant are they clamped over workers, service workers, iframes:
 no idea. I would think they are fine over workers: see

 `.timeStamp:`
 - page/workers: yes: https://arthuredelstein.github.io/tordemos/event-
 timestamp.html
 - service workers/iframes: no idea

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26923 [Circumvention/Pluggable transport]: Intent to create Pluggable Transport: HTTPS proxy

[Tor Bug Tracker & Wiki]

#26923: Intent to create Pluggable Transport: HTTPS proxy
-+-
 Reporter:  sf   |  Owner:  (none)
 Type:  project  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Pluggable transport|Version:
 Severity:  Normal   | Resolution:
 Keywords:  pt httpsproxy anti-censorship-   |  Actual Points:
  roadmap-maybe  |
Parent ID:   | Points:  30
 Reviewer:   |Sponsor:
 |  Sponsor19
-+-
Changes (by phw):

 * keywords:  pt httpsproxy => pt httpsproxy anti-censorship-roadmap-maybe


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7349 [Core Tor/Tor]: Obfsbridges should be able to "disable" their ORPort

[Tor Bug Tracker & Wiki]

#7349: Obfsbridges should be able to "disable" their ORPort
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  project  | Status:  new
 Priority:  Very High|  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-bridge, SponsorZ, tor-pt,|  Actual Points:
  proposal-needed, censorship, sponsor19, 040|
  -roadmap-proposed, anti-censorship-roadmap-|
  maybe  |
Parent ID:   | Points:  10
 Reviewer:   |Sponsor:
 |  Sponsor19-can
-+-
Changes (by phw):

 * keywords:
 tor-bridge, SponsorZ, tor-pt, proposal-needed, censorship, sponsor19,
 040-roadmap-proposed
 =>
 tor-bridge, SponsorZ, tor-pt, proposal-needed, censorship, sponsor19,
 040-roadmap-proposed, anti-censorship-roadmap-maybe


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30471 [Circumvention/Obfs4]: Improve UX for obfs4 bridge operation

[Tor Bug Tracker & Wiki]

#30471: Improve UX for obfs4 bridge operation
---+
 Reporter:  arma   |  Owner:  (none)
 Type:  project| Status:  new
 Priority:  Medium |  Milestone:
Component:  Circumvention/Obfs4|Version:
 Severity:  Normal | Resolution:
 Keywords:  anti-censorship-roadmap-maybe  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by phw):

 * keywords:   => anti-censorship-roadmap-maybe


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30512 [Circumvention/Snowflake]: Enable cache for ACME certificates in broker

[Tor Bug Tracker & Wiki]

#30512: Enable cache for ACME certificates in broker
-+
 Reporter:  dcf  |  Owner:  (none)
 Type:  enhancement  | Status:  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  arlolra cohosh dcf phw   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by dcf):

 * status:  needs_review => needs_revision


Comment:

 This looks good to me now. I would suggest one further change: change
 `letsencrypt-cert-cache` to `acme-cert-cache` for uniformity with other
 existing options.

 And do we care or should there be a way to disable the cert cache, if
 running on a read-only filesystem for example? Maybe `-acme-cert-cache
 ""`? Or maybe just logging the failure and continuing to run (what the
 patch does now) is the best way.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #5304 [Circumvention/Obfs4]: Obfsproxy should respect OutboundBindAddress in torrc

[Tor Bug Tracker & Wiki]

#5304: Obfsproxy should respect OutboundBindAddress in torrc
-+-
 Reporter:  korobkov |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Obfs4  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  needs-spec-change needs-tor- |  Actual Points:  0.2
  change,sponsor19-can   |
Parent ID:  #30471   | Points:  1
 Reviewer:  phw  |Sponsor:
 |  Sponsor19
-+-

Comment (by dcf):

 Does tor need to care whether the PT proxy understands/honors
 `TOR_PT_OUTBOUND_BIND_ADDRESS`? tor can set the variable but it will be
 ignored by every existing PT proxy. If it's a critical for tor to know
 whether the variable is being honored, then, there could be an
 acknowledgement message along the lines of `PROXY OK`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #5304 [Circumvention/Obfs4]: Obfsproxy should respect OutboundBindAddress in torrc

[Tor Bug Tracker & Wiki]

#5304: Obfsproxy should respect OutboundBindAddress in torrc
-+-
 Reporter:  korobkov |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Obfs4  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  needs-spec-change needs-tor- |  Actual Points:  0.2
  change,sponsor19-can   |
Parent ID:  #30471   | Points:  1
 Reviewer:  phw  |Sponsor:
 |  Sponsor19
-+-

Comment (by ahf):

 I don't think it's needed for us to receive an acknowledgement from the PT
 that it will honor it. In the ideal world PT's would be sandboxed somehow
 where we could easily spot if they don't honor it, but we are not there
 yet.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21967 [Core Tor/Tor]: obfs4proxy not killed when unused

[Tor Bug Tracker & Wiki]

#21967: obfs4proxy not killed when unused
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, 031-deferred-20170425,   |  Actual Points:
  034-triage-20180328, 034-removed-20180328, |
  tbb-needs  |
Parent ID:  #30471   | Points:  1.5
 Reviewer:   |Sponsor:
-+-
Changes (by phw):

 * parent:   => #30471


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29738 [Core Tor/Tor]: Deprecate RecommendedPackages torrc option, and remove the code for voting for packages

[Tor Bug Tracker & Wiki]

#29738: Deprecate RecommendedPackages torrc option, and remove the code for 
voting
for packages
--+
 Reporter:  teor  |  Owner:  irl
 Type:  enhancement   | Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-spec  |  Actual Points:
Parent ID:  #28465| Points:  1
 Reviewer:  nickm |Sponsor:
--+
Changes (by nickm):

 * status:  needs_review => merge_ready


Comment:

 This LGTM.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30537 [Applications/Tor Browser]: WebGL fingerprint is different between Windows versions (and compared to non-Windows OSes)

[Tor Bug Tracker & Wiki]

#30537: WebGL fingerprint is different between Windows versions (and compared to
non-Windows OSes)
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, tbb- |  Actual Points:
  fingerprinting-os  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:3 Thorin]:

 [snip]

 > **Please advise**: I was going to open another ticket when I had done
 some more testing, but **readPixels** is not covered by RFP (see
 https://bugzilla.mozilla.org/show_bug.cgi?id=1428034 ) and using my tests
 [1], on windows I get entropy. Not sure if unique or just OS.

 Yes, could you please open another ticket for the `readPixels` issue? I
 wonder what version you tested with in
 https://bugzilla.mozilla.org/show_bug.cgi?id=1428034#c7. Given that it is
 from a month ago and we did not change anything substantially for a while
 now regarding our WebGL fingerprinting behavior that's a bit puzzling (we
 removed WebGL only as click-to-play from default Tor Browser mode).

 > - Windows 7 32bit
 `2ba61e7e8e370fdbcefb79456e7e944b060f34289af33732aa6eb75af61ff06c`
 > - Windows 7 64bit
 `ac9aa378cd16219ecbcb6ec46b57d8a484ac8ad61cbe63c810b40fb2c741e7f3`
 > - Windows10 64bit
 `c4ef81818ccaca2c4933f63c45bf5ffaaa7f2233f2761e3c6ba14a9e5cb82c25`
 >
 > It seems to be consistent on Linux, and Mac i have no idea: here's some
 data
 > - Mint Cinnamon 32/64bit `not supported`
 > - Ubuntu GNOME
 `5abc446cce2558be83bfe60baeb6dc7ff2a17635057c4612fe835649e7c77329`
 > - Debian GNOME
 `5abc446cce2558be83bfe60baeb6dc7ff2a17635057c4612fe835649e7c77329`
 > - Mac 10.14
 `96f2538daa8a0a180f77a13d80ad455a75ae17c5495ce90fa4fd4267cbfd5210`

 Interestingly, I get your macOS one on one of my Linux boxes.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30511 [Circumvention/Snowflake]: Remove OnIceComplete

[Tor Bug Tracker & Wiki]

#30511: Remove OnIceComplete
-+--
 Reporter:  arlolra  |  Owner:  (none)
 Type:  defect   | Status:  needs_review
 Priority:  Low  |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by dcf):

 I'm trying to understand the change around `pc.CreateAnswer`:
 https://github.com/keroserene/snowflake/compare/ice#diff-
 e32e5d12043e17d487f1252ee61dfd5fL167

 Was it always unnecessary to run `pc.CreateAnswer()` in a goroutine? Is
 the removal of `errChan` and `answerChan` a separate cleanup, or is it
 necessitated by the removal of `OnIceComplete`?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30541 [Applications/Tor Browser]: webgl readPixels FP entropy

[Tor Bug Tracker & Wiki]

#30541: webgl readPixels FP entropy
-+-
 Reporter:  Thorin   |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Component:  Applications/Tor
 |  Browser
  Version:   |   Severity:  Normal
 Keywords:  tbb-fingerprinting,  |  Actual Points:
  tbb-fingerprinting-os  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
 **readPixels** is not covered by RFP (see
 https://bugzilla.mozilla.org/show_bug.cgi?id=1428034 ) and using my tests
 [1], on windows I get entropy. Not sure if unique or just OS.

 - Windows 7 32bit
 `2ba61e7e8e370fdbcefb79456e7e944b060f34289af33732aa6eb75af61ff06c`
 - Windows 7 64bit
 `ac9aa378cd16219ecbcb6ec46b57d8a484ac8ad61cbe63c810b40fb2c741e7f3`
 - Windows10 64bit
 `c4ef81818ccaca2c4933f63c45bf5ffaaa7f2233f2761e3c6ba14a9e5cb82c25`

 It seems to be consistent on Linux, and Mac i have no idea: here's some
 data
 - Mint Cinnamon 32/64bit `not supported`
 - Ubuntu GNOME
 `5abc446cce2558be83bfe60baeb6dc7ff2a17635057c4612fe835649e7c77329`
 - Debian GNOME
 `5abc446cce2558be83bfe60baeb6dc7ff2a17635057c4612fe835649e7c77329`
 - Mac 10.14
 `96f2538daa8a0a180f77a13d80ad455a75ae17c5495ce90fa4fd4267cbfd5210`

 So besides windows OS entropy, theres at least two buckets for Linux?

 gk said
 > Interestingly, I get your macOS one on one of my Linux boxes.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30541 [Applications/Tor Browser]: webgl readPixels FP entropy

[Tor Bug Tracker & Wiki]

#30541: webgl readPixels FP entropy
-+-
 Reporter:  Thorin   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, tbb- |  Actual Points:
  fingerprinting-os  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by Thorin):

 damnit... [1]
 ​https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#canvas

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29875 [Core Tor/Tor]: Going from obfs4 to snowflake using the Tor Network Settings from the Torbutton doesn't work

[Tor Bug Tracker & Wiki]

#29875: Going from obfs4 to snowflake using the Tor Network Settings from the
Torbutton doesn't work
-+-
 Reporter:  cypherpunks  |  Owner:  (none)
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.2.7-rc
 Severity:  Normal   | Resolution:
 Keywords:  tbb-needs, 034-backport, |  Actual Points:
  034-backport, 035-backport, 040-backport,  |
  041-should, network-team-roadmap-2019-Q1Q2 |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor19-must
-+-

Comment (by gk):

 Okay, here come the steps tor reproduce this bug on a Linux system:

 1) Take a clean, new Tor Browser alpha.
 2) Start it with `./start-tor-browser.desktop --debug` on the command
 line, but don't connect directly. Rather, configure `obfs4` to use one of
 the built-in bridges.
 3) Continue bootstrap afterwards.
 4) When the browser window shows up click on the onion button on the
 toolbar and select "Tor Network Settings...".
 5) Change the the PT selected to use `snowflake`, click OK.
 6) You should see the `Failed to find node for hop #1 of our path`
 messages right away.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30541 [Applications/Tor Browser]: webgl readPixels FP entropy

[Tor Bug Tracker & Wiki]

#30541: webgl readPixels FP entropy
-+-
 Reporter:  Thorin   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, tbb- |  Actual Points:
  fingerprinting-os  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by Thorin):

 gk asked
 > I wonder what version you tested with in
 ​https://bugzilla.mozilla.org/show_bug.cgi?id=1428034#c7.

 I noticed that on April 12th:
 https://github.com/ghacksuserjs/TorZillaPrint/issues/28#issuecomment-482406126
 and my note says I used 8.5a10.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30537 [Applications/Tor Browser]: WebGL fingerprint is different between Windows versions (and compared to non-Windows OSes)

[Tor Bug Tracker & Wiki]

#30537: WebGL fingerprint is different between Windows versions (and compared to
non-Windows OSes)
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, tbb- |  Actual Points:
  fingerprinting-os  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by Thorin):

 > I wonder what version you tested with in
 ​https://bugzilla.mozilla.org/show_bug.cgi?id=1428034#c7

 I now realize this is to do with this ticket, not the new readPIxels one.
 That was 8.5a10, which I just retested, and I now get
 `224a8abee799ec6381e06293de4565f6` - so it's a panopticlick code change

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30541 [Applications/Tor Browser]: webgl readPixels FP entropy

[Tor Bug Tracker & Wiki]

#30541: webgl readPixels FP entropy
-+-
 Reporter:  Thorin   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, tbb- |  Actual Points:
  fingerprinting-os  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:2 Thorin]:
 > gk asked
 > > I wonder what version you tested with in
 ​https://bugzilla.mozilla.org/show_bug.cgi?id=1428034#c7.
 >
 > I noticed that on April 12th:
 https://github.com/ghacksuserjs/TorZillaPrint/issues/28#issuecomment-482406126
 and my note says I used 8.5a10.

 Great. Do you still remember how you tested that, like did you make sure
 you disabled click-to-play protection for WebGL? Or did you just take a
 stock 8.5a10 and went to your website and noted the result?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30206 [Circumvention/Snowflake]: Segfault in proxy-go

[Tor Bug Tracker & Wiki]

#30206: Segfault in proxy-go
-+
 Reporter:  irl  |  Owner:  cohosh
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by arlolra):

 If `sendAnswer()` returns an error, `pc.Destroy()` is called and the token
 is returned,
 https://github.com/keroserene/snowflake/blob/master/proxy-
 go/snowflake.go#L370

 However, `makePeerConnectionFromOffer()` will have now set a timeout that
 will also call `pc.Destroy()`,
 https://github.com/keroserene/snowflake/blob/master/proxy-
 go/snowflake.go#L345

 This patch moves the timeout to after `sendAnswer` returns,
 
https://github.com/keroserene/snowflake/commit/2e4383434f33a4f8e801974bbe70d8a4568b3d93

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30511 [Circumvention/Snowflake]: Remove OnIceComplete

[Tor Bug Tracker & Wiki]

#30511: Remove OnIceComplete
-+--
 Reporter:  arlolra  |  Owner:  (none)
 Type:  defect   | Status:  needs_review
 Priority:  Low  |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by arlolra):

 Bear in mind that this is just a port of an already merged patch (see the
 inline comments there),
 
https://github.com/keroserene/snowflake/commit/c28c8ca489633aae2d9b9dbea0e781ca5e44cc66

 `pc.CreateAnswer()` is a blocking operation, which is probably why it was
 put in a goroutine.  However, `makePeerConnectionFromOffer` falsely
 assumed that if `OnIceComplete` was called, it was ready to move on to
 sending the answer.  That setup a race between getting the local
 description in `sendAnswer` and setting it in the goroutine, which was
 never great.  Not to mention that there was plenty of time for ice to fail
 after the gathering stage completed, which resulted in the deadlock.

 Since `makePeerConnectionFromOffer` always blocked waiting on the
 channels, it isn't a significant change to remove the goroutine since, as
 the comment in the commit states,

   // ... we need
   // SetLocalDescription(answer) to be called before sendAnswer

 It might be worth looking at whether `runSession` deserves to be called
 asynchronously, but that seems orthogonal to the change here.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30542 [Applications/Tor Browser]: pinch-to-zoom viewport vs other screen/window

[Tor Bug Tracker & Wiki]

#30542: pinch-to-zoom viewport vs other screen/window
+--
 Reporter:  Thorin  |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Component:  Applications/Tor Browser
  Version:  |   Severity:  Normal
 Keywords:  tbb-fingerprinting  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
 I am not sure if this is an issue for TB. I do not have a touch device on
 which to install TB8. But since Tor Uplift's RFP underlines this
 protection, it might be prudent for someone to check it out.

 My Android has a low screen res, the web content loads at a higher res -
 when I pinch to zoom and re-run/refresh: the viewport shows entropy.
 Ignore the css media measurements. Just focus on the five JS results:
 screen, available screen, outer, inner and viewport

 Control
 - device should be hidpi/retina/whatever-you-call-it
 - load test page [1]
 - all the widths/heights (except viewport: e.g 17px less width) should be
 the same (i.e `1000 x 1000`)
 - zoom in to `133%`
 - refresh or rerun button
 - all the widths/heights (except viewport e.g 13px less width) should be
 the same (e.g `750 x 750`)

 STR
 - device should be hidpi
 - load the test page
 - all the widths/heights (except viewport) should be the same (e.g `980 x
 1522`)
 - zoom in (fingers on a touch device)
 - scroll to the left and hit `re-run tests`
 - scroll back to the right and viewport is still based on the old value
 - also, in the pic in [2] css media still shows it's using the old values
 (`980`) (ignore that it's missing the height values: not sure why it does
 that: I think it's because it hits a fraction, I see the same thing on
 desktop)


 Is this just a quirk? Or is the viewport not properly spoofed in all
 situations?

 [1] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen
 [2] https://github.com/ghacksuserjs/TorZillaPrint/issues/34

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30542 [Applications/Tor Browser]: pinch-to-zoom viewport vs other screen/window

[Tor Bug Tracker & Wiki]

#30542: pinch-to-zoom viewport vs other screen/window
--+--
 Reporter:  Thorin|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Thorin):

 why can't I edit the initial bug ..

 Control - should be **not** hidpi or whatever

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30542 [Applications/Tor Browser]: pinch-to-zoom viewport vs other screen/window

[Tor Bug Tracker & Wiki]

#30542: pinch-to-zoom viewport vs other screen/window
--+--
 Reporter:  Thorin|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by Thorin):

 * Attachment "examples.png" added.

 top=TB desktop, bottom=FFondroid+RFP

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30541 [Applications/Tor Browser]: webgl readPixels FP entropy

[Tor Bug Tracker & Wiki]

#30541: webgl readPixels FP entropy
-+-
 Reporter:  Thorin   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, tbb- |  Actual Points:
  fingerprinting-os  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by Thorin):

 Stock standard: I never play with the slider, as I'm looking for worst
 case scenarios. My test was fine (after that I just output the error
 message for possible better entropy): the difference was panopticlick

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28655 [Circumvention/BridgeDB]: If a bridge supports obfs4, don't give out its other flavors

[Tor Bug Tracker & Wiki]

#28655: If a bridge supports obfs4, don't give out its other flavors
+--
 Reporter:  arma|  Owner:  phw
 Type:  defect  | Status:  needs_review
 Priority:  High|  Milestone:
Component:  Circumvention/BridgeDB  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  bridgedb|  Actual Points:
Parent ID:  | Points:  2
 Reviewer:  |Sponsor:  Sponsor19
+--
Changes (by phw):

 * status:  needs_revision => needs_review


Comment:

 Replying to [comment:17 sysrqb]:
 > -
 
[https://gitweb.torproject.org/user/phw/bridgedb.git/tree/bridgedb/test/test_https_distributor.py?h=bug28655&id=ad034c358a38dcea98948d4b2c50e0758f15ce13#n197
 Reusing]  `bridges` is a little confusing (used first as a method
 parameter), can you use a different variable name?

 Yes, good point.

 > - I agree extending `SUPPORTED_TRANSPORTS` or creating a new `list`
 config option like `PROBING_RESISTANT_TRANSPORTS` is a good idea. Hard-
 coding the list of probing resistant PTs in one place is not great, but
 hard-coding them in two places is asking for bugs :)

 I created a separate `PROBING_RESISTANT_TRANSPORTS` in bridgedb.conf,
 right under `SUPPORTED_TRANSPORTS`. I was a bit undecided if this is
 something we should expose in the BridgeDB config because it's not meant
 to be configurable unless you really know what you're doing. That said, I
 agree that a separate config options seems to be the cleanest solution.

 > For the leekspin patch, I think it looks good. My only concern is in the
 
[https://gitweb.torproject.org/user/phw/leekspin.git/tree/leekspin/util.py?id=3bc9c660e8df80fe89693c8e4fad38955011bf20#n65
 description] of the new argument. It says `m` out of `n`, but it's not
 immediately obvious what `m` is here. `n` is an actual argument (`-n`,
 `--descriptors`), but `m` is not a valid argument. Replacing `` with
 `` would make it more readable, or somehow note `m` **is** `xp`: "make
 `` (`xp`) out of all ``".

 Good point, also fixed.

 The latest commit in my branch addresses your review:
 https://gitweb.torproject.org/user/phw/bridgedb.git/log/?h=bug28655
 And here's the leekspin fix:
 
https://gitweb.torproject.org/user/phw/leekspin.git/commit/?id=d34c804cd0f01af5206833e62c0dedec8565b235

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30512 [Circumvention/Snowflake]: Enable cache for ACME certificates in broker

[Tor Bug Tracker & Wiki]

#30512: Enable cache for ACME certificates in broker
-+
 Reporter:  dcf  |  Owner:  (none)
 Type:  enhancement  | Status:  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  arlolra cohosh dcf phw   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by phw):

 Replying to [comment:7 dcf]:
 > This looks good to me now. I would suggest one further change: change
 `letsencrypt-cert-cache` to `acme-cert-cache` for uniformity with other
 existing options.

 Good point, here you go:
 
https://github.com/NullHypothesis/snowflake/commit/8cd16ab9cc8db3e646fd09a28c3fbed9791c3b15

 > And do we care or should there be a way to disable the cert cache, if
 running on a read-only filesystem for example? Maybe `-acme-cert-cache
 ""`? Or maybe just logging the failure and continuing to run (what the
 patch does now) is the best way.

 I think not having a certificate cache is worth a warning in any case, so
 I'm fine with the current behaviour.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30512 [Circumvention/Snowflake]: Enable cache for ACME certificates in broker

[Tor Bug Tracker & Wiki]

#30512: Enable cache for ACME certificates in broker
-+--
 Reporter:  dcf  |  Owner:  (none)
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  arlolra cohosh dcf phw   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by phw):

 * status:  needs_revision => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30542 [Applications/Tor Browser]: pinch-to-zoom viewport vs other screen/window

[Tor Bug Tracker & Wiki]

#30542: pinch-to-zoom viewport vs other screen/window
--+--
 Reporter:  Thorin|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Thorin):

 ignore the css: I was using `width`/`height` instead of `min-width`/`min-
 height` and likewise using `device-width`/`device-height` instead of `min-
 device-width`/`min-device-height`

 So that just leaves why is the viewport spoofed on my desktop (FF/TB), but
 not my Android phone (FF+RFP)?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30157 [Circumvention/BridgeDB]: please update translations on bridgesdb

[Tor Bug Tracker & Wiki]

#30157: please update translations on bridgesdb
+--
 Reporter:  emmapeel|  Owner:  sysrqb
 Type:  defect  | Status:  needs_review
 Priority:  Medium  |  Milestone:
Component:  Circumvention/BridgeDB  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  localization|  Actual Points:
Parent ID:  | Points:
 Reviewer:  sysrqb  |Sponsor:
+--
Changes (by phw):

 * status:  new => needs_review
 * reviewer:   => sysrqb


Comment:

 I updated our translations in my following branch:
 https://github.com/NullHypothesis/bridgedb/tree/bug30157

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30542 [Applications/Tor Browser]: pinch-to-zoom viewport vs other screen/window

[Tor Bug Tracker & Wiki]

#30542: pinch-to-zoom viewport vs other screen/window
--+--
 Reporter:  Thorin|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Thorin):

 Actually, that only fixed zoom messing with the css output.

 So css @media (width/height, device-width/device-height, min-width/min-
 height, min-device-width/min-device-height) and my viewport code don't get
 spoofed

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30543 [Applications/Tor Browser]: device orientation leaks

[Tor Bug Tracker & Wiki]

#30543: device orientation leaks
+--
 Reporter:  Thorin  |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Component:  Applications/Tor Browser
  Version:  |   Severity:  Normal
 Keywords:  tbb-fingerprinting  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
 RFP spoofs landscape on devices

 However css @media orientation and also matchMedia leak - see upcoming
 attached pic where RFP=on, the phone is in reality in portrait mode.
 Orientation = landscape (spoofed), but the others say otherwise

 **mdn** (this is what gets spoofed)
 https://developer.mozilla.org/en-
 US/docs/Web/API/Screen/orientation#Example
 {{{
 var orientation = screen.msOrientation || (screen.orientation ||
 screen.mozOrientation
 }}}


 **css** (leaks)
 {{{
 @media (orientation:portrait){#YourID:after{content:"portrait";}}
 @media (orientation:landscape){#YourID:after{content:"landscape";}}
 }}}

 **matchMedia** (leaks)
 {{{
 if (window.matchMedia("(orientation: portrait)").matches) return
 "portrait";
 if (window.matchMedia("(orientation: landscape)").matches) return
 "landscape";
 }}}


 [1] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30543 [Applications/Tor Browser]: device orientation leaks

[Tor Bug Tracker & Wiki]

#30543: device orientation leaks
--+--
 Reporter:  Thorin|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by Thorin):

 * Attachment "dev-orientation.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30544 [Metrics/Library]: Using try-with-resources or close resource

[Tor Bug Tracker & Wiki]

#30544: Using try-with-resources or close resource
+-
 Reporter:  fava|  Owner:  metrics-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Component:  Metrics/Library
  Version:  |   Severity:  Major
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-
 Sonarqube identifies a list of case as:
 Use try-with-resources or close this ...

 Please find in attachment a detailed report for this issues type.

 It is required to check or use try-with-resources statementa change in
 source code.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30544 [Metrics/Library]: Using try-with-resources or close resource

[Tor Bug Tracker & Wiki]

#30544: Using try-with-resources or close resource
-+--
 Reporter:  fava |  Owner:  metrics-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Library  |Version:
 Severity:  Major| Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by fava):

 * Attachment "try-with-resources.csv" added.

 Sonarqube try-with-resources

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs