Re: [tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

2020-03-30 Thread Tor Bug Tracker & Wiki 
#33430: Disable downloadable fonts on Safest security level
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  TorBrowserTeam202003R, tbb-9.0.6  |  Actual Points:
Parent ID:| Points:
 Reviewer:  acat  |Sponsor:
--+--
Changes (by sysrqb):

 * keywords:  TorBrowserTeam202003R => TorBrowserTeam202003R, tbb-9.0.6
 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 This was fixed in Tor Browser 9.0.6 (or if/whenever your browser upgraded
 NoScript).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

2020-03-09 Thread Tor Bug Tracker & Wiki 
#33430: Disable downloadable fonts on Safest security level
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam202003R |  Actual Points:
Parent ID:| Points:
 Reviewer:  acat  |Sponsor:
--+--

Comment (by sysrqb):

 Replying to [comment:17 ma1]:
 > This should work as expected in Please check
 https://noscript.net/getit#devel, thanks.

 Thanks ma1! We'll use NoScript 11.0.15 instead of the patch I posted.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

2020-03-01 Thread Tor Bug Tracker & Wiki 
#33430: Disable downloadable fonts on Safest security level
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam202002R |  Actual Points:
Parent ID:| Points:
 Reviewer:  acat  |Sponsor:
--+--

Comment (by dcent):

 Thanks, ma1, and thank *you* too.

 Today I discovered this problem goes beyond fonts.

 On [this page](https://archive.org/details/JFKTo911) there are two
 instances of gifs being encoded and five instances of image/svg+xml, shown
 below.
 ```
 .ui-menu .ui-menu-item {
  margin:0;
  cursor:pointer;
  list-style-
 
image:url("data:image/gif;base64,R0lGODlhAQABAIAAAP///yH5BAEALAABAAEAAAIBRAA7")
 }

 .ui-progressbar .ui-progressbar-overlay {
 
background:url("data:image/gif;base64,R0lGODlhKAAoAIABAP///yH/C05FVFNDQVBFMi4wAwEh+QQJAQABACwAKAAoAAACkYwNqXrdC52DS06a7MFZI+4FHBCKoDeWKXqymPqGqxvJrXZbMx7Ttc+w9XgU2FB3lOyQRWET2IFGiU9m1frDVpxZZc6bfHwv4c1YXP6k1Vdy292Fb6UkuvFtXpvWSzA+HycXJHUXiGYIiMg2R6W459gnWGfHNdjIqDWVqemH2ekpObkpOlppWUqZiqr6edqqWQAAIfkECQEAAQAsACgAKpSMgZnGfaqcg1E2uuzDmmHUBR8Qil95hiPKqWn3aqtLsS18y7G1SzNeowWBENtQd+T1JktP05nzPTdJZlR6vUxNWWjV+vUWhWNkWFwxl9VpZRedYcflIOLafaa28XdsH/ynlcc1uPVDZxQIR0K25+cICCmoqCe5mGhZOfeYSUh5yJcJyrkZWWpaR8doJ2o4NYq62lAAACH5BAkBAAEALAAoACgAAAKVDI4Yy22ZnINRNqosw0Bv7i1gyHUkFj7oSaWlu3ovC8GxNso5fluz3qLVhBVeT/Lz7ZTHyxL5dDalQWPVOsQWtRnuwXaFTj9jVVh8pma9JjZ4zYSj5ZOyma7uuolffh+IR5aW97cHuBUXKGKXlKjn+DiHWMcYJah4N0lYCMlJOXipGRr5qdgoSTrqWSq6WFl2ypoaUAAAIfkECQEAAQAsACgAKpaEb6HLgd/iO7FNWtcFWe+ufODGjRfoiJ2akShbueb0wtI50zm02pbvwfWEMWBQ1zKGlLIhskiEPm9R6vRXxV4ZzWT2yHOGpWMyorblKlNp8HmHEb/lCXjcW7bmtXP8Xt229OVWR1fod2eWqNfHuMjXCPkIGNileOiImVmCOEmoSfn3yXlJWmoHGhqp6ilYuWYpmTqKUgAAIfkECQE
 
AAQAsACgAKpiEH6kb58biQ3FNWtMFWW3eNVcojuFGfqnZqSebuS06w5V80/X02pKe8zFwP6EFWOT1lDFk8rGERh1TTNOocQ61Hm4Xm2VexUHpzjymViHrFbiELsefVrn6XKfnt2Q9G/+Xdie499XHd2g4h7ioOGhXGJboGAnXSBnoBwKYyfioubZJ2Hn0RuRZaflZOil56Zp6iioKSXpUAAAh+QQJAQABACwAKAAoAAACkoQRqRvnxuI7kU1a1UU5bd5tnSeOZXhmn5lWK3qNTWvRdQxP8qvaC+/yaYQzXO7BMvaUEmJRd3TsiMAgswmNYrSgZdYrTX6tSHGZO73ezuAw2uxuQ+BbeZfMxsexY35+/Qe4J1inV0g4x3WHuMhIl2jXOKT2Q+VU5fgoSUI52VfZyfkJGkha6jmY+aaYdirq+lQAACH5BAkBAAEALAAoACgAAAKWBIKpYe0L3YNKToqswUlvznigd4wiR4KhZrKt9Upqip61i9E3vMvxRdHlbEFiEXfk9YARYxOZZD6VQ2pUunBmtRXo1Lf8hMVVcNl8JafV38aM2/Fu5V16Bn63r6xt97j09+MXSFi4BniGFae3hzbH9+hYBzkpuUh5aZmHuanZOZgIuvbGiNeomCnaxxap2upaCZsq+1kAACH5BAkBAAEALAAoACgAAAKXjI8By5zf4kOxTVrXNVlv1X0d8IGZGKLnNpYtm8Lr9cqVeuOSvfOW79D9aDHizNhDJidFZhNydEahOaDH6nomtJjp1tutKoNWkvA6JqfRVLHU/QUfau9l2x7G54d1fl995xcIGAdXqMfBNadoYrhH+Mg2KBlpVpbluCiXmMnZ2Sh4GBqJ+ckIOqqJ6LmKSllZmsoq6wpQAAAh+QQJAQABACwAKAAoAAAClYx/oLvoxuJDkU1a1YUZbJ59nSd2ZXhWqbRa2/gF8Gu2DY3iqs7yrq+xBYEkYvFSM8aS
 
SObE+ZgRl1BHFZNr7pRCavZ5BW2142hY3AN/zWtsmf12p9XxxFl2lpLn1rseztfXZjdIWIf2s5dItwjYKBgo9yg5pHgzJXTEeGlZuenpyPmpGQoKOWkYmSpaSnqKileI2FAAACH5BAkBAAEALAAoACgAAAKVjB+gu+jG4kORTVrVhRlsnn2dJ3ZleFaptFrb+CXmO9OozeL5VfP99HvAWhpiUdcwkpBH3825AwYdU8xTqlLGhtCosArKMpvfa1mMRae9VvWZfeB2XfPkeLmm18lUcBj+p5dnN8jXZ3YIGEhYuOUn45aoCDkp16hl5IjYJvjWKcnoGQpqyPlpOhr3aElaqrq56Bq7VAAAOw==");
  height:100%;
  filter:alpha(opacity=25);
  opacity:.25
 }

 .pagination-arrow.left {
  left:0;
  background-
 
image:url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI0NCIgaGVpZ2h0PSI0NCIgdmlld0JveD0iMCAwIDE1IDI3Ij48cG9seWxpbmUgZmlsbD0ibm9uZSIgc3Ryb2tlPSIjNEE0QTRBIiBzdHJva2Utd2lkdGg9IjIiIHBvaW50cz0iMTkgMTQgMTkgMzEgMzYgMzEiIHRyYW5zZm9ybT0icm90YXRlKDQ1IDMxLjM2NCAxLjEpIi8+PC9zdmc+");
  background-repeat:no-repeat;
  background-position:50%;
  background-size:contain
 }
 .pagination-arrow.left:hover {
  background-
 
image:url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI0NCIgaGVpZ2h0PSI0NCIgdmlld0JveD0iMCAwIDE1IDI3Ij48cG9seWxpbmUgZmlsbD0ibm9uZSIgc3Ryb2tlPSIjRkZGIiBzdHJva2VXaWR0aD0iMiIgcG9pbnRzPSIxOSAxNCAxOSAzMSAzNiAzMSIgdHJhbnNmb3JtPSJyb3RhdGUoNDUgMzEuMzY0IDEuMSkiIC8+PC9zdmc+")
 }
 .pagination-arrow.right {
  right:-1rem;
  background-
 
image:url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI0NCIgaGVpZ2h0PSI0NCIgdmlld0JveD0iMCAwIDE1IDI3Ij48cG9seWxpbmUgZmlsbD0ibm9uZSIgc3Ryb2tlPSIjNEE0QTRBIiBzdHJva2Utd2lkdGg9IjIiIHBvaW50cz0iMTkgMTQgMTkgMzEgMzYgMzEiIHRyYW5zZm9ybT0ic2NhbGUoLTEgMSkgcm90YXRlKDQ1IDIzLjg2NCAtMTcuMDA2KSIvPjwvc3ZnPg==");
  background-repeat:no-repeat;
  background-position:50%;
  background-size:contain
 }
 .pagination-arrow.right:hover {
  background-

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

2020-03-01 Thread Tor Bug Tracker & Wiki 
#33430: Disable downloadable fonts on Safest security level
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam202002R |  Actual Points:
Parent ID:| Points:
 Reviewer:  acat  |Sponsor:
--+--

Comment (by ma1):

 This should work as expected in Please check
 https://noscript.net/getit#devel, thanks.

 v 11.0.15rc1
 
 x Fixed CapsCSP bug allowing data: URLs to bypass font
   blocking (thanks dcent and skriptimaahinen)
 x [XSS] Prevent DOS detection from being triggered for
   already aborted requests (thanks therube)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

2020-03-01 Thread Tor Bug Tracker & Wiki 
#33430: Disable downloadable fonts on Safest security level
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam202002R |  Actual Points:
Parent ID:| Points:
 Reviewer:  acat  |Sponsor:
--+--

Comment (by Yeti):

 See https://forums.informaction.com/viewtopic.php?p=101745
 Seems, there's no need to change something in TB.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

2020-02-27 Thread Tor Bug Tracker & Wiki 
#33430: Disable downloadable fonts on Safest security level
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam202002R |  Actual Points:
Parent ID:| Points:
 Reviewer:  acat  |Sponsor:
--+--

Comment (by acat):

 The patch looks good to me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

2020-02-27 Thread Tor Bug Tracker & Wiki 
#33430: Disable downloadable fonts on Safest security level
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam202002R |  Actual Points:
Parent ID:| Points:
 Reviewer:  acat  |Sponsor:
--+--

Comment (by Thorin):

 Replying to [comment:12 dcent]:
 > In the highest security level fonts are already blocked and I understand
 that's for a reason

 No they're not, only **some** fonts **types** are blocked: graphite and
 opentype_svg. That doesn't mean we should just block all downloadable
 fonts. All I'm asking is what is the actual threat here - because TBH I'm
 not seeing one yet, and this affects usability (ligatures and icon fonts
 are widespread)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

2020-02-27 Thread Tor Bug Tracker & Wiki 
#33430: Disable downloadable fonts on Safest security level
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam202002R |  Actual Points:
Parent ID:| Points:
 Reviewer:  acat  |Sponsor:
--+--
Changes (by boklm):

 * keywords:  TorBrowserTeam202002 => TorBrowserTeam202002R


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

2020-02-27 Thread Tor Bug Tracker & Wiki 
#33430: Disable downloadable fonts on Safest security level
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam202002  |  Actual Points:
Parent ID:| Points:
 Reviewer:  acat  |Sponsor:
--+--

Comment (by dcent):

 > I don't necessarily agree with this approach. At some stage safest is
 going to become practically useless.

 In the highest security level fonts are already blocked and I understand
 that's for a reason. If we want to bundle the free Font Awesome fonts (or
 any other fonts for that matter) into Tor, then that's another issue, I'd
 personally be interested in Fira Sans (cannot-sell-font-individually
 license) and Roboto Slab (fully free license) being added as they serve a
 different purpose to Arimo but every font added will result in a larger
 download for Tor Browser.

 > What is a malicious font?

 I did read about this once, it might be on these forums.

 >[preventing the parsing of "application" data at the CSS level] seems
 like the better approach (and to confirm no other types can be downloaded
 via this method and exploited). Can a downloadable font used by this
 method do anything more than one than isn't?

 Agree on this and the questions posed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

2020-02-26 Thread Tor Bug Tracker & Wiki 
#33430: Disable downloadable fonts on Safest security level
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam202002  |  Actual Points:
Parent ID:| Points:
 Reviewer:  acat  |Sponsor:
--+--

Comment (by Thorin):

 I don't necessarily agree with this approach. At some stage safest is
 going to become practically useless. Downloadable fonts are often used for
 glyphs/icons (although it's only visual and usually users can intuitively
 tell what the tofu means). This is not something obscure like graphite.

 > What is a malicious font?

 sysrqb: you kinda jested, but I'm asking in earnest. Can you point me at
 any documentation?

 > it might be safest to prevent the parsing of "application" data at the
 CSS level

 This seems like the better approach (and to confirm no other types can be
 downloaded via this method and exploited). Can a downloadable font used by
 this method do anything more than one than isn't?

 I'm not an expert on data URIs, but my understanding is that security
 threats from this are (probably) already mitigated by Mozilla upstream -
 so I'm seriously asking why this needs to be done, or at least some
 discussion / clarity around it

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

2020-02-26 Thread Tor Bug Tracker & Wiki 
#33430: Disable downloadable fonts on Safest security level
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam202002  |  Actual Points:
Parent ID:| Points:
 Reviewer:  acat  |Sponsor:
--+--

Comment (by dcent):

 Good to see this is being addressed.

 It might be advantageous to determine what Firefox allows as application
 data when parsing urls in CSS. Is it only fonts or are other things that
 can draw to the screen permitted eg. svgs (which are also not permitted in
 Tor), other media etc.

 If so it might be safest to prevent the parsing of "application" data at
 the CSS level?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

2020-02-26 Thread Tor Bug Tracker & Wiki 
#33430: Disable downloadable fonts on Safest security level
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam202002  |  Actual Points:
Parent ID:| Points:
 Reviewer:  acat  |Sponsor:
--+--

Comment (by cypherpunks):

 `TorBrowserTeam202002R`

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

2020-02-26 Thread Tor Bug Tracker & Wiki 
#33430: Disable downloadable fonts on Safest security level
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam202002  |  Actual Points:
Parent ID:| Points:
 Reviewer:  acat  |Sponsor:
--+--
Changes (by sysrqb):

 * status:  new => needs_review
 * reviewer:   => acat


Comment:

 While this is still fresh in my mind: `bug33430_00`

 
https://gitweb.torproject.org/user/sysrqb/torbutton.git/commit/?h=bug33430_00=9e18e7e2a9042976e128f96bddd1d38953512d73

 I verified this works by loading the provided example page on Safer
 (before disabling the pref), I opened the webtools Inspector, I selected
 an element on the page (any of them should work), from the panel on the
 right-side I selected the "fonts" tab, at the bottom of the fonts tab
 there is an "All fonts on page" arrow/toggle (at least in English).
 Clicking this shows all fonts used on the page, and indeed it shows the
 `data:` webfonts.

 After disabling the downloadable_fonts pref, I refreshed the page and
 repeated the above steps. It shows only system fonts were used.

 In parallel, I went code-diving and this seems reasonable.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level (was: Fonts can be injected into a website via CSS (as base64 encoded application))

2020-02-26 Thread Tor Bug Tracker & Wiki 
#33430: Disable downloadable fonts on Safest security level
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam202002  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by sysrqb):

 * keywords:   => TorBrowserTeam202002


Comment:

 Thanks for reporting this. While I was partially joking about a "malicious
 font", I did take this seriously. This could be a attack vector, so I dug
 into it a bit and it looks like we can flip
 `gfx.downloadable_fonts.enabled` on Safest and it will ignore webfonts.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs