Re: [tor-dev] Optimistic SOCKS Data
On 6/21/19 8:50 PM, Tom Ritter wrote: > The attached is a draft proposal for allowing tor to lie to an > application about the SOCKS connection enabling it to send data > optimistically. > > It's going to need some fleshing out in ways I am not familiar with, > but I wanted to get something out to start as we think that this is > probably the best path forward for bringing back Tor Browser's > optimistic SOCKS behavior. I am not sure what to do about it, but I think the approach you describe will break the method that Tor Browser just started to use to detect that an onion service requires client authentication (see https://trac.torproject.org/projects/tor/ticket/3 and associated child tickets). The tldr is that we rely on receiving a new error code from the SOCKS connect request. -- Mark Smith Pearl Crescent http://pearlcrescent.com/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] [RFC] control-spec: Specify add/remove/view client auth commands (client-side).
On 5/6/19 11:19 AM, George Kadianakis wrote: > Hello list, > > here is a control spec patch for adding v3 client auth commands to > add/remove/view clients from the client-side (so Tor Browser -> Tor): > > https://github.com/torproject/torspec/pull/81/commits/3a26880e80617210b4729f96664ef9f0345b0b7c > > I'm currently unhappy with the naming of those commands, and in general > with how easy it is to confuse them with the (non-existent) service-side > commands. I'm wondering how to name them better so that when we add the > respective service-side commands (at some point we should) there is no > confusion. > > Let me know what you think! Thanks for working on this. I have a couple of comments: 1. How does Permanent get set? Should there by an option added to ADD_ONION_CLIENT_AUTH to let the client say "store this on disk"? 2. For VIEW_ONION_CLIENT_AUTH it would be nice if the HSAddress parameter was optional. We may want to build an interface that allows users to see all of their keys and choose which ones to remove, etc. -- Mark Smith Pearl Crescent http://pearlcrescent.com/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] TBB + Privoxy
On 4/29/18 10:15 AM, procmem wrote: > Hi. We are trying to get Tor Browser to work with privoxy to allow users > to optionally connect to other networks including I2P, Zeronet... > > Here's what we tried: > > * Disabling network.proxy.no_proxies_on > > * Setting network.proxy.http_port to 8118 (privoxy’s port number) > network.proxy.http 127.0.0.1 > network.proxy.http_port 8118 > network.proxy.ssl 127.0.0.1 > network.proxy.ssl_port 8118 > > * We know a transition to unix sockets for localhost comms is planned > but not currently enforced. We have workarounds for that. > > Can someone please tell me what's missing? > > NB This is a separate copy of Tor Browser to prevent fingerprinting > problems with normal surfing in general. What error or incorrect behavior are you experiencing? Do your preference changes seem to remain in effect? That is, are they correct if you check them via about:config after your special Tor Browser is up and running? Have you disabled Tor Launcher? During browser startup, Torbutton asks Tor Launcher which proxy settings to use and resets many of the preferences you mentioned. -- Mark Smith Pearl Crescent http://pearlcrescent.com/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor Browser downloads and updates graphs
On 9/11/16 3:45 PM, David Fifield wrote: >> * We don't know what (8) or (9) is but it seems to us we are losing >> users over time and are only getting them back slowly if at all. A >> weekday/weekend pattern is visible there as well. > > Does Tor Browser continue checking for further updates in the span of > time between when it downloads an update and when it is restarted? For > example, you are running 6.0, the browser downloads the 6.0.1 update and > stages it and asks you to restart; does the browser check for updates > until you actually restart? If not, then the decreases in update pings > might be people being tardy in restarting their browser. That is a good theory, but I don't think update checks occur if there is a pending update. The code that checks and returns early is here: https://gitweb.torproject.org/tor-browser.git/tree/toolkit/mozapps/update/nsUpdateService.js?h=tor-browser-45.4.0esr-6.0-1#n2388 -- Mark Smith Pearl Crescent http://pearlcrescent.com/ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Concerns regarding a multilingual version of TBB,
On 10/8/15 3:49 PM, Tim Wilson-Brown - teor wrote: On 9 Oct 2015, at 06:42, Yet Another Tor User <yetanothertoru...@riseup.net <mailto:yetanothertoru...@riseup.net>> wrote: I saw an email on the Wiki mailing list concerning a multilingual version of Tor. If that was made possible your language tag be used to track you. This could break your anonymity. Your thoughts? Tor is currently available in multiple languages, just not in the same download. We could use the solutions we currently use for this issue: * for the HTTP headers, send “accept-language: en-US,en;q=0.5” and in other places, either send en-US, or send no language. Agreed, and I do not see how bundling a choice of languages into one Tor Browser package changes things (since people are already using Tor Browser with various languages). The tracking issue is already mitigated by a language spoofing feature that is provided by Torbutton. See "User Agent and HTTP Headers" within the fingerprinting section of the Tor Browser design document: https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability The relevant browser preference is extensions.torbutton.spoof_english. -- Mark Smith Pearl Crescent http://pearlcrescent.com/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] How to present multiple meek backends in Tor Launcher?
On 8/3/14, 2:37 AM, David Fifield wrote: On Sat, Aug 02, 2014 at 11:28:08PM -0700, David Fifield wrote: I made some test meek bundles that are capable of using the Amazon CloudFront CDN as a backend, in addition to Google App Engine that was supported before. https://people.torproject.org/~dcf/pt-bundle/3.6.3-meek-2/ https://trac.torproject.org/projects/tor/wiki/doc/meek#AmazonCloudFront To test it, go to the pluggable transport screen, and choose meek-amazon from the selection box. I opened a ticket to discuss how this user interface can be improved. https://trac.torproject.org/projects/tor/ticket/12777 While it's easy to add new entries like this (see https://trac.torproject.org/projects/tor/attachment/ticket/12777/0001-Add-an-option-to-use-meek-through-CloudFront.patch), I'm worried that it's not so clear for most users. On what are they supposed to base their decision? How could it be better? A possibility is that we could include just one option in the bundles, and distribute the others from BridgeDB or support assistants. Would it be possible (and safe for users) for meek to try Google and then try Amazon upon failure? It seems like that is what users will need to do themselves, unless they have access to other information such as meek-google is not a good choice in my country but meek-amazon might work. -- Mark Smith Pearl Crescent http://pearlcrescent.com/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] UX Idea - A controller inside TBB
On 7/29/14 10:13 AM, Matthew Finkel wrote: Maybe the easy way to do this will be to work on a simple log reader, that is integrated into TorButton, and then if another, fancier thing materializes, then all the better. (yes, I will start looking at this again because if I don't, how can I expect others will?). If anyone feels like hacking on this, then you're probably a better candidate than me :) The log viewer probably belongs in Tor Launcher (which already captures log messages for the copy to clipboard feature). Maybe we can use Firefox's Browser Console somehow. If you do work on this, please comment here so we can coordinate our efforts: https://trac.torproject.org/projects/tor/ticket/9516 Thanks! -- Mark Smith Pearl Crescent, LLC http://pearlcrescent.com/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] UX Idea - A controller inside TBB
On 7/29/14, 9:31 AM, Matthew Finkel wrote: Did you start working on this again? Having something like this is actually really important. It would be awesome to get this functionality in Tor Browser again. Nima's design looks really good. I think a lot of people would be happy to see something like that. Do you think this should be based on bulb or should it start from scratch? I looked at doing this about a month ago and considered adding it directly into TorButton. Maybe it is better to use Python/Stem for the backend. Thoughts? Just so others are aware: Arthur is actively working on this ticket: Create Browser UI indication for current circuit status and exit IP https://trac.torproject.org/projects/tor/ticket/8641 -- Mark Smith Pearl Crescent http://pearlcrescent.com/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] GSoC Proposal: Relay Web Status Dashboard
On 4/1/14, 10:56 AM, Damian Johnson wrote: Also, while snooping around the dev version of Arm, I've noticed a slight glitch in the _get_controller method of __init__.py in arm.util : if not stem.util.system.is_running('tor.real'): raise ValueError(msg('connect.tor_isnt_running')) (I'm running on osx) My tor process is named tor.real instead, hence, this raises an error stating that tor isn't running although it is. changing it to if not stem.util.system.is_running('tor.real'): solves this problem. Is this an issue (because I'm not using a linux dist of Tor) or am I doing something wrong on my end? Interesting. Any idea why your tor process is being called 'tor.real'? Is this something OSX related or is TBB naming its process that? In TBB 3.6b1 on Mac OS, tor has been renamed to tor.real and tor is a shell script that execs tor.real. See: https://trac.torproject.org/projects/tor/ticket/10030#comment:20 -- Mark Smith Pearl Crescent http://pearlcrescent.com/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] HTTP-requesting browser extension WIP (works in Firefox, not in Tor Browser)
On 3/10/14, 11:23 PM, David Fifield wrote: I started trying to write a Firefox extension that makes HTTP requests outside of the proxy settings. I have one that works in Iceweasel 24.3 and does the Host header trick used by the transport. However it doesn't work in Tor Browser, and I'm looking for some insight as to why it might be so. The source code of the extension is in the firefox directory of git clone -b extension https://www.bamsoftware.com/git/meek.git Instructions on how to try it are: https://developer.mozilla.org/en-US/docs/Building_an_Extension#Test. I also pasted the important JavaScript code at the end of this message. I looked at this for a few minutes but ran out of time for today. When I dump aStatus in your onStopRequest function, I get 2152398890 which is 0x804B002A which is NS_ERROR_UNKNOWN_PROXY_HOST (see https://developer.mozilla.org/en-US/docs/Table_Of_Errors). I am not sure what that means but it sounds interesting. -- Mark Smith Pearl Crescent http://pearlcrescent.com/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor Launcher UI feedback follow up
On 5/9/13 12:38 PM, Lunar wrote: Tom Ritter: Some small suggestions: - I'd flip the bottom and the top, with connect being on top. I actually think that placing the safer (but more complicated) option first makes it more likely that people will at least read it. But we can change our minds later without affecting the localizations. - Wording suggestion: This computer's internet connection is free of obstacles: [greenboldtext]My network operator does not threaten my person safety[/greenboldtext] This computer's Internet connection is [redboldtext]censored, filtered, or proxied[/redboldtext] Nitpick: you might be configuring someone else's computer, so “my” might not be appropriate. In some future, having stylized images on that screen could be great. In any cases, it's already quite an improvement. :) Thanks! Regarding Tom's suggestion to use colored text, we are not going to tackle that at this time because doing so will complicate localization. Also, Mike pointed out that in situations where physical harm is a real possibility, the person will be so censored that they will know to chose the Configure option. -- Mark Smith Pearl Crescent http://pearlcrescent.com/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Tor Launcher UI feedback follow up
Thank you to everyone who provided feedback on the Tor Launcher UI. It has been very helpful to us and we made a lot of changes based on it. The most significant change was the addition of an initial question to the first run settings wizard, which allows people to skip all of the detailed questions and quickly connect. Take a look here: http://trial.pearlcrescent.com/tor/torlauncher/2013-05-08/SetupWizard/screen0-initialQuestion.png As Mike pointed out, we are trying to get to alpha ASAP so we can deliver much smaller TBB packages – without Vidalia. For that reason, some of the improvements that people suggested will be left out for now (e.g., automated probing for proxy or firewall settings). -- Mark Smith Pearl Crescent, LLC http://pearlcrescent.com/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor Launcher UI feedback follow up
On 05/09/2013 10:09 AM, Sherief Alaa wrote: Hi, Does this mean the strings are final (frozen)? I am one of Tor's support assistants/translators (in case you wonder why am I asking). No, we are not ready to freeze the strings yet. But I think we are close. We are just waiting on some final feedback. -- Mark Smith Pearl Crescent http://pearlcrescent.com/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Tor Launcher settings UI feedback request
As many of you know, Kathy Brade and I have been working on a Firefox add-on named Tor Launcher, which will function as a Tor process manager and controller for TBB (replacing Vidalia). See: https://trac.torproject.org/projects/tor/ticket/6009 Currently, Tor Launcher provides access to the basic Tor network settings that are needed by TBB users. We would like some feedback on the Network Settings dialog (accessible from within the browser after it starts up) and on a first run wizard that we have created based on a suggestion from Greg Norcie. A collection of screenshots is available here: http://trial.pearlcrescent.com/tor/torlauncher/2013-05-03/ If you are in a hurry, just look at these two: http://trial.pearlcrescent.com/tor/torlauncher/2013-05-03/FromBrowser/networksettings.png (settings dialog as seen from inside the browser) http://trial.pearlcrescent.com/tor/torlauncher/2013-05-03/SetupWizard/wizard-all.png (composite of all of the wizard panels). Thanks to everyone who has provided input so far. -- Mark Smith Pearl Crescent, LLC http://pearlcrescent.com/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev