Re: [tor-dev] Archiving old Components in Trac
* teor: > Hi, > > Is anyone still using these trac components? > > Applications/Tor Messenger > Applications/Tor Mail We can archive both these components. > Applications/TorBirdy TorBirdy is an active project. -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Ready to Integrate/Review New Marionette Version into Tor
* John Helmsen:
> David,
>
> Ben hit the following error while running 'make testbuild':
>
> --2018-07-26 08:33:09--
> https://downloads.sourceforge.net/stixfonts/STIXv1.1.1-latex.zip
> Resolving downloads.sourceforge.net (downloads.sourceforge.net)...
> 216.105.38.13
> Connecting to downloads.sourceforge.net
> (downloads.sourceforge.net)|216.105.38.13|:443...
> connected.
> HTTP request sent, awaiting response... 404 Not Found
> 2018-07-26 08:33:09 ERROR 404: Not Found.
(https://trac.torproject.org/projects/tor/ticket/26949 tracks this issue.)
If you want to fix it for now, you can apply this and it should work:
diff --git a/projects/fonts/build b/projects/fonts/build
index 9b33da9..a1e066b 100644
--- a/projects/fonts/build
+++ b/projects/fonts/build
@@ -13,8 +13,8 @@ mkdir -p $distdir
END; %]
[% IF c("var/linux") || c("var/osx") %]
- unzip -o STIXv1.1.1-latex.zip -d STIX
- cp "STIX/Fonts/fonts/opentype/public/stix/STIXMath-Regular.otf" $distdir/
+ unzip -o 2.0.0.zip -d STIX
+ cp
"STIX/stixfonts-2.0.0/archive/STIXv1.1.1/Fonts/STIX-Word/STIXMath-Regular.otf"
$distdir/
[% END %]
[% IF c("var/linux") %]
cp NotoEmoji-Regular.ttf $distdir/
diff --git a/projects/fonts/config b/projects/fonts/config
index 1547403..9d11d2c 100644
--- a/projects/fonts/config
+++ b/projects/fonts/config
@@ -102,6 +102,6 @@ input_files:
- URL:
https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a6d49abbfb5c83d0209584158/NotoSansTC-Regular.otf
sha256sum:
e6b82f7d3dab605c428161124ceb5e169cde93de632d800297b167cdd88e7baa
enable: '[% c("var/linux") %]'
- - URL: https://downloads.sourceforge.net/stixfonts/STIXv1.1.1-latex.zip
-sha256sum:
e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8
+ - URL: https://github.com/stipub/stixfonts/archive/2.0.0.zip
+sha256sum:
4327a16797dabebedce28a9075671730e22c7f74831b24b1fb91e27faec5a235
enable: '[% c("var/linux") || c("var/osx") %]'
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor Messenger recent IRC re-topic.
Hi, > Hello Everyone, > > We briefly talked about this idea of taking over Tor Messenger, a long with > our own ideas and were asked to mail in some Documentation/Roadmaps. I'm > asking in what form would you guys like to see this in? > > Basically: > > Would you like us to add a .txt as an attachment in a follow up email? > Or would it be better to host the files on our site, and allow people to > read without subject to downloading anything? You can email the proposal to the mailing list. Thanks, -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Feedback Extension for Tor Browser
Hello, > Is the project 'Feedback Extension for Tor Browser' still a part of GSoC > 2017? I have already submitted a proposal and would like to work on it. > Please help. Yes, it is still a part of GSoC. We will let you know if we have any questions or if there is any feedback on the proposal itself. (We can't comment on the status of the proposal during this period as per GSoC guidelines.) -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] TorBirdy 0.2.0: Sixth Beta Release
We are pleased to announce the sixth beta release of TorBirdy and the first in the 0.2 series: TorBirdy 0.2.0. All users are encouraged to upgrade as this release fixes numerous security and privacy issues. Notable changes include fixing local timestamp disclosure in the date and the message-ID headers, as detailed in tickets #6314 [0] and #6315 [1]. The patch for sanitizing the date header is shipped [2] with TorBirdy. The patch for the message-ID header was submitted upstream [3] to Mozilla and merged in Thunderbird 45, and it is therefore recommended that you upgrade to Thunderbird 45 if possible. There are currently no known leaks in TorBirdy but please note that we are still in beta, so the usual caveats apply. If you are using TorBirdy for the first time, visit the wiki [4] to get started. Other changes in this release include: 0.2.0, 27 Jun 2016 * Bug #6314 [5]: Prevent local timestamp disclosure via Date header * Bug #6315 [6]: Prevent local timestamp disclosure via Message-ID header * Bug #13721 [7]: Fix usage of wrong locale * Bug #17426 [8]: Allow configuration of default email protocol * Bug #15459 [9]: Add support for deterministic XPI generation * Bug #11387 [10], #13006 [11]: Fix non-standard EHLO argument * Bug #17118 [12]: Allow manual account configuration for Gmail with OAuth2 * Bug #19031 [13]: Add and audit support for RSS reader * Bug #7847 [14]: Audit and update support for NNTP * Bug #10683 [15]: Update Thunderbird UI to reflect TorBirdy's state * Bug #19330 [16]: Set secure defaults for outgoing mail servers * Removed compatibility for older versions of Thunderbird and added support for Thunderbird 37+ * Added support for automatic configuration of Riseup email accounts * Updated various privacy and security settings (see commit 2bdeffbb [17] for a list of the changes) * Update translations for current languages Many thanks to Arthur Edelstein and the Tails Developers for this release! We offer two ways of installing TorBirdy -- either by visiting our website [18] (GPG signature [19]; signed by 0xB01C8B006DA77FAA) or by visiting the Mozilla Add-ons page [20] for TorBirdy. Please note that there may be a delay -- which can range from a few hours to days -- before the extension is reviewed by Mozilla and updated on the Add-ons page. (Packages for Debian GNU/Linux will be created and uploaded shortly.) [0] - https://bugs.torproject.org/6314 [1] - https://bugs.torproject.org/6315 [2] - https://gitweb.torproject.org/torbirdy.git/commit/?id=bfa822de6071e894dad3d5c59e4fdf2ebacd91e2 [3] - https://bugzilla.mozilla.org/show_bug.cgi?id=902580 [4] - https://trac.torproject.org/projects/tor/wiki/torbirdy [5] - https://bugs.torproject.org/6314 [6] - https://bugs.torproject.org/6315 [7] - https://bugs.torproject.org/13721 [8] - https://bugs.torproject.org/17426 [9] - https://bugs.torproject.org/15459 [10] - https://bugs.torproject.org/11387 [11] - https://bugs.torproject.org/13006 [12] - https://bugs.torproject.org/17118 [13] - https://bugs.torproject.org/19031 [14] - https://bugs.torproject.org/7847 [15] - https://bugs.torproject.org/10683 [16] - https://bugs.torproject.org/19330 [17] - https://gitweb.torproject.org/torbirdy.git/commit/?id=2bdeffbb [18] - https://dist.torproject.org/torbirdy/torbirdy-current.xpi [19] - https://dist.torproject.org/torbirdy/torbirdy-current.xpi.asc [20] - https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/ [Also on https://blog.torproject.org/blog/torbirdy-020-sixth-beta-release] -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Getting error while making a build
* AKASH DAS: > I am getting the following error while running make fetch :- > > Can't exec "hg": No such file or directory at rbm/lib/RBM.pm line 406. > Error: Error cloning https://hg.mozilla.org/releases/mozilla-esr45/ > make: *** [fetch] Error 1 > > any help would be appreciable. You need Mercurial. On Debian/Ubuntu, apt-get install mercurial. -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor Messenger Sources
* AKASH DAS: > Sir, > > Can you please tell me from where and how can I install sources of tor > messenger so that I can start building it. Source: https://gitweb.torproject.org/tor-messenger-build.git (git clone https://git.torproject.org/tor-messenger-build.git) Build instructions (including dependencies) are outlined in the README file. -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Tor Messenger 0.1.0b4 is released
We are pleased to announce another public beta release of Tor Messenger. This release addresses a number of stability and usability issues, and includes the default bridge configurations for pluggable transports. The initial public release [0] was a success in that it garnered a lot of useful feedback. We tried to respond to all your concerns in the comments of the blog post [1] but also collected and aggregated a FAQ of the most common questions [2]. * Before Upgrading Before upgrading to the new release, you will need to backup your OTR keys or simply generate new ones. Please see the following steps to back them up [3]. In our eagerness to build on work done by Tor Browser, we made the decision to store your profile directory inside the application bundle. This complicates matters when you want to use the same accounts and keys across updates, especially while we don't have an automatic updater [4]. Also, as was vociferously pointed out by some of our early adopters, this probably isn't a very intuitive user experience. Copying the extracted application to someone else's computer would unknowingly transfer your accounts and OTR keys. It's unclear if this is commonly done and we'd love feedback on this point to understand the urgency of the issue. In future releases, we plan on revisiting this decision. The number one item on our roadmap is porting Tor Browser's updater patches [5] so that keeping Tor Messenger up-to-date is seamless and automatic. We also plan to add a UI to make importing OTR keys and accounts from Pidgin, and other clients, as easy as possible [6]. * Downloads Please note that Tor Messenger is _still in beta_. The purpose of this release is to help test the application and provide feedback. *At-risk users should not depend on it for their privacy and safety*. Linux (32-bit) https://dist.torproject.org/tormessenger/0.1.0b4/tor-messenger-linux32-0.1.0b4_en-US.tar.xz Linux (64-bit) https://dist.torproject.org/tormessenger/0.1.0b4/tor-messenger-linux64-0.1.0b4_en-US.tar.xz Windows https://dist.torproject.org/tormessenger/0.1.0b4/tormessenger-install-0.1.0b4_en-US.exe OS X (Mac) https://dist.torproject.org/tormessenger/0.1.0b4/TorMessenger-0.1.0b4-osx64_en-US.dmg sha256sums.txt https://dist.torproject.org/tormessenger/0.1.0b4/sha256sums.txt sha256sums.txt.asc https://dist.torproject.org/tormessenger/0.1.0b4/sha256sums.txt.asc The sha256sums.txt file containing hashes of the bundles is signed with the key 0x6887935AB297B391 (fingerprint: 3A0B 3D84 3708 9613 6B84 5E82 6887 935A B297 B391). * Changelog Here is the complete changelog since v0.1.0b2: Tor Messenger 0.1.0b4 -- November 22 2015 All Platforms Bug 17492: Include default bridges configuration Use tor and the pluggable transports from tor-browser 5.0.4 Bug 17552: Instantbird should handle XMPP message stanzas with subjects ctypes-otr Bug 17539: Pass username when interpolating resent string Bug 15179: Add an OTR Preferences item to the Tools menu Use the FIREFOX_42_0_RELEASE tag on mozilla-release Use the THUNDERBIRD_42_0b2_RELEASE tag on comm-release Bug 16489: Prevent automatic logins at startup Update Tor Messenger logo in Tor Launcher Mac Bug 16476: Themes preference is positioned incorrectly Bug 17456: Application hang when navigating the preferences menu Tor Messenger 0.1.0b3 -- October 30 2015 Windows Bug 17453: Fix Tor Messenger crash when starting up in Windows [0] - https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily/ [1] - https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily/#comments [2] - https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger/FAQ [3] - https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger/FAQ#WherearemyOTRkeysstoredHowcanIpreservethemacrossupdates [4] - https://bugs.torproject.org/13861 [5] - https://bugs.torproject.org/14388 [6] - https://bugs.torproject.org/16526 -- Sukhbir signature.asc Description: PGP signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] A quick and dirty UX evaluation of Tor Messenger
Hi Greg, > Hi all, > > First of all, great work on Tor Messenger - it's awesome to see Tor pushing > to be more accessible to non-technical folks. > > I decided to take some notes when installing + using for the first time, > hopefully this will be helpful. > > While there are some minor issues, I'd like to stress that this is a great > first step and considering this is the first general public release it's a > very good design. > /// Thanks for the feedback. We know we can do a lot better with the UI/UX, so any feedback is appreciated. > I'm on an OSX machine, so the first thing I see after clicking on the icon > is a message that Tor can't be opened because it's from an unidentified > developer. This would raise an eyebrow at least for most users. (And > lessens the effectiveness of the warning if we are going to train users to > ignore it) This is a concern and the Tor Browser team is in the process of getting the certificate to sign Tor Browser. Once they have that, we will coordinate with them to sign Tor Messenger releases. We are tracking this in #6540 and #17452. https://bugs.torproject.org/6540 https://bugs.torproject.org/17452 > I right click and select "open" and there is a longish pause (>10s) which > could frustrate new users, then the wizard appears. That's unexpected. Did you only experience this the first time you ran Tor Messenger or on subsequent runs also? > I don't chat often - I usually text my friends, and I don't want to use FB > chat since it's tied to my real name. I remember that Twitter now has no DM > limit. But it's not on the main list. I don't have any data to support this > intuition, but I suspect that after XMPP, Twitter would be a popular > protocol. We currently do not support DMs (Instantbird doesn't) and that is one of the (top) things in our to-do list. https://bugs.torproject.org/13312 > I click once on "show all protocols" and click continue. There's only a few > additional, Twitter being one of them. Not sure why this list wasn't > present from the beginning. The protocol list was more of an arbitrary decision, so the first screen lists the top four protocols we think most users would care about, and then follow up with two more (Twitter and Odnoklassniki). Thinking about it now, I think it's a good idea to display only one screen since we are doing the same thing. I have reopened #13323 to discuss this. https://bugs.torproject.org/13323 > I get options for a local alias and "tracked keywords". I have no clue what > the latter is, but it sounds like the concept of a taboo in Harry Potter, > so for a laugh I put in "Voldermort". Yes, this has been pointed to us. We will work on the UI to add hints in cases where the terminology may not seen apparent. > Now I'm authorizing Instabird. Fairly straightforward. > > Now I'm receiving a texted 2f code from twitter and entering it. > > Now I'm in, and I can see my Twitter timeline, which is interesting. I was > expecting just a buddy list to send DMs, not timeline access. I post a > tweet to my timeline, then want to send my boss a test DM. But I follow > >1500 people, and have to scroll a lot to find him. > > I locate his name and double click, but nothing happens. > > At this point, I suspect a less security minded user might abandon the app. > (I end up digging around a bit to find the functionality I need) We discussed this and it was recommended that we should probably disable Twitter until we can support DMs. (Because once we do support DMs, we support OTR over DMs, which will be a nice thing to have.) Let's see, it's up for discussion on how we can make the Twitter experience a bit more pleasant. Thanks. -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor Messenger Beta: Chat over Tor, Easily
https://trac.torproject.org/projects/tor/ticket/17457 -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor Messenger Beta: Chat over Tor, Easily
* Malte: > Hell yeah! What was up with the previous (unannounced) beta version that was > already lying on dist.torproject.org? We were sorting out some branding issues :) And yes, that was never announced. > I would like to see OMEMO (based on Axolotl) get more adoption. Right now > Conversations is the only messenger I know which implements it, but it would > be cool if I could also use it with Tor Messenger. > http://conversations.im/omemo/ Other users also requested this, so we are tracking this at https://trac.torproject.org/projects/tor/ticket/17457. -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Tor Messenger Beta: Chat over Tor, Easily
Hi, Today we are releasing a new, beta version of Tor Messenger, based on Instantbird [0], an instant messaging client developed in the Mozilla community. * What is it? Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enables Off-the-Record (OTR) Messaging [1] automatically; and has an easy-to-use graphical user interface localized into multiple languages. * What it isn't... Tor Messenger builds on the networks you are familiar with, so that you can continue communicating in a way your contacts are willing and able to do. This has traditionally been in a client-server model, meaning that your metadata (specifically the relationships between contacts) can be logged by the server. However, your route to the server will be hidden because you are communicating over Tor. We are also excited about systems like Pond [2] and Ricochet [3], which try to solve this problem, and would encourage you to look at their designs and use them too. * Why Instantbird? We considered a number of messaging clients: Pidgin, Adam Langley's xmpp-client, and Instantbird. Instantbird was the pragmatic choice -- its transport protocols are written in a memory-safe language (JavaScript); it has a graphical user interface and already supports many natural languages; and it's a XUL application, which means we can leverage both the code (Tor Launcher) and in-house expertise that the Tor Project has developed working on Tor Browser with Firefox. It also has an active and vibrant software developer community that has been very responsive and understanding of our needs. The main feature it lacked was OTR support, which we have implemented [4] and hope to upstream to the main Instantbird repository for the benefit of all Instantbird (and Thunderbird) users. * Current Status Today we are releasing a beta version with which we hope to gain both usability and security related feedback. There have been three previous alpha releases to the mailing lists that have already helped smooth out some of the rougher edges. * Downloads Linux (32-bit) https://dist.torproject.org/tormessenger/0.1.0b2/tor-messenger-linux32-0.1.0b2_en-US.tar.xz Linux (64-bit) https://dist.torproject.org/tormessenger/0.1.0b2/tor-messenger-linux64-0.1.0b2_en-US.tar.xz Windows https://dist.torproject.org/tormessenger/0.1.0b2/tormessenger-install-0.1.0b2_en-US.exe OS X https://dist.torproject.org/tormessenger/0.1.0b2/TorMessenger-0.1.0b2-osx64_en-US.dmg sha256sums https://dist.torproject.org/tormessenger/0.1.0b2/sha256sums.txt https://dist.torproject.org/tormessenger/0.1.0b2/sha256sums.txt.asc The sha256sums.txt file containing hashes of the bundles is signed with the key 0x6887935AB297B391 (fingerprint: 3A0B 3D84 3708 9613 6B84 5E82 6887 935A B297 B391). * Instructions - On Linux, extract the bundle(s) and then run: ./start-tor-messenger.desktop - On OS X, copy the Tor Messenger application from the disk image to your local disk before running it. On all platforms, Tor Messenger sets the profile folder for Firefox/Instantbird to the installation directory. - Note that as a policy, unencrypted one-to-one conversations are not allowed and your messages will not be transmitted if the person you are talking with does not have an OTR-enabled client. You can disable this option in the preferences to allow unencrypted communication but doing so is not recommended. * Source Code We are doing automated builds [5] of Tor Messenger for all platforms. The Linux builds are reproducible: anyone who builds Tor Messenger for Linux should have byte-for-byte identical binaries compared with other builds from a given source. You can build it yourself [6] and let us know if you encounter any problems or cannot match our build. The Windows and OS X builds are not completely reproducible yet but we are working on it [7]. * What's to Come Our current focus is security, robustness and user experience. We will be fixing bugs and releasing updates as appropriate, and in the future, we plan on pairing releases with Mozilla's Extended Support Release (ESR) cycle. We have some ideas on where to take Tor Messenger but we would like to hear what you have to say. Some possibilities include: - Reproducible builds for Windows and OS X (#10942) - Sandboxing (#10943) - Automatic updates (#14388) - Improved Tor support (#10950) - OTR over Twitter DMs (#13312) - Produce (and distribute) internationalized builds (#10945) - Secure multi-party communication (np1sec) [8] - Encrypted file-transfers - Usability study * How To Help Give it a try and provide feedback, requests, and file bugs [9] (choose the "Tor Messenger" component). If you are a developer, help us close all our tickets [10] or help us review our design doc [11]. As always, we are id
[tor-dev] Tor Messenger Third Alpha
Hi, Tor Messenger is an instant messaging client currently under development. It is designed to make connections using the Tor network and will therefore be a valuable piece in the privacy-enhancing software toolkit (web: Tor Browser, email: Thunderbird + TorBirdy, chat: Tor Messenger.) Based on the Instantbird IM client, Tor Messenger: - sends all traffic over Tor, - enforces Off-the-Record Messaging (OTR) for one-on-one conversations by default, - can be used with a wide variety of chat networks, - has an easy-to-use graphical user interface localized into multiple languages. * Current Status Today we are releasing the third alpha version with which we hope to gain both usability and security related feedback. There have been two previous alpha releases to the mailling lists that have already helped smooth out some of the rougher edges. * What's New in Tor Messenger 0.0.6 - Support for Windows and OS X builds (in addition to Linux) - Improved privacy and security with network and application-related enhancements - Improved usability of the Instantbird OTR extension - Private key and known fingerprint management - XMPP in-band account registration support - Build localization support (currently Arabic; Chinese, Spanish, Farsi, and other languages coming soon) * Bundles Linux (32-bit): https://people.torproject.org/~sukhbir/tor-messenger-0.0.6/tor-messenger-0.0.6-linux-i686.tar.xz Linux (64-bit): https://people.torproject.org/~sukhbir/tor-messenger-0.0.6/tor-messenger-0.0.6-linux-x86_64.tar.xz Windows: https://people.torproject.org/~sukhbir/tor-messenger-0.0.6/tor-messenger-0.0.6-windows-i686.exe OS X: https://people.torproject.org/~sukhbir/tor-messenger-0.0.6/tor-messenger-0.0.6-osx-x86_64.dmg sha256sum: https://people.torproject.org/~sukhbir/tor-messenger-0.0.6/sha256sums.txt https://people.torproject.org/~sukhbir/tor-messenger-0.0.6/sha256sums.txt.asc The bundles are signed with the key 0xB297B391. * Instructions - On Linux, extract the bundle and then run: ./start-tor-messenger. - On OS X, copy the Tor Messenger application from the disk image to your local disk before running it. On all platforms, Tor Messenger sets the profile folder to the installation directory. * Code We are doing automated builds of Tor Messenger for all platforms using rbm (Reproducible Build Manager): https://gitweb.torproject.org/tor-messenger-build.git * Arabic Language Pack https://people.torproject.org/~sukhbir/tor-messenger-0.0.6/tor-messenger-ar.xpi Install the language pack as an add-on and then set "general.useragent.locale" to "ar". (Thanks to Sherief Alaa for the translation.) * Feedback This is an early release and there may be serious privacy leaks and other issues -- please DO NOT recommend Tor Messenger to end users; this release is only for developers and advanced users who would like to help us with testing but understand the risks involved with using alpha software. With this release, we invite feedback not limited to anonymity leaks, usability issues, feature requests and suggestions for improvement. Please submit your feedback using the bug tracker (bugs.torproject.org; select the "Tor Messenger" component). You can also talk to us on this mailing list or on IRC. Thanks, Arlo Breault, Nicolas Vigier, Sukhbir Singh signature.asc Description: Digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Urdu & Hindi translations of Tor browser ?
> I was really surprised; Hindi is the third-most spoken language in the > world, trailing only Mandarin and English. Of the top 10 languages in > this Wikipedia list, Tor Browser is missing localizations only for > Hindi, Bengali, and Malay. (Urdu is #11.) > > https://en.wikipedia.org/wiki/List_of_languages_by_total_number_of_speakers There is a simple reason for this and while this may be anecdotal, this may shed some light on why there are no Hindi or Urdu translations of open source software: almost all users I know whose native language is Hindi, Bengali (or other Indic languages), use their OS and other software in English. (English is the official language of India and Pakistan, along with Hindi and Urdu respectively.) I am sure other users from India/Pakistan can back this up, but personally, even though my native language is Punjabi and Hindi, I have always selected "English" when installing Debian. Similary, I have almost never seen a copy of Windows in any of the local languages, anywhere in India. The English precedence is slowly changing though, with more and more technology products being shipped in local languages so that they can reach populations that don't speak English (which is more in number than the population that can.) So while my experience with this has been different from Griffin's in that no Tor user in India has asked me for a translation in their local language, I think the simple reason may be that English-speaking population doesn't feel the need and right now, they are the ones that dominate the online market. Not that this is an excuse for not having local translations, but I am stating the probable reasons for the lack of translations. -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] RFC: Tor Messenger Second Alpha
Hi, Tor Messenger is an instant messaging client currently under development. It is designed to make connections using the Tor network and will therefore be a valuable piece in the privacy-enhancing software toolkit (web: Tor Browser, email: Thunderbird + TorBirdy, chat: Tor Messenger.) Based on the Instantbird IM client [0], Tor Messenger: - sends all traffic over Tor, - uses Off-the-Record (OTR) encryption [1] of conversations by default, - can be used with a wide variety of chat networks, - has an easy-to-use graphical user interface localized into multiple languages. Some more information about Tor Messenger (and why we picked Instantbird) can be found on the wiki [2]. * Current Status We have Tor Messenger bundles for Linux (32-bit and 64-bit) with OTR (using ctypes-otr [4]) and Tor support (Tor binary and Tor Launcher included), among other privacy settings. We are doing automated builds of Tor Messenger using rbm [5] (thanks to Nicolas Vigier). @@@ WARNING: NOT READY FOR PUBLIC USE. DO NOT DISTRIBUTE. @@@ * Bundles Linux (32-bit) https://people.torproject.org/~sukhbir/tor-messenger-0.0.5/tor-messenger-0.0.5-linux-i686.tar.xz Linux (64-bit) https://people.torproject.org/~sukhbir/tor-messenger-0.0.5/tor-messenger-0.0.5-linux-x86_64.tar.xz sha256sum https://people.torproject.org/~sukhbir/tor-messenger-0.0.5/sha256sums.txt https://people.torproject.org/~sukhbir/tor-messenger-0.0.5/sha256sums.txt.asc The bundles are signed with the key 0xB297B391. Extract the bundles and then run: ./start-tor-messenger. This is an early release and there may be serious privacy leaks and other issues -- please DO NOT recommend Tor Messenger to end users; this release is only for developers and advanced users who would like to help us with testing but understand the risks involved with using alpha software. DO NOT ignore this warning. Notable changes since the last release include various privacy improvements, OTR UI enhancements and support for authentication via SMP. @@@ WARNING: NOT READY FOR PUBLIC USE. DO NOT DISTRIBUTE. @@@ * Feedback With this release, we invite feedback not limited to anonymity leaks, usability issues, feature requests and suggestions for improvement. Please submit your feedback using the bug tracker [3] (select the "Tor Messenger" component). You can also talk to us on this mailing list or on IRC. (No seriously, don't use the bundles for any serious communication yet.) [0] - http://instantbird.com/ [1] - https://otr.cypherpunks.ca/ [2] - https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger [3] - https://trac.torproject.org/projects/tor/newticket [4] - https://github.com/arlolra/ctypes-otr [5] - http://rbm.boklm.eu/ Thanks, Arlo Breault and Sukhbir Singh signature.asc Description: Digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] RFC: Tor Messenger Alpha
* Patrick Schleizer: > The compressed folder name is: > tor-messenger-0 > > Can you please make that > tor-messenger Yes, fixed; this was pending. (The "0" here was the version number, which in fact was 0.0.4.) -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] RFC: Tor Messenger Alpha
Hi, Tor Messenger is an instant messaging client currently under development. It is designed to make connections using the Tor network and will therefore be a valuable piece in the privacy-enhancing software toolkit (web: Tor Browser, email: Thunderbird + TorBirdy, chat: Tor Messenger.) Based on the Instantbird IM client [0], Tor Messenger: - sends all traffic over Tor, - uses Off-the-Record (OTR) encryption [1] of conversations by default, - can be used with a wide variety of chat networks, - has an easy-to-use graphical user interface localized into multiple languages. Some more information about Tor Messenger (and why we picked Instantbird) can be found on the wiki [2]. Current Status We have Tor Messenger bundles for Linux (32-bit and 64-bit) with OTR (using ctypes-otr [4]) and Tor support (Tor binary and Tor Launcher included), among other privacy settings. We are doing automated builds of Tor Messenger using rbm [5] (thanks to Nicolas Vigier). @@@ WARNING: NOT READY FOR PUBLIC USE. DO NOT DISTRIBUTE. @@@ Bundles Linux (32-bit) https://people.torproject.org/~sukhbir/tor-messenger-0.0.4/tor-messenger-0.0.4-linux-i686.tar.xz Linux (64-bit) https://people.torproject.org/~sukhbir/tor-messenger-0.0.4/tor-messenger-0.0.4-linux-x86_64.tar.xz sha256sum https://people.torproject.org/~sukhbir/tor-messenger-0.0.4/sha256sums.txt https://people.torproject.org/~sukhbir/tor-messenger-0.0.4/sha256sums.txt.asc The bundles are signed with my key (Sukhbir Singh; 0xB297B391). Extract the bundles and then run: ./start-tor-messenger. This is an early release and there may be serious privacy leaks and other issues -- please DO NOT recommend Tor Messenger to end users; this release is only for developers and advanced users who would like to help us with testing but understand the risks involved with using alpha software. Do not ignore this warning. We will try to have a monthly release cycle leading up to a stable release by July 2015. @@@ WARNING: NOT READY FOR PUBLIC USE. DO NOT DISTRIBUTE. @@@ Feedback With this release, we invite feedback not limited to anonymity leaks, usability issues, feature requests and suggestions for improvement. Please submit your feedback using the bug tracker [3] (select the "Tor Messenger" component). You can also talk to us on this mailing list or on IRC. (No seriously, don't use the bundles for any serious communication yet.) [0] - http://instantbird.com/ [1] - https://otr.cypherpunks.ca/ [2] - https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger [3] - https://trac.torproject.org/projects/tor/newticket [4] - https://github.com/arlolra/ctypes-otr [5] - http://rbm.boklm.eu/ Thanks, Arlo Breault and Sukhbir Singh signature.asc Description: Digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Distributing TBB and Tails via Torrents
* Chuck Peters: > I have been trying to download the new Tails the past week via torrent > and the tracker seems to be broken. > > I know it isn't a good idea to use torrents over tor, but why doesn't > torproject.org distribute the TBB, Tails and other tor related software > with torrents? We discussed this in the past [0] and Moritz wrote a script [1] that generates the torrent files for the bundles. The only issue was that with a public tracker, it's trivial to find out who is participating in the download, and therefore, who is downloading the bundles. (You can also request bundles from GetTor which is back in operation [2], or using Satori.) [0] - https://bugs.torproject.org/9071 [1] - https://lists.torproject.org/pipermail/tor-talk/2011-March/019809.html [2] - https://blog.torproject.org/blog/say-hi-new-gettor -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Chutney couldn't start Tor instances
Hi, > No log files are generated in /net/nodes/000a, so I don't know what > happened. I don't see any conflicts with ports on localhost as far as I can > see. > Tor version 0.2.4.22 and Python 2.7.5+ are installed. Any ideas? I find it helpful to remove the "--quiet" switch from lib/chutney/TorNet.py (line 469) so that I can actually see why Tor failed to start. That is the right place to start looking. In your case, it is probably TestingClientDownloadSchedule or TestingServerDownloadSchedule that is causing the issue since I remember something with one of the versions in 0.2.4 (not exactly sure which). Try removing these lines from torrc_templates/client.tmpl, torrc_template/relay.tmpl and then reconfigure the network and then start it. It is either this, or DirServer/DirAuthority but the verbose output will tell you the exact problem (look for "err"). I have found these issues to be common when using an earlier version because of mismatch between the templates Chuntey is configured to use (recent versions of Tor) versus earlier versions with different options. But the fix is easy -- just update the template and reconfigure the network. -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Finding the catch probability
Hi, Everything you need to know about running experiments on Shadow: https://github.com/shadow/shadow/wiki (Including installation) ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] GetTor Meeting (April 29)
Hi, We will be having our first meeting on revamping GetTor in #tor-dev tomorrow from 20:00 - 20:45 UTC. Israel Leiva is the GSoC student who will be working on improving GetTor over the summer so we are looking for suggestions from the community on how we can improve the bundle distribution. (Sorry for the short notice and duration but everyone's schedule seems to be busy!) -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] GetTor Meeting (April 29)
Sorry, just to clarify, the meeting date is: Monday, April 28. 20:00 - 20:45 UTC. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Torbirdy
Hi, > I've submitted my project proposal on Improving Torbirdy for review on > Google Melange as suggested. If you guys can verify the proposal and > suggest any modifications that would be great. Ok, thanks. We will continue the discussion on the Melange proposal. -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Torbirdy
Hi, > >> 3. And using extension hooks with explicit calls instead of checking user > >> set configurations flags for removing timestamp data from header. > This it's > >> suggested will allow better handling of messages received/sent in the > >> background by Thunderbird. > > Yes, that's correct. Figuring out how to do this and doing it properly > > is the only blocker > > Right, so start with fixing the preference setting system using > extension hooks instead of preference flags. > Then work with the new preference system on issues #6314, #6315. > Finally, verify stability across different MUA's,MTA's for the updated > patches, submit the patch request to #902573 & #902580 and work with > Mozilla for patch request acceptance. Right, that's pretty much about it! > Does this process flow sound reasonable ? > Should I give a more elaborate write-up on the it for you to proof-read > or should I just give you the final project proposal for proof-reading ? Submitting the final project proposal is a good idea so that other mentors can also go through it (whether on Melange, or if you want to make it public, that is up to you.) > The only prior experience I have with extension development was on Gnome > and it was minimal. But I've started reading up on extension development > in Thunderbird and the Torbirdy code. > Should be able to run by you a more detailed project proposal soon. Which is OK, but do note as stated in the project description, this project requires good (working?) knowledge of both C++ and JavaScript. We can get into the specifics once you submit the proposal. -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Torbirdy
Hi mujnabed, > I wanted to clarify my understanding of the current status of the project. > The project requires resolving two issues related to location anonymity > weakening due to local timestamp leakage specifically in the MessageID & > Date header fields. Thanks for your interest in Tor and TorBirdy! > From reading issues #6314, #6315 mentioned and the patch requests submitted > for bugs #902573 and #902580 at bugzilla.mozilla.org, It seems that the > current hold up by Mozilla to accepting the patch request are: > 1. Establishing how well Thunderbird & other mail clients handle the date > not being inserted by the sender in the mail header > 2. Finding which MTA/MSA's automatically insert date headers on their own > and if most/all don't, finding a workaround to that. Gmai, Mail.com, Gmx, > Yandex and the now dead Lavabit had been tested successfully for automatic > date header insertion This was the idea when the patches were submitted but in later discussions, we decided that removing the date header completely was not a good idea and would break things, not only in Thunderbird but in other MUAs. Also, convincing Mozilla to get such a patch accepted is likely going to be difficult. The exact specifics can be discussed later, but as mentioned in #902573, this option looks most suitable: Keep the Date header and ensure it is in UTC (eg: allow some clock disclosure but not time zone to network) > 3. And using extension hooks with explicit calls instead of checking user > set configurations flags for removing timestamp data from header. This it's > suggested will allow better handling of messages received/sent in the > background by Thunderbird. Yes, that's correct. Figuring out how to do this and doing it properly is the only blocker. We already have code ready for generating random message-IDs (which could also use some work but that is for later) which is called using the preferences system, which is what you are going to be replacing. Let me know if you have any more questions. It would also be helpful to read https://bugzilla.mozilla.org/show_bug.cgi?id=776397, which was the original ticket we submitted. -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Torbirdy - IMAP issue
arkmd has opened a ticket #10309 [https://trac.torproject.org/projects/tor/ticket/10309] for this issue. Let's continue the discussion there. -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Torbirdy - IMAP issue
Hi, > Using Thunderbird+Enigmail+Torbirdy. > To solve this the user need to manually set the account drafts > settings (in Copies & Folders) to keep drafts on Local Folders. > > I think Torbirdy should do it by default. > > This info should be added to known issues on Torbirdy wiki. (If I recall correctly, this issue was discussed before also but I can't seem to find the thread/ticket.) By default, Enigmail saves an encrypted copy of the message. This is the default setting [1] and I think it also confirms this when it saves an encrypted message for the first time. TorBirdy does not modify this setting so it should be enabled by default for Enigmail. If you did not change this setting but still observed this behavior, please open a bug report [2] with all the relevant information (version of Thunderbird, TorBirdy, Enigmail, etc.) so that I can check this. Come to think of it, perhaps we should disable the automatic save feature altogether (#6337). Suggestions welcome. [1] - https://www.enigmail.net/documentation/userprefs.php (see saveEncrypted) [2] - https://trac.torproject.org/projects/tor/wiki/torbirdy/dev -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] File verification GUI tool
Sherief Alaa wrote: > I am starting to work on a small GUI tool for file verification because I > find guiding users through the verification process on Windows/Mac through > the command line painful. > > Tools in use: > - Python 3.3 or 2.7 (still didn't decide yet). > - PyQT > - python-gnupg-0.3.5 > > I might also add a log window and a save log button to see what went wrong > during the verification process. Just a thought: have you considered doing this through a Firefox extension instead? I remember GetTor recommended a Firefox add-on for checking the hash of the bundle it sent out [0]. Note that I haven't thought about this approach completely but the reason this came to mind is because: - distribution through Mozilla Add-ons is easy and secure. - this does not require installation of extra components. [0] - https://addons.mozilla.org/en-US/firefox/addon/md5-reborned-hasher/ -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] About GSOC 2013 Steganography Browser Addon project idea
Hi Hareesan, > : Exif.Photo.ImageUniqueID or Exif.Image.DateTime, etc ). If its a fixed > location and if the man-in-middle know that location,and if he know Bob's > public key (since its public), he could easily get to the message. If MIAB Alice will use Bob's public key to encrypt the message, so the message can be read by Bob and no one else, as only he has the corresponding private key. > going to select the location arbitrarily, how it could be transferred to > Bob's MIAB client? While MIAB proposes the use of blog pings (see section 3.1.1 of the paper) to distribute the messages and a MIAB client to embed them, our idea for this project is to come up with a similar system, but one that will allow: a). embedding secrets (like in our case, bridge addresses) in a website(s), b). detecting these secrets when a user navigates to them. So, while theoretically what we aim to do is similar to MIAB, the practical implementation will be different and coming up with that design will constitute the main part of your application. -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Torbutton for Thunderbird
Hi! I am interested in participating in Google's Summer of Code this year and implementing the Torbutton equivalent for Thunderbird [0]. I have been discussing the project with Mike Perry and we feel that it is possible to implement this. The first step was removing the hostname Thunderbird puts in the outgoing message header, which we easily fixed. That gave us the initial motivation to pursue this further. There are a number of issue that still remain, however we feel that those can be easily worked out. We have put all probable solutions to Torbutton requirements from [1] in the attachment with this mail and are looking for your suggestions/ comments about this. We have not submitted an application for this to Google yet; I intend to do that after gauging the response towards this proposal from the mailing list. Let's hope that we can make this a success, -- Thanks, Sukhbir Singh [0] - https://www.torproject.org/getinvolved/volunteer.html.en#torbuttonForThunderbird [1] - https://www.torproject.org/torbutton/en/design/#requirements Attachment - Plain text Torbutton Description: Binary data ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] GSoC - Torbutton for Thunderbird
Hi! I am interested in participating in Google's Summer of Code this year and implementing the Torbutton equivalent for Thunderbird [0]. I have been discussing the project with Mike Perry and we feel that it is possible to implement this. The first step was removing the hostname Thunderbird puts in the outgoing message header, which we easily fixed. That gave us the initial motivation to pursue this further. There are a number of issue that still remain, however we feel that those can be easily worked out. We have put all probable solutions to Torbutton requirements from [1] in the attachment with this mail and are looking for your suggestions/ comments about this. We have not submitted an application for this to Google yet; I intend to do that after gauging the response towards this proposal from the mailing list. Let's hope that we can make this a success, -- Thanks, Sukhbir Singh [0] - https://www.torproject.org/getinvolved/volunteer.html.en#torbuttonForThunderbird [1] - https://www.torproject.org/torbutton/en/design/#requirements Attachment - Plain text Torbutton Description: Binary data ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
