Custom Query (74 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (31 - 45 of 74)

1 2 3 4 5
Ticket Summary Owner Component Milestone
#24376 Search backend for websites - Test and deploy Solr hiro Webpages/Website website redesign
#24727 Add onion service for check.torproject.org and use it Webpages/Website
Description

Currently check.torproject.org don't have onion. Use .onion to determine whether user is via Tor or not.

#25131 Add a security.txt file to torproject.org Webpages/Website website redesign
Description

security.txt files give people the information they need to contact Tor when they find a security issue.

It's an IETF draft, and Google has done it, so maybe we should too: https://securitytxt.org/

We can use the existing information at: https://www.torproject.org/about/contact#security

And we might want to:

  • add a PGP key file
  • add a signature
  • maybe add a policy or acknowledgements when we decide how they work
#25218 Update screenshots to use obfs4 bridges (instead of obfs3) traumschule Webpages/Website website redesign
Description

https://www.torproject.org/docs/bridges.html.en#UsingBridges

...then choose the transport type you want to use. obfs3 is currently the recommend type...

#25475 TB Credits traumschule Webpages/Website website redesign
Description

We should have a page of contributors, either on the website or Tor browser. Tor Community members, translators etc

#26133 Add OnionBrowser to TorProject.org/download redesigned page traumschule Webpages/Website website redesign
Description

Many IOS users have a hard time finding an "IOS Torbrowser" that TorProject recommends, this can be seen by the many questions that are asked on TorProject's twitter on how to download TorBrowser for IOS. It would be great if A link is added to the redesigned TorProject download page that directs users to Mike Tigas's OnionBrowser. This would also reduce the number of IOS users that accidentally download a NON-recommended "IOS Torbrowser" like "Red Browser".

A disclaimer could be added under the link to the OnionBrowser app saying, "This app is recommend by TorProject but it is not directly developed by TorProject nor directly funded by TorProject".

#26307 Add link to Tor SlackBuild on download-unix.html.en Webpages/Website website redesign
Description

I thought it would be nice to add link to the Tor SlackBuild on download-unix.html.en. The SlackBuild works fine and is updated regularly.

The code would be something like this:

<tr class="beige">
<td align="center"><img src="$(IMGROOT)/distros/slackware.png" alt="Slackware"></td>
<td>Slackware</td>
<td colspan="2"><a href="https://slackbuilds.org/repository/14.2/network/tor/">SlackBuilds.org</a></td>
<td>
<a href="<page docs/tor-doc-unix>">Linux/BSD/Unix</a><br>
</td>
</tr>

If nobody wants to design a new logo, there's generic.png in /images/distros/ folder

#26314 Create "Learn More" Landing Page for TBA Webpages/Website
Description

When TBA is first launched there is a "Learn More" link the user can click. We should take advantage of this and create a useful webpage where the user can learn more. (Orfox currently has this, too, and the link goes to the Guardian Project's Orfox page.

#26539 add checksums to download page; make checksum vs. sig file purpose much clearer traumschule Webpages/Website
Description

Gpg recently failed to verify a Tor Browser download - a first for me. Since data errors in downloads aren't as common as years ago, I assumed an error in the *.asc sig file itself, or other issues.

Such as my Linux GPG version not playing well with the version used to sign Tor Browser.

I wanted to verify checksum of the downloaded TBB, but after a few searches on TorProject didn't find the checksum, I re-download TBB. It was faster in the long run, but it's a big package to re-download for users with limited data plans, when a few byte checksum would suffice to see if there was a download data error.

I propose that checksum files - or a prominent link, be added to the download page - not make users hunt them. That's how many well run projects seem to do it - app packages, sig files & checksums are all easily found, or have links on the same page.

The statement, "See our instructions on how to verify package signatures, which allows you to make sure you've downloaded the file we intended you to get. Also, note that the Firefox ESR in our bundles is modified from the default Firefox ESR " should be placed above the packages & sig files, where users are far more likely to see it.

The wording could be stronger, clearer - why users would want to verify the TBB / other packages PGP signatures of downloads, EVEN from TorProject's site (not rely solely on checksums). A brief statement why verifying signed packages is important & how it's unrelated to using checksums. If users (of anything) don't understand a real purpose or need, they're more likely to skip steps.

I could write something to make changes, additions & submit for consideration, but only if there's interest in making changes to general security methods to educate users, that work for many products.

  • Verification instructions: They're generally good & someone did a lot of work, but many users unfamiliar w/ PGP / GPG's real purpose & the procedures may be clueless.

On the Windows verify instructions (maybe Linux, OS X), it's unclear which signature & which "package" they're verifying. If they're installing GPG or gpg4win, the instructions should include steps (or link to clear instructions) to first verify GPG itself (once), then a separate verification of downloaded Tor products - EVEN from TorProject's https site.

The statement, "make sure you've downloaded the file we intended you to get." means little to non-gpg users or slightly familiar. To many, they downloaded the correct platform package, therefore they "have the file intended for their OS." As far as they know, they did everything required.

#26836 Update and refresh the research portal Webpages/Website
Description

The research portal isn't the prettiest website, nor does it contain the most up to date information. This ticket will act as a central ticket for tasks around updating and refreshing the research portal.

#26837 Move the "research-ideas" tickets to research ideas page Webpages/Website
Description

The Metrics/Analysis trac component has been gathering tickets that are not really suited to being trac tickets. The Metrics team certainly isn't going to look at them any time soon. I had tagged these with the keyword research-ideas.

The ideas page is at https://research.torproject.org/ideas.html on the portal.

#27412 make bug tracker links on getinvolved page accessible without login qbi Webpages/Website
Description

The bug tracker link to Tor on https://www.torproject.org/getinvolved/volunteer.html.en requires a trac account. It is very unlikely that anyone visiting this page for the first time (like after clicking "Get Involved" on about:tor) is logged in.

This longer link gives the same result without login.

I don't know though if this should be fixed in trac or the website.

#27421 Tor security policy Webpages/Website website redesign
Description

Tor Project currently has not general security policy. We need to work out a security policy that covers all of Tor: See https://trac.torproject.org/projects/tor/ticket/13968#comment:27

#27423 Sign security.txt Webpages/Website website redesign
Description

From comment:6:ticket:25131:

I suggest we use the tor-security list key, or some other key that many people trust.

#27458 security.txt: Add acknowledgments page to honour our security researches Webpages/Website website redesign
Description

The page will be linked in https://torproject.org/.well-known/security.txt

Details: ​https://tools.ietf.org/html/draft-foudil-securitytxt-04#section-3.4.1 Basically a place to honour the work of former / current security researchers.

This could also go into #25475.

1 2 3 4 5
Note: See TracQuery for help on using queries.