Custom Query (74 matches)


Show under each result:

Results (61 - 74 of 74)

1 2 3 4 5
Ticket Summary Owner Component Milestone
#30601 Please add link to HackerOne bug bounty portal to contacts for security issues hiro Webpages/Website

We have a bug bounty program for Tor and Tor Browser at HackerOne. We should add a link to it when talking about reporting security bugs on

#30678 remove hardcoded capitalization from tpo css and templates hiro Webpages/Website

this does not work well in many languages. capitalization should be on the string itself.

#30709 expyuzz4wqqyqhjn.onion redirects to clearnet: hiro Webpages/Website

http://expyuzz4wqqyqhjn.onion/docs/tor-manual.html.en redirects to clearnet:

#30751 why SHA-256 or MD5 not in download section? hiro Webpages/Website

Hi. Thanks for very good service. This is not a bug. In download page i do not see any sha-256 or md5 for checksum downloaded file. i have seen GPG in:

but it hard method. Please beside GPG, write md5 and SHA-256 for checking file! It is very important PGP test for many people is hard.

#30838 Update the Debian instructions for experimental-0.4.1 hiro Webpages/Website Tor: unspecified

The 0.4.1 branch is now separate; the 0.3.4 branches are now deprecated.

We should update the website accordingly:

This change requires the change in #30836, and a successful nightly build of experimental-0.4.1.

#30936 clean up pronoun display in people page Webpages/Website

The people page would look better if we hid parts of the URL in the visible link text, e.g., displaying instead of The link would still go to the same place, though. (This also matches the conventions of a few other pages I've seen that use URLs.)

Merge request in

#31014 is not properly display on mobile devices antonela Webpages/Website

There is a glitch on making "Browse" only partly visible on my mobile phone.

#31125 Add Android to the Tor Browser Alpha download page hiro Webpages/Website

The Tor Browser Alpha download page at does not provide Android builds.

We should add the armv7, x86 and aarch64 Android builds somewhere on this page.

#31212 Document known long-term issues of Tor Browser hiro Webpages/Website

So far, while every Tor Browser release announcement points out known bugs specific to the most recent version, there's no documentation of preexisting issues that are not patched yet, and thus still affect current Tor Browser releases.

A summary of the most relevant ones would help users to keep track of those, and, if needed, adjust their set up/browsing behavior accordingly.

Furthermore, in case there are known ways to circumvent or mitigate a specific bug, the corresponding workaround could be shared as well.

To clarify what I mean: Tails' website is a fine example of how this could be implemented, their release announcement links to:

#31216 In the list of onion services run by the Tor Project, a domain name and an .onion-address link misdirect to the same wrong Tor Project https page hiro Webpages/Website

List of onion services run by the Tor project List of onion services run by the Tor project http://yz7lpwfhhzcdyc5y.onion/ The listed domain misdirects to The listed address http://sbe5fi5cka5l3fqe.onion/, corresponding with the listed domain, misdirects to Can we have the listed domain direct to

Can we have the listed address http://sbe5fi5cka5l3fqe.onion/, corresponding with the listed domain, direct to http://qrmfuxwgyzk5jdjz.onion/about/corepeople.html.en

#31295 please server Tor signature files with Content-Disposition that encourages a download rather than inline viewing hiro Webpages/Website

When i click on the sig link in (which points to ) i find the OpenPGP signature displayed in the browser directly, rather than being saved to a file.

But the instructions for verifying the OpenPGP signature seem to assume that the signature file has been downloaded as a file.

If you use Content-Disposition you should be able to encourage the web browser to save the signatures as a file in the same way that the installer is a file.

I'm attaching a HAR archive of what my browser (Firefox 68) did when clicking on the sig link, which i think verifies that no Content-Disposition header was sent.

#31342 Tor donor FAQ gives advice that may be illegal sstevenson Webpages/Website

The Tor donor FAQ could be seen to suggest breaking up payments to avoid being identified to IRS/governments/tax authorities. Could this be considered potentially against the law in some jurisdictions as per structuring laws?

Item 23 of quoted below.

Is the Tor Project required to identify me as a donor to the United States government, or to any other authority?

If you donate $5,000 or more to the Tor Project in a single year, we are required to report the donation amount and your name and address (if we have it) to the IRS, on Schedule B of the Form 990, which is filed annually. However, it's normal for nonprofits to redact individual donor information from the copy of the 990 that's made publicly-available, and that's what we do. We are not required to identify donors to any other organization or authority, and we do not. (Also, if you wanted, you could give us $4,999 in late 2018 and $4,999 in early 2019.)

Emphasis added.

Perhaps the last line in parenthesis could be left unsaid?

#31370 Adjust debian docs for stable buster hiro Webpages/Website

Bump stable to buster.

Keep even jessie as oldoldstable. Sensible? Well, it's still in the tor debian repos.

Also, as a separate commit, adjust the tor-experimental-0.3.4.x suite to 0.3.5.x which is what the repos has.

Commits are in docs branch of (although the web interface says the project is empty, um!)

#31417 Allow search engines to show descriptions for and pages hiro Webpages/Website

When I search DuckDuckGo for "tor man page", I see this result near the end of the first 10 results:
Search domain
We would like to show you a description here but the site won't allow us.

Please let search engines index the content of our website pages.

1 2 3 4 5
Note: See TracQuery for help on using queries.