Custom Query (68 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (31 - 45 of 68)

1 2 3 4 5
Ticket Summary Owner Component Milestone
#26539 add checksums to download page; make checksum vs. sig file purpose much clearer traumschule Webpages/Website
Description

Gpg recently failed to verify a Tor Browser download - a first for me. Since data errors in downloads aren't as common as years ago, I assumed an error in the *.asc sig file itself, or other issues.

Such as my Linux GPG version not playing well with the version used to sign Tor Browser.

I wanted to verify checksum of the downloaded TBB, but after a few searches on TorProject didn't find the checksum, I re-download TBB. It was faster in the long run, but it's a big package to re-download for users with limited data plans, when a few byte checksum would suffice to see if there was a download data error.

I propose that checksum files - or a prominent link, be added to the download page - not make users hunt them. That's how many well run projects seem to do it - app packages, sig files & checksums are all easily found, or have links on the same page.

The statement, "See our instructions on how to verify package signatures, which allows you to make sure you've downloaded the file we intended you to get. Also, note that the Firefox ESR in our bundles is modified from the default Firefox ESR " should be placed above the packages & sig files, where users are far more likely to see it.

The wording could be stronger, clearer - why users would want to verify the TBB / other packages PGP signatures of downloads, EVEN from TorProject's site (not rely solely on checksums). A brief statement why verifying signed packages is important & how it's unrelated to using checksums. If users (of anything) don't understand a real purpose or need, they're more likely to skip steps.

I could write something to make changes, additions & submit for consideration, but only if there's interest in making changes to general security methods to educate users, that work for many products.

  • Verification instructions: They're generally good & someone did a lot of work, but many users unfamiliar w/ PGP / GPG's real purpose & the procedures may be clueless.

On the Windows verify instructions (maybe Linux, OS X), it's unclear which signature & which "package" they're verifying. If they're installing GPG or gpg4win, the instructions should include steps (or link to clear instructions) to first verify GPG itself (once), then a separate verification of downloaded Tor products - EVEN from TorProject's https site.

The statement, "make sure you've downloaded the file we intended you to get." means little to non-gpg users or slightly familiar. To many, they downloaded the correct platform package, therefore they "have the file intended for their OS." As far as they know, they did everything required.

#26808 Publish policy documents on www.torproject.org ggus Webpages/Website
Description

Background

In the past years we worked on many policy documents (CoC, membership policy, etc). We should make them available on a prominent page on torproject.org.

Current situation

The policy documents are published in the gitweb: https://gitweb.torproject.org/community/policies.git/tree/

Some other bylaws can be found here: https://www.torproject.org/about/financials.html.en

Expected situation

Create a section within "About Tor" named "Policies". With a general text describing our current policies.

I would also suggest that we inline describe our current values, how membership works, how voting works, etc.

Create formatted versions of:

  • CoC
  • Membership guidelines
  • statement of values
  • voting system
  • board documents (like bylaws)
  • ...

and link them from the main policy page.

*Timeline*

I would suggest that we collect ideas within this ticket and make a meeting in Mexico :-)

#26836 Update and refresh the research portal Webpages/Website
Description

The research portal isn't the prettiest website, nor does it contain the most up to date information. This ticket will act as a central ticket for tasks around updating and refreshing the research portal.

#26837 Move the "research-ideas" tickets to research ideas page Webpages/Website
Description

The Metrics/Analysis trac component has been gathering tickets that are not really suited to being trac tickets. The Metrics team certainly isn't going to look at them any time soon. I had tagged these with the keyword research-ideas.

The ideas page is at https://research.torproject.org/ideas.html on the portal.

#27412 make bug tracker links on getinvolved page accessible without login qbi Webpages/Website
Description

The bug tracker link to Tor on https://www.torproject.org/getinvolved/volunteer.html.en requires a trac account. It is very unlikely that anyone visiting this page for the first time (like after clicking "Get Involved" on about:tor) is logged in.

This longer link gives the same result without login.

I don't know though if this should be fixed in trac or the website.

#27421 Tor security policy Webpages/Website website redesign
Description

Tor Project currently has not general security policy. We need to work out a security policy that covers all of Tor: See https://trac.torproject.org/projects/tor/ticket/13968#comment:27

#27423 Sign security.txt Webpages/Website website redesign
Description

From comment:6:ticket:25131:

I suggest we use the tor-security list key, or some other key that many people trust.

#27458 security.txt: Add acknowledgments page to honour our security researches Webpages/Website website redesign
Description

The page will be linked in https://torproject.org/.well-known/security.txt

Details: ​https://tools.ietf.org/html/draft-foudil-securitytxt-04#section-3.4.1 Basically a place to honour the work of former / current security researchers.

This could also go into #25475.

#27669 Replace recommendations to use tor-ramdisk with something better Webpages/Website
Description

arma lately mentioned that it is probably not a good idea anymore to use tor-ramdisk. I am looking into alternatives.

Currently tor-ramdisk is mentioned on the new (coming) community projects list (#16576) and the volunteer page: http://expyuzz4wqqyqhjn.onion/projects/projects.html.en https://github.com/torproject/webwml/pull/38

Also the wiki links it at several places: AutomationInventory doc/VM doc/EmbeddedTips

Wikipedia has a page about it (#27668).

Adding #13703 as parent to let them know of each other.

Which are good alternatives (in use)?

#28783 Incomplete Content-Security-Policy blocks video on "Set up Relays" page hiro Webpages/Website
Description

Affected page: https://www.torproject.org/getinvolved/relays.html.en

Problem: "No video with supported format and MIME type found" The video's URL is https://media.torproject.org/video/2012-03-04-BuildingBridges.ogv and forbidden by CSP.

Solution: Change

Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'

(https://www.hardenize.com/report/torproject.org/1544035352#www_csp)

to

Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; media-src 'self' https://media.torproject.org

or even to

Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; media-src 'self' https://media.torproject.org; frame-ancestors 'self'; block-all-mixed-content; disown-opener; plugin-types application/pdf; base-uri 'self'

#28829 Add reproducible builds verification notes for Android to our verifying signature page tbb-team Webpages/Website
Description

On https://www.torproject.org/docs/verifying-signatures.html.en#BuildVerification we outline how to make a link between the bundles we actually ship (including update files) to the artifacts one gets by following our reproducible builds path.

So far, this contains instructions for Linux and Windows bundles. macOS is tricky and dealt with in #18925.

This ticket is to add respective instructions for our .apk file(s) we ship.

#29200 Make more accessible Core Tor documentation pili Webpages/Website website redesign
Description

There's Core Tor documentation distributed in three (at least) sources. Even if it's documentation intended for developers, it'd be great that it would be more accessible by providing the HTML version online and using some torproject.org subdomain or path or links. The sources are:

I can provide scripts to generate/convert the documentation automatically. We would need to decide where to put it, maybe get subdomain and get access to the server where it would live.

#29495 Running site fails with python 2.x hiro Webpages/Website
Description

When running our new website with 'lektor server' python 2.x stacktraces, and fails to load 'about' pages. Hopefully I'll be able to provide a branch to pull from for future patches (#29493), but until then providing attaching a patch file you should be able to apply with 'git am 0001-Stacktrace-when-launching-lektor-server.patch'.

#29504 Add keywords to website hiro Webpages/Website
Description

add global keywords: tor, the tor project, tor project, privacy, anonymity, privacy tool, censorship, censorship circumvention, private browsing, incognito browsing, anonymity network, tor network, onion services, the onion router, human rights, free expression, free expression online, free speech online, digital rights, activism, digital activist, private research, privacy research, technology, privacy technology, anonymity technology, tracking, surveillance, online surveillance, website tracking, stop website tracking, stop surveillance, online security, secure browser, private browser, privacy tool, anonymity tool, hidden services, metadata protection, activist tools, internet privacy, online privacy, safe browsing, nonprofit, tor browser, tor browser download, android browser, tor browser for android, what is tor, private mode, first amendment, open web, private search, private network, decentralized network, decentralization, encryption, cryptography, whistleblowers, snowden, online safety

#29836 Replace torflow by sbws in volunteer page hiro Webpages/Website
Description

I realized that https://www.torproject.org/about/gsoc.html.en is pointing to https://www.torproject.org/getinvolved/volunteer.html.en#Projects and torflow is listed there. We decided to don't do any improvements on torflow but on sbws.

1 2 3 4 5
Note: See TracQuery for help on using queries.