Custom Query (54 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (31 - 45 of 54)

1 2 3 4
Ticket Summary Owner Component Milestone
#24133 community.torproject.org work pili Webpages/Website website redesign
Description

This is the main ticket for the work related to creating community.torproject.org

  • Main stakeholders of this project:
  • Designer for this project: Antonela
  • Developer for this project: Hiro
  • PM for this project: Isabela

Project phases:

  1. content architecture - map current content related to the portal and organize it
  1. whiteboard draw organization of the content into pages
  1. wireframe these pages
  1. create design for these pages [these include design reviews till we are happy with what we have]
  1. start organizing content for the pages (with the design already done we will be working with that)
  1. update high definition mockups with real content
  1. guerrilla user testing #1
  1. start coding the pages
  1. once content is finished we upload them on transifex for translation to start
  1. Once coding is done we can start QA by language (as translations gets complete)
  1. [we could do another user test here too before launch if we want - or we can run one after lunch and continue iteration]
#27412 make bug tracker links on getinvolved page accessible without login qbi Webpages/Website
Description

The bug tracker link to Tor on https://www.torproject.org/getinvolved/volunteer.html.en requires a trac account. It is very unlikely that anyone visiting this page for the first time (like after clicking "Get Involved" on about:tor) is logged in.

This longer link gives the same result without login.

I don't know though if this should be fixed in trac or the website.

#18925 Add instructions for removing the code signing parts of OS X bundles and MAR files tbb-team Webpages/Website
Description

We start with code signing on OS X now and should have instructions on our website for getting rid of the code signing parts to make it easier for comparing the things we ship with the things we built.

#23446 Write a guidelines documentation for requirements with Tor integration by third parties tbb-team Webpages/Website website redesign
Description

I heard that one of the discussions in the Montreal meeting was "Encouraging Tor integration by third parties" which spawned for me the idea that there must be some guidelines documentation the requirements that should be met for each use case. For example for browsers (where integrating Tor is a goal with Brave in private browsing and it has been suggested by the (ex?)-CEO of Mozilla) among the requirements I can think of,

  1. Having the user agent the same as the Tor Browser (Otherwise fingerprinting would be easy).
  2. Stream isolation should be enforced, otherwise a single exit can watch all traffic.
  3. First party isolation should be enforced.
  4. ...etc

Of course there's already the Tor Browser design documentation, but it doesn't address this question directly, and more importantly those folks don't want to make an alternative Tor Browser, rather just a "Tor mode" to their private browsing that can enable true privacy by design.

What do you think of such an idea?

Note that this finds its parallel with little-t-tor in another ticket that I couldn't find about alternative implementations of the tor client.

#28829 Add reproducible builds verification notes for Android to our verifying signature page tbb-team Webpages/Website
Description

On https://www.torproject.org/docs/verifying-signatures.html.en#BuildVerification we outline how to make a link between the bundles we actually ship (including update files) to the artifacts one gets by following our reproducible builds path.

So far, this contains instructions for Linux and Windows bundles. macOS is tricky and dealt with in #18925.

This ticket is to add respective instructions for our .apk file(s) we ship.

#17393 Make the various javascript on Tor sites be LibreJS-compatible? traumschule Webpages/Website WebsiteV3
Description

On reading https://www.gnu.org/software/repo-criteria.html (as pointed out on tor-talk), I came across "B0": "All code sent to the user's browser must be free software and labeled for LibreJS or other suitable free automatic license analyzer".

I don't know anything about the politics behind libre JS or the like, but I know some of the Tor sites use JavaScript, and I also know we're not meaning to keep any of it non-free.

Is there some enthusiastic free software zealot out there who wants to inventory the javascript used on various Tor sites, and move us closer to labeling it all as free?

#17413 Usability of MacOS installation process traumschule Webpages/Website WebsiteV3
Description

Usability of MacOS installation process

Consequence: User is unable to verify package signature

Steps to reproduce:

  1. Download Tor browser
  1. Go to https://www.torproject.org/docs/verifying-signatures.html.en for instructions.
  1. Read the block of text for MacOS and Linux.
  1. Follow the link at the bottom of that section to:

https://www.gnupg.org/documentation/

  1. Struggle with the information on that page.
  1. Try to go to the SourceForge link there for GPG Mac download.

uBlock Origin blockade: uBlock Origin has prevented the following page from loading:http://macgpg.sourceforge.net/

Because of the following filter

sourceforge.net$other

Found in: uBlock filters – Badware risks

  1. Give up.

What should have happened:

Follow the GPGTools link at the top of the Tor page's Mac/Linux instruction block. https://www.torproject.org/docs/verifying-signatures.html.en


Suggested fixes:

  • Divide the MacOS instructions from the Linux instructions.
  • Add numbers to the procedures... something like this, for the MacOS:
  1. Download Tor Browser and save the signature.asc to your Desktop.
  2. Download and install GPGTools.
  3. Open a Terminal window (Terminal is in /Applications/Utilities or find it with search)
  4. Paste the following into the terminal: [... ...]

...adding links appropriately in the procedure

  • Use link colors to help people visually scan through the pages. Take advantage of the human tendency to skim over text and just read the bold, colored stuff:

-Use a color with better contrast against black (the green is wonderful but too dark for good contrast) -Include more keywords in links

  • Related installation issue that probably belongs somewhere else:

Opening the DMG and installing the Tor Browser: The application file shows a file modification date of Dec 31, 1999, so it's difficult to know whether the downloaded one is newer than one I have already. No version number is in the file name. Get Info (cmd-I) (which not every Mac user knows about) does show a version number, and it also shows the file has a creation date of Dec 31, 2000, which is before the mod date. The weird dates might cause version control issues but are also likely to worry people who see them.

#22076 adjust text shown on screen based on size of text traumschule Webpages/Website WebsiteV3
Description

When viewing this web page I find I have to increase the size of text because I have poor vision.

If I use the control-+ to increase the text size, your web page forces me to scroll the window left to right to read lines of text.

Use the method that wikipedia.com uses for displaying the screen.

wikipedia.com adjusts the text to fit within the displayed window by making lines shorter as text size increases and making lines longer as text size increases.

Go to wikipedia.com and view any entry. Then do a control-+ to increase text size and see what it does. Then do a control-- to reduce size of text and see what it does. NOTE: I am using Ubuntu 16.04 - hence my control-+ increases text size and control-- will decrease text size. I don't know what keys are used to do this with other operating systems.

Just an idea from a 71 year old with bad eyes.

#25475 TB Credits traumschule Webpages/Website website redesign
Description

We should have a page of contributors, either on the website or Tor browser. Tor Community members, translators etc

#26539 add checksums to download page; make checksum vs. sig file purpose much clearer traumschule Webpages/Website
Description

Gpg recently failed to verify a Tor Browser download - a first for me. Since data errors in downloads aren't as common as years ago, I assumed an error in the *.asc sig file itself, or other issues.

Such as my Linux GPG version not playing well with the version used to sign Tor Browser.

I wanted to verify checksum of the downloaded TBB, but after a few searches on TorProject didn't find the checksum, I re-download TBB. It was faster in the long run, but it's a big package to re-download for users with limited data plans, when a few byte checksum would suffice to see if there was a download data error.

I propose that checksum files - or a prominent link, be added to the download page - not make users hunt them. That's how many well run projects seem to do it - app packages, sig files & checksums are all easily found, or have links on the same page.

The statement, "See our instructions on how to verify package signatures, which allows you to make sure you've downloaded the file we intended you to get. Also, note that the Firefox ESR in our bundles is modified from the default Firefox ESR " should be placed above the packages & sig files, where users are far more likely to see it.

The wording could be stronger, clearer - why users would want to verify the TBB / other packages PGP signatures of downloads, EVEN from TorProject's site (not rely solely on checksums). A brief statement why verifying signed packages is important & how it's unrelated to using checksums. If users (of anything) don't understand a real purpose or need, they're more likely to skip steps.

I could write something to make changes, additions & submit for consideration, but only if there's interest in making changes to general security methods to educate users, that work for many products.

  • Verification instructions: They're generally good & someone did a lot of work, but many users unfamiliar w/ PGP / GPG's real purpose & the procedures may be clueless.

On the Windows verify instructions (maybe Linux, OS X), it's unclear which signature & which "package" they're verifying. If they're installing GPG or gpg4win, the instructions should include steps (or link to clear instructions) to first verify GPG itself (once), then a separate verification of downloaded Tor products - EVEN from TorProject's https site.

The statement, "make sure you've downloaded the file we intended you to get." means little to non-gpg users or slightly familiar. To many, they downloaded the correct platform package, therefore they "have the file intended for their OS." As far as they know, they did everything required.

#22637 Find a more maintainable approach for the signing-keys page Webpages/Website website redesign
Description

Right now we have this page: https://www.torproject.org/docs/signing-keys which is supposed to provide an official set of keys that have signed various Tor packages in the past.

We pointed to it from https://www.torproject.org/docs/verifying-signatures among other places.

But people keep generating new subkeys, so the text on that page goes out of date after a month or so.

We should come up with a better way to distribute these keys, in a way that provides good enough authenticity while being easy to automate.

Maybe that's a script that gets run every so often to generate the page automatically? Maybe that's creating a gpg keyring with the right keys on it, and getting rid of the webpage?

We can think of this as part of the grand website redo, but also we can think of it as a bitesized improvement that needs to be made and can be independent of the grand website redo.

#23266 Carryover Tasks Webpages/Website website redesign
Description

This page keeps track of things we need to fix in the old torproject.org that we'll still need to fix when we make a new version of torproject.org.

#23432 Move CSP style attributes into external stylesheets Webpages/Website website redesign
Description

Suggested by the Mozilla Observatory https://observatory.mozilla.org/analyze.html?host=torproject.org

Your current CSP policy allows the use of 'unsafe-inline' inside of style-src. Moving style attributes into external stylesheets not only makes you safer, but also makes your code easier to maintain.

#24727 Add onion service for check.torproject.org and use it Webpages/Website
Description

Currently check.torproject.org don't have onion. Use .onion to determine whether user is via Tor or not.

#25131 Add a security.txt file to torproject.org Webpages/Website website redesign
Description

security.txt files give people the information they need to contact Tor when they find a security issue.

It's an IETF draft, and Google has done it, so maybe we should too: https://securitytxt.org/

We can use the existing information at: https://www.torproject.org/about/contact#security

And we might want to:

  • add a PGP key file
  • add a signature
  • maybe add a policy or acknowledgements when we decide how they work
1 2 3 4
Note: See TracQuery for help on using queries.