Custom Query (71 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (46 - 60 of 71)

1 2 3 4 5
Ticket Summary Owner Component Milestone
#29200 Make more accessible Core Tor documentation pili Webpages/Website website redesign
Description

There's Core Tor documentation distributed in three (at least) sources. Even if it's documentation intended for developers, it'd be great that it would be more accessible by providing the HTML version online and using some torproject.org subdomain or path or links. The sources are:

I can provide scripts to generate/convert the documentation automatically. We would need to decide where to put it, maybe get subdomain and get access to the server where it would live.

#27412 make bug tracker links on getinvolved page accessible without login qbi Webpages/Website
Description

The bug tracker link to Tor on https://www.torproject.org/getinvolved/volunteer.html.en requires a trac account. It is very unlikely that anyone visiting this page for the first time (like after clicking "Get Involved" on about:tor) is logged in.

This longer link gives the same result without login.

I don't know though if this should be fixed in trac or the website.

#31342 Tor donor FAQ gives advice that may be illegal sstevenson Webpages/Website
Description

The Tor donor FAQ could be seen to suggest breaking up payments to avoid being identified to IRS/governments/tax authorities. Could this be considered potentially against the law in some jurisdictions as per structuring laws? https://en.wikipedia.org/wiki/Structuring#Definition

Item 23 of https://donate.torproject.org/donor-faq quoted below.

Is the Tor Project required to identify me as a donor to the United States government, or to any other authority?

If you donate $5,000 or more to the Tor Project in a single year, we are required to report the donation amount and your name and address (if we have it) to the IRS, on Schedule B of the Form 990, which is filed annually. However, it's normal for nonprofits to redact individual donor information from the copy of the 990 that's made publicly-available, and that's what we do. We are not required to identify donors to any other organization or authority, and we do not. (Also, if you wanted, you could give us $4,999 in late 2018 and $4,999 in early 2019.)

Emphasis added.

Perhaps the last line in parenthesis could be left unsaid?

#18925 Add instructions for removing the code signing parts of OS X bundles and MAR files tbb-team Webpages/Website
Description

We start with code signing on OS X now and should have instructions on our website for getting rid of the code signing parts to make it easier for comparing the things we ship with the things we built.

#23446 Write a guidelines documentation for requirements with Tor integration by third parties tbb-team Webpages/Website website redesign
Description

I heard that one of the discussions in the Montreal meeting was "Encouraging Tor integration by third parties" which spawned for me the idea that there must be some guidelines documentation the requirements that should be met for each use case. For example for browsers (where integrating Tor is a goal with Brave in private browsing and it has been suggested by the (ex?)-CEO of Mozilla) among the requirements I can think of,

  1. Having the user agent the same as the Tor Browser (Otherwise fingerprinting would be easy).
  2. Stream isolation should be enforced, otherwise a single exit can watch all traffic.
  3. First party isolation should be enforced.
  4. ...etc

Of course there's already the Tor Browser design documentation, but it doesn't address this question directly, and more importantly those folks don't want to make an alternative Tor Browser, rather just a "Tor mode" to their private browsing that can enable true privacy by design.

What do you think of such an idea?

Note that this finds its parallel with little-t-tor in another ticket that I couldn't find about alternative implementations of the tor client.

#28829 Add reproducible builds verification notes for Android to our verifying signature page tbb-team Webpages/Website
Description

On https://www.torproject.org/docs/verifying-signatures.html.en#BuildVerification we outline how to make a link between the bundles we actually ship (including update files) to the artifacts one gets by following our reproducible builds path.

So far, this contains instructions for Linux and Windows bundles. macOS is tricky and dealt with in #18925.

This ticket is to add respective instructions for our .apk file(s) we ship.

#14686 Consolidate or de-emphasize our many download pages traumschule Webpages/Website WebsiteV3
Description

During the UX Sprint, several of the users found alternate download pages other than download-easy, and became confused. If you search for Tor, download Tor, or Tor Browser, you get one of the following links:

https://www.torproject.org/download/download https://www.torproject.org/projects/torbrowser.html.en https://www.torproject.org/download/download-easy.html

Each of these has a different flow for downloading Tor Browser, and all but download-easy caused users to stop and become confused. I personally think https://www.torproject.org/download/download should simply redirect to download-easy, and the https://www.torproject.org/projects/torbrowser.html.en page should remove the matrix and either behave like download-easy, or its download button should take the user to download-easy.

We will still need some place to put installation instructions, and the alpha downloads, but those should be broken off into different pages that replace the outdated mess in https://www.torproject.org/docs/documentation.html.en.

#17393 Make the various javascript on Tor sites be LibreJS-compatible? traumschule Webpages/Website WebsiteV3
Description

On reading https://www.gnu.org/software/repo-criteria.html (as pointed out on tor-talk), I came across "B0": "All code sent to the user's browser must be free software and labeled for LibreJS or other suitable free automatic license analyzer".

I don't know anything about the politics behind libre JS or the like, but I know some of the Tor sites use JavaScript, and I also know we're not meaning to keep any of it non-free.

Is there some enthusiastic free software zealot out there who wants to inventory the javascript used on various Tor sites, and move us closer to labeling it all as free?

#17413 Usability of MacOS installation process traumschule Webpages/Website WebsiteV3
Description

Usability of MacOS installation process

Consequence: User is unable to verify package signature

Steps to reproduce:

  1. Download Tor browser
  1. Go to https://www.torproject.org/docs/verifying-signatures.html.en for instructions.
  1. Read the block of text for MacOS and Linux.
  1. Follow the link at the bottom of that section to:

https://www.gnupg.org/documentation/

  1. Struggle with the information on that page.
  1. Try to go to the SourceForge link there for GPG Mac download.

uBlock Origin blockade: uBlock Origin has prevented the following page from loading:http://macgpg.sourceforge.net/

Because of the following filter

sourceforge.net$other

Found in: uBlock filters – Badware risks

  1. Give up.

What should have happened:

Follow the GPGTools link at the top of the Tor page's Mac/Linux instruction block. https://www.torproject.org/docs/verifying-signatures.html.en


Suggested fixes:

  • Divide the MacOS instructions from the Linux instructions.
  • Add numbers to the procedures... something like this, for the MacOS:
  1. Download Tor Browser and save the signature.asc to your Desktop.
  2. Download and install GPGTools.
  3. Open a Terminal window (Terminal is in /Applications/Utilities or find it with search)
  4. Paste the following into the terminal: [... ...]

...adding links appropriately in the procedure

  • Use link colors to help people visually scan through the pages. Take advantage of the human tendency to skim over text and just read the bold, colored stuff:

-Use a color with better contrast against black (the green is wonderful but too dark for good contrast) -Include more keywords in links

  • Related installation issue that probably belongs somewhere else:

Opening the DMG and installing the Tor Browser: The application file shows a file modification date of Dec 31, 1999, so it's difficult to know whether the downloaded one is newer than one I have already. No version number is in the file name. Get Info (cmd-I) (which not every Mac user knows about) does show a version number, and it also shows the file has a creation date of Dec 31, 2000, which is before the mod date. The weird dates might cause version control issues but are also likely to worry people who see them.

#22076 adjust text shown on screen based on size of text traumschule Webpages/Website WebsiteV3
Description

When viewing this web page I find I have to increase the size of text because I have poor vision.

If I use the control-+ to increase the text size, your web page forces me to scroll the window left to right to read lines of text.

Use the method that wikipedia.com uses for displaying the screen.

wikipedia.com adjusts the text to fit within the displayed window by making lines shorter as text size increases and making lines longer as text size increases.

Go to wikipedia.com and view any entry. Then do a control-+ to increase text size and see what it does. Then do a control-- to reduce size of text and see what it does. NOTE: I am using Ubuntu 16.04 - hence my control-+ increases text size and control-- will decrease text size. I don't know what keys are used to do this with other operating systems.

Just an idea from a 71 year old with bad eyes.

#25475 TB Credits traumschule Webpages/Website website redesign
Description

We should have a page of contributors, either on the website or Tor browser. Tor Community members, translators etc

#26539 add checksums to download page; make checksum vs. sig file purpose much clearer traumschule Webpages/Website
Description

Gpg recently failed to verify a Tor Browser download - a first for me. Since data errors in downloads aren't as common as years ago, I assumed an error in the *.asc sig file itself, or other issues.

Such as my Linux GPG version not playing well with the version used to sign Tor Browser.

I wanted to verify checksum of the downloaded TBB, but after a few searches on TorProject didn't find the checksum, I re-download TBB. It was faster in the long run, but it's a big package to re-download for users with limited data plans, when a few byte checksum would suffice to see if there was a download data error.

I propose that checksum files - or a prominent link, be added to the download page - not make users hunt them. That's how many well run projects seem to do it - app packages, sig files & checksums are all easily found, or have links on the same page.

The statement, "See our instructions on how to verify package signatures, which allows you to make sure you've downloaded the file we intended you to get. Also, note that the Firefox ESR in our bundles is modified from the default Firefox ESR " should be placed above the packages & sig files, where users are far more likely to see it.

The wording could be stronger, clearer - why users would want to verify the TBB / other packages PGP signatures of downloads, EVEN from TorProject's site (not rely solely on checksums). A brief statement why verifying signed packages is important & how it's unrelated to using checksums. If users (of anything) don't understand a real purpose or need, they're more likely to skip steps.

I could write something to make changes, additions & submit for consideration, but only if there's interest in making changes to general security methods to educate users, that work for many products.

  • Verification instructions: They're generally good & someone did a lot of work, but many users unfamiliar w/ PGP / GPG's real purpose & the procedures may be clueless.

On the Windows verify instructions (maybe Linux, OS X), it's unclear which signature & which "package" they're verifying. If they're installing GPG or gpg4win, the instructions should include steps (or link to clear instructions) to first verify GPG itself (once), then a separate verification of downloaded Tor products - EVEN from TorProject's https site.

The statement, "make sure you've downloaded the file we intended you to get." means little to non-gpg users or slightly familiar. To many, they downloaded the correct platform package, therefore they "have the file intended for their OS." As far as they know, they did everything required.

#22637 Find a more maintainable approach for the signing-keys page Webpages/Website website redesign
Description

Right now we have this page: https://www.torproject.org/docs/signing-keys which is supposed to provide an official set of keys that have signed various Tor packages in the past.

We pointed to it from https://www.torproject.org/docs/verifying-signatures among other places.

But people keep generating new subkeys, so the text on that page goes out of date after a month or so.

We should come up with a better way to distribute these keys, in a way that provides good enough authenticity while being easy to automate.

Maybe that's a script that gets run every so often to generate the page automatically? Maybe that's creating a gpg keyring with the right keys on it, and getting rid of the webpage?

We can think of this as part of the grand website redo, but also we can think of it as a bitesized improvement that needs to be made and can be independent of the grand website redo.

#23266 Carryover Tasks Webpages/Website website redesign
Description

This page keeps track of things we need to fix in the old torproject.org that we'll still need to fix when we make a new version of torproject.org.

#23432 Move CSP style attributes into external stylesheets Webpages/Website website redesign
Description

Suggested by the Mozilla Observatory https://observatory.mozilla.org/analyze.html?host=torproject.org

Your current CSP policy allows the use of 'unsafe-inline' inside of style-src. Moving style attributes into external stylesheets not only makes you safer, but also makes your code easier to maintain.

1 2 3 4 5
Note: See TracQuery for help on using queries.