Custom Query (4548 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (901 - 1000 of 4548)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Ticket Summary Status Owner Type Priority Milestone
#11311 httpse-ruleset-bug: wistia ruleset breaks some video thumbnail generation new pde defect Medium
Description

My HTTPS-E version is actually 3.4.5, but I didn't see that listed in the version field...

Problem url: http://www.bitplane.com/learning

Click on "Advanced Search", and filter the list for "tutorial videos" or "webinar recordings" -> thumbnails of the flash videos (hosted by wistia) are generally not visible. If you choose "application video gallery" instead, those flash video thumbnails (also wistia-hosted) work fine.

I noticed one difference is that the videos with thumbnails that work are playing back in a floating overlay window, but the ones where thumbnails fail are playing back in a player that's embedded in the webpage.

The reason I submitted this as a ruleset bug for the wistia domains is that, if I disable the "Wistia (parial)" ruleset, all the video thumbnails are generated just fine.

Since Wistia sells video hosting services, I guess this may affect other customers of theirs besides bitplane.com, but I don't know of any other specific ones other than their "sister site": http://www.andor.com/learning-academy?type=video (Bitplane is an Andor / Oxford Instruments company)

#11325 RFE: Adhere to XDB base directory specification new defect Low Tor: unspecified
Description

As noted by a Fedora user [1], when running Tor as a regular user it creates "$HOME/.tor" instead of "$XDG_CACHE_HOME/.tor", which is advised by the XDG specification [2] for user-specific non-essential (cached) data. Would you consider adhering to this specification?

[1] https://bugzilla.redhat.com/show_bug.cgi?id=968163 [2] http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

#11327 Dir auths should choose Fast and Guard flags by consensus weight if they don't measure needs_revision TvdW defect High Tor: 0.3.???
Description

In #8435 we made directory-authorities-that-run-bwauths stop voting Fast or Guard for relays they hadn't measured yet.

But as I pointed out in https://trac.torproject.org/projects/tor/ticket/8435#comment:13, since only a minority of dir auths run bwauths, the majority of dir auths are still voting Fast and Guard based on descriptor bandwidths.

So while the title of ticket #8435 says "Ignore advertised bandwidths for flags once we have enough measured bandwidths", the ChangeLog entry is more accurate:

    - Directory authorities that have more than a threshold number
      of relays with measured bandwidths now treat relays with unmeasured
      bandwidths as having bandwidth 0. Resolves ticket 8435.

We should at some point actually do the original goal, which is to give Fast to the 7/8s of relays whose consensus weights are highest, and Guard to the 1/2 of relays whose consensus weights are highest and who match the other guard constraints.

#11328 Dir auths should compute Guard WFU using the consensus, not private history assigned defect Medium Tor: 0.3.???
Description

Currently directory authorities track the presence of each relay and keep notes about their view locally. Then when it comes time to vote about Guard, they look at their notes and decide what fraction of the past interval the relay was up for.

But it doesn't matter anymore to clients whether the directory authority could reach the relay for that time. The question as of the v3 directory design is whether the relay was in the consensus.

So it seems like the directory authorities should be basing their measurements off "is it in the consensus this hour".

#11337 Reimplement (move relevant functions, delete extra redundant code) of pdfSteg.cc, swfSteg.cc, jsSteg.cc as children of FileStegMod new vmon defect High
Description

It seems that SRI implementation of all steg modules have almost identical implementation of:

http_handle_client_XXX_receive http_server_XXX_transmit

As programmers usually do not duplicate a code that they need to use twice, instead, often they write a function and call it twice (surprisingly that was exactly the reason for which functions were invented in the first place), I came up with the following revolutionary solution:

I made a FileStegMod class (file_steg.h/.cc) which has only one copy of the above mention functions other steg module should be inherited from this class and call the parent function instead, so we don't need to keep zillion copies of these functions in our code.

Also doing so, it will uniformize the code (new steg modules are already children of FileStegMod) and as such, considerably simplify it.

#11341 Khmer translation new phoul defect Medium 2014 Tor Blog Replacement
Description

Hi,

I finished translation for TorBrowser at: https://www.transifex.com/projects/p/torproject/language/km/

Could you please build Khmer translations in the next release? and when will the next release happen?

Regards,

Sokhem

#11343 TorLauncher's UI should warn users when a bridge fingerprint appears to be incomplete new brade defect Medium
Description

A Tails user reported some trouble using the new Tails (version 0.23) which includes TorLauncher. They were entering a bridge line, and were confused why it was not working. After some troubleshooting, we determined that they had only entered 27 (out of 40) of the characters of the bridge's fingerprint. Perhaps it would help users to have some sort of feedback on this? The simplest would be: when they hit "OK", to take them back and display a message saying "Oops! It looks like you were trying to enter a bridge fingerprint. Bridge fingerprints are 40 characters long, and you only have 27!" More complicated: while they are typing the fingerprint, display a dynamic message which counts down the number of characters missing. For posterity, here is the conversation from #tails:

00:55  alster ) i'm just trying to run tails for the first time actually, with
                a bridges setup, but having trouble to get past the point where
                i need to type the bridges.
00:56  alster ) but the error message actually sounds like i may have a typo
00:56  alster ) [warn] key digest for bridge is wrong
00:57  velope ) hmm, are you entering a fingerprint for the bridge? don't.
00:57  alster ) [warn] controller gave us config lines that didn't validate:
                Bridge line did not parse. See logs for details.
00:58  alster ) the lines i got in the box look like this:
00:58  alster ) bridge obfs3 <IPv4> <HASH>
00:59  alster ) i guess the HASH is the fingerprint you're referring to?
00:59    isis ) yes, HASH is the fingerprint
00:59  alster ) actually that's
00:59  alster ) bridge obfs3 <IPv4:PORT> <HASH>
00:59    isis ) that should be correct
01:00  alster ) so what i should be using is this instead?
01:00  alster ) bridge obfs3 <IPv4:PORT>
01:00  alster ) correct?
01:00    isis ) i am not sure, i have not tried the new tails yet, but you really want the fingerprint in there, otherwise you could be trivially man-in-the-middled
01:01    isis ) so if tails is not handing the fingerprint correctly, that is a
                serious bug
01:01  alster ) maybe i don't want the leading "bridge"? since bridges.torproject.org does not output this
01:02    isis ) well, i write the code for bridges.tpo
01:02  alster ) well i entered the data manually, so chances are i just
                misspelled it
01:02    isis ) and the only reason we stopped putting the 'bridge ' at the
                beginning was because vidalia is idiotic and didn't handle it
                correctly
01:03    isis ) torlauncher explicitly has code to handle lines which either start
                with 'bridge ', or with the transport method, or with the IP:PORT
01:03  alster ) i assume the fingerprints should be the exact same # of characters
                always, right?
01:03    isis ) yes, always 40 chars
01:04    isis ) though? perhaps? is your bridge's fingerprint all uppercase or
                all lowercase?
01:04  alster ) all lowercase
01:04    isis ) bridges.torproject.org currently returns lowercase
01:05  alster ) i just checked, https://bridges.torproject.org gave me 2
                fingerprints with 40 characters each
01:05  alster ) but one of those i typed has 29 only
01:05  alster ) so it's my fault
01:05    isis ) ah, okay, that make sense :)
01:06    isis ) but perhaps torlauncher should be a bit smarter and tell you
                that that was the problem
01:06    arma ) isis: you could be man-in-the-middled for your first hop, but
                not your second or third. and if they're in a position to
                man-in-the-middle your first hop, they're in a position to
                do traffic analysis on it. so either way you'd best hope
                they're not watching the other end too. and if they are, it
                doesn't matter that they can mitm the first end.
01:06    isis ) arma: yes, true
01:07    arma ) that's why i was fine giving out bridges without fingerprints
01:07    arma ) it seems there's been a big push lately to switch to "you must
                have a fingerprint"
01:07    arma ) which seems to really harm usability
01:07    isis ) arma: though mitm'ing the first hop opens the grounds for more
                attacks than just analysis, like the replay attack and xor'ing
                in tags into the encrypted streams
01:08    isis ) arma: but this is the first i've heard of a usability issue
                with the fingerprints, is this normal? there are lots of these
                problems?
01:08  alster ) this GUI definitely needs something like "okay, you entered 27
                characters so far, 13 more to go."
01:09  alster ) also, the lines you enter there do currently wrap
01:09  alster ) (making it hard to read)
01:09    isis ) yes, i agree, it definitely should tell you that something was
                amok
01:09    arma ) isis: anybody who tries to manually copy a bridge line will
                basically fail if it's more than an ip and a port and maybe a
                few more characters
01:10    isis ) arma: i can give them a QR code with two lines of python,
                would that help?
01:10    arma ) but also, good point, they can get in past the tls if they can
                mitm the bridge. which is meaningful.
01:11    arma ) would the qr code help this tails person? probably not. would it
                help an orbot person? maybe.
01:11  alster ) presenting the fingerprint in a user friendly way (and having a
                user freindly input on the other end) would help
01:12  alster ) so think of images of fruits or whatever
01:12    isis ) should there be a "Wat? You expect me to type that in? Give me
                a QR code!" button on BridgeDB when you get bridges?
01:13  velope ) the GUI could be better, but for most people anything involving
                long meaningless strings is massive fail
01:13    isis ) hmm, the images of fruits thing becomes much harder to do, i
                think, because it would need to be something that the bridge
                puts in their descriptor (so that your tor could check it when
                you try to connect to the bridge)
01:14    isis ) hmm. i will need to think about this more.
01:14  velope ) "needs proposal"
01:15    isis ) though torlauncher should also be okay if there is no
                fingerprint at all
01:15  velope ) it is
#11361 Cloudefront rules block kitebit.com downloads new pde defect Medium
Description

When downloading some files from https://kitebit.com/, we are sent a link on http://ds6mgb82jxf5h.cloudfront.net/. However https-everywhere redirects to an https version of the URL which gives a permission denied error.

I suggest adding the following exclusion to the cloudfront rule:

<exclusion pattern="^http://ds6mgb82jxf5h\.cloudfront\.net" />
#11363 QR,DIR ports bind to 0.0.0.0 even when I tell tor otherwise. new defect Medium
Description

Hello, I am running a tor middle relay on a high bandwidth connection but an running into a problem which is causing me more frustration then needed.

I have multiple virtual ip's on my servers NIC. I only want ports 9030,443 and outgoing connections to be available on 1 virtual IP. In order to accomplish that I have added the following configuration to Vidalia.

# This file was generated by Tor; if you edit it, comments will not be preserved # The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it

AccountingMax 11811160064000 AccountingStart month 1 00:00 ContactInfo tor-relay-harrry at comcast dot net ControlPort 9051 DataDirectory C:/Users/jt/AppData/Roaming/tor DirPort 192.223.27.139:9030 DirReqStatistics 0 ExitPolicy reject *:* HashedControlPassword 16:0FD1F531889C1EA360F45BB687F6635983F68D781254B999BC7EDB0200 Log notice stdout Nickname BeefTits ORPort 192.223.27.139:443 OutboundBindAddress 192.223.27.139 RelayBandwidthBurst 30720000 RelayBandwidthRate 10240000 SocksPolicy reject * SocksPort 9050

The problem is TOR.exe looks for the ports on my default NIC ip address of 63.251.20.61:443 and 63.251.20.61:9031

===================================================================== Mar 29 00:03:59.678 [Notice] Now checking whether ORPort 63.251.20.61:443 and DirPort 63.251.20.61:9030 are reachable... (this may take up to 20 minutes -- look for log messages indicating success) ====================================================================== Because I have communication blocked on these ports the reach-ability test fails. ====================================================================== Mar 29 00:23:58.649 [Warning] Your server (63.251.20.61:443) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Mar 29 00:23:58.650 [Warning] Your server (63.251.20.61:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. ======================================================================

Is is possible for the service to only use the ports that I am specifying? If I leave the default ports open then port 443 is open on my main server ip which I do not want.

Additionally if I have the configuration setup with the default ports set i.e not specifying an ip:port in the config in vadalia, when I click on settings/sharing the box relay traffic inside the to network (non-exit relay) is checked as expected.

As soon as I edit the configuration like I have above and specify the ip:port allocations the button goes to run as client only by itself, and it over-writes the configuration I added and defaults the configuration to specify just the ports 443 and 9031 which means bind to 0.0.0.0 i.e 63.251.20.61

Question is there a way to specify outgoing and incoming port allocations to one virtual ip on the IP Stack?

Why is it using the default ip when I am specifically telling it not to do so.

I also see the ports being used in the sniffer output so the software is ignoring my configuration for port:ip bindings.

Thanks,

Justin

#11374 fix tor lockfile checking bug needs_revision dave2008 defect Medium
Description

I previously had a misconception that lockfile got removed every time tor exits :(

This patch checks the state of lockfile properly.

branch: https://github.com/houqp/chutney/tree/lock_fix

#11423 Fail to load http->https new pde defect Medium
Description

I haven't tested/reproduced it but I'm positive this is correct

When on a *http* site when the page loads a http resource that redirects itself to https; http everywhere won't load it. For an example on many squarespace sites such as this http://dstank.squarespace.com/portfolio/

I may get a http link and if I do the twitter/whatever icon will not show. If its https it works completely fine. If i visit http after loading the https version its fine. On hard refresh of course it has to find the resource again and fails thus I get weird squares instead of glyphs. See the linkedin link at the bottom of the page it should have a linkedin icon

#11442 Amazon Web Services rule breaks issuu.com new pde defect Medium
Description

This is a ruleset bug:

The Amazon Web Services stable rule breaks the display of documents at issuu.com. For instance, see http://issuu.com/bighass/docs/revolt_magazine_issue04_final03.

When the Amazon Web Services rule is turned off, you can navigate the pages, zoom in and zoom out with your mouse. When the rule is turned on, only a cover thumbnail is displayed.

HTTPS Everywhere for Chrome 2014.1.3 Google Chrome 33.0.1750.154 m Windows 8.1, 64 bit

#11444 Drop support for long-obsolete versions of Windows assigned defect Medium Tor: 0.3.???
Description

When we started writing Tor, Windows 98 was still a going concern. Now... it is less so.

We should identify and drop support code for all windows versions before Windows XP. This is mainly going to be a matter of identifying cases where we use LoadLibrary and GetProcAddress to find always-present-functions in always-present DLLs, and looking for opportunities to move from old busted APIs to fresh new ones.

(Dropping support for windows XP is a separate ticket.)

#11445 Drop support for Windows XP new defect Medium Tor: 0.3.???
Description

Windows XP hit its end-of-life today (April 8, 2014).

We should identify and drop support code for Windows XP. This is mainly going to be a matter of identifying cases where we use LoadLibrary and GetProcAddress to find always-present-functions in always-present DLLs, and looking for opportunities to move from old busted APIs to fresh new ones.

I'm making this a separate ticket from #11444 (removing support from pre-XP versions) since the timing on the two can be argued to be separate. Nonetheless, if we agree to do both at once, that might be clever.

#11448 Dirauths must support multiple relay identity keys at once new defect High Tor: unspecified
Description

As discussed on https://blog.torproject.org/blog/openssl-bug-cve-2014-0160, directory authorities must rotate their relay identity keys in order to recover from possible exposure due to the ‘Heartbleed’ bug. (A dirauth's relay identity key could be used by a MITM attacker to feed clients an outdated consensus, for example.)

There are two requirements in order to do this without causing a network meltdown:

  • A dirauth must be able to sign relay descriptors using multiple relay identity keys at once.
  • A dirauth must be able to operate multiple ORPorts at once, with (possibly) different relay identity keys.
#11459 libfaketime causes the build system to report being not sane new tbb-team defect Medium
Description

libfaketime causes build systems to report that they are not sane which can easily lead to an endless loop or at least to a much longer build time. This is only an issue if more than one core is used for building the TBBs.

#11466 Only blank PNG files are visible in thumbnails folder after disabling private browsing mode new tbb-team defect Very Low
Description

Instead of thumbnails of previously visited sites only blank PNG files are visible after disabling private browsing mode. The expected behavior is probably to see the real thumbnails.

#11502 Tor Cloud - Update, Heartbleed and new Maintainer new inf0 defect Medium
Description
  1. We have unattended-upgrades enabled on the images, I launched a new Instance and let it self upgrade to confirm. [1] In theory, our images are self updating, upgrading and rebooting:

https://gitweb.torproject.org/tor-cloud.git/blob/ce98487e1174bff3a76c1f9f0327486b5be89a44:/ec2-prep.sh#l41 https://gitweb.torproject.org/tor-cloud.git/blob/ce98487e1174bff3a76c1f9f0327486b5be89a44:/ec2-prep.sh#l59

  1. SiNA (inf0) needs to update the Amazon Images with latest system updates, and also create instances for all the available regions. Currently we are only displaying 1 or 2 regions on the website.
  1. Finally, sina@… needs access to these assets:
  • Tor's Amazon EC2 account login, or API access
  • Access to update cloud.torproject.org and git.torproject.org/tor-cloud.git
  • Access to update blog.torproject.org with latest Updated in regards to Tor Cloud

[1] root@ip-10-185-235-58:/var/log/unattended-upgrades# ls /var/log/unattended-upgrades unattended-upgrades-dpkg_2014-04-13_06:45:08.700625.log unattended-upgrades.log

==> unattended-upgrades-dpkg_2014-04-13_06:45:08.700625.log <== /usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1. /usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1. /usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1. Found memtest86+ image: /boot/memtest86+.bin done Setting up linux-headers-3.2.0-60 (3.2.0-60.91) ... Setting up linux-headers-3.2.0-60-virtual (3.2.0-60.91) ... Setting up linux-image-virtual (3.2.0.60.71) ... Setting up linux-headers-virtual (3.2.0.60.71) ... Setting up linux-virtual (3.2.0.60.71) ...

==> unattended-upgrades.log <== 2014-04-13 06:44:54,831 INFO Initial blacklisted packages: 2014-04-13 06:44:54,832 INFO Starting unattended upgrades script 2014-04-13 06:44:54,832 INFO Allowed origins are: ['o=Ubuntu,a=precise', 'o=Ubuntu,a=precise-security', 'o=Ubuntu,a=precise-updates', 'o=TorProject,a=precise', 'o=TorProject,a=experimental-precise'] 2014-04-13 06:45:08,700 INFO Packages that are upgraded: linux-headers-virtual linux-image-virtual linux-virtual 2014-04-13 06:45:08,701 INFO Writing dpkg log to '/var/log/unattended-upgrades/unattended-upgrades-dpkg_2014-04-13_06:45:08.700625.log' 2014-04-13 06:45:54,778 INFO All upgrades installed 2014-04-13 06:45:54,778 WARNING Found /var/run/reboot-required, rebooting

#11506 Users are confused by the 2000-01-01 00:00 UTC timestamp new tbb-team defect Medium
Description

Picture yourself: your browser tells you that there is an update. You go get the new shiny thing. And then, when you look at the date on it, it says more than 14 years ago. Confusing, neh?

I guess using the date of the latest Git commit would just work great.

#11517 Ukrainian Tor Browser Bundle new erinn defect Medium
Description

A few users have contacted RT requesting a Ukrainian Tor Browser Bundle. These strings have been translated by our Ukrainian translators on Transifex.

#11542 Add a new logging domain for transport proxies assigned yawning defect Low Tor: 0.3.???
Description

velope suggested (and nickm is not against the idea of) adding a new logging domain for all the stuff to do with transport proxies / PTs. It would sure be nice to have transport proxy output like #9957 go to that specific domain; it would make debugging PT things easier, I think.

Does this make sense, or is there simply no need for it, really?

#11559 Orbot-v13.0.7-BETA-1: "Tor Tethering" not working new n8fr8 defect Medium
Description

Hi,

I'm running the latest Orbot version [1] on a rooted Android 4.0.4 and enabled "Tor Tethering" while enabling Internet via 3G, but the devices connecting to the hotspot are not routed over Tor (tested via checkip.dyndns.org).

Should this work or is this a experimental feature anyway? How can I help to debug this?

https://guardianproject.info/releases/Orbot-v13.0.7-BETA-1.apk

#11560 Orbot-v13.0.7-BETA-1: "Tor Tethering" > Warnings about Listeners on 0.0.0.0 new n8fr8 defect Medium
Description

" WARN: You specified a public address '0.0.0.0:9050' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason. WARN: You specified a public address '0.0.0.0:5400' for DNSPort. Other people... WARN: You specified a public address '0.0.0.0:9040' for TransPort. Other people... WARN: You have a ControlPort set to accept connections from a non-local address. This means that programs not running on you computer can reconfigure you Tor. That's pretty bad, since the controller protocol isn't encrypted! Maybe you should ... "

I assume these listeners are there due to the enabled "Tor Tethering", but wouldn't it be possible to bind these listeners to the WIFI interface only (I assume they are only needed there)?

#11571 HTTPS Everywhere breaks BBC iPlayer new pde defect Medium
Description

Videos won't load on BBC iPlayer (https://www.bbc.co.uk/iplayer), even if I click on "load unsafe script". The little shield icon remains after I click on it.

The problem disappears if I disable the HTTPS Everywhere plugin.

I'm using HTTPS Everywhere v2014.4.16 on Google Chrome v34.0.1847.116 on Mac OS X 10.9.2.

#11574 flashproxy-client needs to support SOCKS arguments primarily new dcf defect Medium
Description

At the moment, flashproxy-client takes a bunch of command-line arguments, that determine how it registers and talks to the bridge.

These should really be done in the Bridge line (and passed in via SOCKS arguments), since the argument values may change per Bridge. These include:

--facilitator, --facilitator-pubkey
--register, --register-*
--transport.

I would argue that the CLI arguments be deprecated. I would favour complete removal, but AIUI it is required for compatibility with older versions of Tor.

This may require #10671.

#11583 Flash crashes on tubechop.com new pde defect Medium
Description

Flash crashes "Shockwave Flash has encountered an error." when trying to play any video from tubechop.com (for example http://www.tubechop.com/watch/8488). Browser SRWare Iron Version 33.0.1800.0 (260000). New profile with HTTPS Everywhere 2014.4.16 extension only installed. When extension is disabled video plays normally.

#11588 Amazon Web Services rule breaks product info videos on Amazon.com needs_revision pde defect High HTTPS-E next Chrome release
Description

On pages like https://www.amazon.com/Conair-GMT900-iStubble-Facial-Trimmer/dp/B004PXIR1W, the only way the product video can be played is if encrypted connections to "Amazon Web Services" are not forced.

Chrome 34.0.1847.116 HTTPS Everywhere 2014.4.16

#11589 Can't load trailers on IMDB reopened pde defect Medium
Description

Can't load trailers on IMDB with HTTPS Everywhere 2014.4.16 addon on.

Using latest version of chrome, Version 34.0.1847.116 m (not beta) on Windows 7.

#11600 Strange nameserver fail warning in Tor log new defect Medium Tor: 0.3.???
Description

I am running an exit relay on Linux, my Tor version is 0.2.4.21

I checked the log and found this strange warnings: Apr 24 15:14:07.000 [notice] Circuit handshake stats since last time: 91698/91698 TAP, 15988/15988 NTor. Apr 24 17:40:45.000 [warn] eventdns: All nameservers have failed Apr 24 17:40:45.000 [notice] eventdns: Nameserver <ISP-resolver1>:53 is back up Apr 24 18:01:51.000 [warn] eventdns: All nameservers have failed Apr 24 18:01:51.000 [notice] eventdns: Nameserver <ISP-resolver2>:53 is back up Apr 24 18:01:52.000 [warn] eventdns: All nameservers have failed Apr 24 18:01:53.000 [notice] eventdns: Nameserver <ISP-resolver1>:53 is back up Apr 24 18:02:00.000 [warn] eventdns: All nameservers have failed Apr 24 18:02:01.000 [notice] eventdns: Nameserver <ISP-resolver1>:53 is back up Apr 24 18:02:01.000 [warn] eventdns: All nameservers have failed Apr 24 18:02:01.000 [notice] eventdns: Nameserver <ISP-resolver2>:53 is back up Apr 24 19:46:22.000 [warn] eventdns: All nameservers have failed Apr 24 19:46:22.000 [notice] eventdns: Nameserver <ISP-resolver2>:53 is back up Apr 24 20:46:25.000 [warn] eventdns: All nameservers have failed Apr 24 20:46:25.000 [notice] eventdns: Nameserver <ISP-resolver2>:53 is back up Apr 24 21:14:07.000 [notice] Heartbeat: Tor's uptime is 8 days 12:00 hours, with 13940 circuits open. I've sent 549.49 GB and received 543.20 GB.

So I thought it's the fault of the nameservers provided by the ISP. Fair enough, I have configured my own resolver on localhost (where the relay is running) using BIND 9.10 (latest stable) with dnssec-validation and everything. I thought I fixed it. After some time, I checked the logs again and: Apr 24 23:26:03.000 [warn] eventdns: All nameservers have failed Apr 24 23:26:03.000 [notice] eventdns: Nameserver 127.0.0.1:53 is back up Apr 25 02:04:02.000 [warn] eventdns: All nameservers have failed Apr 25 02:04:02.000 [notice] eventdns: Nameserver 127.0.0.1:53 is back up Apr 25 02:04:03.000 [warn] eventdns: All nameservers have failed Apr 25 02:04:04.000 [notice] eventdns: Nameserver 127.0.0.1:53 is back up Apr 25 02:04:04.000 [warn] eventdns: All nameservers have failed Apr 25 02:04:05.000 [notice] eventdns: Nameserver 127.0.0.1:53 is back up Apr 25 02:04:06.000 [warn] eventdns: All nameservers have failed Apr 25 02:04:06.000 [notice] eventdns: Nameserver 127.0.0.1:53 is back up Apr 25 02:04:08.000 [warn] eventdns: All nameservers have failed Apr 25 02:04:08.000 [notice] eventdns: Nameserver 127.0.0.1:53 is back up

Looks like its something Tor related. Why do I get this warning? Does this have any penalty on the performance or over the users who are using this node as an exit point? Should I just leave it alone as it works fine? From what I see nameservers fail and get back online immediately, fail and back on have same timestamp. Advices? Thanks in advance.

#11607 Tumblr buttons/interface not loading properly new pde defect Medium
Description

When Firefox updated to its latest version (28.0) the reblog, favorite, follow, and dashboard buttons that usually show at the top right of any tumblr page stopped appearing. Further, glitching caused the "queue" function not to show any time/dates.

Via Firefox Safemode the problem was traced back to HTTPS everywhere, don't know why.

#11613 httpse-ruleset-bug: Problems with latest Chrome on 8tracks.com new pde defect Medium
Description

I'm using Chrome Version 35.0.1916.69 beta-m under Windows 8.1 x64 with the version of HTTPS Everywhere installed: HTTPS Everywhere 2014.4.16.

When visiting 8tracks with HTTPS Everywhere activated, I can't play music. It simply breaks but I don't know how to deactivate in on 8tracks. Maybe it has something to do with some cross-site music loading on 8tracks (as they dont store the tracks on their own servers AFAIK). When deactivating the extension, 8tracks runs fine without any problems.

Here the screenshot of the activated rules (I didnt change anything about it, so it's default only):

http://i.imgur.com/dqXq5vI.png http://i.imgur.com/llTMPPJ.png

Any suggestions? Maybe you could investigate into it, thanks a lot in advance!

#11614 twitch.tv broken by rule for justin.tv new pde defect Medium
Description

When using the HTTPS Everywhere extension, one must disable the rule for justin.tv in order to view channels on twitch.tv. Many people have reported this issue here: http://help.twitch.tv/customer/portal/questions/5754324-twitch-website-frequently-grey-with-only-the-twitch-logo-in-the-center-

I think this rule should be disabled by default.

#11616 ooni-backend (oonib) doesn't prompt any error when Tor is killed or crashes new hellais defect Medium
Description

It seems that I can always reproduce this case. ooni-backend doesn't report any connection issues with Tor.

  1. Running ooni-backend in virtualenv (debug mode)

# oonib.conf

main:
    report_dir: data/reports/
    archive_dir: data/archive/
    input_dir: data/inputs/
    deck_dir: data/decks/
    policy_file: data/policy.yaml
    bouncer_file: data/bouncer.yaml

    logfile: null
    tor_datadir: null
    database_uri: 'sqlite://oonib_test_db.db'
    db_threadpool_size: 10
    tor_binary: null
    socks_port: 9055
    tor2webmode: false
    pidfile: 'oonib.pid'
    nodaemon: true
    originalname: null
    chroot: null
    rundir: .
    umask: null
    euid: null
    uid: null
    gid: null
    uuid: null
    no_save: true
    profile: null
    debug: true
    stale_time: 3600

    tor_hidden_service: true

helpers:
    http-return-json-headers:
        address: null
        port: 57001
    gid: null
    uuid: null
    no_save: true
    profile: null
    debug: true
    stale_time: 3600

    tor_hidden_service: true

helpers:
    http-return-json-headers:
        address: null
        port: 57001
        server_version: Apache

    tcp-echo:
        address: null
        port: 57002

    daphn3:
        address: null
        yaml_file: null
        pcap_file: null
        port: 57003

    dns:
        address: null
        udp_port: 57004
        tcp_port: 57005
        resolver_address: '8.8.8.8:53'

    ssl:
        address: null
        private_key: 'private.key'
        certificate: 'certificate.crt'
        port: 57006

$ oonib --version Twisted version: 13.2.0

# git commit https://github.com/TheTorProject/ooni-backend/commit/7b35b7fa5a3d81f6574c7494cde0ac705d4e2cea

$ oonib

Starting SSL helper on 57006
Starting TCP DNS Helper on 57005
Starting UDP DNS Helper on 57004
Starting Daphn3 helper on 57003
Starting TCP echo helper on 57002
Starting HTTP return request helper on 57001
Log opened.
HTTPReturnJSONHeadersHelper (TLS) starting on 57006
Starting factory <oonib.testhelpers.http_helpers.HTTPReturnJSONHeadersHelper instance at 0x420fcb0>
DNSTestHelper starting on 57005
Starting factory <oonib.testhelpers.dns_helpers.DNSTestHelper instance at 0x420fd88>
DNSDatagramProtocol starting on 57004
Starting protocol <twisted.names.dns.DNSDatagramProtocol object at 0x4214850>
Daphn3Server starting on 57003
Starting factory <oonib.testhelpers.tcp_helpers.Daphn3Server instance at 0x4219560>
TCPEchoHelper starting on 57002
Starting factory <oonib.testhelpers.tcp_helpers.TCPEchoHelper instance at 0x4219758>
HTTPReturnJSONHeadersHelper starting on 57001
Starting factory <oonib.testhelpers.http_helpers.HTTPReturnJSONHeadersHelper instance at 0x42197e8>
[W] Option 'tor_datadir' in oonib.conf is unspecified!
[W] Using /tmp/tmp1NH5ua
> /home/user/.virtualenvs/oonib/local/lib/python2.7/site-packages/twisted/internet/base.py(1191)run()
-> self.mainLoop()
(Pdb) n
5%: Connecting to directory server
10%: Finishing handshake with directory server
15%: Establishing an encrypted directory connection
20%: Asking for networkstatus consensus
25%: Loading networkstatus consensus
40%: Loading authority key certs
45%: Asking for relay descriptors
50%: Loading relay descriptors
52%: Loading relay descriptors
54%: Loading relay descriptors
56%: Loading relay descriptors
59%: Loading relay descriptors
61%: Loading relay descriptors
63%: Loading relay descriptors
66%: Loading relay descriptors
68%: Loading relay descriptors
70%: Loading relay descriptors
73%: Loading relay descriptors
75%: Loading relay descriptors
77%: Loading relay descriptors
80%: Connecting to the Tor network
90%: Establishing a Tor circuit
100%: Done
Application starting on 64535
Starting factory <cyclone.web.Application instance at 0x3eba7a0>
Exposed collector Tor hidden service on httpo://xxxxxxxxx.onion
Application starting on 16140
Starting factory <cyclone.web.Application instance at 0x3eba560>
Exposed bouncer Tor hidden service on httpo://yyyyyyyyyyyyy.onion
  1. Tor service is being stopped and all instances of Tor killed

$ service tor stop ; killall tor

  1. Running ooniprobe pointing to our collector.

# ~/.ooni/ooniprobe.conf

# This is the configuration file for OONIProbe
# This file follows the YAML markup format: http://yaml.org/spec/1.2/spec.html
# Keep in mind that indentation matters.

basic:
    # Where OONIProbe should be writing it's log file
    logfile: ~/.ooni/ooniprobe.log
privacy:
    # Should we include the IP address of the probe in the report?
    includeip: false
    # Should we include the ASN of the probe in the report?
    includeasn: true
    # Should we include the country as reported by GeoIP in the report?
    includecountry: true
    # Should we include the city as reported by GeoIP in the report?
    includecity: false
    # Should we collect a full packet capture on the client?
    includepcap: false
reports:
    # This is a packet capture file (.pcap) to load as a test:
    pcap: null
    #collector: 'httpo://fyifjaxdhdil6m5f.onion'
    collector: 'httpo://xxxxxxxxx.onion'

advanced:
    geoip_data_dir: /home/user/.virtualenvs/ooniprobe/share/ooni
    debug: false
    # enable if auto detection fails
    #tor_binary: /usr/sbin/tor
    #obfsproxy_binary: /usr/bin/obfsproxy
    # For auto detection
    interface: auto
    # Of specify a specific interface
    #interface: wlan0
    # If you do not specify start_tor, you will have to have Tor running and
    # explicitly set the control port and SOCKS port
   # For auto detection
    interface: auto
    # Of specify a specific interface
    #interface: wlan0
    # If you do not specify start_tor, you will have to have Tor running and
    # explicitly set the control port and SOCKS port
    start_tor: true
    # After how many seconds we should give up on a particular measurement
    measurement_timeout: 60
    # After how many retries we should give up on a measurement
    measurement_retries: 2
    # How many measurments to perform concurrently
    measurement_concurrency: 10
    # After how may seconds we should give up reporting
    reporting_timeout: 80
    # After how many retries to give up on reporting
    reporting_retries: 3
    # How many reports to perform concurrently
    reporting_concurrency: 15
    # Specify here a custom data_dir path
    data_dir: /home/user/.virtualenvs/ooniprobe/share/ooni
    oonid_api_port: 8042
tor:
    #socks_port: 8801
    #control_port: 8802
    # Specify the absolute path to the Tor bridges to use for testing
    #bridges: bridges.list
    # Specify path of the tor datadirectory.
    # This should be set to something to avoid having Tor download each time
    # the descriptors and consensus data.
    #data_dir: ~/.tor/
    torrc:
        #HTTPProxy: host:port
        #HTTPProxyAuthenticator: user:password
        #HTTPSProxy: host:port
        #HTTPSProxyAuthenticator: user:password

$ ooniprobe --version WARNING: running ooniprobe involves some risk that varies greatly

from country to country. You should be aware of this when running the tool. Read more about this in the README.

Twisted version: 13.2.0

# git commit https://github.com/TheTorProject/ooni-probe/commit/2fb54faf3b4e6c08270aba6daa4d212dc9328252

$ ooniprobe blocking/http_requests -u http://www.google.com

# ooniprobe.log

2:31+0200 [-] Starting Tor...
2:33+0200 [TorControlProtocol,client] 10%: Finishing handshake with directory server
2:33+0200 [TorControlProtocol,client] 15%: Establishing an encrypted directory connection
2:33+0200 [TorControlProtocol,client] 20%: Asking for networkstatus consensus
2:33+0200 [TorControlProtocol,client] 25%: Loading networkstatus consensus
2:36+0200 [TorControlProtocol,client] 40%: Loading authority key certs
2:36+0200 [TorControlProtocol,client] 45%: Asking for relay descriptors
2:37+0200 [TorControlProtocol,client] 50%: Loading relay descriptors
2:38+0200 [TorControlProtocol,client] 52%: Loading relay descriptors
2:38+0200 [TorControlProtocol,client] 54%: Loading relay descriptors
2:38+0200 [TorControlProtocol,client] 56%: Loading relay descriptors
2:38+0200 [TorControlProtocol,client] 59%: Loading relay descriptors
2:38+0200 [TorControlProtocol,client] 61%: Loading relay descriptors
2:38+0200 [TorControlProtocol,client] 63%: Loading relay descriptors
2:39+0200 [TorControlProtocol,client] 66%: Loading relay descriptors
2:39+0200 [TorControlProtocol,client] 68%: Loading relay descriptors
2:39+0200 [TorControlProtocol,client] 70%: Loading relay descriptors
2:39+0200 [TorControlProtocol,client] 73%: Loading relay descriptors
2:39+0200 [TorControlProtocol,client] 75%: Loading relay descriptors
2:39+0200 [TorControlProtocol,client] 77%: Loading relay descriptors
2:47+0200 [TorControlProtocol,client] 80%: Connecting to the Tor network
2:47+0200 [TorControlProtocol,client] 90%: Establishing a Tor circuit
2:47+0200 [TorControlProtocol,client] 100%: Done
2:48+0200 [TorControlProtocol,client] Successfully bootstrapped Tor
2:48+0200 [TorControlProtocol,client] Found your IP via Tor 188.4.30.189
2:48+0200 [TorControlProtocol,client] Fetching required net test inputs...
2:48+0200 [TorControlProtocol,client] Looking up test helpers...
4:50+0200 [ParserProtocol,client] [!] Lookup failed. Retrying.
5:16+0200 [ParserProtocol,client] We will include some geo data in the report
5:16+0200 [ParserProtocol,client] Setting collector and test helpers for http_requests_test
5:16+0200 [ParserProtocol,client] Using the default collector: httpo://ihiderha53f36lsd.onion
5:16+0200 [ParserProtocol,client] We will include some geo data in the report
5:16+0200 [ParserProtocol,client] Reporting using collector: httpo://xxxxxxxxx.onion
5:16+0200 [ParserProtocol,client] We will include some geo data in the report
5:16+0200 [ParserProtocol,client] Reporting http://xxxxxxxxx.onion/report
5:16+0200 [ParserProtocol,client] Creating report with OONIB Reporter. Please be patient.
5:16+0200 [ParserProtocol,client] This may take up to 1-2 minutes...
5:30+0200 [ParserProtocol,client] [!] Host is not reachable (HostUnreachable error
5:30+0200 [ParserProtocol,client] [!] Failed to open <ooni.reporter.OONIBReporter object at 0x3c60f50> reporter, giving up...
5:30+0200 [ParserProtocol,client] [!] Reporter <ooni.reporter.OONIBReporter object at 0x3c60f50> failed, removing from report...
5:30+0200 [ParserProtocol,client] Performing GET request to http://www.google.com over Tor
5:30+0200 [ParserProtocol,client] Performing GET request to http://www.google.com
5:31+0200 [ParserProtocol,client] The two body lengths appear to match
5:31+0200 [ParserProtocol,client] censorship is probably not happening
5:31+0200 [ParserProtocol,client] Headers appear to match
5:31+0200 [ParserProtocol,client] Summary for http_requests_test
5:31+0200 [ParserProtocol,client] ------------------------------
5:31+0200 [-] Main loop terminated.
#11617 HTTPS-E v3.5.3 breaks Sape blog/forum login reopened pde defect Medium HTTPS-E 3.5
Description

v3.5.1 accepts user/pass for Sape blog and forum, but then happens nothing after redirect, i.e. user is not logged in. Looking into Sape.xml I found: <!--

Nonfunctional subdomains:

  • blog
  • forum

--> Well, this is true. ...

<securecookie host=".*\.sape\.ru$" name=".+" />

And I think this one line breaks logins because blog.sape.ru and forum.sape.ru are not excluded from secure cookie and have normal cookie in fact.

#11619 HTTPS-E v3.5.3 breaks Livejournal threads, styles, upper bar reopened pde defect Medium HTTPS-E 3.5
Description

Threads can't be expanded (forever busy under FF) and upper bar is not shown when https is used to view someone's post (for logged in user). "Livejournal (partial)" entry should be fixed somehow.

#11621 Pinterest.com doesn't render properly new pde defect Medium
Description

See this screenshot: https://www.dropbox.com/s/7f1zhqer2363mkt/Screenshot%202014-04-26%2022.37.40.png Note that it says "Whoops! Something went wrong. Try again." at the bottom; that shouldn't be there (in fact, there should be more pictures of watches there).

Also, lots of important-looking messages appear in the console; here are a few of them:

Failed to load resource: the server responded with a status of 400 (Bad Request) https://a248.e.akamai.net/webapp/style/sprites/webapp-common-main-1x.2b10c974.png 3 XMLHttpRequest cannot load https://www.pinterest.com/resource/ContextLogResource/create/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.pinterest.com' is therefore not allowed access. (index):1 [Report Only] Refused to load the stylesheet 'https://a248.e.akamai.net/passets.pinterest.com.s3.amazonaws.com/webapp/style/app/desktop/bundle1.e55ce4e7.css' because it violates the following Content Security Policy directive: "default-src 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com https://*.facebook.com *.facebook.com www.googleadservices.com googleads.g.doubleclick.net *.tiles.mapbox.com *.4sqi.net media.pinterest.com.s3.amazonaws.com 'unsafe-inline' 'unsafe-eval'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

(index):1

[Report Only] Refused to load the stylesheet 'https://a248.e.akamai.net/f/1586/2045/10m/passets-ak.pinterest.com/webapp/style/app/desktop/bundle2.139567db.css' because it violates the following Content Security Policy directive: "default-src 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com https://*.facebook.com *.facebook.com www.googleadservices.com googleads.g.doubleclick.net *.tiles.mapbox.com *.4sqi.net media.pinterest.com.s3.amazonaws.com 'unsafe-inline' 'unsafe-eval'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

Disabling HTTPS Everywhere makes things work again.

A few other people have also run into this: https://productforums.google.com/forum/#!topic/chrome/gf9-NjZxGjk

#11624 Malicious relays may be able to be assigned Exit flag without exiting anywhere new defect Medium Tor: 0.3.???
Description

The IANA for Multicast addresses indicates there are many /8's that are not yet allocated[0], such as 232.0.0.0-232.255.255.255.

The current voting mechanism in exit_policy_is_general_exit_helper allows an Exit flag to be assigned if it supports exiting to at least one /8 for 2 out of 3 ports of [80, 443, 6667]. exit_policy_is_general_exit_helper calls tor_addr_is_internal, this function only looks for the following IPv4 spaces: 10/8, 0/8, 127/8, 169.254/16, 172.16/12, 192.168/16.

A relay could put one of the unallocated IPv4 blocks and fool the Directory Authorities. Of course, if such a relay really wanted to do this, they could also set their relay up to exit to an uninteresting /8 no one would ever visit, such as one of the many military/DoD /8's.

Zack Weinberg's thread on tor-relays seems to have a good collection of addresses[1]. Other sources are the exclude list from massscan[2] and the IANA registry[3].

This would probably doubly true for IPv6, which only looks for fc00/7, fe80/10, fec0/10 - but right now exit_policy_is_general_exit_helper ignores IPv6.

[0] http://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml [1] https://lists.torproject.org/pipermail/tor-relays/2014-April/004431.html [2] https://github.com/robertdavidgraham/masscan/blob/master/data/exclude.conf [3] http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml

#11625 Tor DNSPORT returns NXDOMAIN for AAAA records? new defect Medium Tor: 0.3.???
Description

On #11603, mickeyc reports:

Behaviour has changed with 0.2.5.4, but it is still broken. Now I'm getting an NXDOMAIN
 instead whenever I do any AAAA lookups. A record lookups are still fine:
mike@glue:~$ dig aaaa gmail.com @localhost -p 5304
; <<>> DiG 9.9.5-3-Debian <<>> aaaa gmail.com @localhost -p 5304
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19056
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;gmail.com. IN AAAA
;; Query time: 249 msec
;; SERVER: ::1#5304(::1)
;; WHEN: Sun Apr 27 11:37:35 BST 2014
;; MSG SIZE rcvd: 27
mike@glue:~$ dig +short a gmail.com @localhost -p 5304
173.194.70.18
mike@glue:~$
#11626 HTTPS Everywhere 3.5.1 does not work in Firefox 28 on Mac OS X 10.6.8 new pde defect Medium
Description

I am using Firefox 28, on Mac OS X 10.6.8 Snow Leopard on a MacBook Pro 6,2.

The drop-down menu for HTTPS Everywhere 3.5.1 under the "Tools" menu in Firefox does not appear at all when I hover my mouse over the "HTTPS Everywhere" menu item. When I look at the preferences for HTTPS Everywhere, the redirection rules are all blank. I tried clicking "reset to defaults". It had no effect.

When I try to connect to a site, such as www.youtube.com, I get the normal http version, not the https version. If I manually enter https://www.youtube.com, I get the https version.

I tried un-installing and re-installing HTTPS Everywhere 3.5.1, as well as installing 4.0development.15, and 4.0development.16. The problem still persists.

My active Firefox add-ons are: Adblock Edge 2.1.1 BetterPrivacy 1.68 Download YouTube Videos as MP4 1.7.18 DownloadHelper 4.9.22 DownThemAll! 2.0.16 DuckDuckGo Plus 0.3.16 Firebug 1.12.8 FxIF 0.4.7.1 Ghostery 5.2.1 HTTPS-Everywhere 3.5.1 Screengrab (fix version) 0.97.24c User Agent Switcher 0.7.3

I also use Tor Browser 3.5.4, which includes the HTTPS Everywhere 3.5.1 add-on. HTTPS Everywhere works properly in Tor Browser 3.5.4.

I also tried using HTTPS Everywhere 3.5.1 in Firefox 28 on OS X 10.9.2 Mavericks. HTTPS Everywhere works properly in Firefox on Mavericks.

My active Firefox add-ons in Mavericks are: Adblock Plus 2.5.1 BetterPrivacy 1.68 DuckDuckGo Plus 0.3.16 Firebug 1.12.8 Ghostery 5.2.1 HTTPS-Everywhere 3.5.1 User Agent Switcher 0.7.3

#11631 HTTPS-Everywhere Firefox add-on breaks BBC news videos new pde defect Medium
Description

When HTTPS-Everywhere (v3.5.1) is enabled in Firefox (v28.0 running on 64-bit Windows 7), embedded BBC news videos fail to play. The video component either shows a static image, is completely black, or is black with the words "media selection request failed".

Examples of BBC webpages containing video: http://www.bbc.co.uk/news/uk-27192600 http://www.bbc.co.uk/news/health-27184630 http://www.bbc.co.uk/news/health-27187172

#11640 bwauth, aggregate.py fails on freebsd new aagbsn defect Medium
Description

bwauth is up and running, but aggregate fails to run. It returns the following error:

./cron-mine.sh 
ERROR[Mon Apr 28 19:24:08 2014]:Exception during aggregate: No section: 'TorCtl'
Traceback (most recent call last):
  File "/usr/home/torflow/torflow/NetworkScanners/BwAuthority/aggregate.py", line 876, in <module>
    main(sys.argv)
  File "/usr/home/torflow/torflow/NetworkScanners/BwAuthority/aggregate.py", line 364, in main
    TorUtil.read_config(argv[1]+"/scanner.1/bwauthority.cfg")
  File "../../TorCtl/TorUtil.py", line 119, in read_config
    tor_port = config.getint('TorCtl', 'tor_port')
  File "/usr/local/lib/python2.7/ConfigParser.py", line 359, in getint
    return self._get(section, int, option)
  File "/usr/local/lib/python2.7/ConfigParser.py", line 356, in _get
    return conv(self.get(section, option))
  File "/usr/local/lib/python2.7/ConfigParser.py", line 607, in get
    raise NoSectionError(section)
NoSectionError: No section: 'TorCtl'

#11644 Tweakers.net Ruleset breaking page jump returning to posted comment new pde defect Medium
Description

Build number: 3.5.1 Useragent: Gecko/20100101 Firefox/28.0

When visiting Tweakers.net and reading an article and it's comments below the article, you sometimes want to respond to someone's comment. When you have commented on someone's post (you must be logged-in) and submitted this comment to the page you want to continue to read the comments from the point where you posted your latest comment. This is done by a HTML page jump (by a script after posting your comment?).

Description: When you don't use the HTTPS Everywhere ruleset for Tweakers.net you're nicely returned to your latest comment. For example to:

http://tweakers.net/nieuws/"number article"/"article title".html#r_6907153

where #_6907153 is the number of your comment.

But when the Tweakers ruleset is used and you post a comment, you are returned to the top of the comment section, in stead of your latest submitted comment. The link shown in the address bar then looks like this:

https://tweakers.net/nieuws/"number article"/"article title".html#reacties

where #reacties (comments in Dutch) is the position at the top of the comments section, so no redirect / jump to latest position.

Expected result: In stead of jumping to the generic #reacties position (top of comments section) on a news article page, jump to the position of the comment the logged-in person just posted.

#11645 Can't add loans to basket on kiva.org with HTTPS-E enabled (4.0-dev-16) new zyan defect Medium HTTPS-E next Firefox dev release
Description

You'll need a kiva account for this. Once logged in, using FF 28.0 on Fedora 20, trying to add a loan to my account has no effect. Disabling HTTPS-E for kiva.org alone works around it.

4.0-development-16

#11651 with Firefox 28 - Cannot update Amazon.co.uk basket new zyan defect Medium
Description

I've been having problems over the last few days putting items in my

Amazon.co.uk basket. I managed to identify the problem by disabling add-ons in firefox. Https everywhere dated 15Apr14 stops the cookies working for the basket. Having spent some time clearing cookies, cache etc and constantly being unable to put anything in the basket. Switching off https everywhere allowed the basket to be filled and when I then re-enabled Https I couldn't add to the basket again. under the add-on options "more" field I unchecked the "amazon.co.uk" and I am now able to run https everywhere AND add to the amazon basket. So I believe there may be a problem with the rules for this site which others may also be experiencing same problem.

#11660 Make tor_spawn_background and related interfaces work the same on windows and *nix new defect Medium Tor: 0.3.???
Description

Have a look at the tor_spawn_background unit tests. That's sure a lot of #ifdefs! It would be nice if our portability code actually let us write code to be portable across platforms: we should fix tor_spawn_background and tor_read_all_handle to act the same across platforms.

#11662 Breaks zillow.com needs_information zyan defect Medium
Description

Go to zillow.com and do a search for any region. Homes will not show up on the map or in the list. If you disable Https Everywhere and refresh, you will be able to see them.

#11663 HTTPS-E v3.5.3 breaks youtube embedding on other sites (FF 29 / Chrome) new zyan defect High HTTPS-E 3.5
Description

The video on this URL http://norilskonline.ru/v-mire/kosmos/681-neopoznannyy-obekt.html is not played (and preview is not shown) unless I turn off "YouTube (partial)" rule.

#11671 HTTPS Everywhere breaks http://www.theregister.co.uk/ new zyan defect Medium
Description

The page loads but all styling is missing. Like a trip back to the 1990s!

The JS console shows "loadContext is null" at https-everywhere.js:424 each time

This occurs in both 3.5.1 and 4.0dev16. All is normal when HTTPSE is disabled

#11698 Decide how to incorporate Tor Browser Manual pages into Tor Browser new defect Medium
Description

We want the Tor Browser User Manual to ship with Tor Browser. We need to decide how the manual will be presented to the user, including what file format the user will be accessing.

#11728 Torbirdy shouldn't allow clearnet connections on startup if started in Transparent Torification mode needs_review ioerror defect High
Description

Here's the situation: Alice uses Torbirdy in "Transparent Torification" mode to check her email on her laptop with her Tor router at home. She later takes her laptop to an internet cafe and checks her email there. As soon as she opens Thunderbird, a connection is made in the clear to her email provider before she has a chance to change Torbirdy's settings to "Use Tor Onion Router". This is an identity leak, and Torbirdy should prevent this possibility.

#11743 nodelist_add_microdesc: assign md to all appropriate nodes properly new defect High Tor: 0.3.???
Description

Auths can to create the same md for two different relays. Because hash collision or evil relay. Last one can to announce any onion keys and family, without needs any proofs. All parts of code designed with assumption one md per many nodes, except nodelist_add_microdesc.

nodelist_add_microdesc using router_get_consensus_status_by_descriptor_digest which cut off digest, digestmap_set using SHA1 while md's digest about SHA256. nodelist_add_microdesc can't to assign md to all appropriate nodes, and only to first with id returned by router_get_consensus_status_by_descriptor_digest.

If evil relay will craft self id specifically then it will break usage of victim's relay for any freshly new clients till updated consensus (it's about several hours).

If to keep nodelist_add_microdesc with md per one node then md format need to be more unique generated. Unique md can be generated by adding ID of relay, it will stop crafted mds. Which way to choose? Need another ticket about it?

#11752 Silverlight crashes on Netflix with HTTPS Everywhere new zyan defect Medium
Description

Version: Chrome 2014.4.25

When starting a netflix movie using silverlight, silverlight crashes at 25%~ buffering. Upon investigation this issue does not occur when HTTPS Everywhere is disabled, or the Microsoft rules are disabled.

Chrome latest stable version, Silverlight latest stable, Windows 8.1 64.

#11757 Errors in the FF console new zyan defect Medium
Description

I Repeatedly get the following error in the FF console:

[Exception... "Component returned failure code: 0x8000ffff (NS_ERROR_UNEXPECTED) [nsILoadContext.associatedWindow]" nsresult: "0x8000ffff (NS_ERROR_UNEXPECTED)" location: "JS frame :: file:///C:/Users/xxxxx/AppData/Roaming/Mozilla/Firefox/Profiles/xxxxxxxx.default/extensions/https-everywhere@eff.org/components/https-everywhere.js :: HTTPSEverywhere.prototype.getWindowForChannel :: line 424" data: no] https-everywhere.js:424

#11770 Print a warning if python-gmpy is not found new asn defect Medium
Description

I just noticed that my bridge didn't have python-gmpy installed, and that was one of the reasons obfsproxy was taking more CPU than needed.

We should add a warning message to ask people to install python-gmpy if it was not found installed. obfsproxy/common/modexp.py is where it's at.

#11789 Update now link in old TBB does not point to latest version new erinn defect Medium
Description

Following the discussion on https://twitter.com/dcuthbert/status/464068236258967552, it sounds like the "Update now" link in an old version of the Tor Browser Bundle points to an old update instead of the latest version. This link may have been hardcoded to point to the bundle that, at that point in time, was the latest version, but it means that someone who tries to update a six month old OS X bundle will be taken to the download page for 3.6, instead of 3.6.1 (see the twitter.com link for a screenshot).

#11818 [Chrome] https everywhere forgets disabling of rules, no way to remove a rule entirely reopened vijayp defect Medium
Description

I added a rule to include reddit for the https redirect. I didn't realize reddit doesn't support https.

Now, every time I fire up Chrome it redirects reddit to https. If I disable that rule by unmarking the checkbox then reddit works (after I reload the page), but next time I fire up chrome the issue is back.

I don't see any way to remove the rule entirely, and the options button when I right click on the icon is disabled.

#11868 Craigslist not displaying https Pictures new zyan defect High
Description

I'm running FF 24 and HTTPS Everywhere 3.4.2. I have FF set to not display any mixed content (active or passive content). If I browse Craigslist with a HTTPS session and browse ads, the pictures for the ad are displayed from an HTTPS link with no problem. If I upgrade to any newer version of HTTPS Everywhere then the pictures are not displayed because their links now show as HTTP. The Craigslist rule in all version is the same so it must not be a rule problem. I notice the change log says with version 3.4.3 "Deprecate the ContentPolicy API, fixing a crash bug lurking since Firefox 20". Could this have broken something and created my problem? I am staying at 3.4.2 until fixed.

#11869 HTTPS Everywhere conflicts with other extensions like Tampermonkey new zyan defect Low
Description

HTTPS Everywhere: 2014.4.25 for Chrome

Chrome: 34.0.1847.131 (Official Build 265687) for Windows

Problem:

It seems that what HTTPS Everywhere does is to "redirect" the address to the https attached one. But this doesn't work with some extensions.

For example, if a URL of a script in Tampermonkey matches a rule of HTTPS Everywhere, it will prevent the script from running normally.

My situation was that, I inserted a line of

@require http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js

into my script, so that the script cannot fetch the js file normally.

#11887 Tumblr (Partial) rule breaks control bar on tumblr blogs new zyan defect Medium
Description

HTTPSe 4.0 dev 16 Firefox 29.0.1

When logged into Tumblr and viewing a blog there should be a toolbar in the top right of the page with buttons for Like, Reblog, Follow and Dashboard. With the default rule enabled for Tumblr (partial) this toolbar will not show. Disabling the rule makes it work correctly.

This problem is only on the development build, the stable 3.5.1 works OK.

Example link http://www.visualglow.com/post/85314469198/jae-kyung-in-sure-magazine-may-issue-scanned-by

#11920 Rule "Microsoft (partial)" breaks Netflix streaming new zyan defect Medium
Description

Running HTTPS-E 3.5.1, the rule labeled "Microsoft (Partial)" is responsible for DRM errors and failing to start streaming on Netflix. Netflix is confirmed fixed by disabling the rule. This problem has existed for a long time but nearly all advice online either points at different (incorrect) fixes or suggests disabling HTTPS-E to "fix" the problem.

#11921 Breaks Google search needs_information zyan defect Medium
Description

I'm running build 2014.4.25. When I do a Google search and the results come up, I'm unable to (left-)click on links. As a workaround, I can right-click and open in a new tab.

#11922 Launching tor-fw-helper should untangle stderr for control, stdout for data? new defect Low Tor: 0.3.???
Description

Per discussion on #9781 :

back in cd05f35d2cdf50, we introduced a mismatch.

// In the child process:
        nbytes = write(STDOUT_FILENO, error_message, error_message_length);

// In the parent:
    stderr_status = log_from_pipe(child_handle->stderr_handle,
                                  LOG_INFO, filename, &retval);

Note that we're writing the error message to stdout, but expecting to read it from stderr. To fix this for #9781, I had the code look for the error message in stdout too. But the code as it stands is still doing a silly thing by writing a message to one fd and expecting to read it from another.

(I tried to fix it by switching the child process to write to stderr, but that didn't work, so a cleverer fix may be needed.)

#11935 Strange fallback font behavior on Mac and Windows reopened mikeperry defect Medium
Description

On stayinvisible.com, for some reason our font patch is causing Windows and Mac builds to report that they have *all* the fonts installed, where as Linux the test properly stops detecting fonts after our limit is reached.

This could be because something about TBB is simply causing the fallback fonts on Mac and Windows to be different than what they expect. Possible OS fingerprinting issue, or deeper bug?

In either case, this is not ridiculously serious, but is worth investigating.

#11966 "Bootstrapped 20%: Asking for networkstatus consensus" is a lie for bridge users needs_revision isis defect Medium Tor: 0.3.???
Description

When a Tor client that's configured to use a bridge sees

[notice] Bootstrapped 20%: Asking for networkstatus consensus

its next plan is actually to send a DIR_PURPOSE_FETCH_SERVERDESC request for the bridge's descriptor. This is surprising.

#11967 TestingServerDownloadSchedule et al imply they're for TestingTorNetwork but actually they're sometimes not new defect Medium Tor: 0.3.???
Description
  V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 60, 60, 120, "
                                 "300, 900, 2147483647"),

is the default value of the config option, and that's used in the real Tor network:

static const smartlist_t *
find_dl_schedule_and_len(download_status_t *dls, int server)
{
  switch (dls->schedule) {
    case DL_SCHED_GENERIC:
      if (server)
        return get_options()->TestingServerDownloadSchedule;
      else
        return get_options()->TestingClientDownloadSchedule;
[...]

But if you set TestingTorNetwork, then its value gets replaced by

  V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 5, 10, 15, "
                                 "20, 30, 60"),

and the code in directory.c stays the same.

Am I the only one who thinks that calling it a TestingFooBarSchedule when it's not for Testing is weird?

#11970 `[err] sandbox_getaddrinfo(): Bug: (Sandbox) failed to get address localhost!` reopened nickm defect Medium Tor: 0.3.???
Description

Built from git, but using Debian init.d scripts, and configure options. Sandbox appears to cause a crash when the logs are rotated. (The following coincides with the time the logs are normally rotated):

May 15 06:25:02.000 [notice] Received reload signal (hup). Reloading config and resetting internal state.
May 15 06:25:02.000 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
May 15 06:25:02.000 [notice] Read configuration file "/etc/tor/torrc".
May 15 06:25:02.000 [err] sandbox_getaddrinfo(): Bug: (Sandbox) failed to get address localhost!
May 15 06:25:02.000 [warn] Couldn't parse address '"localhost:9050"' for SocksPort
May 15 06:25:02.000 [warn] Failed to parse/validate config: Invalid SocksPort/SocksListenAddress configuration
May 15 06:25:02.000 [err] Reading config failed--see warnings above. For usage, try -h.
May 15 06:25:02.000 [warn] Restart failed (config error?). Exiting.

/usr/share/tor/tor-service-defaults-torrc:

DataDirectory /var/lib/tor
PidFile /var/run/tor/tor.pid
RunAsDaemon 1
User debian-tor

ControlSocket /var/run/tor/control
ControlSocketsGroupWritable 1

CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /var/run/tor/control.authcookie

Log notice file /var/log/tor/log

torrc:

SocksPort localhost:9050
SocksPort 192.168.108.51:9100

SocksPolicy accept 127.0.0.1
SocksPolicy accept 192.168.108.0/24
SocksPolicy reject *

ORPort 443 NoListen
ORPort 9001 NoAdvertise

Nickname PrivateJoker

RelayBandwidthRate 128 KB
RelayBandwidthBurst 172 KB
BandwidthRate 128 KB
BandwidthBurst 172 KB

DirPort 80 NoListen
DirPort 9030 NoAdvertise
DirReqStatistics 0
DirPortFrontPage /etc/tor/tor-exit-notice.html

ExitPolicy reject *:*

AvoidDiskWrites 1
NumCPUs 2
FastFirstHopPK 0
ShutdownWaitLength 60
SafeSocks 1
ProtocolWarnings 1
WarnUnsafeSocks 1
HeartbeatPeriod 3 hours
TLSECGroup P256
DisableAllSwap 1
DisableDebuggerAttachment 1
Sandbox 1
#11973 Should relays stop making unencrypted directory connections? assigned defect Medium Tor: 0.3.???
Description

Continuing a discussion from #11469 :

There is a case to be made that relays should stop uploading and downloading directory information via HTTP. We should consider the arguments there and see if there's a good rationale beyond the standard "why not encrypt everything" baseline.

(To be clear, bridges don't make connections over HTTP.)

#11975 Add native test scheduling support to ooni-probe. new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/320.

It should be possible for an ooni-probe operator to specify when a given test or test deck should be run.

This should be achieved by having a configuration file that features cron-like syntax editable by the operator.

The probe software will then run as a system daemon and running the tests when they are scheduled to run.

If a certain test scheduled to run does not run at that time because the machine is offline it should be re-run as soon as the machine is turned on again (similar to the anacron behaviour).

#11977 Modified TrueHeaders class to order headers new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/298.

Fixes [Issue 254](https://github.com/TheTorProject/ooni-probe/issues/254) by storing TrueHeaders in an OrderedDict.

Removes clutter from TrueHeaders class by making _rawHeaders a simple OrderedDict mapping from header string to list of value strings. This conforms with its type in the superclass (twisted.web.http_headers.Headers) and removes the need to override a few methods. A new dict _headerCases stores the mapping from lowercase header name to their original capitalization. This is accessed by overriding the superclass method Headers._canonicalNameCaps.

Adds test_trueheaders.test_order_preserved to ensure getAllRawHeaders returns headers in the order they were set.

#11978 Recursion limit problem in TaskManager new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/296.

The task manager is currently designed to recursively call _fillSlots that will then call _run that then again will call _fillSlots on success or failure. This means that when there are a lot of tasks failing very quickly it is very likely that the default python recursion limit will be overcome (1000).

To reproduce this bug you can try and run a test with a long invalid input for example http_requests:

ooniprobe blocking/http_requests -f data/complete.deck

Note that the fact that this test fails is correct, however it fails in a surprising manner:

` Unhandled error in Deferred: Unhandled Error Traceback (most recent call last):

File "/ooni-probe/ooni/managers.py", line 153, in _failed

super(LinkedTaskManager, self)._failed(result, task)

File "/ooni-probe/ooni/managers.py", line 44, in _failed

task.done.errback(failure)

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/internet/defer.py", line 423, in errback

self._startRunCallbacks(fail)

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/internet/defer.py", line 490, in _startRunCallbacks

self._runCallbacks()

--- <exception caught here> ---

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/internet/defer.py", line 577, in _runCallbacks

current.result = callback(current.result, *args, kw)

File "/ooni-probe/ooni/director.py", line 188, in measurementFailed

log.msg("Failed doing measurement: %s" % measurement)

File "/ooni-probe/ooni/utils/log.py", line 62, in msg

print "%s" % msg

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/python/log.py", line 505, in write

msg(message, printed=1, isError=self.isError)

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/python/threadable.py", line 53, in sync

return function(self, *args, kwargs)

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/python/log.py", line 185, in msg

actualEventDict = (context.get(ILogContext) or {}).copy()

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/python/context.py", line 121, in getContext

return self.currentContext().getContext(key, default)

exceptions.RuntimeError: maximum recursion depth exceeded `

I think this bug is perhaps a good opportunity to discuss some possible refactoring of the task scheduler related code. It may be a good idea to draw some inspiration from: https://github.com/terrycojones/txrdq

#11981 Include in report details on the probes type of network new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/283.

In some cases it is useful to know the type of network the probe has been run from. This is important in the case that ooniprobe is run from a company or campus where the censorship is being performed. This would allow the user to mark that the measurement from performed from such type of network and therefore allow to conclude that censorship is not being performed at the ISP layer.

The best approach to implement this is probably to implement this feature by allowing the user to add freetext or tags to a report. This way the tags could specify the name of the campus or the name of the company.

#11982 ooniprobe should verify the options required by tests before starting Tor and looking up it's IP new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/282.

Currently when I run a test that has some logic for verifying if it can run inside of it's setUp I must wait for Tor to start, for the probe to lookup the test helpers and discover it's IP before learning that I did not specify a certain option.

We should fix this by calling the setUp method of every nettest that is to be run before we do all of the startup tasks.

#11987 Test multiple network interfaces with a single probe new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/269.

As a user subscribing to more than one network I want to check for censorship on each using a single OONI instance so that I don't have to run multiple probes.

I'm involved with a project to monitor web censorship across domestic ISPs in the UK [1]. Our infrastructure plans include running multiple OONI probes in virtual machines running on a single server. We are subscribing to a number of domestic ISPs and routing each connection to a VM using some network-level magic (I believe).

It would simplify our setup if we could present multiple network connections to a single machine (either a VM or the actual server) and have a single OONI probe run its tests once per network connection, logging the results in a way that means we can tell the connection to which each relates.

[1] https://wiki.openrightsgroup.org/wiki/ORG_Censorship_Monitoring_Project

#11988 Make the usage of the -p option clearer new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/266.

It is unclear from running ooniprobe -p what should be the proper usage of the -p option.

#11989 Verbosify the collector address log line new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/261.

Each NetTest in a deck is assigned a collector. We should increase the verbosity so that each log line indicates to which NetTest it coresponds to.

#11990 Add support for storing the order in which HTTP headers are received. new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/254.

Currently TrueHeaders does not support storing the order in which HTTP headers are received or sent.

This probably requires also changes to the twisted.web.client.Agent.

#11991 ooni's TrueHeaders uses a dict() for internal storage new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/252.

The ordering of dict().iteritems() is not guarranteed, so I'm pretty sure this is a bug.

#11992 Feature/tor test template new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/251.

Adds support for writing tests for the Tor network, along with a few sample tests.

#11994 Add SSL support to ooni-probe new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/206.

This ticket goes together with: https://github.com/TheTorProject/ooni-probe/issues/187 and it involves adding SSL support to the ooniprobe client.

#11996 Verify the version of config files new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/190.

Both in ooni-probe and ooni-backend we have changed the configuration file over time. We should perform some integrity checking when it starts up to be sure that the config file is of a given version.

#11997 Add SSL support to ooni-backend new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/187.

We should have support for HTTPS connection to the ooni-backend.

We should have a way of pinning certain certificates inside of ooni-probe or provide a URL that is self authenticating (something like https://HASH_OF_PUBKEY@SOME_IP).

#11998 Add support for publishing test-helpers and collectors to bouncer new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/183.

The ooni-probe bouncer should also expose an API for allowing test-helpers and collectors to advertise their presence to the bouncer.

The most simple way of doing this is simply exposing a public API on the bouncer side that allows you to POST a message with a payload like so:

` {

'collector': 'httpo://thirteenchars1234.onion/', 'http-return-json-headers': 'http://172.168.1.1', 'dns': '172.168.1.1:53'

} `

The bouncer will then just add this to the list of collectors and bouncer it is aware of.

The drawback with this approach is that it allows anybody, even not authenticated, to pollute the database with random bouncer addresses.

I think this is mainly a threat to availability since it could lead to a malicious actor to polluting the bouncer with non-working bouncers.

A better approach would be to have the JSON document be signed.

There are quite a few approaches to singing JSON documents, but the one I personally like most is this: https://camlistore.googlesource.com/camlistore/+/master/doc/json-signing/json-signing.txt.

Though I would like feedback from @nathan-at-least on this matter.

At this point we can have the bouncer have a list of approved public keys that can publish to the bouncer and we will only accept publication of reports that have been signed.

I would suggest we implement the publication of bouncer addresses to the bouncer via a iterative process. We first implement the unauthenticated method and then we implement it via signing.

#12000 Detect when a probe is using the wrong test helpers new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/158.

As @stephen-soltesz pointed in out in a ticket:

Also, I recall a discussion in Berlin about validation of uploaded reports; specifically, at the time of report upload, it is necessary to determine that the "expected test-helper" and the "used test-helper" are the same type. This helps eliminate false-positives due to report errors caused by mismatches between the test-helper expected and used. This validation requires that the report is uploaded to the collector co-located with the test helper. Can testdecks be created to support the above?

The hard part of doing this is making the collector speak to the test helpers. In other words to detect that the expected test helper is not the one used, we have to has the test helper that the user is supposed to be using if they have seen those requests from our user.

#12003 Handling filesystem size limitations? new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/149.

Tests like http_requests.py very quickly generate a large yamloo file, especially against Alexa lists, often to the extent of exceeding filesystem filesize limits. At that point the kernel begins killing every OONI process without warning. Perhaps this is a YAML lib issue instead, but it would be useful either catch the write failure to warn or open a new output file.

#12004 ooni test decks specifying logfile path but it is not used. new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/123.

Jake reports that ooni is ignoring test .deck logfile paths.

#12006 Is non-determinism in test helper deployment or MLab-ns API acceptable? new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/118.

Close this ticket with a yes / no.

The MLab initialize.sh script for Ooni selects which test helpers bind to a given port randomly. The requirement is for the same port to provide multiple distinct test helpers, so the current strategy is to partition the MLab slices (and thus IP addresses) for each port according to how many helpers require that port. The random selection accomplishes this in a stateless / configuration-free manner.

Meanwhile, the probe will use the mlab-ns web service to request test helpers and a collector prior to running a net-test. This service currently responds non-deterministically (with various constraints and prioritizations such as scoring based on load).

The question is: Are these two sources of non-determinism a problem?

For scientific repeatability, randomness adds noise. For diagnostic reasons, determinism can make it simpler to understand logs or report data. For security reasons, censors might be able to game non-determinism in a way to favor particular test results. It may be that none of these concerns are strong enough (also considering the dev cost of removing the non-determinism).

*If* the answer is "no", there's a dev cost implication for mlab-ns which should be coordinated with MLab.

#12007 Contributor Bootstrap new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/106.

How should a contributor get started helping out with Ooni? What documentation should they read? What are good projects for them to tackle?

#12010 Data Pipeline new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/100.

Ooni is in the M-Lab data pipeline.

#12011 Feature/versioneer automatic version bumping and configuration. new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/85.

@hellais: Brian Warner made this thing, and I´ve started using it in all my projects. It will make your life so much easier. :)

#12012 clock skew new hellais defect Medium
Description

This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/66.

When the clock on a tor client is so wrong that tor network consensus can not be reached, exit with a user comprehensible error, rather than hanging forever.

#12013 Verify the NetTest version as well as name new hellais defect Medium
Description

We don't implement version checking yet. To confirm: Do we intend for collectors to accept reports from versions of NetTests that are -newer- than the version specified in the policy? Or only the exact version(s)?

#12014 Side Channel Attacks new hellais defect Medium
Description

defuse:

Reports from ooni-probe are identified by a report id, which is used in a file path. Checking the report id by opening the file may create a side channel that would allow an attacker to extract existing report ids from the server. With the report id, the attacker could overwrite other, existing reports with their own data and possibly do other bad things.

Is this a problem? Are there other side channels that could be a problem?

Note: This is not part of the Least Authority audit.

hellais:

This is indeed an issue, as we do want to guarantee integrity of not finalised reports.

How would you suggest making such comparison in constant time?

A possible solution would be to make a list of all the files that are stored in the temporary directory, xor every item in the list with the specified report_id. Check if there is any item inside of the list that is 0.

Is there a better way to do this?

defuse:

@hellais I think the proposed solution would still leak some information when the file is actually opened. You might be able to get away with opening all the files, then only using the file descriptor from the one that matches the provided report_id, but that's very inefficient (and I'm not even sure if that would be safe).

A better approach might be to make it OK for the attacker to learn the report ID. To do this, add a "report key", so that you need the report_id and the report_key to be able to write a report. The report_id would be part of the filename (or database index if you ever use a database), and then inside the file would be a hash of the report_key, which is checked in constant time. Then if someone else gets the report_id, it doesn't matter so much since they can't tamper with it without knowing the report_key.

This could be done without changing the API too much. The report ID currently contains 50 alphanumeric characters, so you could use the first 25 as the new report ID, and the last 25 as the report key.

Beware side channels that would leak the timestamp and/or ASN of other reports, since they are part of the report id and filename too.

defuse:

Note: While it could be done without changing the API, I don't recommend it. It would not obvious to the client what they have to keep secret and what they don't. It would be better to explicitly give the client a "report_key", which, as the name implies, has to be kept secret.

defuse:

As @hellais and I discussed in real life, the attacker can only get past the XOR check if they already know the report ID.

However, the report ID, or information about the other report IDs, might still be leaked in some cases:

For example, the attacker might create 1000 new reports, obtaining 1000 report IDs, then can monitor how the response time for each of those IDs changes over time to learn things about the new report IDs (that they don't know) that were created during that time.

Another example: an attacker who can measure cache usage via unprivileged code running on the same physical system might be able to learn information about the report IDs used by actual users.

I doubt something like that would be exploitable in practice, but if we want to be perfectly side-channel free, we should consider those kinds of attacks.

#12017 HTTPS-E has no rulesets, does not work at all in FF29. new zyan defect Medium
Description

I am using Firefox 29, on Mac OS X 10.6.8 Snow Leopard on a MacBook Pro 6,2.

The drop-down menu for HTTPS Everywhere 3.5.1 under the "Tools" menu in Firefox does not appear at all when I hover my mouse over the "HTTPS Everywhere" menu item. When I look at the preferences for HTTPS Everywhere, the redirection rules are all blank. I tried clicking "reset to defaults". It had no effect.

When I try to connect to a site, such as www.youtube.com, I get the normal http version, not the https version. If I manually enter ​https://www.youtube.com, I get the https version.

I tried un-installing and re-installing HTTPS Everywhere 3.5.1, as well as installing 4.0development.15, and 4.0development.16. The problem still persists.

My active Firefox add-ons are: Adblock Edge 2.1.1 BetterPrivacy 1.68 Download YouTube Videos as MP4 1.7.18 DownloadHelper 4.9.22 DownThemAll! 2.0.16 DuckDuckGo Plus 0.3.16 Firebug 1.12.8 FxIF 0.4.7.1 Ghostery 5.2.1 HTTPS-Everywhere 3.5.1 Screengrab (fix version) 0.97.24c User Agent Switcher 0.7.3

I also use Tor Browser 3.5.4, which includes the HTTPS Everywhere 3.5.1 add-on. HTTPS Everywhere works properly in Tor Browser 3.5.4.

I also tried using HTTPS Everywhere 3.5.1 in Firefox 28 on OS X 10.9.2 Mavericks. HTTPS Everywhere works properly in Firefox on Mavericks.

My active Firefox add-ons in Mavericks are: Adblock Plus 2.5.1 BetterPrivacy 1.68 DuckDuckGo Plus 0.3.16 Firebug 1.12.8 Ghostery 5.2.1 HTTPS-Everywhere 3.5.1 User Agent Switcher 0.7.3

#12020 Bootstrap gets stuck at 20% when connecting through a bridge. needs_information defect Medium Tor: 0.3.???
Description

I believe this is different from all the other instances of this bug (#11965 and friends), because the client never recovers (I am using a pluggable transport that is experimental, but the symptoms don't point at my code at first glance).

Client debug log:

May 15 19:36:24.000 [debug] connection_dir_client_reached_eof(): Received response from directory server '127.0.0.1:52810': 404 "Not found" (purpose: 6)
May 15 19:36:24.000 [info] connection_dir_client_reached_eof(): Received server info (size 0) from server '127.0.0.1:52810'
May 15 19:36:24.000 [info] connection_dir_client_reached_eof(): Received http status code 404 ("Not found") from server '127.0.0.1:52810' while fetching "/tor/server/authority.z". I'll try again soon.
May 15 19:36:24.000 [debug] conn_close_if_marked(): Cleaning up connection (fd -1).
May 15 19:36:24.000 [debug] connection_remove(): removing socket -1 (type Directory), n_conns now 3

The bridge is fully bootstrapped at this point according to the logs. Bridge functionality should be fully working once the bridge bootstraps to 100% right? This does seem to happen most after I restart both the client and bridge to pick up a new build of the pt binary...

The only notable config option besides the PT is "PublishServerDescriptor 0" (A cursory search for authority.z brings up #9366).

#12037 chess.com videos never load with Cloudfront rule enabled new zyan defect Medium
Description

http://www.chess.com/video/player/evaluation-and-planning---part-1

This is an example of a chess.com video loaded through Adobe Flash. If the Cloudfront rule is enabled (as of version 2014-4-25) then the video display will show permanently as loading (in the form of a spinning circle). Disabling the Cloudfront rule causes the video to load immediately.

#12052 test_readline_limit in facilitator-test sometimes fails new dcf defect Medium
Description

This happens more on some machines than others. On my laptop (Debian jessie/sid) it only happens about 1 in 10-15 times but weasel reproduced it 2/3 times.

There is already TODO in the source code, but for now I will disable this test temporarily in the Debian packaging.

======================================================================
FAIL: test_readline_limit (__main__.FacilitatorProcTest)
Test that reads won't buffer indefinitely.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./facilitator-test.py", line 244, in test_readline_limit
    self.fail("should have raised a socket error")
AssertionError: should have raised a socket error

----------------------------------------------------------------------
Ran 18 tests in 2.227s

FAILED (failures=1)
#12053 Infinite loop when 'identity mismatch' error is raised. new brade defect Low
Description

To reproduce this error, launch Tor Browser from behind a captive portal for which you haven't yet agreed to the terms. A window pops up reporting a tor error with the phrase "identity mismatch". Clicking through it will lead to a new window for "Tor failed to launch". Clicking through that will bring you back to the error window for "identity mismatch". This unending parade of error windows will continue even if one disconnects from the network. It is impossible to close Tor Browser at this point without sending a SIGKILL.

#12062 Audit DisableNetwork, we_are_hibernating usage new defect Medium Tor: 0.3.???
Description

I think a lot of our DisableNetwork checks should instead check net_is_disabled, since so much of what we're doing turning off when the network is disabled is also something we're trying to turn off when we're hibernating.

And probably some of our DisableNetwork checks should call should_delay_dir_fetches or something similar, if they're related to fetching non-bridge-descriptor directory stuff.

Possibly there should be a better designed hierarchy here.

Possibly, most of the fixes here should wait for 0.2.6, since this code is tricky.

#12063 Broken tripadvisor hotel booking calendar with https everywhere new zyan defect Medium
Description

An example:

http://www.tripadvisor.co.uk/Hotel_Review-g186225-d311414-Reviews-Ashley_Hotel-Cambridge_Cambridgeshire_England.html

Clicking on the calendar button when booking for hotels with https everywhere enabled will prevent the calendar popup from showing.

#12089 BridgedDB can be forced to email arbitrary email addresses reopened isis defect High
Description

See #12086.

From this commit message for this unittest:

BridgeDB will accept an email from an arbitrary gmail/yahoo email address at the SMTP layer, and then send the reply to a *different* arbitrary gmail/yahoo email address taken from the contents of the email headers.

As you can see in the example...

(in the ticket description of #12086)

the SMTP command

MAIL FROM: isisgrimalkin@gmail.com

combined with a 'From: isislovecruft@gmail.com' in the email headers within the SMTP DATA segment caused the reply to be sent the reply to the later, when it came from the former.

While this was done quick-and-dirty with netcat, it's probably possible to configure msmtp to send a the same SMTP commands/info with embedded email headers still specifying an arbitrary email address, such that Gmail/Yahoo would produce a valid DKIM signature for it and pass it along to BridgeDB. (And thus the issue isn't merely that DKIM verification appears to be broken, but the issue is that we're not checking that source of an incoming email matches the destination of the response.)

In addition, the person reading such a unsolicited response from BridgeDB also has no way to know who originally emailed BridgeDB to cause this email to end up in her inbox in the first place.

I'm not exactly certain if this is a bug or a feature. While it could be used for sending some junk to an arbitrary gmail/yahoo address, it could also be used as a sort of

"Dear BridgeDB, can I have some bridges? Asking for a friend."

mechanism.

I'm guessing that we're likely to see more use of it for the former, more malicious activity than the latter benevolent one, and so we should probably consider this a pretty serious bug.


Side note: All the bugs found with that unittest were present in older versions of BridgeDB, and possibly have always been present, and they don't appear to be resultant from my recent rewrite of the email servers (as sysrqb noted, my rewrite retained portions of the old codebase). I just wanted to point that out so that I'm not blamed for introducing them. Unfortunately, I didn't catch this while staring at the code for several hours. (But hiphiphooray for unittests! :D )

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Note: See TracQuery for help on using queries.