Custom Query (4692 matches)


Show under each result:

Results (901 - 1000 of 4692)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Ticket Summary Status Owner Type Priority Milestone
#11662 Breaks needs_information zyan defect Medium

Go to and do a search for any region. Homes will not show up on the map or in the list. If you disable Https Everywhere and refresh, you will be able to see them.

#11663 HTTPS-E v3.5.3 breaks youtube embedding on other sites (FF 29 / Chrome) new zyan defect High HTTPS-E 3.5

The video on this URL is not played (and preview is not shown) unless I turn off "YouTube (partial)" rule.

#11671 HTTPS Everywhere breaks new zyan defect Medium

The page loads but all styling is missing. Like a trip back to the 1990s!

The JS console shows "loadContext is null" at https-everywhere.js:424 each time

This occurs in both 3.5.1 and 4.0dev16. All is normal when HTTPSE is disabled

#11698 Decide how to incorporate Tor Browser Manual pages into Tor Browser new defect Medium

We want the Tor Browser User Manual to ship with Tor Browser. We need to decide how the manual will be presented to the user, including what file format the user will be accessing.

#11728 Torbirdy shouldn't allow clearnet connections on startup if started in Transparent Torification mode needs_review ioerror defect High

Here's the situation: Alice uses Torbirdy in "Transparent Torification" mode to check her email on her laptop with her Tor router at home. She later takes her laptop to an internet cafe and checks her email there. As soon as she opens Thunderbird, a connection is made in the clear to her email provider before she has a chance to change Torbirdy's settings to "Use Tor Onion Router". This is an identity leak, and Torbirdy should prevent this possibility.

#11743 nodelist_add_microdesc: assign md to all appropriate nodes properly new defect High Tor: unspecified

Auths can to create the same md for two different relays. Because hash collision or evil relay. Last one can to announce any onion keys and family, without needs any proofs. All parts of code designed with assumption one md per many nodes, except nodelist_add_microdesc.

nodelist_add_microdesc using router_get_consensus_status_by_descriptor_digest which cut off digest, digestmap_set using SHA1 while md's digest about SHA256. nodelist_add_microdesc can't to assign md to all appropriate nodes, and only to first with id returned by router_get_consensus_status_by_descriptor_digest.

If evil relay will craft self id specifically then it will break usage of victim's relay for any freshly new clients till updated consensus (it's about several hours).

If to keep nodelist_add_microdesc with md per one node then md format need to be more unique generated. Unique md can be generated by adding ID of relay, it will stop crafted mds. Which way to choose? Need another ticket about it?

#11752 Silverlight crashes on Netflix with HTTPS Everywhere new zyan defect Medium

Version: Chrome 2014.4.25

When starting a netflix movie using silverlight, silverlight crashes at 25%~ buffering. Upon investigation this issue does not occur when HTTPS Everywhere is disabled, or the Microsoft rules are disabled.

Chrome latest stable version, Silverlight latest stable, Windows 8.1 64.

#11757 Errors in the FF console new zyan defect Medium

I Repeatedly get the following error in the FF console:

[Exception... "Component returned failure code: 0x8000ffff (NS_ERROR_UNEXPECTED) [nsILoadContext.associatedWindow]" nsresult: "0x8000ffff (NS_ERROR_UNEXPECTED)" location: "JS frame :: file:///C:/Users/xxxxx/AppData/Roaming/Mozilla/Firefox/Profiles/xxxxxxxx.default/extensions/ :: HTTPSEverywhere.prototype.getWindowForChannel :: line 424" data: no] https-everywhere.js:424

#11789 Update now link in old TBB does not point to latest version new erinn defect Medium

Following the discussion on, it sounds like the "Update now" link in an old version of the Tor Browser Bundle points to an old update instead of the latest version. This link may have been hardcoded to point to the bundle that, at that point in time, was the latest version, but it means that someone who tries to update a six month old OS X bundle will be taken to the download page for 3.6, instead of 3.6.1 (see the link for a screenshot).

#11818 [Chrome] https everywhere forgets disabling of rules, no way to remove a rule entirely reopened vijayp defect Medium

I added a rule to include reddit for the https redirect. I didn't realize reddit doesn't support https.

Now, every time I fire up Chrome it redirects reddit to https. If I disable that rule by unmarking the checkbox then reddit works (after I reload the page), but next time I fire up chrome the issue is back.

I don't see any way to remove the rule entirely, and the options button when I right click on the icon is disabled.

#11868 Craigslist not displaying https Pictures new zyan defect High

I'm running FF 24 and HTTPS Everywhere 3.4.2. I have FF set to not display any mixed content (active or passive content). If I browse Craigslist with a HTTPS session and browse ads, the pictures for the ad are displayed from an HTTPS link with no problem. If I upgrade to any newer version of HTTPS Everywhere then the pictures are not displayed because their links now show as HTTP. The Craigslist rule in all version is the same so it must not be a rule problem. I notice the change log says with version 3.4.3 "Deprecate the ContentPolicy API, fixing a crash bug lurking since Firefox 20". Could this have broken something and created my problem? I am staying at 3.4.2 until fixed.

#11869 HTTPS Everywhere conflicts with other extensions like Tampermonkey new zyan defect Low

HTTPS Everywhere: 2014.4.25 for Chrome

Chrome: 34.0.1847.131 (Official Build 265687) for Windows


It seems that what HTTPS Everywhere does is to "redirect" the address to the https attached one. But this doesn't work with some extensions.

For example, if a URL of a script in Tampermonkey matches a rule of HTTPS Everywhere, it will prevent the script from running normally.

My situation was that, I inserted a line of


into my script, so that the script cannot fetch the js file normally.

#11887 Tumblr (Partial) rule breaks control bar on tumblr blogs new zyan defect Medium

HTTPSe 4.0 dev 16 Firefox 29.0.1

When logged into Tumblr and viewing a blog there should be a toolbar in the top right of the page with buttons for Like, Reblog, Follow and Dashboard. With the default rule enabled for Tumblr (partial) this toolbar will not show. Disabling the rule makes it work correctly.

This problem is only on the development build, the stable 3.5.1 works OK.

Example link

#11920 Rule "Microsoft (partial)" breaks Netflix streaming new zyan defect Medium

Running HTTPS-E 3.5.1, the rule labeled "Microsoft (Partial)" is responsible for DRM errors and failing to start streaming on Netflix. Netflix is confirmed fixed by disabling the rule. This problem has existed for a long time but nearly all advice online either points at different (incorrect) fixes or suggests disabling HTTPS-E to "fix" the problem.

#11921 Breaks Google search needs_information zyan defect Medium

I'm running build 2014.4.25. When I do a Google search and the results come up, I'm unable to (left-)click on links. As a workaround, I can right-click and open in a new tab.

#11922 Launching tor-fw-helper should untangle stderr for control, stdout for data? new defect Low Tor: unspecified

Per discussion on #9781 :

back in cd05f35d2cdf50, we introduced a mismatch.

// In the child process:
        nbytes = write(STDOUT_FILENO, error_message, error_message_length);

// In the parent:
    stderr_status = log_from_pipe(child_handle->stderr_handle,
                                  LOG_INFO, filename, &retval);

Note that we're writing the error message to stdout, but expecting to read it from stderr. To fix this for #9781, I had the code look for the error message in stdout too. But the code as it stands is still doing a silly thing by writing a message to one fd and expecting to read it from another.

(I tried to fix it by switching the child process to write to stderr, but that didn't work, so a cleverer fix may be needed.)

#11935 Strange fallback font behavior on Mac and Windows reopened mikeperry defect Medium

On, for some reason our font patch is causing Windows and Mac builds to report that they have *all* the fonts installed, where as Linux the test properly stops detecting fonts after our limit is reached.

This could be because something about TBB is simply causing the fallback fonts on Mac and Windows to be different than what they expect. Possible OS fingerprinting issue, or deeper bug?

In either case, this is not ridiculously serious, but is worth investigating.

#11966 "Bootstrapped 20%: Asking for networkstatus consensus" is a lie for bridge users needs_revision isis defect Medium Tor: unspecified

When a Tor client that's configured to use a bridge sees

[notice] Bootstrapped 20%: Asking for networkstatus consensus

its next plan is actually to send a DIR_PURPOSE_FETCH_SERVERDESC request for the bridge's descriptor. This is surprising.

#11967 TestingServerDownloadSchedule et al imply they're for TestingTorNetwork but actually they're sometimes not new defect Medium Tor: unspecified
  V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 60, 60, 120, "
                                 "300, 900, 2147483647"),

is the default value of the config option, and that's used in the real Tor network:

static const smartlist_t *
find_dl_schedule_and_len(download_status_t *dls, int server)
  switch (dls->schedule) {
      if (server)
        return get_options()->TestingServerDownloadSchedule;
        return get_options()->TestingClientDownloadSchedule;

But if you set TestingTorNetwork, then its value gets replaced by

  V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 5, 10, 15, "
                                 "20, 30, 60"),

and the code in directory.c stays the same.

Am I the only one who thinks that calling it a TestingFooBarSchedule when it's not for Testing is weird?

#11970 `[err] sandbox_getaddrinfo(): Bug: (Sandbox) failed to get address localhost!` reopened nickm defect Medium Tor: unspecified

Built from git, but using Debian init.d scripts, and configure options. Sandbox appears to cause a crash when the logs are rotated. (The following coincides with the time the logs are normally rotated):

May 15 06:25:02.000 [notice] Received reload signal (hup). Reloading config and resetting internal state.
May 15 06:25:02.000 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
May 15 06:25:02.000 [notice] Read configuration file "/etc/tor/torrc".
May 15 06:25:02.000 [err] sandbox_getaddrinfo(): Bug: (Sandbox) failed to get address localhost!
May 15 06:25:02.000 [warn] Couldn't parse address '"localhost:9050"' for SocksPort
May 15 06:25:02.000 [warn] Failed to parse/validate config: Invalid SocksPort/SocksListenAddress configuration
May 15 06:25:02.000 [err] Reading config failed--see warnings above. For usage, try -h.
May 15 06:25:02.000 [warn] Restart failed (config error?). Exiting.


DataDirectory /var/lib/tor
PidFile /var/run/tor/
RunAsDaemon 1
User debian-tor

ControlSocket /var/run/tor/control
ControlSocketsGroupWritable 1

CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /var/run/tor/control.authcookie

Log notice file /var/log/tor/log


SocksPort localhost:9050

SocksPolicy accept
SocksPolicy accept
SocksPolicy reject *

ORPort 443 NoListen
ORPort 9001 NoAdvertise

Nickname PrivateJoker

RelayBandwidthRate 128 KB
RelayBandwidthBurst 172 KB
BandwidthRate 128 KB
BandwidthBurst 172 KB

DirPort 80 NoListen
DirPort 9030 NoAdvertise
DirReqStatistics 0
DirPortFrontPage /etc/tor/tor-exit-notice.html

ExitPolicy reject *:*

AvoidDiskWrites 1
NumCPUs 2
FastFirstHopPK 0
ShutdownWaitLength 60
SafeSocks 1
ProtocolWarnings 1
WarnUnsafeSocks 1
HeartbeatPeriod 3 hours
TLSECGroup P256
DisableAllSwap 1
DisableDebuggerAttachment 1
Sandbox 1
#11973 Should relays stop making unencrypted directory connections? assigned defect Medium Tor: unspecified

Continuing a discussion from #11469 :

There is a case to be made that relays should stop uploading and downloading directory information via HTTP. We should consider the arguments there and see if there's a good rationale beyond the standard "why not encrypt everything" baseline.

(To be clear, bridges don't make connections over HTTP.)

#11975 Add native test scheduling support to ooni-probe. new hellais defect Medium

This issue was automatically migrated from github issue

It should be possible for an ooni-probe operator to specify when a given test or test deck should be run.

This should be achieved by having a configuration file that features cron-like syntax editable by the operator.

The probe software will then run as a system daemon and running the tests when they are scheduled to run.

If a certain test scheduled to run does not run at that time because the machine is offline it should be re-run as soon as the machine is turned on again (similar to the anacron behaviour).

#11977 Modified TrueHeaders class to order headers new hellais defect Medium

This issue was automatically migrated from github issue

Fixes [Issue 254]( by storing TrueHeaders in an OrderedDict.

Removes clutter from TrueHeaders class by making _rawHeaders a simple OrderedDict mapping from header string to list of value strings. This conforms with its type in the superclass (twisted.web.http_headers.Headers) and removes the need to override a few methods. A new dict _headerCases stores the mapping from lowercase header name to their original capitalization. This is accessed by overriding the superclass method Headers._canonicalNameCaps.

Adds test_trueheaders.test_order_preserved to ensure getAllRawHeaders returns headers in the order they were set.

#11978 Recursion limit problem in TaskManager new hellais defect Medium

This issue was automatically migrated from github issue

The task manager is currently designed to recursively call _fillSlots that will then call _run that then again will call _fillSlots on success or failure. This means that when there are a lot of tasks failing very quickly it is very likely that the default python recursion limit will be overcome (1000).

To reproduce this bug you can try and run a test with a long invalid input for example http_requests:

ooniprobe blocking/http_requests -f data/complete.deck

Note that the fact that this test fails is correct, however it fails in a surprising manner:

` Unhandled error in Deferred: Unhandled Error Traceback (most recent call last):

File "/ooni-probe/ooni/", line 153, in _failed

super(LinkedTaskManager, self)._failed(result, task)

File "/ooni-probe/ooni/", line 44, in _failed


File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/internet/", line 423, in errback


File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/internet/", line 490, in _startRunCallbacks


--- <exception caught here> ---

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/internet/", line 577, in _runCallbacks

current.result = callback(current.result, *args, kw)

File "/ooni-probe/ooni/", line 188, in measurementFailed

log.msg("Failed doing measurement: %s" % measurement)

File "/ooni-probe/ooni/utils/", line 62, in msg

print "%s" % msg

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/python/", line 505, in write

msg(message, printed=1, isError=self.isError)

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/python/", line 53, in sync

return function(self, *args, kwargs)

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/python/", line 185, in msg

actualEventDict = (context.get(ILogContext) or {}).copy()

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/python/", line 121, in getContext

return self.currentContext().getContext(key, default)

exceptions.RuntimeError: maximum recursion depth exceeded `

I think this bug is perhaps a good opportunity to discuss some possible refactoring of the task scheduler related code. It may be a good idea to draw some inspiration from:

#11981 Include in report details on the probes type of network new hellais defect Medium

This issue was automatically migrated from github issue

In some cases it is useful to know the type of network the probe has been run from. This is important in the case that ooniprobe is run from a company or campus where the censorship is being performed. This would allow the user to mark that the measurement from performed from such type of network and therefore allow to conclude that censorship is not being performed at the ISP layer.

The best approach to implement this is probably to implement this feature by allowing the user to add freetext or tags to a report. This way the tags could specify the name of the campus or the name of the company.

#11982 ooniprobe should verify the options required by tests before starting Tor and looking up it's IP new hellais defect Medium

This issue was automatically migrated from github issue

Currently when I run a test that has some logic for verifying if it can run inside of it's setUp I must wait for Tor to start, for the probe to lookup the test helpers and discover it's IP before learning that I did not specify a certain option.

We should fix this by calling the setUp method of every nettest that is to be run before we do all of the startup tasks.

#11987 Test multiple network interfaces with a single probe new hellais defect Medium

This issue was automatically migrated from github issue

As a user subscribing to more than one network I want to check for censorship on each using a single OONI instance so that I don't have to run multiple probes.

I'm involved with a project to monitor web censorship across domestic ISPs in the UK [1]. Our infrastructure plans include running multiple OONI probes in virtual machines running on a single server. We are subscribing to a number of domestic ISPs and routing each connection to a VM using some network-level magic (I believe).

It would simplify our setup if we could present multiple network connections to a single machine (either a VM or the actual server) and have a single OONI probe run its tests once per network connection, logging the results in a way that means we can tell the connection to which each relates.


#11988 Make the usage of the -p option clearer new hellais defect Medium

This issue was automatically migrated from github issue

It is unclear from running ooniprobe -p what should be the proper usage of the -p option.

#11989 Verbosify the collector address log line new hellais defect Medium

This issue was automatically migrated from github issue

Each NetTest in a deck is assigned a collector. We should increase the verbosity so that each log line indicates to which NetTest it coresponds to.

#11990 Add support for storing the order in which HTTP headers are received. new hellais defect Medium

This issue was automatically migrated from github issue

Currently TrueHeaders does not support storing the order in which HTTP headers are received or sent.

This probably requires also changes to the twisted.web.client.Agent.

#11991 ooni's TrueHeaders uses a dict() for internal storage new hellais defect Medium

This issue was automatically migrated from github issue

The ordering of dict().iteritems() is not guarranteed, so I'm pretty sure this is a bug.

#11992 Feature/tor test template new hellais defect Medium

This issue was automatically migrated from github issue

Adds support for writing tests for the Tor network, along with a few sample tests.

#11994 Add SSL support to ooni-probe new hellais defect Medium

This issue was automatically migrated from github issue

This ticket goes together with: and it involves adding SSL support to the ooniprobe client.

#11996 Verify the version of config files new hellais defect Medium

This issue was automatically migrated from github issue

Both in ooni-probe and ooni-backend we have changed the configuration file over time. We should perform some integrity checking when it starts up to be sure that the config file is of a given version.

#11997 Add SSL support to ooni-backend new hellais defect Medium

This issue was automatically migrated from github issue

We should have support for HTTPS connection to the ooni-backend.

We should have a way of pinning certain certificates inside of ooni-probe or provide a URL that is self authenticating (something like https://HASH_OF_PUBKEY@SOME_IP).

#11998 Add support for publishing test-helpers and collectors to bouncer new hellais defect Medium

This issue was automatically migrated from github issue

The ooni-probe bouncer should also expose an API for allowing test-helpers and collectors to advertise their presence to the bouncer.

The most simple way of doing this is simply exposing a public API on the bouncer side that allows you to POST a message with a payload like so:

` {

'collector': 'httpo://thirteenchars1234.onion/', 'http-return-json-headers': '', 'dns': ''

} `

The bouncer will then just add this to the list of collectors and bouncer it is aware of.

The drawback with this approach is that it allows anybody, even not authenticated, to pollute the database with random bouncer addresses.

I think this is mainly a threat to availability since it could lead to a malicious actor to polluting the bouncer with non-working bouncers.

A better approach would be to have the JSON document be signed.

There are quite a few approaches to singing JSON documents, but the one I personally like most is this:

Though I would like feedback from @nathan-at-least on this matter.

At this point we can have the bouncer have a list of approved public keys that can publish to the bouncer and we will only accept publication of reports that have been signed.

I would suggest we implement the publication of bouncer addresses to the bouncer via a iterative process. We first implement the unauthenticated method and then we implement it via signing.

#12000 Detect when a probe is using the wrong test helpers new hellais defect Medium

This issue was automatically migrated from github issue

As @stephen-soltesz pointed in out in a ticket:

Also, I recall a discussion in Berlin about validation of uploaded reports; specifically, at the time of report upload, it is necessary to determine that the "expected test-helper" and the "used test-helper" are the same type. This helps eliminate false-positives due to report errors caused by mismatches between the test-helper expected and used. This validation requires that the report is uploaded to the collector co-located with the test helper. Can testdecks be created to support the above?

The hard part of doing this is making the collector speak to the test helpers. In other words to detect that the expected test helper is not the one used, we have to has the test helper that the user is supposed to be using if they have seen those requests from our user.

#12003 Handling filesystem size limitations? new hellais defect Medium

This issue was automatically migrated from github issue

Tests like very quickly generate a large yamloo file, especially against Alexa lists, often to the extent of exceeding filesystem filesize limits. At that point the kernel begins killing every OONI process without warning. Perhaps this is a YAML lib issue instead, but it would be useful either catch the write failure to warn or open a new output file.

#12004 ooni test decks specifying logfile path but it is not used. new hellais defect Medium

This issue was automatically migrated from github issue

Jake reports that ooni is ignoring test .deck logfile paths.

#12006 Is non-determinism in test helper deployment or MLab-ns API acceptable? new hellais defect Medium

This issue was automatically migrated from github issue

Close this ticket with a yes / no.

The MLab script for Ooni selects which test helpers bind to a given port randomly. The requirement is for the same port to provide multiple distinct test helpers, so the current strategy is to partition the MLab slices (and thus IP addresses) for each port according to how many helpers require that port. The random selection accomplishes this in a stateless / configuration-free manner.

Meanwhile, the probe will use the mlab-ns web service to request test helpers and a collector prior to running a net-test. This service currently responds non-deterministically (with various constraints and prioritizations such as scoring based on load).

The question is: Are these two sources of non-determinism a problem?

For scientific repeatability, randomness adds noise. For diagnostic reasons, determinism can make it simpler to understand logs or report data. For security reasons, censors might be able to game non-determinism in a way to favor particular test results. It may be that none of these concerns are strong enough (also considering the dev cost of removing the non-determinism).

*If* the answer is "no", there's a dev cost implication for mlab-ns which should be coordinated with MLab.

#12007 Contributor Bootstrap new hellais defect Medium

This issue was automatically migrated from github issue

How should a contributor get started helping out with Ooni? What documentation should they read? What are good projects for them to tackle?

#12010 Data Pipeline new hellais defect Medium

This issue was automatically migrated from github issue

Ooni is in the M-Lab data pipeline.

#12011 Feature/versioneer automatic version bumping and configuration. new hellais defect Medium

This issue was automatically migrated from github issue

@hellais: Brian Warner made this thing, and I´ve started using it in all my projects. It will make your life so much easier. :)

#12012 clock skew new hellais defect Medium

This issue was automatically migrated from github issue

When the clock on a tor client is so wrong that tor network consensus can not be reached, exit with a user comprehensible error, rather than hanging forever.

#12013 Verify the NetTest version as well as name new hellais defect Medium

We don't implement version checking yet. To confirm: Do we intend for collectors to accept reports from versions of NetTests that are -newer- than the version specified in the policy? Or only the exact version(s)?

#12014 Side Channel Attacks new hellais defect Medium


Reports from ooni-probe are identified by a report id, which is used in a file path. Checking the report id by opening the file may create a side channel that would allow an attacker to extract existing report ids from the server. With the report id, the attacker could overwrite other, existing reports with their own data and possibly do other bad things.

Is this a problem? Are there other side channels that could be a problem?

Note: This is not part of the Least Authority audit.


This is indeed an issue, as we do want to guarantee integrity of not finalised reports.

How would you suggest making such comparison in constant time?

A possible solution would be to make a list of all the files that are stored in the temporary directory, xor every item in the list with the specified report_id. Check if there is any item inside of the list that is 0.

Is there a better way to do this?


@hellais I think the proposed solution would still leak some information when the file is actually opened. You might be able to get away with opening all the files, then only using the file descriptor from the one that matches the provided report_id, but that's very inefficient (and I'm not even sure if that would be safe).

A better approach might be to make it OK for the attacker to learn the report ID. To do this, add a "report key", so that you need the report_id and the report_key to be able to write a report. The report_id would be part of the filename (or database index if you ever use a database), and then inside the file would be a hash of the report_key, which is checked in constant time. Then if someone else gets the report_id, it doesn't matter so much since they can't tamper with it without knowing the report_key.

This could be done without changing the API too much. The report ID currently contains 50 alphanumeric characters, so you could use the first 25 as the new report ID, and the last 25 as the report key.

Beware side channels that would leak the timestamp and/or ASN of other reports, since they are part of the report id and filename too.


Note: While it could be done without changing the API, I don't recommend it. It would not obvious to the client what they have to keep secret and what they don't. It would be better to explicitly give the client a "report_key", which, as the name implies, has to be kept secret.


As @hellais and I discussed in real life, the attacker can only get past the XOR check if they already know the report ID.

However, the report ID, or information about the other report IDs, might still be leaked in some cases:

For example, the attacker might create 1000 new reports, obtaining 1000 report IDs, then can monitor how the response time for each of those IDs changes over time to learn things about the new report IDs (that they don't know) that were created during that time.

Another example: an attacker who can measure cache usage via unprivileged code running on the same physical system might be able to learn information about the report IDs used by actual users.

I doubt something like that would be exploitable in practice, but if we want to be perfectly side-channel free, we should consider those kinds of attacks.

#12017 HTTPS-E has no rulesets, does not work at all in FF29. new zyan defect Medium

I am using Firefox 29, on Mac OS X 10.6.8 Snow Leopard on a MacBook Pro 6,2.

The drop-down menu for HTTPS Everywhere 3.5.1 under the "Tools" menu in Firefox does not appear at all when I hover my mouse over the "HTTPS Everywhere" menu item. When I look at the preferences for HTTPS Everywhere, the redirection rules are all blank. I tried clicking "reset to defaults". It had no effect.

When I try to connect to a site, such as, I get the normal http version, not the https version. If I manually enter ​, I get the https version.

I tried un-installing and re-installing HTTPS Everywhere 3.5.1, as well as installing 4.0development.15, and 4.0development.16. The problem still persists.

My active Firefox add-ons are: Adblock Edge 2.1.1 BetterPrivacy 1.68 Download YouTube Videos as MP4 1.7.18 DownloadHelper 4.9.22 DownThemAll! 2.0.16 DuckDuckGo Plus 0.3.16 Firebug 1.12.8 FxIF Ghostery 5.2.1 HTTPS-Everywhere 3.5.1 Screengrab (fix version) 0.97.24c User Agent Switcher 0.7.3

I also use Tor Browser 3.5.4, which includes the HTTPS Everywhere 3.5.1 add-on. HTTPS Everywhere works properly in Tor Browser 3.5.4.

I also tried using HTTPS Everywhere 3.5.1 in Firefox 28 on OS X 10.9.2 Mavericks. HTTPS Everywhere works properly in Firefox on Mavericks.

My active Firefox add-ons in Mavericks are: Adblock Plus 2.5.1 BetterPrivacy 1.68 DuckDuckGo Plus 0.3.16 Firebug 1.12.8 Ghostery 5.2.1 HTTPS-Everywhere 3.5.1 User Agent Switcher 0.7.3

#12020 Bootstrap gets stuck at 20% when connecting through a bridge. needs_information defect Medium Tor: unspecified

I believe this is different from all the other instances of this bug (#11965 and friends), because the client never recovers (I am using a pluggable transport that is experimental, but the symptoms don't point at my code at first glance).

Client debug log:

May 15 19:36:24.000 [debug] connection_dir_client_reached_eof(): Received response from directory server '': 404 "Not found" (purpose: 6)
May 15 19:36:24.000 [info] connection_dir_client_reached_eof(): Received server info (size 0) from server ''
May 15 19:36:24.000 [info] connection_dir_client_reached_eof(): Received http status code 404 ("Not found") from server '' while fetching "/tor/server/authority.z". I'll try again soon.
May 15 19:36:24.000 [debug] conn_close_if_marked(): Cleaning up connection (fd -1).
May 15 19:36:24.000 [debug] connection_remove(): removing socket -1 (type Directory), n_conns now 3

The bridge is fully bootstrapped at this point according to the logs. Bridge functionality should be fully working once the bridge bootstraps to 100% right? This does seem to happen most after I restart both the client and bridge to pick up a new build of the pt binary...

The only notable config option besides the PT is "PublishServerDescriptor 0" (A cursory search for authority.z brings up #9366).

#12037 videos never load with Cloudfront rule enabled new zyan defect Medium

This is an example of a video loaded through Adobe Flash. If the Cloudfront rule is enabled (as of version 2014-4-25) then the video display will show permanently as loading (in the form of a spinning circle). Disabling the Cloudfront rule causes the video to load immediately.

#12052 test_readline_limit in facilitator-test sometimes fails new dcf defect Medium

This happens more on some machines than others. On my laptop (Debian jessie/sid) it only happens about 1 in 10-15 times but weasel reproduced it 2/3 times.

There is already TODO in the source code, but for now I will disable this test temporarily in the Debian packaging.

FAIL: test_readline_limit (__main__.FacilitatorProcTest)
Test that reads won't buffer indefinitely.
Traceback (most recent call last):
  File "./", line 244, in test_readline_limit"should have raised a socket error")
AssertionError: should have raised a socket error

Ran 18 tests in 2.227s

FAILED (failures=1)
#12053 Infinite loop when 'identity mismatch' error is raised. new brade defect Low

To reproduce this error, launch Tor Browser from behind a captive portal for which you haven't yet agreed to the terms. A window pops up reporting a tor error with the phrase "identity mismatch". Clicking through it will lead to a new window for "Tor failed to launch". Clicking through that will bring you back to the error window for "identity mismatch". This unending parade of error windows will continue even if one disconnects from the network. It is impossible to close Tor Browser at this point without sending a SIGKILL.

#12062 Audit DisableNetwork, we_are_hibernating usage new defect Medium Tor: unspecified

I think a lot of our DisableNetwork checks should instead check net_is_disabled, since so much of what we're doing turning off when the network is disabled is also something we're trying to turn off when we're hibernating.

And probably some of our DisableNetwork checks should call should_delay_dir_fetches or something similar, if they're related to fetching non-bridge-descriptor directory stuff.

Possibly there should be a better designed hierarchy here.

Possibly, most of the fixes here should wait for 0.2.6, since this code is tricky.

#12063 Broken tripadvisor hotel booking calendar with https everywhere new zyan defect Medium

An example:

Clicking on the calendar button when booking for hotels with https everywhere enabled will prevent the calendar popup from showing.

#12089 BridgedDB can be forced to email arbitrary email addresses reopened isis defect High

See #12086.

From this commit message for this unittest:

BridgeDB will accept an email from an arbitrary gmail/yahoo email address at the SMTP layer, and then send the reply to a *different* arbitrary gmail/yahoo email address taken from the contents of the email headers.

As you can see in the example...

(in the ticket description of #12086)

the SMTP command


combined with a 'From:' in the email headers within the SMTP DATA segment caused the reply to be sent the reply to the later, when it came from the former.

While this was done quick-and-dirty with netcat, it's probably possible to configure msmtp to send a the same SMTP commands/info with embedded email headers still specifying an arbitrary email address, such that Gmail/Yahoo would produce a valid DKIM signature for it and pass it along to BridgeDB. (And thus the issue isn't merely that DKIM verification appears to be broken, but the issue is that we're not checking that source of an incoming email matches the destination of the response.)

In addition, the person reading such a unsolicited response from BridgeDB also has no way to know who originally emailed BridgeDB to cause this email to end up in her inbox in the first place.

I'm not exactly certain if this is a bug or a feature. While it could be used for sending some junk to an arbitrary gmail/yahoo address, it could also be used as a sort of

"Dear BridgeDB, can I have some bridges? Asking for a friend."


I'm guessing that we're likely to see more use of it for the former, more malicious activity than the latter benevolent one, and so we should probably consider this a pretty serious bug.

Side note: All the bugs found with that unittest were present in older versions of BridgeDB, and possibly have always been present, and they don't appear to be resultant from my recent rewrite of the email servers (as sysrqb noted, my rewrite retained portions of the old codebase). I just wanted to point that out so that I'm not blamed for introducing them. Unfortunately, I didn't catch this while staring at the code for several hours. (But hiphiphooray for unittests! :D )

#12094 Disappearing bookmarks new tbb-team defect Medium

Upgraded to TorBrowser 3.6.1 Mac OS today. A few weeks since last update. All bookmarks added since last upgrade have not been stored in the browser. Bookmarks added today (after update) have been stored.

On Mac OSX 10.9.2

#12095 Remove dead Transifex teams from translation.git branches new phoul defect Medium

The following teams need to be removed from all branches in translation.git.

af-ZA am-ET bg-BG bn-BD ca-ES cs-CZ el-GR es-NI si sq-AL zh-CN.GB2312 zh

#12105 Radar feature will not load on reopened zyan defect Medium

Site gives the error message, "No radar available at this time" when HTTPS Everyone is enabled.

#12113 Building libevent/openssl on Windows without exception handling would reduce dependencies new erinn defect Low

I believe that in the Tor Browser Bundle on Windows, for the tor.exe component, libgmpxx-4.dll is built using MinGW with exception handling enabled. (Omits -fno-exceptions). MinGW has an archaic exception handling mechanism on Windows, using setjmp/longjmp based exceptions and necessitates the extra dll libgcc_s_sjlj-1.dll.

If libgmp was build without exception handling (it appears to only use it 3 or 4 places in the dll), it'd be possible to eliminate libgcc_s_sjlj-1.dll entirely.

EDIT: This is not about libgmp anymore as we don't ship the libgmpxx any longer. Rather, libevent/openssl are affected by that problem, too.

#12138 No IPv6 support when suggesting a bindaddr to a PT new defect Medium Tor: unspecified

This recent post in tor-talk: revealed that Tor does not support IPv6 when supporting a bind address to a pluggable transport. It seems that we missed that during #7011.

The problem is that the first time someone fires up a ServerTransportPlugin, Tor will suggest to it to bind in This can be seen in get_stored_bindaddr_for_server_transport:

  /** If we didn't find references for this pluggable transport in the
      state file, we should instruct the pluggable transport proxy to
      listen on INADDR_ANY on a random ephemeral port. */
  tor_asprintf(&default_addrport, "%s:%s", fmt_addr32(INADDR_ANY), "0");
  return default_addrport;

Instead of using fmt_addr32(INADDR_ANY), we should use fmt_addrport and suggest [::] if we need to use IPv6. We should probably suggest an IPv6 address, if our ORPort is IPv6 (what if we have both kinds of ORPorts?).

Implementation of this should not be hard. I can do it one of these days.

#12155 Support fully incremental TBB developer builds new tbb-team defect Medium

We should figure out some way to make it less painful for newcomers to create dev builds for testing patches against TBB, especially for Firefox.

Right now, developing patches for TBB requires waiting for an end-to-end Gitian build. We added support for rebuilding only select components of the bundle, but we could take this a step further by allowing incremental builds without having to rebuild everything in a given component.

There are several ways to accomplish this. The easiest will be if we allow partial rebuilds without preserving the reproducibility property. This will be the parent ticket for all manner of ways of doing this, reproducible or not.

#12162 Youtube hotlinking blocked new zyan defect Medium

vBulettin, hotlinked youtube videos are blocked with https everywhere turned on.

#12164 Users with no network obstacles are emailing us instead of clicking connect new brade defect Medium

In the initial dialog window for tor-launcher got reworded to make it clearer that most users should just click 'Connect'.

Clarifying the text was not enough, apparently, because users continue to encounter the initial dialog window, and get confused whether they should 'Configure' or 'Connect'.

Many users are not accustomed to being faced with a decision to make upon starting their browser. However, autoconnecting is not a good solution, as connecting to Tor directly in some regions could put users in real jeopardy.

I suspect that some users do not fully read or fully process the descriptions of these two paths before they contact the help desk.

I think the initial tor-launcher dialog should provide visual cues that direct most users to the 'connect' path and high-risk users to the 'configure' path.

To give some examples of more intuitive designs, changing the size or color of the buttons could be effective. Using a widget besides a button to enter the 'configure' path might also be an improvement.

#12184 Circuit on detached list which I had no reason to mark needs_information defect High Tor: unspecified

I still get this in combination with other warnings. Using FreeBSD 10, with OpenSSL 1.0.1, Tor (git-d2147cc7ba5c5d51).

Jun 01 09:35:49.000 [warn] No unused circIDs found on channel without wide circID support, with 0 inbound and 11 outbound circuits. Found 0 circuit IDs in use by circuits, and 64 with pending destroy cells.Failing a circuit.
Jun 01 09:35:49.000 [warn] failed to get unique circID.
Jun 01 11:17:45.000 [warn] No unused circIDs found on channel without wide circID support, with 0 inbound and 14 outbound circuits. Found 0 circuit IDs in use by circuits, and 64 with pending destroy cells.Failing a circuit.
Jun 01 13:11:58.000 [warn] No unused circIDs found on channel without wide circID support, with 0 inbound and 6 outbound circuits. Found 0 circuit IDs in use by circuits, and 64 with pending destroy cells.Failing a circuit.
Jun 01 13:11:58.000 [warn] failed to get unique circID. [12 similar message(s) suppressed in last 9600 seconds]
Jun 01 13:37:42.000 [notice] Heartbeat: Tor's uptime is 1 day 0:00 hours, with 26180 circuits open. I've sent 901.07 GB and received 858.20 GB.
Jun 01 13:37:42.000 [notice] Average packaged cell fullness: 99.170%
Jun 01 13:37:42.000 [notice] TLS write overhead: 4%
Jun 01 13:37:42.000 [notice] Circuit handshake stats since last time: 1759080/1759080 TAP, 117360/117360 NTor.
Jun 01 19:37:42.000 [notice] Heartbeat: Tor's uptime is 1 day 6:00 hours, with 24593 circuits open. I've sent 1167.66 GB and received 1110.36 GB.
Jun 01 19:37:42.000 [notice] Average packaged cell fullness: 99.179%
Jun 01 19:37:42.000 [notice] TLS write overhead: 4%
Jun 01 19:37:42.000 [notice] Circuit handshake stats since last time: 2056892/2056893 TAP, 136701/136701 NTor.
Jun 02 01:37:42.000 [notice] Heartbeat: Tor's uptime is 1 day 12:00 hours, with 13869 circuits open. I've sent 1395.03 GB and received 1329.05 GB.
Jun 02 01:37:42.000 [notice] Average packaged cell fullness: 99.181%
Jun 02 01:37:42.000 [notice] TLS write overhead: 4%
Jun 02 01:37:42.000 [notice] Circuit handshake stats since last time: 943086/943086 TAP, 86362/86362 NTor.
Jun 02 04:03:15.000 [warn] void circuit_unlink_all_from_channel(channel_t *, int)(): Bug: Circuit on detached list which I had no reason to mark
#12190 Pyptlib does not join args or optargs correctly in ClientTransportPlugin.reportMethodSuccess new asn defect Low

In ClientTransportPlugin.reportMethodSuccess, the code for joining the params args and optargs is wrong. The args and optargs params are defined as strings when they should be lists of strings. Current code

        if args and len(args) > 0:
          methodLine = methodLine + ' ARGS=' + args.join(',')
        if optArgs and len(optArgs) > 0:
          methodLine = methodLine + ' OPT-ARGS=' + args.join(',')

Fixed Code

        if args and len(args) > 0:
          methodLine = methodLine + ' ARGS=' + ','.join(args)
        if optArgs and len(optArgs) > 0:
          methodLine = methodLine + ' OPT-ARGS=' + ','.join(optArgs)

Also the documentation for the types of args and optArgs should be changed to lists.

#12201 Don't weight by bandwidth when selecting among bridges needs_information defect Medium Tor: unspecified

In choose_random_entry_impl() we have:

  if (entry_list_is_constrained(options)) {
    /* We need to weight by bandwidth, because our bridges or entryguards
     * were not already selected proportional to their bandwidth. */
    node = node_sl_choose_by_bandwidth(live_entry_guards, WEIGHT_FOR_GUARD);

This means that bridges are also selected proportional to their bandwidth. However, since there is no bandwidth authorities for bridges their bandwidth is self-reported and potentially a lie. For this reason, it's probably not a good idea to use those values during path selection, since an evil bridge can try to dominate the guard probability.

Fortunately, we also have bridge_get_advertised_bandwidth_bounded() which bounds bridges bandwidth between 20kB/s and 100kB/s. So the danger can't be that great.

Still, it might be a better idea to pick amongst bridges in a uniform random way.

#12204 Revisit flags passed to entry_is_live() around entrynodes.c new defect Low Tor: unspecified

It seems that we are almost always passing need_capacity=True to entry_is_live().

The only case where we don't, is in choose_random_entry_impl() where we actually pick an entry guard. In that case, we pass whatever cpath_build_state_t.need_capacity is set to (which makes sense).

However, in other calls, like the one at entry_guard_register_connect_status(), we always call entry_is_live() with need_capacity set to true. Is this needed?

In entry_guard_register_connect_status(), if we just connected for the first time to a new guard, we re-activate all the previous live guards since it might be a sign that our network was down and it just came back up. However, since entry_is_live() is used with need_capacity we only reactivate the Fast guards.

However, as I understand it, there is no requirement that guards need to be Fast. So it might be the case, that if our primary guard is not fast, we don't reactivate it.

#12216 Google Services rule prevents playback on new zyan defect Medium

The Google Services rule prevents playback on

Versions in use: Firefox 29.0.1 on Windows 7 (all updates installed) HTTPS Everywhere 3.5.1

To reproduce:

Install HTTPS Everywhere, leave default settings. Navigate to and press Play button to begin a given station's playback

Expected Results: Station loads a song, and it plays; play button changes to pause button

Actual Results: Play button changes to pause button, but no song is loaded

Workaround: Disable the rule 'Google Services' in HTTPS Everywhere preferences

#12218 toolbar_button.js should do more null checks needs_review zyan defect Low

I have installed it on WinXP, Win7, Linux(Ubuntu) in Firefox 29.0.1. On XP, I see a long list of rules in the preferences screen. On Win7 and Linux, the rule list is empty. I have tried reinstalling and restarting, but to no avail. I can't tell if it's actually doing anything or not without any rulesets...

#12220 Give a better warning on header/library mismatch for openssl assigned defect Medium Tor: unspecified

Reported by Vinod:

I am getting the following error building tor- on my Mac (10.6.8
Snow Leopard, g++ 4.8.1_3, openssl 1.0.1h)

Undefined symbols for architecture x86_64:
  "_SSL_set_session_secret_cb", referenced from:
      _tor_tls_session_secret_cb in libor-crypto.a(tortls.o)
      _tor_tls_new in libor-crypto.a(tortls.o)
  "_EVP_aes_128_ctr", referenced from:
      _aes_new_cipher in libor-crypto.a(aes.o)
ld: symbol(s) not found for architecture x86_64
collect2: error: ld returned 1 exit status
make[1]: *** [src/or/tor] Error 1
make: *** [all] Error 2

He says he's building from the tarball. I asked him to check if tarball has the same issue and he says it does.

#12228 HTTPS everywhere in Chrome breaks new zyan defect Medium

try opening any popup on the page to view details on an item. Or use the search box and try clicking on the results items (nothing happens). Had to disable it to use the site.

I saw an error in the console about jquery.min.js not found, not sure if that is related.

#12248 Zillow rules prevent home map from loading new zyan defect Medium

Type an address into Zillow. You should see the neighborhood with the house you listed selected, and prices on the neighboring lots. You should be able to click neighboring lots and receive information about the home/lot you clicked on. None of this works when HTTPS Everywhere's "Zillow (partial)" rule is in effect. Toggling this rule makes things work again.

Using Firefox, but I didn't see that option in the component dropdown.

#12251 Bug 9981 (CodeSkulptur - Google APIs) may be back new zyan defect Medium

An old bug (9981) where a Google API rule seems to break (Used in MOOC classes) seems to be back.

Disabling rule does not eliminate problem, but disable Google API does. Looking at XML text for CodeSkulptur gets an error "Unable to download source." URL asks for "Filename: null ...src/chrome/content/rules/null. Can successfully get XML for other rules.

Disable ALL, or disable HTTPS-Everywhere also makes problem go away.

FireFox 29.0.1 Win XP SP3+, NoScript, HTTPS Everywhere 3.5.1 June 2014.

#12255 Polygon images fail to load new zyan defect Low

Images on fail to load with HTTPS-Everywhere enabled. Version 4.0development.17 (which I don't see on the dropdown list of versions) on Firefox 29.0.1.

#12261 Flash Player Crashes new zyan defect Medium

When https everywhere extension is enabled with Chrome on and Flash player crashes and videos don't play and they do not show on to the webpage. When the extension is disabled no issues with flash player crashing.

If I use Firefox I don't have the same issues.

#12299 Do not verify inputs if no policy is specified new hellais defect Medium

At 2013-09-12 12:20:23 Arturo Filastò wrote: @aagbsn pointed out in #199 that we need to not verify inputs if no policy is specified.

This issue was automatically migrated from github issue

#12375 https everywhere breaks new zyan defect Medium

I suddenly had trouble using the site. The Flash app would show an error loading the configuration. When I submitted a support ticket to speedtest they asked if I was using https everywhere and that if I was to disable it. After checking my own solution I told them that disabling https everywhere just for also worked.

I'm sorry but I don't know how to fill in most of the other fields. The HTTPS Everywhere version is the current one, 3.5.1, but it doesn't appear in your Version dropdown. The other fields ask for information that I can't provide!

#12377 get_interface_address6() behaviour iff all interface addresses are internal new defect Medium Tor: unspecified

First, let us assume that all network interfaces for IP host that runs Tor instance are internal as judged by tor_addr_is_internal() function.

There is the following code in get_interface_address6() function.

  /* Try to do this the smart way if possible. */
  if ((addrs = get_interface_addresses_raw(severity))) {
    int rv = -1;
    SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a) {
      if (family != AF_UNSPEC && family != tor_addr_family(a))
      if (tor_addr_is_loopback(a) ||

      tor_addr_copy(addr, a);
      rv = 0;

      /* If we found a non-internal address, declare success.  Otherwise,
       * keep looking. */
      if (!tor_addr_is_internal(a, 0))

    SMARTLIST_FOREACH(addrs, tor_addr_t *, a, tor_free(a));
    return rv;

Caller will get the last entry from a interface address smartlist. Is this okay?

#12380 HTTPS-E 3.5.3 Breaks Flash Player Settings Manager new zyan defect Medium

Appears to make it so one can not access the online Flash Player Settings Manager due to it blocking mixed content. Disabling HTTPS Everywhere allows one to access it.

Thank you.

#12381 Pluggable Transports + proxy is not working on Windows with TBB 3.6.2 needs_revision asn defect High

While PTs + proxy are working fine on Linux and Mac OS X they are broken on Windows:

12.06.2014 14:22:10.893 [WARN] Managed proxy failed to configure the pluggable transport's outgoing proxy. (We don't have txsocksx. Can't do proxy. Please install txsocksx.) 
12.06.2014 14:22:10.894 [WARN] Managed proxy at 'Tor\PluggableTransports\obfsproxy' failed the configuration protocol and will be destroyed. 
#12384 Google APIs rule breaks this website new zyan defect Medium

Google APIs rule breaks this website:

Reproduced in Chrome and Firefox.

Chrome 35.0.1916.153 with HTTPS Everywhere 2014.4.25 Firefox 24.6.0 with HTTPS-Everywhere 3.5.1

Regards, NewEraCracker

#12387 (Some) Pluggable Transport binaries are not stripped assigned mikeperry defect Medium

Mike mentioned the other day that (some) Pluggable Transport binaries are not stripped. We should make sure that is the case to make the TBBs not larger as needed.

#12389 Should we warn when exit nodes are using opendns or google dns? needs_revision nickm defect Medium Tor: unspecified

Somewhat related to discussion on #8093 -- people are still setting up exit nodes to use OpenDNS or Google DNS. Is that really a safe idea? That makes it distressingly easy for these DNS services (or anybody watching them) to get timing information on user DNS requests.

Furthermore, the default OpenDNS configuration blocks some stuff. If we don't warn about OpenDNS in general, maybe we should warn when configuring an OpenDNS server in a way that hasn't disabled blocking.

#12393 adjust Standalone Vidalia packages for TBB 4.x new erinn defect Medium

I am not sure, but the Standalone Vidalia packages may need to be adjusted to account for the directory restructuring that was done as part of #11641. The current plan is to not ship a TBB that uses the new layout until 4.0, but I am filing this ticket so we do not forget to check.

Erinn - do the Standalone Vidalia bundles depend on the location of torrc and other files?

#12395 Silverlight crashes on Netflix, fixed by disabling Facebook or Microsoft (partial) rules new zyan defect Medium

When trying to stream video on Netflix, Silverlight crashes in Chrome, gives me a Netflix error code in Firefox. Works just fine in IE 11. Running Windows 8.1, x64.

Problem is resolved when: Disabling HTTPS Everywhere completely Disabling Facebook rule Disabling Microsoft (partial) rule

#12397 Tor Browser should proactively identify missing dependencies and suggest resolution new erinn defect Medium

See ticket #10789 for examples of where odd failures due to missing symbol dependencies occur and cause user confusion. If Tor Launcher identified missing dependencies and suggested resolution much end user support confusion and overhead would be reduced.

NOTE: this is specific to Win32/Win64 environments. The same may be applicable in *nix environments but so far has not been problematic to the degree that Windows environments have been.

#12399 Hash of session info was not as expected new defect Medium Tor: unspecified


[warn] Hash of session info was not as expected.

on fast relays, both exits and non exits (ndnr1, DFRI0, DFRI2) several times today. First one spotted at Jun 14 00:26 CEST.

These are on Linux and FreeBSD, versions and respectively.

#12401 Document EntryGuardPathBias in doc/state-contents.txt assigned mikeperry defect Low Tor: unspecified

We should document the newly added EntryGuardPathBias and EntryGuardPathUseBias to doc/state-contents.txt.

#12411 Orbot broke using DNSPort reopened n8fr8 defect Medium

Orbot completely breaks networking, if you have firewall scripts which don't allow leaks.

THIS MEANS THAT ORBOT IS LEAKING LIKE THE FUCKING PENTAGON PAPERS, EXCEPT NOT IN A GOOD WAY. This is because Orbot (as of and later) sets `DNSPort 0`, which disables tor's DNSPort entirely. This means that people who use iptables scripts outside of Orbot (as described in Mike Perry's recent blog post) to redirect UDP DNS traffic to the DNSPort cannot do so. It also means that every other application will leak traffic all over the place. Currently, the only way to fix this mess is to force stop and uninstall Orbot, download an older (14.0.1) .apk onto another device, and copy it over manually to the broken one to reinstall it. This is ridiculous. You're practically bricking people's devices, and you're forcing them to jump through extreme hoops to preserve their anonymity.

#12412 Orbot broke using TransPort new n8fr8 defect Immediate

Orbot (as of and later) sets `TransPort 0`, which disables tor's TransPort entirely. This means that people who use iptables scripts outside of Orbot (as described in Mike Perry's recent blog post) to redirect TCP traffic to the TransPort cannot do so. Related, see #12411.

Leaks are not the problem; they are the symptom. --Heather Brooke

#12418 TBBs with UBSan create lots of errors when running assigned tbb-team defect Medium

When running TBBs (based on ESR 24) built with UBSan we get loads of errors which look like:

/home/ubuntu/build/tor-browser/js/src/jsobj.cpp:1008:17: runtime error: load of value 120, which is not a valid value for type 'bool'
pkix_pl_object.c:580:31: runtime error: left shift of 4276994303 by 32 places cannot be represented in type 'long int'
/home/ubuntu/build/tor-browser/db/sqlite3/src/sqlite3.c:62742:22: runtime error: left shift of 173 by 24 places cannot be represented in type 'int'
/home/ubuntu/build/tor-browser/layout/style/nsCSSParser.cpp:4861:53: runtime error: load of value 128, which is not a valid value for type 'bool'
/home/ubuntu/build/tor-browser/layout/style/../base/nsStyleConsts.h:27:12: runtime error: load of value 4, which is not a valid value for type 'Side'
/home/ubuntu/build/tor-browser/layout/style/nsCSSParser.cpp:6181:3: runtime error: load of value 4, which is not a valid value for type 'Side'
/home/ubuntu/build/tor-browser/layout/style/nsCSSParser.cpp:7962:5: runtime error: load of value 4, which is not a valid value for type 'Side'
/home/ubuntu/build/tor-browser/dom/workers/Workers.h:81:18: runtime error: load of value 4294967295, which is not a valid value for type 'JSGCParamKey'
/home/ubuntu/build/tor-browser/dom/workers/Workers.h:135:23: runtime error: load of value 4294967295, which is not a valid value for type 'JSGCParamKey'
#12435 HTTPS Everywhere HDTracks issue new zyan defect Medium

Enabling HTTPS Everywhere in FireFox prevents music samples from playing on HDTracks. That makes it pretty useless on that site. They already use https for checkouts.

#12436 Mail archive lint new defect Medium

Some messages in the gzip pipermail archives ( lack the correct metadata and format for what would otherwise be full use by MUA's.

If the full raw archives exist, it may be easier to see what reimporting with current mailman tools looks like.

From a concatenation of the three main lists: dev, relays, talk (the others were not checked and may suffer as well)

There is...

#12441 Add use cases for each tor-launcher option. new brade defect Medium

It's pretty common to hear things like "I don't know what any of the 'Configure' options mean." It would help users if each Tor launcher option briefly described a situation where using it would be necessary. For example:

  • This computer needs to use a proxy to access the Internet. Only select if you can't use your regular browser without setting a proxy.
  • This computer goes through a firewall that only allows connections to certain ports. This applies at some universities and large companies.
  • My Internet Service Provider (ISP) blocks connections to the Tor network. Users in China need this option.

These are only examples of how the strings could be modified.

#12447 HTTPS Everywhere causes Firefox to crash on OS X new zyan defect Medium

I’ve been having problems with Firefox crashing periodically.  After a fair amount of testing, I’ve determined that it is related to HTTPS Everywhere.

Steps to reproduce the issue:

starting with all add-ons disabled, I enable HTTPS Everywhere I restart Firefox as required The crash reporter indicates that Firefox has crashed I choose the ‘Restart Firefox’, which it does.  No additional crashes occur after this point.

The crash report’s text:

AdapterDeviceID: 0x fd5 AdapterVendorID: 0x10de Add-ons:,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0 BuildID: 20140605174243 CrashTime: 1402845293 EMCheckCompatibility: true EventLoopNestingLevel: 3 FramePoisonBase: 7ffffffff0dea000 FramePoisonSize: 4096 InstallTime: 1402515559 Notes: AdapterVendorID: 0x10de, AdapterDeviceID: 0x fd5GL Layers! GL Context? GL Context+ GL Layers+ ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384} ProductName: Firefox ReleaseChannel: release SecondsSinceLastCrash: 363 StartupTime: 1402845291 Theme: classic/1.0 Throttleable: 1 URL: about:addons Vendor: Mozilla Version: 30.0 useragent_locale: en-US

This report also contains technical information about the state of the application when it crashed.

I’m using HTTPS Everywhere 3.5.1 with Firefox 30.0 on OS X Mavericks (10.9.3 build 13d65).

#12449 Firefox is insecure, it can't used with Tor new tbb-team defect Medium

Firefox is insecure, no sense to use it with Tor. It ruins everything: privacy, anonymity. #10631 +, etc, makes browser most danger process in system that runs privacy related software.

#12450 Network down race condition might lead to primary guards getting skipped assigned defect High Tor: unspecified

The behavior at:

tries to ensure that if our network is down, and connections to already existing guards fail, when the network is back up we will still try to connect to the guards on the top of our list.

It does so, by checking whether the guard we connected to is a newly added one. If it is so, it assumes that this guard was added because all our previous guards were found to be down, which might be a sign of the network being down. So if that's the case, the code walks our guard list and marks all the previous guards as to be retried.

This usually works fine, but consider the case where we have 60 guards in our guard list, and the network goes back up when we walk through the 50th guard. If that's the case, the code at doesn't get triggered because first_contact is not true, and we still stay connected to the 50th guard.

This sounds like a bug, since we should try to connect to our primary guards (the ones at the top of the list) even then.

#12454 many PT components ship with "test" or "tests" directories new dcf defect Medium

I am not sure if this is a PT packaging issue or a TBB build issue (and I don't know who should own this bug).

On Mac OS – and probably on all platforms – within the installed TBB 3.6.2 app bundle there are many directories named "test" or "tests", all located under Tor/PluggableTransports. Is it safe to remove these directories and the files they contain? It seems like a waste of space / added complexity to ship extra files that are (presumably) not used in TBB.

./Tor/PluggableTransports/fte/tests ./Tor/PluggableTransports/fteproxy/tests ./Tor/PluggableTransports/obfsproxy/test ./Tor/PluggableTransports/ometa/test ./Tor/PluggableTransports/terml/test ./Tor/PluggableTransports/twisted/application/test ./Tor/PluggableTransports/twisted/conch/test ./Tor/PluggableTransports/twisted/internet/test ./Tor/PluggableTransports/twisted/lore/test ./Tor/PluggableTransports/twisted/mail/test ./Tor/PluggableTransports/twisted/manhole/test ./Tor/PluggableTransports/twisted/manhole/ui/test ./Tor/PluggableTransports/twisted/names/test ./Tor/PluggableTransports/twisted/news/test ./Tor/PluggableTransports/twisted/pair/test ./Tor/PluggableTransports/twisted/persisted/test ./Tor/PluggableTransports/twisted/protocols/test ./Tor/PluggableTransports/twisted/python/test ./Tor/PluggableTransports/twisted/runner/test ./Tor/PluggableTransports/twisted/scripts/test ./Tor/PluggableTransports/twisted/test ./Tor/PluggableTransports/twisted/trial/_dist/test ./Tor/PluggableTransports/twisted/trial/test ./Tor/PluggableTransports/twisted/web/test ./Tor/PluggableTransports/twisted/words/test ./Tor/PluggableTransports/txsocksx/test ./Tor/PluggableTransports/zope/interface/common/tests ./Tor/PluggableTransports/zope/interface/tests

#12456 Implement prop229 ("Further SOCKS5 extensions") assigned defect Medium Tor: unspecified

In proposal 229, Yawning describes a few improvements to the SOCKS5 protocol for better use by Tor-aware tools.

We should implement that.

(I'm putting this ticket in 0.2.??? since I don't think I'll be able to do it on an 0.2.6 timeframe, but if somebody else does the coding, it might be able to get done sooner.)

#12472 HTTPS-Everywhere should not dump URLs to stdout by default new zyan defect High

On many systems including MacOS and several Linux Desktops, the console output of Firefox ends up written to disk. Since HTTPS-Everywhere can log urls at any loglevel, this means that the user's browsing activity ends up on disk in these logs as well.

We should make a log scrubber for removing/omitting these urls either above a certain loglevel setting, or if a separate pref is set.

#12477 HTTPS Everywhere crashes Shockwave Flash in Iron new zyan defect Medium HTTPS-E next Chrome release

Using version 35.0.1900.0 (280000) of SRWare Iron, an offshoot of Chrome. When HTTPS Everywhere is enabled it seems to cause Shockwave Flash crashing on various websites' players such as

I'm using the version of HTTPS Everywhere I downloaded off of Chrome's extension store.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Note: See TracQuery for help on using queries.