Custom Query (4978 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (901 - 1000 of 4978)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Ticket Summary Status Owner Type Priority Milestone
#13121 App Conflict new n8fr8 defect Low
Description

Please disable this app in Android: -> settings-> Apps if you are having problems with Orbot: com.sec.msc.nts.android.proxy

#13140 ooniprobe should realise that the system is out of memory needs_review hellais defect Medium
Description

Currently if you run a test like bridge_reachability and the system runs out of memory the kernel will start randomly killing tor processes. ooniprobe should detect that it is running out of memory and:

1) Print a warning message

2) Stop starting new measurements until the memory usage goes below the critical level

#13147 Curious debian hurd unit test failure new defect Medium Tor: unspecified
Description

0.2.5.7-rc and master fail unit tests on the hurd.

The failing test is util/spawn_background_fail, the reported error is (line 2832 in current master): assert((expected_status) == (process_handle->status)): 1 vs 0.

This only happens when running all unit tests, when I just say src/test/test util/spawn_background_fail, the test passes.

I'm setting this for 0.2.5.x-final because it would be nice to build there for the next release (it's a regression to fail tests against 0.2.4-stable), but if nobody has any ideas I guess we'll defer it

Originally reported by weasel

#13155 I can use an extend cell to remotely determine whether two relays have a connection open new defect Medium Tor: unspecified
Description

Send an extend cell to relay A, listing the address and identity key of relay B but the wrong port.

Relay A calls circuit_extend() for the new cell, which calls channel_get_for_extend(), which tries to figure out if there's a canonical connection already established. To do that, it asks

    if (!channel_is_canonical(chan) &&
         channel_is_canonical_is_reliable(chan) &&
        !channel_matches_target_addr_for_extend(chan, target_addr)) {
      ++n_noncanonical;
      continue;
    }

and channel_matches_target_addr_for_extend() turns into channel_tls_matches_target_method() which basically is

  return tor_addr_eq(&(tlschan->conn->real_addr), target);

It doesn't consider the port. So if there is a canonical channel open, bingo we use it.

But if there isn't one open, then off we go to make one:

      n_chan = channel_connect_for_circuit(&ec.orport_ipv4.addr,
                                           ec.orport_ipv4.port,
                                           (const char*)ec.node_id);

where ec.orport_ipv4.port was set from extend_cell_parse(), i.e. it came from our extend cell. If we specify the wrong port, that connect attempt will fail. Now we can distinguish, remotely, which situation we're in.

#13160 make a deb of meek and get into Debian new dcf defect Medium
Description

aka

apt-get install meek

Speaking for Whonix, this would be very useful. Perhaps for Tails as well, but I am not speaking for them.

#13167 Export dirauth files via directory protocol new defect Medium Tor: unspecified
Description

Metrics downloads a few files (consensus, descriptors, extrainfo, v3 votes) from dirauths for further processing. It'd be good if all these files could be served by Tor directly, as this would alleviate the need for the dirauth ops to take special steps to make these files available.

#13170 network.allow-experiments ~~ FALSE would be better (sane) default new tbb-team defect Medium
Description

trac provides a "version" field, yet I don't see a suitable option

installed: torbrowser-install-3.6.5_en-US.exe help-}aboutTorBrowser: 24.8.0

I'm questioning about:config: network.allow-experiment = true which seems to be an undesirable default

#13185 Orbot still accesses the public Tor network with bridges configured new n8fr8 defect High
Description

I configured Orbot 14.0.8.1 to use bridges, and then set up my upstream firewall to block all connection attempts except to that bridge, yet Orbot still seems to try to connect to many other nodes in the public directory.

Note I have the same configuration on my laptop, and tor does not do this. If bridges are configured, Tor only connects to those IPs.

It should also be possible to observe by inspecting Orbot's connections on your Android device in OS Monitor app's "Connections" tab: https://play.google.com/store/apps/details?id=com.eolwral.osmonitor&hl=en https://f-droid.org/repository/browse/?fdid=com.eolwral.osmonitor

#13198 clean up torbutton use of Mozilla services new tbb-team defect Medium
Description

Most of the invocations to Cc...getService in the torbutton JS code are unnecessary. Writing a patch to clean it up.

#13204 TOR Browser Bundle interprets 'mailto' links as downloads new tbb-team defect Medium
Description

If a 'mailto' link (e.g. mailto:user@…) is clicked, instead of starting a new email in an email client, the TOR Browser Bundle gives the warning:

Tor Browser cannot display this file. You will need to open it with another application. Some types of files can cause applications to connect to the internet without using Tor. To be safe, you should only open downloaded files while offline, or use a Tor live CD such as Tails.

mailto: addresses are not files, and no data can be leaked from clicking on one. To be fixed, this warning should be removed for mailto: addresses and an attempt should be made to open the address in the default system mail client.

#13220 Remember window size and position new tbb-team defect Medium
Description

Hi. Seriously, resizing it everyday gets kinda boring already. So what I'm asking is that you would resize it as you want it and next time you launch Tor Browser it stays like that.

Now it just resets to its jerky default position and size.

#13221 Misleading error messages about bind_ipv4_only and bind_ipv6_only? new defect Low Tor: unspecified
Description
      if (bind_ipv4_only && tor_addr_family(&addr) == AF_INET6) {
        log_warn(LD_CONFIG, "Could not interpret %sPort address as IPv6",
                 portname);
        goto err;
      }

Is this warn mixed up? Same with the one below it.

#13231 Tor(Windows) don't close ports when killed from service control new defect Medium Tor: unspecified
Description

Reproduce steps:

  1. Extract Tor Browser bundle, and copy "Tor" folder to any directory.
  2. Install tor.exe as a service. Wait about 1 minute.
  3. Open "services.msc". Restart "Tor Win32 service".
  4. Tor failed to restart.

tor.exe was closed, but these sockets are still opened. So Tor can't open its ports. <unknown> PID:xxx Prot:TCP LocalP:9150

Expected result: Tor should close its ports when services.msc order him to stop.

#13234 Consensus Algorithm Causes Flip-Flopping new defect Medium Tor: unspecified
Description

I had a relay running on 94.23.214.156. It's an unmetered VPS that is NATed with other VPSes, so everyone ends up with the same IPv4 address, but on different ports with port forwarding. Everyone gets their own IPv6 address, but AFAIK, you can't run a relay without IPv4.

This was fine initially, as my relay just ran on a high-numbered port. Currently, there are two other relays using the same IP. This apparently causes the consensus algorithm to flip-flop, keeping any of the relays from becoming stable.

To mitigate this, I've disabled my relay, but this is a less than ideal situation, especially if someone else starts running a relay.

Relevant IRC discussion:

<Sebastian> well, this situation totally sucks.
<Sebastian> I think it is a Tor bug, too.
<Sebastian> because the dirauths disagree on who they think should go in the consensus
<Sebastian> so there's flopping
<pipeep> Ouch.
<Sebastian> so of the three relays doing potentially useful things, zero are useful atm
<pipeep> Sebastian, well, I can shut down my relay for now, so at least there won't be any flip-flopping.
<pipeep> And I can contact one of the two other relay operators, and we can decide based on who has the beefier box
* galex-713 has quit (Ping timeout: 480 seconds)
<pipeep> The other one didn't appear to put valid contact information
<Sebastian> that would be nice. You can also file a Tor bug with the information so other people can see that this is an issue

...

<pipeep> Sebastian, what's the issue exactly? That the consensus algorithm is unstable?
<Sebastian> that's one of the issues, the other issue is imo the restriction to two relays/IP itself
#13236 investigate Firefox SSL for things that might allow user tracking new tbb-team defect Medium
Description

From a comment by Patrick McManus:

(In reply to David Keeler (:keeler) [use needinfo?] from comment #5)

mcmanus, are there other TLS features that are enabled by default that would allow tracking users? (The aim of this bug is to add an option that would prevent that sort of thing.)

sure - at various levels of granularity. None as extreme as session tickets. Anything that keeps state, right?

some that come to mind:

  • the version intolerance cache
  • our false start behavior involves "have I seen this algorithm before"
  • the hsts database
#13260 Transform code to cleaner c99 style new defect Low Tor: unspecified
Description

For #13233, we added a loose c99 requirement for building Tor. If we decide to keep it through the 0.2.6.x series, we can beautify our code a little.

#13270 spam in torproject.org wiki / consider automated spam prevention assigned hiro defect Medium
Description

https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO?action=diff&version=515

Removed this two or three times already. Manually repeating this is getting boring.

Looks like a manual rather than automated spam.

Maybe for start it would be sufficient to ban the erictenne user account.

#13297 compute_weighted_bandwidths() broken for dirauths new defect Medium Tor: unspecified
Description

I suspect that compute_weighted_bandwidths() is broken for dirauths. All the booleans is_guard, is_exit, etc. are populated according to the node_t.

However, nodelist_set_consensus() which creates those node_ts does not fill in those fields if we are a dirauth:

    if (!authdir) {
      node->is_valid = rs->is_valid;
      node->is_running = rs->is_flagged_running;
      node->is_fast = rs->is_fast;
      node->is_stable = rs->is_stable;
      node->is_possible_guard = rs->is_possible_guard;
...

I don't think this has any big implications, but dirauths are probably doing the wrong path selection. Maybe it's more important if someone is doing bwauth measurements using the dirauth code (if that even makes sense).

#13304 AWS Ruleset Breaks Amazon Previews and Cart new zyan defect Medium
Description

Enabling the Amazon Web Services ruleset breaks Amazon.com/.ca in the following ways:

  • cannot select different preview pictures or bring up the pictures overlay
  • quantity selection in the cart is broken
  • cannot get estimates for shipping/tax

Tested on Firefox 28.0 (HTTPS-E 4.0.1) and Chrome 37.0.2062 (HTTPS-E 2014.9.1).

#13307 Tor Browser might crash on Windows if opened from a USB drive. needs_information tbb-team defect Medium
Description

A Windows user reported to the help desk that they experienced a crash when opening Tor Browser from a USB drive, complete with "Windows is searching for a solution to the problem..." dialog (this is the default message Window gives out when any running program crashes). This person said that opening Tor Browser from the Desktop worked fine for them, and they only experienced the problem opening Tor Browser from USB. It sounded like they got this message before TorLauncher started.

#13308 Partial Rule for CNBC breaks the controld on flash video new zyan defect Medium
Description

The partial rule for CNBC ("CNBC - partial") breaks the controls for the Flash object video. With the rule enabled, the flash video appears and starts up, but does not contain the controls, and there is no way to pause the video

Using HTTPS-Everywhere 4.0.1

Disabling the rule allows the control panel to appear

Discovered with: URL: http://www.cnbc.com/id/102035634

The video is a round table discussion

The object reports the player as

thePlatform PDK

with a version:

5.5.3.359507 (2014-08-28 10:04 am)

I am using updated flash:

15.0.0.152

#13309 Make it clearer that the Tor Browser update download is happening over Tor new tbb-team defect Medium
Description

The new update download dialog in Tor Browser 4.0 looks like an operating system dialog that is making a network connection. Normally when one sees an operating system dialog making a network connection, whatever update or whatever is happening doesn't happen over Tor. With Tor Browser, that's not true, as the download does indeed take place over Tor. We should make this clear to our users to assuage doubt.

#13330 citizenaudit.org doesn't work in Tor Browser new tbb-team defect Medium
Description

It's possible to visit the citizenaudit.org website and login, search, etc, but in Tor Browser it's not possible to download files. When clicking on the link to a file, it launches the pricing page. If you right click on a file and save as, it just downloads some html page. I tried disabling HTTPS-E in case it was some issue there, but it persists. I'm not sure if the website itself is broken, if this is specific Tor (network) behavior, or what, but the same actions do work as expected in Chrome.

(Unfortunately, I'm not sure how to give steps to reproduce this unless someone is in possession of a functional login for this website.)

#13332 Cannot log in to lang-8.com (SNS for language learners) using Tor Browser. new tbb-team defect Medium
Description

I am trying to use the website Lang-8 (a social networking site for language learning) with tor browser. I can create an account but I cannot log in. Whenever I enter my user name and password on the lang-8 login page, I am redirected back to the welcome page of the site and I do not appear to be logged in.

I do not get any kind of error message, so I don't think that the site is deliberately blocking tor.

I have tried both Tor Browser version 3.6.6 and 4.0-alpha-3; the problem occurs with both versions.

First I thought that maybe https-everywhere is to blame, but disabling it does not solve the problem.

After some experimentation, I discovered that if I disable the NoScript extension in Tor Browser (via the Addons menu item in Firefox), I can log in to lang-8 successfully. So it seems that NoScript is causing the problem.

Of course, turning off NoScript is not a viable long-term solution. I tried turning on NoScript again, but adding a regexp matching lang-8 urls to the NoScript XSS protection whitelist, but this didn't help.

See also this question on tor stackexchange.

#13333 Android users visiting sites using Tor leave all kinds of incriminating evidence in the logs assigned n8fr8 defect Medium
Description

People using Tor on Android use User-Agents with all kinds of incriminating evidence such as:

"Mozilla/5.0 (Linux; Android 4.1; Nexus 7 Build/JRN84D) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19"

"Mozilla/5.0 (Linux; U; Android 4.2.2; es-us; HUAWEI Y320-U151 Build/HUAWEIY320-U151) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30"

"Mozilla/5.0 (Linux; U; Android 2.3; en-us; GT-I9100 Build/GRH78) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"

These are examples with the least personal information in them and they may or may not be from a popular hidden service.

I am not sure who's software or project is responsible for this but it does not exactly make these people "blend in"

#13347 TicketMaster stadium view does not load new zyan defect Medium
Description

Tried to buy tickets to FC Dallas soccer game. Most of the page loads, but the fancy graphics section that shows you the stadium map and lets you click on the seats did not load.

Disabled only HTTPS Everywhere extension and stadium view loaded fine.

Link is below. (It may not work after the game occurs on Oct 12th, 2014)

http://www.ticketmaster.com/fc-dallas-vs-la-galaxy-frisco-texas-10-12-2014/event/0C004C309CF4AC40?artistid=805930&majorcatid=10004&minorcatid=11

Or click under "Single Game Tickets" on http://www.fcdallas.com/tickets

HTTPS Everywhere 2014.9.11 Chrome Version 37.0.2062.124 OSX 10.9.5

#13367 Rate limit gyroscope sampling frequency on FF mobile new tbb-team defect Medium
Description

By the time we get around to an official mobile port, we should double-check that Mozilla has reduced the sampling rate of the gyroscope on Android: http://crypto.stanford.edu/gyrophone/files/gyromic.pdf

#13378 Addon icons get added/reordered in the toolbar reopened tbb-team defect Medium
Description

In #13318, we tried to set a specific ordering of our addons by setting browser.uiCustomization.state. Unfortunately, because our addons get installed at browser first run, this pref is getting altered and addons are installing themselves into the toolbar anyway, and in an order we do not control. This causes the browser.uiCustomization.state pref to get reset.

Ideally, we'd be able to enforce this pref's original values upon addons after their installation. Unfortunately, resetting this pref to its original default value does not take effect until after browser restart. We need to somehow tell the browser to reorganize the addons back to this default state after their installation.

#13383 Building Tor-Browser fails on mac (using vagrant) because of locale parsing issue new tbb-team defect Medium
Description

When building TorBrowser on a Mac, after building the the VM and fetching all the prerequisites, calling USE_LXC=1 TORSOCKS='' ./mkbundle-mac.sh reliably fails with an error like this:

+ sudo vmbuilder kvm ubuntu --rootsize 15360 --arch=i386 --suite=lucid --addpkg=openssh-server,pciutils,build-essential,git-core,subversion --removepkg=cron --ssh-key=var/id_dsa.pub --ssh-user-key=var/id_dsa.pub --mirror=http://127.0.0.1:3142/archive.ubuntu.com/ubuntu --security-mirror=http://127.0.0.1:3142/security.ubuntu.com/ubuntu --dest=base-lucid-i386 --flavour=virtual --firstboot=/home/vagrant/gitian-builder/target-bin/bootstrap-fixup
2014-10-11 12:42:16,499 INFO    : Calling hook: preflight_check
2014-10-11 12:42:16,507 INFO    : Calling hook: set_defaults
2014-10-11 12:42:16,509 INFO    : Calling hook: bootstrap
2014-10-11 12:44:25,274 INFO    : Calling hook: configure_os
Extracting templates from packages: 100%
2014-10-11 12:44:59,169 INFO    : update-alternatives: error: no alternatives for rsh.
2014-10-11 12:44:59,298 INFO    : update-alternatives: error: no alternatives for rlogin.
2014-10-11 12:44:59,420 INFO    : update-alternatives: error: no alternatives for rcp.
2014-10-11 12:45:02,231 INFO    : Creating SSH2 RSA key; this may take some time ...
2014-10-11 12:45:02,940 INFO    : Creating SSH2 DSA key; this may take some time ...
2014-10-11 12:45:03,329 INFO    : 
2014-10-11 12:45:03,330 INFO    : Warning: Fake initctl called, doing nothing
2014-10-11 12:45:03,338 INFO    : 
2014-10-11 12:45:03,339 INFO    : Warning: Fake initctl called, doing nothing
2014-10-11 12:45:06,154 INFO    : 
2014-10-11 12:45:06,158 INFO    : Current default time zone: 'Etc/UTC'
2014-10-11 12:45:06,179 INFO    : Local time is now:      Sat Oct 11 12:45:06 UTC 2014.
2014-10-11 12:45:06,179 INFO    : Universal Time is now:  Sat Oct 11 12:45:06 UTC 2014.
2014-10-11 12:45:06,180 INFO    : 
2014-10-11 12:45:06,298 INFO    : Cleaning up
2014-10-11 12:45:07,416 ERROR   : Process (['chroot', '/tmp/tmpvvfwM9', 'locale-gen', 'de_DE.utf-8']) returned 1. stdout: , stderr: 
Traceback (most recent call last):
  File "/usr/bin/vmbuilder", line 24, in <module>
    cli.main()
  File "/usr/lib/python2.7/dist-packages/VMBuilder/contrib/cli.py", line 216, in main
    distro.build_chroot()
  File "/usr/lib/python2.7/dist-packages/VMBuilder/distro.py", line 84, in build_chroot
    self.call_hooks('configure_os')
  File "/usr/lib/python2.7/dist-packages/VMBuilder/distro.py", line 67, in call_hooks
    call_hooks(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/util.py", line 165, in call_hooks
    getattr(context, func, log_no_such_method)(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/ubuntu/distro.py", line 149, in configure_os
    self.suite.set_locale()
  File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/ubuntu/dapper.py", line 351, in set_locale
    self.run_in_target('locale-gen', lang)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/ubuntu/dapper.py", line 327, in run_in_target
    return self.context.run_in_target(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/__init__.py", line 86, in run_in_target
    return util.run_cmd('chroot', self.chroot_dir, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/util.py", line 120, in run_cmd
    raise VMBuilderException, "Process (%s) returned %d. stdout: %s, stderr: %s" % (args.__repr__(), status, mystdout.buf, mystderr.buf)
VMBuilder.exception.VMBuilderException: Process (['chroot', '/tmp/tmpvvfwM9', 'locale-gen', 'de_DE.utf-8']) returned 1. stdout: , stderr: 
cp: cannot stat `base-lucid-i386': No such file or directory
i386 lucid VM creation failed

Turns out that this is an instance of bug https://bugs.launchpad.net/vmbuilder/+bug/338317 cropping up, where a locale (in my case) of 'de_DE.utf-8' was the reason for the problem, as 'locale-gen' needs the locale to be 'de_DE.UTF-8'.

Now I'm not entirely sure what the correct fix for this is. My understanding is that the whole point of gitian is to not contaminate the build system with any of the settings from the host system. In that respect it might be the right course of action to actually filter out environment variables like this when creating the gitian images?

Or it might be that proper casing for LANG variables should be enforced? (Not sure what that means) or perhaps changing the locale parser of locale-gen to accent de_DE.utf-8 as the same as de_DE.UTF-8 might be best?

Some more info, I'm building on Darwin 13.4.0 Darwin Kernel Version 13.4.0: Sun Aug 17 19:50:11 PDT 2014; root:xnu-2422.115.4~1/RELEASE_X86_64 x86_64 via vagrant. Env shows this (filtered to lang relevant environment variables) on the virtual machine which generates the containers to build tbb inside:

$ env
LC_ALL=en_US
LANG=de_DE.utf-8
LC_CTYPE=de_DE.UTF-8

which seems inconsistent at least.

#13386 "opening new log file" line goes to err-logfile despite being at loglevel notice new defect Low Tor: unspecified
Description

Although I might image the rationale behind it, it is still confusing, that lines like

[notice] Tor 0.2.5.8-rc (git-a64f3ab3ee5c433c) opening log file.

are in the err log file for a torrc config like this :

# logging # Log notice file /var/log/tor/notice.log Log warn file /var/log/tor/warn.log Log err file /var/log/tor/err.log

Either the prefix "[notice]" should be changed to "[err]" or probably scrubbed away completely.

#13388 HTTPS-E v4.0.1 breaks Amazon dynamic images (FF 32) new zyan defect Medium
Description

For example, on page: www.amazon.com/gp/product/B00HLSTYNS/

With HTTPS-E enabled, clicking on the small images to the left of the main image does nothing. Mousing over the main image does nothing. Disable HTTPS-E and functionality is restored.

#13396 Enabling Amazon Web Services rule breaks Amazon Instant Video new zyan defect Medium
Description

You should be able to see this at

http://www.amazon.com/gp/product/B00I3MPZUW/ref=aivhp_th_piv_trans_a_TH_s_l_0?pf_rd_p=1947241082&pf_rd_s=center-2&pf_rd_t=101&pf_rd_i=2858778011&pf_rd_m=ATVPDKIKX0DER&pf_rd_r=0TCJSCE24FK3D3SQC2Z3

You'll need an Amazon account. It's the first thing that comes up on the Instant Video page: Transparent Episode 1.

#13400 Canvas Fingerprinting: fonts needs_information tbb-team defect High
Description

As I know, TBB blocks ctx.getImageData. But I think it is not enough. Look at this. https://web.archive.org/web/20141016035848/https://gist.github.com/KOLANICH/00b9145743d841cff4d7 I tried this, the fingerprint survives restart of TBB. I don't know, wheither this fingerprint can be used to identify user's OS (at least it can be used to identify fonts) and hardware, but it is differen than the one generated with the browser in the OS.

#13405 sina weibo login may be break new zyan defect Medium
Description

Sina Weibo.com login will to http://login.sina.com.cn/crossdomain2.php?action=login&entry=miniblog ..., the be to https by Sina.xml. but the page required http://js.t.sinajs.cn/t35/miniblog/static/js/sso.js?version=622145aeb50028e8, it may blocked due to "Blocked loading mixed active content" in Firefox web console, and the got a blank page.

#13410 Disable self-signed certificate warnings when visiting .onion sites reopened tbb-team defect Very High
Description

I suspect it's fairly common (or at least, we hope it's common) for users to type https:// instead of http://.

If an onion site doesn't support HTTPS, the user gets an error page because it can't connect. If it does, the user gets an invalid certificate or mismatched certificate warning. CAs do not (yet?) issue certificates for .onion domains, so there are no valid certificates.

But the security of the .onion URL ensures we're talking to the valid so, so ignoring SSL mis-configurations _should_ be safe, as we already have authenticity, integrity, and confidentiality. Right? Or am I missing something?

#13427 CloudFlare captchas often will not load (TBB Beta 4.0-alpha-3) new tbb-team defect Medium
Description

In TorBrowser Beta (4.0-alpha-3), captchas on CloudFlare's 'confirmation' page fail to be displayed.

IRC exchange in #tor-dev: <sssheep> tor browser people: on many sites, I'm now seeing the cloudflare prompt but without captcha <sssheep> this is on the latest TBB beta <sssheep> I can't even use a captcha to prove my innocence, that part simply isn't there <sssheep> it asks me to enter text when I couldn't possibly <sssheep> indepdendently, it sometimes won't even have that part though. Just "leave a message for the site owner?" <sssheep> it is making it seriously hard to use tor. I'm used to captchas, but not being denied the chance to even use them. Google can sometimes relentlessly throw them at me, even if I answer them correctly, but this CloudFlare-screw-you-even-if-you-are-human policy is entirely new to me <sssheep> is this a TBB bug? <helix> sssheep: I think athena was complaining about that the other day <Benjojo> sssheep: This is not us going against Tor users <sssheep> It certainly feels like it? I don't see this behaviour when I use a non-torified browser, and you're not letting me even have a captcha to prove I'm not a zombie. <Benjojo> This our own security that is trying to protect our users <sssheep> You could at least allow me to fill in a captcha, not taunt by leaving it out but including the input field.. <sssheep> Explain, or something. <sssheep> "You are blocked" is better than beating around the bush and making it look like a one-off bug that can be fixed by refreshing

Attached is a screenshot of the behaviour. Is this a TorBrowser bug, CloudFlare bug, Google reCaptcha bug, or somebody else?

#13429 Can't add exception for unverified SSL certificates in Tor Browser 4.0-alpha-3 new tbb-team defect Medium
Description

Clicking on "Confirm Security Exception" doesn't seem to do anything, and won't add me a security exception, thus can't access a website that requires SSL and has a unverified, or self-signed certificate.

#13433 "Update failed" from 4.0-alpha-3 on 32-bit when I have a large file in my browser tree new tbb-team defect Medium
Description

In Tor Browser 4.0-alpha-3, tonight I clicked Help -> About Tor Browser and then clicked to find updates, and it did, and it downloaded the thing, and then when I went back to the update download window it said "Update Failed. Download the latest version." where the second sentence is a link to https://www.torproject.org/download/download-easy.html

Mike told me I should report it, so here we are.

As a good bug reporter, I should also tell you that I was using the default obfs3 bridges at the time. (Mike says this shouldn't be relevant, but, here we are.)

#13451 Inacurate download information new tbb-team defect Medium
Description

When viewing the download page for a file that has not stoped downloading prematurely, the file size shown shows the total size of the file and not the amount actually downloaded. This can cause someone to think the download was completed successfully when it fact it wasn't. This is new to tor 4.0. Previous versions showed that actual amount downloaded

#13452 Tor Browser 4.0 (Windows) unable to import new CA certificates from file new tbb-team defect Medium
Description

Attempting to import a new CA certificate from a .CER file fails.

The script console reports NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIX509CertDB.importCertsFromFile] certManager.js:510

Regression from Tor Browser Bundle 3.6.6 and all prior versions (which imported the same cert without error).

Firefox 34.0 has no problem importing the CA certificate either.

#13453 circular link, outdated info on orbot info page new n8fr8 defect Low
Description

page I'm referencing is: https://guardianproject.info/apps/orbot/

fixes should be made in the 4th paragraph, the section outlining features after the screenshot:

★ PRIVATE CHAT MESSAGING: Use Gibberbot with Orbot to chat confidentially with anyone, anywhere for free. Get Gibberbot: https://goo.gl/O3FfS!

been awhile since it was called gibberbot, hasn't it? should probably change that to chatsecure

★ PRIVACY FOR APPS: Any installed app can use Tor if it has a proxy feature, using the settings found here: https://goo.gl/2OA1y

The short url unmasks to the exact page it's on. Seeing as there are multiple possibilities (localhost: 9050, localhost 9040, localhost 8118, and http/https/socks4/socks4a/socks5) and no real explanation of the proper proxy configuration, there should be at least a section with that info and how they are connected to each other, because sending everything through tor doesn't work, and there is a bug in the individual apps selection I will detsail in a separate ticket if it hasn't yet been reported that makes the option virtually unusable.

#13454 ignore rule backup files new zyan defect Low
Description

please ignore *~ etc backups at profile dir HTTPSEverywhereUserRules. Who knows, maybe it first loads the old version and then whines about the latest edit because it is duplicate.

#13456 Tor Launcher should start centered on all OSes new brade defect Very Low
Description

Tor Launcher starts on Windows and Mac top left but on Linux it starts centered. For the sake of consistency it should choose one.

#13467 makes DNS query of your own hostname new tbb-team defect Medium
Description

on startup torbrowser 4.0 does DNS query of your own hostname. should not be needed.

(Linux x86_64, queried hostname is output of /bin/hostname, nameserver 127.0.0.1 in /etc/resolv.conf) I have denied with iptables connections to 127.0.0.0/8 except to 127.0.0.1 tcp 9150:9151. This is why I noticed packets to udp port 53.

#13469 Windows installer is missing many languages from the NSIS file new tbb-team defect Medium
Description

The installer file lists 56 languages,

but the installer only shows 26.

It looks like these are the 30 languages that are missing, notably including TBB official languages Arabic, Farsi, Korean, Polish, Russian, Turkish, and Chinese.

  !insertmacro MUI_LANGUAGE "SimpChinese"
  !insertmacro MUI_LANGUAGE "TradChinese"
  !insertmacro MUI_LANGUAGE "Japanese"
  !insertmacro MUI_LANGUAGE "Korean"
  !insertmacro MUI_LANGUAGE "Greek"
  !insertmacro MUI_LANGUAGE "Russian"
  !insertmacro MUI_LANGUAGE "Polish"
  !insertmacro MUI_LANGUAGE "Ukrainian"
  !insertmacro MUI_LANGUAGE "Czech"
  !insertmacro MUI_LANGUAGE "Slovak"
  !insertmacro MUI_LANGUAGE "Croatian"
  !insertmacro MUI_LANGUAGE "Bulgarian"
  !insertmacro MUI_LANGUAGE "Hungarian"
  !insertmacro MUI_LANGUAGE "Thai"
  !insertmacro MUI_LANGUAGE "Romanian"
  !insertmacro MUI_LANGUAGE "Latvian"
  !insertmacro MUI_LANGUAGE "Macedonian"
  !insertmacro MUI_LANGUAGE "Estonian"
  !insertmacro MUI_LANGUAGE "Turkish"
  !insertmacro MUI_LANGUAGE "Lithuanian"
  !insertmacro MUI_LANGUAGE "Slovenian"
  !insertmacro MUI_LANGUAGE "Serbian"
  !insertmacro MUI_LANGUAGE "SerbianLatin"
  !insertmacro MUI_LANGUAGE "Arabic"
  !insertmacro MUI_LANGUAGE "Farsi"
  !insertmacro MUI_LANGUAGE "Hebrew"
  !insertmacro MUI_LANGUAGE "Mongolian"
  !insertmacro MUI_LANGUAGE "Albanian"
  !insertmacro MUI_LANGUAGE "Belarusian"
  !insertmacro MUI_LANGUAGE "Bosnian"
#13470 Windows installer is missing Vietnamese as a language option new tbb-team defect Medium
Description

Vietnamese is one of the TBB packaged languages, but it's not one of the language options in the installer:

According to http://nsis.sourceforge.net/Examples/Modern%20UI/MultiLanguage.nsi, it should be possible just by adding a line:

  !insertmacro MUI_LANGUAGE "Vietnamese"

But Vietnamese probably requires #13469 to be fixed first, before it will show up in the installer's dropdown list.

#13479 Malware being served from thetorproject.org and tor-chat.org new defect Medium
Description

Someone has set up a pretty believable copy of the torproject.org site which is providing links to a binary hosted on another malicious domain tor-chat.org

Links to this domain are being spread on some .onion forums and on Reddit. I'll update the ticket when I get some more information.

#13485 Torbutton icon is squashed and ugly in TBB 4.0 needs_information tbb-team defect Medium
Description

In the new Tor Browser 4.0, the new Firefox chrome has changed the sizes and so on of the icons.

Our little green onion appears to have the bottom and top cut off of it, and also it's been shrunk.

What are some good fixes?

#13495 Warning thrown on Linux when opening TBB 4.0 for the first time new tbb-team defect Low
Description
OS: Debian Wheezy (64bit)
uname -a: 3.2.0-4-amd64 #1 SMP Debian 3.2.60-1+deb7u3 x86_64 GNU/Linux

When I opened TBB 4.0 for the first time I saw the following error:

1413809714781   addons.xpi-utils        ERROR   Unable to read anything useful from the database

TBB 4.0 worked fine, my guess is, it couldn't read anything useful from the database because the browser hasn't been started before?

#13498 Problem with scapy based tests inside of a virtualbox VM new hellais defect Medium
Description

When I run the fast.deck from inside of a virtualbox debian unstable 64 bit VM I get the following error:

Unhandled error in Deferred:
Unhandled Error
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/Twisted-14.0.2-py2.7-linux-x86_64.egg/twisted/internet/defer.py", line 1099, in _inlineCallbacks
    result = g.send(result)
  File "/usr/local/lib/python2.7/dist-packages/ooniprobe-1.2.2-py2.7.egg/ooni/nettests/manipulation/traceroute.py", line 62, in run_traceroute
    yield traceroute(self.localOptions['backend'])
  File "/usr/local/lib/python2.7/dist-packages/ooniprobe-1.2.2-py2.7.egg/ooni/utils/txscapy.py", line 432, in UDPTraceroute
    IP(dst=host, ttl=(self.ttl_min, self.ttl_max), id=RandShort()) / UDP(dport=dst_port, sport=RandShort()))
  File "/usr/local/lib/python2.7/dist-packages/Twisted-14.0.2-py2.7-linux-x86_64.egg/twisted/internet/defer.py", line 1237, in unwindGenerator
    return _inlineCallbacks(None, gen, Deferred())
--- <exception caught here> ---
  File "/usr/local/lib/python2.7/dist-packages/Twisted-14.0.2-py2.7-linux-x86_64.egg/twisted/internet/defer.py", line 1099, in _inlineCallbacks
    result = g.send(result)
  File "/usr/local/lib/python2.7/dist-packages/ooniprobe-1.2.2-py2.7.egg/ooni/utils/txscapy.py", line 462, in sendPackets
    self.factory.super_socket.send(packet)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/arch/pcapdnet.py", line 244, in send
    sx = str(cls()/x)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/packet.py", line 263, in __str__
    return self.build()
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/packet.py", line 321, in build
    p = self.do_build()
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/packet.py", line 310, in do_build
    pkt = self.self_build()
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/packet.py", line 301, in self_build
    p = f.addfield(self, p, val)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/fields.py", line 70, in addfield
    return s+struct.pack(self.fmt, self.i2m(pkt,val))
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/layers/l2.py", line 94, in i2m
    return MACField.i2m(self, pkt, self.i2h(pkt, x))
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/layers/l2.py", line 88, in i2h
    x = conf.neighbor.resolve(pkt,pkt.payload)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/layers/l2.py", line 38, in resolve
    return self.resolvers[k](l2inst,l3inst)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/layers/inet.py", line 727, in <lambda>
    conf.neighbor.register_l3(Ether, IP, lambda l2,l3: getmacbyip(l3.dst))
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/layers/l2.py", line 72, in getmacbyip
    nofilter=1)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/sendrecv.py", line 375, in srp1
    a,b=srp(*args,**kargs)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/sendrecv.py", line 358, in srp
    a,b=sndrcv(s ,x,*args,**kargs)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/sendrecv.py", line 129, in sndrcv
    inp, out, err = select(inmask,[],[], remaintime)
select.error: (4, 'Interrupted system call')

#13510 Master password can't be changed from default new tbb-team defect Medium
Description

Starting TorBrowser 3.6.6 (also in 4.0), the master password can't be set.

I trying to set the master password (the current setting indicates as "not set"), yet it not allowing me to set one, by popping the following message: "Unable to change Master Password".

#13543 HTML5 media support may lead to OS fingerprinting new tbb-team defect Medium
Description

I have found out that Tor Browser 4.0 can play videos that older versions of TBB couldn't. It's because the new firefox can load gstreamer plugins into the browser and play mp4 files (inside what I believe to be HTML5 player). I fear this means that gstreamer is able to connect directly or send sensitive information to the server where the video file is hosted. If you change "media.gstreamer,enabled" to "false", it prevents gstreamer from being loaded, but it might cause fingerprinting problems.

Any thoughts on this? Should this be enabled? Or maybe change it in later versions.

It could still be used maybe in TAILS, to make vimeo and other websites able to play videos (using gstreamer in a more secure environment).

#13552 TorBrowser 4 Default screen size seems off again new tbb-team defect Medium
Description

In TBB 3.6.6 - Windows_Browser Spy DK shows my default starting screen size 1000x800. Now it shows TBB 4.0 default size 1000x729 (that's 71px < TBB 3.6.6).

The nav bar background & tab bar is taller in TBB 4.0 than in 3.6.6.

  • My measurements: From Top of TBB 4 browser border to bottom nav bar = 100px.
  • TBB 3.6.6_Top of browser border to bottom nav bar measures 93px.
  • Measured browser desktop (less borders & toolbars): TBB 3.6.6 = 917px; TBB 4.0 = 842px.
  • 842 - 917 = 75px  (while Browser Spy showed 71px screen size difference).
  • The 4px variance between Browser Spy's & my measured screen sizes for 3.6.6 vs. 4.0 could be my measuring program; exactly how Browser Spy measures or the thickness of a border (that Browser Spy included but I did not or vice versa).
#13580 Unable to run Tor browser needs_information tbb-team defect Medium
Description

Tor no longer starts on my computer. Here is the log that is produced when it fails: 10/26/2014 5:40:08 AM.883 [NOTICE] Opening Socks listener on 127.0.0.1:9150 10/26/2014 5:40:08 AM.883 [NOTICE] Renaming old configuration file to "C:\Users\michael\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc.orig.1" 10/26/2014 5:40:09 AM.744 [NOTICE] Bootstrapped 5%: Connecting to directory server 10/26/2014 5:40:09 AM.854 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 10/26/2014 5:40:10 AM.160 [NOTICE] Bootstrapped 15%: Establishing an encrypted directory connection 10/26/2014 5:40:10 AM.403 [NOTICE] Bootstrapped 20%: Asking for networkstatus consensus 10/26/2014 5:40:10 AM.505 [NOTICE] Bootstrapped 25%: Loading networkstatus consensus 10/26/2014 5:40:12 AM.166 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. 10/26/2014 5:40:13 AM.189 [NOTICE] Bootstrapped 40%: Loading authority key certs 10/26/2014 5:40:13 AM.896 [NOTICE] Bootstrapped 45%: Asking for relay descriptors 10/26/2014 5:40:13 AM.897 [NOTICE] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6557, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw.) 10/26/2014 5:40:14 AM.328 [NOTICE] Bootstrapped 50%: Loading relay descriptors 10/26/2014 5:42:14 AM.211 [NOTICE] No circuits are opened. Relaxed timeout for circuit 9 (a General-purpose client 1-hop circuit in state doing handshakes with channel state open) to 60000ms. However, it appears the circuit has timed out anyway. 0 guards are live.

#13582 Flash video stream will not load on Livestation.com new zyan defect Medium
Description

When you start a livestream on livestation.com it simply displays an error message.

"OSMF Playback error"

I'm using MacOS 10.9.5, Firefox 33.0.1 and HTTPS-Everywhere 4.0.2

#13592 Tor Browser Bundle 4.0 Linux - Doesn't Theme new tbb-team defect Medium
Description

My specs;

Slackware 14.1 x86_64 gtk+3-3.8.2 qt-4.8.5 qt5-5.3.2 TBB 4.0 Linux x64

I don't remember if TBB is compiled against GTK or QT?

All of TBB doesn't show any themeing, from the startup window(s) to the browser itself.

I'm attaching a screen shot you can see showing no theming, just like the browser...

#13598 unusable with Mozilla nightly 36.0a1 (2014-10-28) - seeing Moved To 302 or variation of new zyan defect Medium
Description

HTTPS Everywhere 4.0.2

unusable with Mozilla nightly 36.0a1 (2014-10-28) ubuntu 14.04 64 bit

when enabled - I cannot even reach this site to book this ticket.

Seeing many messages like : Moved To _ with some link which is broken

This issue is easily replicated : do a google search then click on : Images to see pictures then click on one image which shows you the single image which is on a google.com domain then click the image which normally takes you to the original source URL of the image, however when enabled I always get :

302 Moved The document has moved here.

Also when enabled and I want to login to say http://stackoverflow.com/ with a fresh firefox profile which has no previous login and I use the credentials from google - I get a openid failure message

NOTE - HTTPS Everywhere is just fine on previous release of nightly 35.0a1 (2014-10-04)

#13603 Many channels closing with "IOERROR" reason given on control port. new defect Medium Tor: unspecified
Description

my tor-relay https://globe.torproject.org/#/relay/F1BE15429B3CE696D6807F4D4A58B1BFEC45C822 usually do serv about 1000 inbound, 500 outbound and 500 exit connections in parallel using just 20% CPU time of 1 core.

I do however wonder about the high amount of IOERRORs I do see in page 1#5 of the arm tool window, when I press e + q :

 │ 20:47:12 [ORCONN] STATUS: CONNECTED  ENDPOINT: $DB65666C334A177E8D4EA5B12E933E16275DEEE7~FridgeNet
 │ 20:47:11 [ORCONN] STATUS: LAUNCHED   ENDPOINT: $F0B6616974070C06ED80207075CDE5112158FF86~walrusWaffles
 │ 20:47:11 [ORCONN] STATUS: CLOSED     ENDPOINT: $8B9AD4D3055E9F9A5A027BD98F61583E673FF84B~GoldDragon REASON: IOERROR
 │ 20:47:11 [ORCONN] STATUS: LAUNCHED   ENDPOINT: $DB65666C334A177E8D4EA5B12E933E16275DEEE7~FridgeNet
 │ 20:47:11 [ORCONN] STATUS: CLOSED     ENDPOINT: $8E3C2D457B2799C26F70012F5A4A857DA7D326AE~Unnamed REASON: DONE
 │ 20:47:11 [ORCONN] STATUS: CONNECTED  ENDPOINT: $C47EDFA198D217F5DDCEFFCA6CB837D1C0AC5E6A~chuckschuldiner
 │ 20:47:11 [ORCONN] STATUS: CONNECTED  ENDPOINT: $4587B58F494875B6ACF1E29B1D64B2C93BD533D3~SYDIT
 │ 20:47:11 [ORCONN] STATUS: NEW        ENDPOINT: 78.47.188.4:58097
 │ 20:47:10 [ORCONN] STATUS: CONNECTED  ENDPOINT: $E91B2D9F72ADA255D46ED32F880A0B1BFFF64981~lessQQmorePEWPEW
 │ 20:47:10 [ORCONN] STATUS: LAUNCHED   ENDPOINT: $4587B58F494875B6ACF1E29B1D64B2C93BD533D3~SYDIT
 │ 20:47:10 [ORCONN] STATUS: LAUNCHED   ENDPOINT: $E91B2D9F72ADA255D46ED32F880A0B1BFFF64981~lessQQmorePEWPEW
 │ 20:47:10 [ORCONN] STATUS: CONNECTED  ENDPOINT: $FB40DC3C724E5AA6ECD3EA1F64C0F559B48F21B5~torpidsDEinterwerk
 │ 20:47:10 [ORCONN] STATUS: LAUNCHED   ENDPOINT: $FB40DC3C724E5AA6ECD3EA1F64C0F559B48F21B5~torpidsDEinterwerk
 │ 20:47:09 [ORCONN] STATUS: CLOSED     ENDPOINT: $D4643D88FFF8A7DA22FC26070FD9B4F22C88CD2C~default REASON: IOERROR
 │ 20:47:09 [ORCONN] STATUS: CLOSED     ENDPOINT: $C48FECDA99852AA28953780A5F48911F2EF27B06~ololiuqui REASON: IOERROR
 │ 20:47:09 [ORCONN] STATUS: CLOSED     ENDPOINT: $3EE29A5BA006487B96AA5DC2CE2243793E5C463C~overratedconfigs REASON: IOERROR
 │ 20:47:09 [ORCONN] STATUS: CLOSED     ENDPOINT: $2FD0BA57A34DC2792AF470398F72F37F9E51DC2D~serotonin REASON: IOERROR
 │ 20:47:09 [ORCONN] STATUS: CLOSED     ENDPOINT: $A49A0ACF7D45C1A70CCD08F3B69322BB6B1AA7E9~bennobaksteen REASON: IOERROR
 │ 20:47:08 [ORCONN] STATUS: FAILED     ENDPOINT: $372082F3E01DE6A6333D30329C6903A19D0E8E87~Unnamed REASON: NOROUTE NCIRCS: 1
 │ 20:47:08 [ORCONN] STATUS: LAUNCHED   ENDPOINT: $372082F3E01DE6A6333D30329C6903A19D0E8E87~Unnamed
 │ 20:47:08 [ORCONN] STATUS: FAILED     ENDPOINT: $90AB1CE329584D694E33D0C56E85C5639027D0BB~Unnamed REASON: DONE
 │ 20:47:07 [ORCONN] STATUS: CLOSED     ENDPOINT: $AA2FA395FC85AFC3CF038E027D9DD00A92FF3255~gulmohar REASON: IOERROR

The system is a hardened 64 bit Gentoo with kernel 3.17.1

#13615 Repo required for ubuntu utopic new erinn defect Medium
Description

http://deb.torproject.org/torproject.org/dists/ is currently missing an entry for Ubuntu 14.10 (Utopic Unicorn), released a few days ago.

#13626 Tor-browser-linux32-4.0.1 crash in Lubuntu needs_information tbb-team defect Medium
Description

I downloaded and install tor-browser-linux32-4.0.1_es-ES.tar.xz When I run start-tor-browser always crashes and popup windows with this text: Tor browser exited anormaly. Exit code:127 I am using Lubuntu 12.04 (Precise Pangolin) The last version i was using and works was 4.0 alpha 3 but sometimes also crash with same popup. Please solve it as soon as possible.

#13638 Better tokening in the output json data format for bridge reachability visualisation new hellais defect Medium
Description

Currently we use the bridge fingerprint as a unique key in the bridge reachability timeline graph. This leads to different bridges categorised as a certain pluggable transport type, since it's possible for a bridge with the same fingerprint to run on multiple pluggable transports.

I see to possible ways to avoid this:

1) Use as key H(bridge_fingerprint+pluggable_transport_type)

2) Change the logic for the graphs so that they don't use as token just the fingerprint, but also the transport type that should be present in the output json document.

#13649 Start.Me Page Fails if HTTPS Active new zyan defect Medium
Description

The StockQuotes widget in the Start.Me 'home' screen fails to display values for the selected stocks IF HTTPS Everywhere is active in firefox.

If HTTPS Everywhere is disabled, the values are displayed correctly.

Perhaps an exception/rule to turn off or disable HTTPS Everywhere for the Start.Me site should be created ?

Thanks ?!

#13669 disable "retry DNS on new circuit" for web content new tbb-team defect Medium
Description

From mikeperry's comment on ticket:5752#comment:7

isis just noted in #tor-dev that Tor retries failed DNS queries on other circuits. It appears that we do this for failed stream attempts too. I agree that's a bad property because it allows a web adversary to cause your browser to keep making new circuits until you pick one that uses its middle node.

We should ensure we disable this "retry on new circuit" behavior for content elements of a given URL bar, so that at least content elements don't get to cause you to create tons of circuits. Once a circuit can load a top-level url correctly, it should be considered reliable enough not to abandon if a DNS or other stream times out. This might actually require a new Tor child ticket and patch, though...

It's not clear what (if anything) we should change about the initial URL bar load behavior, though. Perhaps it is safe to remain unchanged, because Tor would at least rate limit that properly before failing the page load.

#13683 If you enable Amazon Web Services https while shopping on amazon.com you won't be able to click on the little images of the products new zyan defect Medium
Description

Using Chrome. To reproduce go to amazon.com. Find a product which has multiple pictures. Enable Amazon Web Services as one of the sites to force encryption on. Now try to click on one of the little images of the product on the left side. It won't work. Disable Amazon Web Services. Try again. It should now work.

#13716 Tor daemon apparmor profile breaks bridge restarts on Ubuntu 14.04 assigned weasel defect Medium
Description

As intrigeri noted here https://trac.torproject.org/projects/tor/ticket/9460#comment:13 a new apparmor mediation for signals in 14.04 breaks tor being able to kill obfsproxy on restart (meaning it comes up without obfsproxy since the old process continues holding on to the open port.) Example syslog: type=1400 audit(1415580423.404:19): apparmor="DENIED" operation="signal" profile="system_tor" pid=4514 comm="tor" requested_mask="send" denied_mask="send" signal=term peer="unconfined"

He also mentioned that adding the correct rule would break Debian, so an Ubuntu-specific fix was needed.

The rule that needs to be added is: signal (send) set=("term") peer="unconfined",

Not sure if the easiest path is to wait out Debian upgrading, updating Ubuntu packages, or adding an Ubuntu specific install line in Tor's apt package

#13726 A bunch of Pluggable Transport related .pyd files depend on msvcr90.dll which we do not ship new tbb-team defect Medium
Description

There are a bunch of .pyd files (namely _ctypes.pyd, _hashlib.pyd, _socket.pyd, _ssl.pyd, bz2.pyd, pyexpat.pyd, select.pyd and unicodedata.pyd) which directly depend on msvcr90.dll which we do not ship. We should get rid of that dependency if we don't need it.

#13727 BridgeDB should not distribute Tor Browser's default bridges needs_review isis defect Medium
Description

From #13504, we started distributing, in Tor Browser as the sets of 'default' bridges, only bridges which report their descriptors to the BridgeAuthority, causing those descriptors to eventually be sent through BridgeDB to the Metrics servers. This was done to obtain more accurate Metrics on bridge usage, since it is believed that most bridge users are currently using the default bridges.

Robert Ransom points out that we don't want BridgeDB to distribute these default Tor Browser bridges. The reasons are similar to why we don't want to initialise/use multiple types of PTs at the same time in Tor Browser: Using a TB-default bridge, presumedly mixed in with other non-TB-default bridges obtained from BridgeDB, would signal to anyone watching for use of the TB-default bridges that the other addresses are Tor bridges, thus potentially endangering:

  1. the user, Alice, who was accidentally given the TB-default bridge by BridgeDB, because she may now find that all her bridges are suddenly blocked,
  2. Alice's other bridges, which are at increased risk of being blocked by whoever is watching Alice,
  3. and the other users of Alice's other bridges.
#13739 Optimize the functions called in circuit_launch_by_extend_info() new defect Medium Tor: unspecified
Description

Ref to https://trac.torproject.org/projects/tor/ticket/8902#comment:10

You can see that on a loaded HS, some functions are called quite a lot and they take a lot of CPU.

https://people.torproject.org/~dgoulet/tor-hs-perf-100-circ.png

They should be optimize to bring that CPU usage down.

#13768 clean orbot build from git clone https://git.torproject.org/orbot.git reopened n8fr8 defect Medium
Description

Trying to make clean build from git clone https://git.torproject.org/orbot.git

It seems that makefile is not sync with latest external folders. iptables, libevent missing. How are official builds made? It looks that not from clean start. Messy stuff. As security app as is should be more proper maintained.


make[3]: Leaving directory `/media/verbatim/git/orbot_main/orbot/external/openssl/engines/ccgost' make[2]: Leaving directory `/media/verbatim/git/orbot_main/orbot/external/openssl/engines' make[1]: Leaving directory `/media/verbatim/git/orbot_main/orbot/external/openssl' touch openssl-build-stamp

test -d lib test -d include test -d include/openssl
mkdir lib
mkdir include
mkdir include/openssl

cp openssl/libcrypto.a lib/libcrypto.a cp openssl/libssl.a lib/libssl.a cp openssl/include/openssl/* include/openssl sed -i 's@\(SUBDIRS = . include\) sample test@\1@' libevent/Makefile.am sed: can't read libevent/Makefile.am: No such file or directory make: [libevent/Makefile] Error 2 make: Leaving directory `/media/verbatim/git/orbot_main/orbot/external'

#13771 http auth: after clicking new identity, site doesn't load at all new tbb-team defect Medium
Description

after i logged in to a website that has http basic auth, the new identity seems to clear the user credentials fine, but the respective websites stop loading altogether - while an unauthenticated http request seems to be sent, the tab just continues to load saying "Connecting ..."

#13775 Tor Browser won't open with OpenVPN new tbb-team defect Medium
Description

We've had multiple users say that they're unable to start Tor Browser when trying to use it behind various OpenVPN-based VPNs, including ClearVPN and HideMyAss. Even with antivirus and firewall software disabled, the experience seems to be that a Firefox window won't even open. On Windows 7, the mouse cursor will spin for a moment, then nothing will happen. Hence these users are unable to provide a Tor log.

#13777 Apple iOS IPSW downloads broken on Akamai new zyan defect Medium
Description

Trying to access the Apple iOS firmware IPSW links (for other links see ipsw.me):

http://appldnld.apple.com/iOS8.1/031-09018.20141020.FTd5f/iPad3,1_8.1_12B410_Restore.ipsw

With HTTPS-E redirects to

https://a248.e.akamai.net/7/248/51/20120908/appldnld.apple.com/iOS8.1/031-09018.20141020.FTd5f/iPad3,1_8.1_12B410_Restore.ipsw

Which gives:

An error occurred while processing your request.
Reference #30.c5ce93f.1416256923.c61773a

Disabling HTTPS-E fixes it.

#13785 Tor browser files creation date new tbb-team defect Low
Description

After a fresh package extract, some folders in tor browser don't adhere to the 'Jan 1 2000' creation date rule.

./Browser: drwx------ 2 user user 4096 Nov 18 15:25 webapprt

./Browser/browser: drwx------ 3 user user 4096 Nov 18 15:25 chrome

./Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@…: drwx------ 5 user user 4096 Nov 18 15:25 chrome

./Browser/TorBrowser/Tor/PluggableTransports: drwx------ 2 user user 4096 Nov 18 15:25 flashproxy drwx------ 4 user user 4096 Nov 18 15:25 fteproxy drwx------ 7 user user 4096 Nov 18 15:25 obfsproxy

#13791 Tor Browser Bundle ignores -app argument (GNU/Linux, mine is 64 bit) new tbb-team defect Medium
Description

Currently command line arguments given to start-tor-browser should be passed to Firefox. However, I ran into problems when trying to use slimerjs (http://slimerjs.org), which can use Firefox to run itself as an "app". Slimerjs is basically a framework for automating Firefox. When I want to use it with Tor, I think it is best to use it with TBB, as TBB has its enhancements needed to good anonymity added to Firefox ESR. Through TBB is a MODIFIED version of Firefox (plus Tor), I feel there must not be any _real_ compatibility issue.

Slimerjs launches itself with this command: "$SLIMERJSLAUNCHER" -app "$SLIMERDIR/application.ini" $PROFILE -no-remote "$@" where "$SLIMERJSLAUNCHER" becomes "start-tor-browser".

In TBB's start-tor-brwser: ./firefox --class "Tor Browser" \

-profile TorBrowser/Data/Browser/profile.default "${@}"

Results in: ./firefox --class "Tor Browser" \

-profile TorBrowser/Data/Browser/profile.default -app "$SLIMERDIR/application.ini" $PROFILE -no-remote "$@"

And used as: SLIMERJSLAUNCHER=start-tor-browser slimerjs script.js

I suspected duplicated "-profile" might cause problems. But editing around them did not solve any issues.

Slimerjs is a Firefox automation framework, so automating TBB should be straightforward.

Since TBB supports command line arguments, it should be able to be used for running "trusted" XUL applications.

Expected behavior: Runs given javascript with slimerjs, with the same functionality and fingerprints as normal TBB operations.

Actual behavior (TBB 4.0): TBB launches as usual. Nothing related to slimerjs happens.

#13800 circuit does not close after hidden service is shutdown via control port new defect Medium Tor: unspecified
Description

Using the tor control port i create my tor hidden service like this:

SETCONF hiddenservicedir=/var/lib/tor-alpha-hidden-services/hiddenService01 hiddenserviceport="80 127.0.0.1:8080"

I then create a connection to that hidden service... and afterwards remove it like this:

SETCONF hiddenservicedir=/var/lib/tor-alpha-hidden-services/hiddenService01

Even after this hidden service is removed from the tor process additional connection attempts to that same onion result in these log messages:

Nov 21 04:11:47.000 [info] connection_exit_begin_conn(): begin is for rendezvous. configuring stream. Nov 21 04:11:47.000 [warn] Couldn't find any service associated with pk e5p437qubbddgwa6 on rendezvous circuit 4216977301; closing. Nov 21 04:11:47.000 [info] connection_exit_begin_conn(): Didn't find rendezvous service (port 80)

I also noticed that sending the tor process a sig HUP stopped this behavior fairly soon... but I was still able to produce these log messages for a little while.

#13803 Better and more efficient database schema new hellais defect Medium
Description

The current mongo db database schema has some problems that do not allow for efficient querying in certain cases.

Curently the main two collections in the DB are "reports" and "measurements" and each measurement references the report by id.

This makes analysis on a per country basis not so easy, e.g.:

  1. query for all measurements that have inconsistencies
  2. iterate over measurements and query report_id (and probe_cc)

This results in many unecessary queries.

Ideally we would like to have a schema that allows use to one query in order to get all measurements based on report AND measurement attributes ; the result would be just a list of measurements.

#13817 Untange kludgey library detection, particularly for SSL forks new defect High Tor: unspecified
Description

Split from #13415:

teor:

LibreSSL

I'm having trouble getting LibreSSL (2.1.2) to work with tor git on OS X 10.9.

Here are the issues I've found and fixed in the configure invocation:

configure --with-openssl-dir= detects the wrong bin/openssl if "$OPENSSL_DIR/bin/openssl" isn't in the path before all other openssl executables. configure --enable-static-openssl requires LDFLAGS="$OPENSSL_DIR/lib":$LDFLAGS to link properly, at least on OS X.

I'm pretty sure these issues will affect all (non-system/non-standard) SSLs.

Can we make configuring with non-system SSLs easier by prepending "$OPENSSL_DIR/bin" and "$OPENSSL_DIR/lib" to the PATH and LDFLAGS respectively?

BoringSSL

BoringSSL is even worse - it doesn't even have an openssl executable, only builds static libraries, and is a pain to configure correctly under our current config scripts.

I can't seem to stop it finding the system-supplied SSL, even when I provide it the BoringSSL directories.

I get the following warnings when I manually install BoringSSL into include/lib/bin dirs, and fake the openssl executable using the bssl executable:

(See #13815)

nickm:

(The build issues are another matter and should get their own ticket: Untangling our kludgey library detection has been something a bunch of people have wanted for a while.)

#13818 [PATCH] Active tab looks ugly (inherits system color scheme only partially) assigned mcs defect Medium
Description

I use Tor Browser 4.5-alpha-1 on KDE, my gtk+ theme is oxygen-gtk. As I found from looking into sources of Tor Browser, when it renders site content, it uses some stand-ins for native colors to avoid browser fingerprinting. And these stand-ins should not be used when rendering browser interface - the variable useStandinsForNativeColors in layout/style/nsRuleNode.cpp:890 (function SetColor):

bool useStandinsForNativeColors = aPresContext && !aPresContext->IsChrome();

But this condition is not enough to fully distinguish browser interface from site content. Look at the attached screenshot to see that left and right corners of active tab are lighter than middle of the tab - this is because the middle renders with system colors, and corners render with stand-ins while stand-ins should be really disabled for them.

I discovered that two files correspond for corners of the tab: chrome://browser/skin/tabbrowser/tab-selected-start.svg and chrome://browser/skin/tabbrowser/tab-selected-end.svg, and IsChrome() function returns false for this files, so stand-ins are used when they shouldn't.

I think that the attached patch should be used in order to handle correctly those two svg files.

#13832 HTTPS Everywhere breaks PayPal checkout process new zyan defect High
Description

For www.robotshop.com, ordering with HTTPS Everywhere in the PayPal portion of the checkout breaks the site by rewriting https connection to secure.robotshop.com

The issue has been spotted on Firefox 33.1, Windows 7 - 64 bit.

Please, the rule (https://www.eff.org/https-everywhere/atlas/domains/robotshop.com.html) on robotshop.com should be modified to not redirect to secure.robotshop.com anymore.

Thank you

#13833 Tor Browser hangs on our own Trac reopened tbb-team defect Medium
Description

According to Yawning: Selecting the timeline checking all checkboxes and clicking on "Update" leads to a freeze of the browser. This happens in vanilla Firefox on different OSes, too. Might be related to #10631.

#13834 please remove trailing spaces from source files new tbb-team defect Medium
Description

In TorButton (aboutTor.js, torbutton-logger.js, and others) there are a lot trailing spaces. It's best practice to remove them.

Just open all files in an editor that removes trailing spaces upon saving. (Such as Kate when configured to do so.)

I could provide a git branch for this "fix" if you like, but I guess it's simpler for someone with commit access.

#13846 HTTPS anywhere in Firefox blocks all NHL.com videos from playing new zyan defect Medium
Description

If I have HTTPS anywhere enabled in Firefox 33.1 on Windows 7 and try to view NHL.com highlight videos, it simply doesn't work. Disabling the plugin fixes the issue.

The version reads HTTPS anywhere 4.0.2

#13854 "view page source" isn't cleared/cleaned when click "create new identity" new tbb-team defect Medium
Description

Hello,

I have noticed that if I right click in a webpage and chose "View Page Source" it will give me a new window with the source of that page, but that window isn't closed or cleaned right away if I close the browser or click "create new identity". It should, because leaving it opened could lead to some unwated situations (like someone coming on the computer and seeing we were inspecting www.example.com).

#13871 Can't use keyboard new tbb-team defect High
Description

When in the tor browser the keyboard doesnt work at all in Tor browser 4.0.1. The old version worked just fine, but when I updated it stopped working and so did all previous versions I tried.

I'm on windows 7 64 bit.

The mouse works fine

#13887 Pick a reporting format for Chutney new defect Medium
Description

We need some way for Chutney to tell another process about the events it's seeing.

Options include CTF, json, protocolbufs, line-based text.

See https://lists.torproject.org/pipermail/tor-dev/2014-December/007898.html for a synopsis of goals.

I'm especially interested in dgoulet's opinion on CTF in particular.

I'm especially interested in atagar's opinion about what would be friendliest to a stem-based chutney.

#13890 Provide support for urdu language in Tor Browser new tbb-team defect Medium
Description

Currently Tor Browser does not support the urdu language.

Implementing this feature, though, is blocking on having an ESR of Firefox that supports such language, that will probably not happen before August 2015.

Support for urdu in Firefox was just recently announced: http://mozilla-pakistan.org/2014/05/12/new-firefox-launch-event-pakistan/ and xpi's for it are only shipped in their alpha builds: https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-aurora-l10n/mac/xpi/.

When that is done the TorButton and TorLauncher components would need to be translated.

It's probably a good idea to implement this as part of #12967.

#13893 Torbrowser crashes on start when using MS EMET 5.x reopened gk defect High
Description

Trying to start the Tor Browser on Win7 x64 SP1 with MS EMET 5.1 installed and firefox.exe added to it leads to the following crash of firefox.exe:

EMET detected SimExecFlow mitigation and will close the application: firefox.exe

SimExecFlow check failed:

Application : D:\Tor Browser\Browser\firefox.exe User Name : XYZ\XYZ Session ID : 1 PID : 0x1280 (4736) TID : 0x12C8 (4808) CodeAddress : 0x62B5EEF2 CodeStackPtr : 0x3CF190 CalledAddress : 0x77324AFF API name : kernel32.VirtualProtectEx StackPtr : 0x003CF130 FramePtr : 0x763298

IMHO it should be possible or even best practise to use Tor Browser together with EMET. Perhas a core developer can take a look at this. If you need more information, let me know.

#13898 HTTPS Everywhere not working with SlimJet new zyan defect Medium
Description

The HTTPS Everywhere extension seems to load correctly in the Slimjet browser but the icon does not appear in the address bar. Does this mean that it is not working? Am I missing something or is it just that the extension is not compatible with Slimjet?

#13899 Won't allow videos to be palyed new zyan defect Medium
Description

With HTTPS Everywhere enabled, videos on Foxnews.com (and maybe others) will not play

#13912 Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE registers) new defect Medium Tor: unspecified
Description

The article "Zeroing Buffers Is Insufficient" describes how AES-NI can leave keys in SSE registers for long periods of time. (It also describes issues with temporary variables on the stack, and in other registers.)

http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html

Is there a way we can semi-portably fix this?

#13920 If the ports tor wants to use are already in use, try different ports before freaking out. new brade defect Low
Description

A user story: Imagine that you want to run two instances of Torbrowser at the same time. Perhaps you want to use one site in one instance and another site with the other, but who knows? You download the Torbrowser tarball and extract it twice — into two different directories. Now you launch one of the Torbrowsers. So far so good. You go to launch the other one, and… oh no, “Tor unexpectedly exited.”. Now you're sad.

Tor didn't launch properly because the ports it wants to use are already in use by the other Torbrowser's tor. You could fiddle with the config files to manually fix this. But it'd be nicer if Tor Launcher figured this out on its own. If tor didn't start properly, was it because the ports it wanted were already in use? If we just increment them all by one and try again, does it work? If so, let's just do that.

#13926 No certificate hierarchy reopened tbb-team defect Medium
Description

In the certificate hierarchy there is only one certificate displayed for some sites.

#13928 Tor Authorities reachability testing is predictable and sequential new defect Medium Tor: unspecified
Description

In the tor network, all tor authorities test reachability in the same, predictable sequence. Each authority uses the same sequence, and, if started at similar times (a 10 second window ever 1280 seconds), they will start at the same point. (This is a particular issue with test networks.)

I'd like to randomise the start point and progression of the sequence, while keeping the property that each 1280 second cycle tests all routers.

#13929 Increase Authority reachability testing rate with low TestingAuthDirTimeToLearnReachability new defect Medium Tor: unspecified
Description

In a TestingTorNetwork, when TestingAuthDirTimeToLearnReachability is much lower than its normal value of 30 minutes, bootstrap will happen much more reliably if we test reachability at a proportionally faster rate.

I'd like to multiply the number of routers tested every 10 seconds, by the proportion that TestingAuthDirTimeToLearnReachability is smaller than the expected 1280 second cycle length.

#13937 Allow the use of NoScript in whitelist mode new tbb-team defect Medium
Description

TBB customises NoScript to only allow a simple toggle between global allow / global deny of scripts. That's a reasonable attempt to make a hard-to-use tool more comprehensible for many types of users.

Power users however have good reasons to want NoScript's default whitelist-based UI instead. For instance, a user may wish to allow Google JS in order to be able to solve CAPTCHAs and use Google's search engine, but not want to take the risks of JS-dependent vulnerabilities on every other site they visit with TBB.

Currently there doesn't seem to be a way to make that happen in the TBB NoScript UI.

#13951 Add EFF technologists as maintainers for the HTTPS Everywhere transifex strings accepted phoul defect High
Description

I think I used to have the ability to edit all of our translated strings, but it now says, "to translate you need to be logged in and a members of the $LANG team" (I am logged in).

EFF technologists we should add:

pde schoen jsha jgillula cooperq

#13954 Android fonepad new n8fr8 defect Medium
Description

Downloaded both apps from Google play store and did the regular install to internal hard drive Orbo keeps giving me a startup error so I deleted both apps and reinstalled them with same results How can I manually repair install

Phone= Asus FonePad 7 K012 rooted running 4.3 jellybean Running android Orbit 14.1.4 (Tor 0.2.5.10)

Orbot is starting… Orbot is starting… Waiting for control port... tor: PRE: Is binary exec? true polipo: PRE: Is binary exec? true obfsclient: PRE: Is binary exec? true xtables: PRE: Is binary exec? true Orbot is starting… Orbot is starting… updating torrc custom configuration... success. Orbot is starting… Tor (1): sh: <stdin>[2]: /data/data/org.torproject.android/app_bin/tor: No such file or directory

Unable to start Tor: java.lang.Exception: Torrc config did not verify

#13957 Orbot not starting on lollipop (Nexus 4) new n8fr8 defect Very High
Description

Every time I try starting Orbot, I see the following error:

Tor(1):error: only position independent executables (PIE) are supported

Unable to start Tor:java.lan.Exception: Torrc config did not verify.

I tried the advise given in https://trac.torproject.org/projects/tor/ticket/13764

But that didn't help either.

Is there anything else I can do?

Thanks,

#13958 possible state leakage in Tor Browser new tbb-team defect Medium
Description

In Tails 1.2.1 (the current latest), when I run Tor Browser for the first time the menu bar is hidden.

Its visibility toggles irritatingly with the alt key. So, I always set it to remain visible by right-clicking in the empty space in the tab bar to the right of the current tab and checking the "Menu Bar" option in the contextual menu.

When I quit and relaunch Tor Browser, this setting remains, even though all other browser state I have discerned is reset.

I am filing this bug so that someone more knowledgeable can consider and investigate the possibility that this presumably-harmless state persisting is not an indicator of some larger state leaking problem in Tor Browser.

#13965 https-e breaks NBC Live Extra streaming new defect Medium
Description

When HTTPS-E is active, stream.nbcsports.com/liveextra doesn't work. After choosing a stream, you're redirected to a cable vendor site for authentication, then returned to NBC to start stream. If HTTPS-E is active, you get a "not subscribed" error and you're kicked out. With HTTPS-E disabled, it works fine. It seems to be a token setting problem of some kind, but I'm not a real coder so that theory is suspect. First noted using Chrome, unclear with Firefox(pc) because it doesn't work either way (either inherent to Firefox or other plug-ins/extensions or my config).

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Note: See TracQuery for help on using queries.