Custom Query (4414 matches)


Show under each result:

Results (901 - 1000 of 4414)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Ticket Summary Status Owner Type Priority Milestone
#10762 TorBridy should try both SOCKS port 9050 and 9150 needs_review ioerror defect Medium

TorBridy's SOCKS configuration should try both 9050 and 9150 and use the one that works.

You can crib Torbutton's local tor check here (which requires access to the control port):

We wrap that with the option to fall back to the remote check if transproxy is set here:

The remote check is here:

Unfortunately if you perform any network activity (including a remote tor check) with a socks port set, you may run into #8511, causing any hosts you contact to become unreachable after you change SOCKS settings. I am not sure if that caching behavior is present in Thunderbird too. The local tor check won't be affected by this bug, though.

#10763 Torbrowser does not work on FreeBSD new tbb-team defect Medium

Tor Browser 3.x, 3.5 specifically, no longer works in freebsd 9 and beyond. Even under linux compatibility it fails due to ELF errors.

There's an open request in pcbsd-land to create a port. Will debug

#10772 Torbutton/Noscript plugin settings ambiguous to user new erinn defect Medium

Software: Tor Browser 3.5.1 The recent changes to torbutton/torbrowser leave some confusion to the user. Opening the Noscript Options menu, under embeddings, shows that no embedding type is being blocked (i.e. Flash/silverlight/java/other plugins).

Yet, the torbutton claims in documentation to be blocking all plugins. This may lead the user to conclusions that are false. "Disabling plugins Plugins have the ability to make arbitrary OS system calls and bypass proxy settings. This includes the ability to make UDP sockets and send arbitrary data independent of the browser proxy settings.

Torbutton disables plugins by using the;1 service to mark the plugin tags as disabled. This block can be undone through both the Torbutton Security UI, and the Firefox Plugin Preferences.

If the user does enable plugins in this way, plugin-handled objects are still restricted from automatic load through Firefox's click-to-play preference plugins.click_to_play.

In addition, to reduce any unproxied activity by arbitrary plugins at load time, and to reduce the fingerprintability of the installed plugin list, we also patch the Firefox source code to prevent the load of any plugins except for Flash and Gnash. "

Essentially, the design document states that the user should only be able to enable flash, and through the torbutton UI. The noscript UI about embeddings is therefore confusing and redundant. This could cause the user to make false conclusions about the behavior of the browser, compromising their anonymity.

This is the basic problem in user interface design of having two places to change a setting, and it usually indicates a defect in design.

#10773 TorBrowser Noscript plugin does not block HTML5 audio/video tags new tbb-team defect Medium

Software: TorBrowser 3.5.1 Relevant to recent bug:

The TorBrowser software design document states:

"Plugins must be restricted Even if plugins always properly used the browser proxy settings (which none of them do) and could not be induced to bypass them (which all of them can), the activities of closed-source plugins are very difficult to audit and control. They can obtain and transmit all manner of system information to websites, often have their own identifier storage for tracking users, and also contribute to fingerprinting.

Therefore, if plugins are to be enabled in private browsing modes, they must be restricted from running automatically on every page (via click-to-play placeholders), and/or be sandboxed to restrict the types of system calls they can execute. If the user agent allows the user to craft an exemption to allow a plugin to be used automatically, it must only apply to the top level url bar domain, and not to all sites, to reduce cross-origin fingerprinting linkability. "

What this implies, is that software components to the browser should be under scrutiny from a security standpoint. I hold that the audio/video rendering engine of firefox is such a component.

From the design: "We have verified that these settings and patches properly proxy HTTPS, OCSP, HTTP, FTP, gopher (now defunct), DNS, SafeBrowsing Queries, all javascript activity, including HTML5 audio and video objects..." Also: "The adversary simply renders WebGL, font, and named color data to a Canvas element, extracts the image buffer, and computes a hash of that image data. Subtle differences in the video card, font packs, and even font and graphics library versions allow the adversary to produce a stable, simple, high-entropy fingerprint of a computer." Finally, "At least two HTML5 features have different implementation status across the major OS vendors: the Battery API and the Network Connection API. We disable these APIs through the Firefox preferences dom.battery.enabled and "

So you have determined that the audio and video object are properly proxied, yet the features conflict with the security requirement. Basically, you have blocked WebGL and several HTML5 subcomponents, for reasons of security and fingerprint-ability, but are not blocking the audio/video tag, which likely has the same issues. It appears your study only included audio/video proxying, and not the security, fingerprint-ability, or data retention requirements.

The audio/video tags are HTML5 tags that allow the loading, streaming, storing, proxying, and playing of rich-media content such as audio and videos. This software is built into Firefox. It is a multimedia engine written in C++ for variety of platforms and shipped with the Firefox code. It is not necessary for browsing. Other researchers have deemed there will be trouble here, with flash you have one player, multiple platforms--here, there will be different implementations in every browser--a zero-day paradise.

The rational is simple: Adobe wrote Flash 10 years ago and there are still 130 vulnerabilities EVERY YEAR, for what amounts to simply a vector graphics/video player! And that is from developers that have feedback from millions of systems and specialize in writing that type of code. I hold that the Mozilla developers do not have the same experience as the Flash developers, and hence will have the same, if not more, vulnerabilities in their implementation of these HTML5 tags. Granted this is a "how many piano tuners are in Chicago" analysis, but it may be valid.

Therefore, I conclude, that the audio/video tags are against the design of the tor browser at this point. Even though the code may be open source, it cannot be deemed to be secure, or even more secure than flash. Yet, Flash/Gnash has not been endorsed/recommended. I do not believe the tor project has the bandwidth to ensure these tags will meet the design at this point.

Therefore, I see that having these components ON by default is a defect.

Here is the relevant diff files:

#10781 Spreadshirt's force-https-rule break tshirt designer new pde defect Medium

If I load the tshirt designer of with defaults of https-everywhere the site is loaded via http and the designer does not work correctly. When I deactivate the "Spreadshirt" rule, everything works nicely.

HTTPS Everywhere 2014.1.3 (version does not exist here) Google Chrome 32.0.1700.102 m Windows 7 SP1

#10786 orbot (13.0.4a) on android 4.3 didn't start - asus me302c tablet new n8fr8 defect High

In the orbot start window I get the following information:

Orbot is starting… Tor binary exists: /data/app-lib/ Privoxy binary exists: /data/app-lib/ Obfsproxy binary exists: /data/app-lib/ Xtables binary exists: /data/app-lib/ link RM err=0 out: link LN err=0 out: PRE: Is binary exec? true (re)Setting permission on binary: /data/app-lib/ POST: Is binary exec? true tor: PRE: Is binary exec? true (re)Setting permission on binary: /data/data/ tor: POST: Is binary exec? true PRE: Is binary exec? true (re)Setting permission on binary: /data/app-lib/ Orbot is starting… POST: Is binary exec? true PRE: Is binary exec? true (re)Setting permission on binary: /data/app-lib/ POST: Is binary exec? true PRE: Is binary exec? true (re)Setting permission on binary: /data/app-lib/ POST: Is binary exec? true Orbot is starting… Couldn't start Tor process:

The tablet is unrooted. Tor version v0.2.4.20

#10791 Detect overtuned exit relays new aagbsn defect Medium

Many relays breaks usability for users by trying so small time of syn packet that connection timeout is very low if relay overloaded and syn was lost. Tor client have no ability to retry with another circuit if reason for end cell is timeout or refused. By default Tor can to retry only if no answer for 10 (15) seconds or some end reasons.

Torflow should to test exit relays if they answers timeout faster than after 15 seconds or refuses for known working host.

Relays that overtuned or overfirewalled still usefull as non-exit relays but should be marked as BadExits if stable Tor client version can't to retry.

#10804 Tor Launcher extension hangs periodically when Tor Browser is started new brade defect High

Sometimes i observe that Tor Browser firefox browser window is not coming up after progress dialog completed. The process "firefox.exe" can be found within process list, but it never become visible or exit. Each further launch of Tor Browser creates another firefox.exe, which will never open it's window. If i terminate the hanged firefox processes manually, then next launch of Tor Browser completes successfully. I have did a research and found that the hang happen in Tor Launcher extension in file tl-protocol.js in the call of "readBytes" method. There is also a related comment in source code:

TODO: readBytes() will sometimes hang if the control connection is opened immediately after tor opens its listener socket. Why?

So, i assume, the problem is known to you, but is still not fixed.

Tested OS: WinXP Tor Browser Bundle version: 3.5.1

#10812 CryptReleaseContext missed for windows new defect Medium Tor: 0.2.???

When you have finished using the CSP, release the handle by calling the CryptReleaseContext function.
#10818 Tell users to install M2Crypto new infinity0 defect Very High

No instructions currently tell the user to install M2Crypto, which is needed for appspot and email registration.

This tripped up someone on IRC today.

#10824 Using Firefox UI to remember history disables third party tracking/cookie protection new tbb-team defect Medium

In the user mentions the following steps to reproduce the problem:

I now tried a clean installation of TBB 3.5.1 win32

I change the option from "Never remember history" to "Remember History".
It requested a restart.
Then I checked and it was "Use custom settings for history".
I looked at the TorButton extension security tab settings and it had
the first and third option UNchecked.
I changed it to "Never remember history", it requested a restart again.
I looked at the TorButton extension security tab settings and it had
the third option UNchecked.
#10839 Block, RFC1918, and others ranges (for Non-Tor SOCKS proxies) new tbb-team defect Medium

The fix for #10419 was Tor specific. We rely on Tor blocking localhost, RFC1918, and other non-routable addresses to prevent these requests from going anywhere.

This creates problems for people who want to use Tor Browser with non-Tor SOCKS proxies. The browser will now try to proxy localhost, and it will still continue to proxy RFC1918 addresses, as it did before.

This is not a development priority for us, but we will accept a patch that prevents localhsot, RFC1918, and other internal address space from being proxied in the first place.

#10843 HTTPS-Everywhere Causing Flash to Crash new pde defect Medium

I am running HTTPS Everywhere version 2014.1.3 and Chrome version 32.0.1700.107 m on a Windows Vista Home Premium machine.

Since the latest Adobe Flash patch (the emergency zero-day exploit released on 04FEB14), HTTPS-E has been intermittently causing Shockwave Flash to crash. It does not happen on all webpages; for example, YouTube itself does not seem to have the problem, but YouTube videos embedded in other sites do. Disabling HTTPS-E solves the crashing problem, but I would prefer to still be able to use it :).

#10854 Limit IPv4 addresses to dotted-decimal form (as per RFC3986) new tbb-team defect Medium

RFC3986 specifies that host IPv4 addresses must be in dotted-decimal format ( in a URI.

However, on certain platforms (Unices) Firefox also allows alternative formats: octal, base 256, single long int… There is a longstanding ticket to change this behavior, as alternate IP representations nowadays only serve for malicious address obfuscation or filters bypassing.

The Tor browser should stick to the RFC in order to prevent such abuses and present a uniform behavior across platforms.

#10859 compass url not reusable if you don't specify number of results new gsathya defect Medium

Go to and then click submit. You get a list of the top ten relays, and your URL changes to "". Great.

Then open a new tab and paste the above long URL into it. No relays listed!

If you type in '10' rather than leaving it to be the default, then you get a URL of "", which does work when you paste it into a new tab.

#10868 HTTPS Everywhere Chrome Extension Conflict with Disconnect new pde defect Medium

I use HTTPS Everywhere and also have Disconnect (jeoacafpbcihiomhlakheieifhpjdfeo) I get the following warning in Chrome:

Warning: This extension failed to redirect a network request to because another extension (HTTPS Everywhere) redirected it to

#10871 Download more microdescriptors with a shorter request new defect Medium Tor: 0.2.???

In a comment on #9969, karsten said:

""" A few thoughts:

  • Would it help if we implemented /tor/micro/all which is mentioned in dir-spec section 5.2 "Downloading router descriptors or microdescriptors" but which is not implemented yet? Of course, then clients would download the bulk of microdescriptors from a single directory.
  • Do we have to include full digests in requests, or would it be sufficient to ask for the first few digest bytes? Assuming that clients would only accept descriptors matching locally stored full digests. For example, requests could contain only the first 4 (or 8) base64 chars representing the first 3 (or 6) digest bytes. Directories could accept any multiple of 4 base64 chars.
  • Mixing the two ideas, how about we add a way to ask for 1/2, 1/4, etc. of all microdescriptors in a single request? The request could be /tor/micro/all/<base64-prefix>/<bits>, so that /tor/micro/all/A/1 means all digests starting with 0 binary, /tor/micro/all/w/2 means all digests starting with 11 binary, etc. Clients could decide how many requests to send from the number of descriptors they need, which may change over time.

Each of these ideas requires us to upgrade authorities and caches before clients will be able to use them. """

I'm giving this a separate ticket since it's going to need analysis which #9969 won't.

#10874 TorButton won't "blink" for update if using local Tor needs_information mikeperry defect Medium

When using a local Tor and setting TorLauncher not to spawn Tor (about:config, extensions.torlauncher.start_tor is false, as is extensions.torlauncher.prompt_at_startup), the TorButton turns into a big 'X' and doesn't tell me about updates. Even if I had no Tor at all, I still need security updates!

In any case, I still am using Tor. I am using a local system Tor, I do not want to connect twice and I like to manage my bridges and everything else in one place. Thanks!

#10885 Confusing/Conflicting Info Provided About Flash in Tor Browser, Usability Issue new tbb-team defect High

Tor Browser 3.5.1

There is a serious conflict here between documentation for the Tor Browser Bundle, and the interface provided by the Tor Browser. If there is another ticket, this should be grouped in.

Not using the seperate components, noscript, torbutton, as an excuse, the following things are incompatable:

--[1]--Buttons in noscript plugin for flash are now unchecked.(See #10772 These buttons don't do anything--see other ticket. This is misleading to user.

--[2]--Documentation in design document ( says "In addition, to reduce any unproxied activity by arbitrary plugins at load time, and to reduce the fingerprintability of the installed plugin list, we also patch the Firefox source code to prevent the load of any plugins except for Flash and Gnash."

This statement in and of itself may lead a user to believe Flash is now "Tor Safe".

--[3]--The "Disable browser plugins (such as Flash)" checkbox under Torbutton->Preferences->Security Settings does not provide adaquate warning to a naive user. When this is unchecked, and the browser restarted, addons shows the addons-manager set flash to "ask to activate."

--[4]--A rather large pop-up window with generic information about plugins possibly being dangerous shows up. Given the other points here, this message did not seem to state clearly that Flash WILL bypass your proxy.

--[5]--The existance of a project in Tor Project called "FlashProxy". This name is misleading. It should be changed to "FlashRelay."

The combination of all these factors led an expert user to believe that Flash now worked with Tor Browser, had been scrutinized, and would be proxied. Luckily, that user was using TAILS.

But this can result in immediate anonymity loss for someone else. Because once activated, it completely appears that Flash is running in the Tor Browser, and a naive user may think it is being proxied.

I think the Torbutton checkbox needs more information there. Specifically, maybe renaming it to something like "Activate Flash for use with VM Transproxy or TAILS system ONLY. Flash will not be proxied and is not considered Tor Safe."

Simply because a setting is under "Security Settings" does not mean you should be an oracle to know what it does. It should still be documented and have a specific function.

Regarding ticket #10280,, this is related. Depending on how that ticket is addressed may affect this, but this is still a different ticket. This ticket is about usability concerns mostly, and also documentation concerns, and wordings.

Again regarding #10772, to many buttons in too many places that don't do what user expects--are not documented (A design document isn't really documentation!)--this is a general problem here with Tor Browser UI design

#10888 Mozilla trademarks still remain in some about: urls new tbb-team defect Medium

Browsing to "about:" or "about:logo" (in Tor Browser 3.5.2) shows a Firefox logo which I believe is not supposed to be there in a rebranded Firefox derivative such as Tor Browser.

#10892 Disabled add-on then reenabled, and all the rules were gone new pde defect Medium

I have been using HTTPS Everywhere 3.4.5 for a few weeks with no dramas, but I found a site ( that seemed to be broken (infinite redirect loop between HTTP and HTTPS) and even when I disabled the rule for that site it was still doing it. So I disabled the add-on, and tried again. It was still broken, so I re-enabled HTTPS Everywhere, and bonk! it was kaput-ish. :-(

No rules are listed anymore, and the submenu under Tools is empty (doesn't open when upon it I click).

Thanks for reading!

#10909 Amazon Prime Streaming not work new pde defect Medium

With plugin 'enabled' within Chrome, Amazon Prime streaming fails, even with all rulesets disabled/unchecked. When 'https everywhere' is disabled, Amazon Prime streams fine.

#10915 Tool to find unused functions in Tor new defect Medium Tor: 0.2.???

We should periodically check for dead functions in Tor, and remove them.

We should have a tool to find them for us.

We could use the cruddy approach I used to take, which I can no longer find the perl script that I used to have implement. I'll attach a cruddy implementation of that one.

We could use a tool like , if that actually works, and turns out not to be stupid if I read about it for more than 60 seconds.

Other suggestions welcome, but please think of testing them before recommending them. :)

#10919 TBB 3.x does not show up in Launchpad on MacOS new erinn defect Medium

After unzipping a 3.x (currently 3.5.2) TBB and copying/moving the result to my OSX (10.9 Mavericks) Applications folder, it fails to appear in Launchpad. I have to open the Applications folder and double-click it there to launch it.

This is a new problem in 3.X. The 2.X series had no problem.

#10920 Cloudfront rule breaks ProSieben Connect new pde defect Medium HTTPS-E next Chrome release

The livestream won't start playing on with the Cloudfront rule enabled. Disabling the rule resolves this issue.

Not sure about the Version, Chrome says 2014.1.3 - I can't find that in the dropdown.

#10922 tor connected to bwauth produces lots of pathbias_count_use_attempt BUG messages needs_information defect Medium Tor: 0.2.???

I'm setting up a new bwauth currently. I'm seeing many (~1000 / hour) BUG messages in its logfile:

[notice] Tor (git-0d50b03673670de6) opening new log file. [notice] pathbias_count_use_attempt(): Bug: Used circuit is in strange path state new. Circuit is a General-purpose client currently open.

The config for the tor process (it is a relay to evade static throttling):

SocksPort 9110
ControlPort 9111
Log notice file ./data/tor/tor.log
DataDirectory ./data/tor
PidFile ./data/tor/
CookieAuthentication 1

Nickname gabelmoobwscan

RelayBandwidthRate 20480
RelayBandwidthBurst 20480

OrPort 9999

ContactInfo Sebastian <>

ExitPolicy reject *:*
#10952 Tor Browser leaves developer windows open after New Identity new tbb-team defect Medium

When you open menu entry "View Page Source" from a web page, a new window will open showing the source code. Then, when you select new identity from the onion menu, all tabs are cleared BUT that page/window with source code will stay there, it's not closed.

Tor Browser 3.5.2

#10963 Bypassing proxy settings? assigned mikeperry defect Medium

Post was posted to blog's comments:

One TBB behaviour that continues to trouble me is that Firefox continues to try to connect to the internet. I use standard install on ubuntu with no add-ons (tor-browser-linux32- and with js disabled in both NoScript and about:config.

I see additional changes with each update that improve browser isolation by disabling / blocking more auto-connect threats like blacklist updates, rule-set updates, safebrowsing reporting...etc...etc...

So with every new TBB release, I have renewed hope that Firefox will not go outside of the tor process with an internet connection attempt. Each release I allow tor to access the internet and firefox to access tor via Each release I am either immediately or later disappointed when Firefox attempts its own internet connection.

My concerns...

1) Why does TBB continue to be released with default settings that allow Firefox automatically seek an internet connection? I can not imagine this not being noted in testing. What is trying to connect and what information is trying to be shared?

2) How many people trust any connections from TBB and allow both tor and TBB Firefox connections to outside world? Why is this not a significant security flaw? Tor works fine when I block these Firefox external connection attempts. I run a minimal ubuntu box with standard Forefox gutted to the best of my ability. I have a process connection map running and see that the Firexoz attempting to connect is from the TBB package.

3) If this behaviour is known and accepted, how do we know that connections are not being made and information being sent to unknown locations by Firefox through tor? This is something that I would never catch even with my layers of application and port level firewalls...

Sorry that I do not have Wireshark capabilities, but can not imagine that this behaviour is not seen on all installations.

Thanks for your efforts.


#10969 Set of guard nodes can act as a linkability fingerprint assigned mikeperry defect High Tor: 0.2.???

It's well understood that your set of guard nodes can act as a fingerprint. Some calculations can be found in comment:3:ticket:9273 but it's pretty clear that each 3-subset of guards is rare enough that it's very likely that no other clients have exactly the same.

There are a few proposed ideas on how to reduce the linkability of guard nodes sets. For example, reducing the number of guard nodes to 1 will help against this. Still, as an example, in a city with only 500 Tor users, even if each person has a single guard, there are only going to be a few people with the same guard node (and some of them might always be in the same physical location, so the one who roams is probably the same person).

To further improve on the above, maybe it makes sense to pick N guards but only use 1 of them at a time -- and cycle through the N guards every now and then. Maybe we should cycle everytime we change network (see but how does little-t-tor knows when we changed network? There is some more discussion on this topic here:

#10972 searching atlas for email addresses fails new phw defect Medium

I'd like to be able to search atlas by email address. Currently, queries with an "@" in them results in

Backend error!

The backend server replied with an error to your query. This probably means that you did not properly format your query. If your query was properly formatted it may mean that there is an issue with your browser/add-ons. Please report which browser/addons/etc. you're using to the bug tracker.

I'm using TBB 3.5.2 with its default set of extensions.

#10990 Shrink the FAQ new mttp defect Medium

The wiki FAQ entries have been transferred to the main website FAQ. Now the page needs to be improved.

  • Add all subheads to the top of the FAQ for easier navigation.
  • Delete entries that are outdated, no longer relevant, or not frequently asked on the help desk.
  • Consolidate Tor Browser and Tor Browser 3 subsections.
  • Move sha256sum verification to the signature verification section.
  • Migrate information on setting up a relay to a dedicated page.
  • Migrate Abuse questions to the Abuse faq and kill the subsection.
  • Dedicated page for Alternate designs we don't do yet.
  • Kill Compilation and installation subsection.
  • Consolidate questions that duplicate answers.
#11007 Add more documentation about EntryGuardAddedBy in the state file new defect Medium Tor: 0.2.???

Document better how EntryGuardAddedBy date is calculated and written in the state file (well, more documentation about all the state file would be also good).

Should we also change the way the date is calculated?

The EntryGuardAddedBy dates in the state file are not sequential because the date is calculated as the real date minus a random date between the real and 30 days before [1].

The reason for this is to avoid revealing the real date the user was online at that date to that entry guard.

The only existent documentation is in doc/state-contents.txt

[1] e->chosen_on_date = time(NULL) - crypto_rand_int(3600*24*30);

#11013 Windows installer's language should default to the bundle's language new erinn defect Medium

When you open a localized torbrowser-installer exe bundle, the installer's language combobox defaults to English, whatever the localization.

#11017 Conflict with Firefox on Mac OS Mavericks: Open new FF window fails new pde defect Medium

Mac OS Mavericks (10.9.1) HTTPS-Everywhere 3.4.5 Firefox 27 and Firefox 28 Beta

If Firefox is open but NO window is displayed and HTTPS-Everywhere is enabled, it is not possible to open a new window by any method.

Workaround: Quit Firefox and relaunch by clicking on a URL icon; Firefox launches and opens a new window. If the window is closed later, ALL methods for opening a new window work until FF is quit.

Disabling HTTP-Everywhere restores normal behaviour to Firefox.

#11044 No consensus results in empty 'GETINFO ns/name/*' responses new defect Low Tor: 0.2.???

Hi Nick, spotted an interesting tor oddity during my flight (due to not having any network connectivity). When calling 'GETINFO ns/name/blarg' without a cached consensus it returns an empty string rather than the expected "Unrecognized key" response.

Repro details...

  1. With a data directory containing a cached consensus things work as expected...
% telnet localhost 9051
Connected to localhost.
Escape character is '^]'.
250 OK
GETINFO ns/all
[ ... lots of output... ]
GETINFO ns/name/blarg
552 Unrecognized key "ns/name/blarg"
  1. Blow away your data directory when you lack network connectivity.
% mv ~/.tor ~/.tor_bak
% mkdir ~/.tor
% cp ~/.tor_bak/torrc ~/.tor
% cat ~/.tor/torrc 
ControlPort 9051
% tor -f ~/.tor/torrc
  1. Now GETINFO for 'ns/all' and any requrest for a relay returns an empty response.
% telnet localhost 9051
Connected to localhost.
Escape character is '^]'.
250 OK
GETINFO ns/all
250 OK
GETINFO ns/name/blarg
250 OK

Interestingly this only seems to concern router status entries. Server descriptors and microdescriptors give us a 'Unrecognized key'...

GETINFO desc/name/blarg
552 Unrecognized key "desc/name/blarg"
GETINFO md/name/blarg
552 Unrecognized key "md/name/blarg"

For my part I noticed this because it caused an integ testing failure during my flight...

ERROR: test_get_network_status
Traceback (most recent call last):
  File "/home/atagar/Desktop/stem/test/integ/control/", line 977, in test_get_network_status
    self.assertRaises(stem.ControllerError, controller.get_network_status, "blargg")
  File "/usr/lib/python2.7/unittest/", line 471, in assertRaises
    callableObj(*args, **kwargs)
  File "/home/atagar/Desktop/stem/stem/", line 1427, in get_network_status
    raise exc
ValueError: Router status entries (v3) must have a 'r' line:

This doesn't seem like the right tor behavior but if you think it is I can simply have stem check for the empty string. :)

Cheers! -Damian

#11050 pycrypto's AES implementation is not constant time new asn defect Medium

This is a non-issue when AES-NI is supported by the host CPU since a separate code path is taken.

It's not too bad in the pluggable transport case since traffic is super-enciphered, the session keys are ephemeral, and actually extracting sufficiently accurate timing information is probably non-trivial, but it probably should be addressed somehow.

#11059 Nodes' country codes should be "definite" and "possible" new defect Medium Tor: unspecified

It would maybe be a good idea if nodes' country codes could have different statues, like "definitely in CC" or "possibly in CC". For example, if a country is "possibly in CC", then "ExcludeNodes {CC}" should exclude it, but "EntryNodes {CC}" should not include it.

This would also let us provide the feature that some operators have asked for of being able to specify their country. (I'd say that if you specify that you are in C1, but geoip says you are in C2, then you should count as "maybe in C1" and "maybe in C2" but not as definitely in either.)

See #11054 for another motivating example.

Is this a good idea?

#11090 torsocks should log errors to stderr and not stdout needs_information dgoulet defect Medium

torsocks 2.0.0-rc3

I get stuff like this on stdout:

[Feb 28 14:05:16] WARNING torsocks[22952]: Non TCP inet socket denied. Tor network can't handle it. (in tsocks_socket() at socket.c:40)

Logging to stdout interferes with the output of the underlying program, and is generally a bad idea.

#11093 obfsproxy should use C implementation of UniformDH new asn defect Medium

We are currently using a C implementation of UniformDH that is quite slow (even with gmpy2 for mod exp).

Yawning implemented UniformDH in C using OpenSSL and we should use his library.

He posted an obfsproxy patch in #11015 :

And the implementation can be found in:

#11095 allow storing passwords in TorBrowser new tbb-team defect High

The "Remember passwords" option in TorBrowser is greyed out.

In past versions of the TorBrowserBundle there was a setting in TorButton, but in v3.5 it's no longer there. How can I store passwords in TorBrowser?

Its only about storing unimportant passwords. No one can remember a different password for each forum. Copy and paste all time from a while is less safe then storing in TorBrowser. How allow storing passwords in TorBrowser? Any workaround? Can you fix this please?

#11104 Tor-Relay-Server Diskio crash needs_information defect Very High Tor: unspecified

Tor relay server Diskio increasing (tor) over a day ... than tor crashes on Debian.

What can I do?

#11107 Firefox extension interferes with other firefox extension new pde defect Medium

The extension bugs when Https Everywhere changes the url to https. An exception should be added for that site.

#11119 Write a proposal for client-side key pinning needs_information defect Medium Tor: 0.2.???

Proposal 220 suggests that we pin RSA and Ed25519 identity keys to one another authority-side. Roger suggested to me that we also consider doing client-side identity pinning.

#11121 Revocation process for authority keys new defect Medium Tor: 0.2.???

Right now, we don't have a proposal that explains how to do revocation on an authority's signing keys. We should write one, and eventually implement it.

#11123 Setup Nagios probes for the webchat support system accepted phoul defect Medium

The webchat support system needs to be monitored by our Nagios installation.

This will require help from the TSA, but we should tell us exactly what to setup and eventually write complementary probes.

#11125 Videos at PBS do not load new pde defect Medium

For this and all videos I've tried at, the video will not load, instead providing an error message "Error loading plugin: plugin file not found"

Disabling HTTPS Everywhere results in desired playback of video. I could not find a PBS site setting in the extension

HTTP-E 3.4.5 Firefox 27.0.1 Mac

#11128 target is a redirect page new pde defect Medium

In we have the target but redirects to In the second rule we have a uselessly complex ([^/:@\.]+) match. IMHO rules should not handle usernames and passwords in urls and a simple (.+) should be sufficient.

I attached the updated xml. Also added rules for (stock ticker) and (tracker).

This applies to stable and HEAD. The currently offered version 3.4.5 is not listed on "Milestone" or "Version".

#11130 Ruleset AliceDSL.xml outdated new pde defect Medium

Alice is part of Telefónica Germany for some time and has now been replaced by its brand O2. Most Alice pages redirect to only email is still available. rules can be found in (It might be a good idea to incorporate AliceDSL.xml into I attached a updated ruleset. This applies to stable and development branch.

#11131 bookmark star icon does not update when user presses new pde defect Medium

Firefox 27.0.1 with fresh profile and only https everywhere 3.4.5 installed ...

The bookmark star icon does not update when the user presses it ...

Occurs only on ordinary https sites (not for sites with EV certificates) redirected by https everywhere (not if the user typed the URL with "https://").

The bookmark star icon does update after user switches to another tab and back.

The bookmark is in fact added, but the bookmark star icon does not reflect this, and does not allow the user to press it again to change the settings for that bookmark.

Steps to reproduce: 1) Close Firefox and re-open; 2) type domain into location bar (without protocol) and press enter; 3) click the bookmark star icon

Result: bookmark star icon does not update.

Examples that do not work:

Examples that are not affected (these sites have EV certificates):

#11133 US Dept of Housing has mis directed rule set? new pde defect Medium

<rule from="https?:(?:www\.)?hud\.gov/"

to="" />

The resulting https: link generates a 404 error, and a HUD webmaster reports this comment in response to my inquiry:

"The problem I was seeing was that your link combines the link and link. "

#11134 obfsproxy's SOCKS server should send success response post handshake new asn defect Medium

Currently the obfsproxy SOCKS server sends the response back to tor immediately after the TCP/IP connection has been established, instead of after the underlying transport has been fully initialized.

This behavior is incorrect, and should be changed to each of the underlying transports signalling that they are ready to relay data after they manage to handshake.

With the current SOCKSv4Protocol based listener this would require further monkey patching which may be a good argument for defering this till after #9221 or similar gets merged.

#11142 Youtube Livestreams Not loading in HTTPS new pde defect Medium


Since a few days that with some rule change i would think, youtube livestreams have stopped working in Google Chrome and firefox with the https everywhere extension installed, regardless of if the rule for youtube is active or not.

Example: if i open a livestream( any really ) like this one randomly picked it will say "Please stand by" Forever, if i open the same link on Internet explorer (with https) it will work just fine, or in Chrome without the HTTPS everywhere extension installed.

The first thing it does after i uninstall the HTTPS everywhere extension and reload it, is show an Ad, so i would assume the https everywhere is making ads not load correctly and the video doesn't take over correctly. ( this used to happen with adblock plus before oddly enough)

#11145 coverage utility should merge multiple output files assigned defect Very Low Tor: 0.2.???

When multiple gcov invocations generate output for the same file (typically a header), we should combine their results rather than letting the last invocation win.

#11146 cov-diff utility should handle new source files assigned defect Very Low Tor: 0.2.???

Right now, cov-diff doesn't report coverage in source fils that are completely new. We should fix that.

#11151 Drop support for 0.2.2 clients assigned defect Medium Tor: 0.2.???

Once debian Squeeze hits EOL, it will be time to stop supporting 0.2.2 clients entirely.

#11153 Tor Cloud Amazon Imagery Update new defect Medium

Updates Images For Tor CLoud

#11154 Tor TLS and Security Cipher new tbb-team defect Medium

running the how's my ssl check the tor browser rated bad, the reason the tor browser is using old tls settings and old security cipers,

In the next update please set the minimum tls to 2 and the maximum to 3 in about:config for security.tls.version this makes the minimum tls 1.1 and my max tls 1.2.

Also please disable use of insecure cipher suites security.ssl3.rsa_fips_des_ede3_sha in about:config

#11159 Document deploying a scramblesuit bridge on the website. assigned phw defect Medium

These two pages have instructions for setting up an obfs2/obfs3 bridge. Is changing the ServerTransportPlugin line and adding a note about using tor 0.2.5 enough to introduce bridge operators to scramblesuit? It might make sense for scramblesuit to get its own project page (#5192). Should scramblesuit get it's own installation page too? What other information should be included?

#11180 Improve "Use Bridges" UI based on feedback and testing new brade defect Medium

We're likely to run into a few issues with the "Use Bridges Bridges" UI once users in various localizations try to use it. One issue we've already noticed is that people can become confused by the type selection dropdown, and may think it applies to bridges they enter in the "Enter custom bridges" textbox. We should probably make these radiobuttons behave such that they are more clearly mutually exclusive (ie when one is selected, all children of the other are greyed out).

I've tried to improve the situation a little with basic layout changes, but I am not sure those won't look worse in RTL languages and in very verbose localizaions, so that may be another issue to address:

#11190 obfsproxy shebang should point to "python2", not "python" reopened asn defect Medium

It currently points at "python" which is not version specific and will break horribly on systems where the default system python is python3.

This isn't a issue when it is installed with, but was when I tried a TBB nightly a few days ago. As far as I can tell every system that has python2.x installed with have a "python2" symlink so changing the shebang won't break places where this works now, but will allow it to work on more systems without breaking in horrible unintuitive ways for the user.

#11192 Livestream ruleset breaks site player and chat new pde defect Medium

The Livestream (partial) ruleset breaks crucial site features such as stream player and chat on HTTPS Everywhere version 2014.1.3 for Chrome.

#11197 obfsproxy should provide congestion feedback new asn defect Medium

I went over this in IRC tonight to a poor GSOC student who was thinking about doing a CBR plugin, so I'll file a bug while it's fresh on my mind.

Currently there is nothing in place to prevent unbound buffer growth in obfsproxy. This problem arises when the bottleneck link is extremely narrow.

For example, examine the following network topology:

Client <-> obfsproxy <-> 14.4 kbit modem <-> ISP <-> 100 Mbit <-> obfsproxy <-> Server

The Client opens a connection, and initiates a bulk download from the Server. Since there is no mechanism to indicate congestion, the outgoing buffer in the Server side obfsproxy process will grow because feedback from the Client in the form of the shrinking TCP/IP receive window will not get propagated.

The same thing will happen on the Client side with a bulk upload, because the loopback interface has a gigantic amount of bandwidth compared to the bottleneck link.

Twisted connections have a producer/consumer interface (and can handle stopping reading once the send buffer reaches a certain threshold 'self.bufferSize'), so refactoring the base transport to use this interface to glue the upstream/downstream together would be the "correct" approach to solving this problem.

See for more details.

#11206 Regression: Torbutton will not save Exceptions in the Firefox cookie manager new tbb-team defect Medium

Cookie exceptions in Tor Browser Bundle 3.5.2 (Torbutton are not remembered when TBB is restarted.

Orginal bug:

#11210 livestream rule broken on new pde defect Medium

This feed is broken by the default on livestream rule.

#11211 Multiple ServerTransportListenAddr entries should be allowed per transport. new defect Medium Tor: 0.2.???

Looking through or/config.c, it is apparent that the ServerTransportListenAddr line only allows one address/port to be specified per transport. This is problematic because there are cases where it is beneficial/required to list more than one.

A simple example of where this would be useful is:

ServerTransportListenAddr obfs3
ServerTransportListenAddr obfs3 [::]:443

The Pluggable Transport spec doesn't explicitly disallow having multiple bind addresses for TOR_PT_SERVER_BIND_ADDR, but I'm not sure what would happen if more than one is passed with each of the pt config protocol libraries in use.

The keys holding transport names must appear on the same order as they appear on TOR_PT_SERVER_TRANSPORTS.

Currently the particular example I used is probably a moot point because of #7961, but in general I don't see a good reason why each transport should be limited to one bind address.

#11214 Gmail talkgadget/hangouts/chat infinite loop new tbb-team defect Medium

Version: Tor Browser Bundle *please relocate to appropriate thread if incorrect*

Gmail allows for two types of chat: by default, hangouts, and by choice, legacy chat. These operate in a frame on the lower left of Gmail. Legacy chat works, but reverting to legacy chat from hangouts is impossible from Tor Browser Bundle, where an infinite loop interferes.

  1. Gmail load attempted with restrictive NoScript settings. Options appear: loosen restrictions, or use HTML only.
  2. is whitelisted in NoScript, as well as (optionally) some of the following domains:
  3. Page is reloaded. The following error message appears in the lower left chat frame: "Something's not right. We're having trouble connecting to Google. We'll keep trying...\n This may be caused by network or proxy issues. <a href="">Learn more</a>.
  4. is whitelisted in NoScript, as recommended on the linked support page. Gmail is refreshed.

Infinite loop:

  1. Hangouts loads, with contact list visible. Within seconds, it disappears and is replaced with a Sign In button.
  2. The Sign In button is clicked. A pop-up appears with a log-in page from domain Password is entered; user signs in. Page declares success, instructs user to close pop-up and refresh Gmail.
  3. Go to step 5.

This bug prevents users from being able to use Google chat at all, since reverting to legacy chat requires accessing the main menu in talkgadget/hangouts.

Tried many combinations of NoScript whitelists. None works.

#11222 Inform user if reachable bridges drop below a configurable fraction/number new brade defect High

It would be very useful for a number of reasons if Tor Launcher could pop up some kind of alert if some fraction of their bridges become unusable (ie when less than 50% are reachable, or perhaps less than min(33%,1)).

In that case, it should instruct the user to obtain more bridges, and give them instructions and/or a bridgedb link specific to their PT type (ie

The primary motivation for altering the user is that if bridges either go down or get blocked, it will be far easier for the user to obtain more if the user still has at least one working bridge to work with (to connect to gmail or visit a link).

One way to do this might be to use the control port command 'GETINFO entry-guards" on a timer, but an event-based approach using the "GUARD" event could also work (but would require substantially more bookkeeping and may be error prone in the face of GUARD event state transition oddities).

Tor Launcher probably should also not issue the warning if all bridges become unreachable at once, and/or if Tor detects a cease in network activity (which does not seem to be directly exported to the control port at this point :/). We don't want to alert the user every time they walk out of range from a wifi hotspot or similar situation.

This option also should not be active if the user is not using bridges.

#11233 Bug: We're writing a text string that already contains a CR. needs_information defect Medium Tor: 0.2.???

[Tue Mar 18 04:10:56 2014] Tor Software Error - The Tor software encountered an internal bug. Please report the following error message to the Tor developers at "write_str_to_file(): Bug: We're writing a text string that already contains a CR. "

#11245 Orbot bootstraped problem new n8fr8 defect Medium

On my un rooted samsung galaxy note 10.1 Orbot only gets to bootstrapped 25%.

My system information: Android version: 4.1.2 Model Number: GT - N8010


Orbot is starting… Orbot is starting… Tor binary exists: /data/data/ Privoxy binary exists: /data/data/ Obfsproxy binary exists: /data/data/ Xtables binary exists: /data/data/ link RM err=0 out: link LN err=0 out: PRE: Is binary exec? true (re)Setting permission on binary: /data/data/ POST: Is binary exec? true tor: PRE: Is binary exec? true (re)Setting permission on binary: /data/data/ tor: POST: Is binary exec? true PRE: Is binary exec? true (re)Setting permission on binary: /data/data/ POST: Is binary exec? true PRE: Is binary exec? true (re)Setting permission on binary: /data/data/ POST: Is binary exec? true PRE: Is binary exec? true (re)Setting permission on binary: /data/data/ POST: Is binary exec? true Orbot is starting… got tor proc id: 21351 Tor process id=21351 Connecting to control port: 9051 SUCCESS connected to control port SUCCESS authenticated to control port Starting Tor client… complete. adding control port event handler SUCCESS added control port event handler updating settings in Tor service Starting privoxy process /data/data/ /data/data/ & orConnStatus (madiba): LAUNCHED NOTICE: Bootstrapped 10%: Finishing handshake with directory server. Privoxy is running on port:8118 Privoxy process id=21371

NOTICE: Bootstrapped 15%: Establishing an encrypted directory connection. orConnStatus (itpol2): CONNECTED

orConnStatus (madiba): CONNECTED

NOTICE: Bootstrapped 20%: Asking for networkstatus consensus. Circuit (1) BUILT: itpol2

NOTICE: I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.

Circuit (2) BUILT: madiba

NOTICE: Bootstrapped 25%: Loading networkstatus consensus.

Circuit (2) CLOSED: madiba

NOTICE: I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.

#11254 Tor Browser bundle v3.5 fails to clean up cancelled downloads in Temp folder new tbb-team defect High
  1. Run TBB v3.5.3
  2. Click on a link to download an archive or any file type not natively handled by the browser
  3. Wait for the download to complete
  4. Observe that <random>.ext.part file is created containing entire file contents in the system's %temp% folder.
  5. In the Open/Save dialog box click Cancel.
  6. Observe that the temp-created file is not removed.
  7. Close Firefox/TBB.
  8. Observe that the temp-created file is not removed.

Firefox 28's Private Mode does not have this bug. I observed this bug in TBB v2.x as well.

#11258 Toggling permissions.memory_only causes crash of Tor Browser new tbb-team defect High

While investigating #9531 I run into an other reason for crashing when hitting New Identity:

WARNING: NS_ENSURE_TRUE(asyncCloseWasCalled) failed: file /home/firefox/tor-browser/storage/src/mozStorageConnection.cpp, line 943
Assertion failure: !mAsyncExecutionThread, at /home/firefox/tor-browser/storage/src/mozStorageConnection.cpp:415

Program ./Browser/firefox (pid = 30485) received signal 11.

Commenting out the code toggling "permissions.memory_only" seems to help.

#11264 Relay has Exit flag but short policy says reject *? needs_revision defect Medium Tor: 0.2.???

its short exit policy is reject *:*

but check out its actual exit policy

and it has the Exit flag

This seems like a contradiction, yes?

#11267 Short user manual on mirror sites redirect back to TPO new lunar defect Medium

On mirror site, open

When clicking Chinese, TPO link will open:, which means users can't access the short user manual when they can't connect Tor network and TPO is blocked.

The link should be, and all short user manuals on mirror sites are out of date.

BTW, where is the user manual (help documentation) which included in Vidalia? If users can't find one to help themselve, I believe, help@tpo will get more tickets.

#11277 Bug creating hidden service with vidalia new defect Medium

Tor exited when I created a new hidden service using vidalia 0.2.21. I guess I typed a non existent directory as I read in the log, permission denied. I appologise for my eanglish.

[Sun Mar 23 03:53:28 2014] Tor Software Error - The Tor software encountered an internal bug. Please report the following error message to the Tor developers at "set_options(): Bug: Acting on config options left us in a broken state. Dying. "

Mar 23 03:53:28.825 [Warning] Error creating directory /var/tor/tornado: Permission denied Mar 23 03:53:28.825 [Warning] Error loading rendezvous service keys Mar 23 03:53:28.902 [Error] set_options(): Bug: Acting on config options left us in a broken state. Dying. Mar 23 03:54:39.128 [Notice] Tor v0.2.4.21 (git-c5a648cc6f218339) running on Linux with Libevent 1.4.13-stable and OpenSSL 0.9.8k. Mar 23 03:54:39.128 [Notice] Tor can't help you if you use it wrong! Learn how to be safe at Mar 23 03:54:39.128 [Notice] Read configuration file "/etc/tor/torrc". Mar 23 03:54:39.147 [Notice] Opening Socks listener on

#11284 HTTPS Everywhere blocking DiS CSS and images new pde defect Medium HTTPS-E next Chrome release

browsing with HTTPS Everywhere, I lose a lot of formatting (alignment, fonts) as well as images.

Version is Chrome 2014.1.3

#11287 Torbutton preferences not saving changes. new tbb-team defect Medium

Using browser bundle 3.5.3-Windows

In the preferences menu of the Torbutton, under Security Settings: The "Disable Browser plugins (such as Flash)" does not remain unchecked. The other options work as intended.

The issue was encountered while modifying the bundle for bbc iplayer access.

#11293 Users are not able to log into new tbb-team defect Medium

Quoting Lunar From the original bug entry (#10569):

The user told me they were unable to login. They got an error message mentioning a bad cookie. I told them to deactivate Private Browsing Mode and then they were successfully able to login.

I unfortunately don't have credentials for that site.
#11294 Users are not able to log into new tbb-team defect Medium

There are reports that users are not able to log into (see #10569 for some comments).

#11295 Users cannot log into LycosMail new tbb-team defect Medium

We got a report that logging into LycosMail is not working:

#11298 Login button on is only visible if browser window gets resized new tbb-team defect Medium

If one loads the login button is shortly visible but vanishes quickly. It turns out that the width of 1000px is not enough to display the portion of the page where the login button is. Resizing on the other hand destroys the window size fingerprinting defense we currently have.

#11301 Tor does not reconnect after network loss with guards used as bridges new nickm defect High Tor: unspecified

Yawning and I have both noticed that tor can become unresponsive if either normal tor bridges or PT bridges are configured, and the client suffers a network connectivity loss. After sustained network connectivity loss, all of the orconns end up closed, and Tor will not try to reconnect to its bridges, even when new stream attempts arrive.

It is possible that Tor is simply marking all of its bridges down in this case, and is not trying to reconnect to them when the network connectivity returns, thinking they are still down?

The only way to solve this issue is to either send "SIGNAL HUP" to the control port, or to kill -HUP pidof tor. After recieving the HUP signal, tor immediately launches new orconns and circuits for its bridges, and attaches the currently pending streams to these new circuits.

Sometimes, after this problem has happened once, tor will cease building circuits even if the network remains available.

This is extremely bad for usability, because TBB becomes completely unusable in this case, and the only thing a normal user can do is exit the whole browser and re-launch it.

This may also indicate a deeper bug with how Tor handles the liveness/'down' status of normal Guard nodes, and may cause Tor to rotate Guards more frequently than necessary.

#11307 connection_handle_event_cb() should handle orconns correctly even when not in OR_CONN_STATE_CONNECTING needs_review andrea defect Medium Tor: 0.2.???

This code is in connection_handle_event_cb():

if (conn->type == CONN_TYPE_OR &&
    conn->state == OR_CONN_STATE_CONNECTING) {

It should be something like this:

if (conn->type == CONN_TYPE_OR) {
  if (conn->state == OR_CONN_STATE_CONNECTING) {
  } else {

As it stands, if conn->state != OR_CONN_STATE_CONNECTING this code will incorrectly treat orconns as generic conns and call connection_mark_for_close() on them without properly notifying the channel layer.

Note that since this code is specific to bufferevents which do not currently work, this bug cannot be demonstrated in any working build of Tor, so I'm assigning it to the 0.2.?? milestone.

Created pursuant to connection_mark_for_close() audit task #7472.

#11311 httpse-ruleset-bug: wistia ruleset breaks some video thumbnail generation new pde defect Medium

My HTTPS-E version is actually 3.4.5, but I didn't see that listed in the version field...

Problem url:

Click on "Advanced Search", and filter the list for "tutorial videos" or "webinar recordings" -> thumbnails of the flash videos (hosted by wistia) are generally not visible. If you choose "application video gallery" instead, those flash video thumbnails (also wistia-hosted) work fine.

I noticed one difference is that the videos with thumbnails that work are playing back in a floating overlay window, but the ones where thumbnails fail are playing back in a player that's embedded in the webpage.

The reason I submitted this as a ruleset bug for the wistia domains is that, if I disable the "Wistia (parial)" ruleset, all the video thumbnails are generated just fine.

Since Wistia sells video hosting services, I guess this may affect other customers of theirs besides, but I don't know of any other specific ones other than their "sister site": (Bitplane is an Andor / Oxford Instruments company)

#11325 RFE: Adhere to XDB base directory specification new defect Low Tor: unspecified

As noted by a Fedora user [1], when running Tor as a regular user it creates "$HOME/.tor" instead of "$XDG_CACHE_HOME/.tor", which is advised by the XDG specification [2] for user-specific non-essential (cached) data. Would you consider adhering to this specification?

[1] [2]

#11327 Dir auths should choose Fast and Guard flags by consensus weight if they don't measure needs_revision TvdW defect High Tor: 0.2.9.x-final

In #8435 we made directory-authorities-that-run-bwauths stop voting Fast or Guard for relays they hadn't measured yet.

But as I pointed out in, since only a minority of dir auths run bwauths, the majority of dir auths are still voting Fast and Guard based on descriptor bandwidths.

So while the title of ticket #8435 says "Ignore advertised bandwidths for flags once we have enough measured bandwidths", the ChangeLog entry is more accurate:

    - Directory authorities that have more than a threshold number
      of relays with measured bandwidths now treat relays with unmeasured
      bandwidths as having bandwidth 0. Resolves ticket 8435.

We should at some point actually do the original goal, which is to give Fast to the 7/8s of relays whose consensus weights are highest, and Guard to the 1/2 of relays whose consensus weights are highest and who match the other guard constraints.

#11328 Dir auths should compute Guard WFU using the consensus, not private history assigned defect Medium Tor: 0.2.???

Currently directory authorities track the presence of each relay and keep notes about their view locally. Then when it comes time to vote about Guard, they look at their notes and decide what fraction of the past interval the relay was up for.

But it doesn't matter anymore to clients whether the directory authority could reach the relay for that time. The question as of the v3 directory design is whether the relay was in the consensus.

So it seems like the directory authorities should be basing their measurements off "is it in the consensus this hour".

#11337 Reimplement (move relevant functions, delete extra redundant code) of,, as children of FileStegMod new vmon defect High

It seems that SRI implementation of all steg modules have almost identical implementation of:

http_handle_client_XXX_receive http_server_XXX_transmit

As programmers usually do not duplicate a code that they need to use twice, instead, often they write a function and call it twice (surprisingly that was exactly the reason for which functions were invented in the first place), I came up with the following revolutionary solution:

I made a FileStegMod class (file_steg.h/.cc) which has only one copy of the above mention functions other steg module should be inherited from this class and call the parent function instead, so we don't need to keep zillion copies of these functions in our code.

Also doing so, it will uniformize the code (new steg modules are already children of FileStegMod) and as such, considerably simplify it.

#11341 Khmer translation new phoul defect Medium 2014 Tor Blog Replacement


I finished translation for TorBrowser at:

Could you please build Khmer translations in the next release? and when will the next release happen?



#11343 TorLauncher's UI should warn users when a bridge fingerprint appears to be incomplete new brade defect Medium

A Tails user reported some trouble using the new Tails (version 0.23) which includes TorLauncher. They were entering a bridge line, and were confused why it was not working. After some troubleshooting, we determined that they had only entered 27 (out of 40) of the characters of the bridge's fingerprint. Perhaps it would help users to have some sort of feedback on this? The simplest would be: when they hit "OK", to take them back and display a message saying "Oops! It looks like you were trying to enter a bridge fingerprint. Bridge fingerprints are 40 characters long, and you only have 27!" More complicated: while they are typing the fingerprint, display a dynamic message which counts down the number of characters missing. For posterity, here is the conversation from #tails:

00:55  alster ) i'm just trying to run tails for the first time actually, with
                a bridges setup, but having trouble to get past the point where
                i need to type the bridges.
00:56  alster ) but the error message actually sounds like i may have a typo
00:56  alster ) [warn] key digest for bridge is wrong
00:57  velope ) hmm, are you entering a fingerprint for the bridge? don't.
00:57  alster ) [warn] controller gave us config lines that didn't validate:
                Bridge line did not parse. See logs for details.
00:58  alster ) the lines i got in the box look like this:
00:58  alster ) bridge obfs3 <IPv4> <HASH>
00:59  alster ) i guess the HASH is the fingerprint you're referring to?
00:59    isis ) yes, HASH is the fingerprint
00:59  alster ) actually that's
00:59  alster ) bridge obfs3 <IPv4:PORT> <HASH>
00:59    isis ) that should be correct
01:00  alster ) so what i should be using is this instead?
01:00  alster ) bridge obfs3 <IPv4:PORT>
01:00  alster ) correct?
01:00    isis ) i am not sure, i have not tried the new tails yet, but you really want the fingerprint in there, otherwise you could be trivially man-in-the-middled
01:01    isis ) so if tails is not handing the fingerprint correctly, that is a
                serious bug
01:01  alster ) maybe i don't want the leading "bridge"? since does not output this
01:02    isis ) well, i write the code for bridges.tpo
01:02  alster ) well i entered the data manually, so chances are i just
                misspelled it
01:02    isis ) and the only reason we stopped putting the 'bridge ' at the
                beginning was because vidalia is idiotic and didn't handle it
01:03    isis ) torlauncher explicitly has code to handle lines which either start
                with 'bridge ', or with the transport method, or with the IP:PORT
01:03  alster ) i assume the fingerprints should be the exact same # of characters
                always, right?
01:03    isis ) yes, always 40 chars
01:04    isis ) though? perhaps? is your bridge's fingerprint all uppercase or
                all lowercase?
01:04  alster ) all lowercase
01:04    isis ) currently returns lowercase
01:05  alster ) i just checked, gave me 2
                fingerprints with 40 characters each
01:05  alster ) but one of those i typed has 29 only
01:05  alster ) so it's my fault
01:05    isis ) ah, okay, that make sense :)
01:06    isis ) but perhaps torlauncher should be a bit smarter and tell you
                that that was the problem
01:06    arma ) isis: you could be man-in-the-middled for your first hop, but
                not your second or third. and if they're in a position to
                man-in-the-middle your first hop, they're in a position to
                do traffic analysis on it. so either way you'd best hope
                they're not watching the other end too. and if they are, it
                doesn't matter that they can mitm the first end.
01:06    isis ) arma: yes, true
01:07    arma ) that's why i was fine giving out bridges without fingerprints
01:07    arma ) it seems there's been a big push lately to switch to "you must
                have a fingerprint"
01:07    arma ) which seems to really harm usability
01:07    isis ) arma: though mitm'ing the first hop opens the grounds for more
                attacks than just analysis, like the replay attack and xor'ing
                in tags into the encrypted streams
01:08    isis ) arma: but this is the first i've heard of a usability issue
                with the fingerprints, is this normal? there are lots of these
01:08  alster ) this GUI definitely needs something like "okay, you entered 27
                characters so far, 13 more to go."
01:09  alster ) also, the lines you enter there do currently wrap
01:09  alster ) (making it hard to read)
01:09    isis ) yes, i agree, it definitely should tell you that something was
01:09    arma ) isis: anybody who tries to manually copy a bridge line will
                basically fail if it's more than an ip and a port and maybe a
                few more characters
01:10    isis ) arma: i can give them a QR code with two lines of python,
                would that help?
01:10    arma ) but also, good point, they can get in past the tls if they can
                mitm the bridge. which is meaningful.
01:11    arma ) would the qr code help this tails person? probably not. would it
                help an orbot person? maybe.
01:11  alster ) presenting the fingerprint in a user friendly way (and having a
                user freindly input on the other end) would help
01:12  alster ) so think of images of fruits or whatever
01:12    isis ) should there be a "Wat? You expect me to type that in? Give me
                a QR code!" button on BridgeDB when you get bridges?
01:13  velope ) the GUI could be better, but for most people anything involving
                long meaningless strings is massive fail
01:13    isis ) hmm, the images of fruits thing becomes much harder to do, i
                think, because it would need to be something that the bridge
                puts in their descriptor (so that your tor could check it when
                you try to connect to the bridge)
01:14    isis ) hmm. i will need to think about this more.
01:14  velope ) "needs proposal"
01:15    isis ) though torlauncher should also be okay if there is no
                fingerprint at all
01:15  velope ) it is
#11361 Cloudefront rules block downloads new pde defect Medium

When downloading some files from, we are sent a link on However https-everywhere redirects to an https version of the URL which gives a permission denied error.

I suggest adding the following exclusion to the cloudfront rule:

<exclusion pattern="^http://ds6mgb82jxf5h\.cloudfront\.net" />
#11363 QR,DIR ports bind to even when I tell tor otherwise. new defect Medium

Hello, I am running a tor middle relay on a high bandwidth connection but an running into a problem which is causing me more frustration then needed.

I have multiple virtual ip's on my servers NIC. I only want ports 9030,443 and outgoing connections to be available on 1 virtual IP. In order to accomplish that I have added the following configuration to Vidalia.

# This file was generated by Tor; if you edit it, comments will not be preserved # The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it

AccountingMax 11811160064000 AccountingStart month 1 00:00 ContactInfo tor-relay-harrry at comcast dot net ControlPort 9051 DataDirectory C:/Users/jt/AppData/Roaming/tor DirPort DirReqStatistics 0 ExitPolicy reject *:* HashedControlPassword 16:0FD1F531889C1EA360F45BB687F6635983F68D781254B999BC7EDB0200 Log notice stdout Nickname BeefTits ORPort OutboundBindAddress RelayBandwidthBurst 30720000 RelayBandwidthRate 10240000 SocksPolicy reject * SocksPort 9050

The problem is TOR.exe looks for the ports on my default NIC ip address of and

===================================================================== Mar 29 00:03:59.678 [Notice] Now checking whether ORPort and DirPort are reachable... (this may take up to 20 minutes -- look for log messages indicating success) ====================================================================== Because I have communication blocked on these ports the reach-ability test fails. ====================================================================== Mar 29 00:23:58.649 [Warning] Your server ( has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Mar 29 00:23:58.650 [Warning] Your server ( has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. ======================================================================

Is is possible for the service to only use the ports that I am specifying? If I leave the default ports open then port 443 is open on my main server ip which I do not want.

Additionally if I have the configuration setup with the default ports set i.e not specifying an ip:port in the config in vadalia, when I click on settings/sharing the box relay traffic inside the to network (non-exit relay) is checked as expected.

As soon as I edit the configuration like I have above and specify the ip:port allocations the button goes to run as client only by itself, and it over-writes the configuration I added and defaults the configuration to specify just the ports 443 and 9031 which means bind to i.e

Question is there a way to specify outgoing and incoming port allocations to one virtual ip on the IP Stack?

Why is it using the default ip when I am specifically telling it not to do so.

I also see the ports being used in the sniffer output so the software is ignoring my configuration for port:ip bindings.



#11371 New TOR not working on Mountain Lion needs_information erinn defect Medium

Interesting that an older Tor Browser works, but the latest one doesn't. Would you please open a new bug ticket on describing the details of your experiment?

I am using OSX 10.8.5 - Mountain Lion (not Mavericks for performance reasons) with my OSX firewall on AND with Sophos antivirus 9.0.8. I do not want to relax these settings for security reasons. I am successfully playing with Vidalia 0.2.21 & TOR (git-23dd7c901287d7d8) Qt 4.8.1 ( -- which DOES work. This is the old version with separate Vidalia and the old Firefox browser. However, when today I installed the CURRENT version of TOR (, it would not work. The TorButton onion turns green but I am not actually making any kind of network connection: Here are the logs: 3/29/14 19:26:05.157 [NOTICE] Opening Socks listener on 3/29/14 19:26:05.157 [NOTICE] Renaming old configuration file to "/Applications/Privacy/" 3/29/14 19:26:05.490 [NOTICE] Bootstrapped 5%: Connecting to directory server. 3/29/14 19:26:05.490 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server. 3/29/14 19:26:05.621 [NOTICE] Bootstrapped 15%: Establishing an encrypted directory connection. 3/29/14 19:26:05.741 [NOTICE] Bootstrapped 20%: Asking for networkstatus consensus. 3/29/14 19:26:05.790 [NOTICE] Bootstrapped 25%: Loading networkstatus consensus. 3/29/14 19:26:06.306 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. 3/29/14 19:26:07.110 [NOTICE] Bootstrapped 40%: Loading authority key certs. 3/29/14 19:26:07.587 [NOTICE] Bootstrapped 45%: Asking for relay descriptors. 3/29/14 19:26:07.588 [NOTICE] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/5570, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw.) 3/29/14 19:26:08.655 [NOTICE] Bootstrapped 50%: Loading relay descriptors. 3/29/14 19:26:09.320 [NOTICE] Bootstrapped 51%: Loading relay descriptors. 3/29/14 19:26:09.155 [NOTICE] Bootstrapped 53%: Loading relay descriptors. 3/29/14 19:26:09.269 [NOTICE] Bootstrapped 55%: Loading relay descriptors. 3/29/14 19:26:09.332 [NOTICE] Bootstrapped 57%: Loading relay descriptors. 3/29/14 19:26:09.332 [NOTICE] Bootstrapped 59%: Loading relay descriptors. 3/29/14 19:26:09.388 [NOTICE] Bootstrapped 61%: Loading relay descriptors. 3/29/14 19:26:09.443 [NOTICE] Bootstrapped 63%: Loading relay descriptors. 3/29/14 19:26:09.444 [NOTICE] Bootstrapped 65%: Loading relay descriptors. 3/29/14 19:26:09.504 [NOTICE] Bootstrapped 67%: Loading relay descriptors. 3/29/14 19:26:09.546 [NOTICE] Bootstrapped 68%: Loading relay descriptors. 3/29/14 19:26:09.546 [NOTICE] Bootstrapped 70%: Loading relay descriptors. 3/29/14 19:26:09.560 [NOTICE] Bootstrapped 72%: Loading relay descriptors. 3/29/14 19:26:09.593 [NOTICE] Bootstrapped 74%: Loading relay descriptors. 3/29/14 19:26:09.620 [NOTICE] Bootstrapped 76%: Loading relay descriptors. 3/29/14 19:26:09.653 [NOTICE] Bootstrapped 78%: Loading relay descriptors. 3/29/14 19:26:36.449 [NOTICE] We now have enough directory information to build circuits. 3/29/14 19:26:36.449 [NOTICE] Bootstrapped 80%: Connecting to the Tor network. 3/29/14 19:26:36.449 [NOTICE] Bootstrapped 90%: Establishing a Tor circuit. 3/29/14 19:26:39.255 [NOTICE] Tor has successfully opened a circuit. Looks like client functionality is working. 3/29/14 19:26:39.255 [NOTICE] Bootstrapped 100%: Done. 3/29/14 19:26:40.988 [NOTICE] New control connection opened. 3/29/14 19:28:40.438 [NOTICE] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for socks info) 3/29/14 19:28:43.435 [NOTICE] Tried for 120 seconds to get a connection to [scrubbed]:0. Giving up. (waiting for socks info)

#11374 fix tor lockfile checking bug needs_revision dave2008 defect Medium

I previously had a misconception that lockfile got removed every time tor exits :(

This patch checks the state of lockfile properly.


#11423 Fail to load http->https new pde defect Medium

I haven't tested/reproduced it but I'm positive this is correct

When on a *http* site when the page loads a http resource that redirects itself to https; http everywhere won't load it. For an example on many squarespace sites such as this

I may get a http link and if I do the twitter/whatever icon will not show. If its https it works completely fine. If i visit http after loading the https version its fine. On hard refresh of course it has to find the resource again and fails thus I get weird squares instead of glyphs. See the linkedin link at the bottom of the page it should have a linkedin icon

#11442 Amazon Web Services rule breaks new pde defect Medium

This is a ruleset bug:

The Amazon Web Services stable rule breaks the display of documents at For instance, see

When the Amazon Web Services rule is turned off, you can navigate the pages, zoom in and zoom out with your mouse. When the rule is turned on, only a cover thumbnail is displayed.

HTTPS Everywhere for Chrome 2014.1.3 Google Chrome 33.0.1750.154 m Windows 8.1, 64 bit

#11444 Drop support for long-obsolete versions of Windows assigned defect Medium Tor: 0.2.???

When we started writing Tor, Windows 98 was still a going concern. Now... it is less so.

We should identify and drop support code for all windows versions before Windows XP. This is mainly going to be a matter of identifying cases where we use LoadLibrary and GetProcAddress to find always-present-functions in always-present DLLs, and looking for opportunities to move from old busted APIs to fresh new ones.

(Dropping support for windows XP is a separate ticket.)

#11445 Drop support for Windows XP new defect Medium Tor: 0.2.???

Windows XP hit its end-of-life today (April 8, 2014).

We should identify and drop support code for Windows XP. This is mainly going to be a matter of identifying cases where we use LoadLibrary and GetProcAddress to find always-present-functions in always-present DLLs, and looking for opportunities to move from old busted APIs to fresh new ones.

I'm making this a separate ticket from #11444 (removing support from pre-XP versions) since the timing on the two can be argued to be separate. Nonetheless, if we agree to do both at once, that might be clever.

#11448 Dirauths must support multiple relay identity keys at once new defect High Tor: unspecified

As discussed on, directory authorities must rotate their relay identity keys in order to recover from possible exposure due to the ‘Heartbleed’ bug. (A dirauth's relay identity key could be used by a MITM attacker to feed clients an outdated consensus, for example.)

There are two requirements in order to do this without causing a network meltdown:

  • A dirauth must be able to sign relay descriptors using multiple relay identity keys at once.
  • A dirauth must be able to operate multiple ORPorts at once, with (possibly) different relay identity keys.
#11459 libfaketime causes the build system to report being not sane new tbb-team defect Medium

libfaketime causes build systems to report that they are not sane which can easily lead to an endless loop or at least to a much longer build time. This is only an issue if more than one core is used for building the TBBs.

#11466 Only blank PNG files are visible in thumbnails folder after disabling private browsing mode new tbb-team defect Very Low

Instead of thumbnails of previously visited sites only blank PNG files are visible after disabling private browsing mode. The expected behavior is probably to see the real thumbnails.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Note: See TracQuery for help on using queries.