Custom Query (4939 matches)


Show under each result:

Results (901 - 1000 of 4939)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Ticket Summary Status Owner Type Priority Milestone
#13800 circuit does not close after hidden service is shutdown via control port new defect Medium Tor: unspecified

Using the tor control port i create my tor hidden service like this:

SETCONF hiddenservicedir=/var/lib/tor-alpha-hidden-services/hiddenService01 hiddenserviceport="80"

I then create a connection to that hidden service... and afterwards remove it like this:

SETCONF hiddenservicedir=/var/lib/tor-alpha-hidden-services/hiddenService01

Even after this hidden service is removed from the tor process additional connection attempts to that same onion result in these log messages:

Nov 21 04:11:47.000 [info] connection_exit_begin_conn(): begin is for rendezvous. configuring stream. Nov 21 04:11:47.000 [warn] Couldn't find any service associated with pk e5p437qubbddgwa6 on rendezvous circuit 4216977301; closing. Nov 21 04:11:47.000 [info] connection_exit_begin_conn(): Didn't find rendezvous service (port 80)

I also noticed that sending the tor process a sig HUP stopped this behavior fairly soon... but I was still able to produce these log messages for a little while.

#13803 Better and more efficient database schema new hellais defect Medium

The current mongo db database schema has some problems that do not allow for efficient querying in certain cases.

Curently the main two collections in the DB are "reports" and "measurements" and each measurement references the report by id.

This makes analysis on a per country basis not so easy, e.g.:

  1. query for all measurements that have inconsistencies
  2. iterate over measurements and query report_id (and probe_cc)

This results in many unecessary queries.

Ideally we would like to have a schema that allows use to one query in order to get all measurements based on report AND measurement attributes ; the result would be just a list of measurements.

#13817 Untange kludgey library detection, particularly for SSL forks new defect High Tor: unspecified

Split from #13415:



I'm having trouble getting LibreSSL (2.1.2) to work with tor git on OS X 10.9.

Here are the issues I've found and fixed in the configure invocation:

configure --with-openssl-dir= detects the wrong bin/openssl if "$OPENSSL_DIR/bin/openssl" isn't in the path before all other openssl executables. configure --enable-static-openssl requires LDFLAGS="$OPENSSL_DIR/lib":$LDFLAGS to link properly, at least on OS X.

I'm pretty sure these issues will affect all (non-system/non-standard) SSLs.

Can we make configuring with non-system SSLs easier by prepending "$OPENSSL_DIR/bin" and "$OPENSSL_DIR/lib" to the PATH and LDFLAGS respectively?


BoringSSL is even worse - it doesn't even have an openssl executable, only builds static libraries, and is a pain to configure correctly under our current config scripts.

I can't seem to stop it finding the system-supplied SSL, even when I provide it the BoringSSL directories.

I get the following warnings when I manually install BoringSSL into include/lib/bin dirs, and fake the openssl executable using the bssl executable:

(See #13815)


(The build issues are another matter and should get their own ticket: Untangling our kludgey library detection has been something a bunch of people have wanted for a while.)

#13818 [PATCH] Active tab looks ugly (inherits system color scheme only partially) assigned mcs defect Medium

I use Tor Browser 4.5-alpha-1 on KDE, my gtk+ theme is oxygen-gtk. As I found from looking into sources of Tor Browser, when it renders site content, it uses some stand-ins for native colors to avoid browser fingerprinting. And these stand-ins should not be used when rendering browser interface - the variable useStandinsForNativeColors in layout/style/nsRuleNode.cpp:890 (function SetColor):

bool useStandinsForNativeColors = aPresContext && !aPresContext->IsChrome();

But this condition is not enough to fully distinguish browser interface from site content. Look at the attached screenshot to see that left and right corners of active tab are lighter than middle of the tab - this is because the middle renders with system colors, and corners render with stand-ins while stand-ins should be really disabled for them.

I discovered that two files correspond for corners of the tab: chrome://browser/skin/tabbrowser/tab-selected-start.svg and chrome://browser/skin/tabbrowser/tab-selected-end.svg, and IsChrome() function returns false for this files, so stand-ins are used when they shouldn't.

I think that the attached patch should be used in order to handle correctly those two svg files.

#13832 HTTPS Everywhere breaks PayPal checkout process new zyan defect High

For, ordering with HTTPS Everywhere in the PayPal portion of the checkout breaks the site by rewriting https connection to

The issue has been spotted on Firefox 33.1, Windows 7 - 64 bit.

Please, the rule ( on should be modified to not redirect to anymore.

Thank you

#13833 Tor Browser hangs on our own Trac reopened tbb-team defect Medium

According to Yawning: Selecting the timeline checking all checkboxes and clicking on "Update" leads to a freeze of the browser. This happens in vanilla Firefox on different OSes, too. Might be related to #10631.

#13834 please remove trailing spaces from source files new tbb-team defect Medium

In TorButton (aboutTor.js, torbutton-logger.js, and others) there are a lot trailing spaces. It's best practice to remove them.

Just open all files in an editor that removes trailing spaces upon saving. (Such as Kate when configured to do so.)

I could provide a git branch for this "fix" if you like, but I guess it's simpler for someone with commit access.

#13846 HTTPS anywhere in Firefox blocks all videos from playing new zyan defect Medium

If I have HTTPS anywhere enabled in Firefox 33.1 on Windows 7 and try to view highlight videos, it simply doesn't work. Disabling the plugin fixes the issue.

The version reads HTTPS anywhere 4.0.2

#13854 "view page source" isn't cleared/cleaned when click "create new identity" new tbb-team defect Medium


I have noticed that if I right click in a webpage and chose "View Page Source" it will give me a new window with the source of that page, but that window isn't closed or cleaned right away if I close the browser or click "create new identity". It should, because leaving it opened could lead to some unwated situations (like someone coming on the computer and seeing we were inspecting

#13871 Can't use keyboard new tbb-team defect High

When in the tor browser the keyboard doesnt work at all in Tor browser 4.0.1. The old version worked just fine, but when I updated it stopped working and so did all previous versions I tried.

I'm on windows 7 64 bit.

The mouse works fine

#13887 Pick a reporting format for Chutney new defect Medium

We need some way for Chutney to tell another process about the events it's seeing.

Options include CTF, json, protocolbufs, line-based text.

See for a synopsis of goals.

I'm especially interested in dgoulet's opinion on CTF in particular.

I'm especially interested in atagar's opinion about what would be friendliest to a stem-based chutney.

#13890 Provide support for urdu language in Tor Browser new tbb-team defect Medium

Currently Tor Browser does not support the urdu language.

Implementing this feature, though, is blocking on having an ESR of Firefox that supports such language, that will probably not happen before August 2015.

Support for urdu in Firefox was just recently announced: and xpi's for it are only shipped in their alpha builds:

When that is done the TorButton and TorLauncher components would need to be translated.

It's probably a good idea to implement this as part of #12967.

#13898 HTTPS Everywhere not working with SlimJet new zyan defect Medium

The HTTPS Everywhere extension seems to load correctly in the Slimjet browser but the icon does not appear in the address bar. Does this mean that it is not working? Am I missing something or is it just that the extension is not compatible with Slimjet?

#13899 Won't allow videos to be palyed new zyan defect Medium

With HTTPS Everywhere enabled, videos on (and maybe others) will not play

#13912 Key Security: Zeroing Buffers Is Insufficient (AES-NI leaves keys in SSE registers) new defect Medium Tor: unspecified

The article "Zeroing Buffers Is Insufficient" describes how AES-NI can leave keys in SSE registers for long periods of time. (It also describes issues with temporary variables on the stack, and in other registers.)

Is there a way we can semi-portably fix this?

#13926 No certificate hierarchy reopened tbb-team defect Medium

In the certificate hierarchy there is only one certificate displayed for some sites.

#13928 Tor Authorities reachability testing is predictable and sequential new defect Medium Tor: unspecified

In the tor network, all tor authorities test reachability in the same, predictable sequence. Each authority uses the same sequence, and, if started at similar times (a 10 second window ever 1280 seconds), they will start at the same point. (This is a particular issue with test networks.)

I'd like to randomise the start point and progression of the sequence, while keeping the property that each 1280 second cycle tests all routers.

#13929 Increase Authority reachability testing rate with low TestingAuthDirTimeToLearnReachability new defect Medium Tor: unspecified

In a TestingTorNetwork, when TestingAuthDirTimeToLearnReachability is much lower than its normal value of 30 minutes, bootstrap will happen much more reliably if we test reachability at a proportionally faster rate.

I'd like to multiply the number of routers tested every 10 seconds, by the proportion that TestingAuthDirTimeToLearnReachability is smaller than the expected 1280 second cycle length.

#13937 Allow the use of NoScript in whitelist mode new tbb-team defect Medium

TBB customises NoScript to only allow a simple toggle between global allow / global deny of scripts. That's a reasonable attempt to make a hard-to-use tool more comprehensible for many types of users.

Power users however have good reasons to want NoScript's default whitelist-based UI instead. For instance, a user may wish to allow Google JS in order to be able to solve CAPTCHAs and use Google's search engine, but not want to take the risks of JS-dependent vulnerabilities on every other site they visit with TBB.

Currently there doesn't seem to be a way to make that happen in the TBB NoScript UI.

#13951 Add EFF technologists as maintainers for the HTTPS Everywhere transifex strings accepted phoul defect High

I think I used to have the ability to edit all of our translated strings, but it now says, "to translate you need to be logged in and a members of the $LANG team" (I am logged in).

EFF technologists we should add:

pde schoen jsha jgillula cooperq

#13954 Android fonepad new n8fr8 defect Medium

Downloaded both apps from Google play store and did the regular install to internal hard drive Orbo keeps giving me a startup error so I deleted both apps and reinstalled them with same results How can I manually repair install

Phone= Asus FonePad 7 K012 rooted running 4.3 jellybean Running android Orbit 14.1.4 (Tor

Orbot is starting… Orbot is starting… Waiting for control port... tor: PRE: Is binary exec? true polipo: PRE: Is binary exec? true obfsclient: PRE: Is binary exec? true xtables: PRE: Is binary exec? true Orbot is starting… Orbot is starting… updating torrc custom configuration... success. Orbot is starting… Tor (1): sh: <stdin>[2]: /data/data/ No such file or directory

Unable to start Tor: java.lang.Exception: Torrc config did not verify

#13957 Orbot not starting on lollipop (Nexus 4) new n8fr8 defect Very High

Every time I try starting Orbot, I see the following error:

Tor(1):error: only position independent executables (PIE) are supported

Unable to start Tor:java.lan.Exception: Torrc config did not verify.

I tried the advise given in

But that didn't help either.

Is there anything else I can do?


#13958 possible state leakage in Tor Browser new tbb-team defect Medium

In Tails 1.2.1 (the current latest), when I run Tor Browser for the first time the menu bar is hidden.

Its visibility toggles irritatingly with the alt key. So, I always set it to remain visible by right-clicking in the empty space in the tab bar to the right of the current tab and checking the "Menu Bar" option in the contextual menu.

When I quit and relaunch Tor Browser, this setting remains, even though all other browser state I have discerned is reset.

I am filing this bug so that someone more knowledgeable can consider and investigate the possibility that this presumably-harmless state persisting is not an indicator of some larger state leaking problem in Tor Browser.

#13965 https-e breaks NBC Live Extra streaming new defect Medium

When HTTPS-E is active, doesn't work. After choosing a stream, you're redirected to a cable vendor site for authentication, then returned to NBC to start stream. If HTTPS-E is active, you get a "not subscribed" error and you're kicked out. With HTTPS-E disabled, it works fine. It seems to be a token setting problem of some kind, but I'm not a real coder so that theory is suspect. First noted using Chrome, unclear with Firefox(pc) because it doesn't work either way (either inherent to Firefox or other plug-ins/extensions or my config).

#13974 Google Images ruleset delivers 404 on links from Delicious Library 2 new defect Medium

When doing a search for Cover Art from the OS X app Delicious Library, the link generated should look like this-|medium|large|xlarge&gws_rd=ssl&tbm=isch

But with the Google Images ruleset turned on, it gets changed to this and generates a 404-|medium|large|xlarge

This was in version 4.0.2 of HTTPS Everywhere.

#13976 Simplify adjustment of consensus speed in testing tor networks new defect Medium Tor: unspecified

In order to adjust the consensus speed in a tor network, we need to configure at least 12 torrc options across authorities, relays, and clients. These options have complex timing interrelationships.

rl1987 suggested that we add a single "make it faster by X times" parameter that modifies all of these at once.

If I were using chutney, I would prefer a parameter that changes the length of the consensus cycle to a specified number of seconds. (What does 0.1x mean? And reaching the minimums would require fractions like 0.0028.) But the basic idea is still the same.

I believe the options we would need to modify are:

Option Minimum Testing Default Suggested Constraints
V3AuthVotingInterval 10 (after #13718) 300 3600 Linear Scaling Between Minimum and Default based on TestingOverallConsensusInterval/Default Must be strictly more than twice (V3AuthVoteDelay + V3AuthDistDelay)
TestingV3AuthInitialVotingInterval 5 (after #13718) 150 (after #13718) 1800 V3AuthVotingInterval/2 Must be strictly more than (TestingV3AuthInitialVoteDelay + TestingV3AuthInitialDistDelay) (after #13718, otherwise twice that)
V3AuthVoteDelay 2 20 300 Linear Scaling Between Minimum and Default based on TestingOverallConsensusInterval/Default V3AuthVotingInterval See Above
TestingV3AuthInitialVoteDelay 2 20 300 V3AuthVoteDelay See Above
V3AuthDistDelay 2 20 300 V3AuthVoteDelay See Above
TestingV3AuthInitialDistDelay 2 20 300 V3AuthDistDelay See Above
TestingClientMaxIntervalWithoutRequest 1 5 600 Quadratic Scaling Between Minimum and Default based on (TestingOverallConsensusInterval2)/(Default2) None
TestingServerDownloadSchedule 0 0, 0, 0, 5, 10, 15, 20, 30, 60 0, 0, 0, 60, 60, 120, 300, 900, 2147483647 0, V3AuthVotingInterval/4 None
TestingClientDownloadSchedule 0 0, 0, 5, 10, 15, 20, 30, 60 0, 0, 60, 300, 600, 2147483647 TestingServerDownloadSchedule None
TestingBridgeDownloadSchedule 0 60, 30, 30, 60 3600, 900, 900, 3600 TestingServerDownloadSchedule None
TestingServerConsensusDownloadSchedule 0 0, 0, 5, 10, 15, 20, 30, 60 0, 0, 60, 300, 600, 1800, 1800, 1800, 1800, 1800, 3600, 7200 TestingServerDownloadSchedule None
TestingClientConsensusDownloadSchedule 0 0, 0, 5, 10, 15, 20, 30, 60 0, 0, 60, 300, 600, 1800, 3600, 3600, 3600, 10800, 21600, 43200 TestingServerConsensusDownloadSchedule None

If we yield the default times when TestingOverallConsensusInterval 3600, then some typical values would be:

Option Minimum Testing Turbo (2x) Default
TestingOverallConsensusInterval 10 300 1800 3600
Scaled V3AuthVotingInterval 10 ((300-10) * (3600-10) / (3600-10)) + 10 = 300 ((1800-10) * (3600-10) / (3600-10)) + 10 = 1800 ((3600-10) * (3600-10) / (3600-10)) + 10 = 3600
Comparable V3AuthVotingInterval 10 300 N/A 3600
Scaled V3AuthVoteDelay 2 ((300-2) * (300-10) / (3600-10)) + 2 = 26 ((300-2) * (1800-10) / (3600-10)) + 2 = 150 ((300-2) * (3600-10) / (3600-10)) + 2 = 300
Comparable V3AuthVoteDelay 2 20 N/A 300
Scaled TestingClientMaxIntervalWithoutRequest 1 ((600-1) * (300-10)2 / (3600-10)2) + 1 = 5 ((600-1) * (1800-10)2 / (3600-10)2) + 1 = 150 ((600-1) * (3600-10)2 / (3600-10)2) + 1 = 600
Comparable TestingClientMaxIntervalWithoutRequest 1 5 N/A 600

These look good, although we'd also need to make sure that any scaling didn't drop the values below the absolute minimums. This should probably be clipped automatically, so TestingOverallConsensusInterval 0 makes sense as "go as fast as you can".

<rl1987> my idea: what about having a configurable parameter that makes consensus happen faster by, say, 100 times?
<teor> rl1987: you mean, V3AuthVotingInterval, TestingV3AuthInitialVotingInterval, TestingV3AuthInitialVoteDelay, V3AuthVoteDelay, TestingV3AuthInitialDistDelay, V3AuthDistDelay, TestingServerDownloadSchedule
<teor> Unfortunately, the behaviour is a little too complex to just say, "make it very very fast"
<teor> I've basically reduced those parameters to their minimums, and patched tor when that didn't work as I thought it should
<rl1987> I meant "make it faster by X times"
<rl1987> if the entire lifecycle takes 6 hours, maybe we can have a parameter that forces it to take 6 hours / X
<rl1987> not sure how feasible is that.
<teor> Hmm, I think we'd be dividing too many things by that number
<rl1987> would it cause any trouble, if they were getting proportionally smaller?
<teor> Hmm, there's some things that have minimum times, and I've already set them to that to get it to work in under a minute
<teor> Perhaps we could scale up between that and the default hour-long interval
<teor> i.e. the minimum consensus time is 10 seconds, the default is 3600 seconds, let's have a parameter that scales up proportionally
<teor> or, the minimum voting and distribution delays are 2 seconds, the defaults are 300 seconds, ...
<teor> I'm not sure how to handle TestingServerDownloadSchedule and TestingClientDownloadSchedule
<teor> They look like: TestingServerDownloadSchedule 10, 2, 2, 5
<teor> Perhaps we define that as: <consensus interval>, <vote interval>, <dist interval>, <consensus interval>/2
<teor> Sure. I will log a lorax on your last suggestion
<rl1987> nice.
<rl1987> not sure if the idea is very useful, though.
<rl1987> but I would like it to be considered.
<teor> Sure is a lot nicer than having to set 6-8 separate parameters
#13986 Steam sites broken by rulesets Steam Static and Steam Community new defect High

The "Steam" and "Steam" rulesets break Steam websites:

Cannot view videos of the game while Steam is enabled.

Try to open a submission, the contents dont load while having Steam enabled.

#14006 Hidden service error: "We'd like to launch a circuit to handle a connection, but we already have 32 general-purpose client circuits..." needs_information defect Medium Tor: unspecified

The HS operator in saw this Tor log:

Dec 11 13:08:59.000 [notice] We'd like to launch a circuit to handle a
connection, but we already have 32 general-purpose client circuits
pending. Waiting until some finish. [268 similar message(s) suppressed
in last 600 seconds]

His network seems to be flaky so this might be the result of crappy network. However, we might want to investigate a bit further, since that message was supressed 250 times.

I can imagine situations in very busy hidden services, where 32 clients try to access them at the same time, which means that it tries to establish 32 circuits at the same time which might cause this problem.

#14029 Monotype Imaging new defect Medium

If Monotype Imaging (partial) is enabled I can't get past the first question at

#14034 Make TestingDirAuthVoteGuard/Exit/HSDir and AssumeReachable less essential in test networks new defect Medium Tor: unspecified

Currently, we need to use TestingDirAuthVoteGuard *, TestingDirAuthVoteExit *, and AssumeReachable 1 to get a test network to bootstrap in under a minute. With #8243, we may need to create a TestingDirAuthVoteHSDir * option as well.

These are rather blunt instruments to get boostrap working.

The changes in #13718 and (probably) #13929 ensure that testing networks bootstrap in 30s, without using TestingDirAuthVoteExit * or AssumeReachable 1. This provides a comprehensive method of testing network / exit bootstrap.

But it would be great to be able to test Guard/HSDir bootstrap too - perhaps by tweaking some settings in the chutney torrc_templates, or perhaps by fixing the implementation of one or more of tor's Testing... options (i.e. speeding up Guard/HSDir flag assignment in test networks).

#14043 to new defect Medium HTTPS-E next Firefox dev release
Description should be

#14056 IPredator complains that we call time() too much when running over 500Mbps new defect Medium Tor: unspecified

IPredator writes:

We are constantly testing kernel 3.x vs. the latest 2.6, but noticed

that with kernel 3.x beyond 500MBit Tor would spend massive amounts of CPU time on calling time(). On kernel 2.6 we use kernel.vsyscall64=2 which minimizes the impact of constantly doing that. (JavaScript may be required, unfortunately.)

nickm, is this still an issue? This would be possible to simulate using chutney, right?

#14066 SIGHUP: Reloading config and does not reset internal state of accounting new defect Very Low Tor: unspecified

Wrongly configured accounting and sent sighup to reload the config. Reload failed with below messages

Jan 1 08:22:50 NoNameForHost Tor[19880]: Option 'AccountingStart' used more than once; all but the last value will be ignored. Jan 1 08:22:50 NoNameForHost Tor[19880]: You have set AccountingMax to use hibernation. You have also chosen a low DirPort or OrPort. This combination can make Tor stop working when it tries to re-attach the port after a period of hibernation. Please choose a different port or turn off hibernation unless you know this combination will work on your platform. Jan 1 08:22:50 NoNameForHost Tor[19880]: You have set AccountingMax to use hibernation. You have also chosen a low DirPort or OrPort. This combination can make Tor stop working when it tries to re-attach the port after a period of hibernation. Please choose a different port or turn off hibernation unless you know this combination will work on your platform. Jan 1 08:22:50 NoNameForHost Tor[19880]: Caching new entry toranon for toranon Jan 1 08:22:50 NoNameForHost Tor[19880]: Failed to unlink /var/lib/tor/bw_accounting: No such file or directory Jan 1 08:22:50 NoNameForHost Tor[19880]: Configured hibernation. This interval begins at 2015-01-01 10:00:00 and ends at 2015-02-01 10:00:00. We have no prior estimate for bandwidth, so we will start out awake and hibernate when we exhaust our quota. Jan 1 08:22:51 NoNameForHost Tor[19880]: Commencing hibernation. We will wake up at 2015-01-01 10:00:00 local time. Jan 1 08:22:51 NoNameForHost Tor[19880]: Going dormant. Blowing away remaining connections.

Later I commented out accounting and sent sighup to reload the config but it does not reset internal state and keep on logging below messages.

Jan 1 08:23:23 NoNameForHost Tor[19880]: Accounting period ended. This period, we will hibernate until 2015-01-01 04:30:00 UTC Jan 1 08:23:24 NoNameForHost Tor[19880]: Accounting period ended. This period, we will hibernate until 2015-01-01 04:30:00 UTC

I had to restart tor service to properly load config again.

#14069 Please make the default value for browser.tabs.closeWindowWithLastTab "false" instead of "true". new tbb-team defect Medium

As it is currently, many users keep losing their Tor connection due to Tor Browser exiting.

#14074 HTTPS Everywhere Cloudfront rule prevents loading video on new defect Medium HTTPS-E 4 stable

The Cloudfront rule prevents loading of the video player on pages in the section ​ Versions in use: Comodo Dragon version HTTPS Everywhere 2014.11.25 To reproduce: Install HTTPS Everywhere, leave default settings. Browse to a video on PBS website: ​ Actual Results: Video doesn't load, it just shows a blank black square where it should be. Workaround: Disable the 'Cloudfront' rule and the video is available for playing.

#14078 HTTPS Everywhere causes problems on new defect Medium

The Quantcast rule will prevent any videos from playing on The Google Services rule also prevents parts of the site from displaying correctly.

#14089 Google Drive/Docs do not work in Tor Browser new tbb-team defect Medium


Tor Browser 4.0.2 (Firefox 31.3.0) on Mac OS 10.9.5


  1. Open new Tor Browser session.
  2. Navigate to and log in with a valid Google Account.

Expected Result

The page loads without errors. I am able to use the features of Google Drive, such as creating new documents and editing existing documents.

Actual Result

After the page loads, I see an error message, "There were some problems loading your apps" displayed on the page in a red notification box directly underneath the "Search Drive" input field. After some time elapses, this message changes to "Data load timed out."

Beyond these explicit error messages, the site is generally unusable. It is not possible to create new documents because New > New File doesn't list any file types, as it does in a normal browser. It is not possible to edit existing documents - when double-clicked, there is no "Open" button in the subsequent lightbox view of the document, so the document cannot be opened in Google Docs for editing.

In the Browser Console, I note multiple instances of "[01-02 20:25:10] Torbutton NOTE: Removing 3rd party HTTP auth for url [scrubbed]" which seems related to my activity on Google Drive. As I continue to try to use the site, an increasing amount of these errors are logged.

Additional notes

I have been able to reproduce these errors with the following configurations:

  1. Tor Browser with HTTPS-Everywhere disabled
  2. Tor Browser with NoScript disabled
  3. Tor Browser with HTTPS-Everywhere and NoScript disabled

I have been unable to reproduce the errors from the STR in:

  1. Firefox ESR 31.3.0

This suggests that the errors are not due to any of the following:

  1. Bugs in the Firefox ESR that Tor is based on
  2. Lack of support from Google for the older version of Firefox that Tor Browser is based on
  3. HTTPS-Everywhere
  4. NoScript

The messages in the Browser Console suggest that TorButton may be involved.

#14096 enabling https for BootstrapCDN breaks icons( facebook/ tweeter/ feed/ Google+) new defect High HTTPS-E next Firefox dev release

using :

https-E 5.0development.2 firefox 34.0.5 archlinux

example page:


icons near the 'search' bar and under "FOLLOW US"


disabling https for BootstrapCDN( partial)

#14098 TBB still doesn't round windows in some cases new tbb-team defect Medium

I understand TBB does something to reduce the fingerprintability of the browser window size, but apparently it isn't enough as says they've never seen my screen size before. I'm using the latest TBB on the latest debian stable with the dwm window manager.

Could TBB please round the size to a larger interval so that I look like a more typical user? Thanks.

#14118 Holding down SHIFT button while starting Tor Browser starts it in non-Tor mode new tbb-team defect Medium

Holding down SHIFT button while starting Tor Browser starts it in non-Tor mode.

Apparently it's a Firefox kind of a safe mode startup, in which all the extensions, addons and plugins are disabled. Obviously, this will prevent Tor launcher / Tor button to do their job (starting the background Tor process, etc.).

I think this is a 'feature' we could remove, for the sake of every user category. Holding by mistake the SHIFT key down when clicking to start something is not so hard and could accidentally happen. If this 'feature' does not help Tor Browser in any way and it can be removed without breaking something else, we should remove/disable it?

#14120 Akamai ruleset breaks in plaintext HTTP new defect Medium

I get a CSP error when loading steamcommunity urls over HTTP. HTTPS Everywhere has Steam and Steam Community rulesets disabled by default, but Akamai is enabled. Steam's servers send CSP headers for http://akamai when accessed over HTTP, and https://akamai when accessed over HTTPS.

URL tested

Error message

Content Security Policy: The page's settings blocked the loading of a resource at ("script-src 'unsafe-inline' 'unsafe-eval'").


Page works if I enable Steam and Steam Community rulesets.

I am unable to include CSP headers in the ticket description because Trac flags the ticket as spam. If possible, I will include headers in comments.

#14139 Tor browser shares its last search term with other browsers on OSX new tbb-team defect Medium

On OSX, all browsers (tested chrome, firefox, tor, safari) seem to share the content of the last search term of a page search (ctrl-f). So when I do a website search with the Tor browser on OSX and type anything into the text field, that search term is copied over to some kind of search term clipboard that is then used by all my installed browsers (chrome, firefox, tor, safari) as the predefined search term. This does not happen on linux.

The behaviour I would expect is that no information I enter into the Tor browser should leak to other programs on my computer.

#14186 Try to use fchmod() first when changing permissions on an AF_UNIX socket new defect Medium Tor: unspecified

In connection_listener_new() of connection.c, we need to change permissions of an AF_UNIX socket in one case, and on some platforms it doesn't work to use fchmod(), or so a comment claims. It'd be better to avoid the race condition by using fchmod() when possible though.

We should move this to a unix_socket_chmod() function in compat.c, perhaps, which should take a file handle, a path and a mode, and try fchmod() and then fall back to chmod() if it fails.

Point of clarification: if fchmod() fails, will it fail by returning a sensible error code or by silently not modifying the permissions? Should unix_socket_chmod() also fdstat() as needed to check that the mode is correct?

#14197 Reverse lookup on automapped addresses doesn't work new defect Low Tor: unspecified

Possibly, arguably, when we get a request to do a PTR lookup on an address that AutomapHostsOnResolve gave us, we should return the original address.

There's a disabled test for this in my bug7555_v2 branch.

#14199 Tor Browser 4.0.3 can't access a particular site anymore reopened tbb-team defect Medium


I'm using Tor Browser 4.0.2 to access a specific live show that's available only to Spain residents (I happen to be spanish, just living in another country at the moment).

The URL for the show is here :

I have modified my torrc file by adding the following code : ExitNodes {ES} The exit node is now always located in Spain, as confirmed by the attached screen cap :

I believe I was able to access the live streaming at least once or twice after the installation of Tor Browser, about 2 weeks ago.

However, I now consistently obtain the following error message :

It basically says (error code 301) that the streaming video isn't available, but I really believe it is. I've been obtaining the same error for more than 10 days now, and the error isn't specific to the particular live show I'm looking for, but to any program aired by this site.

So, can somebody help me with this ? Is this a bug from Tor Browser ? A new type of protection by the site that detects that I'm not really from Spain and acts accordingly ? Something else ?

Thanks in advance for your help.

#14211 --data-dir argument is not properly recognized. new asn defect Very Low

Summing up the following command does not work:

bin/obfsproxy --log-file=obfsproxy.log --log-min-severity=debug \
  scramblesuit --data-dir=/path/to/data --password=VERYREALPASSWORD \
  --dest= server

The --data-dir if not recognized as a parameter is invoked after the obfuscation protocol.


#14223 END_STREAM_REASON_TIMEOUT blurs together two very different error cases new defect Medium Tor: unspecified

Here's one case where END_STREAM_REASON_TIMEOUT is used (in connection_ap_expire_beginning()):

      if (seconds_since_born >= options->SocksTimeout) {
        log_fn(severity, LD_APP,
            "Tried for %d seconds to get a connection to %s:%d. "
            "Giving up. (%s)",
            conn_state_to_string(CONN_TYPE_AP, base_conn->state));
        connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);

And here's a second case where it is used, in errno_to_stream_end_reason():


That first case is a client-side timeout -- e.g. we didn't get a useful circuit. That second case is an exit-side timeout -- we got a circuit, sent the begin cell, and the exit got a tcp timeout failure making the connection to the destination.

We should be helping the controller distinguish between these two cases.

#14246 Can't book room in Hotel Valencia Center with Tor Browser new tbb-team defect Medium

Go to, click on "Book Now", select a room and click on "Book". Nothing happens apart from highlighting the rooms drop down boxes red for a short time. Tested with Tor Browser 4.5a3 and 4.5-alpha-2 in default mode. This is no problem in Iceweasel.

#14253 Closing a window while importing bookmarks crashes Tor Browser new tbb-team defect Medium

If one closes a window (e.g. the browser console) while bookmarks are imported the browser crashes. This does not only happen with chrome windows. A window opened by a content script causes the same (although that is of not so big concern right now as we open it in a new tab automatically).

This is no genuine Tor Browser bug but is visible in the latest Firefox Nightly as well.

#14264 Vidalia - Patch to improve french translation new defect Medium

Please find below a patch to fix french translation of Vidalia

#14266 Make address mapping conditional on having the particular address mapping types enabled. new defect Low Tor: unspecified

It might be simpler to understanding the logic for address mapping if each type of mapping were conditional on having the right thing enabled. For example:

  • DNS mapping could be conditional on client-side DNS caching (bad idea!) being enabled.
  • Automap mapping could be conditional on AutomapHostsOnResolve being enabled.
  • TrackExit mapping could be conditional on having TrackHostExits being set.
  • MapAddress mappings could be applied only if MapAddress is set.
  • MAPADDRESS mappigns could be applied only if the controller MAPADDRESS command has called.

Would this make the logic more clear?

#14267 We should be smarter about fetching all missing votes new defect Medium Tor: unspecified

If soemthing has gone quite wrong, and we as an authority have no votes, we'll try to fetch every vote from every other authority. That's quite a lot of data! We ran into trouble with this as #14261 , and increased the limit, but the base scenario here isn't so great.

#14269 Imported certificate doesn't works at all new tbb-team defect High

Tor Browser 4.0.3 (but I suspect the problem is more general)

With default settings it is impossible to import CA certificate to the tor browser. In order to import a certificate, I unchecked "Don't record browsing history..." option in "security preferences" of the tor button.

But, the imported certificate will not work and not appear in the certificates list if I check the aforementioned option again. I.e., I need to uncheck the option each time I want to connect to the web site using the imported certificate, then check it back.

#14279 Tor Browser Bundle creates CGBitmapContextCreateImage in Mac OS X needs_information tbb-team defect Medium

At Tor's Q&A page was an error with Firefox reported. It seems that there is no according report, so I copied it over:

A user runs the current version of Tor Browser Bundle (4.0.2 or higher) under Mac OS X 10.10 Yosemite and gets the following error message:

Firefox: CGBitmapContextCreateImage: invalid context 0x0. This is a serious error. This application, or a library it uses, is using an invalid context and is thereby contributing to an overall degradation of system stability and reliability. This notice is a courtesy: please fix this problem. It will become a fatal error in an upcoming update

The original questions appeared at

#14317 TuneIn media control isn't working properly with default ruleset new defect Low

Problem: If you listen to a web radio on (which isn't HTTPS by default), you'll be unable to pause, or control the audio level.

Solution: Disabling Cloudfront from the stable rules seems to fix the issue, but it seems we might need a exception for rule on until they add proper HTTPS support.

I'd do it myself, but I'm not familiar enough with the process yet.


#14322 torsocks fails to wrap setcap binaries accepted dgoulet defect Medium

the Linux 'capabilities' library for allowing non-root users to perform tasks which normally require elevated privileges.

at present the torsocks wrappers have checked for setuid and setgid flags on the binaries it executes and failed closed, throwing an error if this occurs, however there is currently no check to see if the binaries have capabilities applied.

in the case where they do, the LD_PRELOAD set by torsocks is stripped and the program will execute with no warning and without the torsocks wrapper.

as an example of this, the current 'ping' command on my Linux is setcap:

$ getcap which ping /usr/bin/ping = cap_net_raw+ep $ torsocks ping -c 1 PING ( 56(84) bytes of data. 64 bytes from icmp_seq=1 ttl=50 time=38.1 ms

the install script which does setcap
setuid here:

#14332 Use new string formatting interface needs_revision cypherpunks defect Medium

The Python documentation mentions issues with printf-style string formatting and recommends the new str.format() interface [0]. The new interface is used in some parts but not everywhere. The attached patch fixes this by using the new interface where printf-style is currently used.

Additionally, it solves several bugs in lib/chutney/ caused by the printf-style separator (%) being outside of the print(). The bugs result in Chutney crashing when tor or tor-gencert is not in PATH and not specified through the environment variables.


#14337 Tabs Not All Shown in Normal View - no button to list rest needs_information tbb-team defect Medium

Firefox ESR - 31.4.0 - Tor Browser 4.0.3

In normal firefox view only about 1/2 of my tabs are displayed due to the width of the form. In maximized view all tabs are displayed.

In normal view a button should exist to the right of the toolbar which when clicked displays the not visible tabs in a list. This is missing.

See two attached graphics

#14354 Improve torflow engineering quality and deployment procedure new defect High Tor: unspecified

This ticket used to be about improving all dirauth scripts, but now it's specific to torflow.

From talking to Sebastian and weasel, it seems to me that dirauth operators are having trouble sysadmining all these little dirauth scripts. Furthermore, many of the dirauth operators are not even running scripts like bw measurement, because of the pain of setting them up and supporting them.

With #9321 introducing another script, and with #8244 requiring yet another script. And with the peerflow system that might replace the bw auths, it seems that we will need to find a solution to this problem. Otherwise, only 1-2 dirauth ops (that are also Tor devs) will run each script, which is not good.

Unfortunately, I don't have a very good solution to propose here.

The obviously bad idea would be to bake all these scripts into little-t-tor. But this scales terribly, and we all have hopes for making Tor more modular and this will just be a step backwards.

Another idea that is still not very good but maybe more implementable, is to revisit all these scripts and make them work with minimal setup effort. Then make debian packages that auto-work for all of them (or just a big meta-package), and ask dirauth operators to install them. Then assign someone to be the maintainer of all those scripts so that they take care of them when they break or when dirauth ops need help. However, it's unclear how many of these scripts can just auto-work without manual setup or how much Debian hackery that would involve, or whether all dirauth ops use APT-based systems.

At the same time we could make it more clear which dirauths are running which scripts, so that we can incorporate it as part of consensus health and warn dirauths ops that are not running certain scripts or have not updated them. Also, the "make Tor architecture more modular" giga-project might help here, since we could define a custom interface for all these scripts, and make it easier to plug them in Tor without torrc hacks. Also, maybe simply having a nice wiki page with all the current scripts and good INSTALL instructions might actually be effective.

What else could we do here that would make dirauths more happy?

#14382 Enable stream isolation new defect Medium

Unless anything speaks against this, both IsolateDestAddr and IsolateDestPort should be enabled for Tor Messenger's SocksPort.

#14389 Improve TBB UI of hidden service client authorization needs_revision tbb-team defect Medium

The current hidden service spec allows clients to authenticate themselves using auth-cookies. The future proposal 224 will allow clients to authenticate using username/password or pubkey.

Currently users have to edit their torrc and add HidServAuth lines for the hidden services that require authorization. In the future, it would be nicer if TBB had an interface for users to type in their authorization credentials.

Tor knows whether an HS needs authorization, because the intro list is encrypted. Tor would have to somehow transfer this knowledge to TBB, so that the browser can present a nice UI that the user can fill on the go.

Furthermore, with the future username/password authorization and this UI improvement, it won't be necessary for people to write on their torrc which hidden services they visit and what's their auth-cookie.

This is a ticket about finding out what mods need to happen in little-t-tor, and coordinating the development of this feature.

#14390 Browser configuration fingerprinting new tbb-team defect High

This Mozilla bug describes a fingerprinting vector we should care about:

As that bug is currently embargoed, we probably shouldn't discuss too much here. I wanted a ticket in our tracker so we don't forget about it, especially since it's not clear how fast Mozilla will move on a fix.

#14393 Users may be confused by relocated directories new tbb-team defect Medium

The fact that we set $HOME to the Tor Browser folder for most platforms may be confusing to users. The download and open dialogs default to weird locations for the user's Documents, Desktop, home, and Download folders. I wonder if we can fix this without letting Tor Browser otherwise leak outside its directory.

#14425 Orbot not working after upgrade to Lollipop new n8fr8 defect Medium

I was using Orbot on my HTC One (M7) running a custom ROM,Android KitKat,fully rooted and had no issues. I've recently upgraded the same ROM to its newest version which is Lollipop. Orbot now will not start. I have the latest Play Store version of the App. I copied the log details: Orbot is starting… Orbot is starting… Waiting for control port... tor: PRE: Is binary exec? true polipo: PRE: Is binary exec? true obfsclient: PRE: Is binary exec? true xtables: PRE: Is binary exec? true Orbot is starting… Orbot is starting… updating torrc custom configuration... success. Orbot is starting… Tor (1): error: only position independent executables (PIE) are supported.

Unable to start Tor: java.lang.Exception: Torrc config did not verify

#14429 Automated rounding of content window dimensions needs_revision arthuredelstein defect Medium

I've written a small patch for torbutton that forces the content ("gBrowser") to have dimensions be a multiple of 200x200. In other words, window.innerWidth and window.innerHeight, and similar calls, always return a rounded number.

This should at least provide some protection to users who resize or maximize their Tor Browser window with JS activated.

I haven't dealt with the zooming issue here, but that would be an interesting next step.

#14445 LiveJournal (partial) reopened defect Medium

expand link in comments not work. example https everywhere 4.0.3

#14446 Samsung (partial) reopened defect Medium

yandex.maps no loading. example https everywhere 4.0.3

#14452 Failed to build Tor Browser Bundle with gitian new tbb-team defect Medium

The build fails in stage 3:

****** Starting TorBrowser Component of Linux Bundle (3/5 for Linux) ******

Running build script (log in var/build.log)
./bin/gbuild:21:in `system!': failed to run on-target setarch i386 bash -x < var/build-script > var/build.log 2>&1 (RuntimeError)
	from ./bin/gbuild:122:in `build_one_configuration'
	from ./bin/gbuild:224
	from ./bin/gbuild:219:in `each'
	from ./bin/gbuild:219
	from ./bin/gbuild:217:in `each'
	from ./bin/gbuild:217
make: *** [build] Error 1

Several restarts have not proceeded beyond this point. Checking build.log within the gitian-builder/var folder, we find at the end:

+ cp -p 'obj-*/modules/libmar/tool/signmar' /home/ubuntu/build/mar-tools/
cp: cannot stat `obj-*/modules/libmar/tool/signmar': No such file or directory

It looks like signmar is missing. Any help is appreciated.

#14466 HTTPS Everwhere prevents Firefox 35.0 from loading tabs at startup new defect Medium

Starting with Firefox 35.0, not all my tabs are loaded at startup. I have two tabs - a home tab ( and a pinned tab ( When I start FF 35.0, one or both tabs will not be automatically loaded/populated (the tabs are there, the content is empty). If I disable HTTPS Everywhere, the problem goes away. I never had this problem with FF 34.0 or earlier.

#14520 Update arrow makes Tor Browser version not fully readable in RTL locales new tbb-team defect Low

If the arrow on the about:tor page is showing up indicating that your Tor Browser is out-of-date then it makes the Tor Browser version not fully readable in RTL locales. See the attacked screenshot. We should probably move the version information to the left side in these locales.

#14569 Download-Easy page don't make other languages obvious accepted saint defect Medium website redesign

dcf and mrphs brought up that the language select section is really small when not using javascript -- most people probably scroll right past it. In tutorials, people are using English-language screenshots, which is kind of interesting.

Proposed fix is to increase the font size to 1.1em. Long-term, it would be great to remove all javascript from these pages.

#14579 Clients cannot use multiple transports with a single bridge new defect Medium Tor: unspecified

(note, this bug is unverified)

It seems that when a client adds more than one of a bridge's pluggable transport as its bridges, it only ever uses the address and port of the first transport it adds. Therefore, in the current situation, it appears if the first PT is disabled on the server-side (or the connection is blocked on the wire, or connections timeout for whatever reason) and the client attempts to use the second transport, it will try to establish the connection using the ip address and port number of the first transport. It may try connecting using the correct transport, but it'll probably connect to the wrong place.

Specifically, all the transports are added to the bridge list, but we only use the information from the first bridge in the list with a given ID and ignore the rest.

From learned_bridge_descriptor()

    /* Choose the first bridge which either has an ID which matches
     * this routerinfo or the same address and orport if we don't
     * know the ID */
    bridge_info_t *bridge = get_configured_bridge_by_routerinfo(ri);
    time_t now = time(NULL);
    router_set_status(ri->cache_info.identity_digest, 1);

    if (bridge) { /* if we actually want to use this one */
      node_t *node;
      /* it's here; schedule its re-fetch for a long time from now. */
      if (!from_cache)

      /* get a *node_t for this bridge, based on its ID */
      node = node_get_mutable_by_id(ri->cache_info.identity_digest);
      /* Fill in the node_t using the details of the bridge we
       * retrieved above - the first bridge in the list
      rewrite_node_address_for_bridge(bridge, node);

Then, we choose which entry node we want to use, in onion_extend_cpath(), where choose_good_entry_server() returns the *node_t representing the entry guard/bridge we should use, which it gets by ID:

    const node_t *r = choose_good_entry_server(purpose, state);
    if (r) {
      /* If we're a client, use the preferred address rather than the
         primary address, for potentially connecting to an IPv6 OR
         port. */
      info = extend_info_from_node(r, server_mode(get_options()) == 0);

from populate_live_entry_guards()

  SMARTLIST_FOREACH_BEGIN(all_entry_guards, const entry_guard_t *, entry) {
      const char *msg;
      node = entry_is_live(entry, entry_flags, &msg);

and finally, in extend_info_from_node() where we use the address and port defined in the *node_t:

  if (for_direct_connect)
    node_get_pref_orport(node, &ap);
    node_get_prim_orport(node, &ap);

  log_debug(LD_CIRC, "using %s for %s",
            fmt_addrport(&ap.addr, ap.port),
            node->ri ? node->ri->nickname : node->rs->nickname);

  if (node->ri)
    return extend_info_new(node->ri->nickname,
#14581 Looking up bridge by ID may choose the wrong bridge new defect High Tor: unspecified

As mentioned by arma in #14216 comment 3.

Basically, whenever we try to look up a bridge by ID we may not choose the one we want. If we configured multiple pluggable transports for the same bridge, each PT will be associated with the same ID. We usually stop searching when we find a matching ID in the list, but the first match may not be the transport we wanted.

As an example, node_is_a_configured_bridge():

node_is_a_configured_bridge(const node_t *node)
  int retval = 0;
  smartlist_t *orports = node_get_all_orports(node);
  retval = get_configured_bridge_by_orports_digest(node->identity,
                                                   orports) != NULL;

calls get_configured_bridge_by_orports_digest()

static bridge_info_t *
get_configured_bridge_by_orports_digest(const char *digest,
                                        const smartlist_t *orports)
  if (!bridge_list)
    return NULL;
  SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, bridge)
      if (tor_digest_is_zero(bridge->identity)) {
        SMARTLIST_FOREACH_BEGIN(orports, tor_addr_port_t *, ap)
            if (tor_addr_compare(&bridge->addr, &ap->addr, CMP_EXACT) == 0 &&
                bridge->port == ap->port)
              return bridge;
      if (digest && tor_memeq(bridge->identity, digest, DIGEST_LEN))
        return bridge;
#14633 Default NoScript settings says "Allow Scripts Globally" is "dangerous" new tbb-team defect Medium

This is confusing to users, as observed in the UX sprint. Should we change the message here? On the other hand, JavaScript is dangerous!

#14686 Consolidate or de-emphasize our many download pages assigned cypherpunks defect High WebsiteV3

During the UX Sprint, several of the users found alternate download pages other than download-easy, and became confused. If you search for Tor, download Tor, or Tor Browser, you get one of the following links:

Each of these has a different flow for downloading Tor Browser, and all but download-easy caused users to stop and become confused. I personally think should simply redirect to download-easy, and the page should remove the matrix and either behave like download-easy, or its download button should take the user to download-easy.

We will still need some place to put installation instructions, and the alpha downloads, but those should be broken off into different pages that replace the outdated mess in

#14687 Test different backgrounds for DMG install new tbb-team defect Medium

At the UX sprint, one of the users didn't seem to understand that the arrow in our DMG background meant to drag the app into /Applications and then hit #14630. Mrphs pointed out that we might A/B test some versions of the background that were more suggestive, such as the one that Adium uses:

#14689 Tor4.02 BookmarksBackup-Resolved-CraigslistBlocksTor reopened boklm defect Medium

Resolved in Tor 4.02 Craigslist Blacklists Tor 2.2.15

#14714 bws-*-done-* files contain only two lines new defect Medium

All the "done" files from my bwauth contain only two lines, "slicenum=<number>" and timestamp.

$ find data -name bws-\*-done-\* | wc -l
$ find data -name bws-\*-done-\* -exec sh -c "wc -l {} | cut -d \  -f 1 | egrep -v 2" \; 
#14715 Change the default for automaphostsonresolve to be on-by-default? new defect Medium Tor: unspecified

#14450 is a case of a user running into an issue that would be fixed with automaphostsonresolve. Is there a good reason to not have this enabled by default? Possibly good reasons include that it's not standards-conformant, tho with .onion being recognized as a special tld maybe this would even fall into the realm of possibility.

#14744 Automate upload of latest Tor Browser to cloud services reopened ilv defect High

Currently, to have the latest Tor Browser version delivered is necessary to manually upload the files every time a new version of Tor Browser is released. This could easily be automated thanks to RecommendedTBBVersions. This will help to avoid the deliver of old Tor Browser versions (see #12502). A preliminary script for this can be found here.

#14754 set up a VM for generic dynamic web stuff new weasel defect Medium

sebastian wants one. we can also move statusbot to it.

#14762 Redesign how we inform the user of the risks of running ooniprobe and get informed consent from them new hellais defect Medium

This is a topic that has been widely discussed on the ooni-dev mailing list: as well as on other more specific mailing lists that deal with ethics of network measurements.

Dan O'Huiginn has written a draft of proposed improvements to the ooniprobe README document and warning message when running the software ( that I quote here:


WARNING: Running OONI may be illegal in your country, or forbidden by
your ISP. By running OONI you will connect to web services which may be
banned, and use web censorship circumvention methods such as Tor. The
OONI project will publish data submitted by probes, possibly including
your IP address or other identifying information. In addition, your use
of OONI will be clear to anybody who has access to your computer, and to
anybody who can monitor your internet connection (such as your employer,
ISP or government).

[link to long version]



OONI does several things which may be illegal in your country, and/or
banned by your ISP.

OONI's http test will download data from controversial websites,
specifically targeting those which may be censored in your country.
These may include, for example, sites containing pornography or hate
speech. You can find a list of sites checked at

Even where these sites are not blocked, it may be illegal to access
them. It may also be illegal to bypass censorship, as OONI attempts by
using Tor.

In the most extreme case, any form of network monitoring could be
illegal or banned, or even considered a form of espionage.

[Include link to some resource on relevant laws globally. Someone like
the EFF must have one of these; does anybody have a link?]


about your internet connection to the whole world. Particular groups,
such as your ISP and web services used by the ooni tests, will be able
to discover even more detailed information about you.

THE PUBLIC will be able to see the information collected by OONIprobe.
This will definitely include your approximate location, the network
(ASN) you are connecting from, and when you ran ooniprobe. Other
identifying information, such as your IP address, is not deliberately
collected, but may be included in HTTP headers or other metadata. The
full page content downloaded by OONI could potentially include further
information, for example if a website includes tracking codes or custom
content based on your network location.

You can see what information OONI releases to the public at You should expect this information
to remain online PERMANENTLY. [include details of retention policy, once
we have one]

THE OONI PROJECT will also be able to see your IP address [What other
info do we get?]

all web traffic generated by OONI, including your IP address, and will
likely be able to link it to you personally. These organizations might
include your government, your ISP, and your employer.

ANYBODY WITH ACCESS TO YOUR COMPUTER, now or in the future, may be able
to detect that you have installed or run ooni

SERVICES CONNECTED TO BY OONI will be able to see your IP address, and
may be able to detect that you are using OONI

I suggest we use this as a starting point and discuss additions, improvements etc. on this via this ticket.

#14763 Stochastic Guard Flag new defect Medium Tor: unspecified

Stochastic Guard Flag symptom and the subsequent interruption of optimal contribution to the network.

Tracking issue with some relays in family randomly losing Guard in consensus, and experiencing other low bandwidth situations sporadically.

# Not affected (always Guard once Guard):

  • Mozilla14 , ,
  • Mozilla4 , ,

# Randomish Guard loss affected:

  • Mozilla13 , ,
  • Mozilla12 , ,
  • Mozilla11 , ,
  • Mozilla10 , ,
  • Mozilla9 , ,
  • Mozilla6 , ,
  • Mozilla5 , ,
  • Mozilla2 , ,

Note about traffic graphs when not-Guard: the middle relays appear to be handling plenty of capacity; some delta between usage in Guard or not is based on this type difference. Consider mean consensus weight fraction along with guard / middle probabilities.

Will update once consensus history is reviewed in detail for the period in question...

#14795 Windows Environmental Variables not usable in Profiles.ini when deploying tor browser across a domain needs_information tbb-team defect Medium

We run a domain and tor.exe as nt services on the DC's. We are trying to deploy torbrowser, by request of users, for its privacy features. I setup a default profile to deploy to the user's roaming profiles and torbrowser's profiles.ini ( in %ProgramFiles(X86)% ) is set to look for them in "Path=%Appdata%\TB\Profile" (Profiles.ini config). However, torbrowser refuses to litigate environmental variables of the domain ( %variable%).

For security, our users cannot run .exe's on the domain that are not installed in either of the Program Files locations or the windows directory; we must deploy it this way, which is also the corrrect way, per MCSE and RFC's.

Firefox has no problem doing this, which we have had deployed the same for years. I am even giving current users an option to COPY their firefox profile as their torbrowser profile instead of copying from the Domain's Skeleton where I have put a default torbrowser profile.

Of course, since we have tor running on port 1080 of the DC's and have configured load balancing and the default profile to use it, I removed tor launcher from tor browser; It's just the browser that they're running as their username. It would be unwise and ridiculous to have 10,000 tor.exe's running, one for each logged in user.

I even setup the tor's to utilize our ipv6 native network, which the clients running tor.exe wouldn't be able to do if we allowed tor.exe to run on the workstations.

#14799 Make failure to create extrainfo an error? reopened defect Low Tor: unspecified

Currently, we warn with LD_BUG if we couldn't create extrainfo, but we still upload the server descriptor. Can't we warn a bit more loudly and not upload the server descriptor or even assert that we can generate extrainfo?

#14801 "EXCLUDE Nodes" is not respected in Orbot needs_information n8fr8 defect Medium

I've entered FiveEyes in Exlude Nodes and yet it still connects me to them. At first I thought it's just relay nodes. But just now, I was connected to a path with an Exit Node in one of them!

I input countries as: US, UK, NZ, CA, AU,

And I also tried with and without "Strict Nodes" option.

Orbot: 14.1.4-noPIE (Tor: Android: 4.4.4 Nexus 5, stock rooted Downloaded Orbot from F-Droid

#14827 Tor controller command to write its file to disk new defect Medium Tor: unspecified

atagar wants that for the tests.

#14828 Multiple hidden services can share a pk_digest/service_id. needs_revision twim defect Very Low Tor: unspecified

This may be a duplicate, it's past my bed time, so I don't have time to check.

The current rendservice code's duplication check doesn't enforce uniqueness of pk_digest and service_id. It probably should do so for both things, since I can't think of a reason why this would ever be well defined, or desirable behavior.

The trivial fix would be to add a pair of checks to rendservice.c:rend_service_load_keys(s), that log on LD_CONFIG, and return an error if a collision is detected.

#14854 Document the hardlimit of HiddenServiceAuthorizeClient basic new defect Medium Tor: unspecified

I ran some tests on HiddenServiceAuthorizeClient basic auth-type and found that it stopped working when I created 49 or more clients. I started with 10 clients and kept adding 10 more at a time. When I had 39 clients, the hidden service worked, but when I added 10 more, the hostname and client_keys were generated as expected, but hidden service stopped working for all of the clients.

HiddenServiceDir /var/lib/tor/test_public/ # tlxnxx74fpmkw2qh.onion HiddenServicePort 80 HiddenServiceAuthorizeClient basic \ tlx_cl01, \ tlx_cl02, \ tlx_cl03, \ ... tlx_cl47, \ tlx_cl48, \ tlx_cl49

According to the man page and the specs, the stealth mode doesn't work for more than 16 clients, but implied that the basic mode should work.

#14883 Orbot handshake fails on networks with Blue Coat Systems' technology new n8fr8 defect Medium

Bootstrapping fails at 85%.

#14900 To link connections only if they ready reopened defect Medium Tor: unspecified

connection_exit_connect_dir and connection_ap_make_link creates linked pair for connections that can be freed before connection_unlink thus invalidates linked_conn.

  connection_link_connections(partner, base_conn);

  if (connection_add(base_conn) < 0) { /* no space, forget it */
    return NULL;
  connection_link_connections(TO_CONN(dirconn), TO_CONN(exitconn));

  if (connection_add(TO_CONN(exitconn))<0) {
    connection_edge_end(exitconn, END_STREAM_REASON_RESOURCELIMIT);
    return 0;

  /* link exitconn to circ, now that we know we can use it. */
  exitconn->next_stream = circ->n_streams;
  circ->n_streams = exitconn;

  if (connection_add(TO_CONN(dirconn))<0) {
    connection_edge_end(exitconn, END_STREAM_REASON_RESOURCELIMIT);
    return 0;

If connection_add fails then linked_conn from another connection is broken. (currently it can to fail only if BUFFEREVENTS used by code)

#14921 Investigate whether we sometimes remove all predicted ports at startup new defect Medium Tor: unspecified

If we have no good exits when we call choose_good_exit_server_general(), it appears we will remove all the predicted ports immediately. Can this happen?

Hypothesized while investigating #14918

#14923 Tor Launcher should have accessibility support. needs_information brade defect Medium

A couple of users with poor sight complained that Tor Launcher doesn't support voice-over software which can be a problem.

#14924 Warn users before they install any addons new tbb-team defect Medium

In, we warn people against installing additional addons or plugins. We should also throw up a similarly detailed warning when users navigate to the Addons pane, or try to install an addon from elsewhere.

In fact, I believe we already do throw up the generic warning, because we removed as a trusted addon source. So perhaps we just need to change the text.

#14936 about:license should show be adapted for Tor Browser new tbb-team defect Medium

Right now it is unchanged from the Mozilla Firefox version

#14939 Support ipv6 addresses in Tor Circuit DIsplay new tbb-team defect Medium

Bridges and other nodes may have ipv6 addresses, and we need to fix the tor circuit display so that it handles these correctly.

#14941 Localize the Tor Browser about dialog properly new tbb-team defect Medium

With #5698 landing we have "based on" unlocalized in the about dialog which we should change.

#14946 NullPointerException when Requesting Hidden Service needs_review n8fr8 defect Medium

Currently, a NullpointerException is raised when requesting a hidden service form another app through an intent. The attached patch should fix this.

#14947 Torbrowser 4.0.3 lacks required "user_pref" preferences of TorButton on fresh extension's installation. new tbb-team defect Low

This may be hard to reproduce but start tor browser with a blank profile, an EMPTY folder and run "firefox.exe -p" to create it, copying the "extensions" folder to that profile from the tor browser bundle "tor browser\data\browser\profile.default\extensions..." so that it adds https-everywhere, noscript, and torbutton back in the profile.

When torbutton installs itself, it doesn't add the following settings as user_pref's:

  • extensions.torbutton.socks_remote_dns [true/false]
  • extensions.torbutton.saved.socks_remote_dns [true/false]
  • extensions.torbutton.custom.socks_remote_dns [true/false]
  • extensions.torbutton.custom.socks_version [4/5]
  • extensions.torbutton.socks_version", [4/5]
  • (extensions.torbutton.saved.socks_version does get installed)

I understand the reason these settings may not be there at first is because no one has configured torbutton to have any "custom" settings; however, when someone does specify custom custom proxies in tor button, they don't get put there at that time either.

These settings should be put in torbrowser when torbutton installs/reinstalls itself; they can even be left set as NULL until they are configured/used by tor button.

By not doing so, it can cause torbrowser (firefox.exe itself) to panic and have a hard time making connections in ssl, specifically, and cause these SSL connections to time out. It will also cause connections in standard http to crawl while causing torbutton to not have control of the connection settings in tor browser without hitting "restore defaults" in torbutton. 

As said, for testing, there are no other extensions than noscript,torbutton, and https-everywhere. Flash was set to "always ask" (thus diabling option in torbutton to 'disable Plugins') along with private mode (first option in torbutton preferences) NOT being enabled. Other than setting custom proxies in torbutton, not one other setting is changed from default in tor brower or tor button.

Torbutton settings are set to redundantly use either one of the five running tor NT services remotely over the lan on the domain controller, automatically load balanced by the domain contollers. Whether or not the client work stations utilize tor brower, they all use tor for tunneling recursive lookups to the root nameservers. Tor's dns server function are listening on port 153 and forwarded queries by the real dns server for the domain.

I understand this is not how people normally use tor browser, having a clean profile instead of using the one that comes with tor browser bundle and accessing tor's client services over the lan, not running tor.exe locally; however, this is for RFC whitepaper purposes for deploying tor browser over a domain. You always make it uniform for deployment to work in the scenarios you don't expect it to; I already have another ticket open for tor browser itself not wanting to parse windows variables, in order to deploy this over the windows domain.

So, all it takes for this bug is someone creating a new profile using torbrowser in their windows user profile (once we hopefully get the other bug fixed to allow the use of "%profile%" in the profiles.ini path) and our domain controller copying a $h/preferences/extension_overrides.js from our default skeleton (so that they will be able to use our tor services), along with the 3 default extensions to $h/extensions. Then, because preferences torbutton looks for to modify and then copy over to torbrowser's preferences are missing, those preferences of torbrowser don't get created and, thus, seem to cause torbrowser to have intermittent connection problems.

When first starting torbrowser and configuring it as described above (and attached below), it won't resolv dns. When you clear cache and restart it to try to remedy any issues with cache, it resolves dns but now takes a while, along with crawling connections, even when the connection is set in tor button/firefox OR the proxy server to bypass tor for that specific domain (i.e. lan web server).

Fixing this should be as simple as making tor button install the settings defined above and, as said, they can even be set to null or anything you like, just as long as they're there.

#14957 Clients wait for an extra consensus before learning the correct UseGuardFraction value new defect Medium Tor: unspecified

When clients parse the consensus, they decide whether to register any guardfraction information included based on the value of the UseGuardFraction consensus parameter. The problem is that the decision is taken in the middle of consensus parsing, but in should_apply_guardfraction() we wrongly use networkstatus_get_param(NULL, "UseGuardFraction",..." to decide whether the parameter is on or off. In that case networkstatus_get_param() will check the old consensus, and not the one that we are currently parsing and is still in unfinished state.

comment:52:ticket:9321 includes some possible fixes.

Another possible fix would be to always register guardfraction information found in the consensus. But instead check during path building time whether we should use it or not. So instead of having should_apply_guardfraction() we would have should_consider_guardfraction() or should_use_guardfraction().

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Note: See TracQuery for help on using queries.