Custom Query (4459 matches)


Show under each result:

Results (901 - 1000 of 4459)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Ticket Summary Status Owner Type Priority Milestone
#11214 Gmail talkgadget/hangouts/chat infinite loop new tbb-team defect Medium

Version: Tor Browser Bundle *please relocate to appropriate thread if incorrect*

Gmail allows for two types of chat: by default, hangouts, and by choice, legacy chat. These operate in a frame on the lower left of Gmail. Legacy chat works, but reverting to legacy chat from hangouts is impossible from Tor Browser Bundle, where an infinite loop interferes.

  1. Gmail load attempted with restrictive NoScript settings. Options appear: loosen restrictions, or use HTML only.
  2. is whitelisted in NoScript, as well as (optionally) some of the following domains:
  3. Page is reloaded. The following error message appears in the lower left chat frame: "Something's not right. We're having trouble connecting to Google. We'll keep trying...\n This may be caused by network or proxy issues. <a href="">Learn more</a>.
  4. is whitelisted in NoScript, as recommended on the linked support page. Gmail is refreshed.

Infinite loop:

  1. Hangouts loads, with contact list visible. Within seconds, it disappears and is replaced with a Sign In button.
  2. The Sign In button is clicked. A pop-up appears with a log-in page from domain Password is entered; user signs in. Page declares success, instructs user to close pop-up and refresh Gmail.
  3. Go to step 5.

This bug prevents users from being able to use Google chat at all, since reverting to legacy chat requires accessing the main menu in talkgadget/hangouts.

Tried many combinations of NoScript whitelists. None works.

#11222 Inform user if reachable bridges drop below a configurable fraction/number new brade defect High

It would be very useful for a number of reasons if Tor Launcher could pop up some kind of alert if some fraction of their bridges become unusable (ie when less than 50% are reachable, or perhaps less than min(33%,1)).

In that case, it should instruct the user to obtain more bridges, and give them instructions and/or a bridgedb link specific to their PT type (ie

The primary motivation for altering the user is that if bridges either go down or get blocked, it will be far easier for the user to obtain more if the user still has at least one working bridge to work with (to connect to gmail or visit a link).

One way to do this might be to use the control port command 'GETINFO entry-guards" on a timer, but an event-based approach using the "GUARD" event could also work (but would require substantially more bookkeeping and may be error prone in the face of GUARD event state transition oddities).

Tor Launcher probably should also not issue the warning if all bridges become unreachable at once, and/or if Tor detects a cease in network activity (which does not seem to be directly exported to the control port at this point :/). We don't want to alert the user every time they walk out of range from a wifi hotspot or similar situation.

This option also should not be active if the user is not using bridges.

#11233 Bug: We're writing a text string that already contains a CR. needs_information defect Medium Tor: 0.2.???

[Tue Mar 18 04:10:56 2014] Tor Software Error - The Tor software encountered an internal bug. Please report the following error message to the Tor developers at "write_str_to_file(): Bug: We're writing a text string that already contains a CR. "

#11245 Orbot bootstraped problem new n8fr8 defect Medium

On my un rooted samsung galaxy note 10.1 Orbot only gets to bootstrapped 25%.

My system information: Android version: 4.1.2 Model Number: GT - N8010


Orbot is starting… Orbot is starting… Tor binary exists: /data/data/ Privoxy binary exists: /data/data/ Obfsproxy binary exists: /data/data/ Xtables binary exists: /data/data/ link RM err=0 out: link LN err=0 out: PRE: Is binary exec? true (re)Setting permission on binary: /data/data/ POST: Is binary exec? true tor: PRE: Is binary exec? true (re)Setting permission on binary: /data/data/ tor: POST: Is binary exec? true PRE: Is binary exec? true (re)Setting permission on binary: /data/data/ POST: Is binary exec? true PRE: Is binary exec? true (re)Setting permission on binary: /data/data/ POST: Is binary exec? true PRE: Is binary exec? true (re)Setting permission on binary: /data/data/ POST: Is binary exec? true Orbot is starting… got tor proc id: 21351 Tor process id=21351 Connecting to control port: 9051 SUCCESS connected to control port SUCCESS authenticated to control port Starting Tor client… complete. adding control port event handler SUCCESS added control port event handler updating settings in Tor service Starting privoxy process /data/data/ /data/data/ & orConnStatus (madiba): LAUNCHED NOTICE: Bootstrapped 10%: Finishing handshake with directory server. Privoxy is running on port:8118 Privoxy process id=21371

NOTICE: Bootstrapped 15%: Establishing an encrypted directory connection. orConnStatus (itpol2): CONNECTED

orConnStatus (madiba): CONNECTED

NOTICE: Bootstrapped 20%: Asking for networkstatus consensus. Circuit (1) BUILT: itpol2

NOTICE: I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.

Circuit (2) BUILT: madiba

NOTICE: Bootstrapped 25%: Loading networkstatus consensus.

Circuit (2) CLOSED: madiba

NOTICE: I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.

#11254 Tor Browser bundle v3.5 fails to clean up cancelled downloads in Temp folder new tbb-team defect High
  1. Run TBB v3.5.3
  2. Click on a link to download an archive or any file type not natively handled by the browser
  3. Wait for the download to complete
  4. Observe that <random>.ext.part file is created containing entire file contents in the system's %temp% folder.
  5. In the Open/Save dialog box click Cancel.
  6. Observe that the temp-created file is not removed.
  7. Close Firefox/TBB.
  8. Observe that the temp-created file is not removed.

Firefox 28's Private Mode does not have this bug. I observed this bug in TBB v2.x as well.

#11258 Toggling permissions.memory_only causes crash of Tor Browser new tbb-team defect High

While investigating #9531 I run into an other reason for crashing when hitting New Identity:

WARNING: NS_ENSURE_TRUE(asyncCloseWasCalled) failed: file /home/firefox/tor-browser/storage/src/mozStorageConnection.cpp, line 943
Assertion failure: !mAsyncExecutionThread, at /home/firefox/tor-browser/storage/src/mozStorageConnection.cpp:415

Program ./Browser/firefox (pid = 30485) received signal 11.

Commenting out the code toggling "permissions.memory_only" seems to help.

#11264 Relay has Exit flag but short policy says reject *? needs_revision defect Medium Tor: 0.2.???

its short exit policy is reject *:*

but check out its actual exit policy

and it has the Exit flag

This seems like a contradiction, yes?

#11267 Short user manual on mirror sites redirect back to TPO new lunar defect Medium

On mirror site, open

When clicking Chinese, TPO link will open:, which means users can't access the short user manual when they can't connect Tor network and TPO is blocked.

The link should be, and all short user manuals on mirror sites are out of date.

BTW, where is the user manual (help documentation) which included in Vidalia? If users can't find one to help themselve, I believe, help@tpo will get more tickets.

#11277 Bug creating hidden service with vidalia new defect Medium

Tor exited when I created a new hidden service using vidalia 0.2.21. I guess I typed a non existent directory as I read in the log, permission denied. I appologise for my eanglish.

[Sun Mar 23 03:53:28 2014] Tor Software Error - The Tor software encountered an internal bug. Please report the following error message to the Tor developers at "set_options(): Bug: Acting on config options left us in a broken state. Dying. "

Mar 23 03:53:28.825 [Warning] Error creating directory /var/tor/tornado: Permission denied Mar 23 03:53:28.825 [Warning] Error loading rendezvous service keys Mar 23 03:53:28.902 [Error] set_options(): Bug: Acting on config options left us in a broken state. Dying. Mar 23 03:54:39.128 [Notice] Tor v0.2.4.21 (git-c5a648cc6f218339) running on Linux with Libevent 1.4.13-stable and OpenSSL 0.9.8k. Mar 23 03:54:39.128 [Notice] Tor can't help you if you use it wrong! Learn how to be safe at Mar 23 03:54:39.128 [Notice] Read configuration file "/etc/tor/torrc". Mar 23 03:54:39.147 [Notice] Opening Socks listener on

#11293 Users are not able to log into new tbb-team defect Medium

Quoting Lunar From the original bug entry (#10569):

The user told me they were unable to login. They got an error message mentioning a bad cookie. I told them to deactivate Private Browsing Mode and then they were successfully able to login.

I unfortunately don't have credentials for that site.
#11294 Users are not able to log into new tbb-team defect Medium

There are reports that users are not able to log into (see #10569 for some comments).

#11295 Users cannot log into LycosMail new tbb-team defect Medium

We got a report that logging into LycosMail is not working:

#11301 Tor does not reconnect after network loss with guards used as bridges new nickm defect High Tor: unspecified

Yawning and I have both noticed that tor can become unresponsive if either normal tor bridges or PT bridges are configured, and the client suffers a network connectivity loss. After sustained network connectivity loss, all of the orconns end up closed, and Tor will not try to reconnect to its bridges, even when new stream attempts arrive.

It is possible that Tor is simply marking all of its bridges down in this case, and is not trying to reconnect to them when the network connectivity returns, thinking they are still down?

The only way to solve this issue is to either send "SIGNAL HUP" to the control port, or to kill -HUP pidof tor. After recieving the HUP signal, tor immediately launches new orconns and circuits for its bridges, and attaches the currently pending streams to these new circuits.

Sometimes, after this problem has happened once, tor will cease building circuits even if the network remains available.

This is extremely bad for usability, because TBB becomes completely unusable in this case, and the only thing a normal user can do is exit the whole browser and re-launch it.

This may also indicate a deeper bug with how Tor handles the liveness/'down' status of normal Guard nodes, and may cause Tor to rotate Guards more frequently than necessary.

#11307 connection_handle_event_cb() should handle orconns correctly even when not in OR_CONN_STATE_CONNECTING needs_review andrea defect Medium Tor: 0.2.???

This code is in connection_handle_event_cb():

if (conn->type == CONN_TYPE_OR &&
    conn->state == OR_CONN_STATE_CONNECTING) {

It should be something like this:

if (conn->type == CONN_TYPE_OR) {
  if (conn->state == OR_CONN_STATE_CONNECTING) {
  } else {

As it stands, if conn->state != OR_CONN_STATE_CONNECTING this code will incorrectly treat orconns as generic conns and call connection_mark_for_close() on them without properly notifying the channel layer.

Note that since this code is specific to bufferevents which do not currently work, this bug cannot be demonstrated in any working build of Tor, so I'm assigning it to the 0.2.?? milestone.

Created pursuant to connection_mark_for_close() audit task #7472.

#11311 httpse-ruleset-bug: wistia ruleset breaks some video thumbnail generation new pde defect Medium

My HTTPS-E version is actually 3.4.5, but I didn't see that listed in the version field...

Problem url:

Click on "Advanced Search", and filter the list for "tutorial videos" or "webinar recordings" -> thumbnails of the flash videos (hosted by wistia) are generally not visible. If you choose "application video gallery" instead, those flash video thumbnails (also wistia-hosted) work fine.

I noticed one difference is that the videos with thumbnails that work are playing back in a floating overlay window, but the ones where thumbnails fail are playing back in a player that's embedded in the webpage.

The reason I submitted this as a ruleset bug for the wistia domains is that, if I disable the "Wistia (parial)" ruleset, all the video thumbnails are generated just fine.

Since Wistia sells video hosting services, I guess this may affect other customers of theirs besides, but I don't know of any other specific ones other than their "sister site": (Bitplane is an Andor / Oxford Instruments company)

#11325 RFE: Adhere to XDB base directory specification new defect Low Tor: unspecified

As noted by a Fedora user [1], when running Tor as a regular user it creates "$HOME/.tor" instead of "$XDG_CACHE_HOME/.tor", which is advised by the XDG specification [2] for user-specific non-essential (cached) data. Would you consider adhering to this specification?

[1] [2]

#11327 Dir auths should choose Fast and Guard flags by consensus weight if they don't measure needs_revision TvdW defect High Tor: 0.2.???

In #8435 we made directory-authorities-that-run-bwauths stop voting Fast or Guard for relays they hadn't measured yet.

But as I pointed out in, since only a minority of dir auths run bwauths, the majority of dir auths are still voting Fast and Guard based on descriptor bandwidths.

So while the title of ticket #8435 says "Ignore advertised bandwidths for flags once we have enough measured bandwidths", the ChangeLog entry is more accurate:

    - Directory authorities that have more than a threshold number
      of relays with measured bandwidths now treat relays with unmeasured
      bandwidths as having bandwidth 0. Resolves ticket 8435.

We should at some point actually do the original goal, which is to give Fast to the 7/8s of relays whose consensus weights are highest, and Guard to the 1/2 of relays whose consensus weights are highest and who match the other guard constraints.

#11328 Dir auths should compute Guard WFU using the consensus, not private history assigned defect Medium Tor: 0.2.???

Currently directory authorities track the presence of each relay and keep notes about their view locally. Then when it comes time to vote about Guard, they look at their notes and decide what fraction of the past interval the relay was up for.

But it doesn't matter anymore to clients whether the directory authority could reach the relay for that time. The question as of the v3 directory design is whether the relay was in the consensus.

So it seems like the directory authorities should be basing their measurements off "is it in the consensus this hour".

#11337 Reimplement (move relevant functions, delete extra redundant code) of,, as children of FileStegMod new vmon defect High

It seems that SRI implementation of all steg modules have almost identical implementation of:

http_handle_client_XXX_receive http_server_XXX_transmit

As programmers usually do not duplicate a code that they need to use twice, instead, often they write a function and call it twice (surprisingly that was exactly the reason for which functions were invented in the first place), I came up with the following revolutionary solution:

I made a FileStegMod class (file_steg.h/.cc) which has only one copy of the above mention functions other steg module should be inherited from this class and call the parent function instead, so we don't need to keep zillion copies of these functions in our code.

Also doing so, it will uniformize the code (new steg modules are already children of FileStegMod) and as such, considerably simplify it.

#11341 Khmer translation new phoul defect Medium 2014 Tor Blog Replacement


I finished translation for TorBrowser at:

Could you please build Khmer translations in the next release? and when will the next release happen?



#11343 TorLauncher's UI should warn users when a bridge fingerprint appears to be incomplete new brade defect Medium

A Tails user reported some trouble using the new Tails (version 0.23) which includes TorLauncher. They were entering a bridge line, and were confused why it was not working. After some troubleshooting, we determined that they had only entered 27 (out of 40) of the characters of the bridge's fingerprint. Perhaps it would help users to have some sort of feedback on this? The simplest would be: when they hit "OK", to take them back and display a message saying "Oops! It looks like you were trying to enter a bridge fingerprint. Bridge fingerprints are 40 characters long, and you only have 27!" More complicated: while they are typing the fingerprint, display a dynamic message which counts down the number of characters missing. For posterity, here is the conversation from #tails:

00:55  alster ) i'm just trying to run tails for the first time actually, with
                a bridges setup, but having trouble to get past the point where
                i need to type the bridges.
00:56  alster ) but the error message actually sounds like i may have a typo
00:56  alster ) [warn] key digest for bridge is wrong
00:57  velope ) hmm, are you entering a fingerprint for the bridge? don't.
00:57  alster ) [warn] controller gave us config lines that didn't validate:
                Bridge line did not parse. See logs for details.
00:58  alster ) the lines i got in the box look like this:
00:58  alster ) bridge obfs3 <IPv4> <HASH>
00:59  alster ) i guess the HASH is the fingerprint you're referring to?
00:59    isis ) yes, HASH is the fingerprint
00:59  alster ) actually that's
00:59  alster ) bridge obfs3 <IPv4:PORT> <HASH>
00:59    isis ) that should be correct
01:00  alster ) so what i should be using is this instead?
01:00  alster ) bridge obfs3 <IPv4:PORT>
01:00  alster ) correct?
01:00    isis ) i am not sure, i have not tried the new tails yet, but you really want the fingerprint in there, otherwise you could be trivially man-in-the-middled
01:01    isis ) so if tails is not handing the fingerprint correctly, that is a
                serious bug
01:01  alster ) maybe i don't want the leading "bridge"? since does not output this
01:02    isis ) well, i write the code for bridges.tpo
01:02  alster ) well i entered the data manually, so chances are i just
                misspelled it
01:02    isis ) and the only reason we stopped putting the 'bridge ' at the
                beginning was because vidalia is idiotic and didn't handle it
01:03    isis ) torlauncher explicitly has code to handle lines which either start
                with 'bridge ', or with the transport method, or with the IP:PORT
01:03  alster ) i assume the fingerprints should be the exact same # of characters
                always, right?
01:03    isis ) yes, always 40 chars
01:04    isis ) though? perhaps? is your bridge's fingerprint all uppercase or
                all lowercase?
01:04  alster ) all lowercase
01:04    isis ) currently returns lowercase
01:05  alster ) i just checked, gave me 2
                fingerprints with 40 characters each
01:05  alster ) but one of those i typed has 29 only
01:05  alster ) so it's my fault
01:05    isis ) ah, okay, that make sense :)
01:06    isis ) but perhaps torlauncher should be a bit smarter and tell you
                that that was the problem
01:06    arma ) isis: you could be man-in-the-middled for your first hop, but
                not your second or third. and if they're in a position to
                man-in-the-middle your first hop, they're in a position to
                do traffic analysis on it. so either way you'd best hope
                they're not watching the other end too. and if they are, it
                doesn't matter that they can mitm the first end.
01:06    isis ) arma: yes, true
01:07    arma ) that's why i was fine giving out bridges without fingerprints
01:07    arma ) it seems there's been a big push lately to switch to "you must
                have a fingerprint"
01:07    arma ) which seems to really harm usability
01:07    isis ) arma: though mitm'ing the first hop opens the grounds for more
                attacks than just analysis, like the replay attack and xor'ing
                in tags into the encrypted streams
01:08    isis ) arma: but this is the first i've heard of a usability issue
                with the fingerprints, is this normal? there are lots of these
01:08  alster ) this GUI definitely needs something like "okay, you entered 27
                characters so far, 13 more to go."
01:09  alster ) also, the lines you enter there do currently wrap
01:09  alster ) (making it hard to read)
01:09    isis ) yes, i agree, it definitely should tell you that something was
01:09    arma ) isis: anybody who tries to manually copy a bridge line will
                basically fail if it's more than an ip and a port and maybe a
                few more characters
01:10    isis ) arma: i can give them a QR code with two lines of python,
                would that help?
01:10    arma ) but also, good point, they can get in past the tls if they can
                mitm the bridge. which is meaningful.
01:11    arma ) would the qr code help this tails person? probably not. would it
                help an orbot person? maybe.
01:11  alster ) presenting the fingerprint in a user friendly way (and having a
                user freindly input on the other end) would help
01:12  alster ) so think of images of fruits or whatever
01:12    isis ) should there be a "Wat? You expect me to type that in? Give me
                a QR code!" button on BridgeDB when you get bridges?
01:13  velope ) the GUI could be better, but for most people anything involving
                long meaningless strings is massive fail
01:13    isis ) hmm, the images of fruits thing becomes much harder to do, i
                think, because it would need to be something that the bridge
                puts in their descriptor (so that your tor could check it when
                you try to connect to the bridge)
01:14    isis ) hmm. i will need to think about this more.
01:14  velope ) "needs proposal"
01:15    isis ) though torlauncher should also be okay if there is no
                fingerprint at all
01:15  velope ) it is
#11361 Cloudefront rules block downloads new pde defect Medium

When downloading some files from, we are sent a link on However https-everywhere redirects to an https version of the URL which gives a permission denied error.

I suggest adding the following exclusion to the cloudfront rule:

<exclusion pattern="^http://ds6mgb82jxf5h\.cloudfront\.net" />
#11363 QR,DIR ports bind to even when I tell tor otherwise. new defect Medium

Hello, I am running a tor middle relay on a high bandwidth connection but an running into a problem which is causing me more frustration then needed.

I have multiple virtual ip's on my servers NIC. I only want ports 9030,443 and outgoing connections to be available on 1 virtual IP. In order to accomplish that I have added the following configuration to Vidalia.

# This file was generated by Tor; if you edit it, comments will not be preserved # The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it

AccountingMax 11811160064000 AccountingStart month 1 00:00 ContactInfo tor-relay-harrry at comcast dot net ControlPort 9051 DataDirectory C:/Users/jt/AppData/Roaming/tor DirPort DirReqStatistics 0 ExitPolicy reject *:* HashedControlPassword 16:0FD1F531889C1EA360F45BB687F6635983F68D781254B999BC7EDB0200 Log notice stdout Nickname BeefTits ORPort OutboundBindAddress RelayBandwidthBurst 30720000 RelayBandwidthRate 10240000 SocksPolicy reject * SocksPort 9050

The problem is TOR.exe looks for the ports on my default NIC ip address of and

===================================================================== Mar 29 00:03:59.678 [Notice] Now checking whether ORPort and DirPort are reachable... (this may take up to 20 minutes -- look for log messages indicating success) ====================================================================== Because I have communication blocked on these ports the reach-ability test fails. ====================================================================== Mar 29 00:23:58.649 [Warning] Your server ( has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Mar 29 00:23:58.650 [Warning] Your server ( has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. ======================================================================

Is is possible for the service to only use the ports that I am specifying? If I leave the default ports open then port 443 is open on my main server ip which I do not want.

Additionally if I have the configuration setup with the default ports set i.e not specifying an ip:port in the config in vadalia, when I click on settings/sharing the box relay traffic inside the to network (non-exit relay) is checked as expected.

As soon as I edit the configuration like I have above and specify the ip:port allocations the button goes to run as client only by itself, and it over-writes the configuration I added and defaults the configuration to specify just the ports 443 and 9031 which means bind to i.e

Question is there a way to specify outgoing and incoming port allocations to one virtual ip on the IP Stack?

Why is it using the default ip when I am specifically telling it not to do so.

I also see the ports being used in the sniffer output so the software is ignoring my configuration for port:ip bindings.



#11374 fix tor lockfile checking bug needs_revision dave2008 defect Medium

I previously had a misconception that lockfile got removed every time tor exits :(

This patch checks the state of lockfile properly.


#11423 Fail to load http->https new pde defect Medium

I haven't tested/reproduced it but I'm positive this is correct

When on a *http* site when the page loads a http resource that redirects itself to https; http everywhere won't load it. For an example on many squarespace sites such as this

I may get a http link and if I do the twitter/whatever icon will not show. If its https it works completely fine. If i visit http after loading the https version its fine. On hard refresh of course it has to find the resource again and fails thus I get weird squares instead of glyphs. See the linkedin link at the bottom of the page it should have a linkedin icon

#11442 Amazon Web Services rule breaks new pde defect Medium

This is a ruleset bug:

The Amazon Web Services stable rule breaks the display of documents at For instance, see

When the Amazon Web Services rule is turned off, you can navigate the pages, zoom in and zoom out with your mouse. When the rule is turned on, only a cover thumbnail is displayed.

HTTPS Everywhere for Chrome 2014.1.3 Google Chrome 33.0.1750.154 m Windows 8.1, 64 bit

#11444 Drop support for long-obsolete versions of Windows assigned defect Medium Tor: 0.2.???

When we started writing Tor, Windows 98 was still a going concern. Now... it is less so.

We should identify and drop support code for all windows versions before Windows XP. This is mainly going to be a matter of identifying cases where we use LoadLibrary and GetProcAddress to find always-present-functions in always-present DLLs, and looking for opportunities to move from old busted APIs to fresh new ones.

(Dropping support for windows XP is a separate ticket.)

#11445 Drop support for Windows XP new defect Medium Tor: 0.2.???

Windows XP hit its end-of-life today (April 8, 2014).

We should identify and drop support code for Windows XP. This is mainly going to be a matter of identifying cases where we use LoadLibrary and GetProcAddress to find always-present-functions in always-present DLLs, and looking for opportunities to move from old busted APIs to fresh new ones.

I'm making this a separate ticket from #11444 (removing support from pre-XP versions) since the timing on the two can be argued to be separate. Nonetheless, if we agree to do both at once, that might be clever.

#11448 Dirauths must support multiple relay identity keys at once new defect High Tor: unspecified

As discussed on, directory authorities must rotate their relay identity keys in order to recover from possible exposure due to the ‘Heartbleed’ bug. (A dirauth's relay identity key could be used by a MITM attacker to feed clients an outdated consensus, for example.)

There are two requirements in order to do this without causing a network meltdown:

  • A dirauth must be able to sign relay descriptors using multiple relay identity keys at once.
  • A dirauth must be able to operate multiple ORPorts at once, with (possibly) different relay identity keys.
#11459 libfaketime causes the build system to report being not sane new tbb-team defect Medium

libfaketime causes build systems to report that they are not sane which can easily lead to an endless loop or at least to a much longer build time. This is only an issue if more than one core is used for building the TBBs.

#11466 Only blank PNG files are visible in thumbnails folder after disabling private browsing mode new tbb-team defect Very Low

Instead of thumbnails of previously visited sites only blank PNG files are visible after disabling private browsing mode. The expected behavior is probably to see the real thumbnails.

#11502 Tor Cloud - Update, Heartbleed and new Maintainer new inf0 defect Medium
  1. We have unattended-upgrades enabled on the images, I launched a new Instance and let it self upgrade to confirm. [1] In theory, our images are self updating, upgrading and rebooting:

  1. SiNA (inf0) needs to update the Amazon Images with latest system updates, and also create instances for all the available regions. Currently we are only displaying 1 or 2 regions on the website.
  1. Finally, sina@… needs access to these assets:
  • Tor's Amazon EC2 account login, or API access
  • Access to update and
  • Access to update with latest Updated in regards to Tor Cloud

[1] root@ip-10-185-235-58:/var/log/unattended-upgrades# ls /var/log/unattended-upgrades unattended-upgrades-dpkg_2014-04-13_06:45:08.700625.log unattended-upgrades.log

==> unattended-upgrades-dpkg_2014-04-13_06:45:08.700625.log <== /usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1. /usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1. /usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1. Found memtest86+ image: /boot/memtest86+.bin done Setting up linux-headers-3.2.0-60 (3.2.0-60.91) ... Setting up linux-headers-3.2.0-60-virtual (3.2.0-60.91) ... Setting up linux-image-virtual ( ... Setting up linux-headers-virtual ( ... Setting up linux-virtual ( ...

==> unattended-upgrades.log <== 2014-04-13 06:44:54,831 INFO Initial blacklisted packages: 2014-04-13 06:44:54,832 INFO Starting unattended upgrades script 2014-04-13 06:44:54,832 INFO Allowed origins are: ['o=Ubuntu,a=precise', 'o=Ubuntu,a=precise-security', 'o=Ubuntu,a=precise-updates', 'o=TorProject,a=precise', 'o=TorProject,a=experimental-precise'] 2014-04-13 06:45:08,700 INFO Packages that are upgraded: linux-headers-virtual linux-image-virtual linux-virtual 2014-04-13 06:45:08,701 INFO Writing dpkg log to '/var/log/unattended-upgrades/unattended-upgrades-dpkg_2014-04-13_06:45:08.700625.log' 2014-04-13 06:45:54,778 INFO All upgrades installed 2014-04-13 06:45:54,778 WARNING Found /var/run/reboot-required, rebooting

#11506 Users are confused by the 2000-01-01 00:00 UTC timestamp new tbb-team defect Medium

Picture yourself: your browser tells you that there is an update. You go get the new shiny thing. And then, when you look at the date on it, it says more than 14 years ago. Confusing, neh?

I guess using the date of the latest Git commit would just work great.

#11517 Ukrainian Tor Browser Bundle new erinn defect Medium

A few users have contacted RT requesting a Ukrainian Tor Browser Bundle. These strings have been translated by our Ukrainian translators on Transifex.

#11542 Add a new logging domain for transport proxies assigned yawning defect Low Tor: 0.2.???

velope suggested (and nickm is not against the idea of) adding a new logging domain for all the stuff to do with transport proxies / PTs. It would sure be nice to have transport proxy output like #9957 go to that specific domain; it would make debugging PT things easier, I think.

Does this make sense, or is there simply no need for it, really?

#11559 Orbot-v13.0.7-BETA-1: "Tor Tethering" not working new n8fr8 defect Medium


I'm running the latest Orbot version [1] on a rooted Android 4.0.4 and enabled "Tor Tethering" while enabling Internet via 3G, but the devices connecting to the hotspot are not routed over Tor (tested via

Should this work or is this a experimental feature anyway? How can I help to debug this?

#11560 Orbot-v13.0.7-BETA-1: "Tor Tethering" > Warnings about Listeners on new n8fr8 defect Medium

" WARN: You specified a public address '' for SocksPort. Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason. WARN: You specified a public address '' for DNSPort. Other people... WARN: You specified a public address '' for TransPort. Other people... WARN: You have a ControlPort set to accept connections from a non-local address. This means that programs not running on you computer can reconfigure you Tor. That's pretty bad, since the controller protocol isn't encrypted! Maybe you should ... "

I assume these listeners are there due to the enabled "Tor Tethering", but wouldn't it be possible to bind these listeners to the WIFI interface only (I assume they are only needed there)?

#11571 HTTPS Everywhere breaks BBC iPlayer new pde defect Medium

Videos won't load on BBC iPlayer (, even if I click on "load unsafe script". The little shield icon remains after I click on it.

The problem disappears if I disable the HTTPS Everywhere plugin.

I'm using HTTPS Everywhere v2014.4.16 on Google Chrome v34.0.1847.116 on Mac OS X 10.9.2.

#11574 flashproxy-client needs to support SOCKS arguments primarily new dcf defect Medium

At the moment, flashproxy-client takes a bunch of command-line arguments, that determine how it registers and talks to the bridge.

These should really be done in the Bridge line (and passed in via SOCKS arguments), since the argument values may change per Bridge. These include:

--facilitator, --facilitator-pubkey
--register, --register-*

I would argue that the CLI arguments be deprecated. I would favour complete removal, but AIUI it is required for compatibility with older versions of Tor.

This may require #10671.

#11583 Flash crashes on new pde defect Medium

Flash crashes "Shockwave Flash has encountered an error." when trying to play any video from (for example Browser SRWare Iron Version 33.0.1800.0 (260000). New profile with HTTPS Everywhere 2014.4.16 extension only installed. When extension is disabled video plays normally.

#11588 Amazon Web Services rule breaks product info videos on needs_revision pde defect High HTTPS-E next Chrome release

On pages like, the only way the product video can be played is if encrypted connections to "Amazon Web Services" are not forced.

Chrome 34.0.1847.116 HTTPS Everywhere 2014.4.16

#11589 Can't load trailers on IMDB reopened pde defect Medium

Can't load trailers on IMDB with HTTPS Everywhere 2014.4.16 addon on.

Using latest version of chrome, Version 34.0.1847.116 m (not beta) on Windows 7.

#11600 Strange nameserver fail warning in Tor log new defect Medium Tor: 0.2.???

I am running an exit relay on Linux, my Tor version is

I checked the log and found this strange warnings: Apr 24 15:14:07.000 [notice] Circuit handshake stats since last time: 91698/91698 TAP, 15988/15988 NTor. Apr 24 17:40:45.000 [warn] eventdns: All nameservers have failed Apr 24 17:40:45.000 [notice] eventdns: Nameserver <ISP-resolver1>:53 is back up Apr 24 18:01:51.000 [warn] eventdns: All nameservers have failed Apr 24 18:01:51.000 [notice] eventdns: Nameserver <ISP-resolver2>:53 is back up Apr 24 18:01:52.000 [warn] eventdns: All nameservers have failed Apr 24 18:01:53.000 [notice] eventdns: Nameserver <ISP-resolver1>:53 is back up Apr 24 18:02:00.000 [warn] eventdns: All nameservers have failed Apr 24 18:02:01.000 [notice] eventdns: Nameserver <ISP-resolver1>:53 is back up Apr 24 18:02:01.000 [warn] eventdns: All nameservers have failed Apr 24 18:02:01.000 [notice] eventdns: Nameserver <ISP-resolver2>:53 is back up Apr 24 19:46:22.000 [warn] eventdns: All nameservers have failed Apr 24 19:46:22.000 [notice] eventdns: Nameserver <ISP-resolver2>:53 is back up Apr 24 20:46:25.000 [warn] eventdns: All nameservers have failed Apr 24 20:46:25.000 [notice] eventdns: Nameserver <ISP-resolver2>:53 is back up Apr 24 21:14:07.000 [notice] Heartbeat: Tor's uptime is 8 days 12:00 hours, with 13940 circuits open. I've sent 549.49 GB and received 543.20 GB.

So I thought it's the fault of the nameservers provided by the ISP. Fair enough, I have configured my own resolver on localhost (where the relay is running) using BIND 9.10 (latest stable) with dnssec-validation and everything. I thought I fixed it. After some time, I checked the logs again and: Apr 24 23:26:03.000 [warn] eventdns: All nameservers have failed Apr 24 23:26:03.000 [notice] eventdns: Nameserver is back up Apr 25 02:04:02.000 [warn] eventdns: All nameservers have failed Apr 25 02:04:02.000 [notice] eventdns: Nameserver is back up Apr 25 02:04:03.000 [warn] eventdns: All nameservers have failed Apr 25 02:04:04.000 [notice] eventdns: Nameserver is back up Apr 25 02:04:04.000 [warn] eventdns: All nameservers have failed Apr 25 02:04:05.000 [notice] eventdns: Nameserver is back up Apr 25 02:04:06.000 [warn] eventdns: All nameservers have failed Apr 25 02:04:06.000 [notice] eventdns: Nameserver is back up Apr 25 02:04:08.000 [warn] eventdns: All nameservers have failed Apr 25 02:04:08.000 [notice] eventdns: Nameserver is back up

Looks like its something Tor related. Why do I get this warning? Does this have any penalty on the performance or over the users who are using this node as an exit point? Should I just leave it alone as it works fine? From what I see nameservers fail and get back online immediately, fail and back on have same timestamp. Advices? Thanks in advance.

#11607 Tumblr buttons/interface not loading properly new pde defect Medium

When Firefox updated to its latest version (28.0) the reblog, favorite, follow, and dashboard buttons that usually show at the top right of any tumblr page stopped appearing. Further, glitching caused the "queue" function not to show any time/dates.

Via Firefox Safemode the problem was traced back to HTTPS everywhere, don't know why.

#11613 httpse-ruleset-bug: Problems with latest Chrome on new pde defect Medium

I'm using Chrome Version 35.0.1916.69 beta-m under Windows 8.1 x64 with the version of HTTPS Everywhere installed: HTTPS Everywhere 2014.4.16.

When visiting 8tracks with HTTPS Everywhere activated, I can't play music. It simply breaks but I don't know how to deactivate in on 8tracks. Maybe it has something to do with some cross-site music loading on 8tracks (as they dont store the tracks on their own servers AFAIK). When deactivating the extension, 8tracks runs fine without any problems.

Here the screenshot of the activated rules (I didnt change anything about it, so it's default only):

Any suggestions? Maybe you could investigate into it, thanks a lot in advance!

#11614 broken by rule for new pde defect Medium

When using the HTTPS Everywhere extension, one must disable the rule for in order to view channels on Many people have reported this issue here:

I think this rule should be disabled by default.

#11616 ooni-backend (oonib) doesn't prompt any error when Tor is killed or crashes new hellais defect Medium

It seems that I can always reproduce this case. ooni-backend doesn't report any connection issues with Tor.

  1. Running ooni-backend in virtualenv (debug mode)

# oonib.conf

    report_dir: data/reports/
    archive_dir: data/archive/
    input_dir: data/inputs/
    deck_dir: data/decks/
    policy_file: data/policy.yaml
    bouncer_file: data/bouncer.yaml

    logfile: null
    tor_datadir: null
    database_uri: 'sqlite://oonib_test_db.db'
    db_threadpool_size: 10
    tor_binary: null
    socks_port: 9055
    tor2webmode: false
    pidfile: ''
    nodaemon: true
    originalname: null
    chroot: null
    rundir: .
    umask: null
    euid: null
    uid: null
    gid: null
    uuid: null
    no_save: true
    profile: null
    debug: true
    stale_time: 3600

    tor_hidden_service: true

        address: null
        port: 57001
    gid: null
    uuid: null
    no_save: true
    profile: null
    debug: true
    stale_time: 3600

    tor_hidden_service: true

        address: null
        port: 57001
        server_version: Apache

        address: null
        port: 57002

        address: null
        yaml_file: null
        pcap_file: null
        port: 57003

        address: null
        udp_port: 57004
        tcp_port: 57005
        resolver_address: ''

        address: null
        private_key: 'private.key'
        certificate: 'certificate.crt'
        port: 57006

$ oonib --version Twisted version: 13.2.0

# git commit

$ oonib

Starting SSL helper on 57006
Starting TCP DNS Helper on 57005
Starting UDP DNS Helper on 57004
Starting Daphn3 helper on 57003
Starting TCP echo helper on 57002
Starting HTTP return request helper on 57001
Log opened.
HTTPReturnJSONHeadersHelper (TLS) starting on 57006
Starting factory <oonib.testhelpers.http_helpers.HTTPReturnJSONHeadersHelper instance at 0x420fcb0>
DNSTestHelper starting on 57005
Starting factory <oonib.testhelpers.dns_helpers.DNSTestHelper instance at 0x420fd88>
DNSDatagramProtocol starting on 57004
Starting protocol <twisted.names.dns.DNSDatagramProtocol object at 0x4214850>
Daphn3Server starting on 57003
Starting factory <oonib.testhelpers.tcp_helpers.Daphn3Server instance at 0x4219560>
TCPEchoHelper starting on 57002
Starting factory <oonib.testhelpers.tcp_helpers.TCPEchoHelper instance at 0x4219758>
HTTPReturnJSONHeadersHelper starting on 57001
Starting factory <oonib.testhelpers.http_helpers.HTTPReturnJSONHeadersHelper instance at 0x42197e8>
[W] Option 'tor_datadir' in oonib.conf is unspecified!
[W] Using /tmp/tmp1NH5ua
> /home/user/.virtualenvs/oonib/local/lib/python2.7/site-packages/twisted/internet/
-> self.mainLoop()
(Pdb) n
5%: Connecting to directory server
10%: Finishing handshake with directory server
15%: Establishing an encrypted directory connection
20%: Asking for networkstatus consensus
25%: Loading networkstatus consensus
40%: Loading authority key certs
45%: Asking for relay descriptors
50%: Loading relay descriptors
52%: Loading relay descriptors
54%: Loading relay descriptors
56%: Loading relay descriptors
59%: Loading relay descriptors
61%: Loading relay descriptors
63%: Loading relay descriptors
66%: Loading relay descriptors
68%: Loading relay descriptors
70%: Loading relay descriptors
73%: Loading relay descriptors
75%: Loading relay descriptors
77%: Loading relay descriptors
80%: Connecting to the Tor network
90%: Establishing a Tor circuit
100%: Done
Application starting on 64535
Starting factory <cyclone.web.Application instance at 0x3eba7a0>
Exposed collector Tor hidden service on httpo://xxxxxxxxx.onion
Application starting on 16140
Starting factory <cyclone.web.Application instance at 0x3eba560>
Exposed bouncer Tor hidden service on httpo://yyyyyyyyyyyyy.onion
  1. Tor service is being stopped and all instances of Tor killed

$ service tor stop ; killall tor

  1. Running ooniprobe pointing to our collector.

# ~/.ooni/ooniprobe.conf

# This is the configuration file for OONIProbe
# This file follows the YAML markup format:
# Keep in mind that indentation matters.

    # Where OONIProbe should be writing it's log file
    logfile: ~/.ooni/ooniprobe.log
    # Should we include the IP address of the probe in the report?
    includeip: false
    # Should we include the ASN of the probe in the report?
    includeasn: true
    # Should we include the country as reported by GeoIP in the report?
    includecountry: true
    # Should we include the city as reported by GeoIP in the report?
    includecity: false
    # Should we collect a full packet capture on the client?
    includepcap: false
    # This is a packet capture file (.pcap) to load as a test:
    pcap: null
    #collector: 'httpo://fyifjaxdhdil6m5f.onion'
    collector: 'httpo://xxxxxxxxx.onion'

    geoip_data_dir: /home/user/.virtualenvs/ooniprobe/share/ooni
    debug: false
    # enable if auto detection fails
    #tor_binary: /usr/sbin/tor
    #obfsproxy_binary: /usr/bin/obfsproxy
    # For auto detection
    interface: auto
    # Of specify a specific interface
    #interface: wlan0
    # If you do not specify start_tor, you will have to have Tor running and
    # explicitly set the control port and SOCKS port
   # For auto detection
    interface: auto
    # Of specify a specific interface
    #interface: wlan0
    # If you do not specify start_tor, you will have to have Tor running and
    # explicitly set the control port and SOCKS port
    start_tor: true
    # After how many seconds we should give up on a particular measurement
    measurement_timeout: 60
    # After how many retries we should give up on a measurement
    measurement_retries: 2
    # How many measurments to perform concurrently
    measurement_concurrency: 10
    # After how may seconds we should give up reporting
    reporting_timeout: 80
    # After how many retries to give up on reporting
    reporting_retries: 3
    # How many reports to perform concurrently
    reporting_concurrency: 15
    # Specify here a custom data_dir path
    data_dir: /home/user/.virtualenvs/ooniprobe/share/ooni
    oonid_api_port: 8042
    #socks_port: 8801
    #control_port: 8802
    # Specify the absolute path to the Tor bridges to use for testing
    #bridges: bridges.list
    # Specify path of the tor datadirectory.
    # This should be set to something to avoid having Tor download each time
    # the descriptors and consensus data.
    #data_dir: ~/.tor/
        #HTTPProxy: host:port
        #HTTPProxyAuthenticator: user:password
        #HTTPSProxy: host:port
        #HTTPSProxyAuthenticator: user:password

$ ooniprobe --version WARNING: running ooniprobe involves some risk that varies greatly

from country to country. You should be aware of this when running the tool. Read more about this in the README.

Twisted version: 13.2.0

# git commit

$ ooniprobe blocking/http_requests -u

# ooniprobe.log

2:31+0200 [-] Starting Tor...
2:33+0200 [TorControlProtocol,client] 10%: Finishing handshake with directory server
2:33+0200 [TorControlProtocol,client] 15%: Establishing an encrypted directory connection
2:33+0200 [TorControlProtocol,client] 20%: Asking for networkstatus consensus
2:33+0200 [TorControlProtocol,client] 25%: Loading networkstatus consensus
2:36+0200 [TorControlProtocol,client] 40%: Loading authority key certs
2:36+0200 [TorControlProtocol,client] 45%: Asking for relay descriptors
2:37+0200 [TorControlProtocol,client] 50%: Loading relay descriptors
2:38+0200 [TorControlProtocol,client] 52%: Loading relay descriptors
2:38+0200 [TorControlProtocol,client] 54%: Loading relay descriptors
2:38+0200 [TorControlProtocol,client] 56%: Loading relay descriptors
2:38+0200 [TorControlProtocol,client] 59%: Loading relay descriptors
2:38+0200 [TorControlProtocol,client] 61%: Loading relay descriptors
2:38+0200 [TorControlProtocol,client] 63%: Loading relay descriptors
2:39+0200 [TorControlProtocol,client] 66%: Loading relay descriptors
2:39+0200 [TorControlProtocol,client] 68%: Loading relay descriptors
2:39+0200 [TorControlProtocol,client] 70%: Loading relay descriptors
2:39+0200 [TorControlProtocol,client] 73%: Loading relay descriptors
2:39+0200 [TorControlProtocol,client] 75%: Loading relay descriptors
2:39+0200 [TorControlProtocol,client] 77%: Loading relay descriptors
2:47+0200 [TorControlProtocol,client] 80%: Connecting to the Tor network
2:47+0200 [TorControlProtocol,client] 90%: Establishing a Tor circuit
2:47+0200 [TorControlProtocol,client] 100%: Done
2:48+0200 [TorControlProtocol,client] Successfully bootstrapped Tor
2:48+0200 [TorControlProtocol,client] Found your IP via Tor
2:48+0200 [TorControlProtocol,client] Fetching required net test inputs...
2:48+0200 [TorControlProtocol,client] Looking up test helpers...
4:50+0200 [ParserProtocol,client] [!] Lookup failed. Retrying.
5:16+0200 [ParserProtocol,client] We will include some geo data in the report
5:16+0200 [ParserProtocol,client] Setting collector and test helpers for http_requests_test
5:16+0200 [ParserProtocol,client] Using the default collector: httpo://ihiderha53f36lsd.onion
5:16+0200 [ParserProtocol,client] We will include some geo data in the report
5:16+0200 [ParserProtocol,client] Reporting using collector: httpo://xxxxxxxxx.onion
5:16+0200 [ParserProtocol,client] We will include some geo data in the report
5:16+0200 [ParserProtocol,client] Reporting http://xxxxxxxxx.onion/report
5:16+0200 [ParserProtocol,client] Creating report with OONIB Reporter. Please be patient.
5:16+0200 [ParserProtocol,client] This may take up to 1-2 minutes...
5:30+0200 [ParserProtocol,client] [!] Host is not reachable (HostUnreachable error
5:30+0200 [ParserProtocol,client] [!] Failed to open <ooni.reporter.OONIBReporter object at 0x3c60f50> reporter, giving up...
5:30+0200 [ParserProtocol,client] [!] Reporter <ooni.reporter.OONIBReporter object at 0x3c60f50> failed, removing from report...
5:30+0200 [ParserProtocol,client] Performing GET request to over Tor
5:30+0200 [ParserProtocol,client] Performing GET request to
5:31+0200 [ParserProtocol,client] The two body lengths appear to match
5:31+0200 [ParserProtocol,client] censorship is probably not happening
5:31+0200 [ParserProtocol,client] Headers appear to match
5:31+0200 [ParserProtocol,client] Summary for http_requests_test
5:31+0200 [ParserProtocol,client] ------------------------------
5:31+0200 [-] Main loop terminated.
#11617 HTTPS-E v3.5.3 breaks Sape blog/forum login reopened pde defect Medium HTTPS-E 3.5

v3.5.1 accepts user/pass for Sape blog and forum, but then happens nothing after redirect, i.e. user is not logged in. Looking into Sape.xml I found: <!--

Nonfunctional subdomains:

  • blog
  • forum

--> Well, this is true. ...

<securecookie host=".*\.sape\.ru$" name=".+" />

And I think this one line breaks logins because and are not excluded from secure cookie and have normal cookie in fact.

#11619 HTTPS-E v3.5.3 breaks Livejournal threads, styles, upper bar reopened pde defect Medium HTTPS-E 3.5

Threads can't be expanded (forever busy under FF) and upper bar is not shown when https is used to view someone's post (for logged in user). "Livejournal (partial)" entry should be fixed somehow.

#11621 doesn't render properly new pde defect Medium

See this screenshot: Note that it says "Whoops! Something went wrong. Try again." at the bottom; that shouldn't be there (in fact, there should be more pictures of watches there).

Also, lots of important-looking messages appear in the console; here are a few of them:

Failed to load resource: the server responded with a status of 400 (Bad Request) 3 XMLHttpRequest cannot load No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '' is therefore not allowed access. (index):1 [Report Only] Refused to load the stylesheet '' because it violates the following Content Security Policy directive: "default-src 'self' * * * * https://* * * * 'unsafe-inline' 'unsafe-eval'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.


[Report Only] Refused to load the stylesheet '' because it violates the following Content Security Policy directive: "default-src 'self' * * * * https://* * * * 'unsafe-inline' 'unsafe-eval'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

Disabling HTTPS Everywhere makes things work again.

A few other people have also run into this:!topic/chrome/gf9-NjZxGjk

#11624 Malicious relays may be able to be assigned Exit flag without exiting anywhere new defect Medium Tor: 0.2.???

The IANA for Multicast addresses indicates there are many /8's that are not yet allocated[0], such as

The current voting mechanism in exit_policy_is_general_exit_helper allows an Exit flag to be assigned if it supports exiting to at least one /8 for 2 out of 3 ports of [80, 443, 6667]. exit_policy_is_general_exit_helper calls tor_addr_is_internal, this function only looks for the following IPv4 spaces: 10/8, 0/8, 127/8, 169.254/16, 172.16/12, 192.168/16.

A relay could put one of the unallocated IPv4 blocks and fool the Directory Authorities. Of course, if such a relay really wanted to do this, they could also set their relay up to exit to an uninteresting /8 no one would ever visit, such as one of the many military/DoD /8's.

Zack Weinberg's thread on tor-relays seems to have a good collection of addresses[1]. Other sources are the exclude list from massscan[2] and the IANA registry[3].

This would probably doubly true for IPv6, which only looks for fc00/7, fe80/10, fec0/10 - but right now exit_policy_is_general_exit_helper ignores IPv6.

[0] [1] [2] [3]

#11625 Tor DNSPORT returns NXDOMAIN for AAAA records? new defect Medium Tor: 0.2.???

On #11603, mickeyc reports:

Behaviour has changed with, but it is still broken. Now I'm getting an NXDOMAIN
 instead whenever I do any AAAA lookups. A record lookups are still fine:
mike@glue:~$ dig aaaa @localhost -p 5304
; <<>> DiG 9.9.5-3-Debian <<>> aaaa @localhost -p 5304
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19056
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; Query time: 249 msec
;; SERVER: ::1#5304(::1)
;; WHEN: Sun Apr 27 11:37:35 BST 2014
;; MSG SIZE rcvd: 27
mike@glue:~$ dig +short a @localhost -p 5304
#11626 HTTPS Everywhere 3.5.1 does not work in Firefox 28 on Mac OS X 10.6.8 new pde defect Medium

I am using Firefox 28, on Mac OS X 10.6.8 Snow Leopard on a MacBook Pro 6,2.

The drop-down menu for HTTPS Everywhere 3.5.1 under the "Tools" menu in Firefox does not appear at all when I hover my mouse over the "HTTPS Everywhere" menu item. When I look at the preferences for HTTPS Everywhere, the redirection rules are all blank. I tried clicking "reset to defaults". It had no effect.

When I try to connect to a site, such as, I get the normal http version, not the https version. If I manually enter, I get the https version.

I tried un-installing and re-installing HTTPS Everywhere 3.5.1, as well as installing 4.0development.15, and 4.0development.16. The problem still persists.

My active Firefox add-ons are: Adblock Edge 2.1.1 BetterPrivacy 1.68 Download YouTube Videos as MP4 1.7.18 DownloadHelper 4.9.22 DownThemAll! 2.0.16 DuckDuckGo Plus 0.3.16 Firebug 1.12.8 FxIF Ghostery 5.2.1 HTTPS-Everywhere 3.5.1 Screengrab (fix version) 0.97.24c User Agent Switcher 0.7.3

I also use Tor Browser 3.5.4, which includes the HTTPS Everywhere 3.5.1 add-on. HTTPS Everywhere works properly in Tor Browser 3.5.4.

I also tried using HTTPS Everywhere 3.5.1 in Firefox 28 on OS X 10.9.2 Mavericks. HTTPS Everywhere works properly in Firefox on Mavericks.

My active Firefox add-ons in Mavericks are: Adblock Plus 2.5.1 BetterPrivacy 1.68 DuckDuckGo Plus 0.3.16 Firebug 1.12.8 Ghostery 5.2.1 HTTPS-Everywhere 3.5.1 User Agent Switcher 0.7.3

#11631 HTTPS-Everywhere Firefox add-on breaks BBC news videos new pde defect Medium

When HTTPS-Everywhere (v3.5.1) is enabled in Firefox (v28.0 running on 64-bit Windows 7), embedded BBC news videos fail to play. The video component either shows a static image, is completely black, or is black with the words "media selection request failed".

Examples of BBC webpages containing video:

#11640 bwauth, fails on freebsd new aagbsn defect Medium

bwauth is up and running, but aggregate fails to run. It returns the following error:

ERROR[Mon Apr 28 19:24:08 2014]:Exception during aggregate: No section: 'TorCtl'
Traceback (most recent call last):
  File "/usr/home/torflow/torflow/NetworkScanners/BwAuthority/", line 876, in <module>
  File "/usr/home/torflow/torflow/NetworkScanners/BwAuthority/", line 364, in main
  File "../../TorCtl/", line 119, in read_config
    tor_port = config.getint('TorCtl', 'tor_port')
  File "/usr/local/lib/python2.7/", line 359, in getint
    return self._get(section, int, option)
  File "/usr/local/lib/python2.7/", line 356, in _get
    return conv(self.get(section, option))
  File "/usr/local/lib/python2.7/", line 607, in get
    raise NoSectionError(section)
NoSectionError: No section: 'TorCtl'

#11644 Ruleset breaking page jump returning to posted comment new pde defect Medium

Build number: 3.5.1 Useragent: Gecko/20100101 Firefox/28.0

When visiting and reading an article and it's comments below the article, you sometimes want to respond to someone's comment. When you have commented on someone's post (you must be logged-in) and submitted this comment to the page you want to continue to read the comments from the point where you posted your latest comment. This is done by a HTML page jump (by a script after posting your comment?).

Description: When you don't use the HTTPS Everywhere ruleset for you're nicely returned to your latest comment. For example to:"number article"/"article title".html#r_6907153

where #_6907153 is the number of your comment.

But when the Tweakers ruleset is used and you post a comment, you are returned to the top of the comment section, in stead of your latest submitted comment. The link shown in the address bar then looks like this:"number article"/"article title".html#reacties

where #reacties (comments in Dutch) is the position at the top of the comments section, so no redirect / jump to latest position.

Expected result: In stead of jumping to the generic #reacties position (top of comments section) on a news article page, jump to the position of the comment the logged-in person just posted.

#11645 Can't add loans to basket on with HTTPS-E enabled (4.0-dev-16) new zyan defect Medium HTTPS-E next Firefox dev release

You'll need a kiva account for this. Once logged in, using FF 28.0 on Fedora 20, trying to add a loan to my account has no effect. Disabling HTTPS-E for alone works around it.


#11651 with Firefox 28 - Cannot update basket new zyan defect Medium

I've been having problems over the last few days putting items in my basket. I managed to identify the problem by disabling add-ons in firefox. Https everywhere dated 15Apr14 stops the cookies working for the basket. Having spent some time clearing cookies, cache etc and constantly being unable to put anything in the basket. Switching off https everywhere allowed the basket to be filled and when I then re-enabled Https I couldn't add to the basket again. under the add-on options "more" field I unchecked the "" and I am now able to run https everywhere AND add to the amazon basket. So I believe there may be a problem with the rules for this site which others may also be experiencing same problem.

#11660 Make tor_spawn_background and related interfaces work the same on windows and *nix new defect Medium Tor: 0.2.???

Have a look at the tor_spawn_background unit tests. That's sure a lot of #ifdefs! It would be nice if our portability code actually let us write code to be portable across platforms: we should fix tor_spawn_background and tor_read_all_handle to act the same across platforms.

#11662 Breaks needs_information zyan defect Medium

Go to and do a search for any region. Homes will not show up on the map or in the list. If you disable Https Everywhere and refresh, you will be able to see them.

#11663 HTTPS-E v3.5.3 breaks youtube embedding on other sites (FF 29 / Chrome) new zyan defect High HTTPS-E 3.5

The video on this URL is not played (and preview is not shown) unless I turn off "YouTube (partial)" rule.

#11671 HTTPS Everywhere breaks new zyan defect Medium

The page loads but all styling is missing. Like a trip back to the 1990s!

The JS console shows "loadContext is null" at https-everywhere.js:424 each time

This occurs in both 3.5.1 and 4.0dev16. All is normal when HTTPSE is disabled

#11698 Decide how to incorporate Tor Browser Manual pages into Tor Browser new defect Medium

We want the Tor Browser User Manual to ship with Tor Browser. We need to decide how the manual will be presented to the user, including what file format the user will be accessing.

#11728 Torbirdy shouldn't allow clearnet connections on startup if started in Transparent Torification mode needs_review ioerror defect High

Here's the situation: Alice uses Torbirdy in "Transparent Torification" mode to check her email on her laptop with her Tor router at home. She later takes her laptop to an internet cafe and checks her email there. As soon as she opens Thunderbird, a connection is made in the clear to her email provider before she has a chance to change Torbirdy's settings to "Use Tor Onion Router". This is an identity leak, and Torbirdy should prevent this possibility.

#11743 nodelist_add_microdesc: assign md to all appropriate nodes properly new defect High Tor: 0.2.???

Auths can to create the same md for two different relays. Because hash collision or evil relay. Last one can to announce any onion keys and family, without needs any proofs. All parts of code designed with assumption one md per many nodes, except nodelist_add_microdesc.

nodelist_add_microdesc using router_get_consensus_status_by_descriptor_digest which cut off digest, digestmap_set using SHA1 while md's digest about SHA256. nodelist_add_microdesc can't to assign md to all appropriate nodes, and only to first with id returned by router_get_consensus_status_by_descriptor_digest.

If evil relay will craft self id specifically then it will break usage of victim's relay for any freshly new clients till updated consensus (it's about several hours).

If to keep nodelist_add_microdesc with md per one node then md format need to be more unique generated. Unique md can be generated by adding ID of relay, it will stop crafted mds. Which way to choose? Need another ticket about it?

#11752 Silverlight crashes on Netflix with HTTPS Everywhere new zyan defect Medium

Version: Chrome 2014.4.25

When starting a netflix movie using silverlight, silverlight crashes at 25%~ buffering. Upon investigation this issue does not occur when HTTPS Everywhere is disabled, or the Microsoft rules are disabled.

Chrome latest stable version, Silverlight latest stable, Windows 8.1 64.

#11757 Errors in the FF console new zyan defect Medium

I Repeatedly get the following error in the FF console:

[Exception... "Component returned failure code: 0x8000ffff (NS_ERROR_UNEXPECTED) [nsILoadContext.associatedWindow]" nsresult: "0x8000ffff (NS_ERROR_UNEXPECTED)" location: "JS frame :: file:///C:/Users/xxxxx/AppData/Roaming/Mozilla/Firefox/Profiles/xxxxxxxx.default/extensions/ :: HTTPSEverywhere.prototype.getWindowForChannel :: line 424" data: no] https-everywhere.js:424

#11770 Print a warning if python-gmpy is not found new asn defect Medium

I just noticed that my bridge didn't have python-gmpy installed, and that was one of the reasons obfsproxy was taking more CPU than needed.

We should add a warning message to ask people to install python-gmpy if it was not found installed. obfsproxy/common/ is where it's at.

#11789 Update now link in old TBB does not point to latest version new erinn defect Medium

Following the discussion on, it sounds like the "Update now" link in an old version of the Tor Browser Bundle points to an old update instead of the latest version. This link may have been hardcoded to point to the bundle that, at that point in time, was the latest version, but it means that someone who tries to update a six month old OS X bundle will be taken to the download page for 3.6, instead of 3.6.1 (see the link for a screenshot).

#11818 [Chrome] https everywhere forgets disabling of rules, no way to remove a rule entirely reopened vijayp defect Medium

I added a rule to include reddit for the https redirect. I didn't realize reddit doesn't support https.

Now, every time I fire up Chrome it redirects reddit to https. If I disable that rule by unmarking the checkbox then reddit works (after I reload the page), but next time I fire up chrome the issue is back.

I don't see any way to remove the rule entirely, and the options button when I right click on the icon is disabled.

#11868 Craigslist not displaying https Pictures new zyan defect High

I'm running FF 24 and HTTPS Everywhere 3.4.2. I have FF set to not display any mixed content (active or passive content). If I browse Craigslist with a HTTPS session and browse ads, the pictures for the ad are displayed from an HTTPS link with no problem. If I upgrade to any newer version of HTTPS Everywhere then the pictures are not displayed because their links now show as HTTP. The Craigslist rule in all version is the same so it must not be a rule problem. I notice the change log says with version 3.4.3 "Deprecate the ContentPolicy API, fixing a crash bug lurking since Firefox 20". Could this have broken something and created my problem? I am staying at 3.4.2 until fixed.

#11869 HTTPS Everywhere conflicts with other extensions like Tampermonkey new zyan defect Low

HTTPS Everywhere: 2014.4.25 for Chrome

Chrome: 34.0.1847.131 (Official Build 265687) for Windows


It seems that what HTTPS Everywhere does is to "redirect" the address to the https attached one. But this doesn't work with some extensions.

For example, if a URL of a script in Tampermonkey matches a rule of HTTPS Everywhere, it will prevent the script from running normally.

My situation was that, I inserted a line of


into my script, so that the script cannot fetch the js file normally.

#11887 Tumblr (Partial) rule breaks control bar on tumblr blogs new zyan defect Medium

HTTPSe 4.0 dev 16 Firefox 29.0.1

When logged into Tumblr and viewing a blog there should be a toolbar in the top right of the page with buttons for Like, Reblog, Follow and Dashboard. With the default rule enabled for Tumblr (partial) this toolbar will not show. Disabling the rule makes it work correctly.

This problem is only on the development build, the stable 3.5.1 works OK.

Example link

#11920 Rule "Microsoft (partial)" breaks Netflix streaming new zyan defect Medium

Running HTTPS-E 3.5.1, the rule labeled "Microsoft (Partial)" is responsible for DRM errors and failing to start streaming on Netflix. Netflix is confirmed fixed by disabling the rule. This problem has existed for a long time but nearly all advice online either points at different (incorrect) fixes or suggests disabling HTTPS-E to "fix" the problem.

#11921 Breaks Google search needs_information zyan defect Medium

I'm running build 2014.4.25. When I do a Google search and the results come up, I'm unable to (left-)click on links. As a workaround, I can right-click and open in a new tab.

#11922 Launching tor-fw-helper should untangle stderr for control, stdout for data? new defect Low Tor: 0.2.???

Per discussion on #9781 :

back in cd05f35d2cdf50, we introduced a mismatch.

// In the child process:
        nbytes = write(STDOUT_FILENO, error_message, error_message_length);

// In the parent:
    stderr_status = log_from_pipe(child_handle->stderr_handle,
                                  LOG_INFO, filename, &retval);

Note that we're writing the error message to stdout, but expecting to read it from stderr. To fix this for #9781, I had the code look for the error message in stdout too. But the code as it stands is still doing a silly thing by writing a message to one fd and expecting to read it from another.

(I tried to fix it by switching the child process to write to stderr, but that didn't work, so a cleverer fix may be needed.)

#11935 Strange fallback font behavior on Mac and Windows reopened mikeperry defect Medium

On, for some reason our font patch is causing Windows and Mac builds to report that they have *all* the fonts installed, where as Linux the test properly stops detecting fonts after our limit is reached.

This could be because something about TBB is simply causing the fallback fonts on Mac and Windows to be different than what they expect. Possible OS fingerprinting issue, or deeper bug?

In either case, this is not ridiculously serious, but is worth investigating.

#11966 "Bootstrapped 20%: Asking for networkstatus consensus" is a lie for bridge users needs_revision isis defect Medium Tor: 0.2.???

When a Tor client that's configured to use a bridge sees

[notice] Bootstrapped 20%: Asking for networkstatus consensus

its next plan is actually to send a DIR_PURPOSE_FETCH_SERVERDESC request for the bridge's descriptor. This is surprising.

#11967 TestingServerDownloadSchedule et al imply they're for TestingTorNetwork but actually they're sometimes not new defect Medium Tor: 0.2.???
  V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 60, 60, 120, "
                                 "300, 900, 2147483647"),

is the default value of the config option, and that's used in the real Tor network:

static const smartlist_t *
find_dl_schedule_and_len(download_status_t *dls, int server)
  switch (dls->schedule) {
      if (server)
        return get_options()->TestingServerDownloadSchedule;
        return get_options()->TestingClientDownloadSchedule;

But if you set TestingTorNetwork, then its value gets replaced by

  V(TestingServerDownloadSchedule, CSV_INTERVAL, "0, 0, 0, 5, 10, 15, "
                                 "20, 30, 60"),

and the code in directory.c stays the same.

Am I the only one who thinks that calling it a TestingFooBarSchedule when it's not for Testing is weird?

#11970 `[err] sandbox_getaddrinfo(): Bug: (Sandbox) failed to get address localhost!` reopened nickm defect Medium Tor: 0.2.???

Built from git, but using Debian init.d scripts, and configure options. Sandbox appears to cause a crash when the logs are rotated. (The following coincides with the time the logs are normally rotated):

May 15 06:25:02.000 [notice] Received reload signal (hup). Reloading config and resetting internal state.
May 15 06:25:02.000 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
May 15 06:25:02.000 [notice] Read configuration file "/etc/tor/torrc".
May 15 06:25:02.000 [err] sandbox_getaddrinfo(): Bug: (Sandbox) failed to get address localhost!
May 15 06:25:02.000 [warn] Couldn't parse address '"localhost:9050"' for SocksPort
May 15 06:25:02.000 [warn] Failed to parse/validate config: Invalid SocksPort/SocksListenAddress configuration
May 15 06:25:02.000 [err] Reading config failed--see warnings above. For usage, try -h.
May 15 06:25:02.000 [warn] Restart failed (config error?). Exiting.


DataDirectory /var/lib/tor
PidFile /var/run/tor/
RunAsDaemon 1
User debian-tor

ControlSocket /var/run/tor/control
ControlSocketsGroupWritable 1

CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /var/run/tor/control.authcookie

Log notice file /var/log/tor/log


SocksPort localhost:9050

SocksPolicy accept
SocksPolicy accept
SocksPolicy reject *

ORPort 443 NoListen
ORPort 9001 NoAdvertise

Nickname PrivateJoker

RelayBandwidthRate 128 KB
RelayBandwidthBurst 172 KB
BandwidthRate 128 KB
BandwidthBurst 172 KB

DirPort 80 NoListen
DirPort 9030 NoAdvertise
DirReqStatistics 0
DirPortFrontPage /etc/tor/tor-exit-notice.html

ExitPolicy reject *:*

AvoidDiskWrites 1
NumCPUs 2
FastFirstHopPK 0
ShutdownWaitLength 60
SafeSocks 1
ProtocolWarnings 1
WarnUnsafeSocks 1
HeartbeatPeriod 3 hours
TLSECGroup P256
DisableAllSwap 1
DisableDebuggerAttachment 1
Sandbox 1
#11973 Should relays stop making unencrypted directory connections? assigned defect Medium Tor: 0.2.???

Continuing a discussion from #11469 :

There is a case to be made that relays should stop uploading and downloading directory information via HTTP. We should consider the arguments there and see if there's a good rationale beyond the standard "why not encrypt everything" baseline.

(To be clear, bridges don't make connections over HTTP.)

#11975 Add native test scheduling support to ooni-probe. new hellais defect Medium

This issue was automatically migrated from github issue

It should be possible for an ooni-probe operator to specify when a given test or test deck should be run.

This should be achieved by having a configuration file that features cron-like syntax editable by the operator.

The probe software will then run as a system daemon and running the tests when they are scheduled to run.

If a certain test scheduled to run does not run at that time because the machine is offline it should be re-run as soon as the machine is turned on again (similar to the anacron behaviour).

#11977 Modified TrueHeaders class to order headers new hellais defect Medium

This issue was automatically migrated from github issue

Fixes [Issue 254]( by storing TrueHeaders in an OrderedDict.

Removes clutter from TrueHeaders class by making _rawHeaders a simple OrderedDict mapping from header string to list of value strings. This conforms with its type in the superclass (twisted.web.http_headers.Headers) and removes the need to override a few methods. A new dict _headerCases stores the mapping from lowercase header name to their original capitalization. This is accessed by overriding the superclass method Headers._canonicalNameCaps.

Adds test_trueheaders.test_order_preserved to ensure getAllRawHeaders returns headers in the order they were set.

#11978 Recursion limit problem in TaskManager new hellais defect Medium

This issue was automatically migrated from github issue

The task manager is currently designed to recursively call _fillSlots that will then call _run that then again will call _fillSlots on success or failure. This means that when there are a lot of tasks failing very quickly it is very likely that the default python recursion limit will be overcome (1000).

To reproduce this bug you can try and run a test with a long invalid input for example http_requests:

ooniprobe blocking/http_requests -f data/complete.deck

Note that the fact that this test fails is correct, however it fails in a surprising manner:

` Unhandled error in Deferred: Unhandled Error Traceback (most recent call last):

File "/ooni-probe/ooni/", line 153, in _failed

super(LinkedTaskManager, self)._failed(result, task)

File "/ooni-probe/ooni/", line 44, in _failed


File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/internet/", line 423, in errback


File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/internet/", line 490, in _startRunCallbacks


--- <exception caught here> ---

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/internet/", line 577, in _runCallbacks

current.result = callback(current.result, *args, kw)

File "/ooni-probe/ooni/", line 188, in measurementFailed

log.msg("Failed doing measurement: %s" % measurement)

File "/ooni-probe/ooni/utils/", line 62, in msg

print "%s" % msg

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/python/", line 505, in write

msg(message, printed=1, isError=self.isError)

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/python/", line 53, in sync

return function(self, *args, kwargs)

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/python/", line 185, in msg

actualEventDict = (context.get(ILogContext) or {}).copy()

File "/.virtualenvs/ooni-probe/lib/python2.7/site-packages/twisted/python/", line 121, in getContext

return self.currentContext().getContext(key, default)

exceptions.RuntimeError: maximum recursion depth exceeded `

I think this bug is perhaps a good opportunity to discuss some possible refactoring of the task scheduler related code. It may be a good idea to draw some inspiration from:

#11981 Include in report details on the probes type of network new hellais defect Medium

This issue was automatically migrated from github issue

In some cases it is useful to know the type of network the probe has been run from. This is important in the case that ooniprobe is run from a company or campus where the censorship is being performed. This would allow the user to mark that the measurement from performed from such type of network and therefore allow to conclude that censorship is not being performed at the ISP layer.

The best approach to implement this is probably to implement this feature by allowing the user to add freetext or tags to a report. This way the tags could specify the name of the campus or the name of the company.

#11982 ooniprobe should verify the options required by tests before starting Tor and looking up it's IP new hellais defect Medium

This issue was automatically migrated from github issue

Currently when I run a test that has some logic for verifying if it can run inside of it's setUp I must wait for Tor to start, for the probe to lookup the test helpers and discover it's IP before learning that I did not specify a certain option.

We should fix this by calling the setUp method of every nettest that is to be run before we do all of the startup tasks.

#11987 Test multiple network interfaces with a single probe new hellais defect Medium

This issue was automatically migrated from github issue

As a user subscribing to more than one network I want to check for censorship on each using a single OONI instance so that I don't have to run multiple probes.

I'm involved with a project to monitor web censorship across domestic ISPs in the UK [1]. Our infrastructure plans include running multiple OONI probes in virtual machines running on a single server. We are subscribing to a number of domestic ISPs and routing each connection to a VM using some network-level magic (I believe).

It would simplify our setup if we could present multiple network connections to a single machine (either a VM or the actual server) and have a single OONI probe run its tests once per network connection, logging the results in a way that means we can tell the connection to which each relates.


#11988 Make the usage of the -p option clearer new hellais defect Medium

This issue was automatically migrated from github issue

It is unclear from running ooniprobe -p what should be the proper usage of the -p option.

#11989 Verbosify the collector address log line new hellais defect Medium

This issue was automatically migrated from github issue

Each NetTest in a deck is assigned a collector. We should increase the verbosity so that each log line indicates to which NetTest it coresponds to.

#11990 Add support for storing the order in which HTTP headers are received. new hellais defect Medium

This issue was automatically migrated from github issue

Currently TrueHeaders does not support storing the order in which HTTP headers are received or sent.

This probably requires also changes to the twisted.web.client.Agent.

#11991 ooni's TrueHeaders uses a dict() for internal storage new hellais defect Medium

This issue was automatically migrated from github issue

The ordering of dict().iteritems() is not guarranteed, so I'm pretty sure this is a bug.

#11992 Feature/tor test template new hellais defect Medium

This issue was automatically migrated from github issue

Adds support for writing tests for the Tor network, along with a few sample tests.

#11994 Add SSL support to ooni-probe new hellais defect Medium

This issue was automatically migrated from github issue

This ticket goes together with: and it involves adding SSL support to the ooniprobe client.

#11996 Verify the version of config files new hellais defect Medium

This issue was automatically migrated from github issue

Both in ooni-probe and ooni-backend we have changed the configuration file over time. We should perform some integrity checking when it starts up to be sure that the config file is of a given version.

#11997 Add SSL support to ooni-backend new hellais defect Medium

This issue was automatically migrated from github issue

We should have support for HTTPS connection to the ooni-backend.

We should have a way of pinning certain certificates inside of ooni-probe or provide a URL that is self authenticating (something like https://HASH_OF_PUBKEY@SOME_IP).

#11998 Add support for publishing test-helpers and collectors to bouncer new hellais defect Medium

This issue was automatically migrated from github issue

The ooni-probe bouncer should also expose an API for allowing test-helpers and collectors to advertise their presence to the bouncer.

The most simple way of doing this is simply exposing a public API on the bouncer side that allows you to POST a message with a payload like so:

` {

'collector': 'httpo://thirteenchars1234.onion/', 'http-return-json-headers': '', 'dns': ''

} `

The bouncer will then just add this to the list of collectors and bouncer it is aware of.

The drawback with this approach is that it allows anybody, even not authenticated, to pollute the database with random bouncer addresses.

I think this is mainly a threat to availability since it could lead to a malicious actor to polluting the bouncer with non-working bouncers.

A better approach would be to have the JSON document be signed.

There are quite a few approaches to singing JSON documents, but the one I personally like most is this:

Though I would like feedback from @nathan-at-least on this matter.

At this point we can have the bouncer have a list of approved public keys that can publish to the bouncer and we will only accept publication of reports that have been signed.

I would suggest we implement the publication of bouncer addresses to the bouncer via a iterative process. We first implement the unauthenticated method and then we implement it via signing.

#12000 Detect when a probe is using the wrong test helpers new hellais defect Medium

This issue was automatically migrated from github issue

As @stephen-soltesz pointed in out in a ticket:

Also, I recall a discussion in Berlin about validation of uploaded reports; specifically, at the time of report upload, it is necessary to determine that the "expected test-helper" and the "used test-helper" are the same type. This helps eliminate false-positives due to report errors caused by mismatches between the test-helper expected and used. This validation requires that the report is uploaded to the collector co-located with the test helper. Can testdecks be created to support the above?

The hard part of doing this is making the collector speak to the test helpers. In other words to detect that the expected test helper is not the one used, we have to has the test helper that the user is supposed to be using if they have seen those requests from our user.

#12003 Handling filesystem size limitations? new hellais defect Medium

This issue was automatically migrated from github issue

Tests like very quickly generate a large yamloo file, especially against Alexa lists, often to the extent of exceeding filesystem filesize limits. At that point the kernel begins killing every OONI process without warning. Perhaps this is a YAML lib issue instead, but it would be useful either catch the write failure to warn or open a new output file.

#12004 ooni test decks specifying logfile path but it is not used. new hellais defect Medium

This issue was automatically migrated from github issue

Jake reports that ooni is ignoring test .deck logfile paths.

#12006 Is non-determinism in test helper deployment or MLab-ns API acceptable? new hellais defect Medium

This issue was automatically migrated from github issue

Close this ticket with a yes / no.

The MLab script for Ooni selects which test helpers bind to a given port randomly. The requirement is for the same port to provide multiple distinct test helpers, so the current strategy is to partition the MLab slices (and thus IP addresses) for each port according to how many helpers require that port. The random selection accomplishes this in a stateless / configuration-free manner.

Meanwhile, the probe will use the mlab-ns web service to request test helpers and a collector prior to running a net-test. This service currently responds non-deterministically (with various constraints and prioritizations such as scoring based on load).

The question is: Are these two sources of non-determinism a problem?

For scientific repeatability, randomness adds noise. For diagnostic reasons, determinism can make it simpler to understand logs or report data. For security reasons, censors might be able to game non-determinism in a way to favor particular test results. It may be that none of these concerns are strong enough (also considering the dev cost of removing the non-determinism).

*If* the answer is "no", there's a dev cost implication for mlab-ns which should be coordinated with MLab.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Note: See TracQuery for help on using queries.