Opened 2 years ago

Closed 2 years ago

#23615 closed defect (fixed)

Redirect update requests of users in old Tor Browser versions (6.0.x)

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: boklm, arma Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Wendy reported yesterday that an old Tor Browser (6.0.4) is complaining about the update.xml not being found if one clicks on the "Check for Tor Browser Update..." item in the Torbutton onion menu. Worse, if one takes the road over the "About Tor Browser" help menu item it says this old browser is up-to-date.

That's probably due to #19841. Do quantify the amount of requests going to the old location arma for hits of it in the logs and estimates that we still have 10 - 15 of those per minute.

I think we should try to get those users updated by having some redirects, say, for the next 6 months.

Child Tickets

Change History (11)

comment:1 Changed 2 years ago by gk

boklm: is that a thing you can take care of (with weasel's help if needed)?

comment:2 Changed 2 years ago by boklm

Ok. I can restore the redirect from #22651.

comment:3 in reply to:  2 Changed 2 years ago by gk

Replying to boklm:

Ok. I can restore the redirect from #22651.

Wait? That's the same as for torbrowser-launcher? So, maybe those things that doing the requests are no Tor Browsers then?

comment:4 Changed 2 years ago by gk

Status: newneeds_information

We deliberately removed that one for torbrowser-launcher as they did not fix their stuff even after repeatedly asking and giving deadlines. I am not willing to support that longer, so we might want to figure out whether actual Tor Browsers are affected and how many.

comment:5 Changed 2 years ago by boklm

I think it affects both users of the old version of torbrowser-launcher, and users of old versions of Tor Browser. Although I don't know which part of the 10 - 15 requests we see per minute are Tor Browser. The torbrowser-launcher requests should have an URL ending with release/Linux_x86_64-gcc3/x/en-US, while the Tor Browser ones should have a version number instead of the x.

comment:6 Changed 2 years ago by arma

Here is a random sample from the past few minutes:

0.0.0.1 - - [22/Sep/2017:00:00:00 +0000] "GET /torbrowser/update_2/release/WINNT_x86-gcc3/5.0.4/ru HTTP/1.1" 404 319 "-" "-" -
0.0.0.1 - - [22/Sep/2017:00:00:00 +0000] "GET /torbrowser/update_2/release/Linux_x86_64-gcc3/4.5.3/en-US HTTP/1.1" 404 325 "-" "-" -
0.0.0.1 - - [22/Sep/2017:00:00:00 +0000] "GET /torbrowser/update_2/release/WINNT_x86-gcc3-x86/6.0.4/en-US HTTP/1.1" 404 326 "-" "-" -
0.0.0.1 - - [22/Sep/2017:00:00:00 +0000] "GET /torbrowser/update_2/release/WINNT_x86-gcc3/5.0.2/en-US HTTP/1.1" 404 322 "-" "-" -
0.0.0.1 - - [22/Sep/2017:00:00:00 +0000] "GET /torbrowser/update_2/release/WINNT_x86-gcc3/5.0.4/ru HTTP/1.1" 404 319 "-" "-" -
0.0.0.1 - - [22/Sep/2017:00:00:00 +0000] "GET /torbrowser/update_2/release/WINNT_x86-gcc3/5.0.4/ru HTTP/1.1" 404 319 "-" "-" -
0.0.0.1 - - [22/Sep/2017:00:00:00 +0000] "GET /torbrowser/update_2/release/Darwin_x86_64-gcc3/6.0.5/en-US HTTP/1.1" 404 326 "-" "-" -
0.0.0.1 - - [22/Sep/2017:00:00:00 +0000] "GET /torbrowser/update_2/release/WINNT_x86-gcc3/5.0.7/ru HTTP/1.1" 404 319 "-" "-" -

comment:7 Changed 2 years ago by boklm

All of the requests from this sample look like Tor Browser users.

comment:8 Changed 2 years ago by arma

So far today (I think that means several hours), we have

$ grep update_2 dist.torproject.org-access.log|wc -l
875
$ grep update_2 dist.torproject.org-access.log|grep "gcc3/x"|wc -l
31
$ grep update_2 dist.torproject.org-access.log|grep "Linux"|wc -l
48
$ grep update_2 dist.torproject.org-access.log|grep "WIN"|wc -l
773

comment:9 in reply to:  description ; Changed 2 years ago by arma

Replying to gk:

I think we should try to get those users updated by having some redirects, say, for the next 6 months.

If it's doable, I think we should try to support them for the long term.

The failure mode is really bad: you get no update suggestion, and you are told that your Tor Browser is up-to-date.

Especially since some people use Tor Browser as a backup "when the censorship happens", we should expect that reasonable people have a version of Tor Browser from some years ago.

comment:10 in reply to:  9 Changed 2 years ago by gk

Status: needs_informationassigned

Replying to arma:

Replying to gk:

I think we should try to get those users updated by having some redirects, say, for the next 6 months.

If it's doable, I think we should try to support them for the long term.

The failure mode is really bad: you get no update suggestion, and you are told that your Tor Browser is up-to-date.

Especially since some people use Tor Browser as a backup "when the censorship happens", we should expect that reasonable people have a version of Tor Browser from some years ago.

I agree, let's move ahead with this ticket.

comment:11 in reply to:  9 Changed 2 years ago by boklm

Resolution: fixed
Status: assignedclosed

Replying to arma:

Replying to gk:

I think we should try to get those users updated by having some redirects, say, for the next 6 months.

If it's doable, I think we should try to support them for the long term.

This is done now. https://dist.torproject.org/torbrowser/update_3/release/ is redirected to https://aus1.torproject.org/torbrowser/update_2/release/.

(then update_2 is redirected update_3 for Linux and OSX users which should get the latest version, while Windows users are getting version 6.5.2 which uses the new update URL, and also check for SSE2 support)

Note: See TracTickets for help on using tickets.