Opened 6 years ago

Closed 4 years ago

Last modified 4 years ago

#8940 closed defect (fixed)

Move RecommendedTBBVersions from check.torproject.org to www.torproject.org

Reported by: micahlee Owned by: mikeperry
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: tbb-pref, tbb-firefox-patch, MikePerry201408
Cc: adrelanos@…, mikeperry Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Right now the only reliable way to programatically check for the latest version of TBB is by loading https://check.torproject.org/RecommendedTBBVersions. It would be very helpful if that file could also be hosted somewhere at https://www.torproject.org/. The main Tor Project website has a .onion address, and there are also several mirrors of it. This isn't true of check.torproject.org.

I'm working on Tor Browser Launcher, a program that helps you download, verify signatures, and keep up-to-date TBB: https://github.com/micahflee/torbrowser-launcher

I'm building the option to download updates over Tor, and I'm planning on making a second option to download updates from torproject.org's hidden service:
https://github.com/micahflee/torbrowser-launcher/issues/41

The way it stands, the RecommendedTBBVersions request would have to not use the .onion.

I also just made it so you can choose your torproject.org mirror, so you can download the TBB files from a different website:
https://github.com/micahflee/torbrowser-launcher/issues/32

If *.torproject.org is getting blocked, you should be able to choose a different mirror from the dropdown in TBL settings and download TBB, as long as the mirror you choose isn't also getting blocked. But there's no way for TBL to ask a mirror what the recommended TBB version is, so even with using mirrors there needs to be a request to check.torproject.org first, which would get blocked and prevent people from using TBB at all.

Child Tickets

Change History (28)

comment:1 Changed 6 years ago by proper

Cc: adrelanos@… added

To make it easier and to require no code changes, maybe not move that file, just mirror it.

Could the person (Erinn?) who updates https://check.torproject.org/RecommendedTBBVersions also upload a copy of RecommendedTBBVersions to https://www.torproject.org/dist/torbrowser/RecommendedTBBVersions ?

As far I understand, this would be just one more line in your build instructions or upload script.

comment:2 Changed 6 years ago by arma

Sounds good to me (however we decide to implement it)

comment:3 Changed 6 years ago by proper

Component: Tor CheckTor bundles/installation
Owner: set to erinn

comment:4 Changed 5 years ago by arma

Cc: mikeperry added

comment:5 Changed 5 years ago by mikeperry

Component: Tor bundles/installationFirefox Patch Issues
Keywords: tbb-pref MikePerry201307 added; tbb RecommendedTBBVersions removed
Owner: changed from erinn to mikeperry
Status: newassigned

If we just want to change the URL (rather than make it a round robin or something for blocking purposes), then this is actually just changing a pref in TBB.

Since TBB checks its version roughly every 1.5 hours (as long as you are using it), I also don't think blocking is a concern for www.

comment:6 Changed 5 years ago by arma

I mainly want this to happen so the recommendedversions file is not unreachable when tordnsel takes down the check server (which happens multiple times a month these days).

(The second problem is that TBB won't start if tordnsel has taken down the check server. But I think that's a separate problem from this ticket.)

comment:7 Changed 5 years ago by arma

weasel suggests a separate hostname for this, recommended-tbb.torproject.org or the like.

That way it doesn't clobber our website when something clobbers it, and it's more portable for the future. It can still serve the answer over https.

I recognize that none of these answers make it unblockable, in the way I guess Micah originally wanted. But I think that's a separate and harder problem.

comment:8 Changed 5 years ago by arma

So to be clear, I think if Mike says "ok and this is the url I'll be fetching", weasel will make the vhost exist.

comment:9 in reply to:  7 ; Changed 5 years ago by proper

Replying to arma:

I recognize that none of these answers make it unblockable, in the way I guess Micah originally wanted.

Micah in its original post, wanted it to be reachable over torproject's hidden service http://idnxcnkne4qt76tg.onion/ and the usual torproject.org mirrors.

comment:10 in reply to:  9 ; Changed 5 years ago by arma

Replying to proper:

Micah in its original post, wanted it to be reachable over torproject's hidden service http://idnxcnkne4qt76tg.onion/ and the usual torproject.org mirrors.

Sounds like he would be satisfied with mirroring a copy of it on www.tp.o, even if it's primary home, and the primary url that machines ask for, is elsewhere.

But the title of this ticket is so clearly the ticket I have in mind that I am tempted to commandeer it for my purposes. :)

comment:11 in reply to:  10 Changed 5 years ago by arma

Replying to arma:

even if it's primary home

I will go have a chat with Bob the Angry Flower now.

comment:12 in reply to:  10 Changed 5 years ago by proper

Replying to arma:

Replying to proper:

Micah in its original post, wanted it to be reachable over torproject's hidden service http://idnxcnkne4qt76tg.onion/ and the usual torproject.org mirrors.

Sounds like he would be satisfied with mirroring a copy of it on www.tp.o, even if it's primary home, and the primary url that machines ask for, is elsewhere.

If you could make a mirror of RecommendedTBBVersions to https://www.torproject.org/dist/torbrowser/RecommendedTBBVersions - the same folder, where also TBB is stored - it would have the same features as the TBB download has (multiple mirrors, idnxcnkne4qt76tg.onion).

and the primary url that machines ask for

Micah wants to use if to torbrowser-launcher, so he wants to use it for automated scripts as well.

comment:13 Changed 5 years ago by mikeperry

Hrm. A separate DNS name makes me more concerned about blocking.. Upon further consideration, I'm also concerned about SOCKS u+p isolation in the future (#5752), because it will allow just one exit to freeze you for much longer than 1.5hrs.

Perhaps TBB should use the hidden service after all, too.. Is it stable? Is that too much extra circuit creation for Tor?

Do we have hitcount stats on just RecommendedTBBVersions to help inform us? In #6156, phobos pasted a munin link, but it looks to be for all of check.

comment:14 in reply to:  13 Changed 5 years ago by proper

Replying to mikeperry:

Perhaps TBB should use the hidden service after all, too..

That would be a fine security improvements as well. (No exit nodes involved anymore; no ssl certificate pinning required for this purpose.) If there are no reasons against it, I'd like to see it.

comment:15 Changed 5 years ago by arma

I would be wary of setting up hundreds of thousands of clients to hit a given hidden service. See e.g. #8902. I bet you'd find some really interesting scaling problems, but I bet you'd also regret having all your users reporting all these problems and not having a way to easy-upgrade them to an alternative.

comment:16 Changed 5 years ago by mikeperry

Keywords: MikePerry201307 removed

comment:17 Changed 4 years ago by erinn

Keywords: tbb-firefox-patch added

comment:18 Changed 4 years ago by erinn

Component: Firefox Patch IssuesTor Browser

comment:19 Changed 4 years ago by micahlee

Bump. I wonder if this is still in the works?

comment:20 Changed 4 years ago by mikeperry

Keywords: MikePerry201408 added

comment:21 Changed 4 years ago by mikeperry

Resolution: fixed
Status: assignedclosed

Done. The new versioncheck URL will be https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions. It's not up yet. We'll put it there when we release 3.6.5/4.0-alpha-2 on Tuesday (Sep 2).

comment:22 Changed 4 years ago by micahlee

Will https://check.torproject.org/RecommendedTBBVersions redirect to https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions, at least for awhile?

Tor Browser Launcher (and probably other things) loads https://check.torproject.org/RecommendedTBBVersions to check for updates, and I'll make a release that fixes it but I want to make sure it won't break for everyone who hasn't updated.

comment:23 Changed 4 years ago by mikeperry

No redirect. We'll probably just set the check.tp.o one to an empty JSON list once we push this update (which is a security update). Anybody hitting that url from now on will be out of date.

comment:24 Changed 4 years ago by mikeperry

micahlee: There is another quirk you should be aware of. From now on, we won't be listing the OS suffixes in the RecommendedTBBVersions file. We got rid of that to simplify the updater. It will just be the version number.

I've left the OS versions in there for now, because they don't hurt anything, but you should probably be aware of this because we may not always leave them there.

Also, I placed valid versions in the https://check.torproject.org/RecommendedTBBVersions file for users of yours that have not updated their tor-browser-launcher yet, but we won't be updating that file any longer.

comment:25 Changed 4 years ago by proper

mikeperry: How will it look like without listing the OS suffixes? Like this?

[
"3.6.5",
"4.0-alpha-2",
]

If not, can you post an example please?

comment:27 in reply to:  26 Changed 4 years ago by proper

Replying to arma:

It will look like
https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions

But mike just said above my last post "we won't be listing the OS suffixes", "I've left the OS versions in there for now [...] we may not always leave them there.". So another change is planned.

How will it look without OS suffixes in future?

comment:28 Changed 4 years ago by mikeperry

Sorry, this will only affect 4.0 releases and beyond, but there shouldn't be any more 3.6.x releases anyway (unless there's another OpenSSL vuln or something). And for 4.0 releases, yes, it will look like:

[
"4.0-alpha-2",
"4.0-alpha-3",
"4.0.0",
"4.0.1",
"4.0.2"
]
Note: See TracTickets for help on using tickets.